def __init__(self): baseAuditPlugin.__init__(self) self._bsqli_response_diff = blind_sqli_response_diff() self._blind_sqli_time_delay = blind_sqli_time_delay() # User configured variables self._equalLimit = 0.9 self._equAlgorithm = 'setIntersection'
def audit(self, freq): ''' Tests an URL for blind SQL injection vulnerabilities. @param freq: A fuzzableRequest ''' om.out.debug('blindSqli plugin is testing: ' + freq.getURL()) # # Setup blind SQL injection detector objects # self._bsqli_response_diff = blind_sqli_response_diff(self._uri_opener) bsqli_resp_diff = self._bsqli_response_diff bsqli_resp_diff.set_eq_limit(self._eq_limit) self._blind_sqli_time_delay = blind_sqli_time_delay(self._uri_opener) bsqli_time_delay = self._blind_sqli_time_delay method_list = [bsqli_resp_diff, bsqli_time_delay] # # Use the objects to identify the vulnerabilities # fake_mutants = createMutants(freq, ['',]) for mutant in fake_mutants: if self._has_sql_injection( mutant ): # # If sqli.py was enabled and already detected a vulnerability # in this parameter, then it makes no sense to test it again # and report a duplicate to the user # continue for method in method_list: found_vuln = method.is_injectable( mutant ) if found_vuln is not None and \ self._has_no_bug(freq, varname=found_vuln.getVar()): om.out.vulnerability(found_vuln.getDesc()) kb.kb.append(self, 'blindSqli', found_vuln) break
def audit(self, freq, orig_response): ''' Tests an URL for blind SQL injection vulnerabilities. :param freq: A FuzzableRequest ''' # # Setup blind SQL injection detector objects # bsqli_resp_diff = blind_sqli_response_diff(self._uri_opener) bsqli_resp_diff.set_eq_limit(self._eq_limit) bsqli_time_delay = blind_sqli_time_delay(self._uri_opener) method_list = [bsqli_resp_diff, bsqli_time_delay] # # Use the objects to identify the vulnerabilities # fake_mutants = create_mutants(freq, [ '', ]) for mutant in fake_mutants: if self._has_sql_injection(mutant): # # If sqli.py was enabled and already detected a vulnerability # in this parameter, then it makes no sense to test it again # and report a duplicate to the user # continue for method in method_list: found_vuln = method.is_injectable(mutant) if found_vuln is not None: self.kb_append_uniq(self, 'blind_sqli', found_vuln) break
def audit(self, freq, orig_response): ''' Tests an URL for blind SQL injection vulnerabilities. :param freq: A FuzzableRequest ''' # # Setup blind SQL injection detector objects # bsqli_resp_diff = blind_sqli_response_diff(self._uri_opener) bsqli_resp_diff.set_eq_limit(self._eq_limit) bsqli_time_delay = blind_sqli_time_delay(self._uri_opener) method_list = [bsqli_resp_diff, bsqli_time_delay] # # Use the objects to identify the vulnerabilities # fake_mutants = create_mutants(freq, ['', ]) for mutant in fake_mutants: if self._has_sql_injection(mutant): # # If sqli.py was enabled and already detected a vulnerability # in this parameter, then it makes no sense to test it again # and report a duplicate to the user # continue for method in method_list: found_vuln = method.is_injectable(mutant) if found_vuln is not None: self.kb_append_uniq(self, 'blind_sqli', found_vuln) break