public static void DetectSql(string urlToCheck, ref string result, ref List<string> array) { //array = new List<string>(); //First check does the URL passed into this function contain parameters and submit payloads as those parameters if it does Uri uri = new Uri(urlToCheck); string query = uri.Query.Replace("?", ""); NameValueCollection Parms = HttpUtility.ParseQueryString(query); result = string.Format("Check if {0} contains parameters", urlToCheck); Thread.Sleep(1000); if (Parms != null && Parms.Count > 0) { //MessageBox.Show("$urlToCheck does contain parameters"); Thread.Sleep(1000); result = string.Format("{0} does contain parameters", urlToCheck); Thread.Sleep(1000); string scheme = uri.Scheme; string host = uri.Host; string path = HttpUtility.UrlDecode(uri.AbsolutePath); string originalQuery = query; foreach (string currentPayload in arrayOfPayloads) { foreach (string x in Parms.AllKeys) { query = originalQuery; string newQuery = query.Replace(Parms[x], currentPayload); query = newQuery; string testUrl = scheme + "://" + host + path + '?' + query; //MessageBox.Show("URL to be requested is: ",testUrl); result = string.Format("URL to be requested is: " + testUrl); Thread.Sleep(1000); string error; HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(testUrl); HttpWebResponse myHttpWebResponse; try { myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse(); Stream receiveStream = myHttpWebResponse.GetResponseStream(); StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8); String body = reader.ReadToEnd(); if (body.Length > 0) { vulnerabilityFound = false; string regularExpression = ""; for (int warningIndex = 0; warningIndex < arrayOfSQLWarnings.Length; warningIndex++) { regularExpression = arrayOfSQLWarnings[warningIndex]; if (body.Contains(regularExpression))//if (Regex.IsMatch(regularExpression, body)) { //MessageBox.Show("Found regular expression: $regularExpression, in body of HTTP response"); vulnerabilityFound = true; break; } } //showExtractConetent.InnerHtml += "<h1 class=bold>Links of Pages</h1>"; //Vulnerability details if (vulnerabilityFound) { numFound++; StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-weight: bold;color:red;'>" + numFound.ToString() + " Found SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>"); str.Append("Method: GET <br>"); str.Append("Url: " + testUrl + "<br>"); str.Append("Error: " + regularExpression + "<br>"); result = str.ToString(); array.Add(urlToCheck); Thread.Sleep(1000); /* showExtractConetent.InnerHtml = "<br>SQL Injection Present!<br>Query:" + urlToCheck + "<br>"; showExtractConetent.InnerHtml = "Method: GET <br>"; showExtractConetent.InnerHtml = "Url: " + testUrl + "<br>"; showExtractConetent.InnerHtml = "Error: " + regularExpression + "<br>"; */ myHttpWebResponse.Close(); return; } } myHttpWebResponse.Close(); } catch (WebException ex) { myHttpWebResponse = ex.Response as HttpWebResponse; result = ex.Message; } } } } //begin form testing string actionUrl; var uri1 = new Uri(urlToCheck); // Find the length of the hostname //string urlOfSite = uri.Scheme + "://www." + uri.Host; string urlOfSite = uri1.Host; //Load the html document from the url var webGet = new HtmlWeb(); HtmlNode.ElementsFlags.Remove("form"); HtmlDocument document = webGet.Load(urlToCheck); List<FormDataStore> arrayOfForms = new List<FormDataStore>(); //Array containing all form objects found List<InputDataStore> arrayOfInputFields = new List<InputDataStore>(); //Array containing all input fields int formNum = 0;//Must use an integer to identify form as forms could have same names and ids #region Find all HtmlForms and their inputs HtmlNodeCollection nodeCollection = document.DocumentNode.SelectNodes("//form"); for (int nodeNum = 0; nodeCollection != null && nodeNum < nodeCollection.Count; nodeNum++) { HtmlNode form = nodeCollection[nodeNum]; //HtmlForm form = (HtmlForm)form.FindControl("form"); formId = (form.Attributes["id"] != null) ? form.Attributes["id"].Value : ""; formName = (form.Attributes["name"] != null) ? form.Attributes["name"].Value : ""; formMethod = (form.Attributes["method"] != null) ? form.Attributes["method"].Value : "get"; formAction = (form.Attributes["action"] != null) ? form.Attributes["action"].Value : ""; formMethod = formMethod.ToLower(); //If the action of the form is empty, set the action equal to everything //after the URL that the user entered if (String.IsNullOrEmpty(formAction)) { int strLengthUrl = urlToCheck.Length; int strLengthSite = urlOfSite.Length; int firstIndexOfSlash = urlToCheck.IndexOf('/', strLengthSite - 1); formAction = urlToCheck.Substring(firstIndexOfSlash + 1, strLengthUrl); } FormDataStore newArr = new FormDataStore(formId, formName, formMethod, formAction, formNum); arrayOfForms.Add(newArr); HtmlNodeCollection nodeCollectionInput = form.SelectNodes("//input"); for (int nodeInput = 0; nodeCollectionInput != null && nodeInput < nodeCollectionInput.Count; nodeInput++) { HtmlNode input = nodeCollectionInput[nodeInput]; // HtmlInputControl input = (HtmlInputControl)input.FindControl("input"); inputId = (input.Attributes["id"] != null) ? input.Attributes["id"].Value : ""; inputName = (input.Attributes["name"] != null) ? input.Attributes["name"].Value : ""; inputValue = (input.Attributes["value"] != null) ? input.Attributes["value"].Value : ""; inputType = (input.Attributes["type"] != null) ? input.Attributes["type"].Value : ""; InputDataStore newarr = new InputDataStore(inputId, inputName, formId, formName, inputValue, inputType, formNum); arrayOfInputFields.Add(newarr); } formNum++; } #endregion //Begin testing each of the forms for (int i = 0; i < arrayOfForms.Count; i++) { string currentFormId = arrayOfForms[i].getId; string currentFormName = arrayOfForms[i].getName; string currentFormMethod = arrayOfForms[i].getMethod; string currentFormAction = arrayOfForms[i].getAction; int currentFormNum = arrayOfForms[i].getFormNum; List<InputDataStore> arrayOfCurrentFormsInputs = new List<InputDataStore>(); for (int j = 0; j < arrayOfInputFields.Count; j++) { string currentInputIdOfForm = arrayOfInputFields[j].getIdOfForm; string currentInputNameOfForm = arrayOfInputFields[j].getNameOfForm; int currentInputFormNum = arrayOfInputFields[j].getFormNum; //Check if the current input field belongs to the current form and add to array if it does if (currentFormNum == currentInputFormNum) { arrayOfCurrentFormsInputs.Add(arrayOfInputFields[j]); } } for (int k = 0; k < arrayOfCurrentFormsInputs.Count; k++) { for (int plIndex = 0; plIndex < arrayOfPayloads.Length; plIndex++)//foreach(string currentPayload in arrayOfAuthenticationPayloads) { string currentFormInputName = arrayOfCurrentFormsInputs[k].getName; string currentFormInputType = arrayOfCurrentFormsInputs[k].getType; string currentFormInputValue = arrayOfCurrentFormsInputs[k].getValue; if (currentFormInputType != "reset") { string defaultStr = "Abc123"; List<PostOrGetObject> arrayOfValues = new List<PostOrGetObject>(); List<InputDataStore> otherInputs = new List<InputDataStore>(); for (int l = 0; l < arrayOfCurrentFormsInputs.Count; l++) { if (currentFormInputName != arrayOfCurrentFormsInputs[l].getName) { otherInputs.Add(arrayOfCurrentFormsInputs[l]); } } PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, arrayOfPayloads[plIndex]); //Add current input and other to array of post values and set their values arrayOfValues.Add(postObject); for (int m = 0; m < otherInputs.Count; m++) { string currentOtherType = otherInputs[m].getType; string currentOtherName = otherInputs[m].getName; string currentOtherValue = otherInputs[m].getValue; if (currentOtherType == "text" || currentOtherType == "password") { PostOrGetObject postObject1 = new PostOrGetObject(currentOtherName, defaultStr); arrayOfValues.Add(postObject1); } else if (currentOtherType == "checkbox" || currentOtherType == "submit") { PostOrGetObject postObject1 = new PostOrGetObject(currentOtherName, currentOtherValue); arrayOfValues.Add(postObject1); } else if (currentOtherType == "radio") { PostOrGetObject postObject1 = new PostOrGetObject(currentOtherName, currentOtherValue); //Check if a radio button in the radio group has already been added bool found = false; for (int n = 0; n < arrayOfValues.Count; n++) { if (arrayOfValues[n].gpName == postObject.gpName) { found = true; break; } } if (!found) arrayOfValues.Add(postObject1); } } if (currentFormMethod == "get") { //Build query string and submit it at end of URL if (!currentFormAction.Contains(urlOfSite)) { if (urlOfSite[urlOfSite.Length - 1] == '/') actionUrl = urlOfSite + currentFormAction; else actionUrl = urlOfSite + "/" + currentFormAction; } else { actionUrl = currentFormAction; } totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } actionUrl += '?'; actionUrl += totalTestStr; HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(actionUrl); HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse(); Stream receiveStream = myHttpWebResponse.GetResponseStream(); StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8); String body = reader.ReadToEnd(); if (body.Length > 0) { vulnerabilityFound = false; string regularExpression = ""; for (int warningIndex = 0; warningIndex < arrayOfSQLWarnings.Length; warningIndex++) { regularExpression = arrayOfSQLWarnings[warningIndex]; if (body.Contains(regularExpression))//if (Regex.IsMatch(regularExpression, body)) { //MessageBox.Show("Found regular expression: $regularExpression, in body of HTTP response"); vulnerabilityFound = true; break; } } //Vulnerability details if (vulnerabilityFound) { StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + "SQL Injection Present!" +"</span><br>"+ "Query:" + urlToCheck + "<br>"); result = str.ToString(); array.Add(str.ToString()); Thread.Sleep(1000); /* showExtractConetent.InnerHtml = "<br>SQL Injection Present!<br>Query:" + urlToCheck + "<br>"; showExtractConetent.InnerHtml = "Method: GET <br>"; showExtractConetent.InnerHtml = "Url: " + testUrl + "<br>"; showExtractConetent.InnerHtml = "Error: " + regularExpression + "<br>"; */ myHttpWebResponse.Close(); return; } } myHttpWebResponse.Close(); } else if (currentFormMethod == "post")//Send data in body of request { //Build query string and submit it at end of URL if (!currentFormAction.Contains(urlOfSite)) { if (urlOfSite[urlOfSite.Length - 1] == '/') actionUrl = urlOfSite + currentFormAction; else actionUrl = urlOfSite + "/" + currentFormAction; } else { actionUrl = currentFormAction; } totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } //create the constructor with post type and few data MyWebRequest myRequest = new MyWebRequest(actionUrl, "POST", totalTestStr); //show the response string on the console screen. String body = myRequest.GetResponse(); if (body.Length > 0) { vulnerabilityFound = false; string regularExpression = ""; for (int warningIndex = 0; warningIndex < arrayOfSQLWarnings.Length; warningIndex++) { regularExpression = arrayOfSQLWarnings[warningIndex]; if (body.Contains(regularExpression))//if (Regex.IsMatch(regularExpression, body)) { //MessageBox.Show("Found regular expression: $regularExpression, in body of HTTP response"); vulnerabilityFound = true; break; } } //Vulnerability details if (vulnerabilityFound) { StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + "SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>"); result = str.ToString(); array.Add(str.ToString()); Thread.Sleep(1000); /* showExtractConetent.InnerHtml = "<br>SQL Injection Present!<br>Query:" + urlToCheck + "<br>"; showExtractConetent.InnerHtml = "Method: GET <br>"; showExtractConetent.InnerHtml = "Url: " + testUrl + "<br>"; showExtractConetent.InnerHtml = "Error: " + regularExpression + "<br>"; */ //myHttpWebResponse.Close(); return; } } } } } } } }
public static void AuthenticationSql(string urlToCheck, ref string result, ref List<string> array) { string actionUrl; result = "By Pass Authentication SQL Injection started!!"; var uri = new Uri(urlToCheck); // Find the length of the hostname //string urlOfSite = uri.Scheme + "://www." + uri.Host; string urlOfSite = uri.Host; //Load the html document from the url var webGet = new HtmlWeb(); HtmlNode.ElementsFlags.Remove("form"); HtmlDocument document = webGet.Load(urlToCheck); //Array containing all form objects found List<FormDataStore> arrayOfForms = new List<FormDataStore>(); //Array containing all input fields List<InputDataStore> arrayOfInputFields = new List<InputDataStore>(); //$log->lwrite("Searching $postUrl for forms"); result = "Searching " + urlToCheck + " for forms...." ; int formNum = 0;//Must use an integer to identify form as forms could have same names and ids #region Find all HtmlForms and their inputs HtmlNodeCollection nodeCollection = document.DocumentNode.SelectNodes("//form"); for (int nodeNum = 0; nodeCollection != null && nodeNum < nodeCollection.Count; nodeNum++) { HtmlNode form = nodeCollection[nodeNum]; //HtmlForm form = (HtmlForm)form.FindControl("form"); formId = (form.Attributes["id"] != null) ? form.Attributes["id"].Value : ""; formName = (form.Attributes["name"] != null) ? form.Attributes["name"].Value : ""; formMethod = (form.Attributes["method"] != null) ? form.Attributes["method"].Value : "get"; formAction = (form.Attributes["action"] != null) ? form.Attributes["action"].Value : ""; formMethod = formMethod.ToLower(); //If the action of the form is empty, set the action equal to everything //after the URL that the user entered if (String.IsNullOrEmpty(formAction)) { int strLengthUrl = urlToCheck.Length; int strLengthSite = urlOfSite.Length; int firstIndexOfSlash = urlToCheck.IndexOf('/', strLengthSite - 1); formAction = urlToCheck.Substring(firstIndexOfSlash + 1, strLengthUrl); } FormDataStore newArr = new FormDataStore(formId, formName, formMethod, formAction, formNum); arrayOfForms.Add(newArr); HtmlNodeCollection nodeCollectionInput = form.SelectNodes("//input"); for (int nodeInput = 0; nodeCollectionInput != null && nodeInput < nodeCollectionInput.Count; nodeInput++) { HtmlNode input = nodeCollectionInput[nodeInput]; // HtmlInputControl input = (HtmlInputControl)input.FindControl("input"); inputId = (input.Attributes["id"] != null) ? input.Attributes["id"].Value : ""; inputName = (input.Attributes["name"] != null) ? input.Attributes["name"].Value : ""; inputValue = (input.Attributes["value"] != null) ? input.Attributes["value"].Value : ""; inputType = (input.Attributes["type"] != null) ? input.Attributes["type"].Value : ""; InputDataStore newarr = new InputDataStore(inputId, inputName, formId, formName, inputValue, inputType, formNum); arrayOfInputFields.Add(newarr); } formNum++; } #endregion //At this stage, we should have captured all forms and their input fields into the appropriate arrays //Begin testing each of the forms //Check if the URL passed into this function displays the same webpage at different intervals //If it does then attempt to login and if this URL displays a different page, the vulnerability is present //e.g. a login page would always look different when you are and are not logged in //*$log->lwrite("Checking if $urlToCheck displays the same page at different intervals"); List<String> responseBodies = new List<String>(); //$responseBodies = array(); for (int a = 0; a < 3; a++) { // Creates an HttpWebRequest for the specified URL. HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(urlToCheck); // Sends the HttpWebRequest and waits for a response. HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse(); Stream receiveStream = myHttpWebResponse.GetResponseStream(); StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8); String body = reader.ReadToEnd(); if (body.Length > 0) { responseBodies.Add(body); } myHttpWebResponse.Close(); } bool pageChanges = true; string bodyOfUrl = ""; if ((responseBodies[0] == responseBodies[1]) && (responseBodies[1] == responseBodies[2])) { bodyOfUrl = responseBodies[0]; pageChanges = false; } //Begin testing each of the forms //$log->lwrite("Beginning testing of forms"); for (int i = 0; i < arrayOfForms.Count; i++) { //$currentForm = arrayOfForms[i]; string currentFormId = arrayOfForms[i].getId; string currentFormName = arrayOfForms[i].getName; string currentFormMethod = arrayOfForms[i].getMethod; string currentFormAction = arrayOfForms[i].getAction; int currentFormNum = arrayOfForms[i].getFormNum; //$arrayOfCurrentFormsInputs = array(); List<InputDataStore> arrayOfCurrentFormsInputs = new List<InputDataStore>(); result = "Beginning test of form...."; //$log->lwrite("Beginning testing of form on $postUrl: $currentFormId $currentFormName $currentFormMethod $currentFormAction"); //echo sizeof($arrayOfInputFields) . "<br>"; for (int j = 0; j < arrayOfInputFields.Count; j++) { //$currentInput = arrayOfInputFields[j]; string currentInputIdOfForm = arrayOfInputFields[j].getIdOfForm; string currentInputNameOfForm = arrayOfInputFields[j].getNameOfForm; int currentInputFormNum = arrayOfInputFields[j].getFormNum; //Check if the current input field belongs to the current form and add to array if it does if (currentFormNum == currentInputFormNum) { arrayOfCurrentFormsInputs.Add(arrayOfInputFields[j]); } } //$log->lwrite("Beginning testing input fields of form on $postUrl: $currentFormId $currentFormName $currentFormMethod $currentFormAction"); foreach (string currentPayload in arrayOfAuthenticationPayloads) { //echo sizeof($arrayOfCurrentFormsInputs) . '<br>'; List<PostOrGetObject> arrayOfValues = new List<PostOrGetObject>(); for (int k = 0; k < arrayOfCurrentFormsInputs.Count; k++) { //$currentFormInput = $arrayOfCurrentFormsInputs[k]; string currentFormInputName = arrayOfCurrentFormsInputs[k].getName; string currentFormInputType = arrayOfCurrentFormsInputs[k].getType; string currentFormInputValue = arrayOfCurrentFormsInputs[k].getValue; if (currentFormInputType != "reset") { //$log->lwrite("Using payload: $currentPayload, to all input fields of form w/ action: $currentFormAction"); //Add current input and other inputs to array of post values and set their values if (currentFormInputType == "text" || currentFormInputType == "password") { PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, currentPayload); arrayOfValues.Add(postObject); } else if (currentFormInputType == "checkbox" || currentFormInputType == "submit") { PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, currentFormInputValue); arrayOfValues.Add(postObject); } else if (currentFormInputType == "radio") { PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, currentFormInputValue); //Check if a radio button in the radio group has already been added bool found = false; for (int n = 0; n < arrayOfValues.Count; n++) { if (arrayOfValues[n].gpName == postObject.gpName) { found = true; break; } } if (!found) arrayOfValues.Add(postObject);//array_push($arrayOfValues, $postObject); } } } if (currentFormMethod == "get") { //Build query string and submit it at end of URL if (!currentFormAction.Contains(urlOfSite)) { if (urlOfSite[urlOfSite.Length - 1] == '/') actionUrl = urlOfSite + currentFormAction; else actionUrl = urlOfSite + "/" + currentFormAction; } else { actionUrl = currentFormAction; } totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } actionUrl += '?'; actionUrl += totalTestStr; // Creates an HttpWebRequest for the specified URL. HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(actionUrl); // Sends the HttpWebRequest and waits for a response. HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse(); Stream receiveStream = myHttpWebResponse.GetResponseStream(); StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8); String body = reader.ReadToEnd(); if (body.Length > 0) { myHttpWebResponse.Close(); vulnerabilityFound = checkIfVulnerabilityFound(urlToCheck, pageChanges, bodyOfUrl, currentPayload); if (vulnerabilityFound) { totalTestStr = "";//Make a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } numFound++; StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + numFound.ToString() + " Found Broken Authentication SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>"); str.Append("Method: GET <br>"); str.Append("Url: " + totalTestStr + "<br>"); str.Append("Error:"+currentPayload+"<br>"); result = str.ToString(); array.Add(urlToCheck); Thread.Sleep(1000); break; } } //myHttpWebResponse.Close(); } else if (currentFormMethod == "post")//Send data in body of request { //Build query string and submit it at end of URL if (!currentFormAction.Contains(urlOfSite)) { if (urlOfSite[urlOfSite.Length - 1] == '/') actionUrl = urlOfSite + currentFormAction; else actionUrl = urlOfSite + "/" + currentFormAction; } else { actionUrl = currentFormAction; } totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } //create the constructor with post type and few data MyWebRequest myRequest = new MyWebRequest(actionUrl, "POST", totalTestStr); //show the response string on the console screen. String body = myRequest.GetResponse(); if (body.Length > 0) { //myHttpWebResponse.Close(); vulnerabilityFound = checkIfVulnerabilityFound(urlToCheck, pageChanges, bodyOfUrl, currentPayload); if (vulnerabilityFound) { totalTestStr = "";//Make a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } numFound++; StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + numFound.ToString() + " Found Broken Authentication SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>"); str.Append("Method: POST <br>"); str.Append("Url: " + totalTestStr + "<br>"); str.Append("Error:" + currentPayload + "<br>"); result = str.ToString(); array.Add(urlToCheck); Thread.Sleep(1000); break; } } } } } }