Skip to content

Commit

Permalink
update20190902
Browse files Browse the repository at this point in the history 
update20190902
  • Loading branch information
@shack2
shack2 committed Sep 1, 2019
1 parent 07138cf commit 3a19d6c
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 14 deletions.
20 changes: 17 additions & 3 deletions SuperSQLInjection/Main.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,7 @@ public void HttpDownloadFile(string url, string path)
responseStream.Close();
}

public static int version = 20190901;
public static int version = 20190902;
public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
//检查更新
public void checkUpdate()
Expand Down Expand Up @@ -9695,7 +9695,13 @@ public void addItemToScanDomain(Object path)

public void stopScan()
{
StopThread();
status = -1;
if (this.currentThread != null)
{
this.txt_log.Invoke(new showLogDelegate(log), "发出停止线程信号!", LogLevel.info);
stp.Cancel();
}

this.scanInjection_btn_scan.Enabled = false;
this.scanInjection_btn_scan.Text = "正在停止...";
while (stp.InUseThreads > 0)
Expand All @@ -9704,11 +9710,18 @@ public void stopScan()
}
this.scanInjection_btn_scan.Text = "开始扫描";
this.scanInjection_btn_scan.Enabled = true;
status = 0;
}

public void stopSpider()
{
StopThread();
status = -1;
if (this.currentThread != null)
{
this.txt_log.Invoke(new showLogDelegate(log), "发出停止线程信号!", LogLevel.info);
stp.Cancel();
}

this.scanInjection_btn_spider.Enabled = false;
this.scanInjection_btn_spider.Text = "正在停止...";
while (stp.InUseThreads > 0)
Expand All @@ -9718,6 +9731,7 @@ public void stopSpider()
this.scanInjection_btn_spider.Text = "爬行链接";
this.scanInjection_domainsCount.Text = this.scanInject_lsb_links.Items.Count.ToString();
this.scanInjection_btn_spider.Enabled = true;
status = 0;
}
public void spider()
{
Expand Down
4 changes: 2 additions & 2 deletions SuperSQLInjection/Properties/AssemblyInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,5 @@
// 可以指定所有这些值,也可以使用“内部版本号”和“修订号”的默认值,
// 方法是按如下所示使用“*”:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.2019.09.01")]
[assembly: AssemblyFileVersion("1.2019.09.01")]
[assembly: AssemblyVersion("1.2019.09.02")]
[assembly: AssemblyFileVersion("1.2019.09.02")]
10 changes: 6 additions & 4 deletions SuperSQLInjection/scan/Spider.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,10 +76,7 @@ public void findLinks(String url)
{
continue;
}
if (curl.Contains(".css") || curl.Contains(".js") || curl.Contains(".jpg") || curl.Contains(".png") || curl.Contains(".ico") || curl.Contains(".gif"))
{
continue;
}

curl = curl.Replace("&", "&");
if (curl.StartsWith("//"))
{
Expand Down Expand Up @@ -111,6 +108,11 @@ public void findLinks(String url)
try
{
Uri cu = new Uri(curl);
String cupath = cu.AbsolutePath;
if (cupath.EndsWith(".css") || cupath.EndsWith(".js") || cupath.EndsWith(".jpg") || cupath.EndsWith(".png") || cupath.EndsWith(".ico") || cupath.EndsWith(".gif"))
{
continue;
}
if (!AllURL.Contains(curl) && !AllNoParamaValURL.Contains(noValURL)&&AllURL.Count<config.maxSpiderCount)
{
AllURL.Add(curl);
Expand Down
10 changes: 5 additions & 5 deletions SuperSQLInjection/tools/InjectionTools.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,8 @@ public static Injection testInjection(String url, Config config, Boolean justSca
String curl = uri.PathAndQuery.Replace(param, payload);
injection.testUrl = testUrl.Replace(param, payload);
injection.paramName = sprarm[0];
String oldrequest = Spider.reqestGetTemplate.Replace("{url}", uri.PathAndQuery).Replace("{host}", uri.Host + ":" + uri.Port);
String request = Spider.reqestGetTemplate.Replace("{url}", curl).Replace("{host}", uri.Host + ":" + uri.Port);
String oldrequest = Spider.reqestGetTemplate.Replace("{url}", uri.PathAndQuery).Replace("{host}", uri.Host);
String request = Spider.reqestGetTemplate.Replace("{url}", curl).Replace("{host}", uri.Host);
//通过错误显示判断
if (timeout >= 3)
{
Expand Down Expand Up @@ -129,7 +129,7 @@ public static Injection testInjection(String url, Config config, Boolean justSca

foreach (String bool_payload in bool_payloads)
{
String[] bool_ps = bool_payload.Split(':');
String[] bool_ps = bool_payload.Split('');

String flasePayload = pramName + "=" + URLEncode.UrlEncode(pramValue + bool_ps[1]);
String falseURL = uri.PathAndQuery.Replace(param, flasePayload);
Expand All @@ -139,7 +139,7 @@ public static Injection testInjection(String url, Config config, Boolean justSca
{
break;//超时3次,认为此URL为坏死URL
}
String falserequest = Spider.reqestGetTemplate.Replace("{url}", falseURL).Replace("{host}", uri.Host + ":" + uri.Port);
String falserequest = Spider.reqestGetTemplate.Replace("{url}", falseURL).Replace("{host}", uri.Host);
ServerInfo falseServer = HTTP.sendRequestRetry(isSSL, config.reTry, uri.Host, uri.Port, flasePayload, falserequest, config.timeOut, HTTP.AutoGetEncoding, false, config.redirectDoGet);
if (falseServer.runTime > config.timeOut * 1000) timeout++;
decimal pfalse = Tools.getLike(oserver.body, falseServer.body);
Expand All @@ -151,7 +151,7 @@ public static Injection testInjection(String url, Config config, Boolean justSca

String truePayload = pramName + "=" + URLEncode.UrlEncode(pramValue + bool_ps[0]);
String trueURL = uri.PathAndQuery.Replace(param, truePayload);
String truerequest = Spider.reqestGetTemplate.Replace("{url}", trueURL).Replace("{host}", uri.Host + ":" + uri.Port);
String truerequest = Spider.reqestGetTemplate.Replace("{url}", trueURL).Replace("{host}", uri.Host);
if (timeout >= 3)
{
break;//超时3次,认为此URL为坏死URL
Expand Down

0 comments on commit 3a19d6c

Please sign in to comment.