Jump to content
hack_addicted.pt

✩ Online SQLi Scanner FINAL VERSION ✩ (scan specific: websites/domains/country/dorks)

By hack_addicted.pt, in Programe hacking

Recommended Posts

hack_addicted.pt Newbie

hack_addicted.pt

Posted
Posted (edited)

?hack_addicted.pt SQLi Scanner ?

--Status:[online]--

I HIGHLY recommend you to use this SQLi Scanner, and not .exe tools!

Side Note: Better dork = more results! Keep that in mind!

Note: This scanner is coded by r3m1ck, a very famous Indonesian Coder, i just modded it and uploaded it.

--

?Online SQLi Scanner ?

>Click here to Access<

--

?Explained: Online SQLi Scanner ?

?How to: Scan specific websites ?

Just use it like this:

inurl:php?id=+site:[domain of website]

you can either change it like:

inurl:php?page=+site:[domain of website]

inurl:php?type=+site:[domain of website]

If by any chance it fail's just put inurl or allinurl instead of site, like this:

inurl:php?id=+inurl:[domain of website]

inurl:php?id=+allinurl:[domain of website]

Examples:

If you want to scan specif countries websites:

for example .pt websites:

inurl:php?type=+site:.pt

or .br:

inurl:php?type=+site:.br

If you want to scan: hxtp://www.thurrock.gov.uk

use: inurl:php?=id+site:thurrock.gov.uk

results:


http://www.thurrock.gov.uk/benefits/content.php?page='advice_types <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='13 <== SQL Injection Success !
http://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library&id='6 <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='21 <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='16 <== SQL Injection Success !
http://www.thurrock.gov.uk/a2z/content.php?page='service&ID='349 <== SQL Injection Success !
http://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library&id='1 <== SQL Injection Success !
http://www.thurrock.gov.uk/life/content.php?page='category&ID='11 <== SQL Injection Success !
It does a shearch in google, using specific words called dorks
Imagine you put this in google:
inurl:php?=id+gov
and you get a list of results: 6.980.000 results in (0,22 secs)
now to check the ones vulnerable would take you for ever if you check one by one manually, so what this script does, it puts a ' at the end of the url and shearch for specific words that would be the ones you see when you check it manually.
example (script working):
google shearch result:
hxtp://www.thurrock.gov.uk/libraries/libinfo/content.php?page=library

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
	<title>Thurrock Council | Library Information | Library Information</title>....
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
turns to:
hxtp://www.thurrock.gov.uk/libraries/libinfo/content.php?page='library

<!-- 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'library'
LIMIT 1' at line 22 -->
<p><b>Error: </b>Could not query the database.</p><p>Please try again later.</p>
So the script knows that the website is vuln.
And displays the result.
Any question fell free to ask. :thumbsup:



			
				


	Edited  by hack_addicted.pt
	
	

			
		


		
			

				
					
						

	
	
		

			
				
				

					
						

	
	
    
		
		
			
				
				
  • 
					
						
					
							
								Upvote
							
							
								2
							
					
						
					
				
    • 
			
		
	


					
				

			
			
			
		

	


					
				
				
			

		

		
			

		
	


	
    


	



					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
					
					
					







	

	

	

		

			

				


	
		Gabriel87
	

				
				
					
						
Newbie
					
				
			

		

		

			

				


Gabriel87
			

			

			    Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
					
					
					
					
				

			

			
		


		

		   
		   Posted 
		   
			
			
				
				
			
		

	


	

    

	

		
		

			
pei l-am downaloadat si l-am urcat pe un site sa vad daca functioneaza si se pare ca nu
Atunci pune si tu scriptul de Sqli online care l-ai postat :)
tu vrei banii sau ceva la schimb pentru un script



			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
			

		
	


	
    


	



					
				
					
					
					






					
				
					
					
					







	

	

	

		

			

				


	
		Birkoff
	

				
				
					
						
Newbie
					
				
			

		

		

			

				


Birkoff
			

			

			    Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
					
					
					
					
				

			

			
		


		

		   
		   Posted 
		   
			
			
				
				
			
		

	


	

    

	

		
		

			
TinKode ms am vazut care e logica in codul ala, ca sa mearga trebuie pus pe un server cu safe mode = off, curl = on, memorie = 128, set_time_limit = 0
(putine servere permit toate setarile astea)



			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
			

		
	


	
    


	



					
				
					
					
					






					
				
					
					
					






					
				
					
					
					







	

	

	

		

			

				


	
		Birkoff
	

				
				
					
						
Newbie
					
				
			

		

		

			

				


Birkoff
			

			

			    Posted 
				
			

		

	

	
	

		




	

		

			

				
    
					
					
					
					
					
				

			

			
		


		

		   
		   Posted 
		   
			
			
				
				
			
		

	


	

    

	

		
		

			
All those version are full of errors, just ask a good php coder, they will see them.
Or use my version that is already optimized.
Thanks for the offer but I'm only interested in the logic of code, how to parse pages, I have seen in the example above and when I have time I write my own code (of course without bugs seen on that example)



			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
			

		
	


	
    


	



					
				
					
					
					






					
				
					
					
					






					
				
					
					
					






					
				
			
			



		

	


	
	

	
		
		

			
				
				

	
		

			
Join the conversation

			

	
				
					You can post now and register later.
				
				If you have an account, sign in now to post with your account.
				
			

	
		

	




	
	
		
	
		
	
		
	
	
		
		
	
	

		

		


	
		Guest
	


		

			
				
					
				
					
						
    
							
  • 
								


	
	
	
	

								
							
    • 
						

					
				
					
				
			
			
				
					
						
							
						
						



    

		
		

			
		

		
			
 Reply to this topic...

		
		

			

				
					×
					  Pasted as rich text.   Paste as plain text instead
				
			

		

		

			

				  Only 75 emoji are allowed.
			

		

		

			

				×
				  Your link has been automatically embedded.   Display as a link instead
			

		

		

			

			

		

		

			

				×
				  Your previous content has been restored.   Clear editor
			

		

		

			

				×
				  You cannot paste images directly. Upload or insert images from URL.
			

		

		
	

		
	

	

	

		

			×
			
		

		

	



						
					
				
					
				
					
				
			
			
    
				
					
						
					
						
					
						
							
  • 
								


    
	

    

								
							
    • 
						
					
				
				
					
  • 

	

    • 
				
			

		

	



			
		

	

	
		

			


		

		

			



		

	







	

		
			
				Go to topic listing
			
		
	

	




	

	

	


	

	




								


							

							


						

					

					
				

				

				

			

		

		
		


	×
	

		

			

			

				

					
				


			

			
		

	






	×
	

		

			
    
				
  • Create New...
    •