def get_tokens(self): ids = self.request.arguments.get('id', []) if len(ids) == 1: formvalue = ids[0] else: formvalue = '' val = urllib.unquote(formvalue) parsed = [] parsed.append(alltokens(val, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI)) parsed.append(alltokens(val, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_MYSQL)) parsed.append(alltokens(val, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_ANSI)) parsed.append(alltokens(val, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_MYSQL)) parsed.append(alltokens(val, libinjection.FLAG_QUOTE_DOUBLE | libinjection.FLAG_SQL_MYSQL)) self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate') self.add_header('Pragma', 'no-cache') self.add_header('Expires', '0') self.add_header('X-Content-Type-Options', 'nosniff') self.add_header('X-XSS-Protection', '0') self.render("tokens.html", title='libjection sqli token parsing diagnostics', version = libinjection.version(), parsed=parsed, formvalue=val, ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''), ssl_cipher=self.request.headers.get('X-SSL-Cipher', '') )
def get_fingerprints(self): #unquote = urllib.unquote #detectsqli = libinjection.detectsqli ids = self.request.arguments.get('id', []) if len(ids) == 1: formvalue = ids[0] else: formvalue = '' args = [] extra = {} qssqli = False sqlstate = libinjection.sqli_state() allfp = {} for name,values in self.request.arguments.iteritems(): if name == 'type': continue fps = [] val = values[0] val = urllib.unquote(val) if len(val) == 0: continue libinjection.sqli_init(sqlstate, val, 0) pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI) issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate)) fps.append(['unquoted', 'ansi', issqli, pat]) pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_MYSQL) issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate)) fps.append(['unquoted', 'mysql', issqli, pat]) pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_ANSI) issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate)) fps.append(['single', 'ansi', issqli, pat]) pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_MYSQL) issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate)) fps.append(['single', 'mysql', issqli, pat]) pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_DOUBLE | libinjection.FLAG_SQL_MYSQL) issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate)) fps.append(['double', 'mysql', issqli, pat]) allfp[name] = { 'value': breakify(breakapart(val)), 'fingerprints': fps } for name,values in self.request.arguments.iteritems(): if name == 'type': continue for val in values: # do it one more time include cut-n-paste was already url-encoded val = urllib.unquote(val) if len(val) == 0: continue # swig returns 1/0, convert to True False libinjection.sqli_init(sqlstate, val, 0) issqli = bool(libinjection.is_sqli(sqlstate)) # True if any issqli values are true qssqli = qssqli or issqli val = breakapart(val) pat = sqlstate.fingerprint if not issqli: pat = 'see below' args.append([name, val, issqli, pat]) self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate') self.add_header('Pragma', 'no-cache') self.add_header('Expires', '0') self.add_header('X-Content-Type-Options', 'nosniff') self.add_header('X-XSS-Protection', '0') self.render("form.html", title='libjection sqli diagnostic', version = libinjection.version(), is_sqli=qssqli, args=args, allfp = allfp, formvalue=formvalue, ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''), ssl_cipher=self.request.headers.get('X-SSL-Cipher', '') )