Adding a switch --invalid-string

This commit is contained in:
Miroslav Stampar 2014-01-23 21:56:06 +01:00
parent f88f6dcd7e
commit f97fcb7bb3
5 changed files with 14 additions and 0 deletions

View File

@ -329,11 +329,14 @@ def checkSqlInjection(place, parameter, value):
# one as we are changing parameters value, which # one as we are changing parameters value, which
# will likely result in a different content # will likely result in a different content
kb.data.setdefault("randomInt", str(randomInt(10))) kb.data.setdefault("randomInt", str(randomInt(10)))
kb.data.setdefault("randomStr", str(randomStr(10)))
if conf.invalidLogical: if conf.invalidLogical:
_ = int(kb.data.randomInt[:2]) _ = int(kb.data.randomInt[:2])
origValue = "%s AND %s=%s" % (value, _, _ + 1) origValue = "%s AND %s=%s" % (value, _, _ + 1)
elif conf.invalidBignum: elif conf.invalidBignum:
origValue = kb.data.randomInt[:6] origValue = kb.data.randomInt[:6]
elif conf.invalidString:
origValue = kb.data.randomStr[:6]
else: else:
origValue = "-%s" % kb.data.randomInt[:4] origValue = "-%s" % kb.data.randomInt[:4]
templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where) templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where)

View File

@ -122,6 +122,8 @@ class Agent(object):
value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", _, _ + 1) value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", _, _ + 1)
elif conf.invalidBignum: elif conf.invalidBignum:
value = randomInt(6) value = randomInt(6)
elif conf.invalidString:
value = randomStr(6)
else: else:
if newValue.startswith("-"): if newValue.startswith("-"):
value = "" value = ""

View File

@ -72,6 +72,7 @@ optDict = {
"os": "string", "os": "string",
"invalidBignum": "boolean", "invalidBignum": "boolean",
"invalidLogical": "boolean", "invalidLogical": "boolean",
"invalidString": "boolean",
"noCast": "boolean", "noCast": "boolean",
"noEscape": "boolean", "noEscape": "boolean",
"prefix": "string", "prefix": "string",

View File

@ -239,6 +239,10 @@ def cmdLineParser():
action="store_true", action="store_true",
help="Use logical operations for invalidating values") help="Use logical operations for invalidating values")
injection.add_option("--invalid-string", dest="invalidString",
action="store_true",
help="Use random strings for invalidating values")
injection.add_option("--no-cast", dest="noCast", injection.add_option("--no-cast", dest="noCast",
action="store_true", action="store_true",
help="Turn off payload casting mechanism") help="Turn off payload casting mechanism")

View File

@ -233,6 +233,10 @@ invalidBignum = False
# Valid: True or False # Valid: True or False
invalidLogical = False invalidLogical = False
# Use random strings for invalidating values.
# Valid: True or False
invalidString = False
# Turn off payload casting mechanism # Turn off payload casting mechanism
# Valid: True or False # Valid: True or False
noCast = False noCast = False