update20190902
update20190902
This commit is contained in:
shack2
@@ -286,7 +286,7 @@ namespace SuperSQLInjection
|
||||
responseStream.Close();
|
||||
}
|
||||
|
||||
public static int version = 20190901;
|
||||
public static int version = 20190902;
|
||||
public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
|
||||
//检查更新
|
||||
public void checkUpdate()
|
||||
@@ -9695,7 +9695,13 @@ namespace SuperSQLInjection
|
||||
|
||||
public void stopScan()
|
||||
{
|
||||
StopThread();
|
||||
status = -1;
|
||||
if (this.currentThread != null)
|
||||
{
|
||||
this.txt_log.Invoke(new showLogDelegate(log), "发出停止线程信号!", LogLevel.info);
|
||||
stp.Cancel();
|
||||
}
|
||||
|
||||
this.scanInjection_btn_scan.Enabled = false;
|
||||
this.scanInjection_btn_scan.Text = "正在停止...";
|
||||
while (stp.InUseThreads > 0)
|
||||
@@ -9704,11 +9710,18 @@ namespace SuperSQLInjection
|
||||
}
|
||||
this.scanInjection_btn_scan.Text = "开始扫描";
|
||||
this.scanInjection_btn_scan.Enabled = true;
|
||||
status = 0;
|
||||
}
|
||||
|
||||
public void stopSpider()
|
||||
{
|
||||
StopThread();
|
||||
status = -1;
|
||||
if (this.currentThread != null)
|
||||
{
|
||||
this.txt_log.Invoke(new showLogDelegate(log), "发出停止线程信号!", LogLevel.info);
|
||||
stp.Cancel();
|
||||
}
|
||||
|
||||
this.scanInjection_btn_spider.Enabled = false;
|
||||
this.scanInjection_btn_spider.Text = "正在停止...";
|
||||
while (stp.InUseThreads > 0)
|
||||
@@ -9718,6 +9731,7 @@ namespace SuperSQLInjection
|
||||
this.scanInjection_btn_spider.Text = "爬行链接";
|
||||
this.scanInjection_domainsCount.Text = this.scanInject_lsb_links.Items.Count.ToString();
|
||||
this.scanInjection_btn_spider.Enabled = true;
|
||||
status = 0;
|
||||
}
|
||||
public void spider()
|
||||
{
|
||||
|
||||
@@ -32,5 +32,5 @@ using System.Runtime.InteropServices;
|
||||
// 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值,
|
||||
// 方法是按如下所示使用“*”:
|
||||
// [assembly: AssemblyVersion("1.0.*")]
|
||||
[assembly: AssemblyVersion("1.2019.09.01")]
|
||||
[assembly: AssemblyFileVersion("1.2019.09.01")]
|
||||
[assembly: AssemblyVersion("1.2019.09.02")]
|
||||
[assembly: AssemblyFileVersion("1.2019.09.02")]
|
||||
|
||||
@@ -76,10 +76,7 @@ namespace SuperSQLInjection.scan
|
||||
{
|
||||
continue;
|
||||
}
|
||||
if (curl.Contains(".css") || curl.Contains(".js") || curl.Contains(".jpg") || curl.Contains(".png") || curl.Contains(".ico") || curl.Contains(".gif"))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
curl = curl.Replace("&", "&");
|
||||
if (curl.StartsWith("//"))
|
||||
{
|
||||
@@ -111,6 +108,11 @@ namespace SuperSQLInjection.scan
|
||||
try
|
||||
{
|
||||
Uri cu = new Uri(curl);
|
||||
String cupath = cu.AbsolutePath;
|
||||
if (cupath.EndsWith(".css") || cupath.EndsWith(".js") || cupath.EndsWith(".jpg") || cupath.EndsWith(".png") || cupath.EndsWith(".ico") || cupath.EndsWith(".gif"))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
if (!AllURL.Contains(curl) && !AllNoParamaValURL.Contains(noValURL)&&AllURL.Count<config.maxSpiderCount)
|
||||
{
|
||||
AllURL.Add(curl);
|
||||
|
||||
@@ -80,8 +80,8 @@ namespace SuperSQLInjection.tools
|
||||
String curl = uri.PathAndQuery.Replace(param, payload);
|
||||
injection.testUrl = testUrl.Replace(param, payload);
|
||||
injection.paramName = sprarm[0];
|
||||
String oldrequest = Spider.reqestGetTemplate.Replace("{url}", uri.PathAndQuery).Replace("{host}", uri.Host + ":" + uri.Port);
|
||||
String request = Spider.reqestGetTemplate.Replace("{url}", curl).Replace("{host}", uri.Host + ":" + uri.Port);
|
||||
String oldrequest = Spider.reqestGetTemplate.Replace("{url}", uri.PathAndQuery).Replace("{host}", uri.Host);
|
||||
String request = Spider.reqestGetTemplate.Replace("{url}", curl).Replace("{host}", uri.Host);
|
||||
//通过错误显示判断
|
||||
if (timeout >= 3)
|
||||
{
|
||||
@@ -129,7 +129,7 @@ namespace SuperSQLInjection.tools
|
||||
|
||||
foreach (String bool_payload in bool_payloads)
|
||||
{
|
||||
String[] bool_ps = bool_payload.Split(':');
|
||||
String[] bool_ps = bool_payload.Split(':');
|
||||
|
||||
String flasePayload = pramName + "=" + URLEncode.UrlEncode(pramValue + bool_ps[1]);
|
||||
String falseURL = uri.PathAndQuery.Replace(param, flasePayload);
|
||||
@@ -139,7 +139,7 @@ namespace SuperSQLInjection.tools
|
||||
{
|
||||
break;//超时3次,认为此URL为坏死URL
|
||||
}
|
||||
String falserequest = Spider.reqestGetTemplate.Replace("{url}", falseURL).Replace("{host}", uri.Host + ":" + uri.Port);
|
||||
String falserequest = Spider.reqestGetTemplate.Replace("{url}", falseURL).Replace("{host}", uri.Host);
|
||||
ServerInfo falseServer = HTTP.sendRequestRetry(isSSL, config.reTry, uri.Host, uri.Port, flasePayload, falserequest, config.timeOut, HTTP.AutoGetEncoding, false, config.redirectDoGet);
|
||||
if (falseServer.runTime > config.timeOut * 1000) timeout++;
|
||||
decimal pfalse = Tools.getLike(oserver.body, falseServer.body);
|
||||
@@ -151,7 +151,7 @@ namespace SuperSQLInjection.tools
|
||||
|
||||
String truePayload = pramName + "=" + URLEncode.UrlEncode(pramValue + bool_ps[0]);
|
||||
String trueURL = uri.PathAndQuery.Replace(param, truePayload);
|
||||
String truerequest = Spider.reqestGetTemplate.Replace("{url}", trueURL).Replace("{host}", uri.Host + ":" + uri.Port);
|
||||
String truerequest = Spider.reqestGetTemplate.Replace("{url}", trueURL).Replace("{host}", uri.Host);
|
||||
if (timeout >= 3)
|
||||
{
|
||||
break;//超时3次,认为此URL为坏死URL
|
||||
|
||||
Reference in New Issue
Block a user