mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-03-23 19:34:13 +03:00
implemented checkFalsePositives method (simple Turing like tests)
This commit is contained in:
Miroslav Stampar
parent
7df954dd9f
commit
304500a2e8
|
|
@ -59,6 +59,7 @@ from lib.core.settings import LOWER_RATIO_BOUND
|
||||||
from lib.core.settings import UPPER_RATIO_BOUND
|
from lib.core.settings import UPPER_RATIO_BOUND
|
||||||
from lib.core.threads import getCurrentThreadData
|
from lib.core.threads import getCurrentThreadData
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
from lib.request.inject import checkBooleanExpression
|
||||||
from lib.request.templates import getPageTemplate
|
from lib.request.templates import getPageTemplate
|
||||||
from lib.techniques.inband.union.test import unionTest
|
from lib.techniques.inband.union.test import unionTest
|
||||||
from lib.techniques.inband.union.use import configUnion
|
from lib.techniques.inband.union.use import configUnion
|
||||||
|
|
@ -485,10 +486,50 @@ def checkSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
# Return the injection object
|
# Return the injection object
|
||||||
if injection.place is not None and injection.parameter is not None:
|
if injection.place is not None and injection.parameter is not None:
|
||||||
|
injection = checkFalsePositives(injection)
|
||||||
return injection
|
return injection
|
||||||
else:
|
else:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
def checkFalsePositives(injection):
|
||||||
|
"""
|
||||||
|
Checks for false positives
|
||||||
|
"""
|
||||||
|
|
||||||
|
retVal = injection
|
||||||
|
|
||||||
|
if len(injection.data) == 1 and any(map(lambda x: x in injection.data, [PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED])):
|
||||||
|
pushValue(kb.injection)
|
||||||
|
|
||||||
|
infoMsg = "testing if an injection point on %s parameter " % injection.place
|
||||||
|
infoMsg += "'%s' is a false positive" % injection.parameter
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
kb.injection = injection
|
||||||
|
randInt1, randInt2 = int(randomInt(2)) + 1, int(randomInt(2)) + 1
|
||||||
|
|
||||||
|
# just in case (also, they have to be different than 0 because of the last test)
|
||||||
|
while randInt1 == randInt2:
|
||||||
|
randInt2 = int(randomInt(2)) + 1
|
||||||
|
|
||||||
|
# simple arithmetic operations like in Turing tests
|
||||||
|
if not checkBooleanExpression("(%d+%d)=%d" % (randInt1, randInt2, randInt1 + randInt2)):
|
||||||
|
retVal = None
|
||||||
|
elif checkBooleanExpression("%d=%d" % (randInt1, randInt2)):
|
||||||
|
retVal = None
|
||||||
|
elif not checkBooleanExpression("%d=(%d-%d)" % (abs(randInt1 - randInt2), max(randInt1, randInt2), min(randInt1, randInt2))):
|
||||||
|
retVal = None
|
||||||
|
elif checkBooleanExpression("(%d+%d)=(%d-%d)" % (randInt1, randInt2, randInt1, randInt2)):
|
||||||
|
retVal = None
|
||||||
|
|
||||||
|
if retVal is None:
|
||||||
|
warnMsg = "false positive injection point detected"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
kb.injection = popValue()
|
||||||
|
|
||||||
|
return retVal
|
||||||
|
|
||||||
def heuristicCheckSqlInjection(place, parameter):
|
def heuristicCheckSqlInjection(place, parameter):
|
||||||
if kb.nullConnection:
|
if kb.nullConnection:
|
||||||
debugMsg = "heuristic checking skipped "
|
debugMsg = "heuristic checking skipped "
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user