更新bug

shack2 · Mar 10, 2021 · 2c19a74 · 2c19a74
1 parent ffdea17
commit 2c19a74
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 8 deletions.
diff --git a/SuperSQLInjection/Main.cs b/SuperSQLInjection/Main.cs
@@ -286,7 +286,7 @@ public void HttpDownloadFile(string url, string path)
  responseStream.Close();
  }
 
- public static int version = 20201112;
+ public static int version = 20201214;
  public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
  //检查更新
  public void checkUpdate()
@@ -6798,6 +6798,10 @@ private void data_cms_clearLog_Click(object sender, EventArgs e)
  public Thread injectThread = null;
  private void btn_autoInject_Click(object sender, EventArgs e)
  {
+
+ String a = "a$\\t$a";
+ String[] data = Regex.Split(a, Comm.COLUMNS_REG_SPLIT_STR);
+
  if (autoinject == 0)
  {
  if (config.request.IndexOf(setInjectStr) != -1)

diff --git a/SuperSQLInjection/payload/Comm.cs b/SuperSQLInjection/payload/Comm.cs
@@ -9,7 +9,7 @@ class Comm
  {
 
  public const String COLUMNS_SPLIT_STR = "$\t$";
- public const String COLUMNS_REG_SPLIT_STR = "\\$\\t\\$";
+ public const String COLUMNS_REG_SPLIT_STR = "\\$\\t\\$|\\$\\\\t\\$";
 
  public static String COLUMNS_SPLIT_HEX_STR = Tools.strToHex(COLUMNS_SPLIT_STR, "UTF-8");
  public static String exists_table = " exists(select 1 from {0})";

diff --git a/SuperSQLInjection/payload/MySQL.cs b/SuperSQLInjection/payload/MySQL.cs
@@ -260,7 +260,7 @@ public static String creatMySQLColumnsStr(List<String> columns, String table, St
  /// <returns></returns>
  public static String concatMySQLColumnStr(List<String> columns)
  {
- StringBuilder sb = new StringBuilder("concat(0x5e5e21,concat_ws("+ Comm.COLUMNS_SPLIT_HEX_STR + ",");
+ StringBuilder sb = new StringBuilder("cast(concat(0x5e5e21,concat_ws(" + Comm.COLUMNS_SPLIT_HEX_STR + ",");
  for (int i = 0; i < columns.Count; i++)
  {
  if (columns.Count > 1)
@@ -278,7 +278,7 @@ public static String concatMySQLColumnStr(List<String> columns)
  {
  sb.Remove(sb.Length - 1, 1);
  }
- sb.Append("),0x215e5e)");
+ sb.Append("),0x215e5e) as char)");
 
  return sb.ToString();
 

diff --git a/SuperSQLInjection/tools/http/HTTP.cs b/SuperSQLInjection/tools/http/HTTP.cs
@@ -230,6 +230,7 @@ private static void checkContentLength(ref ServerInfo server,ref String request)
  if (server.reuqestHeader.IndexOf("Transfer-Encoding: chunked")!=-1) {
  return;
  }
+
  server.reuqestBody = request.Substring(sindex + 4, request.Length - sindex - 4);
  int contentLength = Encoding.UTF8.GetBytes(server.reuqestBody).Length;
  String newContentLength = Content_Length_Str_M + contentLength;
@@ -421,8 +422,9 @@ private static ServerInfo sendHTTPRequest(int count, String host, int port, Stri
  String[] reqs = Regex.Split(request, "\r\n\r\n");
  server.reuqestHeader = reqs[0];
  server.reuqestBody = reqs[1];
- clientSocket.Client.Send(Encoding.UTF8.GetBytes(server.reuqestHeader + "\r\n\r\n"));
- clientSocket.Client.Send(Encoding.UTF8.GetBytes(server.reuqestBody));
+ //clientSocket.Client.Send(Encoding.UTF8.GetBytes(server.reuqestHeader));
+ //clientSocket.Client.Send(Encoding.UTF8.GetBytes("\r\n\r\n"+server.reuqestBody));
+ clientSocket.Client.Send(Encoding.UTF8.GetBytes(request));
  }
  else
  {
@@ -857,8 +859,9 @@ private static ServerInfo sendHTTPSRequest(int count, String host, int port, Str
  String[] reqs = Regex.Split(request, "\r\n\r\n");
  server.reuqestHeader = reqs[0];
  server.reuqestBody = reqs[1];
- ssl.Write(Encoding.UTF8.GetBytes(server.reuqestHeader + "\r\n\r\n"));
- ssl.Write(Encoding.UTF8.GetBytes(server.reuqestBody));
+ //ssl.Write(Encoding.UTF8.GetBytes(server.reuqestHeader + "\r\n\r\n"));
+ //ssl.Write(Encoding.UTF8.GetBytes(server.reuqestBody));
+ ssl.Write(Encoding.UTF8.GetBytes(request));
  }
  else {
  ssl.Write(Encoding.UTF8.GetBytes(request));