/// <summary>
/// Executes the GET method to the <paramref name="Url"/>
/// </summary>
/// <param name="Url">The target url</param>
/// <param name="Params">The parameter encoded in the post request</param>
/// <param name="varArgs">The variadic arguments</param>
/// <returns>The kist with the status of the operations just executed</returns>
public List <StatusOperation> ExecutePostCommand(string Url, Dictionary <string, string> Params,
params string[] varArgs)
{
StatusOperation StatusOK = new StatusOperation
{
Message = "",
Status = true
};
List <StatusOperation> list = new List <StatusOperation>();
foreach (var param in Params)
{
var Clone = Params.ToDictionary(entry => entry.Key, entry => entry.Value);
// Add something tricky
Clone[param.Key] += GetFilteredUrl();
// Perform the request
string ResponseServer = this.httpGenericWebRequest.doPost(Url, Clone);
if (ResponseServer.Contains(GetFilteredString()) == false)
{
list.Add(StatusOK);
}
else
{
string message = String.Empty;
// Accept only two variadic arguments
if (varArgs.Length == 2)
{
message = ApplicationUtils.BuildMessage(
GetVulnerabilityTitle(),
varArgs[0],
varArgs[1], Strings.POST);
}
else
{
// Maybe 0 parameters fetch from URL\
message = ApplicationUtils.BuildMessage(
GetVulnerabilityTitle(),
Url.Split('?')[0],
param.Key,
Strings.POST);
}
// Build the vulnrrability error message
// Return the status of the operation
list.Add(new StatusOperation
{
Message = message,
Status = false
});
}
}
return(list);
}
public List <StatusOperation> ExecuteGetCommand(string Url, Dictionary <string, string> Params,
params string[] varArgs)
{
StatusOperation StatusOK = new StatusOperation
{
Message = "",
Status = true
};
List <StatusOperation> list = new List <StatusOperation>();
if (Params == null)
{
// Perform simple GET
string ResponseServer = this.httpGenericWebRequest.doGet(Url);
// Check to see if the server returns expected SQL error message
if (ResponseServer.Contains(GetFilteredString()) == false)
{
list.Add(StatusOK);
}
else
{
// Accept only two variadic arguments
if (varArgs.Length != 2)
{
throw new Exception("Invalid parameters");
}
// Build the vulnrrability error message
string message = ApplicationUtils.BuildMessage(
GetVulnerabilityTitle(), varArgs[0], varArgs[1], Strings.GET);
// Return the status of the operation
list.Add(new StatusOperation
{
Message = message,
Status = false
});
}
// Returns List a single object in it to keep the signature of the method
return(list);
}
foreach (var param in Params)
{
// Clone the dictionary
var Clone = Params.ToDictionary(entry => entry.Key, entry => entry.Value);
// Add something tricky
Clone[param.Key] += GetFilteredUrl();
string content = "";
foreach (var el2 in Clone)
{
content += el2.Key + "=" + el2.Value + "&";
}
content = content.Remove(content.Length - 1);
// Perform the request
string ResponseServer = this.httpGenericWebRequest.doGet(Url + "?" + content);
// Check to see if the server returns expected SQL error message
if (ResponseServer.Contains(GetFilteredString()) == false)
{
list.Add(StatusOK);
}
else
{
string message = String.Empty;
// Accept only two variadic arguments
if (varArgs.Length == 2)
{
message = ApplicationUtils.BuildMessage(
GetVulnerabilityTitle(),
varArgs[0],
varArgs[1], Strings.GET);
}
else
{
// Maybe 0 parameters fetch from URL\
message = ApplicationUtils.BuildMessage(
GetVulnerabilityTitle(),
Url.Split('?')[0],
param.Key,
Strings.GET);
}
// Build the vulnrrability error message
// Return the status of the operation
list.Add(new StatusOperation
{
Message = message,
Status = false
});
}
}
return(list);
}
