Simple PHP Blog <= 0.4.0 - Multiple Remote Exploits,
Vamos usar o scanner inurl para buscar site que possuem o CMS Simple PHP Blog
[ SCANNER INURLBR 1.0 / CONSOLE ]
----------------------------------------------------------------------------------------------------------------------------
0xHOST GOOGLE........:
www.google.com.br
0xDORK...............:
intext:"Powered by Simple PHP Blog" & inurl:"/blog/" ext:php
0xEXPLOIT............:
0xARQUIVO............:
resultado.txt
0xTIPO DE ERRO.......: 2
0xPROCURAR NO ALVO...:
Simple PHP Blog
0xIP PROXY...........:
0xPORTA..............:
----------------------------------------------------------------------------------------------------------------------------
0xCARREGANDO CONFIGURAÇÕES...
DEBUG:
Array
(
[0] => Array
(
)
[host] => www.google.com.br
[dork] => intext%3A%22Powered+by+Simple+PHP+Blog%22+%26+inurl%3A%22%2Fblog%2F%22+ext%3Aphp
[arquivo] => resultado.txt
[tipoerro] => 2
[exploit] =>
[achar] => Simple PHP Blog
[ipProxy] =>
[porta] =>
[url] => /search?q=intext%3A%22Powered+by+Simple+PHP+Blog%22+%26+inurl%3A%22%2Fblog%2F%22+ext%3Aphp&num=1900&btnG=Search
[port] => 80
)
Comando usado no scanner inurl:
php botConsole.php --host='www.google.com.br' --dork='intext:"Powered by Simple PHP Blog" & inurl:"/blog/" ext:php' --arquivo='resultado.txt' --tipoerro='2' --exploit='' --achar='Simple PHP Blog'
ou --achar='Powered by Simple PHP Blog'
Exploit:
http://www.exploit-db.com/exploits/1191/
Scanner INURL:
http://pastebin.com/TzijC99y
RESULTADO SCANNER POSSÍVEIS VULNERÁVEIS :
TOTAL DE URL's: 179
EXPLOIT USADO:
DORK: intext%3A%22Powered+by+Simple+PHP+Blog%22+%26+inurl%3A%22%2Fblog%2F%22+ext%3Aphp
TOTAL DE POSSÍVEIS VULL: 106
ARQUIVO COM RESULTADO:resultado.txt
LISTA:
http://www.mutualdata.com/blog/index.php
http://www.ashrealms.com/blog/index.php
http://www.gdaa.org.uk/Blog/index.php
http://www.damanicorp.com/blog/index.php?m=10&y=13&entry=entry131012-001437
http://www.damanicorp.com/blog/index.php?m=04&y=07
http://www.traffordbankguesthouse.co.uk/blog/index.php
http://ps.ewi.utwente.nl/Blog/index.php
http://www.aerobiology.ca/blog/index.php
www.aerobiology.ca/blog/index.php
http://www.lofiminds.com/blog/static.php?page=xwung
http://fourseasonsroofingandsiding.com/Roofing-Blog/index.php?category=13
http://www.homesurvey.eu/Blog/index.php
http://www.omegamoon.com/blog/index.php
www.omegamoon.com/blog/index.php
http://www.omegamoon.com/blog/index.php?entry=entry140317-173710
http://boeglin.org/blog/index.php?entry=Flashing-a-BenQ-Z-series-for-free
http://humblecomics.com/blog/index.php
http://www.northernkentuckydancestudio.com/blog/index.php
http://www.ablekidspress.com/blog/index.php
www.ablekidspress.com/blog/index.php
http://courtjones.com/blog/index.php
http://geneyang.com/blog/index.php?entry=entry100524-195255
http://blog.frapu.de/index.php?m=09&y=13&d=&entry=entry130901-200909
http://www.lfpl.org/readers/blog/index.php
www.lfpl.org/readers/blog/index.php
http://shalinsiriwardana.asia/blog/comments.php?y=14&m=01&entry=entry140126-160857
http://www.z80.eu/blog/index.php?entry=entry140316-002012
http://www.rimrockpress.com/blog/index.php?entry=entry110914-115350
www.rimrockpress.com/blog/index.php?entry=entry110914-115350
http://blog.curti.eti.br/stats.php
http://www.donaldsteel.com/blog/index.php
http://www.bbheits.com/blog/index.php
http://www.lautechaee-edu.com/blog/index.php
http://www.bedfordlodge.co.uk/blog.php
www.bedfordlodge.co.uk/
http://www.bignightout.net.nz/blog/index.php?m=11&y=11&entry=entry111120-182043
http://www.createdimage.com.au/blog/index.php?m=01&y=14
http://www.bonniwellmusicmachine.com/blog/static.php?page=MusicMachineVideoBiography
www.bonniwellmusicmachine.com/blog/static.php?page=MusicMachineVideoBiography
http://www.invernessfestivals.com/winter08/blog/index.php?entry=entry131215-100334
www.invernessfestivals.com/winter08/blog/index.php?entry=entry131215-100334
http://www.pluhma.com/blog/index.php?entry=entry000101-205059
http://pdos.csail.mit.edu/scigen/blog/index.php?m=02&y=06
http://www.custom-designbuild.com/blog/index.php?m=02&y=14&entry=entry140215-082241
http://www.masetti.net/blog/archives.php?y=09&m=06
http://www.eliteenglishcentre.es/blog/static.php?page=Welcome
http://blog.hakwerk.com/static.php?page=crazy_it_party
http://www.wetieit.com/blog/index.php?category=1
www.wetieit.com/blog/index.php?category=1
http://theheatersonline.com/blog/index.php
http://fortknox.csc.ncsu.edu/blog/index.php?m=04&y=07&entry=entry070412-140344
http://blog.shuva.in/static.php?page=static070901-005017_about_me
http://www.belgianfamily.com/blog/index.php
http://www.wd5aii.com/blog/index.php?y=13&m=12
http://www.maintsmart.com/Blog/index.php
http://karrkrafts.com/blog/index.php
http://www.pinecountyhistorymuseum.org/blog/index.php
http://william.famille-blum.org/blog/index.php?entry=entry080612-040012
http://www.xandrinho.com/blog/index.php?entry=entry100528-155648
http://www.sbcofficecenter.com/blog/index.php
http://www.soundbysinger.com/audio-blog/index.php
www.soundbysinger.com/audio-blog/index.php
http://www.statetheatreconcerts.com/blog/static.php?page=static100613-122412
www.statetheatreconcerts.com/blog/static.php?page=static100613-122412
http://www.tapestry.co.nz/blog/index.php?entry=entry140123-215640
http://www.serpentbox.com/blog/index.php
http://www.cam-dex.com/blog/index.php
www.cam-dex.com/blog/index.php
http://www.ocsunsetmarina.com/blog/index.php?entry=entry070904-151350
http://www.arrowpipeline.com/blog/index.php?m=12&y=08&entry=entry081221-162738
http://www.africatamed.co.za/blog/comments.php?y=07&m=07&entry=entry070719-153213
http://www.thevacationcalendar.com/Blog/index.php?entry=entry090727-205943
http://www.judocoach.com/blog/index.php?entry=entry130829-103325
www.judocoach.com/blog/index.php?entry=entry130829-103325
http://www.ghostsniper.com/blog/index.php?entry=entry060828-222950
http://www.terraformthemoon.com/blog/index.php?entry=entry110412-005014
http://www.freshstartkz.com/blog/archives.php?y=14&m=03
http://www.freshstartkz.com/blog/archives.php?y=13&m=08
http://www.chrome-lagos.com/blog/index.php?m=10&y=11&entry=entry111010-192213
http://wsanders.net/blog/static.php?page=static070527-095119
http://www.zealsoft.com/blog/index.php?entry=entry051124-083423
http://wiels.nl/blog/index.php
http://www.patopowerparts.com/blog/index.php
http://www.milfordsnowtrekkers.com/blog/index.php
http://www.anglecomm.com/blog/index.php?entry=entry070510-172648
http://www.balishevilla.com/blog/index.php
http://www.asa-houston.org/Projects/Blog-CE/index.php
http://patrickbrennan.net/blog/index.php
http://millerfit.com/blog/index.php
http://www.redkid.net/blog/index.php?entry=entry101111-142242
http://www.och.cc/blog/stats.php
http://mammoth395.com/blog/index.php?entry=entry140213-130501
http://www.kellysheridan.ca/blog/index.php?m=01&y=10
http://www.parkburnguesthouse.co.uk/blog/index.php
http://www.bestpracticesfhc.com/blog/index.php
http://www.emillustration.co.uk/blog/index.php?m=03&y=13&entry=entry130308-180819
http://blog.chinookhelicopters.com/index.php?entry=entry140130-100830
http://www.waltzinghorsefarm.com/blog/index.php
http://www.colonsaybrewery.co.uk/blog/index.php?PHPSESSID=c8cd4e5ca92b1e8b479778772898556f
www.colonsaybrewery.co.uk/blog/index.php?PHPSESSID=c8cd4e5ca92b1e8b479778772898556f
http://www.djdingo.com/blog/contact.php
http://playchesster.com/blog/index.php?entry=entry110914-231540
http://www.nautikites.net/blog/index.php?entry=entry140118-112029
http://berman.nu/blog/index.php?entry=entry080428-235550
http://www.bazayev.com/blog/index.php?entry=entry120327-124716
http://www.bootcampbeach.co.uk/blog/static.php?page=static090501-130242