WPSploit – Exploiting Wordpress With Metasploit. Lite SQLi Scanner. – WordPress Mashshare Plugin Info. Pack XSS Scanner. Module WebApp Msf::Exploit:.

Exploit Scanner Plugin

Aggrenox Sqli Exploit Scanner Plugins

1. # www.insecurity.in
2. import sys
3. import urllib2
4. plugins = ['kingchat.php','profilewfc.php','awaylist.php','hmflags.php','profileskype.php','socialsites.php','dymy_ua.php','profilefacebook.php','AJAXChat.php','youtube.php','tipsoftheday.php','profileblogs.php','bank.php','SuscribeUsers.php','profile_albums.php','mystatus.php','userbarplugin.php','afsignatures.php','mytabs.php', 'hello.php', 'profilexli.php', 'mytube.php', 'changfcb.php']
5. kingchatinfo = '[+] MyBB Kingchat Plugin Pers. XSS and SQLi: http://www.exploit-db.com/exploits/23249/ & http://www.exploit-db.com/exploits/23105/n'
6. profilewfcinfo = '[+] MyBB Wii Friend Code Multiple Vulnerabilities: http://www.exploit-db.com/exploits/23888/n'
7. awaylistinfo = '[+] MyBB AwayList SQLi: http://www.exploit-db.com/exploits/23625/n'
8. hmflagsinfo = '[+] MyBB HM Country Flags SQLi: http://www.exploit-db.com/exploits/23624/n'
9. profileskypeinfo = '[+] MyBB User Profile Skype ID Plugin Pers. XSS: http://www.exploit-db.com/exploits/23425/n'
10. socialsitesinfo = '[+] MyBB Social Sites XSS: http://www.exploit-db.com/exploits/23382/n'
11. dymy_uainfo = '[+] MyBB DyMy User Agent Plugin SQLi: http://www.exploit-db.com/exploits/23359/n'
12. profilefacebookinfo = '[+] MyBB Facebook Profile Pers. XSS: http://www.exploit-db.com/exploits/23355/n'
13. AJAXChatinfo = '[+] MyBB AJAX Chat Multiple Vulnerabilities: http://www.exploit-db.com/exploits/23354/ & http://1337day.com/exploit/20836/n'
14. youtubeinfo = '[+] MyBB MyYoutube Plugin 1.0 SQLi: http://www.exploit-db.com/exploits/23353/n'
15. tipsofthedayinfo = '[+] MyBB TipsOfTheDay Plugin Multiple Vulnerabilities: http://www.exploit-db.com/exploits/23322/n'
16. profileblogsinfo = '[+] MyBB Profile Blogs Plugin 1.2 Multiple Vulnerabilities: http://www.exploit-db.com/exploits/23287/n'
17. bankinfo = '[+] MyBB Bank-v3 Plugin SQLi: http://www.exploit-db.com/exploits/23284/n'
18. SuscribeUsersinfo = '[+] MyBB Follower User Plugin SQLi: http://www.exploit-db.com/exploits/22405/n'
19. profilealbumsinfo = '[+] MyBB Profile Albums Plugin SQLi: http://www.exploit-db.com/exploits/22003/n'
20. mystatusinfo = '[+] MyBB MyStatus 3.1 SQL Injection: http://www.exploit-db.com/exploits/17972/n'
21. userbarplugininfo = '[+] MyBB Forum Userbar Plugin SQLi: http://www.exploit-db.com/exploits/17962/n'
22. afsignaturesinfo = '[+] MyBB Advanced Forum Signatures SQLi: http://www.exploit-db.com/exploits/17961/n'
23. mytabsinfo = '[+] MyBB MyTabs Plugin SQLi: http://www.exploit-db.com/exploits/17595/n'
24. xblinfo = '[+] MyBB Profile Xbox Live ID SQLi: http://1337day.com/exploit/20001/n'
25. mytubeinfo = '[+] MyBB MyTube Pers. XSS: http://1337day.com/exploit/19999/n'
26. changuoninfo = '[+] MyBB ChangUonDyu Extra File Chatbox Pers. XSS: http://1337day.com/exploit/19957n'
27. def get_path():
28. source = urllib2.urlopen('http://'+host+directory+'/inc/3rdparty/diff/Diff/ThreeWay.php').read()
29. source = source.replace('</b>',')
30. source = source.replace('<a href=',')
31. source = source.replace('[',')
32. source = source.replace('Fatal error:',')
33. source = source.replace('</a>',')
34. source = source.replace('Failed opening required', ')
35. source = source.replace('Text/Diff.php', ')
36. source = source.replace('(include_path=.:) in', ')
37. source = source.replace(' ', ')
38. source = source.replace('inc/3rdparty/diff/Diff/ThreeWay.php', ')
39. char2 = '<br />'
40. if len(fullpaths) >= 1:
41. print 'n[+] PHP Error for Full path: n' + source + 'n'
42. print 'n[-] PHP Error for Full path: System is patched or error_reporting is set to 0 in the configuration.n'
43. try:
44. conn.request('HEAD', path)
45. except StandardError:
46. status = get_status_code(host, directory + '/inc/plugins/' + plugin)
47. if status 200:
48. print kingchatinfo
49. elif plugin 'profilewfc.php':
50. numofvulns += 1
51. print awaylistinfo
52. elif plugin 'hmflags.php':
53. numofvulns += 1
54. print profileskypeinfo
55. elif plugin 'socialsites.php':
56. numofvulns += 1
57. print dymy_uainfo
58. elif plugin 'profilefacebook.php':
59. numofvulns += 1
60. print AJAXChatinfo
61. elif plugin 'youtube.php':
62. numofvulns += 1
63. print tipsofthedayinfo
64. elif plugin 'profileblogs.php':
65. numofvulns += 1
66. print bankinfo
67. elif plugin 'SuscribeUsers.php':
68. numofvulns += 1
69. print profilealbumsinfo
70. elif plugin 'mystatus.php':
71. numofvulns += 1
72. print userbarplugininfo
73. elif plugin 'afsignatures.php':
74. numofvulns += 1
75. print mytabsinfo
76. elif plugin 'profilexli.php':
77. numofvulns += 1
78. print mytubeinfo
79. elif plugin 'changfcb.php':
80. numofvulns += 1
81. print 'n'
82. print '# Example: ./mybbscan.py www.site.com /path/'
83. print '# See usage example in the box.'
84. host = sys.argv[1].replace('http://',')
85. numofvulns = 0
86. for plugin in plugins:
87. if numofvulns 0:
88. else:
89. print '[+++] ' + str(numofvulns) + ' vulnerable plugins were found on the host.'