0o0michael0o0 Posted September 20, 2015 Share Posted September 20, 2015 (edited) sorry guys i deleted the script to refine it Edited September 20, 2015 by 0o0michael0o0 Quote Link to comment Share on other sites More sharing options...
digininja Posted September 20, 2015 Share Posted September 20, 2015 I've had a read through the script and I'm trying to work out what it is supposed to do. What is it scanning for? You seem to be looking for the word sql in some bing results, why? Quote Link to comment Share on other sites More sharing options...
0o0michael0o0 Posted September 20, 2015 Author Share Posted September 20, 2015 the script is simply go to bing.com and write in the search ip:127.0.0.1 so it extract the server sites by that methoud then it looks for sql error for example .php?id=1 ' it puts the ' for all the id found in the server and if it found any error will tell u that the site is vurnabel :) Quote Link to comment Share on other sites More sharing options...
digininja Posted September 20, 2015 Share Posted September 20, 2015 You search for the word sql, not for an sql error message. Its an interesting start but maybe needs some refinement. Why are you using the file as the intermediary between the two functions? Seems a wasted resource as you don't use it for anything else. Quote Link to comment Share on other sites More sharing options...
0o0michael0o0 Posted September 20, 2015 Author Share Posted September 20, 2015 (edited) nooo ok try that i know that this server is vurnable to sql and u will understand what i mean :) ruby mick.rb 127.0.0.1 id Edited September 20, 2015 by 0o0michael0o0 Quote Link to comment Share on other sites More sharing options...
digininja Posted September 20, 2015 Share Posted September 20, 2015 As that machine is in a completely different country to you I'd guess that you don't have permission to be hitting it with SQL injection attacks so I'd suggest not doing it. I do know what you mean, you are expecting the word SQL only to come back if there is a verbose error, that isn't always the case which is why I said you need to refine it. Quote Link to comment Share on other sites More sharing options...
0o0michael0o0 Posted September 20, 2015 Author Share Posted September 20, 2015 (edited) i know its not perfect , the script is simply searching for sql error for ex ruby mick.rb 127.0.0.1 idu will get that result Edited September 20, 2015 by 0o0michael0o0 Quote Link to comment Share on other sites More sharing options...
digininja Posted September 20, 2015 Share Posted September 20, 2015 I understand what you are doing I'm just suggesting refinements. And remember, exploiting SQL injection on a server that isn't yours is illegal. Quote Link to comment Share on other sites More sharing options...
0o0michael0o0 Posted September 20, 2015 Author Share Posted September 20, 2015 yeah sure i know but i did`nt hack the server , i`m just trying to explain my point :) i will try to refine it , and plz u can edit my comments with the site and delete it for me :) thnx Quote Link to comment Share on other sites More sharing options...
digininja Posted September 20, 2015 Share Posted September 20, 2015 I'm not deleting anything, just make your changes and update the tool when you do. Another suggestion for next time is to explain more about how your script works and what it is supposed to do, from your initial post there is no clue that it is checking for SQLi in GET parameters. Quote Link to comment Share on other sites More sharing options...
0o0michael0o0 Posted September 20, 2015 Author Share Posted September 20, 2015 yeah sure i just thought it might be useful to share with you that script couse it works fine with me . Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.