Пример #1
0
        public static string GetAnswerFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions)
        {
            string result = string.Empty;

            if (!string.IsNullOrEmpty(html))
            {
                try
                {
                    result = html.Substring(html.IndexOf(ExploitDetails.ResultStart) +
                                                ExploitDetails.ResultStart.Length,
                                                html.IndexOf(ExploitDetails.ResultEnd) - html.IndexOf(ExploitDetails.ResultStart) -
                                                ExploitDetails.ResultStart.Length);
                }
                catch
                {
                    string userFriendlyException = "Could not parse sql injection result.";

                    if (!string.IsNullOrEmpty(ExploitDetails.ErrorStart) && !string.IsNullOrEmpty(ExploitDetails.ErrorEnd))
                        if (html.IndexOf(ExploitDetails.ErrorStart) > -1 && html.IndexOf(ExploitDetails.ErrorEnd) > -1)
                            userFriendlyException = string.Format("Sql exception occured: {0}",
                                                        html.Substring(html.IndexOf(ExploitDetails.ErrorStart) +
                                                        ExploitDetails.ErrorStart.Length,
                                                        html.IndexOf(ExploitDetails.ErrorEnd) - html.IndexOf(ExploitDetails.ErrorStart) -
                                                        ExploitDetails.ErrorStart.Length));

                    if (detailedExceptions)
                        userFriendlyException = string.Format("{0}({1})", userFriendlyException, query);

                    throw new SqlInjException(userFriendlyException);
                }
            }

            if (ExploitDetails.TrimLast)
                result = result.Remove(result.Length - 1, 1);

            return result;
        }
Пример #2
0
        public static IList<string> GetMultipleAnswersFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions,
                                                                Func<string,string> resultFormatter=null)
        {
            //    return GetMultipleAnswersFromHtml(html, query, ExploitDetails, detailedExceptions, false);
            //}
            //public static IList<string> GetMultipleAnswersFromHtml(string html, string query, ExploitDetails ExploitDetails, bool detailedExceptions,bool urlEscapeResults)
            //{
            IList<string> results = new List<string>();
            string result = string.Empty;

            if (!string.IsNullOrEmpty(html))
            {
                int resultStartIndex = 0;
                int resultLength = 0;
                int resultEndIndex = 0;
                while (resultStartIndex != -1)
                {
                    try
                    {
                        resultStartIndex = html.IndexOf(ExploitDetails.ResultStart, resultEndIndex);
                        if (resultStartIndex == -1)
                            break;

                        resultStartIndex += ExploitDetails.ResultStart.Length;
                        resultEndIndex = html.IndexOf(ExploitDetails.ResultEnd, resultStartIndex);
                        resultLength = resultEndIndex - resultStartIndex;
                    }
                    catch
                    {
                        break;
                    }

                    try
                    {
                        result = html.Substring(resultStartIndex, resultLength);

                        if (ExploitDetails.TrimLast)
                            result = result.Remove(result.Length - 1, 1);

                        results.Add((resultFormatter != null)?resultFormatter(result):result);

                        //if (urlEscapeResults)
                        //    result = Uri.UnescapeDataString(result);

                        results.Add(result);

                    }
                    catch
                    {
                        string userFriendlyException = "Could not parse sql injection result.";

                        if (!string.IsNullOrEmpty(ExploitDetails.ErrorStart) && !string.IsNullOrEmpty(ExploitDetails.ErrorEnd))
                            if (html.IndexOf(ExploitDetails.ErrorStart) > -1 && html.IndexOf(ExploitDetails.ErrorEnd) > -1)
                                userFriendlyException = string.Format("Sql exception occured: {0}",
                                                            html.Substring(html.IndexOf(ExploitDetails.ErrorStart) +
                                                            ExploitDetails.ErrorStart.Length,
                                                            html.IndexOf(ExploitDetails.ErrorEnd) - html.IndexOf(ExploitDetails.ErrorStart) -
                                                            ExploitDetails.ErrorStart.Length));

                        if (detailedExceptions)
                            userFriendlyException = string.Format("{0}({1})", userFriendlyException, query);

                        throw new SqlInjException(userFriendlyException);
                    }
                }
            }

            return results;
        }