Wednesday 20 March 2013

[EN] Modules in your own webscanner - LFI module

Code listed below is a simple LFI-checker. It's based on the same module as XSS-over-POST.
As I wrote before, all of those 'modules' can be rewrited in one, bigger code.

Here is the code:

 #!/usr/bin/env python
 # ----
 # try_lfi.py - simple find if there is LFI vulnerability 
 # ----
 # - can be also used to find traversal-vulnerabilities
 # - tests can be extended to find more information than just passwd file.
 
 import urllib
 import sys
 
 #defines:
 url=sys.argv[1]
 checkLfis = open('LFItext.txt','r')
 try_lfi = checkLfis.readlines()
 
 if len(sys.argv) < 2:
   sys.stderr.write('usage: '+sys.argv[0]+' http://localhost/page?param=')
   sys.exit(1)
 else:
   print '---------------------------------------------------------------'
   print '[+] Searching for traversal/LFI vulnerability at URL: ', url
   print '---------------------------------------------------------------'
 
   i=0
   for line in try_lfi:
     full_url_to_check = url+line
     try_page = urllib.urlopen(full_url_to_check)
     read_page = try_page.readlines()
     i=i+1
 
     print 'Trying: ',line
     print 'Status: ', try_page.getcode()
     print '\t[~] Now reading the answer to '
     print 'find out if there is our \'vulnerable-string\'...'
 
     for read_lines in read_page:
       if read_lines.find('root') != -1:
         print '\t[+] Found potential LFI bug! '
         print 'This is the answer: ', read_lines  
   print '---------------------------------------------------------------' 
 
As you can read at this code, it's using a LFItext.txt file to search some 
various strings. At module's source you will find how to use it against 
some local-file include vulnerabilities.
 
Whole code is available also at pastebin.
 
Feedback is welcome ;)

Enjoy! o/

No comments:

Post a Comment

What do You think...?