Exemple #1
0
def stackedTest():
    if conf.direct:
        return

    if kb.stackedTest is not None:
        return kb.stackedTest

    infoMsg  = "testing stacked queries sql injection on parameter "
    infoMsg += "'%s'" % kb.injParameter
    logger.info(infoMsg)

    query      = getDelayQuery()
    start      = time.time()
    payload, _ = inject.goStacked(query)
    duration   = calculateDeltaSeconds(start)

    if duration >= conf.timeSec:
        infoMsg  = "the target url is affected by a stacked queries "
        infoMsg += "sql injection on parameter '%s'" % kb.injParameter
        logger.info(infoMsg)

        kb.stackedTest = agent.removePayloadDelimiters(payload, False)
    else:
        warnMsg  = "the target url is not affected by a stacked queries "
        warnMsg += "sql injection on parameter '%s'" % kb.injParameter
        logger.warn(warnMsg)

        kb.stackedTest = False

    setStacked()

    return kb.stackedTest
Exemple #2
0
def stackedTest():
    if kb.stackedTest is not None:
        return kb.stackedTest

    infoMsg  = "testing stacked queries support on parameter "
    infoMsg += "'%s'" % kb.injParameter
    logger.info(infoMsg)

    query      = getDelayQuery()
    start      = time.time()
    payload, _ = inject.goStacked(query)
    duration   = int(time.time() - start)

    if duration >= conf.timeSec:
        infoMsg  = "the web application supports stacked queries "
        infoMsg += "on parameter '%s'" % kb.injParameter
        logger.info(infoMsg)

        kb.stackedTest = payload
    else:
        warnMsg  = "the web application does not support stacked queries "
        warnMsg += "on parameter '%s'" % kb.injParameter
        logger.warn(warnMsg)

        kb.stackedTest = False

    setStacked()

    return kb.stackedTest