crs12decoder Posted December 3, 2010 Report Share Posted December 3, 2010 Am facut un mic script php care preia toate link-urile gasite in sursa unei pagini si incearca sa returneze posibile link-uri vulnerabile la SQLI.Asta analizand fiecare link in parte si stabilind daca link-ul respectiv cere sau nu variabile $_GET. Asta ca sa nu se mai caute manual link dupa link pe o anumita pagina web. Nu e mult dar poate va ajuta.Update: am facut cateva mici retusuri pentru a ajuta scriptul sa fie mai user friendly.<?phpsession_start();if(isset($_POST['site'])){$_SESSION['site'] = $_POST['site'];}if(!isset($_SESSION['site'])){$_SESSION['site']='';}$_SESSION['afis'] = array(1 => '',2 => '',3 => '');if(!isset($_POST['afis'])){$_POST['afis'] = 1;}if(is_numeric($_POST['afis']) && $_POST['afis'] <= count($_SESSION['afis'])){$_SESSION['afis'][$_POST['afis']] = 'CHECKED';}?><form action="" method="post">Site: <input type="text" name="site" size="50" value="<?php echo $_SESSION['site'];?>"><br><input type="radio" name="afis" value="1" <?php echo $_SESSION['afis'][1]; ?>>Afiseaza toate link-urile<br><input type="radio" name="afis" value="2" <?php echo $_SESSION['afis'][2]; ?>>Afiseaza doar link-urile vulnerabile<br><input type="radio" name="afis" value="3" <?php echo $_SESSION['afis'][3]; ?>>Afiseaza site-ul asa cum este el<br><input type="submit" name="submit" value="submit"></form><?php//functionsfunction linkextract($link){$simbol = substr($link, 0, 1);if($simbol == '"' || $simbol == "'"){$str = str_split($link);$final = false;for($j=1; $j<count($str); $j++){if($str[$j] == $simbol){ $final = $j.'<br>'; break; } }if($final){$link = substr($link, 1, $final-1);return $link; } }}function sdlex($site){$strsite = file_get_contents($site);$array = array();$exp = explode('href=',$strsite);for($i=0; $i<count($exp); $i++){array_push($array,linkextract($exp[$i]));}return $array;}function vulnerable($link){$exp1 = explode("?",$link);$exp2 = explode("=",$link);$vuln = false;if(count($exp1)>1 && count($exp2)>1){$vuln = true;}return $vuln;}function inputl($link){$exp = explode('http://', $link);if(count($exp)<2){$link = 'http://'.$link; }return $link;}//endfunctionsif(isset($_POST['submit'])){if(!empty($_POST['site'])){$site = inputl($_POST['site']);$array = sdlex($site);?><table border="1"><th>nr.</th><th>link</th><?phpswitch($_POST['afis']){case 1:for($i=1; $i<count($array); $i++){if(vulnerable($array[$i])){echo '<tr><td><b>'.$i.'</b></td><td><b>'.$array[$i].'</b></td></tr>';}else{echo '<tr><td>'.$i.'</td><td>'.$array[$i].'</td></tr>'; }}break;case 2:for($i=1; $i<count($array); $i++){if(vulnerable($array[$i])){echo '<tr><td><b>'.$i.'</b></td><td><b>'.$array[$i].'</b></td></tr>';}}break;?></table><?phpcase 3:$site = file($site);for($i=0; $i<count($site); $i++){echo $site[$i]; }break;}}else{echo 'Introduceti o adresa in campul site';}}?> Quote Link to comment Share on other sites More sharing options...
sharkyz Posted December 3, 2010 Report Share Posted December 3, 2010 Frumos,multumesc Quote Link to comment Share on other sites More sharing options...
Marian Posted December 3, 2010 Report Share Posted December 3, 2010 Nu merge..da eroareWarning: file() [function.file]: Filename cannot be empty in /home/w--bjyg/domains/kle--oop.nl/public_html/scan.php on line 29 Quote Link to comment Share on other sites More sharing options...
crs12decoder Posted December 3, 2010 Author Report Share Posted December 3, 2010 Nu merge..da eroareofff... e logic ca daca nu introduci site-ul pe care sa-l scaneze, nu are ce sa scaneze... si da eroare... am zis ca o sa-l imbunatatesc maine dar poftim... am dat update la cod ca in cazul in care nu-i dai niciun site sa-ti zica sa-i dai si sa nu-ti mai afiseze eroare.... Quote Link to comment Share on other sites More sharing options...