Cleaning

Author: ron190

model/src/main/java/com/jsql/model/accessible/ExploitMethod.java

@@ -4,10 +4,10 @@
 import java.util.Optional;
 
 public enum ExploitMethod {
-    AUTO("KEY_LABEL_AUTO", "KEY_TOOLTIP_AUTO"),
-    QUERY_BODY("KEY_LABEL_QUERY_BODY", "KEY_TOOLTIP_QUERY_BODY"),
-    TEMP_TABLE("KEY_LABEL_TEMP_TABLE", "KEY_TOOLTIP_TEMP_TABLE"),
-    NETSHARE("KEY_LABEL_NETSHARE", "KEY_TOOLTIP_NETSHARE");
+    AUTO("MODE_AUTO", "MODE_AUTO_TOOLTIP"),
+    QUERY_BODY("MODE_QUERY_BODY", "MODE_QUERY_BODY_TOOLTIP"),
+    TEMP_TABLE("MODE_TEMP_TABLE", "MODE_TEMP_TABLE_TOOLTIP"),
+    NETSHARE("MODE_NETSHARE", "MODE_NETSHARE_TOOLTIP");
     private final String keyLabel;
     private final String keyTooltip;
     ExploitMethod(String keyLabel, String keyTooltip) {

model/src/main/resources/config.properties

@@ -2,7 +2,7 @@ jsql.version = 0.106
 
 github.url = https://github.com/ron190/jsql-injection
 github.issues.url = https://api.github.com/repos/ron190/jsql-injection/issues
-github.token = Z2hwX3FPcVpvWU1BRUVhUlFiY3JSMHNFT3BGaGtIVks1SzNud3gwVg
+github.token = Z2hwX25qSFN1TzYyR1VoVHozZzNhdHE0VFJKaWlJQ2NZTzA4UG9KTQ==
 
 github.webservice.url = https://raw.githubusercontent.com/ron190/jsql-injection/master/web/services/jsql-injection.json
 github.webservice.i18n.root = https://raw.githubusercontent.com/ron190/jsql-injection/master/model/src/main/resources/i18n/jsql.properties

model/src/main/resources/i18n/jsql.properties

@@ -8,7 +8,6 @@ COPY ./ ./
 
 ENV DEBUG_COLORS "true"
 ENV TERM xterm-256color
-ENV DEBIAN_FRONTEND noninteractive
 ENV COLORTERM truecolor
 ENV MAVEN_NASHORN ${MAVEN_NASHORN}
 ENV MAVEN_BYTEBUDDY ${MAVEN_BYTEBUDDY}

model/src/test/resources/docker/Dockerfile.jsql

@@ -177,7 +177,7 @@ public void mouseReleased(MouseEvent evt) {
         // Create a custom tab header
         var header = new TabHeader(
             this.url.replaceAll(".*/", StringUtils.EMPTY),
-                UiUtil.ADMIN.getIcon()
+            UiUtil.ADMIN.getIcon()
         );
         MediatorHelper.tabResults().setTabComponentAt(MediatorHelper.tabResults().indexOfComponent(scroller), header);  // Apply the custom header to the tab
         browser.setCaretPosition(0);

view/src/main/java/com/jsql/view/swing/interaction/CreateAdminPageTab.java

@@ -53,9 +53,7 @@ public MouseAdapterMenuAction(DnDList dndList) {
      */
     @SuppressWarnings("unchecked")
     public void showPopup(final MouseEvent mouseEvent) {
-        
         if (mouseEvent.isPopupTrigger()) {
-            
             JList<ItemList> list = (JList<ItemList>) mouseEvent.getSource();
 
             JPopupMenu popupMenuList = this.initMenu(mouseEvent);

view/src/main/java/com/jsql/view/swing/list/MouseAdapterMenuAction.java

@@ -53,27 +53,27 @@ public class ManagerExploit extends AbstractManagerList {
     private final AtomicReference<JTextField> netshare = new AtomicReference<>();
     protected final JTextField textfieldUrlShell;
 
-    public static final String KEY_UDF_TAB = "UDF_TAB";
-    public static final String KEY_EXPLOIT_WEB_MYSQL = "EXPLOIT_WEB_MYSQL";
-    public static final String KEY_EXPLOIT_WEB_SQLITE = "EXPLOIT_WEB_SQLITE";
-    public static final String KEY_EXPLOIT_SQL_MYSQL = "EXPLOIT_SQL_MYSQL";
-    public static final String KEY_EXPLOIT_UPLOAD_MYSQL = "EXPLOIT_UPLOAD_MYSQL";
-    public static final String KEY_EXPLOIT_UPLOAD_SQLITE = "EXPLOIT_UPLOAD_SQLITE";
-    public static final String KEY_RCE_TAB = "RCE_TAB";
+    public static final String EXPLOIT_UDF = "EXPLOIT_UDF";
+    public static final String EXPLOIT_WEB_MYSQL = "EXPLOIT_WEB_MYSQL";
+    public static final String EXPLOIT_WEB_SQLITE = "EXPLOIT_WEB_SQLITE";
+    public static final String EXPLOIT_SQL_MYSQL = "EXPLOIT_SQL_MYSQL";
+    public static final String EXPLOIT_UPLOAD_MYSQL = "EXPLOIT_UPLOAD_MYSQL";
+    public static final String EXPLOIT_UPLOAD_SQLITE = "EXPLOIT_UPLOAD_SQLITE";
+    public static final String EXPLOIT_RCE = "EXPLOIT_RCE";
 
     private final JComboBox<Object> comboBoxExploitTypes = new JComboBox<>(new Object[]{
-        new ModelItemType(ManagerExploit.KEY_UDF_TAB, "UDF_TOOLTIP"),
-        new ModelItemType(ManagerExploit.KEY_RCE_TAB, "RCE_TOOLTIP"),
+        new ModelItemType(ManagerExploit.EXPLOIT_UDF, "EXPLOIT_UDF_TOOLTIP"),
+        new ModelItemType(ManagerExploit.EXPLOIT_RCE, "EXPLOIT_RCE_TOOLTIP"),
         ComboBoxMethodRenderer.SEPARATOR,
-        new ModelItemType(ManagerExploit.KEY_EXPLOIT_WEB_MYSQL, "EXPLOIT_WEB_MYSQL_TOOLTIP"),
-        new ModelItemType(ManagerExploit.KEY_EXPLOIT_SQL_MYSQL, "EXPLOIT_SQL_MYSQL_TOOLTIP"),
-        new ModelItemType(ManagerExploit.KEY_EXPLOIT_UPLOAD_MYSQL, "EXPLOIT_UPLOAD_MYSQL_TOOLTIP"),
+        new ModelItemType(ManagerExploit.EXPLOIT_WEB_MYSQL, "EXPLOIT_WEB_MYSQL_TOOLTIP"),
+        new ModelItemType(ManagerExploit.EXPLOIT_SQL_MYSQL, "EXPLOIT_SQL_MYSQL_TOOLTIP"),
+        new ModelItemType(ManagerExploit.EXPLOIT_UPLOAD_MYSQL, "EXPLOIT_UPLOAD_MYSQL_TOOLTIP"),
         ComboBoxMethodRenderer.SEPARATOR,
-        new ModelItemType(ManagerExploit.KEY_EXPLOIT_WEB_SQLITE, "EXPLOIT_WEB_SQLITE_TOOLTIP"),
-        new ModelItemType(ManagerExploit.KEY_EXPLOIT_UPLOAD_SQLITE, "EXPLOIT_UPLOAD_SQLITE_TOOLTIP"),
+        new ModelItemType(ManagerExploit.EXPLOIT_WEB_SQLITE, "EXPLOIT_WEB_SQLITE_TOOLTIP"),
+        new ModelItemType(ManagerExploit.EXPLOIT_UPLOAD_SQLITE, "EXPLOIT_UPLOAD_SQLITE_TOOLTIP"),
     });
 
-    private final JComboBox<Object> comboBoxExploitMethods = new JComboBox<>(new Object[]{
+    private final JComboBox<Object> comboBoxExploitModes = new JComboBox<>(new Object[]{
         ExploitMethod.AUTO,
         ComboBoxMethodRenderer.SEPARATOR,
         ExploitMethod.QUERY_BODY,
@@ -151,17 +151,17 @@ public JToolTip createToolTip() {
             Arrays.asList(this.username.get(), this.password.get(), this.scrollListPaths, this.textfieldUrlShell)
             .forEach(component -> component.setVisible(false));
             ModelItemType selectedItem = (ModelItemType) e.getItem();
-            if (!Arrays.asList(ManagerExploit.KEY_UDF_TAB, ManagerExploit.KEY_RCE_TAB).contains(selectedItem.getKeyLabel())) {
+            if (!Arrays.asList(ManagerExploit.EXPLOIT_UDF, ManagerExploit.EXPLOIT_RCE).contains(selectedItem.getKeyLabel())) {
                 this.scrollListPaths.setVisible(true);
                 this.textfieldUrlShell.setVisible(true);
-                if (ManagerExploit.KEY_EXPLOIT_SQL_MYSQL.equals(selectedItem.getKeyLabel())) {
+                if (ManagerExploit.EXPLOIT_SQL_MYSQL.equals(selectedItem.getKeyLabel())) {
                     this.username.get().setVisible(true);
                     this.password.get().setVisible(true);
                 }
             }
             this.updateUI();  // required to adapt panel
         });
-        this.comboBoxExploitMethods.addItemListener(e -> {
+        this.comboBoxExploitModes.addItemListener(e -> {
             if (e.getStateChange() == ItemEvent.SELECTED && e.getItem() instanceof ExploitMethod) {
                 ExploitMethod selectedItem = (ExploitMethod) e.getItem();
                 this.netshare.get().setVisible(false);
@@ -172,8 +172,8 @@ public JToolTip createToolTip() {
             }
         });
 
-        this.comboBoxExploitMethods.setRenderer(new ComboBoxMethodRenderer());
-        this.comboBoxExploitMethods.addActionListener(new SeparatorListener(this.comboBoxExploitMethods));
+        this.comboBoxExploitModes.setRenderer(new ComboBoxMethodRenderer());
+        this.comboBoxExploitModes.addActionListener(new SeparatorListener(this.comboBoxExploitModes));
         var labelUsing = new JLabel("via");
         labelUsing.setBorder(BorderFactory.createEmptyBorder(5, 0, 5, 0));
         groupLayout.setHorizontalGroup(
@@ -184,7 +184,7 @@ public JToolTip createToolTip() {
                 .createSequentialGroup()
                 .addComponent(this.comboBoxExploitTypes)
                 .addComponent(labelUsing, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE)
-                .addComponent(this.comboBoxExploitMethods, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE)
+                .addComponent(this.comboBoxExploitModes, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE, GroupLayout.PREFERRED_SIZE)
             )
             .addGroup(
                 groupLayout.createParallelGroup()
@@ -202,7 +202,7 @@ public JToolTip createToolTip() {
                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
                 .addComponent(this.comboBoxExploitTypes)
                 .addComponent(labelUsing)
-                .addComponent(this.comboBoxExploitMethods)
+                .addComponent(this.comboBoxExploitModes)
             )
             .addGroup(
                 groupLayout
@@ -235,7 +235,7 @@ public ActionExploit(JComboBox<Object> comboBoxExploitTypes) {
         public void actionPerformed(ActionEvent evt) {
             var modelSelectItem = (ModelItemType) this.comboBoxExploitTypes.getSelectedItem();
             var labelSelectItem = Objects.requireNonNull(modelSelectItem).getKeyLabel();
-            if (Arrays.asList(ManagerExploit.KEY_UDF_TAB, ManagerExploit.KEY_RCE_TAB).contains(labelSelectItem)) {
+            if (Arrays.asList(ManagerExploit.EXPLOIT_UDF, ManagerExploit.EXPLOIT_RCE).contains(labelSelectItem)) {
                 new SwingWorker<>() {
                     @Override
                     protected Object doInBackground() { Thread.currentThread().setName("SwingWorkerExploitUdf");
@@ -246,7 +246,7 @@ public void actionPerformed(ActionEvent evt) {
                 return;
             }
             if (
-                ManagerExploit.KEY_EXPLOIT_SQL_MYSQL.equals(labelSelectItem)
+                ManagerExploit.EXPLOIT_SQL_MYSQL.equals(labelSelectItem)
                 && (
                     ManagerExploit.this.password.get().getText().isEmpty()
                     || ManagerExploit.this.username.get().getText().isEmpty()
@@ -257,20 +257,20 @@ public void actionPerformed(ActionEvent evt) {
             }
             if (
                 Arrays.asList(
-                    ManagerExploit.KEY_EXPLOIT_SQL_MYSQL, ManagerExploit.KEY_EXPLOIT_UPLOAD_MYSQL, ManagerExploit.KEY_EXPLOIT_WEB_MYSQL, ManagerExploit.KEY_UDF_TAB
+                    ManagerExploit.EXPLOIT_SQL_MYSQL, ManagerExploit.EXPLOIT_UPLOAD_MYSQL, ManagerExploit.EXPLOIT_WEB_MYSQL, ManagerExploit.EXPLOIT_UDF
                 ).contains(labelSelectItem)
                 && MediatorHelper.model().getMediatorVendor().getVendor() != MediatorHelper.model().getMediatorVendor().getMysql()
             ) {
                 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Unsupported for [{}], choose a MySQL target instead", MediatorHelper.model().getMediatorVendor().getVendor());
                 return;
             } else if (
-                Arrays.asList(ManagerExploit.KEY_EXPLOIT_UPLOAD_SQLITE, ManagerExploit.KEY_EXPLOIT_WEB_SQLITE).contains(labelSelectItem)
+                Arrays.asList(ManagerExploit.EXPLOIT_UPLOAD_SQLITE, ManagerExploit.EXPLOIT_WEB_SQLITE).contains(labelSelectItem)
                 && MediatorHelper.model().getMediatorVendor().getVendor() != MediatorHelper.model().getMediatorVendor().getSqlite()
             ) {
                 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Unsupported for [{}], choose a SQLite target instead", MediatorHelper.model().getMediatorVendor().getVendor());
                 return;
             } else if (
-                ManagerExploit.KEY_RCE_TAB.equals(labelSelectItem)
+                ManagerExploit.EXPLOIT_RCE.equals(labelSelectItem)
                 && MediatorHelper.model().getMediatorVendor().getVendor() != MediatorHelper.model().getMediatorVendor().getOracle()
             ) {
                 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Unsupported for [{}], choose an Oracle target instead", MediatorHelper.model().getMediatorVendor().getVendor());
@@ -300,7 +300,7 @@ public void actionPerformed(ActionEvent evt) {
             }
 
             AtomicReference<File> fileToUpload = new AtomicReference<>();
-            if (Arrays.asList(ManagerExploit.KEY_EXPLOIT_UPLOAD_MYSQL, ManagerExploit.KEY_EXPLOIT_UPLOAD_SQLITE).contains(labelSelectItem)) {
+            if (Arrays.asList(ManagerExploit.EXPLOIT_UPLOAD_MYSQL, ManagerExploit.EXPLOIT_UPLOAD_SQLITE).contains(labelSelectItem)) {
                 fileToUpload.set(ManagerExploit.chooseFile());
                 if (fileToUpload.get() == null) {
                     LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Missing file, please select a file");
@@ -344,7 +344,7 @@ private static File chooseFile() {
     }
 
     protected void createPayload(String remotePathFolder, String urlShell, File fileToUpload) throws JSqlException {
-        var exploitMethod = ExploitMethod.forName(Objects.requireNonNull(this.comboBoxExploitMethods.getSelectedItem()).toString())
+        var exploitMethod = ExploitMethod.forName(Objects.requireNonNull(this.comboBoxExploitModes.getSelectedItem()).toString())
         .orElse(ExploitMethod.AUTO);
 
         if (remotePathFolder != null && !remotePathFolder.endsWith("/")) {
@@ -356,23 +356,23 @@ protected void createPayload(String remotePathFolder, String urlShell, File file
         }
 
         var modelItemType = Objects.requireNonNull((ModelItemType) this.comboBoxExploitTypes.getSelectedItem());
-        if (ManagerExploit.KEY_UDF_TAB.equals(modelItemType.getKeyLabel())) {
+        if (ManagerExploit.EXPLOIT_UDF.equals(modelItemType.getKeyLabel())) {
             MediatorHelper.model().getUdfAccess().createUdf(pathNetshare, exploitMethod);
-        } else if (ManagerExploit.KEY_RCE_TAB.equals(modelItemType.getKeyLabel())) {
+        } else if (ManagerExploit.EXPLOIT_RCE.equals(modelItemType.getKeyLabel())) {
             MediatorHelper.model().getUdfAccess().createExploitRce(exploitMethod);
-        } else if (ManagerExploit.KEY_EXPLOIT_WEB_MYSQL.equals(modelItemType.getKeyLabel())) {
+        } else if (ManagerExploit.EXPLOIT_WEB_MYSQL.equals(modelItemType.getKeyLabel())) {
             MediatorHelper.model().getResourceAccess().createExploitWebMysql(
                 remotePathFolder,
                 urlShell,
                 pathNetshare,
                 exploitMethod
             );
-        } else if (ManagerExploit.KEY_EXPLOIT_WEB_SQLITE.equals(modelItemType.getKeyLabel())) {
+        } else if (ManagerExploit.EXPLOIT_WEB_SQLITE.equals(modelItemType.getKeyLabel())) {
             MediatorHelper.model().getResourceAccess().createExploitWebSqlite(
                 remotePathFolder,
                 urlShell
             );
-        } else if (ManagerExploit.KEY_EXPLOIT_SQL_MYSQL.equals(modelItemType.getKeyLabel())) {
+        } else if (ManagerExploit.EXPLOIT_SQL_MYSQL.equals(modelItemType.getKeyLabel())) {
             MediatorHelper.model().getResourceAccess().createExploitSqlMysql(
                 remotePathFolder,
                 urlShell,
@@ -381,15 +381,15 @@ protected void createPayload(String remotePathFolder, String urlShell, File file
                 this.username.get().getText(),
                 this.password.get().getText()
             );
-        } else if (ManagerExploit.KEY_EXPLOIT_UPLOAD_MYSQL.equals(modelItemType.getKeyLabel())) {
+        } else if (ManagerExploit.EXPLOIT_UPLOAD_MYSQL.equals(modelItemType.getKeyLabel())) {
             MediatorHelper.model().getResourceAccess().createExploitUploadMysql(
                 remotePathFolder,
                 urlShell,
                 pathNetshare,
                 exploitMethod,
                 fileToUpload
             );
-        } else if (ManagerExploit.KEY_EXPLOIT_UPLOAD_SQLITE.equals(modelItemType.getKeyLabel())) {
+        } else if (ManagerExploit.EXPLOIT_UPLOAD_SQLITE.equals(modelItemType.getKeyLabel())) {
             MediatorHelper.model().getResourceAccess().createExploitUploadSqlite(
                 remotePathFolder,
                 urlShell,

view/src/main/java/com/jsql/view/swing/manager/ManagerExploit.java

@@ -1,11 +1,10 @@
 {
     "version": "0.106",
     "news": [
-        "[Credit: @selectfromblackhydra] RCE shell for oracle added to tab Exploits, needs reviewers and testers",
-        "[Credit: @mrdragonblack] UDF shell for mysql added to tab Exploits, now run system command on remote easily",
-        "[HowTo UDF/RCE] How to use shells explained on GitHub at https://github.com/ron190/jsql-injection/wiki/Exploit",
+        "[v0.107] New SQLite php shell, including MySQL php shell, Oracle RCE and MySQL UDF shell",
+        "[UDF/RCE] How to use shells explained on GitHub at https://github.com/ron190/jsql-injection/wiki/Exploit",
         "[Pinned] Report any bugs and thoughts and add your star to the project at https://github.com/ron190/jsql-injection",
-        "[Community] Improve your CTF and bounty research, what should be done by jSQL that you do manually?",
-        "[Contribute] Some translation is still missing, open menu Community and translate a single item to make progress"
+        "[Community] What should be done by jSQL that you do manually? Improve your CTF and bounty research by contributing",
+        "[Contribute] Some button translation is still missing, open menu Community and translate a single item to make progress"
     ]
 }

web/services/jsql-injection.json

@@ -3,7 +3,7 @@
 
 $drv = new PJBS(null, null);
 
-$drv->connect('jdbc:postgres://ip:port/db', 'login', 'password');
+$drv->connect('jdbc:postgresql://ip:port/db', 'login', 'password');
 
 $res = $drv->exec("SELECT col1, col2 FROM my_table where id=$_GET[lib]");