..more modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they function. what we..
<?php
/* Handles request for dork and sql entries
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 14-03-2015
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
$_DYNAMIC_ROOT = "..";
include_once("../header.php");
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "An error occured";
// make selection menu for dorks and sql errors automatically
$_CONTEXT['makeselect'] = 1;
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/get_file_data.php",$_PATHS['data_root']."/dork_options.php",$_PATHS['includes_root']."/dorkssqlhandler.php");
for($x=0;$x<count($aFiles);$x++){
if(!file_exists($aFiles[$x])){
$aDataR['jmessage'] = "Missing required file: ".$aFiles[$x];
die(json_encode($aDataR));
}
@include_once($aFiles[$x]);
}
// always send the selection menu's after each successful action
$aDataR['jselectitem'] = "<select name=\"sSelectItem\" class=\"selectitem\"><option value=\"-1\">select an option</option>";
$_OPTDORK = array(1,3);
if(isset($_CONTEXT['dselect'])){
// there are google dorks available
$_OPTDORK[] = 0;
}
if(isset($_CONTEXT['sselect'])){
// there are sql errors available
$_OPTDORK[] = 2;
}
for($x=0;$x<count($_OPTDORK);$x++){
$aDataR['jselectitem'] .= "<option value=\"".$_CONTEXT['doptions'][$_OPTDORK[$x]]['submit']."\">".$_CONTEXT['doptions'][$_OPTDORK[$x]]['label']."</option>";
}
$aDataR['jselectitem'] .= "</select>";
$aDataR['jselectdork'] = isset($_CONTEXT['dselect']) ? str_replace("\n","",$_CONTEXT['dselect']) : "";
$aDataR['jselectsql'] = isset($_CONTEXT['sselect']) ? str_replace("\n","",$_CONTEXT['sselect']) : "";
// handle the request
if(isset($_POST['sDork'])){
// dork add
$_POST['sDork'] = trim($_POST['sDork']);
if($_POST['sDork']!=""){
$sDest = $_PATHS['data_root']."/googledorks.txt";
$aFile = @file($sDest);
if(isset($aFile[0]) && $aFile[0]!=""){
for($x=0;$x<count($aFile);$x++){
if(trim($aFile[$x])==$_POST['sDork']){
$_CONTEXT['abortupdate'] = true;
break;
}
}
}
if(isset($_CONTEXT['abortupdate'])){
$aDataR['jmessage'] = "This keyword already exists";
}
else{
if(!WriteF($sDest,(@filesize($sDest)>0 ? "\n" : "").$_POST['sDork'],"a")){
$aDataR['jmessage'] = "Failed to update file";
}
else{
$aDataR['jresult'] = true;
}
}
}
else{
$aDataR['jmessage'] = "You didn't submit a dork, dork :p";
}
}
elseif(isset($_POST['iDork'])){
// dork remove
$_CONTEXT['dfound'] = false;
$iDorks = count($_CONTEXT['dorks']);
$iDork = intval($_POST['iDork']);
$_CONTEXT['dorkbuffer'] = "";
for($x=0;$x<$iDorks;$x++){
$_CONTEXT['dorks'][$x] = trim($_CONTEXT['dorks'][$x]);
if($_CONTEXT['dorkbuffer']!=""){
if($_CONTEXT['dorkbuffer']!=""){
$_CONTEXT['dorkbuffer'] .= "\n";
}
}
if($_CONTEXT['dorks'][$x]!=""){
if($x==$iDork){
$_CONTEXT['dfound'] = true;
$_CONTEXT['dorkbuffer'] = trim($_CONTEXT['dorkbuffer']);
}
else{
$_CONTEXT['dorkbuffer'] .= $_CONTEXT['dorks'][$x];
}
}
}
if($_CONTEXT['dfound']){
if(!WriteF($_PATHS['data_root']."/googledorks.txt",trim($_CONTEXT['dorkbuffer']),"w")){
$aDataR['jmessage'] = "Failed to write dorks";
}
else{
$aDataR['jresult'] = true;
}
}
else{
$aDataR['jmessage'] = "No items to update";
}
}
elseif(isset($_POST['sSQL'])){
// sql error add
$_POST['sSQL'] = trim($_POST['sSQL']);
if($_POST['sSQL']!=""){
$sDest = $_PATHS['data_root']."/sqlerrors.txt";
$aFile = @file($sDest);
if(isset($aFile[0]) && $aFile[0]!=""){
for($x=0;$x<count($aFile);$x++){
if(trim($aFile[$x])==$_POST['sSQL']){
$_CONTEXT['abortupdate'] = true;
break;
}
}
}
if(isset($_CONTEXT['abortupdate'])){
$aDataR['jmessage'] = "This keyword already exists";
}
else{
if(!WriteF($sDest,(@filesize($sDest)>0 ? "\n" : "").$_POST['sSQL'],"a")){
$aDataR['jmessage'] = "Failed to write sql errors to error file";
}
else{
$aDataR['jresult'] = true;
}
}
}
else{
$aDataR['jmessage'] = "You didn't submit a sql keyword to search for vulnerabilities";
}
}
elseif(isset($_POST['iSQL'])){
// sql error remove
$_CONTEXT['sfound'] = false;
$_CONTEXT['sqlbuffer'] = "";
$iSQLS = count($_CONTEXT['sqli']);
$iSQL = intval($_POST['iSQL']);
for($x=0;$x<count($_CONTEXT['sqli']);$x++){
$_CONTEXT['sqli'][$x] = trim($_CONTEXT['sqli'][$x]);
if($_CONTEXT['sqli'][$x]!=""){
if($x==$iSQL){
$_CONTEXT['sfound'] = true;
}
else{
$_CONTEXT['sqlbuffer'] .= $_CONTEXT['sqli'][$x]."\n";
}
}
}
if($_CONTEXT['sfound']){
if(!WriteF($_PATHS['data_root']."/sqlerrors.txt",trim($_CONTEXT['sqlbuffer']),"w")){
$aDataR['jmessage'] = "Failed to remove sql error";
}
else{
$aDataR['jresult'] = true;
}
}
else{
$aDataR['jmessage'] = "No items to update";
}
}
else{
$aDataR['jmessage'] = "Invalid submission button value";
}
echo json_encode($aDataR);
?>