<?php
error_reporting(0);
set_time_limit(0);
/**
* Timthumb plugin scanner for WordPress.
*
* @version 1.00
* @author Christian Ditaputratama <
[email protected]>
*
* Timthumb plugin scanner for Wordpress.
* optionally dump scan result to text file.
*
* still very early release, just for testing and fun coding purpose :)
*
*------------------------------------------------------------------------+
* This program is free software; you can redistribute it and/or modify |
* it under the terms of the GNU General Public License version 2 as |
* published by the Free Software Foundation. |
* |
* This program is distributed in the hope that it will be useful, |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
* GNU General Public License for more details. |
* |
* This script are often used solely for informative, educational |
* purposes only. Author cannot be held responsible for any |
* damage and (or) (ab)use of this script. |
* Please submit changes of the script so other people can use |
* them as well. This script is free to use, don't abuse. |
*------------------------------------------------------------------------+
*/
$dirlist = 'timthumb.txt';
function doValidLink($link) {
$validLink = preg_match("|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i", $link) ? $link : "http://" . $link;
$link = $validLink[strlen($validLink)-1] == "/" ? $validLink : $validLink . "/";
return $link;
}
function write($text) {
global $fh;
fwrite($fh, $text);
}
$greetz = "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n";
$greetz .=" Timthumb plugin scanner for WordPress\n";
$greetz .=" by ditatompel < ditatompel [at] gmail [dot] com >\n";
$greetz .=" Please send bug report to help improving this script.\n\n";
$greetz .=" Greetings for all members of devilzc0de.org, all Indonesian c0ders,\n";
$greetz .=" and all GNU Generation ;-)\n";
$greetz .=" Thanks to : 5ynL0rd who always inspire me, I glue you all my regards.\n";
$greetz .="-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n";
if ( !is_file($dirlist) ) exit("[!] Error! please check directory your list!\n");
print $greetz;
if ( $argc < 2) {
print_r("-----------------------------------------------------------------------------\n" .
"Usage : php " . $argv[0] . " [target] [output]\n" .
"target : domain / url\n" .
"output : file name for Every [+] Wo0t! output will be saved to (optional)\n" .
"Example 1 : php " . $argv[0] . " myhost.com\n" .
"Example 2 : php ".$argv[0]." myhost.com scan_result.txt\n" .
"-----------------------------------------------------------------------------\n");
exit;
}
$url = doValidLink($argv[1]);
$output = $argv[2];
echo "\r\nChecking " . $url . "\r\n";
$check = get_headers($url, 1);
if ( empty($check)) {
print_r("No repsond from server.\nmake sure your target url are correct!\n" .
"Exiting...\n" .
"-----------------------------------------------------------------------------\n");
exit;
}
$serverInfo = $check['Server'];
if (preg_match('/301/', $check[0]) || preg_match('/302/', $check[0]) ) {
$url = $check['Location'];
$serverInfo = $check['Server'][0];
}
$additionalInfo = NULL;
if ( !empty($output) ) {
$fh = fopen($output, 'w');
$additionalInfo = $fh ? 'Every [+] Wo0t! output will be saved on ' . $output : '[!] Cannot write scan result to ' . $output;
}
$info = "-----------------------------------------------------------------------------\n";
$info .= "\tTarget : " . $url . "\n";
$info .= "\tStatus : " . $check[0] . "\n";
$info .= "\tServer : " . $serverInfo . "\n";
$info .= "\tStart Scan : " . date("Y-m-d H:i:s") . "\n";
$info .= "\t" . $additionalInfo . "\n";
$info .= "-----------------------------------------------------------------------------\n";
print_r($info);
if ( $fh ) {
write($greetz);
write($info);
}
foreach ( file($dirlist) as $tim => $thumb){
$thumb = explode("\n", $thumb);
$headers = get_headers($url . $thumb[0], 1);
if ( !preg_match('/404/', $headers[0]) ) {
$result = "[+] Wo0t! Found! " . $url . $thumb[0] . "\r\n";
echo $result;
if ( $fh ) write($result);
}
elseif (preg_match('/301/', $headers[0]) || preg_match('/302/', $headers[0]) ) {
$result = "[+] Wo0t! " . $url . $thumb[0] . " Found! redirect to -> " . $headers['Location'] . "\r\n";
echo $result;
if ( $fh ) write($result);
}
else {
echo "[-] NOT Found! " . $url . $thumb[0] . "\r\n";
}
}
if ( !empty($output) ) {
write("-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Finish scan " . $tim . " path -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n");
fclose($fh);
}
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Finish scan " . $tim . " path -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n";
?>