Advertisement
shor7cut

simple sql scanner

Aug 21st, 2015
752
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <form action="" method="post">
  2. <input type="text" value="www.intelligentexploit.com/api/search-exploit?name=wordpress" name="site">
  3. <input type="submit" name="submit" value="scan">
  4. </form>
  5. <?php
  6. error_reporting(0);
  7. if($_POST['submit']){
  8. $url = $_POST['site'];    
  9.                 $ch = curl_init();
  10.                 curl_setopt($ch, CURLOPT_URL, $url);
  11.                 curl_setopt($ch, CURLOPT_HEADER, TRUE);
  12.                 curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  13.                 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  14.                 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  15.                 $result =curl_exec($ch);
  16.                 curl_close($ch);
  17. if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch&#8203;_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$result)){
  18.     echo "Gak Vuln";
  19. }else {
  20.     $url = $_POST['site'];    
  21.     $_rurl = str_replace("=","='",$_url);
  22.                 $ch = curl_init();
  23.                 curl_setopt($ch, CURLOPT_URL, $_rurl);
  24.                 curl_setopt($ch, CURLOPT_HEADER, TRUE);
  25.                 curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  26.                 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  27.                 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  28.                 $result =curl_exec($ch);
  29.                 curl_close($ch);
  30.                 if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch&#8203;_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$result)){
  31.     echo "Vuln";
  32.     }
  33. }
  34. ob_flush();
  35. flush();
  36. }
  37. ?>
Advertisement
RAW Paste Data Copied
Advertisement