some updates

2025-12-07 05:01:30 +00:00 · 2010-10-11 12:26:35 +00:00
parent 8b0a132fa9
commit 43892cddbb
6 changed files with 31 additions and 5 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -96,6 +96,28 @@ def checkSqlInjection(place, parameter, value, parenthesis):

    return None

+def heuristicCheckSqlInjection(place, parameter, value):
+    prefix = ""
+    postfix = ""
+
+    if conf.prefix or conf.postfix:
+        if conf.prefix:
+            prefix = conf.prefix
+
+        if conf.postfix:
+            postfix = conf.postfix
+
+    payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
+    Request.queryPage(payload, place)
+    result = kb.lastErrorPage and kb.lastErrorPage[0]==kb.lastRequestUID
+    infoMsg = "heuristics show that %s parameter '%s' is " % (place, parameter)
+    if result:
+        infoMsg += "injectable"
+        logger.info(infoMsg)
+    else:
+        infoMsg += "not injectable"
+        logger.warning(infoMsg)
+
 def checkDynParam(place, parameter, value):
    """
    This function checks if the url parameter is dynamic. If it is
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 from lib.controller.action import action
 from lib.controller.checks import checkSqlInjection
+from lib.controller.checks import heuristicCheckSqlInjection
 from lib.controller.checks import checkDynParam
 from lib.controller.checks import checkStability
 from lib.controller.checks import checkString
@@ -232,6 +233,7 @@ def start():
                        kb.testedParams.add(paramKey)

                        if testSqlInj:
+                            heuristicCheckSqlInjection(place, parameter, value)
                            for parenthesis in range(0, 4):
                                logMsg  = "testing sql injection on %s " % place
                                logMsg += "parameter '%s' with " % parameter