def analyse(url, path):
faup.decode(url)
url_parsed = faup.get()
pprint.pprint(url_parsed)
resource_path = url_parsed['resource_path']
query_string = url_parsed['query_string']
result_path = {'sqli': False}
result_query = {'sqli': False}
if resource_path is not None:
result_path = pylibinjection.detect_sqli(resource_path)
print("path is sqli : {0}".format(result_path))
if query_string is not None:
result_query = pylibinjection.detect_sqli(query_string)
print("query is sqli : {0}".format(result_query))
if result_path['sqli'] is True or result_query['sqli'] is True:
paste = Paste.Paste(path)
print("Detected (libinjection) SQL in URL: ")
print(urllib.request.unquote(url))
to_print = 'LibInjection;{};{};{};{};{}'.format(
paste.p_source, paste.p_date, paste.p_name, "Detected SQL in URL",
paste.p_path)
publisher.warning(to_print)
#Send to duplicate
p.populate_set_out(path, 'Duplicate')
#send to Browse_warning_paste
p.populate_set_out('sqlinjection;{}'.format(path), 'alertHandler')
msg = 'infoleak:automatic-detection="sql-injection";{}'.format(path)
p.populate_set_out(msg, 'Tags')
def compute(self, message):
url, id = message.split()
self.faup.decode(url)
url_parsed = self.faup.get()
## TODO: # FIXME: remove me
try:
resource_path = url_parsed['resource_path'].encode()
except:
resource_path = url_parsed['resource_path']
## TODO: # FIXME: remove me
try:
query_string = url_parsed['query_string'].encode()
except:
query_string = url_parsed['query_string']
result_path = {'sqli' : False}
result_query = {'sqli' : False}
if resource_path is not None:
result_path = pylibinjection.detect_sqli(resource_path)
#print(f'path is sqli : {result_path}')
if query_string is not None:
result_query = pylibinjection.detect_sqli(query_string)
#print(f'query is sqli : {result_query}')
if result_path['sqli'] is True or result_query['sqli'] is True:
item = Item(id)
item_id = item.get_id()
print(f"Detected (libinjection) SQL in URL: {item_id}")
print(urllib.request.unquote(url))
to_print = f'LibInjection;{item.get_source()};{item.get_date()};{item.get_basename()};Detected SQL in URL;{item_id}'
self.redis_logger.warning(to_print)
# Send to duplicate
self.send_message_to_queue(item_id, 'Duplicate')
# Add tag
msg = f'infoleak:automatic-detection="sql-injection";{item_id}'
self.send_message_to_queue(msg, 'Tags')
#statistics
## TODO: # FIXME: remove me
try:
tld = url_parsed['tld'].decode()
except:
tld = url_parsed['tld']
if tld is not None:
date = datetime.now().strftime("%Y%m")
self.server_statistics.hincrby(f'SQLInjection_by_tld:{date}', tld, 1)
def analyse(url, path):
faup.decode(url)
url_parsed = faup.get()
pprint.pprint(url_parsed)
## TODO: # FIXME: remove me
try:
resource_path = url_parsed['resource_path'].encode()
except:
resource_path = url_parsed['resource_path']
## TODO: # FIXME: remove me
try:
query_string = url_parsed['query_string'].encode()
except:
query_string = url_parsed['query_string']
result_path = {'sqli': False}
result_query = {'sqli': False}
if resource_path is not None:
result_path = pylibinjection.detect_sqli(resource_path)
print("path is sqli : {0}".format(result_path))
if query_string is not None:
result_query = pylibinjection.detect_sqli(query_string)
print("query is sqli : {0}".format(result_query))
if result_path['sqli'] is True or result_query['sqli'] is True:
paste = Paste.Paste(path)
print("Detected (libinjection) SQL in URL: ")
print(urllib.request.unquote(url))
to_print = 'LibInjection;{};{};{};{};{}'.format(
paste.p_source, paste.p_date, paste.p_name, "Detected SQL in URL",
paste.p_rel_path)
publisher.warning(to_print)
#Send to duplicate
p.populate_set_out(path, 'Duplicate')
msg = 'infoleak:automatic-detection="sql-injection";{}'.format(path)
p.populate_set_out(msg, 'Tags')
#statistics
## TODO: # FIXME: remove me
try:
tld = url_parsed['tld'].decode()
except:
tld = url_parsed['tld']
if tld is not None:
date = datetime.datetime.now().strftime("%Y%m")
server_statistics.hincrby('SQLInjection_by_tld:' + date, tld, 1)
def analyse(url, path):
faup.decode(url)
url_parsed = faup.get()
pprint.pprint(url_parsed)
## TODO: # FIXME: remove me
try:
resource_path = url_parsed['resource_path'].encode()
except:
resource_path = url_parsed['resource_path']
## TODO: # FIXME: remove me
try:
query_string = url_parsed['query_string'].encode()
except:
query_string = url_parsed['query_string']
result_path = {'sqli' : False}
result_query = {'sqli' : False}
if resource_path is not None:
result_path = pylibinjection.detect_sqli(resource_path)
print("path is sqli : {0}".format(result_path))
if query_string is not None:
result_query = pylibinjection.detect_sqli(query_string)
print("query is sqli : {0}".format(result_query))
if result_path['sqli'] is True or result_query['sqli'] is True:
paste = Paste.Paste(path)
print("Detected (libinjection) SQL in URL: ")
print(urllib.request.unquote(url))
to_print = 'LibInjection;{};{};{};{};{}'.format(paste.p_source, paste.p_date, paste.p_name, "Detected SQL in URL", paste.p_rel_path)
publisher.warning(to_print)
#Send to duplicate
p.populate_set_out(path, 'Duplicate')
msg = 'infoleak:automatic-detection="sql-injection";{}'.format(path)
p.populate_set_out(msg, 'Tags')
#statistics
## TODO: # FIXME: remove me
try:
tld = url_parsed['tld'].decode()
except:
tld = url_parsed['tld']
if tld is not None:
date = datetime.datetime.now().strftime("%Y%m")
server_statistics.hincrby('SQLInjection_by_tld:'+date, tld, 1)
def scan(self, value):
detection = None
payload = bytes(value, 'utf-8')
sqli = pylibinjection.detect_sqli(payload)
if int(sqli['sqli']):
detection = dict(name='sqli', order=2)
return detection
def scan(self, value):
detection = None
payload = bytes(value, 'utf-8')
sqli = pylibinjection.detect_sqli(payload)
if int(sqli['sqli']):
detection = dict(name='sqli', order=2)
return detection
def scan(self, value):
detection = None
payload = bytes(value, "utf-8")
sqli = pylibinjection.detect_sqli(payload)
if int(sqli["sqli"]):
detection = dict(name="sqli", order=2)
return detection
def process_one(opts):
cursor = opts[0]
payload = opts[1]
args = opts[2]
if os.path.isfile("{}_fp.txt".format(args.type)):
fingerprints = open("{}_fp.txt".format(args.type), "r").read()
else:
fingerprints = list()
if args.type in ["mysql", "mariadb"]:
for item in cursor.execute(args.query.format(payload), multi=True):
rows = item.fetchall()
else:
cursor.execute(args.query.format(payload))
rows = cursor.fetchall()
sqli = pylibinjection.detect_sqli(payload)
msg = "Fingerprint: {} Query: {} Result: {}".format(
sqli["fingerprint"], args.query.format(payload), rows)
if len(rows) > 0:
if sqli["sqli"]:
print colorize("red", "[BLOCKED] {}".format(msg))
if args.log_all:
log_msg("{}_bad.txt".format(args.type),
"[{}] {}".format(args.type.upper(), msg))
else:
if sqli["fingerprint"] in fingerprints:
print colorize("blue", "[PASS][DUP] {}".format(msg))
log_msg("{}_bad.txt".format(args.type),
"[DUPE][{}] {}".format(args.type.upper(), msg))
else:
print colorize("green", "[PASS][NEW] {}".format(msg))
log_msg("{}_good.txt".format(args.type),
"[{}] {}".format(args.type.upper(), msg))
log_msg("{}_fp.txt".format(args.type), sqli["fingerprint"])
fingerprints.append(sqli["fingerprint"])
def classify(cls, string):
return pylibinjection.detect_sqli(string)
def classify(cls, string):
return pylibinjection.detect_sqli(string)
def issqli(self, payload):
injection = pylibinjection.detect_sqli(payload)
return injection["sqli"]
__author__ = 'jellyzhang'
import pylibinjection
#negative
with open('raw_negative.txt','r',encoding='utf-8',errors='ignore')as fread,open('negative.txt','w',encoding='utf-8',errors='ignore')as fwrite:
for line in fread:
sqli_result=pylibinjection.detect_sqli(bytes(line.rstrip(), encoding='utf-8'))
fingerprint=str(sqli_result['fingerprint'],encoding='utf-8')
fwrite.write('{}\n'.format(fingerprint))
#positive
with open('raw_positive.txt','r',encoding='utf-8',errors='ignore')as fread,open('positive.txt','w',encoding='utf-8',errors='ignore')as fwrite:
for line in fread:
sqli_result = pylibinjection.detect_sqli(bytes(line.rstrip(), encoding='utf-8'))
fwrite.write('{}\n'.format(str(sqli_result['fingerprint'],encoding='utf-8')))