Proper saving and resuming when more than a parameter are injectable.

Minor bug fix to --stacked-test
Minor code refactoring.
This commit is contained in:
Bernardo Damele 2010-11-29 01:04:42 +00:00
parent 75f7df75b6
commit 9d7087e2ff
6 changed files with 89 additions and 63 deletions

View File

@ -288,7 +288,7 @@ def checkSqlInjection(place, parameter, value):
injection.prefix = prefix
injection.suffix = suffix
injection.data[stype] = (title, where, comment, boundPayload)
injection.data[stype] = (boundPayload, comment)
if "details" in test:
for detailKey, detailValue in test.details.items():

View File

@ -47,11 +47,13 @@ from lib.core.target import setupTargetEnv
def __saveToSessionFile():
for inj in kb.injections:
setInjection(inj)
place = inj.place
parameter = inj.parameter
for stype, sdata in inj.data.items():
payload = sdata[3]
payload = sdata[0]
if stype == 1:
kb.booleanTest = payload
@ -66,15 +68,11 @@ def __saveToSessionFile():
kb.timeTest = payload
setTimeBased(place, parameter, payload)
setInjection(inj)
def __selectInjection():
"""
Selection function for injection place, parameters and type.
"""
# TODO: when resume from session file, feed kb.injections and call
# __selectInjection()
points = []
for i in xrange(0, len(kb.injections)):
@ -103,9 +101,10 @@ def __selectInjection():
if point not in points:
points.append(point)
ptype = PAYLOAD.PARAMETER[ptype] if isinstance(ptype, int) else ptype
message += "[%d] place: %s, parameter: " % (i, place)
message += "%s, type: %s" % (parameter, PAYLOAD.PARAMETER[ptype])
message += "%s, type: %s" % (parameter, ptype)
if i == 0:
message += " (default)"
@ -130,8 +129,9 @@ def __formatInjection(inj):
data += "Parameter: %s\n" % inj.parameter
for stype, sdata in inj.data.items():
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
data += " Payload: %s\n\n" % sdata[3]
stype = PAYLOAD.SQLINJECTION[stype] if isinstance(stype, int) else stype
data += " Type: %s\n" % stype
data += " Payload: %s\n\n" % sdata[0]
return data

View File

@ -44,6 +44,7 @@ from lib.core.data import logger
from lib.core.data import paths
from lib.core.data import queries
from lib.core.datatype import advancedDict
from lib.core.datatype import injectionDict
from lib.core.enums import HTTPMETHOD
from lib.core.enums import PRIORITY
from lib.core.exception import sqlmapFilePathException
@ -1146,7 +1147,7 @@ def __setKnowledgeBaseAttributes():
kb.headersFp = {}
kb.hintValue = None
kb.htmlFp = []
kb.injection = advancedDict()
kb.injection = injectionDict()
kb.injection.parameter = None
kb.injection.place = None
kb.injections = []

View File

@ -15,6 +15,7 @@ from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.datatype import injectionDict
from lib.core.enums import PAYLOAD
from lib.core.enums import PLACE
from lib.core.settings import MSSQL_ALIASES
@ -89,14 +90,17 @@ def setInjection(inj):
)
if condition:
for stype in inj.data.keys():
dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.SQLINJECTION[stype]))
dataToSessionFile("[%s][%s][%s][Injection point][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.place))
dataToSessionFile("[%s][%s][%s][Injection parameter][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.parameter))
dataToSessionFile("[%s][%s][%s][Injection parameter type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.PARAMETER[inj.ptype]))
dataToSessionFile("[%s][%s][%s][Injection prefix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.prefix))
dataToSessionFile("[%s][%s][%s][Injection suffix][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), inj.suffix))
for stype, sdata in inj.data.items():
dataToSessionFile("[%s][%s][%s][Injection type][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), PAYLOAD.SQLINJECTION[stype]))
dataToSessionFile("[%s][%s][%s][Injection payload][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[0]))
dataToSessionFile("[%s][%s][%s][Injection comment][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), sdata[1]))
def setDbms(dbms):
"""
@param dbms: database management system to be set into the knowledge
@ -354,12 +358,6 @@ def resumeConfKb(expression, url, value):
except ValueError:
pass
elif expression == "Injection type" and url == conf.url:
kb.injection.stype = unSafeFormatString(value[:-1])
logMsg = "resuming injection type '%s' from session file" % kb.injection.stype
logger.info(logMsg)
elif expression == "Injection point" and url == conf.url:
injPlace = value[:-1]
@ -373,6 +371,10 @@ def resumeConfKb(expression, url, value):
warnMsg += "injectable point"
logger.warn(warnMsg)
else:
if kb.injection.place is not None:
kb.injections.append(kb.injection)
kb.injection = injectionDict()
kb.injection.place = injPlace
elif expression == "Injection parameter" and url == conf.url:
@ -413,6 +415,55 @@ def resumeConfKb(expression, url, value):
logMsg = "resuming injection suffix '%s' from session file" % kb.injection.suffix
logger.info(logMsg)
elif expression == "Injection type" and url == conf.url:
stype = unSafeFormatString(value[:-1])
kb.injection.data[stype] = []
logMsg = "resuming injection type '%s' from session file" % stype
logger.info(logMsg)
elif expression == "Injection payload" and url == conf.url:
payload = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(payload)
logMsg = "resuming injection payload '%s' from session file" % payload
logger.info(logMsg)
elif expression == "Injection comment" and url == conf.url:
comment = unSafeFormatString(value[:-1])
kb.injection.data[kb.injection.data.keys()[0]].append(comment)
logMsg = "resuming injection comment '%s' from session file" % comment
logger.info(logMsg)
elif expression == "Boolean-based blind injection" and url == conf.url:
kb.booleanTest = unSafeFormatString(value[:-1])
logMsg = "resuming boolean-based blind injection "
logMsg += "'%s' from session file" % kb.booleanTest
logger.info(logMsg)
elif expression == "Error-based injection" and url == conf.url:
kb.errorTest = unSafeFormatString(value[:-1])
logMsg = "resuming error-based injection "
logMsg += "'%s' from session file" % kb.errorTest
logger.info(logMsg)
elif expression == "Stacked queries" and url == conf.url:
kb.stackedTest = unSafeFormatString(value[:-1])
logMsg = "resuming stacked queries syntax "
logMsg += "'%s' from session file" % kb.stackedTest
logger.info(logMsg)
elif expression == "Time-based blind injection" and url == conf.url:
kb.timeTest = unSafeFormatString(value[:-1])
logMsg = "resuming time-based blind injection "
logMsg += "'%s' from session file" % kb.timeTest
logger.info(logMsg)
elif expression == "DBMS" and url == conf.url:
dbms = unSafeFormatString(value[:-1])
dbms = dbms.lower()
@ -468,34 +519,6 @@ def resumeConfKb(expression, url, value):
else:
conf.os = os
elif expression == "Boolean-based blind injection" and url == conf.url:
kb.booleanTest = unSafeFormatString(value[:-1])
logMsg = "resuming boolean-based blind injection "
logMsg += "'%s' from session file" % kb.booleanTest
logger.info(logMsg)
elif expression == "Error-based injection" and url == conf.url:
kb.errorTest = unSafeFormatString(value[:-1])
logMsg = "resuming error-based injection "
logMsg += "'%s' from session file" % kb.errorTest
logger.info(logMsg)
elif expression == "Stacked queries" and url == conf.url:
kb.stackedTest = unSafeFormatString(value[:-1])
logMsg = "resuming stacked queries syntax "
logMsg += "'%s' from session file" % kb.stackedTest
logger.info(logMsg)
elif expression == "Time-based blind injection" and url == conf.url:
kb.timeTest = unSafeFormatString(value[:-1])
logMsg = "resuming time-based blind injection "
logMsg += "'%s' from session file" % kb.timeTest
logger.info(logMsg)
elif expression == "Union comment" and url == conf.url:
kb.unionComment = unSafeFormatString(value[:-1])

View File

@ -173,6 +173,7 @@ def __setOutputResume():
elif len(value) >= len(kb.resumedQueries[url][expression]):
kb.resumedQueries[url][expression] = value
kb.injections.append(kb.injection)
readSessionFP.close()
else:
try:

View File

@ -47,6 +47,7 @@ def stackedTest():
kb.stackedTest = False
setStacked()
if kb.stackedTest:
setStacked(kb.injection.place, kb.injection.parameter, payload)
return kb.stackedTest