def inject_xss_payload(text_cols): for table, cols in text_cols.items(): cols = list(cols) num_cols = len(cols) cols = [ col + """= CONCAT('<script>alert("BIP_',id,'")</script>')""" for col in cols ] cols = ",".join(cols) query = "UPDATE %s SET %s" % (table, cols) # Try running a query to update every record with an alert box and the id col postgres.run_query(query, can_fail=True)
def count_rows(table, query_str=""): count_query = build_count_query(table, query_str) count = postgres.run_query(count_query) if count is None or count["count"] == 0: with open(os.path.join(get_results_path(), "no_records.log"), "a") as f: f.write(count_query + "\n") return 0 else: return count["count"]
def lookup(table, col, query_str="", constraints=None, can_fail=False): count = count_rows(table, query_str=query_str) # There are no records that satisfy this query if count == 0: if query_str == "": # The table is empty, we can't make this query any simpler return None else: # Simplify the query and try again return lookup(table, col, query_str="") query = build_query(table, query_str, count) record = postgres.run_query(query) # count > 0. There should always be a record unless we are racy. assert record return impose_constraints(record[col], constraints)
def find_text_cols(): # Get relevant tables good_tables = find_tables() # Get all column names query = "SELECT * FROM information_schema.columns" results = postgres.run_query(query, return_all_records=True) DATA_TYPE_INDEX = 27 TABLE_INDEX = 2 COL_INDEX = 3 # Tables are keys. Values are a list of column names text_cols = {} for r in results: table = r[TABLE_INDEX] # We don't care about this table if table not in good_tables: continue data_type = r[DATA_TYPE_INDEX] if data_type in ["char", "_char", "varchar"]: col_name = r[COL_INDEX] if table in text_cols: text_cols[table].add(col_name) else: text_cols[table] = set([col_name]) return text_cols
def table_col_exists(table, col): table = pluralize(table) query = ("SELECT column_name FROM information_schema.columns WHERE " "table_name='%s' AND column_name='%s'" % (table, col)) return postgres.run_query(query)
def find_tables(): query = "SELECT * FROM information_schema.tables WHERE table_schema NOT IN ('pg_catalog', 'information_schema')" results = postgres.run_query(query, return_all_records=True) TABLE_INDEX = 2 tables = [t[TABLE_INDEX] for t in results] return tables