shack2/SuperSQLInjectionV1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update20190830

Browse Source 
update20190830
This commit is contained in:
shack2
2019-08-30 14:26:37 +08:00
parent 419a7ce1c2
commit cee66afc67
10 changed files with 305 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
SuperSQLInjection/Main.Designer.cs generated
View File

@@ -66,6 +66,7 @@
this.log_cms_dataifo = new System.Windows.Forms.ContextMenuStrip(this.components);
this.data_cms_clearLog = new System.Windows.Forms.ToolStripMenuItem();
this.data_cms_copyPaylaod = new System.Windows.Forms.ToolStripMenuItem();
this.img_line = new System.Windows.Forms.ImageList(this.components);
this.groupBox6 = new System.Windows.Forms.GroupBox();
this.tabControl2 = new System.Windows.Forms.TabControl();
this.tabPage3 = new System.Windows.Forms.TabPage();
@@ -384,7 +385,6 @@
this.tsmi_mustRead = new System.Windows.Forms.ToolStripMenuItem();
this.ToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_bugReport = new System.Windows.Forms.ToolStripMenuItem();
this.img_line = new System.Windows.Forms.ImageList(this.components);
this.gb_basic.SuspendLayout();
this.gb_logo.SuspendLayout();
this.tab_logCenter.SuspendLayout();
@@ -730,9 +730,9 @@
this.gb_logo.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.gb_logo.Controls.Add(this.txt_log);
this.gb_logo.Location = new System.Drawing.Point(9, 592);
this.gb_logo.Location = new System.Drawing.Point(9, 578);
this.gb_logo.Name = "gb_logo";
this.gb_logo.Size = new System.Drawing.Size(839, 143);
this.gb_logo.Size = new System.Drawing.Size(839, 125);
this.gb_logo.TabIndex = 3;
this.gb_logo.TabStop = false;
this.gb_logo.Text = "日志";
@@ -744,7 +744,7 @@
this.txt_log.Location = new System.Drawing.Point(3, 17);
this.txt_log.Name = "txt_log";
this.txt_log.ScrollBars = System.Windows.Forms.RichTextBoxScrollBars.ForcedVertical;
this.txt_log.Size = new System.Drawing.Size(833, 123);
this.txt_log.Size = new System.Drawing.Size(833, 105);
this.txt_log.TabIndex = 0;
this.txt_log.Text = "";
//
@@ -753,9 +753,9 @@
this.tab_logCenter.BackColor = System.Drawing.SystemColors.Window;
this.tab_logCenter.Controls.Add(this.splitContainer1);
this.tab_logCenter.ImageKey = "log.png";
this.tab_logCenter.Location = new System.Drawing.Point(4, 29);
this.tab_logCenter.Location = new System.Drawing.Point(4, 32);
this.tab_logCenter.Name = "tab_logCenter";
this.tab_logCenter.Size = new System.Drawing.Size(832, 433);
this.tab_logCenter.Size = new System.Drawing.Size(832, 416);
this.tab_logCenter.TabIndex = 3;
this.tab_logCenter.Text = "日志中心";
//
@@ -773,8 +773,8 @@
// splitContainer1.Panel2
//
this.splitContainer1.Panel2.Controls.Add(this.groupBox6);
this.splitContainer1.Size = new System.Drawing.Size(832, 433);
this.splitContainer1.SplitterDistance = 212;
this.splitContainer1.Size = new System.Drawing.Size(832, 416);
this.splitContainer1.SplitterDistance = 202;
this.splitContainer1.TabIndex = 2;
//
// groupBox5
@@ -785,7 +785,7 @@
this.groupBox5.Controls.Add(this.log_lvw_httpLog);
this.groupBox5.Location = new System.Drawing.Point(0, 8);
this.groupBox5.Name = "groupBox5";
this.groupBox5.Size = new System.Drawing.Size(832, 196);
this.groupBox5.Size = new System.Drawing.Size(832, 186);
this.groupBox5.TabIndex = 0;
this.groupBox5.TabStop = false;
this.groupBox5.Text = "数据包历史记录";
@@ -807,7 +807,7 @@
this.log_lvw_httpLog.HideSelection = false;
this.log_lvw_httpLog.Location = new System.Drawing.Point(3, 17);
this.log_lvw_httpLog.Name = "log_lvw_httpLog";
this.log_lvw_httpLog.Size = new System.Drawing.Size(826, 176);
this.log_lvw_httpLog.Size = new System.Drawing.Size(826, 166);
this.log_lvw_httpLog.SmallImageList = this.img_line;
this.log_lvw_httpLog.TabIndex = 1;
this.log_lvw_httpLog.UseCompatibleStateImageBehavior = false;
@@ -827,11 +827,13 @@
// col_runtime
//
this.col_runtime.Text = "用时[毫秒]";
this.col_runtime.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.col_runtime.Width = 72;
//
// log_col_code
//
this.log_col_code.Text = "状态码";
this.log_col_code.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.log_col_code.Width = 50;
//
// log_col_bodyLength
@@ -842,11 +844,13 @@
// log_col_sleepTime
//
this.log_col_sleepTime.Text = "延时[毫秒]";
this.log_col_sleepTime.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.log_col_sleepTime.Width = 72;
//
// col_proxy
//
this.col_proxy.Text = "代理";
this.col_proxy.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.col_proxy.Width = 120;
//
// log_cms_dataifo
@@ -871,13 +875,19 @@
this.data_cms_copyPaylaod.Text = "复制Payload";
this.data_cms_copyPaylaod.Click += new System.EventHandler(this.data_cms_copyPaylaod_Click);
//
// img_line
//
this.img_line.ImageStream = ((System.Windows.Forms.ImageListStreamer)(resources.GetObject("img_line.ImageStream")));
this.img_line.TransparentColor = System.Drawing.Color.Transparent;
this.img_line.Images.SetKeyName(0, "line.png");
//
// groupBox6
//
this.groupBox6.Controls.Add(this.tabControl2);
this.groupBox6.Dock = System.Windows.Forms.DockStyle.Fill;
this.groupBox6.Location = new System.Drawing.Point(0, 0);
this.groupBox6.Name = "groupBox6";
this.groupBox6.Size = new System.Drawing.Size(832, 217);
this.groupBox6.Size = new System.Drawing.Size(832, 210);
this.groupBox6.TabIndex = 1;
this.groupBox6.TabStop = false;
this.groupBox6.Text = "数据包详情";
@@ -891,7 +901,7 @@
this.tabControl2.Location = new System.Drawing.Point(3, 17);
this.tabControl2.Name = "tabControl2";
this.tabControl2.SelectedIndex = 0;
this.tabControl2.Size = new System.Drawing.Size(826, 197);
this.tabControl2.Size = new System.Drawing.Size(826, 190);
this.tabControl2.TabIndex = 0;
//
// tabPage3
@@ -900,7 +910,7 @@
this.tabPage3.Location = new System.Drawing.Point(4, 22);
this.tabPage3.Name = "tabPage3";
this.tabPage3.Padding = new System.Windows.Forms.Padding(3);
this.tabPage3.Size = new System.Drawing.Size(818, 171);
this.tabPage3.Size = new System.Drawing.Size(818, 164);
this.tabPage3.TabIndex = 0;
this.tabPage3.Text = "请 求";
this.tabPage3.UseVisualStyleBackColor = true;
@@ -911,7 +921,7 @@
this.log_txt_request.Dock = System.Windows.Forms.DockStyle.Fill;
this.log_txt_request.Location = new System.Drawing.Point(3, 3);
this.log_txt_request.Name = "log_txt_request";
this.log_txt_request.Size = new System.Drawing.Size(812, 165);
this.log_txt_request.Size = new System.Drawing.Size(812, 158);
this.log_txt_request.TabIndex = 0;
this.log_txt_request.Text = "";
//
@@ -962,9 +972,9 @@
this.tab_file.Controls.Add(this.file_txt_result);
this.tab_file.Controls.Add(this.groupBox7);
this.tab_file.ImageKey = "editFile.png";
this.tab_file.Location = new System.Drawing.Point(4, 29);
this.tab_file.Location = new System.Drawing.Point(4, 32);
this.tab_file.Name = "tab_file";
this.tab_file.Size = new System.Drawing.Size(832, 433);
this.tab_file.Size = new System.Drawing.Size(832, 416);
this.tab_file.TabIndex = 4;
this.tab_file.Text = "文件操作";
//
@@ -978,7 +988,7 @@
this.file_txt_result.Multiline = true;
this.file_txt_result.Name = "file_txt_result";
this.file_txt_result.ScrollBars = System.Windows.Forms.ScrollBars.Vertical;
this.file_txt_result.Size = new System.Drawing.Size(826, 345);
this.file_txt_result.Size = new System.Drawing.Size(826, 340);
this.file_txt_result.TabIndex = 0;
this.file_txt_result.TextChanged += new System.EventHandler(this.file_txt_result_TextChanged);
this.file_txt_result.KeyDown += new System.Windows.Forms.KeyEventHandler(this.file_txt_result_KeyDown);
@@ -1077,10 +1087,10 @@
this.tab_dataCenter.BackColor = System.Drawing.SystemColors.Window;
this.tab_dataCenter.Controls.Add(this.tabC_dataCenter);
this.tab_dataCenter.ImageKey = "db.png";
this.tab_dataCenter.Location = new System.Drawing.Point(4, 29);
this.tab_dataCenter.Location = new System.Drawing.Point(4, 32);
this.tab_dataCenter.Name = "tab_dataCenter";
this.tab_dataCenter.Padding = new System.Windows.Forms.Padding(3);
this.tab_dataCenter.Size = new System.Drawing.Size(832, 433);
this.tab_dataCenter.Size = new System.Drawing.Size(832, 416);
this.tab_dataCenter.TabIndex = 1;
this.tab_dataCenter.Text = "数据中心";
//
@@ -1094,7 +1104,7 @@
this.tabC_dataCenter.Name = "tabC_dataCenter";
this.tabC_dataCenter.Padding = new System.Drawing.Point(6, 6);
this.tabC_dataCenter.SelectedIndex = 0;
this.tabC_dataCenter.Size = new System.Drawing.Size(826, 427);
this.tabC_dataCenter.Size = new System.Drawing.Size(826, 410);
this.tabC_dataCenter.TabIndex = 2;
//
// tab_vers
@@ -1105,7 +1115,7 @@
this.tab_vers.Location = new System.Drawing.Point(4, 29);
this.tab_vers.Name = "tab_vers";
this.tab_vers.Padding = new System.Windows.Forms.Padding(3);
this.tab_vers.Size = new System.Drawing.Size(818, 394);
this.tab_vers.Size = new System.Drawing.Size(818, 377);
this.tab_vers.TabIndex = 0;
this.tab_vers.Text = "环境变量";
this.tab_vers.UseVisualStyleBackColor = true;
@@ -1119,7 +1129,7 @@
this.toolStrip_vers_btn_selectReverse,
this.toolStrip_vers_btn_getVariable,
this.toolStrip_vers_btn_stopGetVariable});
this.toolStrip_getVers.Location = new System.Drawing.Point(3, 366);
this.toolStrip_getVers.Location = new System.Drawing.Point(3, 349);
this.toolStrip_getVers.Name = "toolStrip_getVers";
this.toolStrip_getVers.RenderMode = System.Windows.Forms.ToolStripRenderMode.System;
this.toolStrip_getVers.Size = new System.Drawing.Size(812, 25);
@@ -1177,7 +1187,7 @@
this.data_lvw_ver.HideSelection = false;
this.data_lvw_ver.Location = new System.Drawing.Point(3, 3);
this.data_lvw_ver.Name = "data_lvw_ver";
this.data_lvw_ver.Size = new System.Drawing.Size(810, 360);
this.data_lvw_ver.Size = new System.Drawing.Size(810, 343);
this.data_lvw_ver.TabIndex = 0;
this.data_lvw_ver.UseCompatibleStateImageBehavior = false;
this.data_lvw_ver.View = System.Windows.Forms.View.Details;
@@ -1245,7 +1255,7 @@
this.tab_dbs.Location = new System.Drawing.Point(4, 29);
this.tab_dbs.Name = "tab_dbs";
this.tab_dbs.Padding = new System.Windows.Forms.Padding(3);
this.tab_dbs.Size = new System.Drawing.Size(818, 394);
this.tab_dbs.Size = new System.Drawing.Size(818, 391);
this.tab_dbs.TabIndex = 1;
this.tab_dbs.Text = "数据库信息";
this.tab_dbs.UseVisualStyleBackColor = true;
@@ -1265,7 +1275,7 @@
//
this.spc_dbs.Panel2.Controls.Add(this.toolStrip1);
this.spc_dbs.Panel2.Controls.Add(this.groupBox4);
this.spc_dbs.Size = new System.Drawing.Size(812, 388);
this.spc_dbs.Size = new System.Drawing.Size(812, 385);
this.spc_dbs.SplitterDistance = 240;
this.spc_dbs.SplitterWidth = 3;
this.spc_dbs.TabIndex = 5;
@@ -1279,7 +1289,7 @@
this.data_dbs_tsl_getTables,
this.data_dbs_tsl_getColumns});
this.data_dbs_ts.LayoutStyle = System.Windows.Forms.ToolStripLayoutStyle.HorizontalStackWithOverflow;
this.data_dbs_ts.Location = new System.Drawing.Point(0, 363);
this.data_dbs_ts.Location = new System.Drawing.Point(0, 360);
this.data_dbs_ts.Name = "data_dbs_ts";
this.data_dbs_ts.Padding = new System.Windows.Forms.Padding(5, 0, 0, 0);
this.data_dbs_ts.RenderMode = System.Windows.Forms.ToolStripRenderMode.System;
@@ -1322,7 +1332,7 @@
this.groupBox2.Controls.Add(this.data_tvw_dbs);
this.groupBox2.Location = new System.Drawing.Point(5, 6);
this.groupBox2.Name = "groupBox2";
this.groupBox2.Size = new System.Drawing.Size(235, 355);
this.groupBox2.Size = new System.Drawing.Size(235, 352);
this.groupBox2.TabIndex = 0;
this.groupBox2.TabStop = false;
this.groupBox2.Text = "数据库信息";
@@ -1339,7 +1349,7 @@
this.data_tvw_dbs.Location = new System.Drawing.Point(3, 17);
this.data_tvw_dbs.Name = "data_tvw_dbs";
this.data_tvw_dbs.SelectedImageIndex = 6;
this.data_tvw_dbs.Size = new System.Drawing.Size(229, 335);
this.data_tvw_dbs.Size = new System.Drawing.Size(229, 332);
this.data_tvw_dbs.TabIndex = 0;
this.data_tvw_dbs.AfterCheck += new System.Windows.Forms.TreeViewEventHandler(this.data_tvw_dbs_AfterCheck);
this.data_tvw_dbs.AfterSelect += new System.Windows.Forms.TreeViewEventHandler(this.data_tvw_dbs_AfterSelect);
@@ -1456,7 +1466,7 @@
this.data_dbs_tsl_getDatas,
this.data_dbs_tsl_exportDatas,
this.data_dbs_tsl_stopGetDatas});
this.toolStrip1.Location = new System.Drawing.Point(0, 363);
this.toolStrip1.Location = new System.Drawing.Point(0, 360);
this.toolStrip1.Name = "toolStrip1";
this.toolStrip1.RenderMode = System.Windows.Forms.ToolStripRenderMode.System;
this.toolStrip1.Size = new System.Drawing.Size(569, 25);
@@ -1542,7 +1552,7 @@
this.groupBox4.Dock = System.Windows.Forms.DockStyle.Fill;
this.groupBox4.Location = new System.Drawing.Point(0, 0);
this.groupBox4.Name = "groupBox4";
this.groupBox4.Size = new System.Drawing.Size(569, 388);
this.groupBox4.Size = new System.Drawing.Size(569, 385);
this.groupBox4.TabIndex = 1;
this.groupBox4.TabStop = false;
this.groupBox4.Text = "获取数据";
@@ -1558,7 +1568,7 @@
this.data_dbs_lvw_data.HideSelection = false;
this.data_dbs_lvw_data.Location = new System.Drawing.Point(3, 17);
this.data_dbs_lvw_data.Name = "data_dbs_lvw_data";
this.data_dbs_lvw_data.Size = new System.Drawing.Size(563, 368);
this.data_dbs_lvw_data.Size = new System.Drawing.Size(563, 365);
this.data_dbs_lvw_data.SmallImageList = this.img_line;
this.data_dbs_lvw_data.TabIndex = 1;
this.data_dbs_lvw_data.UseCompatibleStateImageBehavior = false;
@@ -1621,10 +1631,10 @@
this.tab_injectCenter.BackgroundImageLayout = System.Windows.Forms.ImageLayout.None;
this.tab_injectCenter.Controls.Add(this.groupBox1);
this.tab_injectCenter.ImageKey = "config.png";
this.tab_injectCenter.Location = new System.Drawing.Point(4, 29);
this.tab_injectCenter.Location = new System.Drawing.Point(4, 32);
this.tab_injectCenter.Name = "tab_injectCenter";
this.tab_injectCenter.Padding = new System.Windows.Forms.Padding(3);
this.tab_injectCenter.Size = new System.Drawing.Size(832, 433);
this.tab_injectCenter.Size = new System.Drawing.Size(832, 416);
this.tab_injectCenter.TabIndex = 0;
this.tab_injectCenter.Text = "注入中心";
//
@@ -1635,7 +1645,7 @@
this.groupBox1.Dock = System.Windows.Forms.DockStyle.Fill;
this.groupBox1.Location = new System.Drawing.Point(3, 3);
this.groupBox1.Name = "groupBox1";
this.groupBox1.Size = new System.Drawing.Size(826, 427);
this.groupBox1.Size = new System.Drawing.Size(826, 410);
this.groupBox1.TabIndex = 1;
this.groupBox1.TabStop = false;
//
@@ -1653,7 +1663,7 @@
this.tabControl1.Name = "tabControl1";
this.tabControl1.Padding = new System.Drawing.Point(0, 0);
this.tabControl1.SelectedIndex = 0;
this.tabControl1.Size = new System.Drawing.Size(565, 408);
this.tabControl1.Size = new System.Drawing.Size(565, 391);
this.tabControl1.TabIndex = 14;
//
// tab_datapack
@@ -1664,7 +1674,7 @@
this.tab_datapack.Location = new System.Drawing.Point(4, 29);
this.tab_datapack.Name = "tab_datapack";
this.tab_datapack.Padding = new System.Windows.Forms.Padding(3);
this.tab_datapack.Size = new System.Drawing.Size(557, 375);
this.tab_datapack.Size = new System.Drawing.Size(557, 358);
this.tab_datapack.TabIndex = 0;
this.tab_datapack.Text = "HTTP请求包";
//
@@ -1678,7 +1688,7 @@
this.txt_inject_request.ForeColor = System.Drawing.Color.FromArgb(((int)(((byte)(64)))), ((int)(((byte)(64)))), ((int)(((byte)(64)))));
this.txt_inject_request.Location = new System.Drawing.Point(3, 3);
this.txt_inject_request.Name = "txt_inject_request";
this.txt_inject_request.Size = new System.Drawing.Size(551, 369);
this.txt_inject_request.Size = new System.Drawing.Size(551, 352);
this.txt_inject_request.TabIndex = 14;
this.txt_inject_request.Text = resources.GetString("txt_inject_request.Text");
this.txt_inject_request.TextChanged += new System.EventHandler(this.txt_inject_request_TextChanged);
@@ -1730,7 +1740,7 @@
this.tab_tokenset.Location = new System.Drawing.Point(4, 29);
this.tab_tokenset.Name = "tab_tokenset";
this.tab_tokenset.Padding = new System.Windows.Forms.Padding(3);
this.tab_tokenset.Size = new System.Drawing.Size(557, 375);
this.tab_tokenset.Size = new System.Drawing.Size(557, 358);
this.tab_tokenset.TabIndex = 1;
this.tab_tokenset.Text = "Token/随机值";
this.tab_tokenset.UseVisualStyleBackColor = true;
@@ -1741,7 +1751,7 @@
this.groupBox17.Dock = System.Windows.Forms.DockStyle.Fill;
this.groupBox17.Location = new System.Drawing.Point(3, 3);
this.groupBox17.Name = "groupBox17";
this.groupBox17.Size = new System.Drawing.Size(551, 305);
this.groupBox17.Size = new System.Drawing.Size(551, 288);
this.groupBox17.TabIndex = 25;
this.groupBox17.TabStop = false;
this.groupBox17.Text = "获取Token的HTTP请求包";
@@ -1752,7 +1762,7 @@
this.token_txt_http_request.Dock = System.Windows.Forms.DockStyle.Fill;
this.token_txt_http_request.Location = new System.Drawing.Point(3, 17);
this.token_txt_http_request.Name = "token_txt_http_request";
this.token_txt_http_request.Size = new System.Drawing.Size(545, 285);
this.token_txt_http_request.Size = new System.Drawing.Size(545, 268);
this.token_txt_http_request.TabIndex = 0;
this.token_txt_http_request.Text = "";
this.token_txt_http_request.TextChanged += new System.EventHandler(this.token_txt_http_request_TextChanged);
@@ -1766,7 +1776,7 @@
this.groupBox19.Controls.Add(this.token_txt_startStr);
this.groupBox19.Controls.Add(this.token_btn_testGetToken);
this.groupBox19.Dock = System.Windows.Forms.DockStyle.Bottom;
this.groupBox19.Location = new System.Drawing.Point(3, 308);
this.groupBox19.Location = new System.Drawing.Point(3, 291);
this.groupBox19.Name = "groupBox19";
this.groupBox19.Size = new System.Drawing.Size(551, 64);
this.groupBox19.TabIndex = 25;
@@ -1826,7 +1836,7 @@
this.tab_sencond_inject.Controls.Add(this.groupBox20);
this.tab_sencond_inject.Location = new System.Drawing.Point(4, 29);
this.tab_sencond_inject.Name = "tab_sencond_inject";
this.tab_sencond_inject.Size = new System.Drawing.Size(557, 375);
this.tab_sencond_inject.Size = new System.Drawing.Size(557, 358);
this.tab_sencond_inject.TabIndex = 2;
this.tab_sencond_inject.Text = "二次注入";
this.tab_sencond_inject.UseVisualStyleBackColor = true;
@@ -1840,7 +1850,7 @@
this.groupBox20.Controls.Add(this.groupBox21);
this.groupBox20.Location = new System.Drawing.Point(0, 3);
this.groupBox20.Name = "groupBox20";
this.groupBox20.Size = new System.Drawing.Size(555, 361);
this.groupBox20.Size = new System.Drawing.Size(555, 349);
this.groupBox20.TabIndex = 26;
this.groupBox20.TabStop = false;
this.groupBox20.Text = "二次注入请求包";
@@ -1853,7 +1863,7 @@
this.txt_sencond_request.DetectUrls = false;
this.txt_sencond_request.Location = new System.Drawing.Point(6, 19);
this.txt_sencond_request.Name = "txt_sencond_request";
this.txt_sencond_request.Size = new System.Drawing.Size(541, 281);
this.txt_sencond_request.Size = new System.Drawing.Size(541, 269);
this.txt_sencond_request.TabIndex = 11;
this.txt_sencond_request.Text = "";
this.txt_sencond_request.TextChanged += new System.EventHandler(this.txt_sencond_request_TextChanged);
@@ -1864,7 +1874,7 @@
this.groupBox21.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.groupBox21.Controls.Add(this.label28);
this.groupBox21.Location = new System.Drawing.Point(6, 306);
this.groupBox21.Location = new System.Drawing.Point(6, 294);
this.groupBox21.Name = "groupBox21";
this.groupBox21.Size = new System.Drawing.Size(541, 50);
this.groupBox21.TabIndex = 10;
@@ -1899,7 +1909,7 @@
this.groupBox3.Controls.Add(this.btn_inject_setInject);
this.groupBox3.Location = new System.Drawing.Point(577, 13);
this.groupBox3.Name = "groupBox3";
this.groupBox3.Size = new System.Drawing.Size(247, 408);
this.groupBox3.Size = new System.Drawing.Size(247, 384);
this.groupBox3.TabIndex = 12;
this.groupBox3.TabStop = false;
this.groupBox3.Text = "注入设置";
@@ -1914,9 +1924,9 @@
this.groupBox16.Controls.Add(this.label8);
this.groupBox16.Controls.Add(this.txt_inject_unionTemplate);
this.groupBox16.Controls.Add(this.txt_inject_unionColumnsCount);
this.groupBox16.Location = new System.Drawing.Point(0, 157);
this.groupBox16.Location = new System.Drawing.Point(0, 145);
this.groupBox16.Name = "groupBox16";
this.groupBox16.Size = new System.Drawing.Size(249, 94);
this.groupBox16.Size = new System.Drawing.Size(249, 88);
this.groupBox16.TabIndex = 14;
this.groupBox16.TabStop = false;
this.groupBox16.Text = "Union注入取数据配置";
@@ -1924,7 +1934,7 @@
// label34
//
this.label34.AutoSize = true;
this.label34.Location = new System.Drawing.Point(11, 61);
this.label34.Location = new System.Drawing.Point(11, 57);
this.label34.Name = "label34";
this.label34.Size = new System.Drawing.Size(65, 12);
this.label34.TabIndex = 1;
@@ -1933,7 +1943,7 @@
// label4
//
this.label4.AutoSize = true;
this.label4.Location = new System.Drawing.Point(11, 26);
this.label4.Location = new System.Drawing.Point(11, 25);
this.label4.Name = "label4";
this.label4.Size = new System.Drawing.Size(53, 12);
this.label4.TabIndex = 1;
@@ -1941,7 +1951,7 @@
//
// txt_inject_showIndex
//
this.txt_inject_showIndex.Location = new System.Drawing.Point(195, 22);
this.txt_inject_showIndex.Location = new System.Drawing.Point(195, 21);
this.txt_inject_showIndex.MaxLength = 3;
this.txt_inject_showIndex.Name = "txt_inject_showIndex";
this.txt_inject_showIndex.Size = new System.Drawing.Size(40, 21);
@@ -1952,7 +1962,7 @@
// label8
//
this.label8.AutoSize = true;
this.label8.Location = new System.Drawing.Point(135, 26);
this.label8.Location = new System.Drawing.Point(135, 25);
this.label8.Name = "label8";
this.label8.Size = new System.Drawing.Size(53, 12);
this.label8.TabIndex = 8;
@@ -1962,7 +1972,7 @@
//
this.txt_inject_unionTemplate.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.txt_inject_unionTemplate.Location = new System.Drawing.Point(78, 58);
this.txt_inject_unionTemplate.Location = new System.Drawing.Point(78, 54);
this.txt_inject_unionTemplate.MaxLength = 1000;
this.txt_inject_unionTemplate.Name = "txt_inject_unionTemplate";
this.txt_inject_unionTemplate.Size = new System.Drawing.Size(158, 21);
@@ -1982,7 +1992,7 @@
// btn_inject_sendData
//
this.btn_inject_sendData.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.btn_inject_sendData.Location = new System.Drawing.Point(13, 119);
this.btn_inject_sendData.Location = new System.Drawing.Point(13, 113);
this.btn_inject_sendData.Name = "btn_inject_sendData";
this.btn_inject_sendData.Size = new System.Drawing.Size(99, 23);
this.btn_inject_sendData.TabIndex = 14;
@@ -1993,7 +2003,7 @@
// btn_inject_clearRequest
//
this.btn_inject_clearRequest.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.btn_inject_clearRequest.Location = new System.Drawing.Point(137, 119);
this.btn_inject_clearRequest.Location = new System.Drawing.Point(137, 113);
this.btn_inject_clearRequest.Name = "btn_inject_clearRequest";
this.btn_inject_clearRequest.Size = new System.Drawing.Size(99, 23);
this.btn_inject_clearRequest.TabIndex = 10;
@@ -2013,9 +2023,9 @@
this.groupBox15.Controls.Add(this.injectConfig_btn_checkKey);
this.groupBox15.Controls.Add(this.txt_inject_key);
this.groupBox15.Controls.Add(this.chk_inject_reverseKey);
this.groupBox15.Location = new System.Drawing.Point(0, 257);
this.groupBox15.Location = new System.Drawing.Point(0, 239);
this.groupBox15.Name = "groupBox15";
this.groupBox15.Size = new System.Drawing.Size(249, 148);
this.groupBox15.Size = new System.Drawing.Size(249, 145);
this.groupBox15.TabIndex = 14;
this.groupBox15.TabStop = false;
this.groupBox15.Text = "盲注取数据配置";
@@ -2059,7 +2069,7 @@
// inject_btn_autoFindKey
//
this.inject_btn_autoFindKey.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.inject_btn_autoFindKey.Location = new System.Drawing.Point(11, 111);
this.inject_btn_autoFindKey.Location = new System.Drawing.Point(11, 110);
this.inject_btn_autoFindKey.Name = "inject_btn_autoFindKey";
this.inject_btn_autoFindKey.Size = new System.Drawing.Size(99, 23);
this.inject_btn_autoFindKey.TabIndex = 24;
@@ -2070,7 +2080,7 @@
// injectConfig_btn_checkKey
//
this.injectConfig_btn_checkKey.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.injectConfig_btn_checkKey.Location = new System.Drawing.Point(137, 111);
this.injectConfig_btn_checkKey.Location = new System.Drawing.Point(137, 110);
this.injectConfig_btn_checkKey.Name = "injectConfig_btn_checkKey";
this.injectConfig_btn_checkKey.Size = new System.Drawing.Size(99, 23);
this.injectConfig_btn_checkKey.TabIndex = 23;
@@ -2142,7 +2152,7 @@
// btn_inject_randStr
//
this.btn_inject_randStr.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.btn_inject_randStr.Location = new System.Drawing.Point(137, 84);
this.btn_inject_randStr.Location = new System.Drawing.Point(137, 80);
this.btn_inject_randStr.Name = "btn_inject_randStr";
this.btn_inject_randStr.Size = new System.Drawing.Size(99, 23);
this.btn_inject_randStr.TabIndex = 10;
@@ -2153,7 +2163,7 @@
// btn_inject_setTokenLocation
//
this.btn_inject_setTokenLocation.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.btn_inject_setTokenLocation.Location = new System.Drawing.Point(12, 84);
this.btn_inject_setTokenLocation.Location = new System.Drawing.Point(12, 80);
this.btn_inject_setTokenLocation.Name = "btn_inject_setTokenLocation";
this.btn_inject_setTokenLocation.Size = new System.Drawing.Size(99, 23);
this.btn_inject_setTokenLocation.TabIndex = 10;
@@ -2210,12 +2220,12 @@
this.mytab.Controls.Add(this.tab_injectLog);
this.mytab.Controls.Add(this.tab_logCenter);
this.mytab.ImageList = this.myicon_list;
this.mytab.ItemSize = new System.Drawing.Size(82, 25);
this.mytab.ItemSize = new System.Drawing.Size(82, 28);
this.mytab.Location = new System.Drawing.Point(9, 120);
this.mytab.Name = "mytab";
this.mytab.Padding = new System.Drawing.Point(0, 0);
this.mytab.SelectedIndex = 0;
this.mytab.Size = new System.Drawing.Size(840, 466);
this.mytab.Size = new System.Drawing.Size(840, 452);
this.mytab.TabIndex = 1;
//
// tab_proxy
@@ -2224,10 +2234,10 @@
this.tab_proxy.Controls.Add(this.groupBox25);
this.tab_proxy.Controls.Add(this.groupBox24);
this.tab_proxy.ImageKey = "proxy.png";
this.tab_proxy.Location = new System.Drawing.Point(4, 29);
this.tab_proxy.Location = new System.Drawing.Point(4, 32);
this.tab_proxy.Name = "tab_proxy";
this.tab_proxy.Padding = new System.Windows.Forms.Padding(3);
this.tab_proxy.Size = new System.Drawing.Size(832, 433);
this.tab_proxy.Size = new System.Drawing.Size(832, 416);
this.tab_proxy.TabIndex = 11;
this.tab_proxy.Text = "代理设置";
//
@@ -2367,7 +2377,7 @@
this.groupBox24.Controls.Add(this.proxy_lvw_proxyList);
this.groupBox24.Location = new System.Drawing.Point(6, 76);
this.groupBox24.Name = "groupBox24";
this.groupBox24.Size = new System.Drawing.Size(821, 348);
this.groupBox24.Size = new System.Drawing.Size(821, 343);
this.groupBox24.TabIndex = 6;
this.groupBox24.TabStop = false;
this.groupBox24.Text = "代理池列表";
@@ -2379,7 +2389,7 @@
this.toolStrip_proxyList.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.proxy_ts_btn_clearAllFailedProxy,
this.proxy_ts_btn_proxy_checkNoCheckProxy});
this.toolStrip_proxyList.Location = new System.Drawing.Point(3, 320);
this.toolStrip_proxyList.Location = new System.Drawing.Point(3, 315);
this.toolStrip_proxyList.Name = "toolStrip_proxyList";
this.toolStrip_proxyList.RenderMode = System.Windows.Forms.ToolStripRenderMode.System;
this.toolStrip_proxyList.Size = new System.Drawing.Size(815, 25);
@@ -2555,7 +2565,7 @@
this.proxy_lvw_proxyList.HideSelection = false;
this.proxy_lvw_proxyList.Location = new System.Drawing.Point(6, 83);
this.proxy_lvw_proxyList.Name = "proxy_lvw_proxyList";
this.proxy_lvw_proxyList.Size = new System.Drawing.Size(808, 234);
this.proxy_lvw_proxyList.Size = new System.Drawing.Size(808, 229);
this.proxy_lvw_proxyList.SmallImageList = this.img_line;
this.proxy_lvw_proxyList.TabIndex = 0;
this.proxy_lvw_proxyList.UseCompatibleStateImageBehavior = false;
@@ -2569,36 +2579,43 @@
// col_port
//
this.col_port.Text = "代理端口";
this.col_port.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.col_port.Width = 80;
//
// col_proxyType
//
this.col_proxyType.Text = "代理类型";
this.col_proxyType.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.col_proxyType.Width = 80;
//
// col_username
//
this.col_username.Text = "代理账号";
this.col_username.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.col_username.Width = 120;
//
// col_password
//
this.col_password.Text = "代理密码";
this.col_password.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.col_password.Width = 120;
//
// col_conectIsOK
//
this.col_conectIsOK.Text = "是否可用";
this.col_conectIsOK.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.col_conectIsOK.Width = 70;
//
// col_useTime
//
this.col_useTime.Text = "用时[毫秒]";
this.col_useTime.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.col_useTime.Width = 80;
//
// col_checkTime
//
this.col_checkTime.Text = "验证时间";
this.col_checkTime.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
this.col_checkTime.Width = 130;
//
// proxy_cms
@@ -2693,9 +2710,9 @@
this.tab_cmd.Controls.Add(this.cmd_txt_result);
this.tab_cmd.Controls.Add(this.groupBox8);
this.tab_cmd.ImageKey = "cmd.png";
this.tab_cmd.Location = new System.Drawing.Point(4, 29);
this.tab_cmd.Location = new System.Drawing.Point(4, 32);
this.tab_cmd.Name = "tab_cmd";
this.tab_cmd.Size = new System.Drawing.Size(832, 433);
this.tab_cmd.Size = new System.Drawing.Size(832, 416);
this.tab_cmd.TabIndex = 6;
this.tab_cmd.Text = "命令执行";
//
@@ -2709,7 +2726,7 @@
this.cmd_txt_result.Multiline = true;
this.cmd_txt_result.Name = "cmd_txt_result";
this.cmd_txt_result.ScrollBars = System.Windows.Forms.ScrollBars.Vertical;
this.cmd_txt_result.Size = new System.Drawing.Size(826, 335);
this.cmd_txt_result.Size = new System.Drawing.Size(826, 330);
this.cmd_txt_result.TabIndex = 2;
this.cmd_txt_result.TextChanged += new System.EventHandler(this.cmd_txt_result_TextChanged);
this.cmd_txt_result.KeyDown += new System.Windows.Forms.KeyEventHandler(this.cmd_txt_result_KeyDown);
@@ -2787,9 +2804,9 @@
this.tab_bypass.BackColor = System.Drawing.SystemColors.Window;
this.tab_bypass.Controls.Add(this.groupBox9);
this.tab_bypass.ImageKey = "bypass.png";
this.tab_bypass.Location = new System.Drawing.Point(4, 29);
this.tab_bypass.Location = new System.Drawing.Point(4, 32);
this.tab_bypass.Name = "tab_bypass";
this.tab_bypass.Size = new System.Drawing.Size(832, 433);
this.tab_bypass.Size = new System.Drawing.Size(832, 416);
this.tab_bypass.TabIndex = 7;
this.tab_bypass.Text = "注入绕过";
//
@@ -2803,7 +2820,7 @@
this.groupBox9.Controls.Add(this.groupBox22);
this.groupBox9.Location = new System.Drawing.Point(3, 8);
this.groupBox9.Name = "groupBox9";
this.groupBox9.Size = new System.Drawing.Size(826, 419);
this.groupBox9.Size = new System.Drawing.Size(826, 414);
this.groupBox9.TabIndex = 1;
this.groupBox9.TabStop = false;
this.groupBox9.Text = "注入绕过处理";
@@ -2815,7 +2832,7 @@
this.groupBox18.Controls.Add(this.bypass_btn_saveTemplate);
this.groupBox18.Controls.Add(this.bypass_cbox_loadTemplate);
this.groupBox18.Controls.Add(this.label33);
this.groupBox18.Location = new System.Drawing.Point(9, 358);
this.groupBox18.Location = new System.Drawing.Point(9, 353);
this.groupBox18.Name = "groupBox18";
this.groupBox18.Size = new System.Drawing.Size(811, 51);
this.groupBox18.TabIndex = 25;
@@ -2866,7 +2883,7 @@
this.groupBox23.Controls.Add(this.bypass_txt_replace);
this.groupBox23.Location = new System.Drawing.Point(9, 124);
this.groupBox23.Name = "groupBox23";
this.groupBox23.Size = new System.Drawing.Size(811, 230);
this.groupBox23.Size = new System.Drawing.Size(811, 225);
this.groupBox23.TabIndex = 27;
this.groupBox23.TabStop = false;
this.groupBox23.Text = "字符替换处理";
@@ -2924,7 +2941,7 @@
this.bypass_lvw_replaceString.HideSelection = false;
this.bypass_lvw_replaceString.Location = new System.Drawing.Point(7, 64);
this.bypass_lvw_replaceString.Name = "bypass_lvw_replaceString";
this.bypass_lvw_replaceString.Size = new System.Drawing.Size(798, 159);
this.bypass_lvw_replaceString.Size = new System.Drawing.Size(798, 154);
this.bypass_lvw_replaceString.SmallImageList = this.img_line;
this.bypass_lvw_replaceString.TabIndex = 7;
this.bypass_lvw_replaceString.UseCompatibleStateImageBehavior = false;
@@ -3187,9 +3204,9 @@
this.tab_encoding.Controls.Add(this.groupBox11);
this.tab_encoding.Controls.Add(this.groupBox10);
this.tab_encoding.ImageKey = "convert.png";
this.tab_encoding.Location = new System.Drawing.Point(4, 29);
this.tab_encoding.Location = new System.Drawing.Point(4, 32);
this.tab_encoding.Name = "tab_encoding";
this.tab_encoding.Size = new System.Drawing.Size(832, 433);
this.tab_encoding.Size = new System.Drawing.Size(832, 416);
this.tab_encoding.TabIndex = 5;
this.tab_encoding.Text = "编码转换";
//
@@ -3201,7 +3218,7 @@
this.groupBox13.Controls.Add(this.label23);
this.groupBox13.Controls.Add(this.encode_cbox_encode);
this.groupBox13.Controls.Add(this.encode_cbox_decode);
this.groupBox13.Location = new System.Drawing.Point(6, 369);
this.groupBox13.Location = new System.Drawing.Point(6, 364);
this.groupBox13.Name = "groupBox13";
this.groupBox13.Size = new System.Drawing.Size(819, 53);
this.groupBox13.TabIndex = 8;
@@ -3280,7 +3297,7 @@
this.groupBox11.Controls.Add(this.encode_txt_result);
this.groupBox11.Location = new System.Drawing.Point(6, 171);
this.groupBox11.Name = "groupBox11";
this.groupBox11.Size = new System.Drawing.Size(819, 187);
this.groupBox11.Size = new System.Drawing.Size(819, 182);
this.groupBox11.TabIndex = 7;
this.groupBox11.TabStop = false;
this.groupBox11.Text = "结果:";
@@ -3293,7 +3310,7 @@
this.encode_txt_result.Multiline = true;
this.encode_txt_result.Name = "encode_txt_result";
this.encode_txt_result.ScrollBars = System.Windows.Forms.ScrollBars.Vertical;
this.encode_txt_result.Size = new System.Drawing.Size(813, 167);
this.encode_txt_result.Size = new System.Drawing.Size(813, 162);
this.encode_txt_result.TabIndex = 2;
this.encode_txt_result.KeyDown += new System.Windows.Forms.KeyEventHandler(this.encode_txt_result_KeyDown);
//
@@ -3328,9 +3345,9 @@
this.tab_scanInjection.Controls.Add(this.groupBox14);
this.tab_scanInjection.Controls.Add(this.groupBox12);
this.tab_scanInjection.ImageKey = "scan.png";
this.tab_scanInjection.Location = new System.Drawing.Point(4, 29);
this.tab_scanInjection.Location = new System.Drawing.Point(4, 32);
this.tab_scanInjection.Name = "tab_scanInjection";
this.tab_scanInjection.Size = new System.Drawing.Size(832, 433);
this.tab_scanInjection.Size = new System.Drawing.Size(832, 416);
this.tab_scanInjection.TabIndex = 8;
this.tab_scanInjection.Text = "注入扫描";
//
@@ -3342,7 +3359,7 @@
this.groupBox14.Controls.Add(this.splitContainer2);
this.groupBox14.Location = new System.Drawing.Point(6, 105);
this.groupBox14.Name = "groupBox14";
this.groupBox14.Size = new System.Drawing.Size(820, 325);
this.groupBox14.Size = new System.Drawing.Size(820, 320);
this.groupBox14.TabIndex = 21;
this.groupBox14.TabStop = false;
//
@@ -3359,7 +3376,7 @@
// splitContainer2.Panel2
//
this.splitContainer2.Panel2.Controls.Add(this.scanInjection_lvw_result);
this.splitContainer2.Size = new System.Drawing.Size(814, 305);
this.splitContainer2.Size = new System.Drawing.Size(814, 300);
this.splitContainer2.SplitterDistance = 245;
this.splitContainer2.SplitterWidth = 3;
this.splitContainer2.TabIndex = 18;
@@ -3373,7 +3390,7 @@
this.scanInject_lsb_links.Location = new System.Drawing.Point(0, 0);
this.scanInject_lsb_links.Name = "scanInject_lsb_links";
this.scanInject_lsb_links.ScrollAlwaysVisible = true;
this.scanInject_lsb_links.Size = new System.Drawing.Size(245, 305);
this.scanInject_lsb_links.Size = new System.Drawing.Size(245, 300);
this.scanInject_lsb_links.TabIndex = 0;
//
// scanInjectionURL_cms
@@ -3415,7 +3432,7 @@
this.scanInjection_lvw_result.HideSelection = false;
this.scanInjection_lvw_result.Location = new System.Drawing.Point(0, 0);
this.scanInjection_lvw_result.Name = "scanInjection_lvw_result";
this.scanInjection_lvw_result.Size = new System.Drawing.Size(566, 305);
this.scanInjection_lvw_result.Size = new System.Drawing.Size(566, 300);
this.scanInjection_lvw_result.SmallImageList = this.img_line;
this.scanInjection_lvw_result.TabIndex = 5;
this.scanInjection_lvw_result.UseCompatibleStateImageBehavior = false;
@@ -3700,10 +3717,10 @@
this.tab_injectLog.BackColor = System.Drawing.SystemColors.Window;
this.tab_injectLog.Controls.Add(this.lvw_injectLog);
this.tab_injectLog.ImageKey = "Ilog.png";
this.tab_injectLog.Location = new System.Drawing.Point(4, 29);
this.tab_injectLog.Location = new System.Drawing.Point(4, 32);
this.tab_injectLog.Name = "tab_injectLog";
this.tab_injectLog.Padding = new System.Windows.Forms.Padding(3);
this.tab_injectLog.Size = new System.Drawing.Size(832, 433);
this.tab_injectLog.Size = new System.Drawing.Size(832, 416);
this.tab_injectLog.TabIndex = 10;
this.tab_injectLog.Text = "注入记录";
//
@@ -3725,7 +3742,7 @@
this.lvw_injectLog.HideSelection = false;
this.lvw_injectLog.Location = new System.Drawing.Point(3, 3);
this.lvw_injectLog.Name = "lvw_injectLog";
this.lvw_injectLog.Size = new System.Drawing.Size(826, 427);
this.lvw_injectLog.Size = new System.Drawing.Size(826, 410);
this.lvw_injectLog.SmallImageList = this.img_line;
this.lvw_injectLog.TabIndex = 1;
this.lvw_injectLog.UseCompatibleStateImageBehavior = false;
@@ -3800,6 +3817,7 @@
//
// statusStrip1
//
this.statusStrip1.BackColor = System.Drawing.SystemColors.Control;
this.statusStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.toolStripStatusLabel1,
this.status_lbl_time,
@@ -4096,12 +4114,6 @@
this.tsmi_bugReport.Text = "Bug反馈";
this.tsmi_bugReport.Click += new System.EventHandler(this.tsmi_bugReport_Click);
//
// img_line
//
this.img_line.ImageStream = ((System.Windows.Forms.ImageListStreamer)(resources.GetObject("img_line.ImageStream")));
this.img_line.TransparentColor = System.Drawing.Color.Transparent;
this.img_line.Images.SetKeyName(0, "line.png");
//
// Main
//
this.AllowDrop = true;

258
SuperSQLInjection/Main.cs
View File

@@ -116,13 +116,14 @@ namespace SuperSQLInjection
}
else
{
this.Invoke(new delegateVoidShowResponse(ShowResponse),server);
this.Invoke(new delegateVoidShowResponse(ShowResponse), server);
}
}
private delegate void delegateVoidShowResponse(ServerInfo server);
private void ShowResponse(ServerInfo server){
private void ShowResponse(ServerInfo server)
{
ShowResponse sr = new ShowResponse();
sr.server = server;
this.sr = sr;
@@ -140,7 +141,8 @@ namespace SuperSQLInjection
t.Start();
}
}
private void addDBSToItems() {
private void addDBSToItems()
{
string[] dbnames = Enum.GetNames(typeof(DBType));
this.cbox_basic_dbType.Items.AddRange(dbnames);
@@ -284,7 +286,7 @@ namespace SuperSQLInjection
responseStream.Close();
}
public static int version = 20190823;
public static int version = 20190830;
public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
//检查更新
public void checkUpdate()
@@ -570,7 +572,7 @@ namespace SuperSQLInjection
/// </summary>
/// <param name="opayload"></param>
/// <returns></returns>
public String getOneDataByUnionOrError(String opayload,String start,String end)
public String getOneDataByUnionOrError(String opayload, String start, String end)
{
try
@@ -580,7 +582,7 @@ namespace SuperSQLInjection
if (server.body != null && server.body.Length > 0)
{
//查找格式^^!col$$$col!^^
Match m = Regex.Match(server.body, "(?<=("+start+"))[.\\s\\S]*?(?=("+ end + "))");
Match m = Regex.Match(server.body, "(?<=(" + start + "))[.\\s\\S]*?(?=(" + end + "))");
if (m.Success)
{
return m.Value;
@@ -716,7 +718,7 @@ namespace SuperSQLInjection
public void getVariablesByUnionByInformix(Object v)
{
String[] sv = v.ToString().Split(DBVers_Splite_Str);
String pay_load = Informix.getUnionDataValue(config.unionFillTemplate, sv[1], "", "", "",Informix.cast_value);
String pay_load = Informix.getUnionDataValue(config.unionFillTemplate, sv[1], "", "", "", Informix.cast_value);
String result = getOneDataByUnionOrErrorByInformix(pay_load);
this.data_lvw_ver.Invoke(new setVariableDelegate(setVariable), sv[0], result);
Interlocked.Increment(ref this.currentDataCount);
@@ -945,10 +947,11 @@ namespace SuperSQLInjection
{
stp.QueueWorkItem<String>(getVariableByBoolByInformixSleep, v);
}
else {
else
{
stp.QueueWorkItem<String>(getVariableByBoolByInformix, v);
}
break;
}
}
@@ -1422,34 +1425,42 @@ namespace SuperSQLInjection
delegate void addItemToListViewByColumnsDelegate(String colvs);
public void addItemToListViewBySQLServerXMLData(String xmldata,List<String> columns)
public void addItemToListViewBySQLServerXMLData(String xmldata, List<String> columns)
{
try {
try
{
ListViewItem lvi = new ListViewItem();
XmlDocument xml = new XmlDocument();
xml.LoadXml(xmldata);
XmlNodeList lines = xml.ChildNodes;
bool haveData = false;
for (int i=1; i< columns.Count;i++) {
for (int i = 1; i < columns.Count; i++)
{
lvi.SubItems.Add("");
}
if (lines.Count == 1) {
if (lines.Count == 1)
{
XmlAttributeCollection abs = lines[0].Attributes;
foreach (XmlAttribute attr in abs) {
foreach (XmlAttribute attr in abs)
{
int index = Tools.FindItemWithIgnoreCase(columns, attr.Name);
if (index != -1) {
if (index != -1)
{
haveData = true;
lvi.SubItems[index].Text = HttpUtility.HtmlDecode(attr.Value);
}
}
}
if (haveData) {
this.Invoke(new addItemToListViewDelegate(addItemToListView),lvi);
if (haveData)
{
this.Invoke(new addItemToListViewDelegate(addItemToListView), lvi);
}
} catch (Exception e) {
}
catch (Exception e)
{
this.txt_log.Invoke(new showLogDelegate(log), "解析SQLServer注入数据并添加到ListView发生错误" + e.Message, LogLevel.waring);
}
}
public void addItemToListViewByColumns(String colvs)
@@ -1462,7 +1473,7 @@ namespace SuperSQLInjection
addItemToListViewByColumns(colvs, Informix.mid);
}
public void addItemToListViewByColumns(String colvs,String splitReg)
public void addItemToListViewByColumns(String colvs, String splitReg)
{
String[] colv = Regex.Split(colvs, splitReg);
ListViewItem lvi = null;
@@ -1520,10 +1531,10 @@ namespace SuperSQLInjection
String tmp_va_payload = va_payload.Replace("{index}", i + "");
int ascii = getValue(tmp_va_payload, 32, 126);
value += ((char)ascii).ToString();
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList),db_index,value);
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + db_index + "的名称为:" + value, LogLevel.info);
}
catch (Exception e)
@@ -1577,7 +1588,7 @@ namespace SuperSQLInjection
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + db_index + "的名称为:" + value, LogLevel.info);
}
catch (Exception e)
@@ -1632,10 +1643,10 @@ namespace SuperSQLInjection
break;
}
}
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index-1, value);
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index - 1, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + db_index + "的名称为:" + value, LogLevel.info);
}
catch (Exception e)
@@ -1698,7 +1709,7 @@ namespace SuperSQLInjection
{
value += (char)Tools.convertToInt(unicodes.ToString());
}
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index-1, value);
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index - 1, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + db_index + "的名称为:" + value, LogLevel.info);
@@ -1741,10 +1752,10 @@ namespace SuperSQLInjection
String tmp_va_payload = va_payload.Replace("{index}", i + "");
int ascii = getValue(tmp_va_payload, 32, 126);
value += ((char)ascii).ToString();
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index-1,value);
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index - 1, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + db_index + "的名称为:" + value, LogLevel.info);
}
catch (Exception e)
@@ -1785,10 +1796,10 @@ namespace SuperSQLInjection
String tmp_va_payload = va_payload.Replace("{index}", i + "");
int ascii = getValue(tmp_va_payload, 32, 126);
value += ((char)ascii).ToString();
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index-1, value);
this.Invoke(new setDBToTreeListDelegate(setDBToTreeList), db_index - 1, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + db_index + "的名称为:" + value, LogLevel.info);
}
catch (Exception e)
@@ -1821,7 +1832,7 @@ namespace SuperSQLInjection
//判断当前数据库长度限制1-50
int len = getValue(payload_len, 1, 50);
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + (db_index+1) + "长度为:" + len, LogLevel.info);
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + (db_index + 1) + "长度为:" + len, LogLevel.info);
String value = "";
//获取值
@@ -1862,7 +1873,7 @@ namespace SuperSQLInjection
data_list.Add(MySQL.db_value.Replace("{index}", oindex.ToString()));
String db_Name_data = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1);
String result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", db_Name_data));
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + (index+1) + "的名称为:" + result, LogLevel.info);
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + (index + 1) + "的名称为:" + result, LogLevel.info);
this.Invoke(new addDBToTreeListDelegate(addDBToTreeList), result);
}
catch (Exception e)
@@ -1924,7 +1935,7 @@ namespace SuperSQLInjection
try
{
//获取数据库数量
String result = getOneDataByUnionOrError(DB2.getUnionDataValue(config.unionFillTemplate, DB2.db_value, "", "", oindex.ToString()));
this.txt_log.Invoke(new showLogDelegate(log), "数据库表模式" + oindex + "的名称为:" + result, LogLevel.info);
this.Invoke(new addDBToTreeListDelegate(addDBToTreeList), result);
@@ -2111,10 +2122,10 @@ namespace SuperSQLInjection
String tmp_va_payload = va_payload.Replace("{index}", i + "");
int ascii = getValue(tmp_va_payload, 0, 128);
value += ((char)ascii).ToString();
this.data_tvw_dbs.Invoke(new setNodeToTreeListDelegate(setNodeToTreeList), sn.tn, sn.limit,value);
this.data_tvw_dbs.Invoke(new setNodeToTreeListDelegate(setNodeToTreeList), sn.tn, sn.limit, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + sn.dbname + "发现表:" + value, LogLevel.info);
}
catch (Exception e)
@@ -2167,7 +2178,7 @@ namespace SuperSQLInjection
this.data_tvw_dbs.Invoke(new setNodeToTreeListDelegate(setNodeToTreeList), sn.tn, sn.limit, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + sn.dbname + "发现表:" + value, LogLevel.info);
}
catch (Exception e)
@@ -2203,10 +2214,10 @@ namespace SuperSQLInjection
String tmp_va_payload = va_payload.Replace("{index}", i + "");
int ascii = getValue(tmp_va_payload, 0, 128);
value += ((char)ascii).ToString();
this.data_tvw_dbs.Invoke(new setNodeToTreeListDelegate(setNodeToTreeList), sn.tn, sn.limit-1, value);
this.data_tvw_dbs.Invoke(new setNodeToTreeListDelegate(setNodeToTreeList), sn.tn, sn.limit - 1, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "数据库" + sn.dbname + "发现表:" + value, LogLevel.info);
}
catch (Exception e)
{
@@ -2275,7 +2286,8 @@ namespace SuperSQLInjection
va_payload = Informix.getBoolDataBySleep(Informix.bool_value).Replace("{data}", data_payload);
len = getValue(Informix.getBoolDataBySleep(Informix.bool_length.Replace("{data}", data_payload)), 1, 50);
}
else {
else
{
len = getValue(Informix.bool_length.Replace("{data}", data_payload), 1, 50);
}
@@ -2607,7 +2619,7 @@ namespace SuperSQLInjection
delegate void setNodeToTreeListDelegate(TreeNode tn, int index, String text);
public void setNodeToTreeList(TreeNode tn,int index,String text)
public void setNodeToTreeList(TreeNode tn, int index, String text)
{
TreeNode stn = tn.Nodes[index];
stn.Text = text;
@@ -2701,7 +2713,7 @@ namespace SuperSQLInjection
{
//2分法获取中间数字
len = Tools.getLargeNum(start, end);
payload = ByPassForBetween(payLoadStr, len);
ServerInfo server = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
Boolean exists = Tools.isTrue(server, config.key, config.reverseKey, config.keyType, config.injectHTTPCode);
@@ -2723,24 +2735,25 @@ namespace SuperSQLInjection
{
return end;
}
else {
else
{
return start;
}
}
olen = len;
lastexists = exists;
if (exists)
{
start = len;
}
else
{
end = len;
}
}
return len;
}
@@ -2770,7 +2783,8 @@ namespace SuperSQLInjection
len = Tools.getLargeNum(start, end);
if (end - start == 1)
{
if (lastexists) {
if (lastexists)
{
return end;
}
return start;
@@ -2821,11 +2835,11 @@ namespace SuperSQLInjection
return exists;
}
delegate void setDBToTreeListDelegate(int index,String dbname);
delegate void setDBToTreeListDelegate(int index, String dbname);
public void setDBToTreeList(int index, String dbname)
{
TreeNode tn=this.data_tvw_dbs.Nodes[index];
TreeNode tn = this.data_tvw_dbs.Nodes[index];
tn.Text = dbname;
}
@@ -3433,7 +3447,7 @@ namespace SuperSQLInjection
{
db_len = getValueByStepUp(Informix.bool_db_count, 0, 10);
}
this.txt_log.Invoke(new showLogDelegate(log), "报告大侠,我发现了" + db_len + "个数据库!", LogLevel.info);
this.dbsCount = db_len;
if (db_len > 0)
@@ -3683,7 +3697,7 @@ namespace SuperSQLInjection
{
this.tableCount = getValueByStepUp(Informix.bool_tables_count.Replace("{dbname}", dbname), 0, 50);
}
this.txt_log.Invoke(new showLogDelegate(log), "报告大侠,数据库" + dbname + "发现" + this.tableCount + "个表!", LogLevel.info);
for (int i = 0; i < this.tableCount; i++)
{
@@ -4189,7 +4203,7 @@ namespace SuperSQLInjection
this.data_tvw_dbs.Invoke(new setNodeToTreeListDelegate(setNodeToTreeList), sn.tn, sn.limit, value);
}
this.txt_log.Invoke(new showLogDelegate(log), "表" + sn.tableName + "发现列:" + value, LogLevel.info);
}
catch (Exception e)
@@ -4796,7 +4810,7 @@ namespace SuperSQLInjection
{
columns_count = getValueByStepUp(Informix.bool_columns_count.Replace("{dbname}", dbName).Replace("{table}", tableName), 0, 20);
}
this.txt_log.Invoke(new showLogDelegate(log), "报告大侠,表" + tableName + "发现" + columns_count + "个列!", LogLevel.info);
for (int i = 0; i < columns_count; i++)
{
@@ -5746,7 +5760,7 @@ namespace SuperSQLInjection
{
substr_payload = Informix.getBoolDataBySleep(substr_payload);
}
//单个ascii值范围是数字或者大写字母范围在0-127
int ascii = getValue(substr_payload, 0, 127);
result.Append((char)ascii);
@@ -5762,7 +5776,7 @@ namespace SuperSQLInjection
}
this.data_dbs_lvw_data.Invoke(new addItemToListViewDelegate(addItemToListView), lvi);
this.txt_log.Invoke(new showLogDelegate(log), "获取到第" + (gp.limit+1) + "行的值!", LogLevel.info);
this.txt_log.Invoke(new showLogDelegate(log), "获取到第" + (gp.limit + 1) + "行的值!", LogLevel.info);
}
catch (Exception e)
@@ -5923,7 +5937,7 @@ namespace SuperSQLInjection
ListViewItem lvi = new ListViewItem();
String result = getOneDataByUnionOrErrorByInformix(Informix.getUnionDataValue(config.unionFillTemplate, gp.columns, gp.dbname, gp.table, gp.limit.ToString()));
this.Invoke(new addItemToListViewByColumnsDelegate(addItemToListViewByColumnsInformix), result);
this.txt_log.Invoke(new showLogDelegate(log), "获取到第" + (gp.limit+1) + "行的值!", LogLevel.info);
this.txt_log.Invoke(new showLogDelegate(log), "获取到第" + (gp.limit + 1) + "行的值!", LogLevel.info);
}
catch (Exception e)
{
@@ -5945,7 +5959,7 @@ namespace SuperSQLInjection
ListViewItem lvi = new ListViewItem();
String result = getOneDataByUnionOrError(PostgreSQL.getUnionDataValue(config.columnsCount, config.showColumn, gp.columns, gp.dbname, gp.table, gp.limit.ToString()));
this.Invoke(new addItemToListViewByColumnsDelegate(addItemToListViewByColumns), result);
this.txt_log.Invoke(new showLogDelegate(log), "获取到第" + (gp.limit+1) + "行的值!", LogLevel.info);
this.txt_log.Invoke(new showLogDelegate(log), "获取到第" + (gp.limit + 1) + "行的值!", LogLevel.info);
}
catch (Exception e)
{
@@ -6353,10 +6367,11 @@ namespace SuperSQLInjection
{
isMax = findKeyInBody(Informix.getBoolCountBySleep(Informix.bool_datas_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table)), (start + dataCount));
}
else {
else
{
isMax = findKeyInBody(Informix.bool_datas_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table), start + dataCount);
}
if (isMax)
{
for (int i = 0; i < dataCount; i++)
@@ -6832,26 +6847,29 @@ namespace SuperSQLInjection
}
}
public String setInject(Dictionary<String,String> paramDatas,String injectParamName, String injectParamData) {
public String setInject(Dictionary<String, String> paramDatas, String injectParamName, String injectParamData)
{
StringBuilder sb = new StringBuilder();
foreach (KeyValuePair<String, String> kv in paramDatas)
{
if (injectParamName.Equals(kv.Key))
{
sb.Append(kv.Key + "=" + injectParamData+"&");
sb.Append(kv.Key + "=" + injectParamData + "&");
}
else {
sb.Append(kv.Key + "=" + kv.Value+"&");
else
{
sb.Append(kv.Key + "=" + kv.Value + "&");
}
}
if (sb.Length > 0) {
if (sb.Length > 0)
{
sb.Remove(sb.Length - 1, 1);
}
return sb.ToString();
}
public String setInjectToRequest(String oldRequest,String newParamDatas)
public String setInjectToRequest(String oldRequest, String newParamDatas)
{
if (oldRequest.StartsWith("GET"))
@@ -6864,15 +6882,15 @@ namespace SuperSQLInjection
int end = oldRequest.IndexOf(' ', start);
if (end > start)
{
oldRequest=oldRequest.Remove(start + 1, end - start-1);
oldRequest=oldRequest.Insert(start+1, newParamDatas);
oldRequest = oldRequest.Remove(start + 1, end - start - 1);
oldRequest = oldRequest.Insert(start + 1, newParamDatas);
return oldRequest;
}
else
{
return oldRequest;
}
}
else
{
@@ -6925,7 +6943,7 @@ namespace SuperSQLInjection
//获取原始的页面信息
String request = config.request.Replace(data, strparam);
ServerInfo oserver = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, "获取原始页面", request, config.timeOut, HTTP.AutoGetEncoding, config.is_foward_302, config.redirectDoGet);
//判断是否有编码设置
if (!HTTP.AutoGetEncoding.Equals(config.encoding))
{
@@ -6961,7 +6979,7 @@ namespace SuperSQLInjection
String[] strparams = strparam.Split('&');
Dictionary<String, String> pdatas = new Dictionary<String, String>();
this.txt_log.Invoke(new showLogDelegate(log), "报告大侠,发现" + strparams.Length + "个参数,请稍候正在对每一个参数进行注入测试!", LogLevel.info);
foreach (String param in strparams)
@@ -6981,16 +6999,17 @@ namespace SuperSQLInjection
}
}
foreach (KeyValuePair<String,String> paramNameAndData in pdatas)
foreach (KeyValuePair<String, String> paramNameAndData in pdatas)
{
String paramName = paramNameAndData.Key;
if (jumpkeyList.Contains(paramName)) {
if (jumpkeyList.Contains(paramName))
{
continue;
}
String paramData = paramNameAndData.Value;
String unionStartPayLoad = "";
if (paramData.IndexOf("<Token>") != -1)
{
this.txt_log.Invoke(new showLogDelegate(log), "跳过Token参数检测" + paramName, LogLevel.info);
@@ -6999,12 +7018,12 @@ namespace SuperSQLInjection
this.txt_log.Invoke(new showLogDelegate(log), "报告大侠,正在对参数" + paramName + "进行盲注测试!", LogLevel.info);
String injectParamData = "";//标记注入
String payload_paramData = paramData + "<Encode>" + setInjectStr + "</Encode>";
String payload_request = setInjectToRequest(request, setInject(pdatas, paramName,payload_paramData));
String payload_request = setInjectToRequest(request, setInject(pdatas, paramName, payload_paramData));
String currentDB = DBType.UnKnow.ToString();
//通过错误显示识别数据库类型
//通过错误显示判断
ServerInfo errorDBServer = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, "'test", payload_request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
@@ -7049,7 +7068,7 @@ namespace SuperSQLInjection
bool errorInject = false;
bool unionInject = false;
if (list != null && list.Count > 0)
{
@@ -7082,13 +7101,15 @@ namespace SuperSQLInjection
}
//检测
foreach (String cpal in sleep_list)
{
//Informix不能设定时间默认5秒
if (DBType.Informix.ToString().Equals(cpal[2])) {
if (DBType.Informix.ToString().Equals(cpal[2]))
{
time = 5;
if (avg > time) {
if (avg > time)
{
continue;
}
if (config.timeOut < time)
@@ -7100,7 +7121,7 @@ namespace SuperSQLInjection
String cpayload = pals[0].Replace("{time}", time.ToString());
this.txt_log.Invoke(new showLogDelegate(log), "正在测试PayLoad:" + cpayload, LogLevel.info);
ServerInfo sleepServer = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, cpayload, payload_request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
if (sleepServer.runTime > (time * 1000-Tools.deviation)&& sleepServer.runTime<config.timeOut*1000)
if (sleepServer.runTime > (time * 1000 - Tools.deviation) && sleepServer.runTime < config.timeOut * 1000)
{
//再次发包测试,降低误报
sleepServer = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, cpayload, payload_request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
@@ -7128,7 +7149,7 @@ namespace SuperSQLInjection
config.injectType = InjectType.Blind;
config.testPayload = cpayload;
config.dbType = Tools.caseDBType(currentDB);
config.pname = paramName;
config.uri = Tools.getRequestURI(request);
logInject(config);
@@ -7223,11 +7244,11 @@ namespace SuperSQLInjection
foreach (String d in database_lsit)
{
String db = d.Replace(".txt", "");
//为了更准确这里再一次通过bool方式确认数据库类型
if(!list_Find_Database.Contains(db)&&!DBType.UnKnow.ToString().Equals(currentDB))
if (!list_Find_Database.Contains(db) && !DBType.UnKnow.ToString().Equals(currentDB))
{
continue;
}
@@ -7262,9 +7283,9 @@ namespace SuperSQLInjection
}
else
{
this.txt_log.Invoke(new showLogDelegate(log), "没有发现发现数据库类型,可能是其他数据库,请人工判断!", LogLevel.waring);
this.txt_log.Invoke(new showLogDelegate(log), "没有发现发现数据库类型,可能是其他数据库,请人工判断!", LogLevel.waring);
}
break;
@@ -7288,7 +7309,7 @@ namespace SuperSQLInjection
logInject(config);
}
//错误注入测试
this.txt_log.Invoke(new showLogDelegate(log), "报告大侠,盲注测试完成,正在进行错误显示注入测试!", LogLevel.info);
@@ -7323,7 +7344,7 @@ namespace SuperSQLInjection
//标记注入
selectInjectType(InjectType.Error);
errorInject = true;
injectParamData =paramData + "<Encode>" + pals[0].Replace(pals[4], setInjectStr) + "</Encode>";
injectParamData = paramData + "<Encode>" + pals[0].Replace(pals[4], setInjectStr) + "</Encode>";
config.testPayload = pals[0];
unionStartPayLoad = pals[0].Substring(0, pals[0].IndexOf(pals[4])).Replace(" or", " and");
this.txt_log.Invoke(new showLogDelegate(log), "自动标记错误显示注入完成!", LogLevel.info);
@@ -7356,7 +7377,8 @@ namespace SuperSQLInjection
String payload = "";
//前缀字符为空通常不会有Union注入所以跳过检测
if (String.IsNullOrEmpty(unionStartPayLoad)) {
if (String.IsNullOrEmpty(unionStartPayLoad))
{
continue;
}
if (DBType.MySQL.ToString().Equals(currentDB))
@@ -7426,7 +7448,7 @@ namespace SuperSQLInjection
}
if (DBType.Oracle.ToString().Equals(currentDB) || DBType.PostgreSQL.ToString().Equals(currentDB) || DBType.DB2.ToString().Equals(currentDB)|| DBType.Informix.ToString().Equals(currentDB))
if (DBType.Oracle.ToString().Equals(currentDB) || DBType.PostgreSQL.ToString().Equals(currentDB) || DBType.DB2.ToString().Equals(currentDB) || DBType.Informix.ToString().Equals(currentDB))
{
for (int j = 1; j <= i; j++)
{
@@ -7445,7 +7467,7 @@ namespace SuperSQLInjection
if (cunionServer.code == 200 && cunionServer.body.IndexOf(rand) != -1)
{
isFind = true;
injectParamData =paramData + "<Encode>" + payload.Replace("{payload}", setInjectStr) + "</Encode>";
injectParamData = paramData + "<Encode>" + payload.Replace("{payload}", setInjectStr) + "</Encode>";
unionInject = true;
selectInjectType(InjectType.Union);
this.txt_inject_unionTemplate.Text = tp;
@@ -7455,7 +7477,7 @@ namespace SuperSQLInjection
}
else if(DBType.Informix.ToString().Equals(currentDB))
else if (DBType.Informix.ToString().Equals(currentDB))
{
if (isFind)
{
@@ -7580,7 +7602,7 @@ namespace SuperSQLInjection
dc.Create();
if (InjectType.Blind.Equals(config.injectType))
{
config.saveConfigpath = dc.FullName + "/" + config.pname + "_" + config.injectType.ToString()+"-"+config.keyType.ToString()+ ".xml";
config.saveConfigpath = dc.FullName + "/" + config.pname + "_" + config.injectType.ToString() + "-" + config.keyType.ToString() + ".xml";
}
else
{
@@ -7605,12 +7627,13 @@ namespace SuperSQLInjection
lvw.SubItems.Add(config.pname);
if (InjectType.Blind.Equals(config.injectType))
{
lvw.SubItems.Add(config.injectType.ToString() +"-"+ config.keyType.ToString());
lvw.SubItems.Add(config.injectType.ToString() + "-" + config.keyType.ToString());
}
else {
else
{
lvw.SubItems.Add(config.injectType.ToString());
}
lvw.SubItems.Add(config.dbType.ToString());
lvw.SubItems.Add(config.testPayload);
lvw.SubItems.Add(DateTime.Now.ToString());
@@ -7627,7 +7650,8 @@ namespace SuperSQLInjection
{
DBType dbtype = Tools.caseDBType(currentDB);
int cdb = (int)dbtype;
if (cdb!=0) {
if (cdb != 0)
{
this.cbox_basic_dbType.SelectedIndex = (int)dbtype;
this.txt_log.Invoke(new showLogDelegate(log), "自动选择数据库类型完成!", LogLevel.info);
}
@@ -7781,7 +7805,7 @@ namespace SuperSQLInjection
loadVersToListView(config.dbType);
//DB2/Informix填充模板显示是否运行设置
if (DBType.DB2.Equals(config.dbType)|| DBType.Informix.Equals(config.dbType))
if (DBType.DB2.Equals(config.dbType) || DBType.Informix.Equals(config.dbType))
{
this.txt_inject_unionTemplate.Enabled = true;
this.txt_inject_unionColumnsCount.Enabled = false;
@@ -7925,7 +7949,7 @@ namespace SuperSQLInjection
private void btn_exportConfig_Click(object sender, EventArgs e)
{
}
private void chk_openURLEncoding_CheckedChanged(object sender, EventArgs e)
@@ -8148,7 +8172,8 @@ namespace SuperSQLInjection
this.cbox_basic_injectType.SelectedIndex = (int)config.injectType;
this.cbox_basic_dbType.SelectedIndex = (int)(config.dbType);
if (String.IsNullOrEmpty(config.db_encoding)) {
if (String.IsNullOrEmpty(config.db_encoding))
{
config.db_encoding = "UTF-8";
}
if (String.IsNullOrEmpty(config.encoding))
@@ -10628,7 +10653,8 @@ namespace SuperSQLInjection
}
public void showHTTPLog(String index,ServerInfo server,String payload, String proxyInfo) {
public void showHTTPLog(String index, ServerInfo server, String payload, String proxyInfo)
{
this.txt_log.Invoke(new sendHTTPLogDelegate(sendHTTPLog), index, server, payload, proxyInfo);
}
public void showLog(String msg, LogLevel level)
@@ -11172,10 +11198,10 @@ namespace SuperSQLInjection
this.txt_log.Invoke(new showLogDelegate(log), "导入代理成功,发现代理:" + i + "个!", LogLevel.success);
}
private void proxy_btn_importProxy_Click(object sender, EventArgs e)
private void load_proxy()
{
OpenFileDialog ofd = new OpenFileDialog { Filter = "文本文件(*.txt)|*.txt" };
OpenFileDialog ofd = new OpenFileDialog { Filter = "文本文件(*.csv)|*.csv" };
if (ofd.ShowDialog() == DialogResult.OK)
{
Thread th = new Thread(new ParameterizedThreadStart(loadAddProxyList));
@@ -11183,6 +11209,11 @@ namespace SuperSQLInjection
th.Start(ofd.FileName);
}
}
private void proxy_btn_importProxy_Click(object sender, EventArgs e)
{
load_proxy();
}
private void checkOneProxy(ListViewItem lvi)
@@ -11206,12 +11237,13 @@ namespace SuperSQLInjection
}
catch (Exception e)
{
this.txt_log.Invoke(new showLogDelegate(log), "验证代理发生异常!"+e.Message, LogLevel.waring);
this.txt_log.Invoke(new showLogDelegate(log), "验证代理发生异常!" + e.Message, LogLevel.waring);
}
finally {
finally
{
client.Close();
}
}
}
else
@@ -11303,12 +11335,7 @@ namespace SuperSQLInjection
private void proxy_importProxy_Click(object sender, EventArgs e)
{
OpenFileDialog ofd = new OpenFileDialog { Filter = "文本文件(*.txt)|*.txt" };
if (ofd.ShowDialog() == DialogResult.OK)
{
Thread th = new Thread(new ParameterizedThreadStart(loadAddProxyList));
th.Start(ofd.FileName);
}
load_proxy();
}
private void proxy_checkAllProxy_Click(object sender, EventArgs e)
@@ -11362,7 +11389,7 @@ namespace SuperSQLInjection
private void proxy_exportProxy_Click(object sender, EventArgs e)
{
SaveFileDialog saveFileDialog = new SaveFileDialog();
saveFileDialog.Filter = "文本文件|*.txt";
saveFileDialog.Filter = "文本文件|*.csv";
if (saveFileDialog.ShowDialog() == DialogResult.OK)
{
FileTool.SaveProxyList(saveFileDialog.FileName, this.proxy_List.Values);
@@ -11449,5 +11476,6 @@ namespace SuperSQLInjection
{
SelectReversNodes(this.data_lvw_ver);
}
}
}
}

12
SuperSQLInjection/Main.resx
View File

@@ -128,7 +128,7 @@
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACU
BwAAAk1TRnQBSQFMAwEBAAEIAQABCAEAARQBAAEUAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA
BwAAAk1TRnQBSQFMAwEBAAGIAQABiAEAARQBAAEUAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA
AVADAAEUAwABAQEAAQgFAAFAAQYYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
@@ -157,9 +157,9 @@
AQABzAH/AWYBAAL/AZkBAAL/AcwBAAJmAf8BAAFmAf8BZgEAAWYC/wEAAf8CZgEAAf8BZgH/AQAC/wFm
AQABIQEAAaUBAANfAQADdwEAA4YBAAOWAQADywEAA7IBAAPXAQAD3QEAA+MBAAPqAQAD8QEAA/gBAAHw
AfsB/wEAAaQCoAEAA4ADAAH/AgAB/wMAAv8BAAH/AwAB/wEAAf8BAAL/AgAD/wEAAf8B9BDzAfQB/zwA
Af8B+BASAfgB9DwAAf8B8RC8AfAB/z0AE/+MABT/PAAB/wEHEO8BBwH/PAAB/wHtEOsB7AH0PAAU/9wA
Af8S8wH/PAAB/wH4ARMPEgHrAfQ8AAH/AfEQvAHxAf/cABT/PAAB/wEHAfcO7wH3AQcB/zwAAf8B7BDq
AfgB9DwAFP88AAFCAU0BPgcAAT4DAAEoAwABUAMAARQDAAEBAQABAQUAAfAXAAP/JQABgAsAAv8B8DkA
Af8B7BASAewB9DwAAf8B8RC8AfAB/z0AE/+MABT/PAAB/wEHEO8BBwH/PAAB/wHtEOsB7AH0PAAU/9wA
Af8S8wH/PAAB/wHsARMPEgHrAfQ8AAH/AfEQvAHxAf/cABT/PAAB/wEHAfcO7wH3AQcB/zwAAf8B7BDq
AewB9DwAFP88AAFCAU0BPgcAAT4DAAEoAwABUAMAARQDAAEBAQABAQUAAfAXAAP/JQABgAsAAv8B8DkA
Av8B8AkAAv8B8C0AAv8B8AkAAv8B8DkACw==
</value>
</data>
@@ -174,7 +174,7 @@
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACe
GQAAAk1TRnQBSQFMAgEBDwEAARABCwEQAQsBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
GQAAAk1TRnQBSQFMAgEBDwEAAZABCwGQAQsBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAAUADAAEBAQABCAYAARAYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
@@ -340,7 +340,7 @@
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACq
DQAAAk1TRnQBSQFMAgEBBwEAAWgBCgFoAQoBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
DQAAAk1TRnQBSQFMAgEBBwEAAegBCgHoAQoBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAASADAAEBAQABCAYAAQgYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA

4
SuperSQLInjection/Properties/AssemblyInfo.cs
View File

@@ -32,5 +32,5 @@ using System.Runtime.InteropServices;
// 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值,
// 方法是按如下所示使用“*”:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.2019.08.23")]
[assembly: AssemblyFileVersion("1.2019.08.23")]
[assembly: AssemblyVersion("1.2019.08.30")]
[assembly: AssemblyFileVersion("1.2019.08.30")]

BIN
SuperSQLInjection/Properties/images/bg.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 121 B

BIN
SuperSQLInjection/Resources/article_top_nav_bg.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.2 KiB

BIN
SuperSQLInjection/Resources/bg.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

7
SuperSQLInjection/SuperSQLInjection.csproj
View File

@@ -285,6 +285,9 @@
</ItemGroup>
<ItemGroup>
<Content Include="favicon.ico" />
<None Include="Resources\bg.png" />
<None Include="Resources\article_top_nav_bg.png" />
<None Include="Properties\images\bg.png" />
<None Include="Properties\images\下载.png" />
<None Include="Properties\images\bug.png" />
<None Include="Properties\images\版本.png" />
@@ -309,9 +312,7 @@
<None Include="Properties\images\stop.png" />
<None Include="Properties\images\vers.png" />
</ItemGroup>
<ItemGroup>
<Folder Include="Resources\" />
</ItemGroup>
<ItemGroup />
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Other similar extension points exist, see Microsoft.Common.targets.

16
SuperSQLInjection/tools/file/FileTool.cs
View File

@@ -225,9 +225,11 @@ namespace tools
{
fs_dir = new FileStream(path, FileMode.Create, FileAccess.Write);
sw = new StreamWriter(fs_dir, Encoding.UTF8);
foreach(Proxy proxy in vals)
String head = "域名或IP,代理端口,代理类型,代理账号,代理密码,是否可用,用时(毫秒),验证时间(毫秒)";
sw.WriteLine(head);
foreach (Proxy proxy in vals)
{
String line = proxy.host + "\t" + proxy.port + "\t" + proxy.proxyType + "\t" + proxy.username + "\t" + proxy.password + "\t" + proxy.isOk + "\t" + proxy.useTime + "\t" + proxy.checkTime;
String line = proxy.host + "," + proxy.port + "," + proxy.proxyType + "," + proxy.username + "," + proxy.password + "," + proxy.isOk + "," + proxy.useTime + "," + proxy.checkTime;
sw.WriteLine(line);
}
}
@@ -267,12 +269,17 @@ namespace tools
reader = new StreamReader(fs_dir);
String lineStr;
int line = 0;
while ((lineStr = reader.ReadLine()) != null)
{
line++;
if (line == 1) {
continue;
}
if (!lineStr.Equals(""))
{
String[] strs = lineStr.Split('\t');
String[] strs = lineStr.Split(',');
if (strs.Length == 2)
{
Proxy proxy = new Proxy();
@@ -312,6 +319,7 @@ namespace tools
list.Add(proxy.host + proxy.port, proxy);
}
}
}
}
catch (Exception e)

31
SuperSQLInjection/tools/http/HTTP.cs
View File

@@ -83,9 +83,17 @@ namespace SuperSQLInjection.tools
if (!isSSL)
{
server = sendHTTPRequest(count, host, port, payload, request, timeout, encoding, foward_302,redirectDoGet);
if (server.code == 0)
{
continue;
}
if (!String.IsNullOrEmpty(main.config.sencondRequest) && main.config.sencondInject)
{
server = sendHTTPRequest(count, host, port, "请求二次注入页面", main.config.sencondRequest, timeout, encoding, foward_302, redirectDoGet);
if (server.code == 0)
{
continue;
}
}
return server;
}
@@ -93,9 +101,17 @@ namespace SuperSQLInjection.tools
{
server = sendHTTPSRequest(count, host, port, payload, request, timeout, encoding, foward_302, redirectDoGet);
if (server.code == 0)
{
continue;
}
if (!String.IsNullOrEmpty(main.config.sencondRequest)&& main.config.sencondInject)
{
server = sendHTTPSRequest(count, host, port, "请求二次注入页面", main.config.sencondRequest, timeout, encoding, foward_302, redirectDoGet);
if (server.code == 0)
{
continue;
}
}
return server;
@@ -134,12 +150,19 @@ namespace SuperSQLInjection.tools
if (!isSSL)
{
server = sendHTTPRequest(count, host, port, payload, request, timeout, encoding, foward_302, redirectDoGet);
if (server.code == 0) {
continue;
}
return server;
}
else
{
server = sendHTTPSRequest(count, host, port, payload, request, timeout, encoding, foward_302, redirectDoGet);
if (server.code == 0)
{
continue;
}
return server;
}
@@ -566,10 +589,13 @@ namespace SuperSQLInjection.tools
if (isupdateEncoding)
{
String cEncoding = getHTMLEncoding("", server.body);
if (!String.IsNullOrEmpty(cEncoding))
{
Encoding cencoding = Encoding.GetEncoding(cEncoding);
server.encoding = cEncoding;//body找到编码
getBody(ref server, ref body_data, ref encod, ref index);
getBody(ref server, ref body_data, ref cencoding, ref index);
}
}
@@ -1003,8 +1029,9 @@ namespace SuperSQLInjection.tools
String cEncoding = getHTMLEncoding("", server.body);
if (!String.IsNullOrEmpty(cEncoding))
{
Encoding cencoding = Encoding.GetEncoding(cEncoding);
server.encoding = cEncoding;//body找到编码
getBody(ref server, ref body_data, ref encod, ref index);
getBody(ref server, ref body_data, ref cencoding, ref index);
}
}