Line 1: /*---------------------------------------------------------------------------------*/
Line 2: /* User Control - 2017 DS:MojtabaGholampoor */
Line 3: /*---------------------------------------------------------------------------------*/
Line 4: using System.Web;
Line 5: using System.Text.RegularExpressions;
Line 6: using System;
Line 7: using System.IO;
Line 8: using Newtonsoft.Json.Linq;
Line 9: using System.Net;
Line 10: using System.Data;
Line 11:
Line 12: public class AntiHackQuery
Line 13: {
Line 14: public AntiHackQuery()
Line 15: {
Line 16:
Line 17: }
Line 18: public static string test(string value)
Line 19: {
Line 20: value = RemoveTag(value);
Line 21: value = checklong(value);
Line 22: return value;
Line 23: }
Line 24: public static string RemoveTag(string html)
Line 25: {
Line 26: string tmp = "";
Line 27: html = HttpUtility.HtmlEncode(html);
Line 28: tmp = html;
Line 29: if (html.Contains("<[^>]*>")) { HttpContext.Current.Response.Redirect("firewall.aspx"); }
Line 30: if (html.Contains("drop") || html.Contains("alter") || html.Contains("delete") || html.Contains("script") || html.Contains("update") || html.Contains("select") || html.Contains("order by") || html.Contains("Bchar") || html.Contains("else") || html.Contains("varchar") || html.Contains("char") || html.Contains("INNER") || html.Contains("then") || html.Contains("fetch") || html.Contains("where") || html.Contains("sys.databases") || html.Contains("sys")) { HttpContext.Current.Response.Redirect("firewall.aspx"); }
Line 31: html = Regex.Replace(html, "<[^>]*>", string.Empty).ToLower().Trim();
Line 32: html = html.Replace(";", "").Replace(",", "").Replace("drop", "").Replace("alter", "").Replace("delete", "").Replace("'", "").Replace("script", "").Replace("update", "").Replace("select", "").Replace("order by", "")
Line 33: .Replace("Bchar", "").Replace("else", "").Replace("varchar", "").Replace("char", "").Replace("INNER", "").Replace("then", "")
Line 34: .Replace("fetch", "").Replace("where", "").Replace("sys.databases", ""); //.Replace("union", "")
Line 35: if (html == tmp.ToLower())
Line 36: {
Line 37: return tmp;
Line 38: }
Line 39: return html;
Line 40: }
Line 41: public static string checklong(string html)
Line 42: {
Line 43: Int64 ValidInt;
Line 44: bool result = Int64.TryParse(html, out ValidInt);
Line 45: if (((!result) && !string.IsNullOrEmpty(html)) || (html.Length > 10)) return null;
Line 46: return html;
Line 47: }
Line 48: public static void Saveinfo()
Line 49: {
Line 50: try
Line 51: {
Line 52: string retJson = DownloadDataNoAuth(string.Format("http://api.ipstack.com/{0}?access_key=1e87a5c57a8ce5f0b133dd401000ac67", GetIPAddress()));
Line 53: if (retJson != null)
Line 54: {
Line 55: var JO = JObject.Parse(retJson);
Line 56: string strDomain = HttpContext.Current.Session["Domain"].ToString();
Line 57: SubDomain sub = new SubDomain();
Line 58: string pageurl = GetRefddress();
Line 59: Pcalendar pc = new Pcalendar();
Line 60: DataBase db = new DataBase();
Line 61: DataTable dt = new DataTable();
Line 62: db.Connection = System.Web.Configuration.WebConfigurationManager.ConnectionStrings["HarmonyConnectionString"].ConnectionString;
Line 63: string dtime = pc.WhatDay() + " " + pc.WhatTime();
Line 64: db.SqlInsert("[Hack]", "[url],[Domain],[Date_Time],[IPAddress],[CountryCode],[CountryName],[RegionCode],[Region],[CityName],[CityCode],[Latitude],[Longitude]", "N'" + pageurl + "','" + strDomain + "','" + dtime + "','" + GetIPAddress() + "','" + JO["country_code"].ToString() + "','" + JO["country_name"].ToString() + "','" + JO["region_code"].ToString() + "','" + JO["region_name"].ToString() + "','" + JO["city"].ToString() + "','" + JO["zip"].ToString() + "','" + JO["latitude"].ToString() + "','" + JO["longitude"].ToString() + "'");
Line 65: }
Line 66: }
Line 67: catch { }
Line 68: }
Line 69: public static string DownloadDataNoAuth(string hostURI)
Line 70: {
Line 71: string retXml = string.Empty;
Line 72: try
Line 73: {
Line 74: HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(hostURI);
Line 75: request.Method = "GET";
Line 76: String responseLine = String.Empty;
Line 77: using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
Line 78: {
Line 79: using (Stream dataStream = response.GetResponseStream())
Line 80: {
Line 81: StreamReader sr = new StreamReader(dataStream);
Line 82: retXml = sr.ReadToEnd();
Line 83: sr.Close();
Line 84: dataStream.Close();
Line 85: }
Line 86: }
Line 87: }
Line 88: catch (Exception e)
Line 89: {
Line 90: retXml = null;
Line 91: }
Line 92: return retXml;
Line 93: }
Line 94: public static string GetIPAddress()
Line 95: {
Line 96: return HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];
Line 97: }
Line 98: public static string GetRefddress()
Line 99: {
Line 100: return HttpContext.Current.Request.ServerVariables["HTTP_REFERER"];
Line 101: }
Line 102: }
Line 103:
|