private void cbExploits_SelectionChanged(object sender, SelectionChangedEventArgs e)
        {
            ExploitDetails ed = null;

            if (cbExploits.SelectedItem != null)
            {
                ed = XmlHelpers.GetObjectFromXml <ExploitDetails>(FileHelpers.GetCurrentDirectory() + "\\xml\\exploits.xml",
                                                                  "exploit",
                                                                  cbExploits.SelectedItem.ToString());
                if (_currentInjectionStrategy != null && ed != null)
                {
                    _currentInjectionStrategy.ExploitDetails = ed;
                    ParameterChange();
                }
            }
        }
Beispiel #2
0
        public static string GetAnswerFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions)
        {
            string result = string.Empty;

            if (!string.IsNullOrEmpty(html))
            {
                try
                {
                    result = html.Substring(html.IndexOf(ExploitDetails.ResultStart) +
                                            ExploitDetails.ResultStart.Length,
                                            html.IndexOf(ExploitDetails.ResultEnd) - html.IndexOf(ExploitDetails.ResultStart) -
                                            ExploitDetails.ResultStart.Length);
                }
                catch
                {
                    string userFriendlyException = "Could not parse sql injection result.";

                    if (!string.IsNullOrEmpty(ExploitDetails.ErrorStart) && !string.IsNullOrEmpty(ExploitDetails.ErrorEnd))
                    {
                        if (html.IndexOf(ExploitDetails.ErrorStart) > -1 && html.IndexOf(ExploitDetails.ErrorEnd) > -1)
                        {
                            userFriendlyException = string.Format("Sql exception occured: {0}",
                                                                  html.Substring(html.IndexOf(ExploitDetails.ErrorStart) +
                                                                                 ExploitDetails.ErrorStart.Length,
                                                                                 html.IndexOf(ExploitDetails.ErrorEnd) - html.IndexOf(ExploitDetails.ErrorStart) -
                                                                                 ExploitDetails.ErrorStart.Length));
                        }
                    }

                    if (detailedExceptions)
                    {
                        userFriendlyException = string.Format("{0}({1})", userFriendlyException, query);
                    }

                    throw new SqlInjException(userFriendlyException);
                }
            }

            if (ExploitDetails.TrimLast)
            {
                result = result.Remove(result.Length - 1, 1);
            }

            return(result);
        }
Beispiel #3
0
        public static IList <string> GetMultipleAnswersFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions,
                                                                Func <string, string> resultFormatter = null)
        {
            //    return GetMultipleAnswersFromHtml(html, query, ExploitDetails, detailedExceptions, false);
            //}
            //public static IList<string> GetMultipleAnswersFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions,bool urlEscapeResults)
            //{
            IList <string> results = new List <string>();
            string         result  = string.Empty;

            if (!string.IsNullOrEmpty(html))
            {
                int resultStartIndex = 0;
                int resultLength     = 0;
                int resultEndIndex   = 0;
                while (resultStartIndex != -1)
                {
                    try
                    {
                        resultStartIndex = html.IndexOf(ExploitDetails.ResultStart, resultEndIndex);
                        if (resultStartIndex == -1)
                        {
                            break;
                        }

                        resultStartIndex += ExploitDetails.ResultStart.Length;
                        resultEndIndex    = html.IndexOf(ExploitDetails.ResultEnd, resultStartIndex);
                        resultLength      = resultEndIndex - resultStartIndex;
                    }
                    catch
                    {
                        break;
                    }

                    try
                    {
                        result = html.Substring(resultStartIndex, resultLength);

                        if (ExploitDetails.TrimLast)
                        {
                            result = result.Remove(result.Length - 1, 1);
                        }


                        results.Add((resultFormatter != null)?resultFormatter(result):result);

                        //if (urlEscapeResults)
                        //    result = Uri.UnescapeDataString(result);

                        results.Add(result);
                    }
                    catch
                    {
                        string userFriendlyException = "Could not parse sql injection result.";

                        if (!string.IsNullOrEmpty(ExploitDetails.ErrorStart) && !string.IsNullOrEmpty(ExploitDetails.ErrorEnd))
                        {
                            if (html.IndexOf(ExploitDetails.ErrorStart) > -1 && html.IndexOf(ExploitDetails.ErrorEnd) > -1)
                            {
                                userFriendlyException = string.Format("Sql exception occured: {0}",
                                                                      html.Substring(html.IndexOf(ExploitDetails.ErrorStart) +
                                                                                     ExploitDetails.ErrorStart.Length,
                                                                                     html.IndexOf(ExploitDetails.ErrorEnd) - html.IndexOf(ExploitDetails.ErrorStart) -
                                                                                     ExploitDetails.ErrorStart.Length));
                            }
                        }

                        if (detailedExceptions)
                        {
                            userFriendlyException = string.Format("{0}({1})", userFriendlyException, query);
                        }

                        throw new SqlInjException(userFriendlyException);
                    }
                }
            }

            return(results);
        }