更新bug

shack2 · shack2 · commit 2c19a7461fe4 · 2021-03-10T16:13:12.000+08:00
diff --git a/SuperSQLInjection/Main.cs b/SuperSQLInjection/Main.cs
@@ -286,7 +286,7 @@ public void HttpDownloadFile(string url, string path)
             responseStream.Close();
         }
 
-        public static int version = 20201112;
+        public static int version = 20201214;
         public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
         //检查更新
         public void checkUpdate()
@@ -6798,6 +6798,10 @@ private void data_cms_clearLog_Click(object sender, EventArgs e)
         public Thread injectThread = null;
         private void btn_autoInject_Click(object sender, EventArgs e)
         {
+
+            String a = "a$\\t$a";
+            String[] data = Regex.Split(a, Comm.COLUMNS_REG_SPLIT_STR);
+
             if (autoinject == 0)
             {
                 if (config.request.IndexOf(setInjectStr) != -1)
diff --git a/SuperSQLInjection/payload/Comm.cs b/SuperSQLInjection/payload/Comm.cs
@@ -9,7 +9,7 @@ class Comm
     {
 
         public const String COLUMNS_SPLIT_STR = "$\t$";
-        public const String COLUMNS_REG_SPLIT_STR = "\\$\\t\\$";
+        public const String COLUMNS_REG_SPLIT_STR = "\\$\\t\\$|\\$\\\\t\\$";
 
         public static String COLUMNS_SPLIT_HEX_STR = Tools.strToHex(COLUMNS_SPLIT_STR, "UTF-8");
         public static String exists_table = " exists(select 1 from {0})";
diff --git a/SuperSQLInjection/payload/MySQL.cs b/SuperSQLInjection/payload/MySQL.cs
@@ -260,7 +260,7 @@ public static String creatMySQLColumnsStr(List<String> columns, String table, St
         /// <returns></returns>
         public static String concatMySQLColumnStr(List<String> columns)
         {
-            StringBuilder sb = new StringBuilder("concat(0x5e5e21,concat_ws("+ Comm.COLUMNS_SPLIT_HEX_STR + ",");
+            StringBuilder sb = new StringBuilder("cast(concat(0x5e5e21,concat_ws(" + Comm.COLUMNS_SPLIT_HEX_STR + ",");
             for (int i = 0; i < columns.Count; i++)
             {
                 if (columns.Count > 1)
@@ -278,7 +278,7 @@ public static String concatMySQLColumnStr(List<String> columns)
             {
                 sb.Remove(sb.Length - 1, 1);
             }
-            sb.Append("),0x215e5e)");
+            sb.Append("),0x215e5e) as char)");
 
             return sb.ToString();
 
diff --git a/SuperSQLInjection/tools/http/HTTP.cs b/SuperSQLInjection/tools/http/HTTP.cs
@@ -230,6 +230,7 @@ private static void checkContentLength(ref ServerInfo server,ref String request)
                 if (server.reuqestHeader.IndexOf("Transfer-Encoding: chunked")!=-1) {
                     return;
                 }
+
                 server.reuqestBody = request.Substring(sindex + 4, request.Length - sindex - 4);
                 int contentLength = Encoding.UTF8.GetBytes(server.reuqestBody).Length;
                 String newContentLength = Content_Length_Str_M + contentLength;
@@ -421,8 +422,9 @@ private static ServerInfo sendHTTPRequest(int count, String host, int port, Stri
                             String[] reqs = Regex.Split(request, "\r\n\r\n");
                             server.reuqestHeader = reqs[0];
                             server.reuqestBody = reqs[1];
-                            clientSocket.Client.Send(Encoding.UTF8.GetBytes(server.reuqestHeader + "\r\n\r\n"));
-                            clientSocket.Client.Send(Encoding.UTF8.GetBytes(server.reuqestBody));
+                            //clientSocket.Client.Send(Encoding.UTF8.GetBytes(server.reuqestHeader));
+                            //clientSocket.Client.Send(Encoding.UTF8.GetBytes("\r\n\r\n"+server.reuqestBody));
+                            clientSocket.Client.Send(Encoding.UTF8.GetBytes(request));
                         }
                         else
                         {
@@ -857,8 +859,9 @@ private static ServerInfo sendHTTPSRequest(int count, String host, int port, Str
                                 String[] reqs = Regex.Split(request, "\r\n\r\n");
                                 server.reuqestHeader = reqs[0];
                                 server.reuqestBody = reqs[1];
-                                ssl.Write(Encoding.UTF8.GetBytes(server.reuqestHeader + "\r\n\r\n"));
-                                ssl.Write(Encoding.UTF8.GetBytes(server.reuqestBody));
+                                //ssl.Write(Encoding.UTF8.GetBytes(server.reuqestHeader + "\r\n\r\n"));
+                                //ssl.Write(Encoding.UTF8.GetBytes(server.reuqestBody));
+                                ssl.Write(Encoding.UTF8.GetBytes(request));
                             }
                             else {
                                 ssl.Write(Encoding.UTF8.GetBytes(request));

Original file line number	Diff line number	Diff line change
`@@ -286,7 +286,7 @@ public void HttpDownloadFile(string url, string path)`
`286`	`286`	`responseStream.Close();`
`287`	`287`	`}`
`288`	`288`
`289`		`- public static int version = 20201112;`
	`289`	`+ public static int version = 20201214;`
`290`	`290`	`public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;`
`291`	`291`	`//检查更新`
`292`	`292`	`public void checkUpdate()`
`@@ -6798,6 +6798,10 @@ private void data_cms_clearLog_Click(object sender, EventArgs e)`
`6798`	`6798`	`public Thread injectThread = null;`
`6799`	`6799`	`private void btn_autoInject_Click(object sender, EventArgs e)`
`6800`	`6800`	`{`
	`6801`	`+`
	`6802`	`+ String a = "a$\\t$a";`
	`6803`	`+ String[] data = Regex.Split(a, Comm.COLUMNS_REG_SPLIT_STR);`
	`6804`	`+`
`6801`	`6805`	`if (autoinject == 0)`
`6802`	`6806`	`{`
`6803`	`6807`	`if (config.request.IndexOf(setInjectStr) != -1)`
Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ class Comm`
`9`	`9`	`{`
`10`	`10`
`11`	`11`	`public const String COLUMNS_SPLIT_STR = "$\t$";`
`12`		`- public const String COLUMNS_REG_SPLIT_STR = "\\$\\t\\$";`
	`12`	`+ public const String COLUMNS_REG_SPLIT_STR = "\\$\\t\\$\|\\$\\\\t\\$";`
`13`	`13`
`14`	`14`	`public static String COLUMNS_SPLIT_HEX_STR = Tools.strToHex(COLUMNS_SPLIT_STR, "UTF-8");`
`15`	`15`	`public static String exists_table = " exists(select 1 from {0})";`
Original file line number	Diff line number	Diff line change
`@@ -260,7 +260,7 @@ public static String creatMySQLColumnsStr(List<String> columns, String table, St`
`260`	`260`	`/// <returns></returns>`
`261`	`261`	`public static String concatMySQLColumnStr(List<String> columns)`
`262`	`262`	`{`
`263`		`- StringBuilder sb = new StringBuilder("concat(0x5e5e21,concat_ws("+ Comm.COLUMNS_SPLIT_HEX_STR + ",");`
	`263`	`+ StringBuilder sb = new StringBuilder("cast(concat(0x5e5e21,concat_ws(" + Comm.COLUMNS_SPLIT_HEX_STR + ",");`
`264`	`264`	`for (int i = 0; i < columns.Count; i++)`
`265`	`265`	`{`
`266`	`266`	`if (columns.Count > 1)`
`@@ -278,7 +278,7 @@ public static String concatMySQLColumnStr(List<String> columns)`
`278`	`278`	`{`
`279`	`279`	`sb.Remove(sb.Length - 1, 1);`
`280`	`280`	`}`
`281`		`- sb.Append("),0x215e5e)");`
	`281`	`+ sb.Append("),0x215e5e) as char)");`
`282`	`282`
`283`	`283`	`return sb.ToString();`
`284`	`284`