Esempio n. 1
0
def alltokens(val, flags):

    if flags & libinjection.FLAG_QUOTE_SINGLE:
        contextstr = 'single'
    elif flags & libinjection.FLAG_QUOTE_DOUBLE:
        contextstr = 'double'
    else:
        contextstr = 'none'

    if flags & libinjection.FLAG_SQL_ANSI:
        commentstr = 'ansi'
    elif flags & libinjection.FLAG_SQL_MYSQL:
        commentstr = 'mysql'
    else:
        raise RuntimeException("bad quote context")

    parse = {
        'comment': commentstr,
        'quote': contextstr
    }
    args = []
    sqlstate = libinjection.sqli_state()
    libinjection.sqli_init(sqlstate, val, flags)
    count = 0
    while count < 25:
        count += 1
        ok = libinjection.sqli_tokenize(sqlstate)
        if ok == 0:
            break
        args.append(print_token(sqlstate.current))


    parse['tokens'] = args

    args = []
    fingerprint = libinjection.sqli_fingerprint(sqlstate, flags)
    vec = sqlstate.tokenvec
    for i in range(len(sqlstate.fingerprint)):
        args.append(print_token(vec[i]))
    parse['folds'] = args
    parse['sqli'] = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
    parse['fingerprint'] = fingerprint
    # todo add stats

    return parse
Esempio n. 2
0
def alltokens(val, flags):

    if flags & libinjection.FLAG_QUOTE_SINGLE:
        contextstr = 'single'
    elif flags & libinjection.FLAG_QUOTE_DOUBLE:
        contextstr = 'double'
    else:
        contextstr = 'none'

    if flags & libinjection.FLAG_SQL_ANSI:
        commentstr = 'ansi'
    elif flags & libinjection.FLAG_SQL_MYSQL:
        commentstr = 'mysql'
    else:
        raise RuntimeException("bad quote context")

    parse = {
        'comment': commentstr,
        'quote': contextstr
    }
    args = []
    sqlstate = libinjection.sqli_state()
    libinjection.sqli_init(sqlstate, val, flags)
    count = 0
    while count < 25:
        count += 1
        ok = libinjection.sqli_tokenize(sqlstate)
        if ok == 0:
            break
        args.append(print_token(sqlstate.current))


    parse['tokens'] = args

    args = []
    fingerprint = libinjection.sqli_fingerprint(sqlstate, flags)
    for i in range(len(sqlstate.fingerprint)):
        args.append(print_token(libinjection.sqli_get_token(sqlstate,i)))
    parse['folds'] = args
    parse['sqli'] = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
    parse['fingerprint'] = fingerprint
    # todo add stats

    return parse
Esempio n. 3
0
    def get_fingerprints(self):
        #unquote = urllib.unquote
        #detectsqli = libinjection.detectsqli

        ids = self.request.arguments.get('id', [])
        if len(ids) == 1:
            formvalue = ids[0]
        else:
            formvalue = ''

        args = []
        extra = {}
        qssqli = False

        sqlstate = libinjection.sqli_state()

        allfp = {}
        for name,values in self.request.arguments.iteritems():
            if name == 'type':
                continue

            fps = []

            val = values[0]
            val = urllib.unquote(val)
            if len(val) == 0:
                continue
            libinjection.sqli_init(sqlstate, val, 0)
            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['unquoted', 'ansi', issqli, pat])

            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_MYSQL)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['unquoted', 'mysql', issqli, pat])

            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_ANSI)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['single', 'ansi', issqli, pat])

            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_MYSQL)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['single', 'mysql', issqli, pat])

            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_DOUBLE | libinjection.FLAG_SQL_MYSQL)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['double', 'mysql', issqli, pat])

            allfp[name] = {
                'value': breakify(breakapart(val)),
                'fingerprints': fps
            }

        for name,values in self.request.arguments.iteritems():
            if name == 'type':
                continue
            for val in values:
                # do it one more time include cut-n-paste was already url-encoded
                val = urllib.unquote(val)
                if len(val) == 0:
                    continue

                # swig returns 1/0, convert to True False
                libinjection.sqli_init(sqlstate, val, 0)
                issqli = bool(libinjection.is_sqli(sqlstate))

                # True if any issqli values are true
                qssqli = qssqli or issqli
                val = breakapart(val)

                pat = sqlstate.fingerprint
                if not issqli:
                    pat = 'see below'
                args.append([name, val, issqli, pat])

        self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate')
        self.add_header('Pragma', 'no-cache')
        self.add_header('Expires', '0')
        self.add_header('X-Content-Type-Options', 'nosniff')
        self.add_header('X-XSS-Protection', '0')

        self.render("form.html",
                    title='libjection sqli diagnostic',
                    version = libinjection.version(),
                    is_sqli=qssqli,
                    args=args,
                    allfp = allfp,
                    formvalue=formvalue,
                    ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
                    ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
                    )
Esempio n. 4
0
    def get_fingerprints(self):
        #unquote = urllib.unquote
        #detectsqli = libinjection.detectsqli

        ids = self.request.arguments.get('id', [])
        if len(ids) == 1:
            formvalue = ids[0]
        else:
            formvalue = ''

        args = []
        extra = {}
        qssqli = False

        sqlstate = libinjection.sqli_state()

        allfp = {}
        for name,values in self.request.arguments.iteritems():
            if name == 'type':
                continue

            fps = []

            val = values[0]
            val = urllib.unquote(val)
            if len(val) == 0:
                continue
            libinjection.sqli_init(sqlstate, val, 0)
            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['unquoted', 'ansi', issqli, pat])

            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_MYSQL)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['unquoted', 'mysql', issqli, pat])

            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_ANSI)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['single', 'ansi', issqli, pat])

            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_MYSQL)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['single', 'mysql', issqli, pat])

            pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_DOUBLE | libinjection.FLAG_SQL_MYSQL)
            issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
            fps.append(['double', 'mysql', issqli, pat])

            allfp[name] = {
                'value': breakify(breakapart(val)),
                'fingerprints': fps
            }

        for name,values in self.request.arguments.iteritems():
            if name == 'type':
                continue
            for val in values:
                # do it one more time include cut-n-paste was already url-encoded
                val = urllib.unquote(val)
                if len(val) == 0:
                    continue

                # swig returns 1/0, convert to True False
                libinjection.sqli_init(sqlstate, val, 0)
                issqli = bool(libinjection.is_sqli(sqlstate))

                # True if any issqli values are true
                qssqli = qssqli or issqli
                val = breakapart(val)

                pat = sqlstate.fingerprint
                if not issqli:
                    pat = 'see below'
                args.append([name, val, issqli, pat])

        self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate')
        self.add_header('Pragma', 'no-cache')
        self.add_header('Expires', '0')
        self.add_header('X-Content-Type-Options', 'nosniff')
        self.add_header('X-XSS-Protection', '0')

        self.render("form.html",
                    title='libjection sqli diagnostic',
                    version = libinjection.version(),
                    is_sqli=qssqli,
                    args=args,
                    allfp = allfp,
                    formvalue=formvalue,
                    ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
                    ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
                    )