#!/usr/bin/perl -wuse strict;use warnings;use File::Find;my @Files = g

1. #!/usr/bin/perl -w
2. use strict;
3. use warnings;
4. use File::Find;
5.  
6. my @Files = getFiles("/home/ip-sh0k/Dokumente/perl/");
7. my @Vars  = getVariables(@Files);
8. my @SQL   = getSQLStatements(@Files);
9. getInjections(\@Vars, \@SQL);
10.  
11. sub readFile
12. {
13.     my $file = shift;
14.    
15.     if(!(-e $file))
16.     {
17.         return -1;
18.     }
19.  
20.     open FILE, $file or die $!;
21.     my @lines = <FILE>;
22.    
23.     return @lines;
24. }
25. sub getFiles
26. {
27.     my $dir = shift;
28.     my (@tmp, @files);
29.  
30.     find sub{ push @tmp, $File::Find::name }, $dir;
31.  
32.     for(my $i = 0, my $x = 0; $i < @tmp; $i++)
33.     {
34.         if($tmp[$i] =~ /\.(php|pl)/i)
35.         {
36.             push(@files, $tmp[$i]);
37.         }
38.     }
39.  
40.     return @files;
41. }
42. sub getSQLStatements
43. {
44.     my @files = @_;
45.     my @founds; my $founds_count = 0;
46.  
47.     foreach my $file (@files)
48.     {
49.         my @content = readFile($file);
50.  
51.         foreach(@content)
52.         {
53.             if($_ =~ /(SELECT |INSERT |UPDATE |DELETE |WHERE |AND |OR |DROP |FROM |LIMIT )/i)
54.             {
55.                 $founds[$founds_count] = $_;
56.                 $founds_count++;
57.             }
58.         }
59.     }
60.  
61.     return @founds;
62. }
63. #$meinevariable = $_GET['Myget'];
64. #$username      = $_POST['username'];
65. #$password      = $_REQUEST['password'];
66. #$output        = mysql_query("SELECT * FROM meinetabelle WHERE id='".$meinevariable."' AND 1=1");
67. #$uname_query   = " WHERE username='$username'";
68. #$pword_query   = " AND password='$password'";
69. #$login         = mysql_query("INSERT * FROM logins" . $uname_query . $pword_query);
70. sub getVariables
71. {
72.     my @files = @_;
73.     my @founds; my $founds_count = 0;
74.  
75.     foreach my $file (@files)
76.     {
77.         my @content = readFile($file);
78.  
79.         foreach(@content)
80.         {
81.             if($_ =~ /\$(.*?)=(.*?)\$_(GET|POST|REQUEST|COOKIE)/ig)
82.             {
83.                 my $var = "\$" . $1;
84.                 $var =~ s/^\s+|\s+$//g;
85.                 $founds[$founds_count] = $var;
86.                 $founds_count++;
87.             }
88.         }
89.     }
90.  
91.     return @founds;
92. }
93. sub getInjections
94. {
95.     my ($ref1, $ref2) = @_;
96.  
97.     my @Vars = @{$ref1};
98.     my @Statements = @{$ref2};
99.  
100.     foreach my $statement (@Statements)
101.     {
102.         if($statement =~ /\$_(GET|POST|REQUEST|COOKIE)/ig)
103.         {
104.             print "Found: GET/POST/REQUEST/COOKIE\nIN: " . $statement . "\n";
105.         }
106.     }
107.  
108.     foreach my $var (@Vars)
109.     {
110.         foreach my $statement (@Statements)
111.         {
112.             if(index($statement, $var) != -1)
113.             {
114.                 print "Found: " . $var . "\nIN: " . $statement . "\n";
115.             }
116.         }
117.     }
118. }