Python SQLMapWrapper.SQLMapWrapper Beispiele

Beispiel #1

Datei: test_sqlmap_wrapper.py Projekt: chenbremer/w3af-1

    def setUp(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)

        self.uri_opener = ExtendedUrllib()

        self.sqlmap = SQLMapWrapper(target, self.uri_opener, debug=True)

Beispiel #2

Datei: test_sqlmap_wrapper.py Projekt: chenbremer/w3af-1

    def test_verify_vulnerability_POST(self):
        target = Target(URL(self.SQLI_POST), self.DATA_POST)

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)

        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable, self.sqlmap.last_stdout)

Beispiel #3

    def _verify_vuln(self, vuln_obj):
        """
        This command verifies a vuln. This is really hard work! :P

        :return : True if vuln can be exploited.
        """
        uri = vuln_obj.get_uri()
        dc = vuln_obj.get_dc()
        fuzzable_request = vuln_obj.get_mutant().get_fuzzable_req()

        m = vuln_obj.get_mutant()
        orig_value = m.get_original_value()

        # When the original value of the parameter was empty, mostly when it
        # was an HTML form, sqlmap can't find the vulnerability (and w3af does)
        # so we're adding a '1' here just in case.
        parameter_values = {orig_value, '1'}

        for pvalue in parameter_values:
            dc[vuln_obj.get_var()][m.get_var_index()] = pvalue

            post_data = None
            if isinstance(fuzzable_request, HTTPQSRequest):
                uri.set_querystring(dc)
            else:
                post_data = str(dc) or None

            target = Target(uri, post_data)

            sqlmap = SQLMapWrapper(target, self._uri_opener)
            if sqlmap.is_vulnerable():
                self._sqlmap = sqlmap
                return True

        return False

Beispiel #4

Datei: test_sqlmap_wrapper.py Projekt: chenbremer/w3af-1

    def test_enable_coloring(self):
        uri = URL(self.SQLI_GET)
        target = Target(uri)

        sqlmap = SQLMapWrapper(target, self.uri_opener, coloring=True)
        params = sqlmap.get_wrapper_params()
        self.assertNotIn('--disable-coloring', params)

Beispiel #5

    def _verify_vuln(self, vuln_obj):
        """
        This command verifies a vuln. This is really hard work! :P

        :return : True if vuln can be exploited.
        """
        mutant = vuln_obj.get_mutant()
        orig_value = mutant.get_token().get_original_value()

        # When the original value of the parameter was empty, mostly when it
        # was an HTML form, sqlmap can't find the vulnerability (and w3af does)
        # so we're adding a '1' here just in case.
        parameter_values = {orig_value, '1'}

        for pvalue in parameter_values:
            mutant = copy.deepcopy(mutant)
            mutant.set_token_value(pvalue)

            post_data = mutant.get_data() or None

            target = Target(mutant.get_uri(), post_data)

            sqlmap = SQLMapWrapper(target, self._uri_opener)
            if sqlmap.is_vulnerable():
                self._sqlmap = sqlmap
                return True

        return False

Beispiel #6

Datei: sqlmap.py Projekt: intfrr/Tortazo

    def _verify_vuln(self, vuln_obj):
        """
        This command verifies a vuln. This is really hard work! :P

        :return : True if vuln can be exploited.
        """
        uri = vuln_obj.get_uri()
        dc = vuln_obj.get_dc()

        orig_value = vuln_obj.get_mutant().get_original_value()
        dc[vuln_obj.get_var()] = orig_value

        post_data = None
        if isinstance(dc, Form):
            post_data = str(dc) or None
        else:
            uri.set_querystring(dc)

        target = Target(uri, post_data)

        sqlmap = SQLMapWrapper(target, self._uri_opener)
        if sqlmap.is_vulnerable():
            self._sqlmap = sqlmap
            return True

        return False

Beispiel #7

Datei: test_sqlmap_wrapper.py Projekt: chenbremer/w3af-1

    def test_verify_vulnerability_ssl(self):
        uri = URL(self.SSL_SQLI_GET)
        target = Target(uri)

        self.uri_opener = ExtendedUrllib()

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)
        vulnerable = self.sqlmap.is_vulnerable()
        self.assertTrue(vulnerable, self.sqlmap.last_stdout)

Beispiel #8

Datei: test_sqlmap_wrapper.py Projekt: chenbremer/w3af-1

    def test_verify_vulnerability_false(self):
        not_vuln = get_moth_http('/audit/sql_injection/'
                                 'where_string_single_qs.py?fake=pablo')
        uri = URL(not_vuln)
        target = Target(uri)

        self.sqlmap = SQLMapWrapper(target, self.uri_opener)

        vulnerable = self.sqlmap.is_vulnerable()
        self.assertFalse(vulnerable)

Beispiel #9

 def test_stds(self):
     uri = URL(self.SQLI_GET)
     target = Target(uri)
     
     self.sqlmap = SQLMapWrapper(target, self.uri_opener)
     
     prms = ['--batch',]
     cmd, process = self.sqlmap.run_sqlmap_with_pipes(prms)
     
     self.assertIsInstance(process.stdout, file)
     self.assertIsInstance(process.stderr, file)
     self.assertIsInstance(process.stdin, file)
     self.assertIsInstance(cmd, basestring)
     
     self.assertIn('sqlmap.py', cmd)

Beispiel #10

Datei: sqlmap.py Projekt: linefeedse/w3af

    def _verify_vuln(self, vuln_obj):
        """
        This command verifies a vuln. This is really hard work! :P

        :return : True if vuln can be exploited.
        """
        mutant = vuln_obj.get_mutant()

        if not isinstance(mutant, (QSMutant, PostDataMutant)):
            msg = ('The SQL injection vulnerability at %s can not be exploited'
                   ' by w3af\'s sqlmap wrapper because it can only handle'
                   ' query string and url-encoded post data parameters.')
            om.out.console(msg % (mutant.get_url(),))
            return False

        orig_value = mutant.get_token().get_original_value()

        # When the original value of the parameter was empty, mostly when it
        # was an HTML form, sqlmap can't find the vulnerability (and w3af does)
        # so we're adding a '1' here just in case.
        parameter_values = {orig_value, '1'}

        for pvalue in parameter_values:
            mutant = copy.deepcopy(mutant)
            mutant.set_token_value(pvalue)

            post_data = mutant.get_data() or None

            target = Target(mutant.get_uri(), post_data)

            try:
                sqlmap = SQLMapWrapper(target, self._uri_opener)
            except TypeError:
                issue_url = 'https://github.com/andresriancho/w3af/issues/6439'
                msg = 'w3af\'s sqlmap wrapper has some limitations, and you' \
                      ' just found one of them. For more information please' \
                      ' visit %s .'
                om.out.console(msg % issue_url)
                return False
            else:
                if sqlmap.is_vulnerable():
                    self._sqlmap = sqlmap
                    return True
                else:
                    self._sqlmap = None
                    sqlmap.cleanup()
        
        return False

Beispiel #11

    def test_kb_list_shells_sqlmap_2181(self):
        """
        Also very related with test_pickleable_shells
        :see: https://github.com/andresriancho/w3af/issues/2181
        """
        w3af_core = w3afCore()
        target = Target(URL('http://w3af.org/'))
        sqlmap_wrapper = SQLMapWrapper(target, w3af_core.uri_opener)

        sqlmap_shell = SQLMapShell(MockVuln(), w3af_core.uri_opener,
                                   w3af_core.worker_pool, sqlmap_wrapper)
        kb.append('a', 'b', sqlmap_shell)

        shells = kb.get_all_shells(w3af_core=w3af_core)
        self.assertEqual(len(shells), 1)
        unpickled_shell = shells[0]

        self.assertEqual(sqlmap_shell, unpickled_shell)
        self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener)
        self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool)
        self.assertIs(unpickled_shell.sqlmap.proxy._uri_opener,
                      w3af_core.uri_opener)

        w3af_core.quit()

Beispiel #12

Datei: sqlmap.py Projekt: chenbremer/w3af-1

    def _verify_vuln(self, vuln_obj):
        """
        This command verifies a vuln. This is really hard work! :P

        :return : True if vuln can be exploited.
        """
        mutant = vuln_obj.get_mutant()

        if not isinstance(mutant, (QSMutant, PostDataMutant)):
            msg = ('The SQL injection vulnerability at %s can not be exploited'
                   ' by w3af\'s sqlmap wrapper because it can only handle'
                   ' query string and url-encoded post data parameters.')
            om.out.console(msg % (mutant.get_url(), ))
            return False

        orig_value = mutant.get_token().get_original_value()

        # When the original value of the parameter was empty, mostly when it
        # was an HTML form, sqlmap can't find the vulnerability (and w3af does)
        # so we're adding a '1' here just in case.
        parameter_values = {orig_value, '1'}

        for pvalue in parameter_values:
            mutant = copy.deepcopy(mutant)
            mutant.set_token_value(pvalue)

            self._sqlmap = None

            post_data = mutant.get_data() or None
            target = Target(mutant.get_uri(), post_data)

            try:
                sqlmap = SQLMapWrapper(target, self._uri_opener)
            except TypeError:
                issue_url = 'https://github.com/andresriancho/w3af/issues/6439'
                msg = ('w3af\'s sqlmap wrapper has some limitations, and you'
                       ' just found one of them. For more information please'
                       ' visit %s .')
                om.out.console(msg % issue_url)
                return False

            try:
                is_vuln = sqlmap.is_vulnerable()
            except:
                sqlmap.cleanup()

                if sqlmap.last_stdout is None or sqlmap.last_stderr is None:
                    # Not sure when we get here
                    return False

                taint_error = 'provided tainted parameter'
                if not (taint_error in sqlmap.last_stdout
                        or taint_error in sqlmap.last_stderr):
                    # Some error that we don't have a special handling for
                    return False

                issue_url = 'https://github.com/andresriancho/w3af/issues/1989'
                msg = ('w3af\'s sqlmap wrapper has some limitations, and you'
                       ' just found one of them. For more information please'
                       ' visit %s and add the steps required to reproduce this'
                       ' issue which will help us debug and fix it.')
                om.out.console(msg % issue_url)
                return False

            if is_vuln:
                self._sqlmap = sqlmap
                return True
            else:
                sqlmap.cleanup()

        return False