From 8a5844a364206f0440ad5cbd8184ba6c0404acbf Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 25 Oct 2012 13:21:32 +0200
Subject: [PATCH] Implementation for an Issue #222

---
 lib/controller/checks.py | 29 +++++++++++++++++++++++++++--
 lib/core/settings.py     |  3 +++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 101a062bc..92ddbba55 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -40,6 +40,7 @@ from lib.core.common import wasLastRequestHTTPError
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.data import queries
 from lib.core.datatype import AttribDict
 from lib.core.datatype import InjectionDict
 from lib.core.enums import HEURISTIC_TEST
@@ -54,6 +55,7 @@ from lib.core.exception import sqlmapSilentQuitException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.settings import CONSTANT_RATIO
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
+from lib.core.settings import SUHOSHIN_MAX_VALUE_LENGTH
 from lib.core.settings import UNKNOWN_DBMS_VERSION
 from lib.core.settings import LOWER_RATIO_BOUND
 from lib.core.settings import UPPER_RATIO_BOUND
@@ -562,9 +564,13 @@ def checkSqlInjection(place, parameter, value):
             logger.warn(warnMsg)
 
         injection = checkFalsePositives(injection)
-        return injection
     else:
-        return None
+        injection = None
+
+    if injection:
+        checkSuhoshinPatch(injection)
+
+    return injection
 
 def checkFalsePositives(injection):
     """
@@ -617,6 +623,25 @@ def checkFalsePositives(injection):
 
     return retVal
 
+def checkSuhoshinPatch(injection):
+    """
+    Checks for existence of Suhoshin-patch (like) protection mechanism
+    """
+
+    if injection.place == PLACE.GET:
+        pushValue(kb.injection)
+
+        kb.injection = injection
+        randInt = randomInt()
+
+        if not checkBooleanExpression("%d=%s%d" % (randInt, " " * SUHOSHIN_MAX_VALUE_LENGTH, randInt)):
+            warnMsg = "parameter length constraint "
+            warnMsg += "mechanism detected (e.g. Suhoshin patch). "
+            warnMsg += "Potential problems in enumeration phase can be expected"
+            logger.warn(warnMsg)
+
+        kb.injection = popValue()
+
 def heuristicCheckSqlInjection(place, parameter):
     if kb.nullConnection:
         debugMsg = "heuristic checking skipped "
diff --git a/lib/core/settings.py b/lib/core/settings.py
index f4f76278f..471bc7f99 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -485,3 +485,6 @@ MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name="
 
 # Default POST data content-type
 DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded"
+
+# Length used while checking for existence of Suhoshin-patch (like) protection mechanism
+SUHOSHIN_MAX_VALUE_LENGTH = 512