private void cbExploits_SelectionChanged(object sender, SelectionChangedEventArgs e)
{
ExploitDetails ed = null;
if (cbExploits.SelectedItem != null)
{
ed = XmlHelpers.GetObjectFromXml <ExploitDetails>(FileHelpers.GetCurrentDirectory() + "\\xml\\exploits.xml",
"exploit",
cbExploits.SelectedItem.ToString());
if (_currentInjectionStrategy != null && ed != null)
{
_currentInjectionStrategy.ExploitDetails = ed;
ParameterChange();
}
}
}
public static string GetAnswerFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions)
{
string result = string.Empty;
if (!string.IsNullOrEmpty(html))
{
try
{
result = html.Substring(html.IndexOf(ExploitDetails.ResultStart) +
ExploitDetails.ResultStart.Length,
html.IndexOf(ExploitDetails.ResultEnd) - html.IndexOf(ExploitDetails.ResultStart) -
ExploitDetails.ResultStart.Length);
}
catch
{
string userFriendlyException = "Could not parse sql injection result.";
if (!string.IsNullOrEmpty(ExploitDetails.ErrorStart) && !string.IsNullOrEmpty(ExploitDetails.ErrorEnd))
{
if (html.IndexOf(ExploitDetails.ErrorStart) > -1 && html.IndexOf(ExploitDetails.ErrorEnd) > -1)
{
userFriendlyException = string.Format("Sql exception occured: {0}",
html.Substring(html.IndexOf(ExploitDetails.ErrorStart) +
ExploitDetails.ErrorStart.Length,
html.IndexOf(ExploitDetails.ErrorEnd) - html.IndexOf(ExploitDetails.ErrorStart) -
ExploitDetails.ErrorStart.Length));
}
}
if (detailedExceptions)
{
userFriendlyException = string.Format("{0}({1})", userFriendlyException, query);
}
throw new SqlInjException(userFriendlyException);
}
}
if (ExploitDetails.TrimLast)
{
result = result.Remove(result.Length - 1, 1);
}
return(result);
}
public static IList <string> GetMultipleAnswersFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions,
Func <string, string> resultFormatter = null)
{
// return GetMultipleAnswersFromHtml(html, query, ExploitDetails, detailedExceptions, false);
//}
//public static IList<string> GetMultipleAnswersFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions,bool urlEscapeResults)
//{
IList <string> results = new List <string>();
string result = string.Empty;
if (!string.IsNullOrEmpty(html))
{
int resultStartIndex = 0;
int resultLength = 0;
int resultEndIndex = 0;
while (resultStartIndex != -1)
{
try
{
resultStartIndex = html.IndexOf(ExploitDetails.ResultStart, resultEndIndex);
if (resultStartIndex == -1)
{
break;
}
resultStartIndex += ExploitDetails.ResultStart.Length;
resultEndIndex = html.IndexOf(ExploitDetails.ResultEnd, resultStartIndex);
resultLength = resultEndIndex - resultStartIndex;
}
catch
{
break;
}
try
{
result = html.Substring(resultStartIndex, resultLength);
if (ExploitDetails.TrimLast)
{
result = result.Remove(result.Length - 1, 1);
}
results.Add((resultFormatter != null)?resultFormatter(result):result);
//if (urlEscapeResults)
// result = Uri.UnescapeDataString(result);
results.Add(result);
}
catch
{
string userFriendlyException = "Could not parse sql injection result.";
if (!string.IsNullOrEmpty(ExploitDetails.ErrorStart) && !string.IsNullOrEmpty(ExploitDetails.ErrorEnd))
{
if (html.IndexOf(ExploitDetails.ErrorStart) > -1 && html.IndexOf(ExploitDetails.ErrorEnd) > -1)
{
userFriendlyException = string.Format("Sql exception occured: {0}",
html.Substring(html.IndexOf(ExploitDetails.ErrorStart) +
ExploitDetails.ErrorStart.Length,
html.IndexOf(ExploitDetails.ErrorEnd) - html.IndexOf(ExploitDetails.ErrorStart) -
ExploitDetails.ErrorStart.Length));
}
}
if (detailedExceptions)
{
userFriendlyException = string.Format("{0}({1})", userFriendlyException, query);
}
throw new SqlInjException(userFriendlyException);
}
}
}
return(results);
}
