(place, parameter, value)
| 106 | from thirdparty.six.moves import http_client as _http_client |
| 107 | |
| 108 | def checkSqlInjection(place, parameter, value): |
| 109 | # Store here the details about boundaries and payload used to |
| 110 | # successfully inject |
| 111 | injection = InjectionDict() |
| 112 | |
| 113 | # Localized thread data needed for some methods |
| 114 | threadData = getCurrentThreadData() |
| 115 | |
| 116 | # Favoring non-string specific boundaries in case of digit-like parameter values |
| 117 | if isDigit(value): |
| 118 | kb.cache.intBoundaries = kb.cache.intBoundaries or sorted(copy.deepcopy(conf.boundaries), key=lambda boundary: any(_ in (boundary.prefix or "") or _ in (boundary.suffix or "") for _ in ('"', '\''))) |
| 119 | boundaries = kb.cache.intBoundaries |
| 120 | elif value.isalpha(): |
| 121 | kb.cache.alphaBoundaries = kb.cache.alphaBoundaries or sorted(copy.deepcopy(conf.boundaries), key=lambda boundary: not any(_ in (boundary.prefix or "") or _ in (boundary.suffix or "") for _ in ('"', '\''))) |
| 122 | boundaries = kb.cache.alphaBoundaries |
| 123 | else: |
| 124 | boundaries = conf.boundaries |
| 125 | |
| 126 | # Set the flag for SQL injection test mode |
| 127 | kb.testMode = True |
| 128 | |
| 129 | paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place |
| 130 | tests = getSortedInjectionTests() |
| 131 | seenPayload = set() |
| 132 | |
| 133 | kb.data.setdefault("randomInt", str(randomInt(10))) |
| 134 | kb.data.setdefault("randomStr", str(randomStr(10))) |
| 135 | |
| 136 | while tests: |
| 137 | test = tests.pop(0) |
| 138 | |
| 139 | try: |
| 140 | if kb.endDetection: |
| 141 | break |
| 142 | |
| 143 | if conf.dbms is None: |
| 144 | # If the DBMS has not yet been fingerprinted (via simple heuristic check |
| 145 | # or via DBMS-specific payload) and boolean-based blind has been identified |
| 146 | # then attempt to identify with a simple DBMS specific boolean-based |
| 147 | # test what the DBMS may be |
| 148 | if not injection.dbms and PAYLOAD.TECHNIQUE.BOOLEAN in injection.data: |
| 149 | if not Backend.getIdentifiedDbms() and kb.heuristicDbms is None and not kb.droppingRequests: |
| 150 | kb.heuristicDbms = heuristicCheckDbms(injection) |
| 151 | |
| 152 | # If the DBMS has already been fingerprinted (via DBMS-specific |
| 153 | # error message, simple heuristic check or via DBMS-specific |
| 154 | # payload), ask the user to limit the tests to the fingerprinted |
| 155 | # DBMS |
| 156 | |
| 157 | if kb.reduceTests is None and not conf.testFilter and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or kb.heuristicDbms or injection.dbms): |
| 158 | msg = "it looks like the back-end DBMS is '%s'. " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or joinValue(injection.dbms, '/')) |
| 159 | msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]" |
| 160 | kb.reduceTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y', boolean=True) else [] |
| 161 | |
| 162 | # If the DBMS has been fingerprinted (via DBMS-specific error |
| 163 | # message, via simple heuristic check or via DBMS-specific |
| 164 | # payload), ask the user to extend the tests to all DBMS-specific, |
| 165 | # regardless of --level and --risk values provided |
no test coverage detected
searching dependent graphs…