From 8a5042b6a461682481c265d3d26c7f1d81ca7995 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 22 Aug 2012 11:56:30 +0200
Subject: [PATCH] Update for an #161 (preventing further skipping of
non-heuristic parameters in ignore casted case)
---
lib/controller/checks.py | 7 ++++---
lib/controller/controller.py | 7 ++++---
lib/core/common.py | 3 ++-
lib/core/enums.py | 5 +++++
4 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index de16f522a..ea4ad640d 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -41,6 +41,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.datatype import AttribDict
from lib.core.datatype import InjectionDict
+from lib.core.enums import HEURISTIC_TEST
from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD
from lib.core.enums import NULLCONNECTION
@@ -648,8 +649,6 @@ def heuristicCheckSqlInjection(place, parameter):
payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
casting = Request.queryPage(payload, place, raise404=False)
- kb.heuristicTest = result
-
if result:
infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
logger.info(infoMsg)
@@ -666,7 +665,9 @@ def heuristicCheckSqlInjection(place, parameter):
message = "do you want to skip those kind of cases (and save scanning time)? [Y/n] "
kb.ignoreCasted = readInput(message, default='Y').upper() != 'N'
- return result
+ kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE
+
+ return kb.heuristicTest
def checkDynParam(place, parameter, value):
"""
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 5506f5b81..760e21e46 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -36,6 +36,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import HASHDB_KEYS
+from lib.core.enums import HEURISTIC_TEST
from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD
from lib.core.enums import PAYLOAD
@@ -453,8 +454,8 @@ def start():
if testSqlInj:
check = heuristicCheckSqlInjection(place, parameter)
- if not check:
- if conf.smart or kb.ignoreCasted:
+ if check != HEURISTIC_TEST.POSITIVE:
+ if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
infoMsg = "skipping %s parameter '%s'" % (place, parameter)
logger.info(infoMsg)
continue
@@ -517,7 +518,7 @@ def start():
errMsg += "of comparison engine to detect at least "
errMsg += "one dynamic parameter)."
- if kb.heuristicTest:
+ if kb.heuristicTest == HEURISTIC_TEST.POSITIVE:
errMsg += " As heuristic test turned out positive you are "
errMsg += "strongly advised to continue on with the tests. "
errMsg += "Please, consider usage of tampering scripts as "
diff --git a/lib/core/common.py b/lib/core/common.py
index 0ac0815dd..a4777ba48 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -61,6 +61,7 @@ from lib.core.dicts import SQL_STATEMENTS
from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
+from lib.core.enums import HEURISTIC_TEST
from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD
from lib.core.enums import OS
@@ -197,7 +198,7 @@ class Format:
htmlParsed = None
- if len(kb.htmlFp) == 0 or kb.heuristicTest is None:
+ if len(kb.htmlFp) == 0 or kb.heuristicTest != HEURISTIC_TEST.POSITIVE:
pass
elif len(kb.htmlFp) == 1:
htmlParsed = kb.htmlFp[0]
diff --git a/lib/core/enums.py b/lib/core/enums.py
index 1c0ddcd26..f645b0733 100644
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@@ -86,6 +86,11 @@ class CHARSET_TYPE:
ALPHA = 4,
ALPHANUM = 5
+class HEURISTIC_TEST:
+ CASTED = 1,
+ NEGATIVE = 2,
+ POSITIVE = 3
+
class HASH:
MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'
MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z'