def __init__(self):
baseAuditPlugin.__init__(self)
self._bsqli_response_diff = blind_sqli_response_diff()
self._blind_sqli_time_delay = blind_sqli_time_delay()
# User configured variables
self._equalLimit = 0.9
self._equAlgorithm = 'setIntersection'
def audit(self, freq):
'''
Tests an URL for blind SQL injection vulnerabilities.
@param freq: A fuzzableRequest
'''
om.out.debug('blindSqli plugin is testing: ' + freq.getURL())
#
# Setup blind SQL injection detector objects
#
self._bsqli_response_diff = blind_sqli_response_diff(self._uri_opener)
bsqli_resp_diff = self._bsqli_response_diff
bsqli_resp_diff.set_eq_limit(self._eq_limit)
self._blind_sqli_time_delay = blind_sqli_time_delay(self._uri_opener)
bsqli_time_delay = self._blind_sqli_time_delay
method_list = [bsqli_resp_diff, bsqli_time_delay]
#
# Use the objects to identify the vulnerabilities
#
fake_mutants = createMutants(freq, ['',])
for mutant in fake_mutants:
if self._has_sql_injection( mutant ):
#
# If sqli.py was enabled and already detected a vulnerability
# in this parameter, then it makes no sense to test it again
# and report a duplicate to the user
#
continue
for method in method_list:
found_vuln = method.is_injectable( mutant )
if found_vuln is not None and \
self._has_no_bug(freq, varname=found_vuln.getVar()):
om.out.vulnerability(found_vuln.getDesc())
kb.kb.append(self, 'blindSqli', found_vuln)
break
def audit(self, freq, orig_response):
'''
Tests an URL for blind SQL injection vulnerabilities.
:param freq: A FuzzableRequest
'''
#
# Setup blind SQL injection detector objects
#
bsqli_resp_diff = blind_sqli_response_diff(self._uri_opener)
bsqli_resp_diff.set_eq_limit(self._eq_limit)
bsqli_time_delay = blind_sqli_time_delay(self._uri_opener)
method_list = [bsqli_resp_diff, bsqli_time_delay]
#
# Use the objects to identify the vulnerabilities
#
fake_mutants = create_mutants(freq, [
'',
])
for mutant in fake_mutants:
if self._has_sql_injection(mutant):
#
# If sqli.py was enabled and already detected a vulnerability
# in this parameter, then it makes no sense to test it again
# and report a duplicate to the user
#
continue
for method in method_list:
found_vuln = method.is_injectable(mutant)
if found_vuln is not None:
self.kb_append_uniq(self, 'blind_sqli', found_vuln)
break
def audit(self, freq, orig_response):
'''
Tests an URL for blind SQL injection vulnerabilities.
:param freq: A FuzzableRequest
'''
#
# Setup blind SQL injection detector objects
#
bsqli_resp_diff = blind_sqli_response_diff(self._uri_opener)
bsqli_resp_diff.set_eq_limit(self._eq_limit)
bsqli_time_delay = blind_sqli_time_delay(self._uri_opener)
method_list = [bsqli_resp_diff, bsqli_time_delay]
#
# Use the objects to identify the vulnerabilities
#
fake_mutants = create_mutants(freq, ['', ])
for mutant in fake_mutants:
if self._has_sql_injection(mutant):
#
# If sqli.py was enabled and already detected a vulnerability
# in this parameter, then it makes no sense to test it again
# and report a duplicate to the user
#
continue
for method in method_list:
found_vuln = method.is_injectable(mutant)
if found_vuln is not None:
self.kb_append_uniq(self, 'blind_sqli', found_vuln)
break
