#Home
|
#Search
|
#IRC(
WEB
/
Client
)
|
#MD5 Cracker
|
#Categories
|
#Links
|
#About
PHP Fuzzer(find possible bugs in php files)
<?php // THIS CODE IS OLD!!! - Pr0T3cT10n. if(isset($_SERVER[argv][1])) $filename = $_SERVER[argv][1]; else { echo("PHP vulnerability analyzer\n"); echo("Written by Pr0T3cT10n, pr0t3ct10n@gmail.com\n"); echo("Usage: php " .$_SERVER[argv][0]. " filename.php\n"); echo("Example: php " .$_SERVER[argv][0]. " filename.php\n"); exit(); } $handle = @fopen($filename, "r") or exit("Cen't open file.."); $contents = @fread($handle, filesize($filename)) or exit("Can't read file.."); $array_rfi = array("require", "include", "require_once", "include_once", "fopen", "readfile", "file_get_contents"); $array_sql = array("mysql_query", "mysql_fetch_object", "mysql_fetch_assoc", "mysql_fetch_array", "mysql_fetch_row"); $array_rce = array("popen", "system", "eval", "passthru", "exec", "shell_exec", "escapeshellarg", "escapeshellcmd", "proc_open"); foreach($array_rfi as $rfi) { if(preg_match_all("/" .$rfi. "((.*))/i", $contents, $matches)) { echo("\n//------------------------------\n// Possible remote file inclusion\n//------------------------------\n"); foreach($matches[1] as $match) echo("\t" .$rfi.$match. "\n"); } } foreach($array_rce as $rce) { if(preg_match_all("/" .$rce. "((.*))/i", $contents, $matches)) { echo("\n//------------------------------\n// Possible remote command execution\n//------------------------------\n"); foreach($matches[1] as $match) echo("\t" .$rce.$match. "\n"); } } foreach($array_sql as $sql) { if(preg_match_all("/" .$sql. "((.*))/i", $contents, $matches)) { echo("\n//------------------------------\n// Possible sql inejction\n//------------------------------\n"); foreach($matches[1] as $match) echo("\t" .$sql.$match. "\n"); } } echo("\n\n\n\n"); fclose($handle); ?>
Back
Send all submissions to nullbyte.israel[at]gmail.com
Copyright © 2009 - 2010 | Queries: 4
