mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 13:03:50 +03:00
more update regarding error based injection support
This commit is contained in:
parent
b2e0b615f8
commit
4009ef385e
|
@ -16,6 +16,7 @@ from lib.core.data import paths
|
||||||
from lib.core.exception import sqlmapUnsupportedDBMSException
|
from lib.core.exception import sqlmapUnsupportedDBMSException
|
||||||
from lib.core.settings import SUPPORTED_DBMS
|
from lib.core.settings import SUPPORTED_DBMS
|
||||||
from lib.techniques.blind.timebased import timeTest
|
from lib.techniques.blind.timebased import timeTest
|
||||||
|
from lib.techniques.error.error import errorTest
|
||||||
from lib.techniques.inband.union.test import unionTest
|
from lib.techniques.inband.union.test import unionTest
|
||||||
from lib.techniques.outband.stacked import stackedTest
|
from lib.techniques.outband.stacked import stackedTest
|
||||||
|
|
||||||
|
@ -57,6 +58,9 @@ def action():
|
||||||
if conf.stackedTest:
|
if conf.stackedTest:
|
||||||
conf.dumper.technic("stacked queries support", stackedTest())
|
conf.dumper.technic("stacked queries support", stackedTest())
|
||||||
|
|
||||||
|
if conf.errorTest:
|
||||||
|
conf.dumper.technic("error based injection support", errorTest())
|
||||||
|
|
||||||
if conf.timeTest:
|
if conf.timeTest:
|
||||||
conf.dumper.technic("time based blind sql injection payload", timeTest())
|
conf.dumper.technic("time based blind sql injection payload", timeTest())
|
||||||
|
|
||||||
|
|
|
@ -1050,6 +1050,7 @@ def __setKnowledgeBaseAttributes():
|
||||||
kb.dep = None
|
kb.dep = None
|
||||||
kb.docRoot = None
|
kb.docRoot = None
|
||||||
kb.dynamicContent = []
|
kb.dynamicContent = []
|
||||||
|
kb.errorTest = None
|
||||||
kb.headersCount = 0
|
kb.headersCount = 0
|
||||||
kb.headersFp = {}
|
kb.headersFp = {}
|
||||||
kb.hintValue = None
|
kb.hintValue = None
|
||||||
|
|
|
@ -196,6 +196,15 @@ def setStacked():
|
||||||
if condition:
|
if condition:
|
||||||
dataToSessionFile("[%s][%s][%s][Stacked queries][%s]\n" % (conf.url, kb.injPlace, safeFormatString(conf.parameters[kb.injPlace]), kb.stackedTest))
|
dataToSessionFile("[%s][%s][%s][Stacked queries][%s]\n" % (conf.url, kb.injPlace, safeFormatString(conf.parameters[kb.injPlace]), kb.stackedTest))
|
||||||
|
|
||||||
|
def setError():
|
||||||
|
condition = (
|
||||||
|
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
|
not kb.resumedQueries[conf.url].has_key("Error based injection") )
|
||||||
|
)
|
||||||
|
|
||||||
|
if condition:
|
||||||
|
dataToSessionFile("[%s][%s][%s][Error based injection][Yes]\n" % (conf.url, kb.injPlace, safeFormatString(conf.parameters[kb.injPlace])))
|
||||||
|
|
||||||
def setUnion(comment=None, count=None, position=None, negative=False, falseCond=False):
|
def setUnion(comment=None, count=None, position=None, negative=False, falseCond=False):
|
||||||
"""
|
"""
|
||||||
@param comment: union comment to save in session file
|
@param comment: union comment to save in session file
|
||||||
|
|
|
@ -290,6 +290,7 @@ def initTargetEnv():
|
||||||
kb.dbms = None
|
kb.dbms = None
|
||||||
kb.dbmsDetected = False
|
kb.dbmsDetected = False
|
||||||
kb.dbmsVersion = [ "Unknown" ]
|
kb.dbmsVersion = [ "Unknown" ]
|
||||||
|
kb.errorTest = None
|
||||||
kb.htmlFp = []
|
kb.htmlFp = []
|
||||||
kb.lastErrorPage = None
|
kb.lastErrorPage = None
|
||||||
kb.injParameter = None
|
kb.injParameter = None
|
||||||
|
@ -298,6 +299,8 @@ def initTargetEnv():
|
||||||
kb.nullConnection = None
|
kb.nullConnection = None
|
||||||
kb.parenthesis = None
|
kb.parenthesis = None
|
||||||
kb.proxyAuthHeader = None
|
kb.proxyAuthHeader = None
|
||||||
|
kb.stackedTest = None
|
||||||
|
kb.timeTest = None
|
||||||
kb.unionComment = ""
|
kb.unionComment = ""
|
||||||
kb.unionCount = None
|
kb.unionCount = None
|
||||||
kb.unionPosition = None
|
kb.unionPosition = None
|
||||||
|
|
|
@ -491,6 +491,10 @@ def cmdLineParser():
|
||||||
parser.add_option("--error", dest="error", action="store_true",
|
parser.add_option("--error", dest="error", action="store_true",
|
||||||
default=False, help=SUPPRESS_HELP)
|
default=False, help=SUPPRESS_HELP)
|
||||||
|
|
||||||
|
parser.add_option("--error-test", dest="errorTest",
|
||||||
|
action="store_true", default=False,
|
||||||
|
help=SUPPRESS_HELP)
|
||||||
|
|
||||||
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", default=10,
|
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", default=10,
|
||||||
help=SUPPRESS_HELP)
|
help=SUPPRESS_HELP)
|
||||||
|
|
||||||
|
|
|
@ -445,3 +445,13 @@ def goStacked(expression, silent=False):
|
||||||
page, _ = Request.queryPage(payload, content=True, silent=silent)
|
page, _ = Request.queryPage(payload, content=True, silent=silent)
|
||||||
|
|
||||||
return payload, page
|
return payload, page
|
||||||
|
|
||||||
|
def goError(expression):
|
||||||
|
#expression = cleanQuery(expression)
|
||||||
|
|
||||||
|
if conf.direct:
|
||||||
|
return direct(expression), None
|
||||||
|
|
||||||
|
result = __goError(expression)
|
||||||
|
|
||||||
|
return result
|
||||||
|
|
|
@ -20,7 +20,7 @@ from lib.request.connect import Connect as Request
|
||||||
|
|
||||||
def timeTest():
|
def timeTest():
|
||||||
infoMsg = "testing time based blind sql injection on parameter "
|
infoMsg = "testing time based blind sql injection on parameter "
|
||||||
infoMsg += "'%s' with AND condition syntax" % kb.injParameter
|
infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
timeQuery = getDelayQuery(andCond=True)
|
timeQuery = getDelayQuery(andCond=True)
|
||||||
|
|
51
lib/techniques/error/error.py
Normal file
51
lib/techniques/error/error.py
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
$Id$
|
||||||
|
|
||||||
|
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
||||||
|
See the file 'doc/COPYING' for copying permission
|
||||||
|
"""
|
||||||
|
|
||||||
|
import time
|
||||||
|
|
||||||
|
from lib.core.common import getUnicode
|
||||||
|
from lib.core.common import randomInt
|
||||||
|
from lib.core.data import conf
|
||||||
|
from lib.core.data import kb
|
||||||
|
from lib.core.data import logger
|
||||||
|
from lib.core.data import queries
|
||||||
|
from lib.core.session import setError
|
||||||
|
from lib.request import inject
|
||||||
|
|
||||||
|
def errorTest():
|
||||||
|
if conf.direct:
|
||||||
|
return
|
||||||
|
|
||||||
|
if kb.errorTest is not None:
|
||||||
|
return kb.errorTest
|
||||||
|
|
||||||
|
infoMsg = "testing error based sql injection on parameter "
|
||||||
|
infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
randInt = getUnicode(randomInt(1))
|
||||||
|
query = queries[kb.dbms].case % ("%s=%s" % (randInt, randInt))
|
||||||
|
result = inject.goError(query)
|
||||||
|
|
||||||
|
if result:
|
||||||
|
infoMsg = "the web application supports error based injection "
|
||||||
|
infoMsg += "on parameter '%s'" % kb.injParameter
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
kb.errorTest = True
|
||||||
|
else:
|
||||||
|
warnMsg = "the web application does not support error based injection "
|
||||||
|
warnMsg += "on parameter '%s'" % kb.injParameter
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
kb.errorTest = False
|
||||||
|
|
||||||
|
setError()
|
||||||
|
|
||||||
|
return kb.errorTest
|
Loading…
Reference in New Issue
Block a user