Skip to content

Commit

Permalink
update20190823
Browse files Browse the repository at this point in the history 
update20190823
  • Loading branch information
@shack2
shack2 committed Aug 23, 2019
1 parent 93e53c2 commit 419a7ce
Show file tree
Hide file tree
Showing 14 changed files with 379 additions and 223 deletions.
226 changes: 123 additions & 103 deletions SuperSQLInjection/Main.Designer.cs
View file

Large diffs are not rendered by default.

120 changes: 103 additions & 17 deletions SuperSQLInjection/Main.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,7 @@ public void HttpDownloadFile(string url, string path)
responseStream.Close();
}

public static int version = 20190813;
public static int version = 20190823;
public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
//检查更新
public void checkUpdate()
Expand Down Expand Up @@ -2676,6 +2676,13 @@ private String ByPassForBetween(String paylaod, int len)
return paylaod.Replace("{len}", len + "");
}

/// <summary>
/// 二分法判断
/// </summary>
/// <param name="payLoadStr">获取数据paylaod</param>
/// <param name="start">开始值</param>
/// <param name="end">最大值</param>
/// <returns></returns>
/// <summary>
/// 二分法判断
/// </summary>
Expand All @@ -2689,33 +2696,109 @@ public int getValue(String payLoadStr, int start, int end)
String payload = "";
int min = start;
int olen = 0;
Boolean lastexists = false;
while (status == 1)
{
//2分法获取中间数字
len = Tools.getLargeNum(start, end);
if (olen == len)
{
len = end;
break;
}
olen = len;

payload = ByPassForBetween(payLoadStr, len);
ServerInfo server = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
Boolean exists = Tools.isTrue(server, config.key, config.reverseKey, config.keyType, config.injectHTTPCode);
if (exists)

if (end - start == 1)
{
if (!lastexists && exists)
{
return end;
}
else if (lastexists && !exists)
{
return start;
}
}
if (len == start)
{
if (len == start)
if (exists)
{
return end;
}
else {
return start;
}

}

olen = len;
lastexists = exists;
if (exists)
{

start = len;
}
else
{
if (len == start)
end = len;
}

}
return len;
}

public int getOrderByColumns(String payLoadStr, int start, int end)
{
int len = 0;
String payload = "";
int min = start;
int olen = 0;
//最小1是否报错,最大1000是否报错
payload = ByPassForBetween(payLoadStr, 1);
ServerInfo server_1 = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
Boolean use_error = false;
Boolean lastexists = false;
payload = ByPassForBetween(payLoadStr, 1000);
ServerInfo server_1000 = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);

if (server_1.code == 200 && server_1000.code == 500)
{
use_error = true;
}

while (status == 1)
{
//2分法获取中间数字
len = Tools.getLargeNum(start, end);
if (end - start == 1)
{
if (lastexists) {
return end;
}
return start;
}
payload = ByPassForBetween(payLoadStr, len);
ServerInfo server = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, payload, config.request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
Boolean exists = false;
if (use_error)
{
if (server.code != 500)
{
return len;
exists = true;
}
}
else
{
exists = Tools.isTrue(server, config.key, config.reverseKey, config.keyType, config.injectHTTPCode);
}

olen = len;
lastexists = exists;

if (exists)
{
start = len;
}
else
{
end = len;
}
}
Expand Down Expand Up @@ -7017,7 +7100,7 @@ public void checkInject()
String cpayload = pals[0].Replace("{time}", time.ToString());
this.txt_log.Invoke(new showLogDelegate(log), "正在测试PayLoad:" + cpayload, LogLevel.info);
ServerInfo sleepServer = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, cpayload, payload_request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
if (sleepServer.runTime > time * 1000-Tools.deviation)
if (sleepServer.runTime > (time * 1000-Tools.deviation)&& sleepServer.runTime<config.timeOut*1000)
{
//再次发包测试,降低误报
sleepServer = HTTP.sendRequestRetry(config.useSSL, config.reTry, config.domain, config.port, cpayload, payload_request, config.timeOut, config.encoding, config.is_foward_302, config.redirectDoGet);
Expand Down Expand Up @@ -7304,15 +7387,15 @@ public void checkInject()
{
orderpayload = orderpayload + "-- -";
}
order = getValue(orderpayload, 1, config.maxClolumns);
order = getOrderByColumns(orderpayload, 1, config.maxClolumns);
}
int startIndex = 1;
int endIndex = config.maxClolumns;
if (order - 1 > 0)
{
startIndex = order - 1;
startIndex = order;
endIndex = startIndex;
this.txt_log.Invoke(new showLogDelegate(log), "注入点支持order by判断,自动判断查询有" + startIndex + "列!", LogLevel.success);
this.txt_log.Invoke(new showLogDelegate(log), "注入点支持order by判断,自动判断查询有" + order + "列!", LogLevel.success);
}

//判断总列数
Expand Down Expand Up @@ -7543,8 +7626,11 @@ public void selectInjectType(InjectType type)
public void selectDB(String currentDB)
{
DBType dbtype = Tools.caseDBType(currentDB);
this.cbox_basic_dbType.SelectedIndex = (int)dbtype;
this.txt_log.Invoke(new showLogDelegate(log), "自动选择数据库类型完成!", LogLevel.info);
int cdb = (int)dbtype;
if (cdb!=0) {
this.cbox_basic_dbType.SelectedIndex = (int)dbtype;
this.txt_log.Invoke(new showLogDelegate(log), "自动选择数据库类型完成!", LogLevel.info);
}
}

private void data_dbs_tsl_getDatas_Click(object sender, EventArgs e)
Expand Down
Loading

0 comments on commit 419a7ce

Please sign in to comment.