update regarding error parsing (and reporting)

2025-01-23 15:54:24 +03:00 · 2010-11-16 10:42:42 +00:00 · 2010-11-16 10:42:42 +00:00 · 6ef3846400
commit 6ef3846400
parent 71cb982039
6 changed files with 32 additions and 8 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -20,7 +20,7 @@ from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import showStaticWords
-from lib.core.common import wasLastRequestError
+from lib.core.common import wasLastRequestDBMSError
 from lib.core.common import DynamicContentItem
 from lib.core.data import conf
 from lib.core.data import kb
@ -128,7 +128,7 @@ def heuristicCheckSqlInjection(place, parameter, value):
    payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
    payload = agent.payload(place, parameter, value, payload)
    Request.queryPage(payload, place, raise404=False)
-    result = wasLastRequestError()
+    result = wasLastRequestDBMSError()

    infoMsg  = "(error based) heuristics shows that %s " % place
    infoMsg += "parameter '%s' is " % parameter
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1505,13 +1505,28 @@ def popValue():

    return kb.valueStack.pop()

-def wasLastRequestError():
+def wasLastRequestDBMSError():
    """
    Returns True if the last web request resulted in a (recognized) DBMS error page
    """

    return kb.lastErrorPage and kb.lastErrorPage[0]==kb.lastRequestUID

+def extractErrorMessage(page):
+    """
+    Returns reported error message from page if it founds one
+    """
+
+    retVal = None
+
+    for regex in (r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s+(?P<result>.+)<br\s*/?\s*>", r"<li>Error Type:<br>(?P<result>.+?)</li>"):
+        match = re.search(regex, page, re.DOTALL | re.IGNORECASE)
+        if match:
+            retVal = htmlunescape(match.group("result"))
+            break
+
+    return retVal
+
 def beep():
    """
    Does an audible beep sound
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -513,6 +513,10 @@ def cmdLineParser():
                                 action="store_true", default=False,
                                 help="Alert with audio beep when sql injection found")

+        miscellaneous.add_option("--parse-errors", dest="parseErrors",
+                             action="store_true", default=False,
+                             help="Try to parse and report error messages")
+
        # Hidden and/or experimental options
        parser.add_option("--profile", dest="profile", action="store_true",
                          default=False, help=SUPPRESS_HELP)
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -11,7 +11,7 @@ import re

 from difflib import SequenceMatcher

-from lib.core.common import wasLastRequestError
+from lib.core.common import wasLastRequestDBMSError
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -54,7 +54,7 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
            return re.search(conf.regexp, page, re.I | re.M) is not None

        # In case of an DBMS error page return None
-        if wasLastRequestError():
+        if wasLastRequestDBMSError():
            return None

        # Dynamic content lines to be excluded before comparison
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -17,10 +17,11 @@ import traceback

 from lib.contrib import multipartpost
 from lib.core.agent import agent
-from lib.core.common import readInput
+from lib.core.common import extractErrorMessage
 from lib.core.common import getFilteredPageContent
 from lib.core.common import getUnicode
 from lib.core.common import logHTTPTraffic
+from lib.core.common import readInput
 from lib.core.convert import urlencode
 from lib.core.common import urlEncodeCookieValues
 from lib.core.data import conf
@ -219,6 +220,10 @@ class Connect:
            responseHeaders = conn.info()
            page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type"))

+            msg = extractErrorMessage(page)
+            if msg and conf.parseErrors:
+                logger.error("error message: '%s'" % msg)
+
        except urllib2.HTTPError, e:
            code = e.code
            status = e.msg
--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@ -15,7 +15,7 @@ from lib.core.common import formatFingerprint
 from lib.core.common import getHtmlErrorFp
 from lib.core.common import randomInt
 from lib.core.common import randomStr
-from lib.core.common import wasLastRequestError
+from lib.core.common import wasLastRequestDBMSError
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -99,7 +99,7 @@ class Fingerprint(GenericFingerprint):
        payload = agent.payload(newValue=query)
        page  = Request.queryPage(payload, content=True)

-        if wasLastRequestError():
+        if wasLastRequestDBMSError():
            match = re.search("Could not find file\s+'([^']+?)'", page[0])

            if match: