mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 13:03:50 +03:00
Implementation of an Issue #161
This commit is contained in:
parent
6210ddfbd6
commit
61151447fe
|
@ -627,21 +627,27 @@ def heuristicCheckSqlInjection(place, parameter):
|
||||||
page, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
page, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||||
|
|
||||||
parseFilePaths(page)
|
parseFilePaths(page)
|
||||||
|
|
||||||
result = wasLastRequestDBMSError()
|
result = wasLastRequestDBMSError()
|
||||||
|
|
||||||
infoMsg = "heuristic test shows that %s " % place
|
infoMsg = "heuristic test shows that %s " % place
|
||||||
infoMsg += "parameter '%s' might " % parameter
|
infoMsg += "parameter '%s' might " % parameter
|
||||||
|
|
||||||
|
casting = False
|
||||||
if not result and kb.dynamicParameter:
|
if not result and kb.dynamicParameter:
|
||||||
_ = conf.paramDict[place][parameter]
|
origValue = conf.paramDict[place][parameter]
|
||||||
|
|
||||||
if _ and _.isdigit():
|
if origValue and origValue.isdigit():
|
||||||
randInt = int(randomInt())
|
randInt = int(randomInt())
|
||||||
payload = "%s%s%s" % (prefix, "%d-%d" % (int(_) + randInt, randInt), suffix)
|
payload = "%s%s%s" % (prefix, "%d-%d" % (int(origValue) + randInt, randInt), suffix)
|
||||||
payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
|
payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
|
||||||
result = Request.queryPage(payload, place, raise404=False)
|
result = Request.queryPage(payload, place, raise404=False)
|
||||||
|
|
||||||
|
if not result:
|
||||||
|
randStr = randomStr()
|
||||||
|
payload = "%s%s%s" % (prefix, "%s%s" % (origValue, randStr), suffix)
|
||||||
|
payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
|
||||||
|
casting = Request.queryPage(payload, place, raise404=False)
|
||||||
|
|
||||||
kb.heuristicTest = result
|
kb.heuristicTest = result
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
|
@ -651,6 +657,15 @@ def heuristicCheckSqlInjection(place, parameter):
|
||||||
infoMsg += "not be injectable"
|
infoMsg += "not be injectable"
|
||||||
logger.warn(infoMsg)
|
logger.warn(infoMsg)
|
||||||
|
|
||||||
|
if casting:
|
||||||
|
errMsg = "possible integer casting "
|
||||||
|
errMsg += "detected (e.g. %s=(int)$_REQUEST('%s')) " % (parameter, parameter)
|
||||||
|
errMsg += "at the back-end web application"
|
||||||
|
logger.error(errMsg)
|
||||||
|
|
||||||
|
message = "do you want to skip those kind of cases? [Y/n] "
|
||||||
|
kb.ignoreCasted = readInput(message, default='Y').upper() != 'N'
|
||||||
|
|
||||||
return result
|
return result
|
||||||
|
|
||||||
def checkDynParam(place, parameter, value):
|
def checkDynParam(place, parameter, value):
|
||||||
|
|
|
@ -454,7 +454,7 @@ def start():
|
||||||
check = heuristicCheckSqlInjection(place, parameter)
|
check = heuristicCheckSqlInjection(place, parameter)
|
||||||
|
|
||||||
if not check:
|
if not check:
|
||||||
if conf.smart:
|
if conf.smart or kb.ignoreCasted:
|
||||||
infoMsg = "skipping %s parameter '%s'" % (place, parameter)
|
infoMsg = "skipping %s parameter '%s'" % (place, parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
|
|
@ -1496,6 +1496,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.htmlFp = []
|
kb.htmlFp = []
|
||||||
kb.httpErrorCodes = {}
|
kb.httpErrorCodes = {}
|
||||||
kb.inferenceMode = False
|
kb.inferenceMode = False
|
||||||
|
kb.ignoreCasted = False
|
||||||
kb.ignoreNotFound = False
|
kb.ignoreNotFound = False
|
||||||
kb.ignoreTimeout = False
|
kb.ignoreTimeout = False
|
||||||
kb.injection = InjectionDict()
|
kb.injection = InjectionDict()
|
||||||
|
|
Loading…
Reference in New Issue
Block a user