automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)

2024-11-25 11:03:47 +03:00 · 2012-04-23 13:41:36 +00:00 · 2012-04-23 13:41:36 +00:00 · 3532d23933
commit 3532d23933
parent eb73cab636
2 changed files with 16 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -34,6 +34,7 @@ from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import showStaticWords
+from lib.core.common import singleTimeLogMessage
 from lib.core.common import singleTimeWarnMessage
 from lib.core.common import wasLastRequestDBMSError
 from lib.core.common import wasLastRequestHTTPError
@ -108,6 +109,20 @@ def checkSqlInjection(place, parameter, value):
                    logger.debug(debugMsg)
                    continue

+                match = re.search(r"(\d+)-(\d+)", test.request.columns)
+                if injection.data and match:
+                    lower, upper = int(match.group(1)), int(match.group(2))
+                    for _ in (lower, upper):
+                        if _ > 1:
+                            infoMsg = "automatically extending ranges "
+                            infoMsg += "for further UNION query injection technique tests as "
+                            infoMsg += "there is at least one other injection technique found"
+                            singleTimeLogMessage(infoMsg)
+
+                            test.request.columns = re.sub(r"\b%d\b" % _, str(2 * _), test.request.columns)
+                            title = re.sub(r"\b%d\b" % _, str(2 * _), title)
+                            test.title = re.sub(r"\b%d\b" % _, str(2 * _), test.title)
+
            # Skip test if the user's wants to test only for a specific
            # technique
            if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@ -59,7 +59,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
            infoMsg += "This should reduce the time needed "
            infoMsg += "to find the right number "
            infoMsg += "of query columns. Automatically extending the "
-            infoMsg += "range for UNION query injection technique"
+            infoMsg += "range for current UNION query injection technique test"
            singleTimeLogMessage(infoMsg)

            lowCols, highCols = 1, ORDER_BY_STEP