我在使用某些PHP代码时遇到了麻烦,作为一个项目,我认为我会构建一个简单的SQL Injection脚本。我找到了这个GitHub存储库作为参考,并计划进行扩展: https://github.com/fakhrizulkifli/Website-Vulnerability-Scanner-v1.0/blob/master/scanner.php
我一直在尝试运行此功能
function sql($site = '', $full = '0') {
$sql_error = array(
'You have an error in your SQL',
'Division by zero in',
'supplied argument is not a valid MySQL result resource in',
'Call to a member function',
'Microsoft JET Database','ODBC Microsoft Access Driver',
'Microsoft OLE DB Provider for SQL Server',
'Unclosed quotation mark',
'Microsoft OLE DB Provider for Oracle',
'[Macromedia][SQLServer JDBC Driver][SQLServer]Incorrect',
'Incorrect syntax near'
);
if($full == '0') {
fwrite(STDOUT, "\n-SITE: ");
$site = trim(fgets(STDIN));
} else {
$site = $site;
}
$request = parse_url($site);
print "[-] URL : $request[host]\n";
print "[-] Path: $request[path]\n";
print "[-] Try connect to host\n";
$url = "".$request['scheme']."://".$request['host'].$request['path']."";
if(con_host($url))
{
print "[-] Connect to host successful\n";
print Get_Info($url);
print "[-] Finding link on the website\n";
print "[+] Found link : ".count(find_link($url))."\n";
print "[-] Finding vulnerable...\n";
if(is_array(find_link($url)))
foreach(find_link($url) as $link) {
$file = explode("/", $request['path']);
$request['path'] = preg_replace("/".$file[count($file)-1]."/", "", $request['path']);
if(!preg_match("/$request[host]/", $link)) { $link = "http://$request[host]/$request[path]$link"; }
$link = preg_replace("/=(.+)/", "=1'", $link);
foreach($sql_error as $error) {
if(preg_match("/$error/", con_host($link))) {
print "[+] SQL Injection vulnerable : $link\n";
$save[] = $link;
}
}
}
print "[+] Done\n";
if(is_array($save)) {
foreach($save as $link) {
$save = @file_put_contents('vulnerable.log', "".$link."\r\n",FILE_APPEND);
}}
print "[-] See 'vulnerable.log' for vulnerable list\n";
}
}
当我运行此功能时,似乎没有创建文件'vulnerable.log',我认为这可能是由于权限错误所致,但我将文件权限设置为chmod 755 scan.php。我还尝试过手动创建文件'vulnerable.log',以查看是否将结果添加进来,但这也行不通。
在这种情况下的任何帮助或指导,将不胜感激。