hack_addicted.pt Posted January 20, 2011 Report Posted January 20, 2011 (edited) ?hack_addicted.pt SQLi Scanner ?--Status:[online]--I HIGHLY recommend you to use this SQLi Scanner, and not .exe tools!Side Note: Better dork = more results! Keep that in mind!Note: This scanner is coded by r3m1ck, a very famous Indonesian Coder, i just modded it and uploaded it.--?Online SQLi Scanner ?>Click here to Access<--?Explained: Online SQLi Scanner ??How to: Scan specific websites ?Just use it like this:inurl:php?id=+site:[domain of website]you can either change it like:inurl:php?page=+site:[domain of website]inurl:php?type=+site:[domain of website]If by any chance it fail's just put inurl or allinurl instead of site, like this:inurl:php?id=+inurl:[domain of website]inurl:php?id=+allinurl:[domain of website]Examples:If you want to scan specif countries websites:for example .pt websites:inurl:php?type=+site:.ptor .br:inurl:php?type=+site:.brIf you want to scan: hxtp://www.thurrock.gov.ukuse: inurl:php?=id+site:thurrock.gov.ukresults:http://www.thurrock.gov.uk/benefits/content.php?page='advice_types <== SQL Injection Success !http://www.thurrock.gov.uk/life/content.php?page='category&ID='13 <== SQL Injection Success !http://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library&id='6 <== SQL Injection Success !http://www.thurrock.gov.uk/life/content.php?page='category&ID='21 <== SQL Injection Success !http://www.thurrock.gov.uk/life/content.php?page='category&ID='16 <== SQL Injection Success !http://www.thurrock.gov.uk/a2z/content.php?page='service&ID='349 <== SQL Injection Success !http://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library&id='1 <== SQL Injection Success !http://www.thurrock.gov.uk/life/content.php?page='category&ID='11 <== SQL Injection Success !It does a shearch in google, using specific words called dorksImagine you put this in google:inurl:php?=id+govand you get a list of results: 6.980.000 results in (0,22 secs)now to check the ones vulnerable would take you for ever if you check one by one manually, so what this script does, it puts a ' at the end of the url and shearch for specific words that would be the ones you see when you check it manually.example (script working):google shearch result:hxtp://www.thurrock.gov.uk/libraries/libinfo/content.php?page=library<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>Thurrock Council | Library Information | Library Information</title>....<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">turns to:hxtp://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library<!-- 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'library'LIMIT 1' at line 22 --><p><b>Error: </b>Could not query the database.</p><p>Please try again later.</p>So the script knows that the website is vuln.And displays the result.Any question fell free to ask. :thumbsup: Edited January 20, 2011 by hack_addicted.pt 2 Quote
Birkoff Posted January 20, 2011 Report Posted January 20, 2011 tare scriptul... daca stie cineva sursa php as fi curios sa o studiez Quote
adi003user Posted January 20, 2011 Report Posted January 20, 2011 daca cineva face rost de codul sursa de pe acel litespeed server il vreau si eu Quote
mysticgohanphp Posted January 20, 2011 Report Posted January 20, 2011 am eu codul sursa. cat dati pe el? Quote
neo.hapsis Posted January 20, 2011 Report Posted January 20, 2011 Nice script!Do you share the script? 1+rep Quote
Gabriel87 Posted January 20, 2011 Report Posted January 20, 2011 (edited) Sqli scanner script Edit : http://www39.zippyshare.com/v/98309721/file.htmlAsta 100% merge e php Edited January 20, 2011 by Gabriel87 Quote
mysticgohanphp Posted January 20, 2011 Report Posted January 20, 2011 Sqli scanner script MEGAUPLOAD - The leading online storage and file delivery servicevezi sa nu iti mearga. e php scriptul , ca daca era html dadea orice prost view source code Quote
mysticgohanphp Posted January 20, 2011 Report Posted January 20, 2011 vad ca nici asta care l-ai pus nu e bun.SQLi Scanner by r3m1ck Quote
Gabriel87 Posted January 20, 2011 Report Posted January 20, 2011 vad ca nici asta care l-ai pus nu e bun.SQLi Scanner by r3m1ckVorbesti prosti asta e bun care l-am pus Edit : Zippyshare.com - script sqliscanner.rar Quote
mysticgohanphp Posted January 20, 2011 Report Posted January 20, 2011 pei l-am downaloadat si l-am urcat pe un site sa vad daca functioneaza si se pare ca nu Quote
just-for-funn Posted January 20, 2011 Report Posted January 20, 2011 Ca pula, nu merge nici unu ... scriu acolo inurl:php?=id+pulamea.ro si imi apare mai jos "https://adwords.google.com/select/Login?sourceid='awo&subid='-en-et-symh&medium='link&hl='en <== Not access ! " wtf Quote
Gabriel87 Posted January 20, 2011 Report Posted January 20, 2011 pei l-am downaloadat si l-am urcat pe un site sa vad daca functioneaza si se pare ca nuAtunci pune si tu scriptul de Sqli online care l-ai postat tu vrei banii sau ceva la schimb pentru un script Quote
Guest Praetorian Posted January 20, 2011 Report Posted January 20, 2011 am eu codul sursa. cat dati pe el?Retard!Cod sursa: RAW OUTPUT GA2EgEP9 Quote
Birkoff Posted January 20, 2011 Report Posted January 20, 2011 TinKode ms am vazut care e logica in codul ala, ca sa mearga trebuie pus pe un server cu safe mode = off, curl = on, memorie = 128, set_time_limit = 0(putine servere permit toate setarile astea) Quote
Gabriel87 Posted January 20, 2011 Report Posted January 20, 2011 Retard!Cod sursa: RAW OUTPUT GA2EgEP9Ala l-am pus si eu si o zis ca nu e bun plus ca nu seamana cu asta asta e cu rosu Quote
hack_addicted.pt Posted January 20, 2011 Author Report Posted January 20, 2011 All those version are full of errors, just ask a good php coder, they will see them.Or use my version that is already optimized. Quote
Birkoff Posted January 20, 2011 Report Posted January 20, 2011 All those version are full of errors, just ask a good php coder, they will see them.Or use my version that is already optimized.Thanks for the offer but I'm only interested in the logic of code, how to parse pages, I have seen in the example above and when I have time I write my own code (of course without bugs seen on that example) Quote
ciuturax Posted February 16, 2011 Report Posted February 16, 2011 inca unu sus daca aveti nevoie--[ SQL Google Scanner ]--!Sharp Soft!-- Quote