Jump to content
hack_addicted.pt

✩ Online SQLi Scanner FINAL VERSION ✩ (scan specific: websites/domains/country/dorks)

By hack_addicted.pt, in Programe hacking

Recommended Posts

hack_addicted.pt Newbie

hack_addicted.pt

Posted
Posted (edited)

?hack_addicted.pt SQLi Scanner ?

--Status:[online]--

I HIGHLY recommend you to use this SQLi Scanner, and not .exe tools!

Side Note: Better dork = more results! Keep that in mind!

Note: This scanner is coded by r3m1ck, a very famous Indonesian Coder, i just modded it and uploaded it.

--

?Online SQLi Scanner ?

>Click here to Access<

--

?Explained: Online SQLi Scanner ?

?How to: Scan specific websites ?

Just use it like this:

inurl:php?id=+site:[domain of website]

you can either change it like:

inurl:php?page=+site:[domain of website]

inurl:php?type=+site:[domain of website]

If by any chance it fail's just put inurl or allinurl instead of site, like this:

inurl:php?id=+inurl:[domain of website]

inurl:php?id=+allinurl:[domain of website]

Examples:

If you want to scan specif countries websites:

for example .pt websites:

inurl:php?type=+site:.pt

or .br:

inurl:php?type=+site:.br

If you want to scan: hxtp://www.thurrock.gov.uk

use: inurl:php?=id+site:thurrock.gov.uk

results:


http://www.thurrock.gov.uk/benefits/content.php?page='advice_types <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='13 <== SQL Injection Success !
http://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library&id='6 <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='21 <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='16 <== SQL Injection Success !
http://www.thurrock.gov.uk/a2z/content.php?page='service&ID='349 <== SQL Injection Success !
http://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library&id='1 <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='11 <== SQL Injection Success !
It does a shearch in google, using specific words called dorks
Imagine you put this in google:
inurl:php?=id+gov
and you get a list of results: 6.980.000 results in (0,22 secs)
now to check the ones vulnerable would take you for ever if you check one by one manually, so what this script does, it puts a ' at the end of the url and shearch for specific words that would be the ones you see when you check it manually.
example (script working):
google shearch result:
hxtp://www.thurrock.gov.uk/libraries/libinfo/content.php?page=library

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
	<title>Thurrock Council | Library Information | Library Information</title>....
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
turns to:
hxtp://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library

<!-- 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'library'
LIMIT 1' at line 22 -->
<p><b>Error: </b>Could not query the database.</p><p>Please try again later.</p>
So the script knows that the website is vuln.
And displays the result.
Any question fell free to ask. :thumbsup:



			
				


	Edited  by hack_addicted.pt
	
	

			
		


		
			

				
					
						

	
	
		

			
				
				

					
						

	
	
    
		
		
			
				
				
  • 
					
						
					
							
								Upvote
							
							
								2
							
					
						
					
				
    • 
			
		
	


					
				

			
			
			
		

	


					
				
				
			

		

		
			

		
	


	

	





	
Link to comment

	
		
	
	
	

	
	
Share on other sites

	

	


	

	

	




	



					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
					
					
					






	

	

	

		

			

				


	
		Birkoff
	

				
				
					
						
Newbie
					
				
			

		

		

			

				


Birkoff
			

			

				Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
					
					
					
					
				

			

			
		


		

			Posted 
			
			
				
				
			
		

	


	

    

	

		
		

			
All those version are full of errors, just ask a good php coder, they will see them.
Or use my version that is already optimized.
Thanks for the offer but I'm only interested in the logic of code, how to parse pages, I have seen in the example above and when I have time I write my own code (of course without bugs seen on that example)



			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
			

		
	


	

	





	
Link to comment

	
		
	
	
	

	
	
Share on other sites

	

	


	

	

	




	



					
				
					
					
					





					
				
					
					
					





					
				
					
					
					





					
				
			
			



		

	


	
	

	
		
		

			
				
				

	
		

			
Join the conversation

			

	
				
					You can post now and register later.
				
				If you have an account, sign in now to post with your account.
				
			

	
		

	




	
	
		
	
		
	
		
	
	
		
		
	
	

		

		


	
		Guest
	


		

			
				
					
				
					
						
    
							
  • 
								


	
	
	
	

								
							
    • 
						

					
				
					
				
			
			
				
					
						
							
						
						



    

		
		

			
		

		
			
 Reply to this topic...

		
		

			

				
					×
					  Pasted as rich text.   Paste as plain text instead
				
			

		

		

			

				  Only 75 emoji are allowed.
			

		

		

			

				×
				  Your link has been automatically embedded.   Display as a link instead
			

		

		

			

			

		

		

			

				×
				  Your previous content has been restored.   Clear editor
			

		

		

			

				×
				  You cannot paste images directly. Upload or insert images from URL.
			

		

		
	

		
	

	

	

		

			×
			
		

		

	



						
					
				
					
				
					
				
			
			
    
				
					
						
					
						
					
						
							
  • 
								


    
	

    

								
							
    • 
						
					
				
				
					
  • 

	

    • 
				
			

		

	



			
		

	

	
		

			


		

		

			



		

	







	

		
			
				Go to topic listing
			
		
	

	




	

	

	


	

	




								


							

							


						

					

					
				

				

				

			

		

		
		


	×
	

		

			

			

				

					
				


			

			
		

	






	×
	

		

			
    
				
  • Create New...
    •