Esempio n. 1
0
        private void PopulateExploits(string dbms, IInjectionStrategy injectionStrategy)
        {
            string        xpath = "";
            StringBuilder sb    = new StringBuilder();

            sb.Append("/exploits/exploit[@dbms = \"");
            sb.Append(dbms);
            sb.Append("\" and @injection-strategy = \"");
            sb.Append(injectionStrategy != null ? injectionStrategy.GetType().Name : string.Empty);
            sb.Append("\"]");
            xpath = sb.ToString();

            cbExploits.DataContext = XmlHelpers.GetValuesFromDocByXpath(FileHelpers.GetCurrentDirectory() + "\\xml\\exploits.xml",
                                                                        xpath, "user-friendly-name");
        }
Esempio n. 2
0
        private void PopulateExploits(string dbms, IInjectionStrategy injectionStrategy)
        {
            string xpath = "";
            StringBuilder sb = new StringBuilder();
            sb.Append("/exploits/exploit[@dbms = \"");
            sb.Append(dbms);
            sb.Append("\" and @injection-strategy = \"");
            sb.Append(injectionStrategy != null ? injectionStrategy.GetType().Name : string.Empty);
            sb.Append("\"]");
            xpath = sb.ToString();

            cbExploits.DataContext = XmlHelpers.GetValuesFromDocByXpath(FileHelpers.GetCurrentDirectory() + "\\xml\\exploits.xml",
                                                                            xpath, "user-friendly-name");
        }
Esempio n. 3
0
        public static bool CreateOrLoadMappingFile(string mappingFile, IInjectionStrategy injectionStrategy,
                                                   string dbmsName, ref string error, out XDocument doc)
        {
            bool      outcome  = true;
            XDocument document = null;

            if (!File.Exists(mappingFile))
            {
                var file = File.Create(mappingFile);
                file.Dispose();
            }
            else
            {
                try
                {
                    document = XDocument.Load(mappingFile);
                }
                catch (Exception ex)
                {
                    //TODO: do something
                }
            }

            try
            {
                if (document == null || (document != null && document.Element("map") == null))
                {
                    //create xml document from scratch
                    document = new XDocument(
                        new XElement("map",

                                     new XElement("vulnerable-url", injectionStrategy.Url),
                                     new XElement("injection-strategy",

                                                  new XAttribute("name", injectionStrategy.GetType().Name),
                                                  new XElement("columns",
                                                               new List <XElement>()
                    {
                        new XElement("originalquery", injectionStrategy.NrColumnsInOriginalQuery),
                        new XElement("resultinghtml", injectionStrategy.NumberOfResultsPerRequest),
                        new XElement("indexes",
                                     ListHelpers.ListToCommaSeparatedValues(injectionStrategy.ColumnIndexes)),
                    })),

                                     new XElement("dbms", new XAttribute("name", dbmsName),
                                                  new XElement("users", "")
                                                  ),
                                     new XElement("databases", "")
                                     )
                        );

                    //save constructed document
                    document.Save(mappingFile);
                }
            }
            catch (Exception ex)
            {
                error   = ex.Message;
                outcome = false;
            }

            doc = document;
            return(outcome);
        }