Jump to content
Silviu

[PHP] URL List SQLi Scanner

By Silviu, in Programare

Recommended Posts

Silviu Rookie

Silviu

Posted
Posted

Am facut un mic script care scaneaza adresele url puse de voi intr-un fisier text. Nu e prea sofisticat, dar o sa ii mai aduc imbunatatiri.

<?php
echo'<title>URL List SQLi scanner</title>';
echo "<u><tr>Utilizare:</tr></br></u>
Creeaza un fisier adrese.txt in care sa existe pe fiecare linie cate o adresa url</br>
in formatul http://url.tld . Url-urile vulnerabile vor fi afisate si vor fi salvate si in fisierul bune.txt</br></br>";
$fisier = file_get_contents('adrese.txt'); // Citeste lista cu url-uri
$linii = explode("\n", $fisier); // Preia fiecare url
$fisier = fopen("bune.txt", "a"); // Aici le va pune pe cele vulnerabile
echo"<u>Url-uri vulnerabile:</u></br></br>";
for($i = 0; $i < count($linii) - 1; $i++) scann($linii[$i]); // Testeaza fiecare url
function scann($sqli)
{
  global $fisier;
$sintaxa="'";
$fraza=file_get_contents("$sqli$sintaxa");
$cuvant="error in your SQL syntax";
$pos = strpos($fraza,$cuvant);
if($pos === false) 
{
 $ok=0;
}
else {
 $ok=1;
}

 if($ok==1)
  {
    fwrite($fisier, $sqli . "\n"); // Scrie in bune.txt url-urile vulnerabile
    echo"$sqli  <br>"; // Afiseaza url-urile vulnerabile

  }
}
fclose($fisier); // Inchide fisierul

echo '<center></br></br>URL List SQLi Scanner v1.0 - Silvian0 @ <a href="http://rstcenter.com">RSTCenter.com</a></center>';
?>

Link to comment
Share on other sites
Silviu Rookie

Silviu

Posted
  • Author
Posted

Revin si cu a 2-a versiune, nu prea sofisticata, cine vrea o dezvolta:


<?php 
echo '<html>';
echo'<title>URL List SQLi scanner</title>'; 
echo '<body bgcolor="green">';
echo "<u><tr>Utilizare:</tr></br></u> 
Creeaza un fisier adrese.txt in care sa existe pe fiecare linie cate o adresa url</br> 
in formatul http://url.tld . Url-urile vulnerabile vor fi afisate si vor fi salvate si in fisierul bune.txt</br></br>"; 
function get_data($url) {
	$ch = curl_init();
	$timeout = 10;
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
	$data = curl_exec($ch);
	curl_close($ch);
	return $data;
}

function linii($url)
{
$linecount = 0;
$handle = fopen($url, "r");
while(!feof($handle)){
  $line = fgets($handle);
  $linecount++;
}

fclose($handle);

return $linecount;
}


if (!(file_exists('adrese.txt'))) {echo "Fisierul adrese.txt nu exista!Acesta trebuie sa contina pe fiecare linie cate un site!</br>";}else{
$fisier = file_get_contents('adrese.txt'); }// Citeste lista cu url-uri 
$linii = explode("\n", $fisier); // Preia fiecare url 
$fisier = fopen("bune.txt", "a+"); // Aici le va pune pe cele vulnerabile 
echo"<u>Url-uri vulnerabile:</u></br></br>"; 
for($i = 0; $i < count($linii) - 1; $i++) scann($linii[$i]); // Testeaza fiecare url 
function scann($sqli) 
{ 
  global $fisier; 
$sintaxa="'"; 
$fraza=get_data("$sqli$sintaxa"); 
$cuvant="syntax"; 
$pos = strpos($fraza,$cuvant); 
if($pos === false || linii($sqli)!=linii("$sqli$sintaxa"))  
{ 
 $ok=0; 
} 
else { 
 $ok=1; 
} 

 if($ok==1) 
  { 
    fwrite($fisier, $sqli . "\n"); // Scrie in bune.txt url-urile vulnerabile 
    echo"$sqli  <br>"; // Afiseaza url-urile vulnerabile 

  } 
} 
fclose($fisier); // Inchide fisierul 

echo '<center></br></br>URL List SQLi Scanner v1.1 - Silvian0 @ <a href="http://rstcenter.com">RSTForums.com</a></center>'; 
?>
</body>
</html>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...