Exemple #1
0
        private string[] GetXSSURLInfo(string sURL)
        {
            List <string> list = new List <string>();

            if (WebSite.CurrentStatus != TaskStatus.Stop)
            {
                string[] strArray = sURL.Split(new char[] { '?' });
                if (strArray.Length < 2)
                {
                    return(list.ToArray());
                }
                string[] strArray2 = strArray[1].Split(new char[] { '&' });
                for (int i = 0; i < strArray2.Length; i++)
                {
                    string uRL  = strArray[0];
                    string str2 = "";
                    for (int j = 0; j < i; j++)
                    {
                        if (!string.IsNullOrEmpty(str2))
                        {
                            str2 = str2 + "&";
                        }
                        str2 = str2 + strArray2[j];
                    }
                    string str3    = strArray2[i].Split(new char[] { '=' })[0];
                    string uRLPara = WebSite.URL2NoParaURL(sURL) + "^" + str3.ToLower() + "^XSS";
                    if (!this.mainfrm.CurrentSite.IsScannedParameter(uRLPara))
                    {
                        this.mainfrm.CurrentSite.AddScannedParameter(uRLPara);
                        if (!string.IsNullOrEmpty(str2))
                        {
                            str2 = str2 + "&";
                        }
                        str2 = str2 + str3 + "=" + WebSite.GenerateTestInput(i, "<>%3c%3e%253c%253e");
                        for (int k = i + 1; k < strArray2.Length; k++)
                        {
                            if (!string.IsNullOrEmpty(str2))
                            {
                                str2 = str2 + "&";
                            }
                            str2 = str2 + strArray2[k];
                        }
                        uRL = uRL + "?" + str2;
                        string sourceCode        = this.mainfrm.CurrentSite.GetSourceCode(uRL, RequestType.GET);
                        string keyTextFromSource = this.GetKeyTextFromSource(sourceCode, i);
                        if (!string.IsNullOrEmpty(keyTextFromSource) && (keyTextFromSource.IndexOf("<>") >= 0))
                        {
                            string str7 = WebSite.RemoveTestInput(uRL);
                            string item = sURL + "^^" + str3 + "^^GET^^" + str7 + "^^Cross Site Scripting(URL)";
                            list.Add(item);
                        }
                    }
                }
            }
            return(list.ToArray());
        }