Jump to content
Hannibal.

[PHP]SQLi Dork Scanner

By Hannibal., in Programare

Recommended Posts

Hannibal. Newbie

Hannibal.

Posted
Posted

Pentru cei care se pricep in PHP, explicati-mi si mie de ce urmatorul script nu afiseaza niciun rezultat dupa ce introduc dork-ul?

<html>
<head>
<title>m0bil3_xT's SQLi Scanner</title>

<center><img src="http://i.imgur.com/lH3GO.png">
</center>

</head>
<body bgcolor=#000000>

<style>
body{
font: 10pt Verdana;
}
tr {
BORDER-RIGHT: #3e3e3e 1px solid;
BORDER-TOP: #3e3e3e 1px solid;
BORDER-LEFT: #3e3e3e 1px solid;
BORDER-BOTTOM: #3e3e3e 1px solid;
color: #ff9900;
}
td {
BORDER-RIGHT: #3e3e3e 1px solid;
BORDER-TOP: #3e3e3e 1px solid;
BORDER-LEFT: #3e3e3e 1px solid;
BORDER-BOTTOM: #3e3e3e 1px solid;
color: #2BA8EC;
font: 10pt Verdana;
}

table {
BORDER-RIGHT: #3e3e3e 1px solid;
BORDER-TOP: #3e3e3e 1px solid;
BORDER-LEFT: #3e3e3e 1px solid;
BORDER-BOTTOM: #3e3e3e 1px solid;
BACKGROUND-COLOR: #111;
}


input {
BORDER-RIGHT: #3e3e3e 1px solid;
BORDER-TOP: #3e3e3e 1px solid;
BORDER-LEFT: #3e3e3e 1px solid;
BORDER-BOTTOM: #3e3e3e 1px solid;
BACKGROUND-COLOR: Black;
font: 10pt Verdana;
color: #ff9900;
}

input.submit {
text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
color: #FFFFFF;
border-color: #009900;
}

code {
border	 : dashed 0px #333;
BACKGROUND-COLOR: Black;
font: 10pt Verdana bold;
color: while;
}

run {
border	 : dashed 0px #333;
font: 10pt Verdana bold;
color: #FF00AA;
}

textarea {
BORDER-RIGHT: #3e3e3e 1px solid;
BORDER-TOP: #3e3e3e 1px solid;
BORDER-LEFT: #3e3e3e 1px solid;
BORDER-BOTTOM: #3e3e3e 1px solid;
BACKGROUND-COLOR: #1b1b1b;
font: Fixedsys bold;
color: #aaa;
}
A:link {
COLOR: #2BA8EC; TEXT-DECORATION: none
}
A:visited {
COLOR: #2BA8EC; TEXT-DECORATION: none
}
A:hover {
text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
color: #ff9900; TEXT-DECORATION: none
}
A:active {
color: Red; TEXT-DECORATION: none
}

.listdir tr:hover{
background: #444;
}
.listdir tr:hover td{
background: #444;
text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
color: #FFFFFF; TEXT-DECORATION: none;
}
.notline{
background: #111;
}
.line{
background: #222;
}
</style>

<center>
<br/>

<?php

echo "<font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(300, 0, 

0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;' size='5'> </font><br><font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px 

rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;' 

size='5'></font></b><br><br><center><a href='

target='_blank'></a><br><a</a></center><br></font><center><font style='text-shadow: 0px 0px 6px rgb(255, 0, 

0), 0px 0px 5px rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; 

font-weight:bold;' size='2'></font><br><br></center>";

$your_ip 	= $_SERVER['REMOTE_ADDR']; 
echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000 

size='2'>Your IP : </font><font style='text-shadow:0px 0px 10px #12E12E; 

font-weight:bold;' color=#FF0000 size='2'>$your_ip</font><br>";

$server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000 

size='2'>Server IP : </font><font style='text-shadow:0px 0px 10px #12E12E; 

font-weight:bold;' color=#FF0000 size='2'>$server_ip </font><br><br>";

echo '<form method="post" action=""><font color="red">Dork :</font> <input type="text" 

value="" name="dork" size="20"/><input type="submit" name="scan" 

value="Scan"></form></center>';

ob_start();
set_time_limit(0);

if (isset($_POST['scan'])) {

$browser = $_SERVER['HTTP_USER_AGENT'];

$first = "startgoogle.startpagina.nl/index.php?q=";
$sec = "&start=";
$reg = '/<p class="g"><a href="(.*)" target="_self" onclick="/';

for($id=0 ; $id<=30; $id++){
$page=$id*10;
$dork=urlencode($_POST['dork']);
$url = $first.$dork.$sec.$page;

$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
$result = curl_exec($curl);
curl_close($curl);

preg_match_all($reg,$result,$matches);

foreach($matches[1] as $site){

$url = preg_replace("/=/", "='", $site);
$curl=curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$url);
curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
curl_setopt($curl,CURLOPT_TIMEOUT,'5');
$GET=curl_exec($curl); 
if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute 

query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch?_row

()|SELECT * 

FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$GET)) { 
echo '<center><b><font color="#E10000">Found : </font><a href="'.$url.'" 

target="_blank">'.$url.'</a><font color=#FF0000> <-- SQLI Vuln 

Found..</font></b></center>';
ob_flush();flush(); 
}else{ 
echo '<center><font color="#FFFFFF"><b>'.$url.'</b></font><font color="#0FFF16"> 

<-- Not Vuln</font></center>';
ob_flush();flush(); 
}

ob_flush();flush();
}
ob_flush();flush();
}
ob_flush();flush();
}

?> 
</body>
</html>

Ar trebui sa-mi returneze o lista de URL-uri dupa dork-ul pe care l-am introdus si in dreptul lor daca sunt vulnerabile sau nu.

Dar mie nu imi afiseaza niciun rezultat.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...