update regarding error parsing (and reporting)

This commit is contained in:
Miroslav Stampar 2010-11-16 10:42:42 +00:00
parent 71cb982039
commit 6ef3846400
6 changed files with 32 additions and 8 deletions

View File

@ -20,7 +20,7 @@ from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import showStaticWords from lib.core.common import showStaticWords
from lib.core.common import wasLastRequestError from lib.core.common import wasLastRequestDBMSError
from lib.core.common import DynamicContentItem from lib.core.common import DynamicContentItem
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -128,7 +128,7 @@ def heuristicCheckSqlInjection(place, parameter, value):
payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix) payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
payload = agent.payload(place, parameter, value, payload) payload = agent.payload(place, parameter, value, payload)
Request.queryPage(payload, place, raise404=False) Request.queryPage(payload, place, raise404=False)
result = wasLastRequestError() result = wasLastRequestDBMSError()
infoMsg = "(error based) heuristics shows that %s " % place infoMsg = "(error based) heuristics shows that %s " % place
infoMsg += "parameter '%s' is " % parameter infoMsg += "parameter '%s' is " % parameter

View File

@ -1505,13 +1505,28 @@ def popValue():
return kb.valueStack.pop() return kb.valueStack.pop()
def wasLastRequestError(): def wasLastRequestDBMSError():
""" """
Returns True if the last web request resulted in a (recognized) DBMS error page Returns True if the last web request resulted in a (recognized) DBMS error page
""" """
return kb.lastErrorPage and kb.lastErrorPage[0]==kb.lastRequestUID return kb.lastErrorPage and kb.lastErrorPage[0]==kb.lastRequestUID
def extractErrorMessage(page):
"""
Returns reported error message from page if it founds one
"""
retVal = None
for regex in (r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s+(?P<result>.+)<br\s*/?\s*>", r"<li>Error Type:<br>(?P<result>.+?)</li>"):
match = re.search(regex, page, re.DOTALL | re.IGNORECASE)
if match:
retVal = htmlunescape(match.group("result"))
break
return retVal
def beep(): def beep():
""" """
Does an audible beep sound Does an audible beep sound

View File

@ -513,6 +513,10 @@ def cmdLineParser():
action="store_true", default=False, action="store_true", default=False,
help="Alert with audio beep when sql injection found") help="Alert with audio beep when sql injection found")
miscellaneous.add_option("--parse-errors", dest="parseErrors",
action="store_true", default=False,
help="Try to parse and report error messages")
# Hidden and/or experimental options # Hidden and/or experimental options
parser.add_option("--profile", dest="profile", action="store_true", parser.add_option("--profile", dest="profile", action="store_true",
default=False, help=SUPPRESS_HELP) default=False, help=SUPPRESS_HELP)

View File

@ -11,7 +11,7 @@ import re
from difflib import SequenceMatcher from difflib import SequenceMatcher
from lib.core.common import wasLastRequestError from lib.core.common import wasLastRequestDBMSError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -54,7 +54,7 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
return re.search(conf.regexp, page, re.I | re.M) is not None return re.search(conf.regexp, page, re.I | re.M) is not None
# In case of an DBMS error page return None # In case of an DBMS error page return None
if wasLastRequestError(): if wasLastRequestDBMSError():
return None return None
# Dynamic content lines to be excluded before comparison # Dynamic content lines to be excluded before comparison

View File

@ -17,10 +17,11 @@ import traceback
from lib.contrib import multipartpost from lib.contrib import multipartpost
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import readInput from lib.core.common import extractErrorMessage
from lib.core.common import getFilteredPageContent from lib.core.common import getFilteredPageContent
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import logHTTPTraffic from lib.core.common import logHTTPTraffic
from lib.core.common import readInput
from lib.core.convert import urlencode from lib.core.convert import urlencode
from lib.core.common import urlEncodeCookieValues from lib.core.common import urlEncodeCookieValues
from lib.core.data import conf from lib.core.data import conf
@ -219,6 +220,10 @@ class Connect:
responseHeaders = conn.info() responseHeaders = conn.info()
page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type")) page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type"))
msg = extractErrorMessage(page)
if msg and conf.parseErrors:
logger.error("error message: '%s'" % msg)
except urllib2.HTTPError, e: except urllib2.HTTPError, e:
code = e.code code = e.code
status = e.msg status = e.msg

View File

@ -15,7 +15,7 @@ from lib.core.common import formatFingerprint
from lib.core.common import getHtmlErrorFp from lib.core.common import getHtmlErrorFp
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import wasLastRequestError from lib.core.common import wasLastRequestDBMSError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -99,7 +99,7 @@ class Fingerprint(GenericFingerprint):
payload = agent.payload(newValue=query) payload = agent.payload(newValue=query)
page = Request.queryPage(payload, content=True) page = Request.queryPage(payload, content=True)
if wasLastRequestError(): if wasLastRequestDBMSError():
match = re.search("Could not find file\s+'([^']+?)'", page[0]) match = re.search("Could not find file\s+'([^']+?)'", page[0])
if match: if match: