private void PopulateExploits(string dbms, IInjectionStrategy injectionStrategy) { string xpath = ""; StringBuilder sb = new StringBuilder(); sb.Append("/exploits/exploit[@dbms = \""); sb.Append(dbms); sb.Append("\" and @injection-strategy = \""); sb.Append(injectionStrategy != null ? injectionStrategy.GetType().Name : string.Empty); sb.Append("\"]"); xpath = sb.ToString(); cbExploits.DataContext = XmlHelpers.GetValuesFromDocByXpath(FileHelpers.GetCurrentDirectory() + "\\xml\\exploits.xml", xpath, "user-friendly-name"); }
public static bool CreateOrLoadMappingFile(string mappingFile, IInjectionStrategy injectionStrategy, string dbmsName, ref string error, out XDocument doc) { bool outcome = true; XDocument document = null; if (!File.Exists(mappingFile)) { var file = File.Create(mappingFile); file.Dispose(); } else { try { document = XDocument.Load(mappingFile); } catch (Exception ex) { //TODO: do something } } try { if (document == null || (document != null && document.Element("map") == null)) { //create xml document from scratch document = new XDocument( new XElement("map", new XElement("vulnerable-url", injectionStrategy.Url), new XElement("injection-strategy", new XAttribute("name", injectionStrategy.GetType().Name), new XElement("columns", new List <XElement>() { new XElement("originalquery", injectionStrategy.NrColumnsInOriginalQuery), new XElement("resultinghtml", injectionStrategy.NumberOfResultsPerRequest), new XElement("indexes", ListHelpers.ListToCommaSeparatedValues(injectionStrategy.ColumnIndexes)), })), new XElement("dbms", new XAttribute("name", dbmsName), new XElement("users", "") ), new XElement("databases", "") ) ); //save constructed document document.Save(mappingFile); } } catch (Exception ex) { error = ex.Message; outcome = false; } doc = document; return(outcome); }