sqlmap/lib/techniques/error/test.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

import time

from lib.core.agent import agent
from lib.core.common import getUnicode
from lib.core.common import randomInt
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.session import setError
from lib.request import inject

def errorTest():
    if conf.direct:
        return

    if kb.errorTest is not None:
        return kb.errorTest

    infoMsg  = "testing error-based sql injection on parameter "
    infoMsg += "'%s' with %s condition syntax" % (kb.injection.parameter, conf.logic)
    logger.info(infoMsg)

    randInt = getUnicode(randomInt(1))
    query = queries[kb.dbms].case.query % ("%s=%s" % (randInt, randInt))
    result, usedPayload = inject.goError(query, suppressOutput=True, returnPayload=True)

    if result:
        infoMsg  = "the target url is affected by an error-based sql "
        infoMsg += "injection on parameter '%s'" % kb.injection.parameter
        logger.info(infoMsg)

        kb.errorTest = agent.removePayloadDelimiters(usedPayload, False)
    else:
        warnMsg  = "the target url is not affected by an error-based sql "
        warnMsg += "injection on parameter '%s'" % kb.injection.parameter
        logger.warn(warnMsg)

        kb.errorTest = False

    setError()

    return kb.errorTest
more update regarding error based injection support 2010-10-19 22:17:34 +04:00			`#!/usr/bin/env python`

			`"""`
			$Id$

			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
			`See the file 'doc/COPYING' for copying permission`
			`"""`

			`import time`

Consistency between --*-test switches/output 2010-11-08 19:46:25 +03:00			`from lib.core.agent import agent`
more update regarding error based injection support 2010-10-19 22:17:34 +04:00			`from lib.core.common import getUnicode`
			`from lib.core.common import randomInt`
			`from lib.core.data import conf`
			`from lib.core.data import kb`
			`from lib.core.data import logger`
			`from lib.core.data import queries`
			`from lib.core.session import setError`
			`from lib.request import inject`

			`def errorTest():`
			`if conf.direct:`
			`return`

			`if kb.errorTest is not None:`
			`return kb.errorTest`

Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`infoMsg = "testing error-based sql injection on parameter "`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`infoMsg += "'%s' with %s condition syntax" % (kb.injection.parameter, conf.logic)`
more update regarding error based injection support 2010-10-19 22:17:34 +04:00			`logger.info(infoMsg)`

code refactoring 2010-10-20 13:09:04 +04:00			`randInt = getUnicode(randomInt(1))`
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 17:13:12 +04:00			`query = queries[kb.dbms].case.query % ("%s=%s" % (randInt, randInt))`
Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`result, usedPayload = inject.goError(query, suppressOutput=True, returnPayload=True)`
more update regarding error based injection support 2010-10-19 22:17:34 +04:00
			`if result:`
Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`infoMsg = "the target url is affected by an error-based sql "`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`infoMsg += "injection on parameter '%s'" % kb.injection.parameter`
more update regarding error based injection support 2010-10-19 22:17:34 +04:00			`logger.info(infoMsg)`

Consistency between --*-test switches/output 2010-11-08 19:46:25 +03:00			`kb.errorTest = agent.removePayloadDelimiters(usedPayload, False)`
more update regarding error based injection support 2010-10-19 22:17:34 +04:00			`else:`
Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`warnMsg = "the target url is not affected by an error-based sql "`
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 2010-11-28 21:10:54 +03:00			`warnMsg += "injection on parameter '%s'" % kb.injection.parameter`
more update regarding error based injection support 2010-10-19 22:17:34 +04:00			`logger.warn(warnMsg)`

			`kb.errorTest = False`

			`setError()`

Consistency between --*-test switches/output 2010-11-08 19:46:25 +03:00			`return kb.errorTest`