private string[] GetXSSURLInfo(string sURL) { List <string> list = new List <string>(); if (WebSite.CurrentStatus != TaskStatus.Stop) { string[] strArray = sURL.Split(new char[] { '?' }); if (strArray.Length < 2) { return(list.ToArray()); } string[] strArray2 = strArray[1].Split(new char[] { '&' }); for (int i = 0; i < strArray2.Length; i++) { string uRL = strArray[0]; string str2 = ""; for (int j = 0; j < i; j++) { if (!string.IsNullOrEmpty(str2)) { str2 = str2 + "&"; } str2 = str2 + strArray2[j]; } string str3 = strArray2[i].Split(new char[] { '=' })[0]; string uRLPara = WebSite.URL2NoParaURL(sURL) + "^" + str3.ToLower() + "^XSS"; if (!this.mainfrm.CurrentSite.IsScannedParameter(uRLPara)) { this.mainfrm.CurrentSite.AddScannedParameter(uRLPara); if (!string.IsNullOrEmpty(str2)) { str2 = str2 + "&"; } str2 = str2 + str3 + "=" + WebSite.GenerateTestInput(i, "<>%3c%3e%253c%253e"); for (int k = i + 1; k < strArray2.Length; k++) { if (!string.IsNullOrEmpty(str2)) { str2 = str2 + "&"; } str2 = str2 + strArray2[k]; } uRL = uRL + "?" + str2; string sourceCode = this.mainfrm.CurrentSite.GetSourceCode(uRL, RequestType.GET); string keyTextFromSource = this.GetKeyTextFromSource(sourceCode, i); if (!string.IsNullOrEmpty(keyTextFromSource) && (keyTextFromSource.IndexOf("<>") >= 0)) { string str7 = WebSite.RemoveTestInput(uRL); string item = sURL + "^^" + str3 + "^^GET^^" + str7 + "^^Cross Site Scripting(URL)"; list.Add(item); } } } } return(list.ToArray()); }