crs12decoder Posted December 3, 2010 Report Posted December 3, 2010 Am facut un mic script php care preia toate link-urile gasite in sursa unei pagini si incearca sa returneze posibile link-uri vulnerabile la SQLI.Asta analizand fiecare link in parte si stabilind daca link-ul respectiv cere sau nu variabile $_GET. Asta ca sa nu se mai caute manual link dupa link pe o anumita pagina web. Nu e mult dar poate va ajuta.Update: am facut cateva mici retusuri pentru a ajuta scriptul sa fie mai user friendly.<?phpsession_start();if(isset($_POST['site'])){$_SESSION['site'] = $_POST['site'];}if(!isset($_SESSION['site'])){$_SESSION['site']='';}$_SESSION['afis'] = array(1 => '',2 => '',3 => '');if(!isset($_POST['afis'])){$_POST['afis'] = 1;}if(is_numeric($_POST['afis']) && $_POST['afis'] <= count($_SESSION['afis'])){$_SESSION['afis'][$_POST['afis']] = 'CHECKED';}?><form action="" method="post">Site: <input type="text" name="site" size="50" value="<?php echo $_SESSION['site'];?>"><br><input type="radio" name="afis" value="1" <?php echo $_SESSION['afis'][1]; ?>>Afiseaza toate link-urile<br><input type="radio" name="afis" value="2" <?php echo $_SESSION['afis'][2]; ?>>Afiseaza doar link-urile vulnerabile<br><input type="radio" name="afis" value="3" <?php echo $_SESSION['afis'][3]; ?>>Afiseaza site-ul asa cum este el<br><input type="submit" name="submit" value="submit"></form><?php//functionsfunction linkextract($link){$simbol = substr($link, 0, 1);if($simbol == '"' || $simbol == "'"){$str = str_split($link);$final = false;for($j=1; $j<count($str); $j++){if($str[$j] == $simbol){ $final = $j.'<br>'; break; } }if($final){$link = substr($link, 1, $final-1);return $link; } }}function sdlex($site){$strsite = file_get_contents($site);$array = array();$exp = explode('href=',$strsite);for($i=0; $i<count($exp); $i++){array_push($array,linkextract($exp[$i]));}return $array;}function vulnerable($link){$exp1 = explode("?",$link);$exp2 = explode("=",$link);$vuln = false;if(count($exp1)>1 && count($exp2)>1){$vuln = true;}return $vuln;}function inputl($link){$exp = explode('http://', $link);if(count($exp)<2){$link = 'http://'.$link; }return $link;}//endfunctionsif(isset($_POST['submit'])){if(!empty($_POST['site'])){$site = inputl($_POST['site']);$array = sdlex($site);?><table border="1"><th>nr.</th><th>link</th><?phpswitch($_POST['afis']){case 1:for($i=1; $i<count($array); $i++){if(vulnerable($array[$i])){echo '<tr><td><b>'.$i.'</b></td><td><b>'.$array[$i].'</b></td></tr>';}else{echo '<tr><td>'.$i.'</td><td>'.$array[$i].'</td></tr>'; }}break;case 2:for($i=1; $i<count($array); $i++){if(vulnerable($array[$i])){echo '<tr><td><b>'.$i.'</b></td><td><b>'.$array[$i].'</b></td></tr>';}}break;?></table><?phpcase 3:$site = file($site);for($i=0; $i<count($site); $i++){echo $site[$i]; }break;}}else{echo 'Introduceti o adresa in campul site';}}?> Quote
Marian Posted December 3, 2010 Report Posted December 3, 2010 Nu merge..da eroareWarning: file() [function.file]: Filename cannot be empty in /home/w--bjyg/domains/kle--oop.nl/public_html/scan.php on line 29 Quote
crs12decoder Posted December 3, 2010 Author Report Posted December 3, 2010 Nu merge..da eroareofff... e logic ca daca nu introduci site-ul pe care sa-l scaneze, nu are ce sa scaneze... si da eroare... am zis ca o sa-l imbunatatesc maine dar poftim... am dat update la cod ca in cazul in care nu-i dai niciun site sa-ti zica sa-i dai si sa nu-ti mai afiseze eroare.... Quote