shack2/SuperSQLInjectionV1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update20190811

Browse Source 
update20190811
This commit is contained in:
shack2
2019-08-10 17:46:18 +08:00
parent 8f51e83ec7
commit 13cc41d420
11 changed files with 271 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

340
SuperSQLInjection/Main.Designer.cs generated
View File

@@ -88,8 +88,6 @@
this.tabC_dataCenter = new System.Windows.Forms.TabControl();
this.tab_vers = new System.Windows.Forms.TabPage();
this.toolStrip_getVers = new System.Windows.Forms.ToolStrip();
this.toolStrip_vers_btn_getVariable = new System.Windows.Forms.ToolStripButton();
this.toolStrip_vers_btn_stopGetVariable = new System.Windows.Forms.ToolStripButton();
this.data_lvw_ver = new System.Windows.Forms.ListView();
this.data_lvw_ver_verName = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.data_lvw_ver_val = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
@@ -102,9 +100,6 @@
this.tab_dbs = new System.Windows.Forms.TabPage();
this.spc_dbs = new System.Windows.Forms.SplitContainer();
this.data_dbs_ts = new System.Windows.Forms.ToolStrip();
this.data_dbs_tsl_getDBS = new System.Windows.Forms.ToolStripButton();
this.data_dbs_tsl_getTables = new System.Windows.Forms.ToolStripButton();
this.data_dbs_tsl_getColumns = new System.Windows.Forms.ToolStripButton();
this.groupBox2 = new System.Windows.Forms.GroupBox();
this.data_tvw_dbs = new System.Windows.Forms.TreeView();
this.data_cms_dbs = new System.Windows.Forms.ContextMenuStrip(this.components);
@@ -124,11 +119,8 @@
this.data_dbs_txt_start = new System.Windows.Forms.ToolStripTextBox();
this.toolStripLabel1 = new System.Windows.Forms.ToolStripLabel();
this.data_dbs_txt_count = new System.Windows.Forms.ToolStripTextBox();
this.data_dbs_tsl_getDatas = new System.Windows.Forms.ToolStripButton();
this.data_dbs_tsl_exportDatas = new System.Windows.Forms.ToolStripButton();
this.toolStripLabel2 = new System.Windows.Forms.ToolStripLabel();
this.data_dbs_cob_db_encoding = new System.Windows.Forms.ToolStripComboBox();
this.data_dbs_tsl_stopGetDatas = new System.Windows.Forms.ToolStripLabel();
this.groupBox4 = new System.Windows.Forms.GroupBox();
this.data_dbs_lvw_data = new System.Windows.Forms.ListView();
this.cms_data_dbs_lvw_data = new System.Windows.Forms.ContextMenuStrip(this.components);
@@ -141,6 +133,11 @@
this.tabControl1 = new System.Windows.Forms.TabControl();
this.tab_datapack = new System.Windows.Forms.TabPage();
this.txt_inject_request = new System.Windows.Forms.RichTextBox();
this.cms_dataPacks = new System.Windows.Forms.ContextMenuStrip(this.components);
this.tsmi_createGetTemplate = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_createPOSTTemplate = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_changeRequestMethod = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_createPackByURL = new System.Windows.Forms.ToolStripMenuItem();
this.tab_tokenset = new System.Windows.Forms.TabPage();
this.groupBox17 = new System.Windows.Forms.GroupBox();
this.token_txt_http_request = new System.Windows.Forms.RichTextBox();
@@ -182,11 +179,6 @@
this.chk_sencondInject = new System.Windows.Forms.CheckBox();
this.chk_inject_foward_302 = new System.Windows.Forms.CheckBox();
this.btn_inject_setInject = new System.Windows.Forms.Button();
this.cms_dataPacks = new System.Windows.Forms.ContextMenuStrip(this.components);
this.tsmi_createGetTemplate = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_createPOSTTemplate = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_changeRequestMethod = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_createPackByURL = new System.Windows.Forms.ToolStripMenuItem();
this.mytab = new System.Windows.Forms.TabControl();
this.tab_proxy = new System.Windows.Forms.TabPage();
this.groupBox25 = new System.Windows.Forms.GroupBox();
@@ -366,6 +358,14 @@
this.timer_status = new System.Windows.Forms.Timer(this.components);
this.timer_scanInjection = new System.Windows.Forms.Timer(this.components);
this.menuStrip_main = new System.Windows.Forms.MenuStrip();
this.toolStrip_vers_btn_getVariable = new System.Windows.Forms.ToolStripButton();
this.toolStrip_vers_btn_stopGetVariable = new System.Windows.Forms.ToolStripButton();
this.data_dbs_tsl_getDBS = new System.Windows.Forms.ToolStripButton();
this.data_dbs_tsl_getTables = new System.Windows.Forms.ToolStripButton();
this.data_dbs_tsl_getColumns = new System.Windows.Forms.ToolStripButton();
this.data_dbs_tsl_getDatas = new System.Windows.Forms.ToolStripButton();
this.data_dbs_tsl_exportDatas = new System.Windows.Forms.ToolStripButton();
this.data_dbs_tsl_stopGetDatas = new System.Windows.Forms.ToolStripLabel();
this.tsmi_menu = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_openConfig = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_saveConfig = new System.Windows.Forms.ToolStripMenuItem();
@@ -418,6 +418,7 @@
this.groupBox1.SuspendLayout();
this.tabControl1.SuspendLayout();
this.tab_datapack.SuspendLayout();
this.cms_dataPacks.SuspendLayout();
this.tab_tokenset.SuspendLayout();
this.groupBox17.SuspendLayout();
this.groupBox19.SuspendLayout();
@@ -427,7 +428,6 @@
this.groupBox3.SuspendLayout();
this.groupBox16.SuspendLayout();
this.groupBox15.SuspendLayout();
this.cms_dataPacks.SuspendLayout();
this.mytab.SuspendLayout();
this.tab_proxy.SuspendLayout();
this.groupBox25.SuspendLayout();
@@ -890,7 +890,7 @@
this.tabPage3.Controls.Add(this.log_txt_request);
this.tabPage3.Location = new System.Drawing.Point(4, 22);
this.tabPage3.Name = "tabPage3";
this.tabPage3.Padding = new System.Windows.Forms.Padding(3);
this.tabPage3.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tabPage3.Size = new System.Drawing.Size(818, 179);
this.tabPage3.TabIndex = 0;
this.tabPage3.Text = "请 求";
@@ -909,10 +909,10 @@
// tabPage4
//
this.tabPage4.Controls.Add(this.log_txt_response);
this.tabPage4.Location = new System.Drawing.Point(4, 22);
this.tabPage4.Location = new System.Drawing.Point(4, 25);
this.tabPage4.Name = "tabPage4";
this.tabPage4.Padding = new System.Windows.Forms.Padding(3);
this.tabPage4.Size = new System.Drawing.Size(818, 179);
this.tabPage4.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tabPage4.Size = new System.Drawing.Size(820, 183);
this.tabPage4.TabIndex = 1;
this.tabPage4.Text = "响 应";
this.tabPage4.UseVisualStyleBackColor = true;
@@ -923,7 +923,7 @@
this.log_txt_response.Dock = System.Windows.Forms.DockStyle.Fill;
this.log_txt_response.Location = new System.Drawing.Point(3, 3);
this.log_txt_response.Name = "log_txt_response";
this.log_txt_response.Size = new System.Drawing.Size(812, 173);
this.log_txt_response.Size = new System.Drawing.Size(814, 177);
this.log_txt_response.TabIndex = 0;
this.log_txt_response.Text = "";
this.log_txt_response.KeyDown += new System.Windows.Forms.KeyEventHandler(this.log_txt_response_KeyDown);
@@ -931,9 +931,9 @@
// tabPage1
//
this.tabPage1.Controls.Add(this.webBro_log);
this.tabPage1.Location = new System.Drawing.Point(4, 22);
this.tabPage1.Location = new System.Drawing.Point(4, 25);
this.tabPage1.Name = "tabPage1";
this.tabPage1.Size = new System.Drawing.Size(818, 179);
this.tabPage1.Size = new System.Drawing.Size(820, 183);
this.tabPage1.TabIndex = 2;
this.tabPage1.Text = "在浏览器中显示";
this.tabPage1.UseVisualStyleBackColor = true;
@@ -944,7 +944,7 @@
this.webBro_log.Location = new System.Drawing.Point(0, 0);
this.webBro_log.MinimumSize = new System.Drawing.Size(21, 20);
this.webBro_log.Name = "webBro_log";
this.webBro_log.Size = new System.Drawing.Size(818, 179);
this.webBro_log.Size = new System.Drawing.Size(820, 183);
this.webBro_log.TabIndex = 1;
//
// tab_file
@@ -1069,7 +1069,7 @@
this.tab_dataCenter.ImageKey = "db.png";
this.tab_dataCenter.Location = new System.Drawing.Point(4, 32);
this.tab_dataCenter.Name = "tab_dataCenter";
this.tab_dataCenter.Padding = new System.Windows.Forms.Padding(3);
this.tab_dataCenter.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tab_dataCenter.Size = new System.Drawing.Size(832, 450);
this.tab_dataCenter.TabIndex = 1;
this.tab_dataCenter.Text = "数据中心";
@@ -1093,10 +1093,10 @@
this.tab_vers.Controls.Add(this.toolStrip_getVers);
this.tab_vers.Controls.Add(this.data_lvw_ver);
this.tab_vers.ImageIndex = 12;
this.tab_vers.Location = new System.Drawing.Point(4, 29);
this.tab_vers.Location = new System.Drawing.Point(4, 31);
this.tab_vers.Name = "tab_vers";
this.tab_vers.Padding = new System.Windows.Forms.Padding(3);
this.tab_vers.Size = new System.Drawing.Size(818, 411);
this.tab_vers.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tab_vers.Size = new System.Drawing.Size(820, 418);
this.tab_vers.TabIndex = 0;
this.tab_vers.Text = "环境变量";
this.tab_vers.UseVisualStyleBackColor = true;
@@ -1108,30 +1108,12 @@
this.toolStrip_getVers.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.toolStrip_vers_btn_getVariable,
this.toolStrip_vers_btn_stopGetVariable});
this.toolStrip_getVers.Location = new System.Drawing.Point(3, 383);
this.toolStrip_getVers.Location = new System.Drawing.Point(3, 390);
this.toolStrip_getVers.Name = "toolStrip_getVers";
this.toolStrip_getVers.RenderMode = System.Windows.Forms.ToolStripRenderMode.System;
this.toolStrip_getVers.Size = new System.Drawing.Size(812, 25);
this.toolStrip_getVers.Size = new System.Drawing.Size(814, 25);
this.toolStrip_getVers.TabIndex = 1;
//
// toolStrip_vers_btn_getVariable
//
this.toolStrip_vers_btn_getVariable.Image = global::SuperSQLInjection.Properties.Resources.getvers;
this.toolStrip_vers_btn_getVariable.ImageTransparentColor = System.Drawing.Color.Magenta;
this.toolStrip_vers_btn_getVariable.Name = "toolStrip_vers_btn_getVariable";
this.toolStrip_vers_btn_getVariable.Size = new System.Drawing.Size(100, 22);
this.toolStrip_vers_btn_getVariable.Text = "获取环境变量";
this.toolStrip_vers_btn_getVariable.Click += new System.EventHandler(this.toolStrip_vers_btn_getVariable_Click);
//
// toolStrip_vers_btn_stopGetVariable
//
this.toolStrip_vers_btn_stopGetVariable.Image = global::SuperSQLInjection.Properties.Resources.stop;
this.toolStrip_vers_btn_stopGetVariable.ImageTransparentColor = System.Drawing.Color.Magenta;
this.toolStrip_vers_btn_stopGetVariable.Name = "toolStrip_vers_btn_stopGetVariable";
this.toolStrip_vers_btn_stopGetVariable.Size = new System.Drawing.Size(76, 22);
this.toolStrip_vers_btn_stopGetVariable.Text = "停止获取";
this.toolStrip_vers_btn_stopGetVariable.Click += new System.EventHandler(this.toolStrip_vers_btn_stopGetVariable_Click);
//
// data_lvw_ver
//
this.data_lvw_ver.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
@@ -1213,7 +1195,7 @@
this.tab_dbs.ImageIndex = 13;
this.tab_dbs.Location = new System.Drawing.Point(4, 29);
this.tab_dbs.Name = "tab_dbs";
this.tab_dbs.Padding = new System.Windows.Forms.Padding(3);
this.tab_dbs.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tab_dbs.Size = new System.Drawing.Size(818, 411);
this.tab_dbs.TabIndex = 1;
this.tab_dbs.Text = "数据库信息";
@@ -1256,33 +1238,6 @@
this.data_dbs_ts.Size = new System.Drawing.Size(240, 25);
this.data_dbs_ts.TabIndex = 4;
//
// data_dbs_tsl_getDBS
//
this.data_dbs_tsl_getDBS.Image = global::SuperSQLInjection.Properties.Resources.getvers;
this.data_dbs_tsl_getDBS.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_getDBS.Name = "data_dbs_tsl_getDBS";
this.data_dbs_tsl_getDBS.Size = new System.Drawing.Size(72, 22);
this.data_dbs_tsl_getDBS.Text = "获 取 库";
this.data_dbs_tsl_getDBS.Click += new System.EventHandler(this.data_dbs_tsl_getDBS_Click);
//
// data_dbs_tsl_getTables
//
this.data_dbs_tsl_getTables.Image = global::SuperSQLInjection.Properties.Resources.getvers;
this.data_dbs_tsl_getTables.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_getTables.Name = "data_dbs_tsl_getTables";
this.data_dbs_tsl_getTables.Size = new System.Drawing.Size(72, 22);
this.data_dbs_tsl_getTables.Text = "获 取 表";
this.data_dbs_tsl_getTables.Click += new System.EventHandler(this.data_dbs_tsl_getTables_Click);
//
// data_dbs_tsl_getColumns
//
this.data_dbs_tsl_getColumns.Image = global::SuperSQLInjection.Properties.Resources.getvers;
this.data_dbs_tsl_getColumns.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_getColumns.Name = "data_dbs_tsl_getColumns";
this.data_dbs_tsl_getColumns.Size = new System.Drawing.Size(72, 22);
this.data_dbs_tsl_getColumns.Text = "获 取 列";
this.data_dbs_tsl_getColumns.Click += new System.EventHandler(this.data_dbs_tsl_getColumns_Click);
//
// groupBox2
//
this.groupBox2.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
@@ -1291,7 +1246,7 @@
this.groupBox2.Controls.Add(this.data_tvw_dbs);
this.groupBox2.Location = new System.Drawing.Point(5, 6);
this.groupBox2.Name = "groupBox2";
this.groupBox2.Size = new System.Drawing.Size(235, 373);
this.groupBox2.Size = new System.Drawing.Size(235, 372);
this.groupBox2.TabIndex = 0;
this.groupBox2.TabStop = false;
this.groupBox2.Text = "数据库信息";
@@ -1308,7 +1263,7 @@
this.data_tvw_dbs.Location = new System.Drawing.Point(3, 17);
this.data_tvw_dbs.Name = "data_tvw_dbs";
this.data_tvw_dbs.SelectedImageIndex = 6;
this.data_tvw_dbs.Size = new System.Drawing.Size(229, 353);
this.data_tvw_dbs.Size = new System.Drawing.Size(229, 352);
this.data_tvw_dbs.TabIndex = 0;
this.data_tvw_dbs.AfterCheck += new System.Windows.Forms.TreeViewEventHandler(this.data_tvw_dbs_AfterCheck);
this.data_tvw_dbs.AfterSelect += new System.Windows.Forms.TreeViewEventHandler(this.data_tvw_dbs_AfterSelect);
@@ -1420,10 +1375,10 @@
this.data_dbs_txt_start,
this.toolStripLabel1,
this.data_dbs_txt_count,
this.data_dbs_tsl_getDatas,
this.data_dbs_tsl_exportDatas,
this.toolStripLabel2,
this.data_dbs_cob_db_encoding,
this.data_dbs_tsl_getDatas,
this.data_dbs_tsl_exportDatas,
this.data_dbs_tsl_stopGetDatas});
this.toolStrip1.Location = new System.Drawing.Point(0, 380);
this.toolStrip1.Name = "toolStrip1";
@@ -1459,26 +1414,6 @@
this.data_dbs_txt_count.Size = new System.Drawing.Size(49, 25);
this.data_dbs_txt_count.Text = "1";
//
// data_dbs_tsl_getDatas
//
this.data_dbs_tsl_getDatas.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Text;
this.data_dbs_tsl_getDatas.Image = ((System.Drawing.Image)(resources.GetObject("data_dbs_tsl_getDatas.Image")));
this.data_dbs_tsl_getDatas.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_getDatas.Name = "data_dbs_tsl_getDatas";
this.data_dbs_tsl_getDatas.Size = new System.Drawing.Size(60, 22);
this.data_dbs_tsl_getDatas.Text = "获取数据";
this.data_dbs_tsl_getDatas.Click += new System.EventHandler(this.data_dbs_tsl_getDatas_Click);
//
// data_dbs_tsl_exportDatas
//
this.data_dbs_tsl_exportDatas.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Text;
this.data_dbs_tsl_exportDatas.Image = ((System.Drawing.Image)(resources.GetObject("data_dbs_tsl_exportDatas.Image")));
this.data_dbs_tsl_exportDatas.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_exportDatas.Name = "data_dbs_tsl_exportDatas";
this.data_dbs_tsl_exportDatas.Size = new System.Drawing.Size(60, 22);
this.data_dbs_tsl_exportDatas.Text = "导出数据";
this.data_dbs_tsl_exportDatas.Click += new System.EventHandler(this.data_dbs_tsl_exportDatas_Click);
//
// toolStripLabel2
//
this.toolStripLabel2.Name = "toolStripLabel2";
@@ -1487,6 +1422,7 @@
//
// data_dbs_cob_db_encoding
//
this.data_dbs_cob_db_encoding.FlatStyle = System.Windows.Forms.FlatStyle.Standard;
this.data_dbs_cob_db_encoding.Items.AddRange(new object[] {
"UTF-8",
"GB2312",
@@ -1497,15 +1433,6 @@
this.data_dbs_cob_db_encoding.Size = new System.Drawing.Size(89, 25);
this.data_dbs_cob_db_encoding.TextChanged += new System.EventHandler(this.data_dbs_cob_db_encoding_TextChanged);
//
// data_dbs_tsl_stopGetDatas
//
this.data_dbs_tsl_stopGetDatas.Image = global::SuperSQLInjection.Properties.Resources.stop;
this.data_dbs_tsl_stopGetDatas.Margin = new System.Windows.Forms.Padding(10, 0, 0, 2);
this.data_dbs_tsl_stopGetDatas.Name = "data_dbs_tsl_stopGetDatas";
this.data_dbs_tsl_stopGetDatas.Size = new System.Drawing.Size(72, 23);
this.data_dbs_tsl_stopGetDatas.Text = "停止获取";
this.data_dbs_tsl_stopGetDatas.Click += new System.EventHandler(this.data_dbs_tsl_stopGetDatas_Click);
//
// groupBox4
//
this.groupBox4.Controls.Add(this.data_dbs_lvw_data);
@@ -1590,7 +1517,7 @@
this.tab_injectCenter.ImageKey = "config.png";
this.tab_injectCenter.Location = new System.Drawing.Point(4, 32);
this.tab_injectCenter.Name = "tab_injectCenter";
this.tab_injectCenter.Padding = new System.Windows.Forms.Padding(3);
this.tab_injectCenter.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tab_injectCenter.Size = new System.Drawing.Size(832, 450);
this.tab_injectCenter.TabIndex = 0;
this.tab_injectCenter.Text = "注入中心";
@@ -1621,19 +1548,19 @@
this.tabControl1.Name = "tabControl1";
this.tabControl1.Padding = new System.Drawing.Point(0, 0);
this.tabControl1.SelectedIndex = 0;
this.tabControl1.Size = new System.Drawing.Size(565, 424);
this.tabControl1.Size = new System.Drawing.Size(565, 425);
this.tabControl1.TabIndex = 14;
//
// tab_datapack
//
this.tab_datapack.Controls.Add(this.txt_inject_request);
this.tab_datapack.ImageKey = "HTTP.png";
this.tab_datapack.ImageKey = "(无)";
this.tab_datapack.Location = new System.Drawing.Point(4, 29);
this.tab_datapack.Name = "tab_datapack";
this.tab_datapack.Padding = new System.Windows.Forms.Padding(3);
this.tab_datapack.Size = new System.Drawing.Size(557, 391);
this.tab_datapack.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tab_datapack.Size = new System.Drawing.Size(557, 392);
this.tab_datapack.TabIndex = 0;
this.tab_datapack.Text = "HTTP请求数据包";
this.tab_datapack.Text = "HTTP请求包";
this.tab_datapack.UseVisualStyleBackColor = true;
//
// txt_inject_request
@@ -1642,24 +1569,64 @@
this.txt_inject_request.ContextMenuStrip = this.cms_dataPacks;
this.txt_inject_request.DetectUrls = false;
this.txt_inject_request.Dock = System.Windows.Forms.DockStyle.Fill;
this.txt_inject_request.Font = new System.Drawing.Font("新宋体", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(134)));
this.txt_inject_request.Location = new System.Drawing.Point(3, 3);
this.txt_inject_request.Name = "txt_inject_request";
this.txt_inject_request.Size = new System.Drawing.Size(551, 385);
this.txt_inject_request.Size = new System.Drawing.Size(551, 386);
this.txt_inject_request.TabIndex = 14;
this.txt_inject_request.Text = resources.GetString("txt_inject_request.Text");
this.txt_inject_request.TextChanged += new System.EventHandler(this.txt_inject_request_TextChanged);
this.txt_inject_request.KeyDown += new System.Windows.Forms.KeyEventHandler(this.txt_inject_request_KeyDown);
//
// cms_dataPacks
//
this.cms_dataPacks.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.tsmi_createGetTemplate,
this.tsmi_createPOSTTemplate,
this.tsmi_changeRequestMethod,
this.tsmi_createPackByURL});
this.cms_dataPacks.Name = "cms_dataPacks";
this.cms_dataPacks.Size = new System.Drawing.Size(184, 92);
this.cms_dataPacks.Text = "复制数据";
//
// tsmi_createGetTemplate
//
this.tsmi_createGetTemplate.Name = "tsmi_createGetTemplate";
this.tsmi_createGetTemplate.Size = new System.Drawing.Size(183, 22);
this.tsmi_createGetTemplate.Text = "生成GET模板";
this.tsmi_createGetTemplate.Click += new System.EventHandler(this.tsmi_createGetTemplate_Click);
//
// tsmi_createPOSTTemplate
//
this.tsmi_createPOSTTemplate.Name = "tsmi_createPOSTTemplate";
this.tsmi_createPOSTTemplate.Size = new System.Drawing.Size(183, 22);
this.tsmi_createPOSTTemplate.Text = "生成POST模板";
this.tsmi_createPOSTTemplate.Click += new System.EventHandler(this.tsmi_createPOSTTemplate_Click);
//
// tsmi_changeRequestMethod
//
this.tsmi_changeRequestMethod.Name = "tsmi_changeRequestMethod";
this.tsmi_changeRequestMethod.Size = new System.Drawing.Size(183, 22);
this.tsmi_changeRequestMethod.Text = "转换提交方式";
this.tsmi_changeRequestMethod.Click += new System.EventHandler(this.tsmi_changeRequestMethod_Click);
//
// tsmi_createPackByURL
//
this.tsmi_createPackByURL.Name = "tsmi_createPackByURL";
this.tsmi_createPackByURL.Size = new System.Drawing.Size(183, 22);
this.tsmi_createPackByURL.Text = "根据URL生成数据包";
this.tsmi_createPackByURL.Click += new System.EventHandler(this.tsmi_createPackByURL_Click);
//
// tab_tokenset
//
this.tab_tokenset.Controls.Add(this.groupBox17);
this.tab_tokenset.Controls.Add(this.groupBox19);
this.tab_tokenset.Location = new System.Drawing.Point(4, 29);
this.tab_tokenset.Name = "tab_tokenset";
this.tab_tokenset.Padding = new System.Windows.Forms.Padding(3);
this.tab_tokenset.Size = new System.Drawing.Size(557, 391);
this.tab_tokenset.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tab_tokenset.Size = new System.Drawing.Size(557, 392);
this.tab_tokenset.TabIndex = 1;
this.tab_tokenset.Text = "Token/随机值/验证码处理";
this.tab_tokenset.Text = "Token/随机值";
this.tab_tokenset.UseVisualStyleBackColor = true;
//
// groupBox17
@@ -1668,7 +1635,7 @@
this.groupBox17.Dock = System.Windows.Forms.DockStyle.Fill;
this.groupBox17.Location = new System.Drawing.Point(3, 3);
this.groupBox17.Name = "groupBox17";
this.groupBox17.Size = new System.Drawing.Size(551, 321);
this.groupBox17.Size = new System.Drawing.Size(551, 322);
this.groupBox17.TabIndex = 25;
this.groupBox17.TabStop = false;
this.groupBox17.Text = "获取Token的HTTP请求包";
@@ -1679,7 +1646,7 @@
this.token_txt_http_request.Dock = System.Windows.Forms.DockStyle.Fill;
this.token_txt_http_request.Location = new System.Drawing.Point(3, 17);
this.token_txt_http_request.Name = "token_txt_http_request";
this.token_txt_http_request.Size = new System.Drawing.Size(545, 301);
this.token_txt_http_request.Size = new System.Drawing.Size(545, 302);
this.token_txt_http_request.TabIndex = 0;
this.token_txt_http_request.Text = "";
this.token_txt_http_request.TextChanged += new System.EventHandler(this.token_txt_http_request_TextChanged);
@@ -1693,7 +1660,7 @@
this.groupBox19.Controls.Add(this.token_txt_startStr);
this.groupBox19.Controls.Add(this.token_btn_testGetToken);
this.groupBox19.Dock = System.Windows.Forms.DockStyle.Bottom;
this.groupBox19.Location = new System.Drawing.Point(3, 324);
this.groupBox19.Location = new System.Drawing.Point(3, 325);
this.groupBox19.Name = "groupBox19";
this.groupBox19.Size = new System.Drawing.Size(551, 64);
this.groupBox19.TabIndex = 25;
@@ -1753,7 +1720,7 @@
this.tab_sencond_inject.Controls.Add(this.groupBox20);
this.tab_sencond_inject.Location = new System.Drawing.Point(4, 29);
this.tab_sencond_inject.Name = "tab_sencond_inject";
this.tab_sencond_inject.Size = new System.Drawing.Size(557, 391);
this.tab_sencond_inject.Size = new System.Drawing.Size(557, 392);
this.tab_sencond_inject.TabIndex = 2;
this.tab_sencond_inject.Text = "二次注入";
this.tab_sencond_inject.UseVisualStyleBackColor = true;
@@ -1767,7 +1734,7 @@
this.groupBox20.Controls.Add(this.groupBox21);
this.groupBox20.Location = new System.Drawing.Point(0, 3);
this.groupBox20.Name = "groupBox20";
this.groupBox20.Size = new System.Drawing.Size(557, 387);
this.groupBox20.Size = new System.Drawing.Size(555, 378);
this.groupBox20.TabIndex = 26;
this.groupBox20.TabStop = false;
this.groupBox20.Text = "二次注入请求包";
@@ -1780,7 +1747,7 @@
this.txt_sencond_request.DetectUrls = false;
this.txt_sencond_request.Location = new System.Drawing.Point(6, 19);
this.txt_sencond_request.Name = "txt_sencond_request";
this.txt_sencond_request.Size = new System.Drawing.Size(543, 307);
this.txt_sencond_request.Size = new System.Drawing.Size(541, 298);
this.txt_sencond_request.TabIndex = 11;
this.txt_sencond_request.Text = "";
this.txt_sencond_request.TextChanged += new System.EventHandler(this.txt_sencond_request_TextChanged);
@@ -1791,9 +1758,9 @@
this.groupBox21.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.groupBox21.Controls.Add(this.label28);
this.groupBox21.Location = new System.Drawing.Point(6, 332);
this.groupBox21.Location = new System.Drawing.Point(6, 323);
this.groupBox21.Name = "groupBox21";
this.groupBox21.Size = new System.Drawing.Size(543, 50);
this.groupBox21.Size = new System.Drawing.Size(541, 50);
this.groupBox21.TabIndex = 10;
this.groupBox21.TabStop = false;
this.groupBox21.Text = "说明";
@@ -1826,7 +1793,7 @@
this.groupBox3.Controls.Add(this.btn_inject_setInject);
this.groupBox3.Location = new System.Drawing.Point(577, 13);
this.groupBox3.Name = "groupBox3";
this.groupBox3.Size = new System.Drawing.Size(247, 424);
this.groupBox3.Size = new System.Drawing.Size(247, 425);
this.groupBox3.TabIndex = 12;
this.groupBox3.TabStop = false;
this.groupBox3.Text = "注入设置";
@@ -2121,45 +2088,6 @@
this.btn_inject_setInject.UseVisualStyleBackColor = true;
this.btn_inject_setInject.Click += new System.EventHandler(this.btn_inject_setInject_Click);
//
// cms_dataPacks
//
this.cms_dataPacks.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.tsmi_createGetTemplate,
this.tsmi_createPOSTTemplate,
this.tsmi_changeRequestMethod,
this.tsmi_createPackByURL});
this.cms_dataPacks.Name = "cms_dataPacks";
this.cms_dataPacks.Size = new System.Drawing.Size(184, 92);
this.cms_dataPacks.Text = "复制数据";
//
// tsmi_createGetTemplate
//
this.tsmi_createGetTemplate.Name = "tsmi_createGetTemplate";
this.tsmi_createGetTemplate.Size = new System.Drawing.Size(183, 22);
this.tsmi_createGetTemplate.Text = "生成GET模板";
this.tsmi_createGetTemplate.Click += new System.EventHandler(this.tsmi_createGetTemplate_Click);
//
// tsmi_createPOSTTemplate
//
this.tsmi_createPOSTTemplate.Name = "tsmi_createPOSTTemplate";
this.tsmi_createPOSTTemplate.Size = new System.Drawing.Size(183, 22);
this.tsmi_createPOSTTemplate.Text = "生成POST模板";
this.tsmi_createPOSTTemplate.Click += new System.EventHandler(this.tsmi_createPOSTTemplate_Click);
//
// tsmi_changeRequestMethod
//
this.tsmi_changeRequestMethod.Name = "tsmi_changeRequestMethod";
this.tsmi_changeRequestMethod.Size = new System.Drawing.Size(183, 22);
this.tsmi_changeRequestMethod.Text = "转换提交方式";
this.tsmi_changeRequestMethod.Click += new System.EventHandler(this.tsmi_changeRequestMethod_Click);
//
// tsmi_createPackByURL
//
this.tsmi_createPackByURL.Name = "tsmi_createPackByURL";
this.tsmi_createPackByURL.Size = new System.Drawing.Size(183, 22);
this.tsmi_createPackByURL.Text = "根据URL生成数据包";
this.tsmi_createPackByURL.Click += new System.EventHandler(this.tsmi_createPackByURL_Click);
//
// mytab
//
this.mytab.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
@@ -2191,7 +2119,7 @@
this.tab_proxy.ImageKey = "proxy.png";
this.tab_proxy.Location = new System.Drawing.Point(4, 32);
this.tab_proxy.Name = "tab_proxy";
this.tab_proxy.Padding = new System.Windows.Forms.Padding(3);
this.tab_proxy.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tab_proxy.Size = new System.Drawing.Size(832, 450);
this.tab_proxy.TabIndex = 11;
this.tab_proxy.Text = "代理设置";
@@ -3664,7 +3592,7 @@
this.tab_injectLog.ImageKey = "Ilog.png";
this.tab_injectLog.Location = new System.Drawing.Point(4, 32);
this.tab_injectLog.Name = "tab_injectLog";
this.tab_injectLog.Padding = new System.Windows.Forms.Padding(3);
this.tab_injectLog.Padding = new System.Windows.Forms.Padding(3, 3, 3, 3);
this.tab_injectLog.Size = new System.Drawing.Size(832, 450);
this.tab_injectLog.TabIndex = 10;
this.tab_injectLog.Text = "注入记录";
@@ -3781,7 +3709,7 @@
this.toolStripStatusLabel11,
this.lbl_packsCount,
this.lbl_info});
this.statusStrip1.Location = new System.Drawing.Point(0, 756);
this.statusStrip1.Location = new System.Drawing.Point(0, 727);
this.statusStrip1.Name = "statusStrip1";
this.statusStrip1.Padding = new System.Windows.Forms.Padding(1, 0, 15, 0);
this.statusStrip1.Size = new System.Drawing.Size(861, 22);
@@ -3920,6 +3848,78 @@
this.menuStrip_main.TabIndex = 2;
this.menuStrip_main.Text = "menuStrip1";
//
// toolStrip_vers_btn_getVariable
//
this.toolStrip_vers_btn_getVariable.Image = global::SuperSQLInjection.Properties.Resources.getvers;
this.toolStrip_vers_btn_getVariable.ImageTransparentColor = System.Drawing.Color.Magenta;
this.toolStrip_vers_btn_getVariable.Name = "toolStrip_vers_btn_getVariable";
this.toolStrip_vers_btn_getVariable.Size = new System.Drawing.Size(100, 22);
this.toolStrip_vers_btn_getVariable.Text = "获取环境变量";
this.toolStrip_vers_btn_getVariable.Click += new System.EventHandler(this.toolStrip_vers_btn_getVariable_Click);
//
// toolStrip_vers_btn_stopGetVariable
//
this.toolStrip_vers_btn_stopGetVariable.Image = global::SuperSQLInjection.Properties.Resources.stop;
this.toolStrip_vers_btn_stopGetVariable.ImageTransparentColor = System.Drawing.Color.Magenta;
this.toolStrip_vers_btn_stopGetVariable.Name = "toolStrip_vers_btn_stopGetVariable";
this.toolStrip_vers_btn_stopGetVariable.Size = new System.Drawing.Size(76, 22);
this.toolStrip_vers_btn_stopGetVariable.Text = "停止获取";
this.toolStrip_vers_btn_stopGetVariable.Click += new System.EventHandler(this.toolStrip_vers_btn_stopGetVariable_Click);
//
// data_dbs_tsl_getDBS
//
this.data_dbs_tsl_getDBS.Image = global::SuperSQLInjection.Properties.Resources.getvers;
this.data_dbs_tsl_getDBS.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_getDBS.Name = "data_dbs_tsl_getDBS";
this.data_dbs_tsl_getDBS.Size = new System.Drawing.Size(72, 22);
this.data_dbs_tsl_getDBS.Text = "获 取 库";
this.data_dbs_tsl_getDBS.Click += new System.EventHandler(this.data_dbs_tsl_getDBS_Click);
//
// data_dbs_tsl_getTables
//
this.data_dbs_tsl_getTables.Image = global::SuperSQLInjection.Properties.Resources.getvers;
this.data_dbs_tsl_getTables.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_getTables.Name = "data_dbs_tsl_getTables";
this.data_dbs_tsl_getTables.Size = new System.Drawing.Size(72, 22);
this.data_dbs_tsl_getTables.Text = "获 取 表";
this.data_dbs_tsl_getTables.Click += new System.EventHandler(this.data_dbs_tsl_getTables_Click);
//
// data_dbs_tsl_getColumns
//
this.data_dbs_tsl_getColumns.Image = global::SuperSQLInjection.Properties.Resources.getvers;
this.data_dbs_tsl_getColumns.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_getColumns.Name = "data_dbs_tsl_getColumns";
this.data_dbs_tsl_getColumns.Size = new System.Drawing.Size(72, 22);
this.data_dbs_tsl_getColumns.Text = "获 取 列";
this.data_dbs_tsl_getColumns.Click += new System.EventHandler(this.data_dbs_tsl_getColumns_Click);
//
// data_dbs_tsl_getDatas
//
this.data_dbs_tsl_getDatas.Image = global::SuperSQLInjection.Properties.Resources.;
this.data_dbs_tsl_getDatas.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_getDatas.Name = "data_dbs_tsl_getDatas";
this.data_dbs_tsl_getDatas.Size = new System.Drawing.Size(76, 22);
this.data_dbs_tsl_getDatas.Text = "获取数据";
this.data_dbs_tsl_getDatas.Click += new System.EventHandler(this.data_dbs_tsl_getDatas_Click);
//
// data_dbs_tsl_exportDatas
//
this.data_dbs_tsl_exportDatas.Image = global::SuperSQLInjection.Properties.Resources.;
this.data_dbs_tsl_exportDatas.ImageTransparentColor = System.Drawing.Color.Magenta;
this.data_dbs_tsl_exportDatas.Name = "data_dbs_tsl_exportDatas";
this.data_dbs_tsl_exportDatas.Size = new System.Drawing.Size(76, 22);
this.data_dbs_tsl_exportDatas.Text = "导出数据";
this.data_dbs_tsl_exportDatas.Click += new System.EventHandler(this.data_dbs_tsl_exportDatas_Click);
//
// data_dbs_tsl_stopGetDatas
//
this.data_dbs_tsl_stopGetDatas.Image = global::SuperSQLInjection.Properties.Resources.stop;
this.data_dbs_tsl_stopGetDatas.Margin = new System.Windows.Forms.Padding(10, 0, 0, 2);
this.data_dbs_tsl_stopGetDatas.Name = "data_dbs_tsl_stopGetDatas";
this.data_dbs_tsl_stopGetDatas.Size = new System.Drawing.Size(72, 17);
this.data_dbs_tsl_stopGetDatas.Text = "停止获取";
this.data_dbs_tsl_stopGetDatas.Click += new System.EventHandler(this.data_dbs_tsl_stopGetDatas_Click);
//
// tsmi_menu
//
this.tsmi_menu.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
@@ -4064,7 +4064,7 @@
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.SystemColors.Control;
this.ClientSize = new System.Drawing.Size(861, 778);
this.ClientSize = new System.Drawing.Size(861, 749);
this.Controls.Add(this.statusStrip1);
this.Controls.Add(this.gb_logo);
this.Controls.Add(this.mytab);
@@ -4126,6 +4126,7 @@
this.groupBox1.ResumeLayout(false);
this.tabControl1.ResumeLayout(false);
this.tab_datapack.ResumeLayout(false);
this.cms_dataPacks.ResumeLayout(false);
this.tab_tokenset.ResumeLayout(false);
this.groupBox17.ResumeLayout(false);
this.groupBox19.ResumeLayout(false);
@@ -4140,7 +4141,6 @@
this.groupBox16.PerformLayout();
this.groupBox15.ResumeLayout(false);
this.groupBox15.PerformLayout();
this.cms_dataPacks.ResumeLayout(false);
this.mytab.ResumeLayout(false);
this.tab_proxy.ResumeLayout(false);
this.groupBox25.ResumeLayout(false);

47
SuperSQLInjection/Main.cs
View File

@@ -15,14 +15,12 @@ using SuperSQLInjection.scan;
using System.Web;
using System.Net;
using Amib.Threading;
using System.Management;
using Microsoft.Win32;
using System.Drawing;
using System.Reflection;
using static System.Windows.Forms.ListView;
using SuperSQLInjection.tools.http;
using System.Net.Sockets;
using System.Runtime.InteropServices;
using System.Xml;
namespace SuperSQLInjection
{
@@ -284,7 +282,7 @@ namespace SuperSQLInjection
responseStream.Close();
}
public static int version = 20190810;
public static int version = 20190811;
public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
//检查更新
public void checkUpdate()
@@ -1422,6 +1420,36 @@ namespace SuperSQLInjection
delegate void addItemToListViewByColumnsDelegate(String colvs);
public void addItemToListViewBySQLServerXMLData(String xmldata,List<String> columns)
{
try {
ListViewItem lvi = new ListViewItem();
XmlDocument xml = new XmlDocument();
xml.LoadXml(xmldata);
XmlNodeList lines = xml.ChildNodes;
bool haveData = false;
for (int i=1; i< columns.Count;i++) {
lvi.SubItems.Add("");
}
if (lines.Count == 1) {
XmlAttributeCollection abs = lines[0].Attributes;
foreach (XmlAttribute attr in abs) {
int index = Tools.FindItemWithIgnoreCase(columns, attr.Name);
if (index != -1) {
haveData = true;
lvi.SubItems[index].Text = HttpUtility.HtmlDecode(attr.Value);
}
}
}
if (haveData) {
this.Invoke(new addItemToListViewDelegate(addItemToListView),lvi);
}
} catch (Exception e) {
this.txt_log.Invoke(new showLogDelegate(log), "解析SQLServer注入数据并添加到ListView发生错误" + e.Message, LogLevel.waring);
}
}
public void addItemToListViewByColumns(String colvs)
{
addItemToListViewByColumns(colvs, "\\$\\$\\$");
@@ -5696,7 +5724,8 @@ namespace SuperSQLInjection
GetDataPam gp = (GetDataPam)opam;
ListViewItem lvi = new ListViewItem();
String result = getOneDataByUnionOrError(SQLServer.getUnionDataValue(config.columnsCount, config.showColumn, config.unionFill, gp.dbname, gp.table, gp.columns, gp.limit));
this.Invoke(new addItemToListViewByColumnsDelegate(addItemToListViewByColumns), result);
//数结果改成xml格式单独解析
addItemToListViewBySQLServerXMLData(result, gp.columns);
this.txt_log.Invoke(new showLogDelegate(log), "获取到第" + gp.limit + "行的值!", LogLevel.info);
}
catch (Exception e)
@@ -10031,7 +10060,7 @@ namespace SuperSQLInjection
{
if (e.Modifiers == Keys.Control && e.KeyCode == Keys.A)
{
((RichTextBox)sender).SelectAll();
((TextBox)sender).SelectAll();
}
}
@@ -10039,7 +10068,7 @@ namespace SuperSQLInjection
{
if (e.Modifiers == Keys.Control && e.KeyCode == Keys.A)
{
((RichTextBox)sender).SelectAll();
((TextBox)sender).SelectAll();
}
}
@@ -10047,7 +10076,7 @@ namespace SuperSQLInjection
{
if (e.Modifiers == Keys.Control && e.KeyCode == Keys.A)
{
((RichTextBox)sender).SelectAll();
((TextBox)sender).SelectAll();
}
}
@@ -10238,7 +10267,7 @@ namespace SuperSQLInjection
{
if (e.Modifiers == Keys.Control && e.KeyCode == Keys.A)
{
((RichTextBox)sender).SelectAll();
((TextBox)sender).SelectAll();
}
}

38
SuperSQLInjection/Main.resx
View File

@@ -131,7 +131,7 @@
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACe
GQAAAk1TRnQBSQFMAgEBDwEAAbABCgGwAQoBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
GQAAAk1TRnQBSQFMAgEBDwEAAcABCgHAAQoBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAAUADAAEBAQABCAYAARAYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
@@ -266,7 +266,7 @@
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACq
DQAAAk1TRnQBSQFMAgEBBwEAAQgBCgEIAQoBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
DQAAAk1TRnQBSQFMAgEBBwEAARgBCgEYAQoBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAASADAAEBAQABCAYAAQgYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
@@ -325,37 +325,6 @@
AQEC/wQABP8EAAT/BAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA
AQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA
AQEEAAGAAQEBgAEBBAAE/wQABP8CAAs=
</value>
</data>
<assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<data name="data_dbs_tsl_getDatas.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
TgDQASA1MVpwzwAAAABJRU5ErkJggg==
</value>
</data>
<data name="data_dbs_tsl_exportDatas.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
TgDQASA1MVpwzwAAAABJRU5ErkJggg==
</value>
</data>
<metadata name="cms_data_dbs_lvw_data.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
@@ -407,8 +376,9 @@ Connection: close</value>
<value>329, 17</value>
</metadata>
<metadata name="$this.TrayHeight" type="System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>172</value>
<value>107</value>
</metadata>
<assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
AAABAAEAICAAAAEAIACoEAAAFgAAACgAAAAgAAAAQAAAAAEAIAAAAAAAABAAABILAAASCwAAAAAAAAAA

4
SuperSQLInjection/Properties/AssemblyInfo.cs
View File

@@ -32,5 +32,5 @@ using System.Runtime.InteropServices;
// 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值,
// 方法是按如下所示使用“*”:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.2019.08.10")]
[assembly: AssemblyFileVersion("1.2019.08.10")]
[assembly: AssemblyVersion("1.2019.08.11")]
[assembly: AssemblyFileVersion("1.2019.08.11")]

14
SuperSQLInjection/Properties/Resources.Designer.cs generated
View File

@@ -19,7 +19,7 @@ namespace SuperSQLInjection.Properties {
// 类通过类似于 ResGen 或 Visual Studio 的工具自动生成的。
// 若要添加或移除成员,请编辑 .ResX 文件,然后重新运行 ResGen
// (以 /str 作为命令选项),或重新生成 VS 项目。
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "15.0.0.0")]
[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
[global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
internal class Resources {
@@ -47,7 +47,7 @@ namespace SuperSQLInjection.Properties {
}
/// <summary>
/// 使用此强类型资源类,为所有资源查找
/// 重写当前线程的 CurrentUICulture 属性
/// 重写当前线程的 CurrentUICulture 属性。
/// </summary>
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
@@ -170,6 +170,16 @@ namespace SuperSQLInjection.Properties {
}
}
/// <summary>
/// 查找 System.Drawing.Bitmap 类型的本地化资源。
/// </summary>
internal static System.Drawing.Bitmap {
get {
object obj = ResourceManager.GetObject("下载", resourceCulture);
return ((System.Drawing.Bitmap)(obj));
}
}
/// <summary>
/// 查找 System.Drawing.Bitmap 类型的本地化资源。
/// </summary>

25
SuperSQLInjection/Properties/Resources.resx
View File

@@ -118,12 +118,12 @@
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<assembly alias="System.Windows.Forms" name="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<data name="stop" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\stop.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="声明" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\声明.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="bug" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\bug.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="vers" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\vers.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
@@ -142,8 +142,11 @@
<data name="版本" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\版本.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="lang" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\lang.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
<data name="保存" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\保存.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="help" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\help.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="手册" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\手册.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
@@ -154,8 +157,8 @@
<data name="tool" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\tool.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="保存" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\保存.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
<data name="stop" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\stop.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="menu" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\menu.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
@@ -166,13 +169,13 @@
<data name="config" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\config.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="help" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\help.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
<data name="lang" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\lang.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="getvers" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\getvers.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="bug" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\bug.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
<data name="下载" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>images\下载.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
</root>

BIN
SuperSQLInjection/Properties/images/下载.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 333 B

3
SuperSQLInjection/SuperSQLInjection.csproj
View File

@@ -39,7 +39,7 @@
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<WarningLevel>0</WarningLevel>
<AllowUnsafeBlocks>false</AllowUnsafeBlocks>
<Prefer32Bit>false</Prefer32Bit>
</PropertyGroup>
@@ -285,6 +285,7 @@
</ItemGroup>
<ItemGroup>
<Content Include="favicon.ico" />
<None Include="Properties\images\下载.png" />
<None Include="Properties\images\bug.png" />
<None Include="Properties\images\版本.png" />
<None Include="Properties\images\声明.png" />

4
SuperSQLInjection/payload/MySQL.cs
View File

@@ -270,11 +270,11 @@ namespace SuperSQLInjection.payload
if (columns.Count > 1)
{
sb.Append(columns[i] + ",");
sb.Append("ifnull("+columns[i] + ",0x20),");
}
else
{
sb.Append(columns[i]);
sb.Append("ifnull(" + columns[i]+ ",0x20)");
}
}

17
SuperSQLInjection/payload/SQLServer.cs
View File

@@ -59,7 +59,12 @@ namespace SuperSQLInjection.payload
public static String bool_unicode_value = " (substring({data},{index},1))>{len}";
//获取行数据
public static String data_value = "(select top 1 {data} from (select top {index} {allcolumns} from [{dbname}]..[{table}] order by {orderby}) t order by {orderby} desc)";
//public static String data_value = "(select top 1 {data} from (select top {index} {allcolumns} from [{dbname}]..[{table}] order by {orderby}) t order by {orderby} desc)";
//解决存在textBINARY等多种数据类型时转换报错导致无法获取数据的问题
public static String data_value = "(select top 1 {data} from (select top {index} * from [{dbname}]..[{table}] order by {orderby}) t order by {orderby} desc for xml raw,binary base64)";
//union获取值
public static String union_value = " 1=2 union all select {data}";
@@ -108,14 +113,14 @@ namespace SuperSQLInjection.payload
public static String getUnionDataValue(int columnsLen,int showIndex,String Fill,String dbname,String table,List<String> columns,int index)
{
StringBuilder sb = new StringBuilder();
String data = data_value.Replace("{data}", concatAllColumnsByConcatStr(columns)).Replace("{allcolumns}", concatAllColumns(columns)).Replace("{orderby}", columns[0]);
String data = data_value.Replace("{data}", Comm.unionColumns(columns,",")).Replace("{orderby}", columns[0]);
for (int i = 1; i <= columnsLen; i++)
{
if (i == showIndex)
{
String d = data.Replace("{dbname}", dbname).Replace("{table}", table).Replace("{data}", concatAllColumnsByConcatStr(columns)).Replace("{index}", index.ToString());
sb.Append("(char(94)+char(94)+char(33)+cast(" + d + " as varchar(8000))+char(33)+char(94)+char(94)),");
String d = data.Replace("{dbname}", dbname).Replace("{table}", table).Replace("{index}", index.ToString());
sb.Append("(char(94)+char(94)+char(33)+" +d+ "+char(33)+char(94)+char(94)),");
}
else
{
@@ -244,7 +249,7 @@ namespace SuperSQLInjection.payload
foreach (String column in columns)
{
sb.Append("cast(isnull(" + column + ",0x20) as varchar(5000))+char(36)+char(36)+char(36)+");
sb.Append("cast(isnull(" + column + ",space(1)) as varchar(5000))+char(36)+char(36)+char(36)+");
}
sb.Remove(sb.Length - 28, 28);
return sb.ToString();
@@ -260,7 +265,7 @@ namespace SuperSQLInjection.payload
/// <returns></returns>
public static String getBoolDataPayLoad(String column,List<String> columns,String dbName,String table,int index)
{
String data = data_value.Replace("{data}", "cast(isnull("+column+",0x20) as varchar)").Replace("{allcolumns}", concatAllColumns(columns)).Replace("{orderby}", columns[0]);
String data = data_value.Replace("{data}", "cast(isnull("+column+ ",space(1)) as varchar)").Replace("{allcolumns}", concatAllColumns(columns)).Replace("{orderby}", columns[0]);
String payload = data.Replace("{dbname}", dbName).Replace("{table}", table).Replace("{index}", index.ToString());
return payload;
}

15
SuperSQLInjection/tools/Tools.cs
View File

@@ -1398,7 +1398,22 @@ namespace tools
}
return sid + mac;
}
public static int FindItemWithIgnoreCase(List<String> list, String items) {
int index = -1;
foreach (String str in list) {
index++;
if (str.Equals(items, StringComparison.OrdinalIgnoreCase)){
break;
}
}
return index;
}
}