public static void AuthenticationSql(string urlToCheck, ref string result, ref List<string> array) { string actionUrl; result = "By Pass Authentication SQL Injection started!!"; var uri = new Uri(urlToCheck); // Find the length of the hostname //string urlOfSite = uri.Scheme + "://www." + uri.Host; string urlOfSite = uri.Host; //Load the html document from the url var webGet = new HtmlWeb(); HtmlNode.ElementsFlags.Remove("form"); HtmlDocument document = webGet.Load(urlToCheck); //Array containing all form objects found List<FormDataStore> arrayOfForms = new List<FormDataStore>(); //Array containing all input fields List<InputDataStore> arrayOfInputFields = new List<InputDataStore>(); //$log->lwrite("Searching $postUrl for forms"); result = "Searching " + urlToCheck + " for forms...." ; int formNum = 0;//Must use an integer to identify form as forms could have same names and ids #region Find all HtmlForms and their inputs HtmlNodeCollection nodeCollection = document.DocumentNode.SelectNodes("//form"); for (int nodeNum = 0; nodeCollection != null && nodeNum < nodeCollection.Count; nodeNum++) { HtmlNode form = nodeCollection[nodeNum]; //HtmlForm form = (HtmlForm)form.FindControl("form"); formId = (form.Attributes["id"] != null) ? form.Attributes["id"].Value : ""; formName = (form.Attributes["name"] != null) ? form.Attributes["name"].Value : ""; formMethod = (form.Attributes["method"] != null) ? form.Attributes["method"].Value : "get"; formAction = (form.Attributes["action"] != null) ? form.Attributes["action"].Value : ""; formMethod = formMethod.ToLower(); //If the action of the form is empty, set the action equal to everything //after the URL that the user entered if (String.IsNullOrEmpty(formAction)) { int strLengthUrl = urlToCheck.Length; int strLengthSite = urlOfSite.Length; int firstIndexOfSlash = urlToCheck.IndexOf('/', strLengthSite - 1); formAction = urlToCheck.Substring(firstIndexOfSlash + 1, strLengthUrl); } FormDataStore newArr = new FormDataStore(formId, formName, formMethod, formAction, formNum); arrayOfForms.Add(newArr); HtmlNodeCollection nodeCollectionInput = form.SelectNodes("//input"); for (int nodeInput = 0; nodeCollectionInput != null && nodeInput < nodeCollectionInput.Count; nodeInput++) { HtmlNode input = nodeCollectionInput[nodeInput]; // HtmlInputControl input = (HtmlInputControl)input.FindControl("input"); inputId = (input.Attributes["id"] != null) ? input.Attributes["id"].Value : ""; inputName = (input.Attributes["name"] != null) ? input.Attributes["name"].Value : ""; inputValue = (input.Attributes["value"] != null) ? input.Attributes["value"].Value : ""; inputType = (input.Attributes["type"] != null) ? input.Attributes["type"].Value : ""; InputDataStore newarr = new InputDataStore(inputId, inputName, formId, formName, inputValue, inputType, formNum); arrayOfInputFields.Add(newarr); } formNum++; } #endregion //At this stage, we should have captured all forms and their input fields into the appropriate arrays //Begin testing each of the forms //Check if the URL passed into this function displays the same webpage at different intervals //If it does then attempt to login and if this URL displays a different page, the vulnerability is present //e.g. a login page would always look different when you are and are not logged in //*$log->lwrite("Checking if $urlToCheck displays the same page at different intervals"); List<String> responseBodies = new List<String>(); //$responseBodies = array(); for (int a = 0; a < 3; a++) { // Creates an HttpWebRequest for the specified URL. HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(urlToCheck); // Sends the HttpWebRequest and waits for a response. HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse(); Stream receiveStream = myHttpWebResponse.GetResponseStream(); StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8); String body = reader.ReadToEnd(); if (body.Length > 0) { responseBodies.Add(body); } myHttpWebResponse.Close(); } bool pageChanges = true; string bodyOfUrl = ""; if ((responseBodies[0] == responseBodies[1]) && (responseBodies[1] == responseBodies[2])) { bodyOfUrl = responseBodies[0]; pageChanges = false; } //Begin testing each of the forms //$log->lwrite("Beginning testing of forms"); for (int i = 0; i < arrayOfForms.Count; i++) { //$currentForm = arrayOfForms[i]; string currentFormId = arrayOfForms[i].getId; string currentFormName = arrayOfForms[i].getName; string currentFormMethod = arrayOfForms[i].getMethod; string currentFormAction = arrayOfForms[i].getAction; int currentFormNum = arrayOfForms[i].getFormNum; //$arrayOfCurrentFormsInputs = array(); List<InputDataStore> arrayOfCurrentFormsInputs = new List<InputDataStore>(); result = "Beginning test of form...."; //$log->lwrite("Beginning testing of form on $postUrl: $currentFormId $currentFormName $currentFormMethod $currentFormAction"); //echo sizeof($arrayOfInputFields) . "<br>"; for (int j = 0; j < arrayOfInputFields.Count; j++) { //$currentInput = arrayOfInputFields[j]; string currentInputIdOfForm = arrayOfInputFields[j].getIdOfForm; string currentInputNameOfForm = arrayOfInputFields[j].getNameOfForm; int currentInputFormNum = arrayOfInputFields[j].getFormNum; //Check if the current input field belongs to the current form and add to array if it does if (currentFormNum == currentInputFormNum) { arrayOfCurrentFormsInputs.Add(arrayOfInputFields[j]); } } //$log->lwrite("Beginning testing input fields of form on $postUrl: $currentFormId $currentFormName $currentFormMethod $currentFormAction"); foreach (string currentPayload in arrayOfAuthenticationPayloads) { //echo sizeof($arrayOfCurrentFormsInputs) . '<br>'; List<PostOrGetObject> arrayOfValues = new List<PostOrGetObject>(); for (int k = 0; k < arrayOfCurrentFormsInputs.Count; k++) { //$currentFormInput = $arrayOfCurrentFormsInputs[k]; string currentFormInputName = arrayOfCurrentFormsInputs[k].getName; string currentFormInputType = arrayOfCurrentFormsInputs[k].getType; string currentFormInputValue = arrayOfCurrentFormsInputs[k].getValue; if (currentFormInputType != "reset") { //$log->lwrite("Using payload: $currentPayload, to all input fields of form w/ action: $currentFormAction"); //Add current input and other inputs to array of post values and set their values if (currentFormInputType == "text" || currentFormInputType == "password") { PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, currentPayload); arrayOfValues.Add(postObject); } else if (currentFormInputType == "checkbox" || currentFormInputType == "submit") { PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, currentFormInputValue); arrayOfValues.Add(postObject); } else if (currentFormInputType == "radio") { PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, currentFormInputValue); //Check if a radio button in the radio group has already been added bool found = false; for (int n = 0; n < arrayOfValues.Count; n++) { if (arrayOfValues[n].gpName == postObject.gpName) { found = true; break; } } if (!found) arrayOfValues.Add(postObject);//array_push($arrayOfValues, $postObject); } } } if (currentFormMethod == "get") { //Build query string and submit it at end of URL if (!currentFormAction.Contains(urlOfSite)) { if (urlOfSite[urlOfSite.Length - 1] == '/') actionUrl = urlOfSite + currentFormAction; else actionUrl = urlOfSite + "/" + currentFormAction; } else { actionUrl = currentFormAction; } totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } actionUrl += '?'; actionUrl += totalTestStr; // Creates an HttpWebRequest for the specified URL. HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(actionUrl); // Sends the HttpWebRequest and waits for a response. HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse(); Stream receiveStream = myHttpWebResponse.GetResponseStream(); StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8); String body = reader.ReadToEnd(); if (body.Length > 0) { myHttpWebResponse.Close(); vulnerabilityFound = checkIfVulnerabilityFound(urlToCheck, pageChanges, bodyOfUrl, currentPayload); if (vulnerabilityFound) { totalTestStr = "";//Make a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } numFound++; StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + numFound.ToString() + " Found Broken Authentication SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>"); str.Append("Method: GET <br>"); str.Append("Url: " + totalTestStr + "<br>"); str.Append("Error:"+currentPayload+"<br>"); result = str.ToString(); array.Add(urlToCheck); Thread.Sleep(1000); break; } } //myHttpWebResponse.Close(); } else if (currentFormMethod == "post")//Send data in body of request { //Build query string and submit it at end of URL if (!currentFormAction.Contains(urlOfSite)) { if (urlOfSite[urlOfSite.Length - 1] == '/') actionUrl = urlOfSite + currentFormAction; else actionUrl = urlOfSite + "/" + currentFormAction; } else { actionUrl = currentFormAction; } totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } //create the constructor with post type and few data MyWebRequest myRequest = new MyWebRequest(actionUrl, "POST", totalTestStr); //show the response string on the console screen. String body = myRequest.GetResponse(); if (body.Length > 0) { //myHttpWebResponse.Close(); vulnerabilityFound = checkIfVulnerabilityFound(urlToCheck, pageChanges, bodyOfUrl, currentPayload); if (vulnerabilityFound) { totalTestStr = "";//Make a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } numFound++; StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + numFound.ToString() + " Found Broken Authentication SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>"); str.Append("Method: POST <br>"); str.Append("Url: " + totalTestStr + "<br>"); str.Append("Error:" + currentPayload + "<br>"); result = str.ToString(); array.Add(urlToCheck); Thread.Sleep(1000); break; } } } } } }
public static void DetectSql(string urlToCheck, ref string result, ref List<string> array) { //array = new List<string>(); //First check does the URL passed into this function contain parameters and submit payloads as those parameters if it does Uri uri = new Uri(urlToCheck); string query = uri.Query.Replace("?", ""); NameValueCollection Parms = HttpUtility.ParseQueryString(query); result = string.Format("Check if {0} contains parameters", urlToCheck); Thread.Sleep(1000); if (Parms != null && Parms.Count > 0) { //MessageBox.Show("$urlToCheck does contain parameters"); Thread.Sleep(1000); result = string.Format("{0} does contain parameters", urlToCheck); Thread.Sleep(1000); string scheme = uri.Scheme; string host = uri.Host; string path = HttpUtility.UrlDecode(uri.AbsolutePath); string originalQuery = query; foreach (string currentPayload in arrayOfPayloads) { foreach (string x in Parms.AllKeys) { query = originalQuery; string newQuery = query.Replace(Parms[x], currentPayload); query = newQuery; string testUrl = scheme + "://" + host + path + '?' + query; //MessageBox.Show("URL to be requested is: ",testUrl); result = string.Format("URL to be requested is: " + testUrl); Thread.Sleep(1000); string error; HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(testUrl); HttpWebResponse myHttpWebResponse; try { myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse(); Stream receiveStream = myHttpWebResponse.GetResponseStream(); StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8); String body = reader.ReadToEnd(); if (body.Length > 0) { vulnerabilityFound = false; string regularExpression = ""; for (int warningIndex = 0; warningIndex < arrayOfSQLWarnings.Length; warningIndex++) { regularExpression = arrayOfSQLWarnings[warningIndex]; if (body.Contains(regularExpression))//if (Regex.IsMatch(regularExpression, body)) { //MessageBox.Show("Found regular expression: $regularExpression, in body of HTTP response"); vulnerabilityFound = true; break; } } //showExtractConetent.InnerHtml += "<h1 class=bold>Links of Pages</h1>"; //Vulnerability details if (vulnerabilityFound) { numFound++; StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-weight: bold;color:red;'>" + numFound.ToString() + " Found SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>"); str.Append("Method: GET <br>"); str.Append("Url: " + testUrl + "<br>"); str.Append("Error: " + regularExpression + "<br>"); result = str.ToString(); array.Add(urlToCheck); Thread.Sleep(1000); /* showExtractConetent.InnerHtml = "<br>SQL Injection Present!<br>Query:" + urlToCheck + "<br>"; showExtractConetent.InnerHtml = "Method: GET <br>"; showExtractConetent.InnerHtml = "Url: " + testUrl + "<br>"; showExtractConetent.InnerHtml = "Error: " + regularExpression + "<br>"; */ myHttpWebResponse.Close(); return; } } myHttpWebResponse.Close(); } catch (WebException ex) { myHttpWebResponse = ex.Response as HttpWebResponse; result = ex.Message; } } } } //begin form testing string actionUrl; var uri1 = new Uri(urlToCheck); // Find the length of the hostname //string urlOfSite = uri.Scheme + "://www." + uri.Host; string urlOfSite = uri1.Host; //Load the html document from the url var webGet = new HtmlWeb(); HtmlNode.ElementsFlags.Remove("form"); HtmlDocument document = webGet.Load(urlToCheck); List<FormDataStore> arrayOfForms = new List<FormDataStore>(); //Array containing all form objects found List<InputDataStore> arrayOfInputFields = new List<InputDataStore>(); //Array containing all input fields int formNum = 0;//Must use an integer to identify form as forms could have same names and ids #region Find all HtmlForms and their inputs HtmlNodeCollection nodeCollection = document.DocumentNode.SelectNodes("//form"); for (int nodeNum = 0; nodeCollection != null && nodeNum < nodeCollection.Count; nodeNum++) { HtmlNode form = nodeCollection[nodeNum]; //HtmlForm form = (HtmlForm)form.FindControl("form"); formId = (form.Attributes["id"] != null) ? form.Attributes["id"].Value : ""; formName = (form.Attributes["name"] != null) ? form.Attributes["name"].Value : ""; formMethod = (form.Attributes["method"] != null) ? form.Attributes["method"].Value : "get"; formAction = (form.Attributes["action"] != null) ? form.Attributes["action"].Value : ""; formMethod = formMethod.ToLower(); //If the action of the form is empty, set the action equal to everything //after the URL that the user entered if (String.IsNullOrEmpty(formAction)) { int strLengthUrl = urlToCheck.Length; int strLengthSite = urlOfSite.Length; int firstIndexOfSlash = urlToCheck.IndexOf('/', strLengthSite - 1); formAction = urlToCheck.Substring(firstIndexOfSlash + 1, strLengthUrl); } FormDataStore newArr = new FormDataStore(formId, formName, formMethod, formAction, formNum); arrayOfForms.Add(newArr); HtmlNodeCollection nodeCollectionInput = form.SelectNodes("//input"); for (int nodeInput = 0; nodeCollectionInput != null && nodeInput < nodeCollectionInput.Count; nodeInput++) { HtmlNode input = nodeCollectionInput[nodeInput]; // HtmlInputControl input = (HtmlInputControl)input.FindControl("input"); inputId = (input.Attributes["id"] != null) ? input.Attributes["id"].Value : ""; inputName = (input.Attributes["name"] != null) ? input.Attributes["name"].Value : ""; inputValue = (input.Attributes["value"] != null) ? input.Attributes["value"].Value : ""; inputType = (input.Attributes["type"] != null) ? input.Attributes["type"].Value : ""; InputDataStore newarr = new InputDataStore(inputId, inputName, formId, formName, inputValue, inputType, formNum); arrayOfInputFields.Add(newarr); } formNum++; } #endregion //Begin testing each of the forms for (int i = 0; i < arrayOfForms.Count; i++) { string currentFormId = arrayOfForms[i].getId; string currentFormName = arrayOfForms[i].getName; string currentFormMethod = arrayOfForms[i].getMethod; string currentFormAction = arrayOfForms[i].getAction; int currentFormNum = arrayOfForms[i].getFormNum; List<InputDataStore> arrayOfCurrentFormsInputs = new List<InputDataStore>(); for (int j = 0; j < arrayOfInputFields.Count; j++) { string currentInputIdOfForm = arrayOfInputFields[j].getIdOfForm; string currentInputNameOfForm = arrayOfInputFields[j].getNameOfForm; int currentInputFormNum = arrayOfInputFields[j].getFormNum; //Check if the current input field belongs to the current form and add to array if it does if (currentFormNum == currentInputFormNum) { arrayOfCurrentFormsInputs.Add(arrayOfInputFields[j]); } } for (int k = 0; k < arrayOfCurrentFormsInputs.Count; k++) { for (int plIndex = 0; plIndex < arrayOfPayloads.Length; plIndex++)//foreach(string currentPayload in arrayOfAuthenticationPayloads) { string currentFormInputName = arrayOfCurrentFormsInputs[k].getName; string currentFormInputType = arrayOfCurrentFormsInputs[k].getType; string currentFormInputValue = arrayOfCurrentFormsInputs[k].getValue; if (currentFormInputType != "reset") { string defaultStr = "Abc123"; List<PostOrGetObject> arrayOfValues = new List<PostOrGetObject>(); List<InputDataStore> otherInputs = new List<InputDataStore>(); for (int l = 0; l < arrayOfCurrentFormsInputs.Count; l++) { if (currentFormInputName != arrayOfCurrentFormsInputs[l].getName) { otherInputs.Add(arrayOfCurrentFormsInputs[l]); } } PostOrGetObject postObject = new PostOrGetObject(currentFormInputName, arrayOfPayloads[plIndex]); //Add current input and other to array of post values and set their values arrayOfValues.Add(postObject); for (int m = 0; m < otherInputs.Count; m++) { string currentOtherType = otherInputs[m].getType; string currentOtherName = otherInputs[m].getName; string currentOtherValue = otherInputs[m].getValue; if (currentOtherType == "text" || currentOtherType == "password") { PostOrGetObject postObject1 = new PostOrGetObject(currentOtherName, defaultStr); arrayOfValues.Add(postObject1); } else if (currentOtherType == "checkbox" || currentOtherType == "submit") { PostOrGetObject postObject1 = new PostOrGetObject(currentOtherName, currentOtherValue); arrayOfValues.Add(postObject1); } else if (currentOtherType == "radio") { PostOrGetObject postObject1 = new PostOrGetObject(currentOtherName, currentOtherValue); //Check if a radio button in the radio group has already been added bool found = false; for (int n = 0; n < arrayOfValues.Count; n++) { if (arrayOfValues[n].gpName == postObject.gpName) { found = true; break; } } if (!found) arrayOfValues.Add(postObject1); } } if (currentFormMethod == "get") { //Build query string and submit it at end of URL if (!currentFormAction.Contains(urlOfSite)) { if (urlOfSite[urlOfSite.Length - 1] == '/') actionUrl = urlOfSite + currentFormAction; else actionUrl = urlOfSite + "/" + currentFormAction; } else { actionUrl = currentFormAction; } totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } actionUrl += '?'; actionUrl += totalTestStr; HttpWebRequest myHttpWebRequest = (HttpWebRequest)WebRequest.Create(actionUrl); HttpWebResponse myHttpWebResponse = (HttpWebResponse)myHttpWebRequest.GetResponse(); Stream receiveStream = myHttpWebResponse.GetResponseStream(); StreamReader reader = new StreamReader(receiveStream, Encoding.UTF8); String body = reader.ReadToEnd(); if (body.Length > 0) { vulnerabilityFound = false; string regularExpression = ""; for (int warningIndex = 0; warningIndex < arrayOfSQLWarnings.Length; warningIndex++) { regularExpression = arrayOfSQLWarnings[warningIndex]; if (body.Contains(regularExpression))//if (Regex.IsMatch(regularExpression, body)) { //MessageBox.Show("Found regular expression: $regularExpression, in body of HTTP response"); vulnerabilityFound = true; break; } } //Vulnerability details if (vulnerabilityFound) { StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + "SQL Injection Present!" +"</span><br>"+ "Query:" + urlToCheck + "<br>"); result = str.ToString(); array.Add(str.ToString()); Thread.Sleep(1000); /* showExtractConetent.InnerHtml = "<br>SQL Injection Present!<br>Query:" + urlToCheck + "<br>"; showExtractConetent.InnerHtml = "Method: GET <br>"; showExtractConetent.InnerHtml = "Url: " + testUrl + "<br>"; showExtractConetent.InnerHtml = "Error: " + regularExpression + "<br>"; */ myHttpWebResponse.Close(); return; } } myHttpWebResponse.Close(); } else if (currentFormMethod == "post")//Send data in body of request { //Build query string and submit it at end of URL if (!currentFormAction.Contains(urlOfSite)) { if (urlOfSite[urlOfSite.Length - 1] == '/') actionUrl = urlOfSite + currentFormAction; else actionUrl = urlOfSite + "/" + currentFormAction; } else { actionUrl = currentFormAction; } totalTestStr = "";//Compile a test string to show the user how the vulnerability was tested for for (int p = 0; p < arrayOfValues.Count; p++) { string currentPostValueName = arrayOfValues[p].gpName; string currentPostValueValue = arrayOfValues[p].gpValue; totalTestStr += currentPostValueName; totalTestStr += '='; totalTestStr += currentPostValueValue; if (p != (arrayOfValues.Count - 1)) totalTestStr += '&'; } //create the constructor with post type and few data MyWebRequest myRequest = new MyWebRequest(actionUrl, "POST", totalTestStr); //show the response string on the console screen. String body = myRequest.GetResponse(); if (body.Length > 0) { vulnerabilityFound = false; string regularExpression = ""; for (int warningIndex = 0; warningIndex < arrayOfSQLWarnings.Length; warningIndex++) { regularExpression = arrayOfSQLWarnings[warningIndex]; if (body.Contains(regularExpression))//if (Regex.IsMatch(regularExpression, body)) { //MessageBox.Show("Found regular expression: $regularExpression, in body of HTTP response"); vulnerabilityFound = true; break; } } //Vulnerability details if (vulnerabilityFound) { StringBuilder str = new StringBuilder(); str.Append("<br><span style='font-size:medium;font-style: bold;color:red;'>" + "SQL Injection Present!" + "</span><br>" + "Query:" + urlToCheck + "<br>"); result = str.ToString(); array.Add(str.ToString()); Thread.Sleep(1000); /* showExtractConetent.InnerHtml = "<br>SQL Injection Present!<br>Query:" + urlToCheck + "<br>"; showExtractConetent.InnerHtml = "Method: GET <br>"; showExtractConetent.InnerHtml = "Url: " + testUrl + "<br>"; showExtractConetent.InnerHtml = "Error: " + regularExpression + "<br>"; */ //myHttpWebResponse.Close(); return; } } } } } } } }
public override void Play(MyWebRequest req) { if (!req.Parameters.ContainsKey("id")) { return; } var plugpath = GetPluginFromPath(req.Url); var plugin = _plugins.FirstOrDefault(p => plugpath == p.Id); if (plugin != null) { var content = plugin.GetContent(req.Parameters); if (content == null || content is IPluginContainer) { return; } var source = content.GetSourceUrl(); if (source.Type == SourceType.ContentId || source.Type == SourceType.Torrent) { var ts = GetContentUrl(source, req); string url = ts.GetPlayTask().Result; if (ts == null || string.IsNullOrEmpty(url)) { ts.Disconnect(); req.GetResponse().SendText("File Not Found"); return; } TorrentStream ts1 = new TorrentStream(req.Client); ts1.Connect(); var resp = ts1.ReadTorrent(source.Url, (TTVApi.SourceType)(byte) source.Type); string file = resp.Files[req.Parameters.ContainsKey("index") ? int.Parse(req.Parameters["index"]) : 0]; string ext = Path.GetExtension(file); ts1.Disconnect(); if (content.Translation == TranslationType.Broadcast) { SendBroadcast(url, req, ext); } else if (content.Translation == TranslationType.VoD) { for (int i = 0; i < ts.Owner.Count && ts.Owner.Count > 1; i++) { ts.Owner[i].Close(); } SendFile(url, req, ext); } Thread.Sleep(5712); if (ts.Owner.All(c => !c.Connected)) { if (content.Translation == TranslationType.Broadcast && !_device.Proxy.Broadcaster.Contains(url) || content.Translation == TranslationType.VoD) { ts.Disconnect(); _device.Proxy.RemoveFromTsPoos(ts); } } } else if (source.Type == SourceType.File) { string ext = Path.GetExtension(source.Url); if (content.Translation == TranslationType.Broadcast) { SendBroadcast(source.Url, req, ext); } else if (content.Translation == TranslationType.VoD) { SendFile(source.Url, req, ext); } } } }
private void GetSystemUpdateID(MyWebRequest request) { MyWebResponse response = request.GetResponse(); response.SendSoapHeadersBody("0"); }
private void ParseUri(MyUri uri, ref MyWebRequest request) { string str = ""; if ((request != null) && request.response.KeepAlive) { str = str + "连接转至: " + uri.Host + "\r\n\r\n"; } else { str = str + "连接: " + uri.Host + "\r\n\r\n"; } ListViewItem item = null; Monitor.Enter(this.listViewThreads); try { item = this.listViewThreads.Items[int.Parse(Thread.CurrentThread.Name)]; item.SubItems[1].Text = uri.Depth.ToString(); item.ImageIndex = 1; item.BackColor = System.Drawing.Color.WhiteSmoke; item.SubItems[2].Text = "正在连接"; item.ForeColor = System.Drawing.Color.Red; item.SubItems[3].Text = uri.AbsoluteUri; item.SubItems[4].Text = ""; item.SubItems[5].Text = ""; } catch (Exception) { } Monitor.Exit(this.listViewThreads); try { object obj2; request = MyWebRequest.Create(uri, request, this.KeepAlive); request.Timeout = this.RequestTimeout * 0x3e8; MyWebResponse response = request.GetResponse(); str = str + request.Header + response.Header; if (!response.ResponseUri.Equals(uri)) { this.EnqueueUri(new MyUri(response.ResponseUri.AbsoluteUri), true); obj2 = str; str = string.Concat(new object[] { obj2, "重定向到: ", response.ResponseUri, "\r\n" }); request = null; } else { if ((!this.AllMIMETypes && (response.ContentType != null)) && (this.MIMETypes.Length > 0)) { string str2 = response.ContentType.ToLower(); int index = str2.IndexOf(';'); if (index != -1) { str2 = str2.Substring(0, index); } if ((str2.IndexOf('*') == -1) && ((index = this.MIMETypes.IndexOf(str2)) == -1)) { this.LogError(uri.AbsoluteUri, str + "\r\nUnlisted Content-Type (" + str2 + "), check settings."); request = null; return; } Match match = new Regex(@"\d+").Match(this.MIMETypes, index); int num3 = int.Parse(match.Value) * 0x400; int num4 = int.Parse(match.NextMatch().Value) * 0x400; if ((num3 < num4) && ((response.ContentLength < num3) || (response.ContentLength > num4))) { this.LogError(uri.AbsoluteUri, string.Concat(new object[] { str, "\r\nContentLength limit error (", response.ContentLength, ")" })); request = null; return; } } string[] strArray = new string[] { ".gif", ".jpg", ".css", ".zip", ".exe" }; bool flag = true; foreach (string str3 in strArray) { if (uri.AbsoluteUri.ToLower().EndsWith(str3)) { flag = false; break; } } foreach (string str3 in this.ExcludeFiles) { if ((str3.Trim().Length > 0) && uri.AbsoluteUri.ToLower().EndsWith(str3)) { flag = false; break; } } string strBody = uri.ToString(); if (this.Compared(uri.LocalPath.Substring(uri.LocalPath.LastIndexOf('.') + 1).ToLower()) && (uri.ToString().Substring(uri.ToString().Length - 1, 1) != "/")) { this.LogError("丢弃--非网页文件", strBody); } else { int num5; UriKind absolute = UriKind.Absolute; if (!string.IsNullOrEmpty(strBody) && Uri.IsWellFormedUriString(strBody, absolute)) { string page = GetPage(strBody); Stopwatch stopwatch = new Stopwatch(); stopwatch.Start(); Html html = new Html { Web = page, Url = strBody }; CommonAnalyze analyze = new CommonAnalyze(); analyze.LoadHtml(html); Net.LikeShow.ContentAnalyze.Document result = analyze.GetResult(); stopwatch.Stop(); string bt = result.Title.Replace("[(title)]", ""); switch (bt) { case null: case "": bt = result.Doc.Substring(20).ToString(); break; } if ((result.Doc == null) || (result.Doc == "")) { this.LogError("丢弃--空内容或非内空页", strBody); } else { Lucene.Net.Documents.Document document3; string str7 = result.Doc + bt; if (this.cgcount >= 10) { string keywords = this.MD5string(result.Doc.ToString()); string keyWordsSplitBySpace = ""; IndexSearcher searcher = new IndexSearcher(this.path); keyWordsSplitBySpace = GetKeyWordsSplitBySpace(keywords, new KTDictSegTokenizer()); Query query = new QueryParser("J_md5_bai", new KTDictSegAnalyzer(true)).Parse(keyWordsSplitBySpace); if (searcher.Search(query).Doc(0).Get("J_md5_bai") == keywords) { this.LogError("排除--重复", strBody); } else { this.cgcount++; this.LogUri(bt, "引索完成"); document3 = new Lucene.Net.Documents.Document(); document3.Add(new Field("分类", this.page_py, Field.Store.YES, Field.Index.TOKENIZED)); document3.Add(new Field("J_title_bai", bt, Field.Store.YES, Field.Index.TOKENIZED)); document3.Add(new Field("J_msgContent_bai", str7, Field.Store.YES, Field.Index.TOKENIZED)); document3.Add(new Field("J_SiteType_bai", result.SiteType.ToString(), Field.Store.YES, Field.Index.NO)); document3.Add(new Field("J_URL_bai", strBody, Field.Store.YES, Field.Index.NO)); document3.Add(new Field("J_addtime_bai", DateTime.Now.ToShortDateString(), Field.Store.YES, Field.Index.NO)); document3.Add(new Field("J_md5_bai", this.MD5string(result.Doc.ToString()), Field.Store.YES, Field.Index.TOKENIZED)); this.writer.AddDocument(document3); } } else { this.cgcount++; this.LogUri(bt, "引索完成"); document3 = new Lucene.Net.Documents.Document(); document3.Add(new Field("分类", this.page_py, Field.Store.YES, Field.Index.TOKENIZED)); document3.Add(new Field("J_title_bai", bt, Field.Store.YES, Field.Index.TOKENIZED)); document3.Add(new Field("J_msgContent_bai", str7, Field.Store.YES, Field.Index.TOKENIZED)); document3.Add(new Field("J_SiteType_bai", result.SiteType.ToString(), Field.Store.YES, Field.Index.NO)); document3.Add(new Field("J_URL_bai", strBody, Field.Store.YES, Field.Index.NO)); document3.Add(new Field("J_addtime_bai", DateTime.Now.ToShortDateString(), Field.Store.YES, Field.Index.NO)); document3.Add(new Field("J_md5_bai", this.MD5string(result.Doc.ToString()), Field.Store.YES, Field.Index.TOKENIZED)); this.writer.AddDocument(document3); } } } item.SubItems[2].Text = "正在下载"; item.ForeColor = System.Drawing.Color.Black; string input = ""; byte[] buffer = new byte[0x2800]; int nNum = 0; while ((num5 = response.socket.Receive(buffer, 0, 0x2800, SocketFlags.None)) > 0) { nNum += num5; if (flag) { input = input + Encoding.ASCII.GetString(buffer, 0, num5); } item.SubItems[4].Text = this.Commas(nNum); if (response.ContentLength > 0) { item.SubItems[5].Text = '%' + ((100 - (((response.ContentLength - nNum) * 100) / response.ContentLength))).ToString(); } if ((response.KeepAlive && (nNum >= response.ContentLength)) && (response.ContentLength > 0)) { break; } } if (response.KeepAlive) { str = str + "Connection kept alive to be used in subpages.\r\n"; } else { response.Close(); str = str + "Connection closed.\r\n"; } this.FileCount++; this.ByteCount += nNum; if ((this.ThreadsRunning && flag) && (uri.Depth < this.WebDepth)) { str = str + "\r\nParsing page ...\r\n"; string pattern = "(href|HREF|src|SRC)[ ]*=[ ]*[\"'][^\"'#>]+[\"']"; MatchCollection matchs = new Regex(pattern).Matches(input); obj2 = str; str = string.Concat(new object[] { obj2, "Found: ", matchs.Count, " ref(s)\r\n" }); this.URLCount += matchs.Count; foreach (Match match in matchs) { pattern = match.Value.Substring(match.Value.IndexOf('=') + 1).Trim(new char[] { '"', '\'', '#', ' ', '>' }); try { if (!(((pattern.IndexOf("..") == -1) && !pattern.StartsWith("/")) && pattern.StartsWith("http://"))) { pattern = new Uri(uri, pattern).AbsoluteUri; } this.Normalize(ref pattern); MyUri uri2 = new MyUri(pattern); if ((((uri2.Scheme != Uri.UriSchemeHttp) && (uri2.Scheme != Uri.UriSchemeHttps)) || ((uri2.Host.Split(new char[] { '.' })[1] != this.urllhost[1]) && this.KeepSameServer)) || !this.Compared_jpg(uri2.LocalPath.Substring(uri2.LocalPath.LastIndexOf('.') + 1).ToLower())) { continue; } Global.URL = uri2.ToString(); if ((Global.BXBH != "") && (Redspider_link.bxbh() == 2)) { continue; } uri2.Depth = uri.Depth + 1; if (this.EnqueueUri(uri2, true)) { str = str + uri2.AbsoluteUri + "\r\n"; } } catch (Exception) { } } } } } } catch (Exception exception) { this.LogError(uri.AbsoluteUri, str + exception.Message); request = null; } finally { this.EraseItem(item); } }
private void GetSearchCapabilities(MyWebRequest request) { MyWebResponse response = request.GetResponse(); response.SendSoapHeadersBody(""); }
private void GetSortCapabilities(MyWebRequest request) { MyWebResponse response = request.GetResponse(); response.SendSoapHeadersBody("dc:title,dc:date"); }
private void ClearBroadcast(MyWebRequest obj) { Proxy.Broadcaster.StopAll(); obj.GetResponse().SendText("OK"); }
private void ProceedEventUnsub(MyWebRequest req) { req.GetResponse().SendHeaders(); }
private void IsValidated(MyWebRequest request, [UpnpServiceArgument("A_ARG_TYPE_DeviceID")][AliasAttribute("DeviceID")] string DeviceID) { MyWebResponse response = request.GetResponse(); response.SendSoapHeadersBody("1"); }
private void RegisterDevice(MyWebRequest request, [UpnpServiceArgument("A_ARG_TYPE_RegistrationReqMsg")][AliasAttribute("RegistrationReqMsg")] string RegistrationReqMsg) { MyWebResponse response = request.GetResponse(); response.SendSoapHeadersBody("OK"); }
private void AllRequest(MyWebRequest obj) { obj.GetResponse().SendText(GetXml(_device.Records.GetRecords()).ToString()); }