terça-feira, 13 de maio de 2014

Procurando site com Simple PHP Blog usando scanner inurl


Simple PHP Blog <= 0.4.0 - Multiple Remote Exploits, 
Vamos usar o scanner inurl para buscar site que possuem o CMS Simple PHP Blog

Simple PHP Blog <= 0.4.0 - Multiple Remote Exploits,   Vamos usar o scanner inurl para buscar site que possuem o CMS Simple PHP Blog

[ SCANNER INURLBR 1.0 / CONSOLE ]
0xHOST GOOGLE........: www.google.com.br 0xDORK...............: intext:"Powered by Simple PHP Blog" & inurl:"/blog/" ext:php 0xEXPLOIT............: 0xARQUIVO............: resultado.txt 0xTIPO DE ERRO.......: 2 0xPROCURAR NO ALVO...: Simple PHP Blog 0xIP PROXY...........: 0xPORTA..............:

----------------------------------------------------------------------------------------------------------------------------
0xHOST GOOGLE........: www.google.com.br
0xDORK...............: intext:"Powered by Simple PHP Blog" & inurl:"/blog/" ext:php
0xEXPLOIT............:
0xARQUIVO............: resultado.txt
0xTIPO DE ERRO.......: 2
0xPROCURAR NO ALVO...: Simple PHP Blog
0xIP PROXY...........:
0xPORTA..............:
----------------------------------------------------------------------------------------------------------------------------
0xCARREGANDO CONFIGURAÇÕES...
DEBUG:
Array
(
    [0] => Array
        (
        )

    [host] => www.google.com.br
    [dork] => intext%3A%22Powered+by+Simple+PHP+Blog%22+%26+inurl%3A%22%2Fblog%2F%22+ext%3Aphp
    [arquivo] => resultado.txt
    [tipoerro] => 2
    [exploit] =>
    [achar] => Simple PHP Blog
    [ipProxy] =>
    [porta] =>
    [url] => /search?q=intext%3A%22Powered+by+Simple+PHP+Blog%22+%26+inurl%3A%22%2Fblog%2F%22+ext%3Aphp&num=1900&btnG=Search
    [port] => 80
)
Comando usado no scanner inurl:
php botConsole.php --host='www.google.com.br' --dork='intext:"Powered by Simple PHP Blog" & inurl:"/blog/" ext:php' --arquivo='resultado.txt' --tipoerro='2' --exploit='' --achar='Simple PHP Blog'

ou --achar='
Powered by Simple PHP Blog'


Exploit: http://www.exploit-db.com/exploits/1191/

Scanner INURL: http://pastebin.com/TzijC99y

RESULTADO SCANNER POSSÍVEIS VULNERÁVEIS :
TOTAL DE URL's: 179
EXPLOIT USADO:
DORK: intext%3A%22Powered+by+Simple+PHP+Blog%22+%26+inurl%3A%22%2Fblog%2F%22+ext%3Aphp
TOTAL DE POSSÍVEIS VULL: 106
ARQUIVO COM RESULTADO:resultado.txt
LISTA:

http://www.mutualdata.com/blog/index.php
http://www.ashrealms.com/blog/index.php
http://www.gdaa.org.uk/Blog/index.php
http://www.damanicorp.com/blog/index.php?m=10&y=13&entry=entry131012-001437
http://www.damanicorp.com/blog/index.php?m=04&y=07
http://www.traffordbankguesthouse.co.uk/blog/index.php
http://ps.ewi.utwente.nl/Blog/index.php
http://www.aerobiology.ca/blog/index.php
www.aerobiology.ca/blog/index.php
http://www.lofiminds.com/blog/static.php?page=xwung
http://fourseasonsroofingandsiding.com/Roofing-Blog/index.php?category=13
http://www.homesurvey.eu/Blog/index.php
http://www.omegamoon.com/blog/index.php
www.omegamoon.com/blog/index.php
http://www.omegamoon.com/blog/index.php?entry=entry140317-173710
http://boeglin.org/blog/index.php?entry=Flashing-a-BenQ-Z-series-for-free
http://humblecomics.com/blog/index.php
http://www.northernkentuckydancestudio.com/blog/index.php
http://www.ablekidspress.com/blog/index.php
www.ablekidspress.com/blog/index.php
http://courtjones.com/blog/index.php
http://geneyang.com/blog/index.php?entry=entry100524-195255
http://blog.frapu.de/index.php?m=09&y=13&d=&entry=entry130901-200909
http://www.lfpl.org/readers/blog/index.php
www.lfpl.org/readers/blog/index.php
http://shalinsiriwardana.asia/blog/comments.php?y=14&m=01&entry=entry140126-160857
http://www.z80.eu/blog/index.php?entry=entry140316-002012
http://www.rimrockpress.com/blog/index.php?entry=entry110914-115350
www.rimrockpress.com/blog/index.php?entry=entry110914-115350
http://blog.curti.eti.br/stats.php
http://www.donaldsteel.com/blog/index.php
http://www.bbheits.com/blog/index.php
http://www.lautechaee-edu.com/blog/index.php
http://www.bedfordlodge.co.uk/blog.php
www.bedfordlodge.co.uk/
http://www.bignightout.net.nz/blog/index.php?m=11&y=11&entry=entry111120-182043
http://www.createdimage.com.au/blog/index.php?m=01&y=14
http://www.bonniwellmusicmachine.com/blog/static.php?page=MusicMachineVideoBiography
www.bonniwellmusicmachine.com/blog/static.php?page=MusicMachineVideoBiography
http://www.invernessfestivals.com/winter08/blog/index.php?entry=entry131215-100334
www.invernessfestivals.com/winter08/blog/index.php?entry=entry131215-100334
http://www.pluhma.com/blog/index.php?entry=entry000101-205059
http://pdos.csail.mit.edu/scigen/blog/index.php?m=02&y=06
http://www.custom-designbuild.com/blog/index.php?m=02&y=14&entry=entry140215-082241
http://www.masetti.net/blog/archives.php?y=09&m=06
http://www.eliteenglishcentre.es/blog/static.php?page=Welcome
http://blog.hakwerk.com/static.php?page=crazy_it_party
http://www.wetieit.com/blog/index.php?category=1
www.wetieit.com/blog/index.php?category=1
http://theheatersonline.com/blog/index.php
http://fortknox.csc.ncsu.edu/blog/index.php?m=04&y=07&entry=entry070412-140344
http://blog.shuva.in/static.php?page=static070901-005017_about_me
http://www.belgianfamily.com/blog/index.php
http://www.wd5aii.com/blog/index.php?y=13&m=12
http://www.maintsmart.com/Blog/index.php
http://karrkrafts.com/blog/index.php
http://www.pinecountyhistorymuseum.org/blog/index.php
http://william.famille-blum.org/blog/index.php?entry=entry080612-040012
http://www.xandrinho.com/blog/index.php?entry=entry100528-155648
http://www.sbcofficecenter.com/blog/index.php
http://www.soundbysinger.com/audio-blog/index.php
www.soundbysinger.com/audio-blog/index.php
http://www.statetheatreconcerts.com/blog/static.php?page=static100613-122412
www.statetheatreconcerts.com/blog/static.php?page=static100613-122412
http://www.tapestry.co.nz/blog/index.php?entry=entry140123-215640
http://www.serpentbox.com/blog/index.php
http://www.cam-dex.com/blog/index.php
www.cam-dex.com/blog/index.php
http://www.ocsunsetmarina.com/blog/index.php?entry=entry070904-151350
http://www.arrowpipeline.com/blog/index.php?m=12&y=08&entry=entry081221-162738
http://www.africatamed.co.za/blog/comments.php?y=07&m=07&entry=entry070719-153213
http://www.thevacationcalendar.com/Blog/index.php?entry=entry090727-205943
http://www.judocoach.com/blog/index.php?entry=entry130829-103325
www.judocoach.com/blog/index.php?entry=entry130829-103325
http://www.ghostsniper.com/blog/index.php?entry=entry060828-222950
http://www.terraformthemoon.com/blog/index.php?entry=entry110412-005014
http://www.freshstartkz.com/blog/archives.php?y=14&m=03
http://www.freshstartkz.com/blog/archives.php?y=13&m=08
http://www.chrome-lagos.com/blog/index.php?m=10&y=11&entry=entry111010-192213
http://wsanders.net/blog/static.php?page=static070527-095119
http://www.zealsoft.com/blog/index.php?entry=entry051124-083423
http://wiels.nl/blog/index.php
http://www.patopowerparts.com/blog/index.php
http://www.milfordsnowtrekkers.com/blog/index.php
http://www.anglecomm.com/blog/index.php?entry=entry070510-172648
http://www.balishevilla.com/blog/index.php
http://www.asa-houston.org/Projects/Blog-CE/index.php
http://patrickbrennan.net/blog/index.php
http://millerfit.com/blog/index.php
http://www.redkid.net/blog/index.php?entry=entry101111-142242
http://www.och.cc/blog/stats.php
http://mammoth395.com/blog/index.php?entry=entry140213-130501
http://www.kellysheridan.ca/blog/index.php?m=01&y=10
http://www.parkburnguesthouse.co.uk/blog/index.php
http://www.bestpracticesfhc.com/blog/index.php
http://www.emillustration.co.uk/blog/index.php?m=03&y=13&entry=entry130308-180819
http://blog.chinookhelicopters.com/index.php?entry=entry140130-100830
http://www.waltzinghorsefarm.com/blog/index.php
http://www.colonsaybrewery.co.uk/blog/index.php?PHPSESSID=c8cd4e5ca92b1e8b479778772898556f
www.colonsaybrewery.co.uk/blog/index.php?PHPSESSID=c8cd4e5ca92b1e8b479778772898556f
http://www.djdingo.com/blog/contact.php
http://playchesster.com/blog/index.php?entry=entry110914-231540
http://www.nautikites.net/blog/index.php?entry=entry140118-112029
http://berman.nu/blog/index.php?entry=entry080428-235550
http://www.bazayev.com/blog/index.php?entry=entry120327-124716
http://www.bootcampbeach.co.uk/blog/static.php?page=static090501-130242

8 comentários:

  1. I am new to Php programming, i like to learn more about php for my career use.Your coding is not clear for me, i need more explanation. can you pls explain clearly if you give me a step by step explanation else explain with words inbetween the programming then i can easily understands the php concepts.

    Php Training in Chennai

    ResponderExcluir
  2. hi, nice information is given in this blog. Thanks for sharing this type of information, it is so useful for me. nice work keep it up. digital marketing company in delhi

    ResponderExcluir
  3. Hi! I have more than 4 Years of experience and I am the Founder of a Website Development Company in Rohini, Delhi. I just want to say thank you for posting such a useful, impressive and a wicked article.

    ResponderExcluir
  4. nice topic which you have choose.
    second is, the information which you have provided is better then other blog.
    so nice work keep it up. And thanks for sharing. Epoxy Grout manufacturer in delhi

    ResponderExcluir

............