| | 1 | #!/usr/bin/php |
| | 2 | <?php |
| | 3 | //RFIFinder 0.1 (filter for crawlers) |
| | 4 | //<-Harvie 2oo7 |
| | 5 | /* |
| | 6 | *This thing will find urls with expected RFI hole in pages specified by STDIN lines. |
| | 7 | *Use it well... |
| | 8 | */ |
| | 9 | |
| | 10 | function is_rfi_positive($url) { |
| | 11 | $rfi_regexp = '(\?|&)(page|url|include|readfile|require|inc)=.*\.(html|htm|php|php.|txt)'; |
| | 12 | return eregi($rfi_regexp, $url); |
| | 13 | } |
| | 14 | |
| | 15 | $stdin = fopen('php://stdin', 'r'); |
| | 16 | while(!feof($stdin)) { |
| | 17 | $url = trim(fgets($stdin)); //echo($url); //Debug |
| | 18 | if(is_rfi_positive($url)) echo("$url\n"); |
| | 19 | $in = @file($url); if(!$in || !is_array($in)) continue; |
| | 20 | foreach($in as $line) { |
| | 21 | $line = spliti('href="http://', $line); |
| | 22 | if(sizeof($line) > 1) { |
| | 23 | array_shift($line); //print_r($line); //Debug |
| | 24 | foreach($line as $nurl) { |
| | 25 | //echo("#"); //debug |
| | 26 | $nurl = spliti('"', $nurl); |
| | 27 | $nurl = 'http://'.trim(htmlspecialchars_decode($nurl[0])); //echo($nurl."\n"); //Debug |
| | 28 | $test = @fopen($nurl, 'r'); |
| | 29 | if(is_rfi_positive($nurl) && $test) echo("$nurl\n"); |
| | 30 | } |
| | 31 | } |
| | 32 | } |
| | 33 | } |
| | 34 | |
GIT.Harvie.CZ / mirrors / Programs.git / blame_incremental