private string[] GetXSSURLInfo(string sURL)
{
List <string> list = new List <string>();
if (WebSite.CurrentStatus != TaskStatus.Stop)
{
string[] strArray = sURL.Split(new char[] { '?' });
if (strArray.Length < 2)
{
return(list.ToArray());
}
string[] strArray2 = strArray[1].Split(new char[] { '&' });
for (int i = 0; i < strArray2.Length; i++)
{
string uRL = strArray[0];
string str2 = "";
for (int j = 0; j < i; j++)
{
if (!string.IsNullOrEmpty(str2))
{
str2 = str2 + "&";
}
str2 = str2 + strArray2[j];
}
string str3 = strArray2[i].Split(new char[] { '=' })[0];
string uRLPara = WebSite.URL2NoParaURL(sURL) + "^" + str3.ToLower() + "^XSS";
if (!this.mainfrm.CurrentSite.IsScannedParameter(uRLPara))
{
this.mainfrm.CurrentSite.AddScannedParameter(uRLPara);
if (!string.IsNullOrEmpty(str2))
{
str2 = str2 + "&";
}
str2 = str2 + str3 + "=" + WebSite.GenerateTestInput(i, "<>%3c%3e%253c%253e");
for (int k = i + 1; k < strArray2.Length; k++)
{
if (!string.IsNullOrEmpty(str2))
{
str2 = str2 + "&";
}
str2 = str2 + strArray2[k];
}
uRL = uRL + "?" + str2;
string sourceCode = this.mainfrm.CurrentSite.GetSourceCode(uRL, RequestType.GET);
string keyTextFromSource = this.GetKeyTextFromSource(sourceCode, i);
if (!string.IsNullOrEmpty(keyTextFromSource) && (keyTextFromSource.IndexOf("<>") >= 0))
{
string str7 = WebSite.RemoveTestInput(uRL);
string item = sURL + "^^" + str3 + "^^GET^^" + str7 + "^^Cross Site Scripting(URL)";
list.Add(item);
}
}
}
}
return(list.ToArray());
}
