sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-29 17:33:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Better reporting on filtered-chars cases

Browse Source
This commit is contained in:
Miroslav Stampar 2014-08-20 01:11:26 +02:00
parent c12e51173a
commit ebc964267f
1 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
lib/controller/checks.py
View File

@ -619,6 +619,7 @@ def checkSqlInjection(place, parameter, value):
if injection: if injection:
checkSuhosinPatch(injection) checkSuhosinPatch(injection)
checkFilteredChars(injection)
return injection return injection
@ -668,8 +669,6 @@ def checkFalsePositives(injection):
kb.injection = injection kb.injection = injection
# Simple arithmetic operations which should show basic
# arithmetic ability of the backend if it's really injectable
for i in xrange(conf.level): for i in xrange(conf.level):
randInt1, randInt2, randInt3 = (_() for j in xrange(3)) randInt1, randInt2, randInt3 = (_() for j in xrange(3))
@ -690,27 +689,20 @@ def checkFalsePositives(injection):
if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data: if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data:
checkBooleanExpression("%d=%d" % (randInt1, randInt2)) checkBooleanExpression("%d=%d" % (randInt1, randInt2))
if checkBooleanExpression("%d>%d" % (randInt1, randInt2)): if checkBooleanExpression("%d=%d" % (randInt1, randInt3)):
retVal = None retVal = None
break break
elif checkBooleanExpression("%d>%d" % (randInt2, randInt3)): elif checkBooleanExpression("%d=%d" % (randInt3, randInt2)):
retVal = None retVal = None
break break
elif not checkBooleanExpression("%d>%d" % (randInt3, randInt1)): elif not checkBooleanExpression("%d=%d" % (randInt2, randInt2)):
retVal = None retVal = None
break break
if retVal is None: if retVal is None:
warnMsg = "false positive or unexploitable injection point detected" warnMsg = "false positive injection point detected"
logger.warn(warnMsg)
if PAYLOAD.TECHNIQUE.BOOLEAN in injection.data:
if all(_.__name__ != "between" for _ in kb.tamperFunctions):
warnMsg = "there is a possibility that the character '>' is "
warnMsg += "filtered by the back-end server. You can try "
warnMsg += "to rerun with '--tamper=between'"
logger.warn(warnMsg) logger.warn(warnMsg)
kb.injection = popValue() kb.injection = popValue()
@ -736,6 +728,27 @@ def checkSuhosinPatch(injection):
kb.injection = popValue() kb.injection = popValue()
def checkFilteredChars(injection):
pushValue(kb.injection)
kb.injection = injection
randInt = randomInt()
if not checkBooleanExpression("(%d)=%d" % (randInt, randInt)):
warnMsg = "it appears that some non-alphanumeric characters (i.e. ()) are "
warnMsg += "filtered by the back-end server. There is a strong "
warnMsg += "possibility that sqlmap won't be able to properly "
warnMsg += "exploit this vulnerability"
logger.critical(warnMsg)
if not checkBooleanExpression("%d>%d" % (randInt+1, randInt)):
warnMsg = "it appears that the character '>' is "
warnMsg += "filtered by the back-end server. You are strongly "
warnMsg += "advised to rerun with the '--tamper=between'"
logger.warn(warnMsg)
kb.injection = popValue()
def heuristicCheckSqlInjection(place, parameter): def heuristicCheckSqlInjection(place, parameter):
if kb.nullConnection: if kb.nullConnection:
debugMsg = "heuristic check skipped " debugMsg = "heuristic check skipped "