Implementation for an Issue #222

2025-02-03 13:14:13 +03:00 · 2012-10-25 13:21:32 +02:00 · 2012-10-25 13:21:32 +02:00 · 8a5844a364
commit 8a5844a364
parent ba55bed008
2 changed files with 30 additions and 2 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -40,6 +40,7 @@ from lib.core.common import wasLastRequestHTTPError
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.data import queries
 from lib.core.datatype import AttribDict
 from lib.core.datatype import InjectionDict
 from lib.core.enums import HEURISTIC_TEST
@ -54,6 +55,7 @@ from lib.core.exception import sqlmapSilentQuitException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.settings import CONSTANT_RATIO
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
+from lib.core.settings import SUHOSHIN_MAX_VALUE_LENGTH
 from lib.core.settings import UNKNOWN_DBMS_VERSION
 from lib.core.settings import LOWER_RATIO_BOUND
 from lib.core.settings import UPPER_RATIO_BOUND
@ -562,9 +564,13 @@ def checkSqlInjection(place, parameter, value):
            logger.warn(warnMsg)

        injection = checkFalsePositives(injection)
-        return injection
    else:
-        return None
+        injection = None
+
+    if injection:
+        checkSuhoshinPatch(injection)
+
+    return injection

 def checkFalsePositives(injection):
    """
@ -617,6 +623,25 @@ def checkFalsePositives(injection):

    return retVal

+def checkSuhoshinPatch(injection):
+    """
+    Checks for existence of Suhoshin-patch (like) protection mechanism
+    """
+
+    if injection.place == PLACE.GET:
+        pushValue(kb.injection)
+
+        kb.injection = injection
+        randInt = randomInt()
+
+        if not checkBooleanExpression("%d=%s%d" % (randInt, " " * SUHOSHIN_MAX_VALUE_LENGTH, randInt)):
+            warnMsg = "parameter length constraint "
+            warnMsg += "mechanism detected (e.g. Suhoshin patch). "
+            warnMsg += "Potential problems in enumeration phase can be expected"
+            logger.warn(warnMsg)
+
+        kb.injection = popValue()
+
 def heuristicCheckSqlInjection(place, parameter):
    if kb.nullConnection:
        debugMsg = "heuristic checking skipped "
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -485,3 +485,6 @@ MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name="

 # Default POST data content-type
 DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded"
+
+# Length used while checking for existence of Suhoshin-patch (like) protection mechanism
+SUHOSHIN_MAX_VALUE_LENGTH = 512