Return a SQLiDict if there is a SQLi otherwise return None String String URL String -> (SQLiDict or None)
(
new_body: str, original_body: str, request_URL: str, injection_point: str
)
| 213 | |
| 214 | |
| 215 | def get_SQLi_data( |
| 216 | new_body: str, original_body: str, request_URL: str, injection_point: str |
| 217 | ) -> SQLiData | None: |
| 218 | """Return a SQLiDict if there is a SQLi otherwise return None |
| 219 | String String URL String -> (SQLiDict or None)""" |
| 220 | # Regexes taken from Damn Small SQLi Scanner: https://github.com/stamparm/DSSS/blob/master/dsss.py#L17 |
| 221 | DBMS_ERRORS = { |
| 222 | "MySQL": ( |
| 223 | r"SQL syntax.*MySQL", |
| 224 | r"Warning.*mysql_.*", |
| 225 | r"valid MySQL result", |
| 226 | r"MySqlClient\.", |
| 227 | ), |
| 228 | "PostgreSQL": ( |
| 229 | r"PostgreSQL.*ERROR", |
| 230 | r"Warning.*\Wpg_.*", |
| 231 | r"valid PostgreSQL result", |
| 232 | r"Npgsql\.", |
| 233 | ), |
| 234 | "Microsoft SQL Server": ( |
| 235 | r"Driver.* SQL[\-\_\ ]*Server", |
| 236 | r"OLE DB.* SQL Server", |
| 237 | r"(\W|\A)SQL Server.*Driver", |
| 238 | r"Warning.*mssql_.*", |
| 239 | r"(\W|\A)SQL Server.*[0-9a-fA-F]{8}", |
| 240 | r"(?s)Exception.*\WSystem\.Data\.SqlClient\.", |
| 241 | r"(?s)Exception.*\WRoadhouse\.Cms\.", |
| 242 | ), |
| 243 | "Microsoft Access": ( |
| 244 | r"Microsoft Access Driver", |
| 245 | r"JET Database Engine", |
| 246 | r"Access Database Engine", |
| 247 | ), |
| 248 | "Oracle": ( |
| 249 | r"\bORA-[0-9][0-9][0-9][0-9]", |
| 250 | r"Oracle error", |
| 251 | r"Oracle.*Driver", |
| 252 | r"Warning.*\Woci_.*", |
| 253 | r"Warning.*\Wora_.*", |
| 254 | ), |
| 255 | "IBM DB2": (r"CLI Driver.*DB2", r"DB2 SQL error", r"\bdb2_\w+\("), |
| 256 | "SQLite": ( |
| 257 | r"SQLite/JDBCDriver", |
| 258 | r"SQLite.Exception", |
| 259 | r"System.Data.SQLite.SQLiteException", |
| 260 | r"Warning.*sqlite_.*", |
| 261 | r"Warning.*SQLite3::", |
| 262 | r"\[SQLITE_ERROR\]", |
| 263 | ), |
| 264 | "Sybase": ( |
| 265 | r"(?i)Warning.*sybase.*", |
| 266 | r"Sybase message", |
| 267 | r"Sybase.*Server message.*", |
| 268 | ), |
| 269 | } |
| 270 | for dbms, regexes in DBMS_ERRORS.items(): |
| 271 | for regex in regexes: # type: ignore |
| 272 | if re.search(regex, new_body, re.IGNORECASE) and not re.search( |
searching dependent graphs…