sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-30 09:53:05 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementation for an Issue #222

Browse Source
This commit is contained in:
Miroslav Stampar 2012-10-25 13:21:32 +02:00
parent ba55bed008
commit 8a5844a364
2 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/controller/checks.py
View File

@ -40,6 +40,7 @@ from lib.core.common import wasLastRequestHTTPError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import queries
from lib.core.datatype import AttribDict from lib.core.datatype import AttribDict
from lib.core.datatype import InjectionDict from lib.core.datatype import InjectionDict
from lib.core.enums import HEURISTIC_TEST from lib.core.enums import HEURISTIC_TEST
@ -54,6 +55,7 @@ from lib.core.exception import sqlmapSilentQuitException
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import sqlmapUserQuitException
from lib.core.settings import CONSTANT_RATIO from lib.core.settings import CONSTANT_RATIO
from lib.core.settings import FORMAT_EXCEPTION_STRINGS from lib.core.settings import FORMAT_EXCEPTION_STRINGS
from lib.core.settings import SUHOSHIN_MAX_VALUE_LENGTH
from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import UNKNOWN_DBMS_VERSION
from lib.core.settings import LOWER_RATIO_BOUND from lib.core.settings import LOWER_RATIO_BOUND
from lib.core.settings import UPPER_RATIO_BOUND from lib.core.settings import UPPER_RATIO_BOUND
@ -562,9 +564,13 @@ def checkSqlInjection(place, parameter, value):
logger.warn(warnMsg) logger.warn(warnMsg)
injection = checkFalsePositives(injection) injection = checkFalsePositives(injection)
return injection
else: else:
return None injection = None
if injection:
checkSuhoshinPatch(injection)
return injection
def checkFalsePositives(injection): def checkFalsePositives(injection):
""" """
@ -617,6 +623,25 @@ def checkFalsePositives(injection):
return retVal return retVal
def checkSuhoshinPatch(injection):
"""
Checks for existence of Suhoshin-patch (like) protection mechanism
"""
if injection.place == PLACE.GET:
pushValue(kb.injection)
kb.injection = injection
randInt = randomInt()
if not checkBooleanExpression("%d=%s%d" % (randInt, " " * SUHOSHIN_MAX_VALUE_LENGTH, randInt)):
warnMsg = "parameter length constraint "
warnMsg += "mechanism detected (e.g. Suhoshin patch). "
warnMsg += "Potential problems in enumeration phase can be expected"
logger.warn(warnMsg)
kb.injection = popValue()
def heuristicCheckSqlInjection(place, parameter): def heuristicCheckSqlInjection(place, parameter):
if kb.nullConnection: if kb.nullConnection:
debugMsg = "heuristic checking skipped " debugMsg = "heuristic checking skipped "

3
lib/core/settings.py
View File

@ -485,3 +485,6 @@ MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name="
# Default POST data content-type # Default POST data content-type
DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded" DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded"
# Length used while checking for existence of Suhoshin-patch (like) protection mechanism
SUHOSHIN_MAX_VALUE_LENGTH = 512