MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / heuristicCheckSqlInjection

Function heuristicCheckSqlInjection

lib/controller/checks.py:1028–1155  ·  view source on GitHub ↗
(place, parameter)

Source from the content-addressed store, hash-verified

1026 kb.injection = popValue()
1027
1028def heuristicCheckSqlInjection(place, parameter):
1029 if conf.skipHeuristics:
1030 return None
1031
1032 origValue = conf.paramDict[place][parameter]
1033 paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
1034
1035 prefix = ""
1036 suffix = ""
1037 randStr = ""
1038
1039 if conf.prefix or conf.suffix:
1040 if conf.prefix:
1041 prefix = conf.prefix
1042
1043 if conf.suffix:
1044 suffix = conf.suffix
1045
1046 while randStr.count('\'') != 1 or randStr.count('\"') != 1:
1047 randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)
1048
1049 kb.heuristicMode = True
1050
1051 payload = "%s%s%s" % (prefix, randStr, suffix)
1052 payload = agent.payload(place, parameter, newValue=payload)
1053 page, _, code = Request.queryPage(payload, place, content=True, raise404=False)
1054
1055 kb.heuristicPage = page
1056 kb.heuristicCode = code
1057 kb.heuristicMode = False
1058
1059 parseFilePaths(page)
1060 result = wasLastResponseDBMSError()
1061
1062 infoMsg = "heuristic (basic) test shows that %sparameter '%s' might " % ("%s " % paramType if paramType != parameter else "", parameter)
1063
1064 def _(page):
1065 return any(_ in (page or "") for _ in FORMAT_EXCEPTION_STRINGS)
1066
1067 casting = _(page) and not _(kb.originalPage)
1068
1069 if not casting and not result and kb.dynamicParameter and origValue.isdigit() and not kb.heavilyDynamic:
1070 randInt = int(randomInt())
1071 payload = "%s%s%s" % (prefix, "%d-%d" % (int(origValue) + randInt, randInt), suffix)
1072 payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
1073 result = Request.queryPage(payload, place, raise404=False)
1074
1075 if not result:
1076 randStr = randomStr()
1077 payload = "%s%s%s" % (prefix, "%s.%d%s" % (origValue, random.randint(1, 9), randStr), suffix)
1078 payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
1079 casting = Request.queryPage(payload, place, raise404=False)
1080
1081 kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE
1082
1083 if kb.heavilyDynamic:
1084 debugMsg = "heuristic check stopped because of heavy dynamicity"
1085 logger.debug(debugMsg)

Callers 1

startFunction · 0.90

Calls 14

randomStrFunction · 0.90
parseFilePathsFunction · 0.90
wasLastResponseDBMSErrorFunction · 0.90
randomIntFunction · 0.90
readInputFunction · 0.90
beepFunction · 0.90
getSafeExStringFunction · 0.90
payloadMethod · 0.80
queryPageMethod · 0.80
debugMethod · 0.80
infoMethod · 0.80
_Function · 0.70

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…