// This is to load the possible URL for attack
private void LoadPossURLList(DataList dl)
{
List <string> urlList = MissionLogic.LoadURLList();
DataTable dt = new DataTable();
dt.Columns.Add("PossURL", typeof(string));
foreach (string s in urlList)
{
dt.Rows.Add(s);
}
dl.DataSource = dt;
dl.DataBind();
}
protected void SubCmdBtn_Click(object sender, EventArgs e)
{
if ((bool)ViewState["Configure"])
{
if ((bool)ViewState["URLCalculated"] == false)
{
if (CmdTextBox.Text == "run SQLInjector")
{
// Calculation of URL and picking correct URL for attack
List <string> urlList = MissionLogic.LoadURLList();
Random rnd = new Random();
int r = rnd.Next(urlList.Count);
System.Diagnostics.Debug.WriteLine("The answer is " + urlList[r]);
ViewState["AnswerForURL"] = urlList[r];
ViewState["URLCalculated"] = true;
// Load messages and cmd panel
LoadScanInfo(ViewState["ScanList"] as List <string>);
LoadPossURLList(URLListView);
CmdError.Text = "SQLInjector is running......";
CmdError.ForeColor = System.Drawing.Color.Green;
CmdTextBox.Text = string.Empty;
Step2Lbl.ForeColor = System.Drawing.Color.Green;
}
else
{
// Checking for unrecognised
LoadScanInfo(ViewState["ScanList"] as List <string>);
CmdError.Text = "Unrecognised Command";
CmdError.ForeColor = System.Drawing.Color.Red;
CmdTextBox.Text = string.Empty;
}
}
else
{
if ((bool)ViewState["Bypass"] == false)
{
if (CmdTextBox.Text.Equals(ViewState["AnswerForURL"].ToString()))
{
CmdError.Text = "URL is correct!";
CmdError.ForeColor = System.Drawing.Color.Green;
CmdTextBox.Text = string.Empty;
LoadScanInfo(MissionLogic.LoadSuccessURL(Session["MissionData"] as MissionData));
ViewState["Bypass"] = true;
// Enable the browser
UsrName.Enabled = true;
Password.Enabled = true;
LoadSQLList(SQLCodeList);
Step3Lbl.ForeColor = System.Drawing.Color.Green;
}
else
{
LoadScanInfo(ViewState["ScanList"] as List <string>);
CmdError.Text = "Wrong URL";
CmdError.ForeColor = System.Drawing.Color.Red;
CmdTextBox.Text = string.Empty;
}
}
else
{
CmdTextBox.Text = string.Empty;
CmdTextBox.Enabled = false;
}
}
}
else
{
LoadScanInfo(ViewState["ScanList"] as List <string>);
CmdError.Text = "SQLInjection not configured";
CmdError.ForeColor = System.Drawing.Color.Red;
}
}
