sqlmap/lib/utils/checkpayload.py

59 lines
1.6 KiB
Python
Raw Normal View History

#!/usr/bin/env python
"""
2010-01-25 12:21:39 +03:00
$Id$
2012-01-11 18:59:46 +04:00
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
"""
import re
2010-10-07 02:43:04 +04:00
from lib.core.common import readXmlFile
2010-10-25 19:37:43 +04:00
from lib.core.convert import urldecode
2010-01-25 13:06:52 +03:00
from lib.core.data import paths
from lib.core.data import logger
rules = None
2010-01-25 13:06:52 +03:00
def __adjustGrammar(string):
string = re.sub('\ADetects', 'Detected', string)
string = re.sub('\Afinds', 'Found', string)
string = re.sub('attempts\Z', 'attempt', string)
string = re.sub('injections\Z', 'injection', string)
string = re.sub('attacks\Z', 'attack', string)
2010-01-25 13:06:52 +03:00
return string
2010-10-25 19:37:43 +04:00
def checkPayload(payload):
"""
This method checks if the generated payload is detectable by the
PHPIDS filter rules
"""
if not payload:
return
global rules
2011-04-08 18:34:00 +04:00
detected = False
2010-10-25 19:37:43 +04:00
payload = urldecode(payload)
if not rules:
2010-10-25 22:38:54 +04:00
xmlrules = readXmlFile(paths.PHPIDS_RULES_XML)
rules = []
for xmlrule in xmlrules.getElementsByTagName("filter"):
2010-10-25 19:37:43 +04:00
rule = "(?i)%s" % xmlrule.getElementsByTagName('rule')[0].childNodes[0].nodeValue
desc = __adjustGrammar(xmlrule.getElementsByTagName('description')[0].childNodes[0].nodeValue)
rules.append((rule, desc))
if payload:
for rule, desc in rules:
if re.search(rule, payload):
2011-04-08 18:34:00 +04:00
detected = True
2010-10-29 15:00:23 +04:00
logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload))
2011-04-08 18:34:00 +04:00
if not detected:
logger.warn("payload '%s' possibly gone undetected" % payload)