2010-10-19 22:17:34 +04:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
"""
|
|
|
|
$Id$
|
|
|
|
|
|
|
|
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|
|
|
See the file 'doc/COPYING' for copying permission
|
|
|
|
"""
|
|
|
|
|
|
|
|
import time
|
|
|
|
|
|
|
|
from lib.core.common import getUnicode
|
|
|
|
from lib.core.common import randomInt
|
|
|
|
from lib.core.data import conf
|
|
|
|
from lib.core.data import kb
|
|
|
|
from lib.core.data import logger
|
|
|
|
from lib.core.data import queries
|
|
|
|
from lib.core.session import setError
|
|
|
|
from lib.request import inject
|
|
|
|
|
|
|
|
def errorTest():
|
|
|
|
if conf.direct:
|
|
|
|
return
|
|
|
|
|
|
|
|
if kb.errorTest is not None:
|
|
|
|
return kb.errorTest
|
|
|
|
|
2010-10-31 19:58:38 +03:00
|
|
|
infoMsg = "testing error-based sql injection on parameter "
|
2010-10-19 22:17:34 +04:00
|
|
|
infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
|
|
|
|
logger.info(infoMsg)
|
|
|
|
|
2010-10-20 13:09:04 +04:00
|
|
|
randInt = getUnicode(randomInt(1))
|
2010-10-21 17:13:12 +04:00
|
|
|
query = queries[kb.dbms].case.query % ("%s=%s" % (randInt, randInt))
|
2010-10-31 19:58:38 +03:00
|
|
|
result, usedPayload = inject.goError(query, suppressOutput=True, returnPayload=True)
|
2010-10-19 22:17:34 +04:00
|
|
|
|
|
|
|
if result:
|
2010-10-31 19:58:38 +03:00
|
|
|
infoMsg = "the target url is affected by an error-based sql "
|
|
|
|
infoMsg += "injection on parameter '%s'" % kb.injParameter
|
2010-10-19 22:17:34 +04:00
|
|
|
logger.info(infoMsg)
|
|
|
|
|
|
|
|
kb.errorTest = True
|
|
|
|
else:
|
2010-10-31 19:58:38 +03:00
|
|
|
warnMsg = "the target url is not affected by an error-based sql "
|
|
|
|
warnMsg += "injection on parameter '%s'" % kb.injParameter
|
2010-10-19 22:17:34 +04:00
|
|
|
logger.warn(warnMsg)
|
|
|
|
|
|
|
|
kb.errorTest = False
|
|
|
|
|
|
|
|
setError()
|
|
|
|
|
2010-10-31 19:58:38 +03:00
|
|
|
if kb.errorTest:
|
|
|
|
return usedPayload
|
|
|
|
else:
|
|
|
|
return False
|