shack2/SuperSQLInjectionV1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update20191212

Browse Source 
update20191212
This commit is contained in:
shack2
2019-12-17 12:36:33 +08:00
parent ffd31a9be4
commit 52aaddcbde
10 changed files with 341 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
SuperSQLInjection/Main.Designer.cs generated
View File

@@ -385,6 +385,14 @@
this.tsmi_mustRead = new System.Windows.Forms.ToolStripMenuItem();
this.ToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_bugReport = new System.Windows.Forms.ToolStripMenuItem();
this.tab_retrySendHTTP = new System.Windows.Forms.TabPage();
this.label47 = new System.Windows.Forms.Label();
this.txt_retry_key = new System.Windows.Forms.TextBox();
this.btn_retry_addKey = new System.Windows.Forms.Button();
this.label48 = new System.Windows.Forms.Label();
this.lbx_retry_sendKey = new System.Windows.Forms.ListBox();
this.retrySend_cm = new System.Windows.Forms.ContextMenuStrip(this.components);
this.cms_delRetryKey = new System.Windows.Forms.ToolStripMenuItem();
this.gb_basic.SuspendLayout();
this.gb_logo.SuspendLayout();
this.tab_logCenter.SuspendLayout();
@@ -463,6 +471,8 @@
this.injectLog_cm.SuspendLayout();
this.statusStrip1.SuspendLayout();
this.menuStrip_main.SuspendLayout();
this.tab_retrySendHTTP.SuspendLayout();
this.retrySend_cm.SuspendLayout();
this.SuspendLayout();
//
// gb_basic
@@ -1559,16 +1569,18 @@
//
// data_dbs_lvw_data
//
this.data_dbs_lvw_data.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.data_dbs_lvw_data.BackColor = System.Drawing.SystemColors.Window;
this.data_dbs_lvw_data.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.data_dbs_lvw_data.ContextMenuStrip = this.cms_data_dbs_lvw_data;
this.data_dbs_lvw_data.Dock = System.Windows.Forms.DockStyle.Fill;
this.data_dbs_lvw_data.FullRowSelect = true;
this.data_dbs_lvw_data.GridLines = true;
this.data_dbs_lvw_data.HideSelection = false;
this.data_dbs_lvw_data.Location = new System.Drawing.Point(3, 17);
this.data_dbs_lvw_data.Name = "data_dbs_lvw_data";
this.data_dbs_lvw_data.Size = new System.Drawing.Size(563, 351);
this.data_dbs_lvw_data.Size = new System.Drawing.Size(563, 324);
this.data_dbs_lvw_data.SmallImageList = this.img_line;
this.data_dbs_lvw_data.TabIndex = 1;
this.data_dbs_lvw_data.UseCompatibleStateImageBehavior = false;
@@ -1657,6 +1669,7 @@
this.tabControl1.Controls.Add(this.tab_datapack);
this.tabControl1.Controls.Add(this.tab_tokenset);
this.tabControl1.Controls.Add(this.tab_sencond_inject);
this.tabControl1.Controls.Add(this.tab_retrySendHTTP);
this.tabControl1.ImageList = this.myicon_list;
this.tabControl1.ItemSize = new System.Drawing.Size(118, 25);
this.tabControl1.Location = new System.Drawing.Point(6, 13);
@@ -4024,7 +4037,7 @@
//
this.tsmi_seting.Image = global::SuperSQLInjection.Properties.Resources.set;
this.tsmi_seting.Name = "tsmi_seting";
this.tsmi_seting.Size = new System.Drawing.Size(124, 22);
this.tsmi_seting.Size = new System.Drawing.Size(180, 22);
this.tsmi_seting.Text = "系统设置";
this.tsmi_seting.Click += new System.EventHandler(this.tsmi_seting_Click);
//
@@ -4035,7 +4048,7 @@
this.tsmi_en_us});
this.tsmi_lang.Image = global::SuperSQLInjection.Properties.Resources.lang;
this.tsmi_lang.Name = "tsmi_lang";
this.tsmi_lang.Size = new System.Drawing.Size(124, 22);
this.tsmi_lang.Size = new System.Drawing.Size(180, 22);
this.tsmi_lang.Text = "语 言";
//
// tsmi_zh_cn
@@ -4114,6 +4127,82 @@
this.tsmi_bugReport.Text = "Bug反馈";
this.tsmi_bugReport.Click += new System.EventHandler(this.tsmi_bugReport_Click);
//
// tab_retrySendHTTP
//
this.tab_retrySendHTTP.Controls.Add(this.lbx_retry_sendKey);
this.tab_retrySendHTTP.Controls.Add(this.btn_retry_addKey);
this.tab_retrySendHTTP.Controls.Add(this.txt_retry_key);
this.tab_retrySendHTTP.Controls.Add(this.label48);
this.tab_retrySendHTTP.Controls.Add(this.label47);
this.tab_retrySendHTTP.Location = new System.Drawing.Point(4, 29);
this.tab_retrySendHTTP.Name = "tab_retrySendHTTP";
this.tab_retrySendHTTP.Size = new System.Drawing.Size(557, 358);
this.tab_retrySendHTTP.TabIndex = 3;
this.tab_retrySendHTTP.Text = "重发数据包设置";
this.tab_retrySendHTTP.UseVisualStyleBackColor = true;
//
// label47
//
this.label47.AutoSize = true;
this.label47.Location = new System.Drawing.Point(16, 56);
this.label47.Name = "label47";
this.label47.Size = new System.Drawing.Size(53, 12);
this.label47.TabIndex = 0;
this.label47.Text = "关键词:";
//
// txt_retry_key
//
this.txt_retry_key.Location = new System.Drawing.Point(72, 53);
this.txt_retry_key.Name = "txt_retry_key";
this.txt_retry_key.Size = new System.Drawing.Size(337, 21);
this.txt_retry_key.TabIndex = 1;
//
// btn_retry_addKey
//
this.btn_retry_addKey.Location = new System.Drawing.Point(433, 52);
this.btn_retry_addKey.Name = "btn_retry_addKey";
this.btn_retry_addKey.Size = new System.Drawing.Size(103, 23);
this.btn_retry_addKey.TabIndex = 2;
this.btn_retry_addKey.Text = "添加重试关键词";
this.btn_retry_addKey.UseVisualStyleBackColor = true;
this.btn_retry_addKey.Click += new System.EventHandler(this.btn_retry_addKey_Click);
//
// label48
//
this.label48.AutoSize = true;
this.label48.Location = new System.Drawing.Point(16, 19);
this.label48.Name = "label48";
this.label48.Size = new System.Drawing.Size(509, 12);
this.label48.TabIndex = 0;
this.label48.Text = "当发现HTTP请求包中存在指定的关键词时重发数据包解决部分情况数据查询不成功的问题。";
//
// lbx_retry_sendKey
//
this.lbx_retry_sendKey.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.lbx_retry_sendKey.ContextMenuStrip = this.retrySend_cm;
this.lbx_retry_sendKey.FormattingEnabled = true;
this.lbx_retry_sendKey.ItemHeight = 12;
this.lbx_retry_sendKey.Location = new System.Drawing.Point(18, 97);
this.lbx_retry_sendKey.Name = "lbx_retry_sendKey";
this.lbx_retry_sendKey.Size = new System.Drawing.Size(518, 244);
this.lbx_retry_sendKey.TabIndex = 3;
//
// retrySend_cm
//
this.retrySend_cm.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.cms_delRetryKey});
this.retrySend_cm.Name = "retrySend_cm";
this.retrySend_cm.Size = new System.Drawing.Size(105, 26);
//
// cms_delRetryKey
//
this.cms_delRetryKey.Name = "cms_delRetryKey";
this.cms_delRetryKey.Size = new System.Drawing.Size(180, 22);
this.cms_delRetryKey.Text = "删 除";
this.cms_delRetryKey.Click += new System.EventHandler(this.cms_delRetryKey_Click);
//
// Main
//
this.AllowDrop = true;
@@ -4244,6 +4333,9 @@
this.statusStrip1.PerformLayout();
this.menuStrip_main.ResumeLayout(false);
this.menuStrip_main.PerformLayout();
this.tab_retrySendHTTP.ResumeLayout(false);
this.tab_retrySendHTTP.PerformLayout();
this.retrySend_cm.ResumeLayout(false);
this.ResumeLayout(false);
this.PerformLayout();
@@ -4606,6 +4698,14 @@
private System.Windows.Forms.ToolStripButton toolStrip_vers_btn_selectAll;
private System.Windows.Forms.ToolStripButton toolStrip_vers_btn_selectReverse;
private System.Windows.Forms.ImageList img_line;
private System.Windows.Forms.TabPage tab_retrySendHTTP;
private System.Windows.Forms.Button btn_retry_addKey;
private System.Windows.Forms.TextBox txt_retry_key;
private System.Windows.Forms.Label label48;
private System.Windows.Forms.Label label47;
private System.Windows.Forms.ListBox lbx_retry_sendKey;
private System.Windows.Forms.ContextMenuStrip retrySend_cm;
private System.Windows.Forms.ToolStripMenuItem cms_delRetryKey;
}
}

70
SuperSQLInjection/Main.cs
View File

@@ -150,7 +150,7 @@ namespace SuperSQLInjection
private void Main_Shown(object sender, EventArgs e)
{
HTTP.initMain(this);
//添加支持注入的数据库列表
addDBSToItems();
//清空日志
@@ -209,7 +209,7 @@ namespace SuperSQLInjection
{
Tools.SysLog("加载配置发生错误!" + ex.Message);
}
HTTP.initMain(this);
InjectionTools.addErrorCode();
//读取模板
List<String> templates = FileTool.readAllDic("/config/template/");
@@ -286,7 +286,7 @@ namespace SuperSQLInjection
responseStream.Close();
}
public static int version = 20190905;
public static int version = 20191212;
public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
//检查更新
public void checkUpdate()
@@ -1465,7 +1465,7 @@ namespace SuperSQLInjection
public void addItemToListViewByColumns(String colvs)
{
addItemToListViewByColumns(colvs, "\\$\\$\\$");
addItemToListViewByColumns(colvs, Comm.COLUMNS_REG_SPLIT_STR);
}
public void addItemToListViewByColumnsInformix(String colvs)
@@ -5781,7 +5781,7 @@ namespace SuperSQLInjection
String result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", datas_value_payload));
this.txt_log.Invoke(new showLogDelegate(log), "报告大侠,获取到第" + (gp.limit + 1) + "行数据", LogLevel.info);
String[] datas = Regex.Split(result, "\\$\\$\\$");
String[] datas = Regex.Split(result, Comm.COLUMNS_REG_SPLIT_STR);
addItemToListView(datas);
}
@@ -6007,7 +6007,7 @@ namespace SuperSQLInjection
result = Tools.unHex(result, "UTF-8");
String[] items = Regex.Split(result, "\\$\\$\\$");
String[] items = Regex.Split(result, Comm.COLUMNS_REG_SPLIT_STR);
ListViewItem lvi = null;
foreach (String item in items)
{
@@ -8193,9 +8193,16 @@ namespace SuperSQLInjection
//二次注入
this.txt_sencond_request.Text = config.sencondRequest;
//加载重试发包key
if (config.retryKey != null) {
String[] keys = config.retryKey.Split(',');
foreach(String key in keys)
{
this.lbx_retry_sendKey.Items.Add(key);
}
}
//file
this.cbox_file_readFileEncoding.Text = config.readFileEncoding;
//cmd
@@ -8563,7 +8570,7 @@ namespace SuperSQLInjection
if (!String.IsNullOrEmpty(this.file_txt_result.Text))
{
String payload = SQLServer.witeFileByFileSystemObject.Replace("{path}", Tools.strToHex(path, "GB2312")).Replace("{data}", Tools.strToHex(this.file_txt_result.Text, "GB2312"));
if (config.keyType.Equals(KeyType.Time))
if (config.keyType.Equals(KeyType.Time) && config.injectType.Equals(InjectType.Blind))
{
payload = payload.Replace(" 1=1;", ";");
}
@@ -8582,7 +8589,7 @@ namespace SuperSQLInjection
if (!String.IsNullOrEmpty(this.file_txt_result.Text))
{
String payload = SQLServer.witeFileBySP_MakeWebTask.Replace("{path}", Tools.strToHex(path, "GB2312")).Replace("{data}", Tools.strToHex(this.file_txt_result.Text, "GB2312"));
if (config.keyType.Equals(KeyType.Time))
if (config.keyType.Equals(KeyType.Time) && config.injectType.Equals(InjectType.Blind))
{
payload = payload.Replace(" 1=1;", ";");
}
@@ -8605,7 +8612,7 @@ namespace SuperSQLInjection
String dropWriteFileBackUpTableAndDropDB = SQLServer.dropWriteFileBackUpTableAndDropDB;
String createWriteFileBackUpDB = SQLServer.createWriteFileBackUpDB;
String createWriteFileBackUpTable = SQLServer.createWriteFileBackUpTable;
if (config.keyType.Equals(KeyType.Time))
if (config.keyType.Equals(KeyType.Time) && config.injectType.Equals(InjectType.Blind))
{
payload = payload.Replace(" 1=1;", ";");
dropWriteFileBackUpTableAndDropDB = dropWriteFileBackUpTableAndDropDB.Replace(" 1=1;", ";");
@@ -8638,7 +8645,7 @@ namespace SuperSQLInjection
//filesystemobject读文件
String payload = SQLServer.readFileByFileSystemobject.Replace("{path}", path);
String dropTable = SQLServer.dropTable;
if (config.keyType.Equals(KeyType.Time))
if (config.keyType.Equals(KeyType.Time)&& config.injectType.Equals(InjectType.Blind))
{
payload= payload.Replace(" 1=1;", ";");
dropTable = dropTable.Replace(" 1=1;", ";");
@@ -10583,7 +10590,7 @@ namespace SuperSQLInjection
private void tsmi_bugReport_Click(object sender, EventArgs e)
{
MessageBox.Show("邮箱反馈1341413415@qq.com\r\nQQ群反馈84978967");
MessageBox.Show("邮箱反馈1341413415@qq.com");
}
private void data_dbs_cob_db_encoding_TextChanged(object sender, EventArgs e)
@@ -11522,6 +11529,45 @@ namespace SuperSQLInjection
{
SelectReversNodes(this.data_lvw_ver);
}
private void btn_retry_addKey_Click(object sender, EventArgs e)
{
String key = this.txt_retry_key.Text;
if (key.Length <= 0) {
MessageBox.Show("输入重试关键词!");
return;
}
if (this.lbx_retry_sendKey.Items.Contains(key)) {
MessageBox.Show("关键词已经在列表中!");
return;
}
this.lbx_retry_sendKey.Items.Add(key);
resetRetryKeys();
}
private void resetRetryKeys()
{
StringBuilder sb = new StringBuilder();
foreach (String ikey in this.lbx_retry_sendKey.Items)
{
sb.Append(ikey + ",");
}
if (this.lbx_retry_sendKey.Items.Count > 0)
{
String allkeys = sb.Remove(sb.Length - 1, 1).ToString();
config.retryKey = allkeys;
}
}
private void cms_delRetryKey_Click(object sender, EventArgs e)
{
if (this.lbx_retry_sendKey.SelectedItems.Count>0) {
this.lbx_retry_sendKey.Items.Remove(this.lbx_retry_sendKey.SelectedItems[0]);
resetRetryKeys();
MessageBox.Show("删除成功!");
}
}
}
}

171
SuperSQLInjection/Main.resx
View File

@@ -118,17 +118,17 @@
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<metadata name="log_cms_dataifo.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>186, 17</value>
<value>278, 17</value>
</metadata>
<metadata name="img_line.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 93</value>
<value>293, 93</value>
</metadata>
<data name="img_line.ImageStream" mimetype="application/x-microsoft.net.object.binary.base64">
<value>
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACU
BwAAAk1TRnQBSQFMAwEBAAGQAQABkAEAARQBAAEUAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA
BwAAAk1TRnQBSQFMAwEBAAGgAQABoAEAARQBAAEUAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA
AVADAAEUAwABAQEAAQgFAAFAAQYYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
@@ -164,17 +164,17 @@
</value>
</data>
<metadata name="toolStrip_getVers.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>118, 93</value>
<value>280, 93</value>
</metadata>
<metadata name="myicon_list.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>747, 17</value>
<value>843, 17</value>
</metadata>
<data name="myicon_list.ImageStream" mimetype="application/x-microsoft.net.object.binary.base64">
<value>
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACe
GQAAAk1TRnQBSQFMAgEBDwEAAZgBCwGYAQsBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
GQAAAk1TRnQBSQFMAgEBDwEAAagBCwGoAQsBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAAUADAAEBAQABCAYAARAYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
@@ -287,7 +287,7 @@
</value>
</data>
<metadata name="toolStrip_getVers.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>118, 93</value>
<value>394, 93</value>
</metadata>
<assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<data name="toolStrip_vers_btn_selectAll.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
@@ -321,91 +321,94 @@
</value>
</data>
<metadata name="data_cms_vers.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>477, 17</value>
<value>573, 17</value>
</metadata>
<metadata name="data_dbs_ts.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 55</value>
<value>247, 55</value>
</metadata>
<metadata name="toolStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>278, 55</value>
<value>508, 55</value>
</metadata>
<metadata name="data_cms_dbs.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>613, 17</value>
<value>709, 17</value>
</metadata>
<metadata name="imglist_database.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>388, 55</value>
<value>618, 55</value>
</metadata>
<data name="imglist_database.ImageStream" mimetype="application/x-microsoft.net.object.binary.base64">
<value>
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACq
DQAAAk1TRnQBSQFMAgEBBwEAAfABCgHwAQoBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAASADAAEBAQABCAYAAQgYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
AWYDAAGZAwABzAIAATMDAAIzAgABMwFmAgABMwGZAgABMwHMAgABMwH/AgABZgMAAWYBMwIAAmYCAAFm
AZkCAAFmAcwCAAFmAf8CAAGZAwABmQEzAgABmQFmAgACmQIAAZkBzAIAAZkB/wIAAcwDAAHMATMCAAHM
AWYCAAHMAZkCAALMAgABzAH/AgAB/wFmAgAB/wGZAgAB/wHMAQABMwH/AgAB/wEAATMBAAEzAQABZgEA
ATMBAAGZAQABMwEAAcwBAAEzAQAB/wEAAf8BMwIAAzMBAAIzAWYBAAIzAZkBAAIzAcwBAAIzAf8BAAEz
AWYCAAEzAWYBMwEAATMCZgEAATMBZgGZAQABMwFmAcwBAAEzAWYB/wEAATMBmQIAATMBmQEzAQABMwGZ
AWYBAAEzApkBAAEzAZkBzAEAATMBmQH/AQABMwHMAgABMwHMATMBAAEzAcwBZgEAATMBzAGZAQABMwLM
AQABMwHMAf8BAAEzAf8BMwEAATMB/wFmAQABMwH/AZkBAAEzAf8BzAEAATMC/wEAAWYDAAFmAQABMwEA
AWYBAAFmAQABZgEAAZkBAAFmAQABzAEAAWYBAAH/AQABZgEzAgABZgIzAQABZgEzAWYBAAFmATMBmQEA
AWYBMwHMAQABZgEzAf8BAAJmAgACZgEzAQADZgEAAmYBmQEAAmYBzAEAAWYBmQIAAWYBmQEzAQABZgGZ
AWYBAAFmApkBAAFmAZkBzAEAAWYBmQH/AQABZgHMAgABZgHMATMBAAFmAcwBmQEAAWYCzAEAAWYBzAH/
AQABZgH/AgABZgH/ATMBAAFmAf8BmQEAAWYB/wHMAQABzAEAAf8BAAH/AQABzAEAApkCAAGZATMBmQEA
AZkBAAGZAQABmQEAAcwBAAGZAwABmQIzAQABmQEAAWYBAAGZATMBzAEAAZkBAAH/AQABmQFmAgABmQFm
ATMBAAGZATMBZgEAAZkBZgGZAQABmQFmAcwBAAGZATMB/wEAApkBMwEAApkBZgEAA5kBAAKZAcwBAAKZ
Af8BAAGZAcwCAAGZAcwBMwEAAWYBzAFmAQABmQHMAZkBAAGZAswBAAGZAcwB/wEAAZkB/wIAAZkB/wEz
AQABmQHMAWYBAAGZAf8BmQEAAZkB/wHMAQABmQL/AQABzAMAAZkBAAEzAQABzAEAAWYBAAHMAQABmQEA
AcwBAAHMAQABmQEzAgABzAIzAQABzAEzAWYBAAHMATMBmQEAAcwBMwHMAQABzAEzAf8BAAHMAWYCAAHM
AWYBMwEAAZkCZgEAAcwBZgGZAQABzAFmAcwBAAGZAWYB/wEAAcwBmQIAAcwBmQEzAQABzAGZAWYBAAHM
ApkBAAHMAZkBzAEAAcwBmQH/AQACzAIAAswBMwEAAswBZgEAAswBmQEAA8wBAALMAf8BAAHMAf8CAAHM
Af8BMwEAAZkB/wFmAQABzAH/AZkBAAHMAf8BzAEAAcwC/wEAAcwBAAEzAQAB/wEAAWYBAAH/AQABmQEA
AcwBMwIAAf8CMwEAAf8BMwFmAQAB/wEzAZkBAAH/ATMBzAEAAf8BMwH/AQAB/wFmAgAB/wFmATMBAAHM
AmYBAAH/AWYBmQEAAf8BZgHMAQABzAFmAf8BAAH/AZkCAAH/AZkBMwEAAf8BmQFmAQAB/wKZAQAB/wGZ
AcwBAAH/AZkB/wEAAf8BzAIAAf8BzAEzAQAB/wHMAWYBAAH/AcwBmQEAAf8CzAEAAf8BzAH/AQAC/wEz
AQABzAH/AWYBAAL/AZkBAAL/AcwBAAJmAf8BAAFmAf8BZgEAAWYC/wEAAf8CZgEAAf8BZgH/AQAC/wFm
AQABIQEAAaUBAANfAQADdwEAA4YBAAOWAQADywEAA7IBAAPXAQAD3QEAA+MBAAPqAQAD8QEAA/gBAAHw
AfsB/wEAAaQCoAEAA4ADAAH/AgAB/wMAAv8BAAH/AwAB/wEAAf8BAAL/AgAD/wEAEP8wAA/vAf8PvAUA
AQcBcgFPA0kBcgEHFAAP7wH/D+8EAAGYAU8BUASYAU8BSQEcEwAB7w3/Ae8B/wHvDf8B7wMAAZgBTwF4
AQgBmAKXAZgBCAGXAUkBHBIAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABBwFPAXgBCAaX
AQgBlwFJAQcRAAHvAf8C3AL/AtwC/wLcAv8B7wH/Ae8C/wncAv8B7wIAAXgBVgEIApcBeAEbAZgDlwEI
AU8BchEAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7w3/Ae8CAAFQApgBlwF4A/8BmAKXApgBTxEAAe8B/wLc
Av8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABTwGYAZcBeAL/AfQC/wGYApcBmAFJEQAB7wH/AtwC/wLc
Av8C3AL/Ae8B/wHvAv8J3AL/Ae8CAAFVAQgBeAGXAQgB8QGXAQgC/wGYAZcBmAFPEQAB7w3/Ae8B/wHv
Df8B7wIAAVYCmAWXAQgB/wHzApgBTxEAAe8B9AvyAfQB7wH/Ae8B9AvyAfQB7wIAAZgBlwEIBpcBCAGX
AQgBUAGXEQABtA2zAbQB/wG0DbMBtAIAAQgBVgF4AQgGlwEIAXgBTwEHEQABswEJC9wBCQGzAf8BswEJ
C9wBCQGzAwABmAFWAXgBCAGYAngBmAEIAXgBTwGYEgABswHhC9sB4QGzAf8BswHhC9sB4QGzBAABmAFW
AZcEmAGXAVABmBMAAbMN4gGzAf8Bsw3iAbMFAAEIAZgEVgGYAQcUAA+zAf8Bug2zAbohABD/IAABEg5D
ARIB/w7UAf8gAAFtDv8BbQH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8BAA4HAgAIBwaXAQABbQH/
ARUEEQEQAxEBEAERARQB/wFtAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/
AQcCAAEHAv8BBwT/AZcECAGXAQABbQH/AeoC/wG8A/8BvAP/AeoB/wFtAf8B1AIZAfQC/wH0ARkBCQPc
AQkB1AH/AQABBwL/AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAFtAf8B6gG8AQcBvAMHAbwCBwG8
AeoB/wFtAf8O1AH/AQAOBwIACAcGlwEAAesB/wFtAv8BvAP/AbwD/wFtAf8B6wH/AdQC3AEZAvQBGQHc
AdsB2gHTAdQB2wHUAf8BAAEHAv8BBwT/AQcE/wEHAgABBwL/AQcE/wGXBAgBlwEAAesB/wFtAfAIvAHw
AW0B/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/AQcCAAEHAv8BBwT/
AZcECAGXAQAB6wH/AesC/wHwA/8B8AP/AesB/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEA
DgcCAAgHBpcBAAHrAf8B6wIZAfEG8gHzAesB/wHrAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQABBwL/
AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQElASABGQcCAewB/wHsAf8O1AH/AQABBwL/
AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQImAfQBNAVVATQB7AH/AewB/wHUAtwBGQL0
ARkB3AHbAdoB0wHUAdsB1AH/AQAOMwIACDMGNAEAAewB/wHsARkI8wH0AewB/wHsAf8B1ALcARkC9AEZ
AdwB2wHaAdMB1AHbAdQB/wEAATMCNAEzATQCVQE0ATMBNAJVATQBMwIAATMCNAEzATQCVQc0AQAB7AH/
AewC/wHzA/8B8wP/AewB/wHsAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQAOMwIACDMGNAEAAewB/wzs
Af8B7AH/DtQB/yAAAewO/wHsEP8gABDtAUIBTQE+BwABPgMAASgDAAFAAwABIAMAAQEBAAEBBgABARYA
A/8DAAT/BQABAQHwAQ8FAAEBAeABBwUAAQEBwAEDBQABAQGAAQEFAAEBAYABAQUAAQEBgAEBBQABAQGA
AQEFAAEBAYABAQUAAQEBgAEBBQABAQGAAQEFAAEBAYABAQUAAQEBwAEDBQABAQHgAQcFAAEBAfABDwUA
AQEC/wQABP8EAAT/BAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA
AQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA
AQEEAAGAAQEBgAEBBAAE/wQABP8CAAs=
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACo
DQAAAk1TRnQBSQFMAgEBBwIAAQsBAAELARABAAEQAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA
AUADAAEgAwABAQEAAQgGAAEIGAABgAIAAYADAAKAAQABgAMAAYABAAGAAQACgAIAA8ABAAHAAdwBwAEA
AfABygGmAQABMwUAATMBAAEzAQABMwEAAjMCAAMWAQADHAEAAyIBAAMpAQADVQEAA00BAANCAQADOQEA
AYABfAH/AQACUAH/AQABkwEAAdYBAAH/AewBzAEAAcYB1gHvAQAB1gLnAQABkAGpAa0CAAH/ATMDAAFm
AwABmQMAAcwCAAEzAwACMwIAATMBZgIAATMBmQIAATMBzAIAATMB/wIAAWYDAAFmATMCAAJmAgABZgGZ
AgABZgHMAgABZgH/AgABmQMAAZkBMwIAAZkBZgIAApkCAAGZAcwCAAGZAf8CAAHMAwABzAEzAgABzAFm
AgABzAGZAgACzAIAAcwB/wIAAf8BZgIAAf8BmQIAAf8BzAEAATMB/wIAAf8BAAEzAQABMwEAAWYBAAEz
AQABmQEAATMBAAHMAQABMwEAAf8BAAH/ATMCAAMzAQACMwFmAQACMwGZAQACMwHMAQACMwH/AQABMwFm
AgABMwFmATMBAAEzAmYBAAEzAWYBmQEAATMBZgHMAQABMwFmAf8BAAEzAZkCAAEzAZkBMwEAATMBmQFm
AQABMwKZAQABMwGZAcwBAAEzAZkB/wEAATMBzAIAATMBzAEzAQABMwHMAWYBAAEzAcwBmQEAATMCzAEA
ATMBzAH/AQABMwH/ATMBAAEzAf8BZgEAATMB/wGZAQABMwH/AcwBAAEzAv8BAAFmAwABZgEAATMBAAFm
AQABZgEAAWYBAAGZAQABZgEAAcwBAAFmAQAB/wEAAWYBMwIAAWYCMwEAAWYBMwFmAQABZgEzAZkBAAFm
ATMBzAEAAWYBMwH/AQACZgIAAmYBMwEAA2YBAAJmAZkBAAJmAcwBAAFmAZkCAAFmAZkBMwEAAWYBmQFm
AQABZgKZAQABZgGZAcwBAAFmAZkB/wEAAWYBzAIAAWYBzAEzAQABZgHMAZkBAAFmAswBAAFmAcwB/wEA
AWYB/wIAAWYB/wEzAQABZgH/AZkBAAFmAf8BzAEAAcwBAAH/AQAB/wEAAcwBAAKZAgABmQEzAZkBAAGZ
AQABmQEAAZkBAAHMAQABmQMAAZkCMwEAAZkBAAFmAQABmQEzAcwBAAGZAQAB/wEAAZkBZgIAAZkBZgEz
AQABmQEzAWYBAAGZAWYBmQEAAZkBZgHMAQABmQEzAf8BAAKZATMBAAKZAWYBAAOZAQACmQHMAQACmQH/
AQABmQHMAgABmQHMATMBAAFmAcwBZgEAAZkBzAGZAQABmQLMAQABmQHMAf8BAAGZAf8CAAGZAf8BMwEA
AZkBzAFmAQABmQH/AZkBAAGZAf8BzAEAAZkC/wEAAcwDAAGZAQABMwEAAcwBAAFmAQABzAEAAZkBAAHM
AQABzAEAAZkBMwIAAcwCMwEAAcwBMwFmAQABzAEzAZkBAAHMATMBzAEAAcwBMwH/AQABzAFmAgABzAFm
ATMBAAGZAmYBAAHMAWYBmQEAAcwBZgHMAQABmQFmAf8BAAHMAZkCAAHMAZkBMwEAAcwBmQFmAQABzAKZ
AQABzAGZAcwBAAHMAZkB/wEAAswCAALMATMBAALMAWYBAALMAZkBAAPMAQACzAH/AQABzAH/AgABzAH/
ATMBAAGZAf8BZgEAAcwB/wGZAQABzAH/AcwBAAHMAv8BAAHMAQABMwEAAf8BAAFmAQAB/wEAAZkBAAHM
ATMCAAH/AjMBAAH/ATMBZgEAAf8BMwGZAQAB/wEzAcwBAAH/ATMB/wEAAf8BZgIAAf8BZgEzAQABzAJm
AQAB/wFmAZkBAAH/AWYBzAEAAcwBZgH/AQAB/wGZAgAB/wGZATMBAAH/AZkBZgEAAf8CmQEAAf8BmQHM
AQAB/wGZAf8BAAH/AcwCAAH/AcwBMwEAAf8BzAFmAQAB/wHMAZkBAAH/AswBAAH/AcwB/wEAAv8BMwEA
AcwB/wFmAQAC/wGZAQAC/wHMAQACZgH/AQABZgH/AWYBAAFmAv8BAAH/AmYBAAH/AWYB/wEAAv8BZgEA
ASEBAAGlAQADXwEAA3cBAAOGAQADlgEAA8sBAAOyAQAD1wEAA90BAAPjAQAD6gEAA/EBAAP4AQAB8AH7
Af8BAAGkAqABAAOAAwAB/wIAAf8DAAL/AQAB/wMAAf8BAAH/AQAC/wIAA/8BABD/MAAP7wH/D7wFAAEH
AXIBTwNJAXIBBxQAD+8B/w/vBAABmAFPAVAEmAFPAUkBHBMAAe8N/wHvAf8B7w3/Ae8DAAGYAU8BeAEI
AZgClwGYAQgBlwFJARwSAAHvAf8C3AL/AtwC/wLcAv8B7wH/Ae8C/wncAv8B7wIAAQcBTwF4AQgGlwEI
AZcBSQEHEQAB7wH/AtwC/wLcAv8C3AL/Ae8B/wHvAv8J3AL/Ae8CAAF4AVYBCAKXAXgBGwGYA5cBCAFP
AXIRAAHvAf8C3AL/AtwC/wLcAv8B7wH/Ae8N/wHvAgABUAKYAZcBeAP/AZgClwKYAU8RAAHvAf8C3AL/
AtwC/wLcAv8B7wH/Ae8C/wncAv8B7wIAAU8BmAGXAXgC/wH0Av8BmAKXAZgBSREAAe8B/wLcAv8C3AL/
AtwC/wHvAf8B7wL/CdwC/wHvAgABVQEIAXgBlwEIAfEBlwEIAv8BmAGXAZgBTxEAAe8N/wHvAf8B7w3/
Ae8CAAFWApgFlwEIAf8B8wKYAU8RAAHvAfQL8gH0Ae8B/wHvAfQL8gH0Ae8CAAGYAZcBCAaXAQgBlwEI
AVABlxEAAbQNswG0Af8BtA2zAbQCAAEIAVYBeAEIBpcBCAF4AU8BBxEAAbMBCQvcAQkBswH/AbMBCQvc
AQkBswMAAZgBVgF4AQgBmAJ4AZgBCAF4AU8BmBIAAbMB4QvbAeEBswH/AbMB4QvbAeEBswQAAZgBVgGX
BJgBlwFQAZgTAAGzDeIBswH/AbMN4gGzBQABCAGYBFYBmAEHFAAPswH/AboNswG6IQAQ/yAAARIOQwES
Af8O1AH/IAABbQ7/AW0B/wHUAtwBGQL0ARkB3AHbAdoB0wHUAdsB1AH/AQAOBwIACAcGlwEAAW0B/wEV
BBEBEAMRARABEQEUAf8BbQH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8BAAEHAv8BBwT/AQcE/wEH
AgABBwL/AQcE/wGXBAgBlwEAAW0B/wHqAv8BvAP/AbwD/wHqAf8BbQH/AdQCGQH0Av8B9AEZAQkD3AEJ
AdQB/wEAAQcC/wEHBP8BBwT/AQcCAAEHAv8BBwT/AZcECAGXAQABbQH/AeoBvAEHAbwDBwG8AgcBvAHq
Af8BbQH/DtQB/wEADgcCAAgHBpcBAAHrAf8BbQL/AbwD/wG8A/8BbQH/AesB/wHUAtwBGQL0ARkB3AHb
AdoB0wHUAdsB1AH/AQABBwL/AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHrAf8BbQHwCLwB8AFt
Af8B6wH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8BAAEHAv8BBwT/AQcE/wEHAgABBwL/AQcE/wGX
BAgBlwEAAesB/wHrAv8B8AP/AfAD/wHrAf8B6wH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8BAA4H
AgAIBwaXAQAB6wH/AesCGQHxBvIB8wHrAf8B6wH/AdQCGQH0Av8B9AEZAQkD3AEJAdQB/wEAAQcC/wEH
BP8BBwT/AQcCAAEHAv8BBwT/AZcECAGXAQAB7AH/AZEBJQEgARkHAgHsAf8B7AH/DtQB/wEAAQcC/wEH
BP8BBwT/AQcCAAEHAv8BBwT/AZcECAGXAQAB7AH/AZECJgH0ATQFVQE0AewB/wHsAf8B1ALcARkC9AEZ
AdwB2wHaAdMB1AHbAdQB/wEADjMCAAgzBjQBAAHsAf8B7AEZCPMB9AHsAf8B7AH/AdQC3AEZAvQBGQHc
AdsB2gHTAdQB2wHUAf8BAAEzAjQBMwE0AlUBNAEzATQCVQE0ATMCAAEzAjQBMwE0AlUHNAEAAewB/wHs
Av8B8wP/AfMD/wHsAf8B7AH/AdQCGQH0Av8B9AEZAQkD3AEJAdQB/wEADjMCAAgzBjQBAAHsAf8M7AH/
AewB/w7UAf8gAAHsDv8B7BD/IAAQ7QFCAU0BPgcAAT4DAAEoAwABQAMAASADAAEBAQABAQYAAQEWAAP/
AwAE/wUAAQEB8AEPBQABAQHgAQcFAAEBAcABAwUAAQEBgAEBBQABAQGAAQEFAAEBAYABAQUAAQEBgAEB
BQABAQGAAQEFAAEBAYABAQUAAQEBgAEBBQABAQGAAQEFAAEBAcABAwUAAQEB4AEHBQABAQHwAQ8FAAEB
Av8EAAT/BAAE/wQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEB
BAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEB
BAABgAEBAYABAQQABP8EAAT/AgAL
</value>
</data>
<metadata name="cms_data_dbs_lvw_data.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>538, 55</value>
<value>768, 55</value>
</metadata>
<metadata name="retrySend_cm.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>146, 17</value>
</metadata>
<metadata name="cms_dataPacks.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>138, 55</value>
<value>368, 55</value>
</metadata>
<data name="txt_inject_request.Text" xml:space="preserve">
<value>GET /access.asp?id=1&lt;Encode&gt; and#inject#&lt;/Encode&gt; HTTP/1.1
@@ -417,37 +420,37 @@ User-Agent: sqlmap/1.0-dev (http://sqlmap.org)
Connection: close</value>
</data>
<metadata name="toolStrip_proxyList.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1253, 55</value>
<value>17, 93</value>
</metadata>
<metadata name="toolStrip_proxyList.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1253, 55</value>
<value>131, 93</value>
</metadata>
<metadata name="proxy_cms.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1139, 55</value>
<value>17, 93</value>
</metadata>
<metadata name="bypass_lvw_replaceString_cms.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1204, 17</value>
<value>17, 55</value>
</metadata>
<metadata name="scanInjectionURL_cms.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1022, 17</value>
<value>1118, 17</value>
</metadata>
<metadata name="scanInjection_cms.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>864, 17</value>
<value>960, 17</value>
</metadata>
<metadata name="injectLog_cm.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 17</value>
</metadata>
<metadata name="statusStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>729, 55</value>
<value>959, 55</value>
</metadata>
<metadata name="timer_status.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>850, 55</value>
<value>1080, 55</value>
</metadata>
<metadata name="timer_scanInjection.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>973, 55</value>
<value>1203, 55</value>
</metadata>
<metadata name="menuStrip_main.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>329, 17</value>
<value>425, 17</value>
</metadata>
<metadata name="$this.TrayHeight" type="System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>107</value>

4
SuperSQLInjection/Properties/AssemblyInfo.cs
View File

@@ -32,5 +32,5 @@ using System.Runtime.InteropServices;
// 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值,
// 方法是按如下所示使用“*”:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.2019.09.05")]
[assembly: AssemblyFileVersion("1.2019.09.05")]
[assembly: AssemblyVersion("1.2019.12.12")]
[assembly: AssemblyFileVersion("1.2019.10.12")]

2
SuperSQLInjection/model/Config.cs
View File

@@ -74,7 +74,7 @@ namespace SuperSQLInjection.model
public Boolean useBetweenByPass = false;//between绕过
public Boolean usehex = false;//hex绕过
public Boolean useUnicode = false;//uniocde绕过
public String retryKey = "";//重新发包的关键字
//scan
public int level = 0;
public int linkCount = 1;

9
SuperSQLInjection/payload/Comm.cs
View File

@@ -1,11 +1,17 @@
using System;
using System.Collections.Generic;
using System.Text;
using tools;
namespace SuperSQLInjection.payload
{
class Comm
{
public const String COLUMNS_SPLIT_STR = "$_$";
public const String COLUMNS_REG_SPLIT_STR = "\\$_\\$";
public static String COLUMNS_SPLIT_HEX_STR = Tools.strToHex(COLUMNS_SPLIT_STR, "UTF-8");
public static String exists_table = " exists(select 1 from {0})";
public static String exists_column = " exists(select {0} from {1})";
public static String truePayload = " 1=1";
@@ -16,8 +22,7 @@ namespace SuperSQLInjection.payload
StringBuilder sb = new StringBuilder();
foreach (String column in columns)
{
sb.Append(column + unionStr);
sb.Append(column + unionStr);
}
sb.Remove(sb.Length - unionStr.Length, unionStr.Length);
return sb.ToString();

4
SuperSQLInjection/payload/MySQL.cs
View File

@@ -219,7 +219,7 @@ namespace SuperSQLInjection.payload
public static String creatMySQLColumnsStr(List<String> columns, String table, String dbName, int limit)
{
StringBuilder sb = new StringBuilder("(select concat_ws(0x242424,");
StringBuilder sb = new StringBuilder("(select concat_ws("+ Comm.COLUMNS_SPLIT_HEX_STR + ",");
foreach (String c in columns) {
sb.Append("ifnull("+c + ",0x20),");
}
@@ -260,7 +260,7 @@ namespace SuperSQLInjection.payload
/// <returns></returns>
public static String concatMySQLColumnStr(List<String> columns)
{
StringBuilder sb = new StringBuilder("concat(0x5e5e21,concat_ws(0x242424,");
StringBuilder sb = new StringBuilder("concat(0x5e5e21,concat_ws("+ Comm.COLUMNS_SPLIT_HEX_STR + ",");
for (int i = 0; i < columns.Count; i++)
{
if (columns.Count > 1)

39
SuperSQLInjection/tools/http/HTTP.cs
View File

@@ -22,7 +22,7 @@ namespace SuperSQLInjection.tools
{
public class HTTP
{
public const char T = '\n';
public const String ST = "\n";
public const String CT = "\r\n";
@@ -36,10 +36,10 @@ namespace SuperSQLInjection.tools
public const String Transfer_Encoding = "transfer-encoding";
public const String Connection = "connection";
public const String Content_Length_Zero= "Content-Length: 0";
public const String Content_Length_Zero = "Content-Length: 0";
public const String ConnectionClose = "connection: close";
public const int WaitTime =5;
public const int WaitTime = 5;
public static Main main = null;
public static long index = 0;
@@ -50,6 +50,9 @@ namespace SuperSQLInjection.tools
public static void initMain(Main m)
{
main = m;
if(main.config.retryKey != null) {
RetryKeys=main.config.retryKey.Split(',');
};
}
/**
@@ -57,6 +60,20 @@ namespace SuperSQLInjection.tools
发生异常尝试重连
*
*/
public static String[] RetryKeys = null;
public static Boolean findRetryKey(String body) {
if (RetryKeys != null) {
foreach (String key in RetryKeys)
{
if (!String.IsNullOrEmpty(key)&&body.IndexOf(key) != -1)
{
return true;
break;
}
}
}
return false;
}
public static ServerInfo sendRequestRetry(Boolean isSSL, int tryCount, String host, int port, String payload, String request, int timeout, String encoding, Boolean foward_302,Boolean redirectDoGet)
{
if (request.IndexOf("<Token>") != -1) {
@@ -87,6 +104,10 @@ namespace SuperSQLInjection.tools
{
continue;
}
else if (findRetryKey(server.body))
{
continue;
}
if (!String.IsNullOrEmpty(main.config.sencondRequest) && main.config.sencondInject)
{
server = sendHTTPRequest(count, host, port, "请求二次注入页面", main.config.sencondRequest, timeout, encoding, foward_302, redirectDoGet);
@@ -105,6 +126,10 @@ namespace SuperSQLInjection.tools
{
continue;
}
else if (findRetryKey(server.body))
{
continue;
}
if (!String.IsNullOrEmpty(main.config.sencondRequest)&& main.config.sencondInject)
{
server = sendHTTPSRequest(count, host, port, "请求二次注入页面", main.config.sencondRequest, timeout, encoding, foward_302, redirectDoGet);
@@ -153,6 +178,10 @@ namespace SuperSQLInjection.tools
if (server.code == 0) {
continue;
}
else if (findRetryKey(server.body))
{
continue;
}
return server;
}
else
@@ -163,6 +192,10 @@ namespace SuperSQLInjection.tools
{
continue;
}
else if (findRetryKey(server.body))
{
continue;
}
return server;
}

46
update.txt
View File

@@ -1,5 +1,47 @@
20190823 V1.0 正式版---
替换SQL语句count(*)为count(1),防止部分情况下*号被过滤,导致无法获取数据的问题
20191212 V1.0 正式版--
修复MYSQL部分情况下获取数据拆分字符混合导致数据显示错乱
增加发包失败的判断和关键词,识别到指定关键词时,认为此包无效,用于对付网络不稳定或数据库不稳定导致发包未正确获得数据时导致结果错误问题。
修复当SQLServer读写文件时选择了时间盲注时读写文件的exp构造错误导致无法读写文件。
20190905 V1.0 正式版--
修复部分情况下自动识别列数错误问题导致无法识别Union注入二分法算法缺陷导致
修复SQLServer延时注入执行命令和读取文件时无法获取结果的问题。
修复SQLServer错误注入无法显示数据问题。
20190903 V1.0 正式版--
修复代理导入崩溃问题。
20190902 V1.0 正式版--
修复批量扫描注入无法扫描jsp页面注入问题。
修复批量注入,无法停止爬行链接的问题。
修复批量注入少数情况由于Host后面跟了端口导致发包失败的问题。
修复批量注入由于之前配置文件变更导致无法加载盲注payload而无法扫描盲注问题。
20190901 V1.0 正式版--
修复代理导入默认IP都变为127.0.0.1的问题。
20190830 V1.0 正式版--
修复HTTP自动识别编码部分情况错误问题。
优化HTTP发包当状态码为0时重新尝试发包解决部分情况可能网络不稳定造成发包失败问题。
20190823 V1.0 正式版---
修复部分情况count(*)中*号被过滤导致无法获取数据的情况。
优化检查Union注入时order by判断降低错误判断列数的情况。
优化盲注二分法判断方式,提高效率。
20190813 V1.0 正式版---
修复发送数据超时时,按钮禁用未恢复。
修复更换文本显示框后由于换行符变更导致发包失败和无法自动检测注入的问题。
增加自动识别注入时,跳过配置文件设置的跳过参数。
20190812 V1.0 正式版---
修复上个版本代码变更导致sqlserver盲注获取不到数据的问题。
修改配置增加sqlserver获取主机IP和hash的语句。
20190811 V1.0 正式版---
修复mysql由于存在空值导致显示数据的列不对应的问题。
修复sqlserver部分情况下由于特殊字段类型导致报错无法获取数据的问题。
修复上个版本编码转换全选报错问题。
20190810 V1.0 正式版---
修复在Oracle注入下由于注入绕过的随机大小写和小写处理可能会将库名和表明处理导致无法获取表名或列名的情况。

BIN
新建 Microsoft Access Database.accdb
View File

Binary file not shown.