update20190902

update20190902

Author: shack2

SuperSQLInjection/Main.cs

@@ -286,7 +286,7 @@ public void HttpDownloadFile(string url, string path)
             responseStream.Close();
         }
 
-        public static int version = 20190901;
+        public static int version = 20190902;
         public static string versionURL = "http://www.shack2.org/soft/getNewVersion?ENNAME=SSuperSQLInjection&NO=" + URLEncode.UrlEncode(Tools.getSystemSid()) + "&VERSION=" + version;
         //检查更新
         public void checkUpdate()
@@ -9695,7 +9695,13 @@ public void addItemToScanDomain(Object path)
 
         public void stopScan()
         {
-            StopThread();
+            status = -1;
+            if (this.currentThread != null)
+            {
+                this.txt_log.Invoke(new showLogDelegate(log), "发出停止线程信号！", LogLevel.info);
+                stp.Cancel();
+            }
+           
             this.scanInjection_btn_scan.Enabled = false;
             this.scanInjection_btn_scan.Text = "正在停止...";
             while (stp.InUseThreads > 0)
@@ -9704,11 +9710,18 @@ public void stopScan()
             }
             this.scanInjection_btn_scan.Text = "开始扫描";
             this.scanInjection_btn_scan.Enabled = true;
+            status = 0;
         }
 
         public void stopSpider()
         {
-            StopThread();
+            status = -1;
+            if (this.currentThread != null)
+            {
+                this.txt_log.Invoke(new showLogDelegate(log), "发出停止线程信号！", LogLevel.info);
+                stp.Cancel();
+            }
+          
             this.scanInjection_btn_spider.Enabled = false;
             this.scanInjection_btn_spider.Text = "正在停止...";
             while (stp.InUseThreads > 0)
@@ -9718,6 +9731,7 @@ public void stopSpider()
             this.scanInjection_btn_spider.Text = "爬行链接";
             this.scanInjection_domainsCount.Text = this.scanInject_lsb_links.Items.Count.ToString();
             this.scanInjection_btn_spider.Enabled = true;
+            status = 0;
         }
         public void spider()
         {

SuperSQLInjection/Properties/AssemblyInfo.cs

@@ -32,5 +32,5 @@
 // 可以指定所有这些值，也可以使用“内部版本号”和“修订号”的默认值，
 // 方法是按如下所示使用“*”:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.2019.09.01")]
-[assembly: AssemblyFileVersion("1.2019.09.01")]
+[assembly: AssemblyVersion("1.2019.09.02")]
+[assembly: AssemblyFileVersion("1.2019.09.02")]

SuperSQLInjection/scan/Spider.cs

@@ -76,10 +76,7 @@ public void findLinks(String url)
                                 {
                                     continue;
                                 }
-                                if (curl.Contains(".css") || curl.Contains(".js") || curl.Contains(".jpg") || curl.Contains(".png") || curl.Contains(".ico") || curl.Contains(".gif"))
-                                {
-                                    continue;
-                                }
+                               
                                 curl = curl.Replace("&", "&");
                                 if (curl.StartsWith("//"))
                                 {
@@ -111,6 +108,11 @@ public void findLinks(String url)
                                     try
                                     {
                                         Uri cu = new Uri(curl);
+                                        String cupath = cu.AbsolutePath;
+                                        if (cupath.EndsWith(".css") || cupath.EndsWith(".js") || cupath.EndsWith(".jpg") || cupath.EndsWith(".png") || cupath.EndsWith(".ico") || cupath.EndsWith(".gif"))
+                                        {
+                                            continue;
+                                        }
                                         if (!AllURL.Contains(curl) && !AllNoParamaValURL.Contains(noValURL)&&AllURL.Count<config.maxSpiderCount)
                                         {
                                             AllURL.Add(curl);

SuperSQLInjection/tools/InjectionTools.cs

@@ -80,8 +80,8 @@ public static Injection testInjection(String url, Config config, Boolean justSca
                     String curl = uri.PathAndQuery.Replace(param, payload);
                     injection.testUrl = testUrl.Replace(param, payload);
                     injection.paramName = sprarm[0];
-                    String oldrequest = Spider.reqestGetTemplate.Replace("{url}", uri.PathAndQuery).Replace("{host}", uri.Host + ":" + uri.Port);
-                    String request = Spider.reqestGetTemplate.Replace("{url}", curl).Replace("{host}", uri.Host + ":" + uri.Port);
+                    String oldrequest = Spider.reqestGetTemplate.Replace("{url}", uri.PathAndQuery).Replace("{host}", uri.Host);
+                    String request = Spider.reqestGetTemplate.Replace("{url}", curl).Replace("{host}", uri.Host);
                     //通过错误显示判断
                     if (timeout >= 3)
                     {
@@ -129,7 +129,7 @@ public static Injection testInjection(String url, Config config, Boolean justSca
 
                             foreach (String bool_payload in bool_payloads)
                             {
-                                String[] bool_ps = bool_payload.Split(':');
+                                String[] bool_ps = bool_payload.Split('：');
 
                                 String flasePayload = pramName + "=" + URLEncode.UrlEncode(pramValue + bool_ps[1]);
                                 String falseURL = uri.PathAndQuery.Replace(param, flasePayload);
@@ -139,7 +139,7 @@ public static Injection testInjection(String url, Config config, Boolean justSca
                                 {
                                     break;//超时3次，认为此URL为坏死URL
                                 }
-                                String falserequest = Spider.reqestGetTemplate.Replace("{url}", falseURL).Replace("{host}", uri.Host + ":" + uri.Port);
+                                String falserequest = Spider.reqestGetTemplate.Replace("{url}", falseURL).Replace("{host}", uri.Host);
                                 ServerInfo falseServer = HTTP.sendRequestRetry(isSSL, config.reTry, uri.Host, uri.Port, flasePayload, falserequest, config.timeOut, HTTP.AutoGetEncoding, false, config.redirectDoGet);
                                 if (falseServer.runTime > config.timeOut * 1000) timeout++;
                                 decimal pfalse = Tools.getLike(oserver.body, falseServer.body);
@@ -151,7 +151,7 @@ public static Injection testInjection(String url, Config config, Boolean justSca
 
                                 String truePayload = pramName + "=" + URLEncode.UrlEncode(pramValue + bool_ps[0]);
                                 String trueURL = uri.PathAndQuery.Replace(param, truePayload);
-                                String truerequest = Spider.reqestGetTemplate.Replace("{url}", trueURL).Replace("{host}", uri.Host + ":" + uri.Port);
+                                String truerequest = Spider.reqestGetTemplate.Replace("{url}", trueURL).Replace("{host}", uri.Host);
                                 if (timeout >= 3)
                                 {
                                     break;//超时3次，认为此URL为坏死URL