Method - Note about dorks and SQLi | HqCombo - Closed info. Hack Forum

Method Note about dorks and SQLi

Content

Content
79 178
A small note, just a couple of thoughts.

There is a file weighing 1.9GB, in which 28 928 366 lines. Rows are sorted, duplicates are deleted. Each line is a unique URL collected from the search results of Google, Bing and Yandex. As queries, unique keywords were used on a variety of topics (so that the issuance was as diverse as possible).

A little bit about the file.
We count the number of lines in which there is a symbol "=":

Code:
<?php

//Да это пыха, а что ты мне сделаешь?

$fh = fopen("serp.txt","r");

$i=0;

while($string = fgets($fh,4096)){

    if(strpos($string,"=")!== FALSE){

    $i++;

  }

}

echo "With parameters: ".$i."\n"; fclose ($fh_dump);
Result: "With parameter: 2 735 730".

(CNC - human-readable urls).

If in percentage - 9.45% against 90.55%.

We checked on a dozen of these files - the result does not change much. Let’s omit the numbers, the numbers of the jerseys and the market do not export everything clearly and without them.

Trying to check for vulnerabilities only links with parameters (which are usually collected using PR1B @ ТНbI} {Д0Р0 | <), you miss most of the vulnerable resources. One can argue: What to do then? Havij / SQLi dumper / SIB / insert_svoy_soft does not break such links!

And the same sqlmap is able (and havij too).

Take this link:
To view the link, you must: Sign In or Sign Up
We can assume that here the number 3 is used as the parameter value. And we try to check it in sqlmap:

sqlmap -u “http://deduska-kroba.com/articles/id/3*/"

Just add * after the value we want to check. And if the parameter is vulnerable, then we will deal with the usual SQL injection.

The problem is that you won’t check millions of links using sqlmap, and it’s not for that.

For the test, I wrote a simple script (I think it is pointless to upload it - anyone will write it himself), made of shit, sticks and multicurl. Just a couple of days of work and the output is a result that rake in a couple of weeks ...

I hope the note was useful to you.

Or give an impetus to new ideas.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Members, viewing this thread

No members online now.
Top