Reference: http://www.wisec.it/sectou.php?id=472f952d79293
()
| 1412 | |
| 1413 | @stackedmethod |
| 1414 | def checkNullConnection(): |
| 1415 | """ |
| 1416 | Reference: http://www.wisec.it/sectou.php?id=472f952d79293 |
| 1417 | """ |
| 1418 | |
| 1419 | if conf.data: |
| 1420 | return False |
| 1421 | |
| 1422 | _ = hashDBRetrieve(HASHDB_KEYS.CHECK_NULL_CONNECTION_RESULT, True) |
| 1423 | if _ is not None: |
| 1424 | kb.nullConnection = _ |
| 1425 | |
| 1426 | if _: |
| 1427 | dbgMsg = "resuming NULL connection method '%s'" % _ |
| 1428 | logger.debug(dbgMsg) |
| 1429 | |
| 1430 | else: |
| 1431 | infoMsg = "testing NULL connection to the target URL" |
| 1432 | logger.info(infoMsg) |
| 1433 | |
| 1434 | pushValue(kb.pageCompress) |
| 1435 | kb.pageCompress = False |
| 1436 | |
| 1437 | try: |
| 1438 | page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD, raise404=False) |
| 1439 | |
| 1440 | if not page and HTTP_HEADER.CONTENT_LENGTH in (headers or {}): |
| 1441 | kb.nullConnection = NULLCONNECTION.HEAD |
| 1442 | |
| 1443 | infoMsg = "NULL connection is supported with HEAD method ('Content-Length')" |
| 1444 | logger.info(infoMsg) |
| 1445 | else: |
| 1446 | page, headers, _ = Request.getPage(auxHeaders={HTTP_HEADER.RANGE: "bytes=-1"}) |
| 1447 | |
| 1448 | if page and len(page) == 1 and HTTP_HEADER.CONTENT_RANGE in (headers or {}): |
| 1449 | kb.nullConnection = NULLCONNECTION.RANGE |
| 1450 | |
| 1451 | infoMsg = "NULL connection is supported with GET method ('Range')" |
| 1452 | logger.info(infoMsg) |
| 1453 | else: |
| 1454 | _, headers, _ = Request.getPage(skipRead=True) |
| 1455 | |
| 1456 | if HTTP_HEADER.CONTENT_LENGTH in (headers or {}): |
| 1457 | kb.nullConnection = NULLCONNECTION.SKIP_READ |
| 1458 | |
| 1459 | infoMsg = "NULL connection is supported with 'skip-read' method" |
| 1460 | logger.info(infoMsg) |
| 1461 | |
| 1462 | except SqlmapConnectionException: |
| 1463 | pass |
| 1464 | |
| 1465 | finally: |
| 1466 | kb.pageCompress = popValue() |
| 1467 | kb.nullConnection = False if kb.nullConnection is None else kb.nullConnection |
| 1468 | hashDBWrite(HASHDB_KEYS.CHECK_NULL_CONNECTION_RESULT, kb.nullConnection, True) |
| 1469 | |
| 1470 | return kb.nullConnection in getPublicTypeMembers(NULLCONNECTION, True) |
| 1471 |
no test coverage detected
searching dependent graphs…