Class: Watobo::Modules::Active::Sqlinjection::Sqli_error

Inherits:
ActiveCheck
  • Object
show all
Defined in:
modules/active/sqlinjection/sqli_error.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(project, prefs = {}) ⇒ Sqli_error

Returns a new instance of Sqli_error.


63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# File 'modules/active/sqlinjection/sqli_error.rb', line 63

def initialize(project, prefs={})
  super(project, prefs)
  
  
  @sql_checks=[
  "';--",
  "'",  
  ]
  
  @sql_patterns = [ 
      "OleDBException",
      "SQL Server",            
      "Microsoft OLE DB Provider",
      "Incorrect syntax near",
      "ADODB",
      "DB2 SQL",
      "DB2.*SQL\d+N",
      "ODBC Microsoft Access Driver",
      "(PLS|ORA).[0-9]{2,}",
      "PostgreSQL query",
      "error in your SQL syntax"
     
  ]
  
end

Instance Method Details

#generateChecks(chat) ⇒ Object


89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
# File 'modules/active/sqlinjection/sqli_error.rb', line 89

def generateChecks(chat)
  
  begin
    urlParmNames(chat).each do |parm|
      # puts "#{Module.nesting[0].name}: run check on chat-id (#{chat.id}) with parm (#{parm})"
      #@sql_checks.each do |check, pattern|
      test_values = []
      @sql_checks.each do |check|
        test_values << check
        test_values << "#{chat.request.get_parm_value(parm)}#{check}"
        test_values << "#{check}#{chat.request.get_parm_value(parm)}"
      end
      test_values.each do |check|
        checker = proc {
          
          test_request = nil
          test_response = nil
          # IMPORTANT!!!
          # use prepareRequest(chat) for cloning the original request 
          test = chat.copyRequest
          test_parm = "#{parm.clone}"
          # modify the test request
          test.replace_get_parm(test_parm, check)
          # fire it up!
          #puts req_copy
          test_request,test_response = doRequest(test)
          
          # puts test_response
          # verify response
          match = nil
          @sql_patterns.each do |pattern|
            if test_response.join =~ /(#{pattern})/i
              match = $1
             # test_chat = Chat.new(test,test_response,chat.id)
            #  path = "/" + test_request.path_ext
              addFinding(test_request,test_response,
                  :test_item => parm,
                         :check_pattern => "#{check}", 
              :proof_pattern => "#{match}",
              :chat => chat,
              :title => "[#{test_parm}] - #{test_request.path}"
              )
            end
            
          end
          
          [ test_request, test_response ]
        }
        yield checker
      end            
    end
    
    
    #
    #  Check POST-Parameters
    #           
    
    postParmNames(chat).each do |parm|
      #puts "#{chat.id}: run check on post parm #{parm}"
      test_values = []
      @sql_checks.each do |check|
        test_values << check
        test_values << "#{chat.request.post_parm_value(parm)}#{check}"
        test_values << "#{check}#{chat.request.post_parm_value(parm)}"
      end
      test_values.each do |check|
        checker = proc {
          test_request = nil
          test_response = nil
          # IMPORTANT!!!
          # use prepareRequest(chat) for cloning the original request 
          test = chat.copyRequest
          test_parm = "#{parm.clone}"
          
          
          # modify the test request
          test.replace_post_parm(test_parm,check)
          # puts test.last
          # fire it up!
          #puts req_copy
          test_request,test_response = doRequest(test)
          
          # puts test_response
          # verify response
          match = nil
          @sql_patterns.each do |pattern|
            if test_response.join =~ /(#{pattern})/i
              match = $1
              # puts "found xss (post)"
             # test_chat = Chat.new(test,test_response,chat.id)
              #resource = "/" + test_request.resource
              addFinding(test_request,test_response,
                  :test_item => parm,
                         :check_pattern => "#{check}", 
              :proof_pattern => "#{match}",
              :chat => chat,
              :title => "[#{test_parm}] - #{test_request.path}"
              )
            end
            
          end
          [ test_request, test_response ]
        }
        yield checker
        
      end
    end            
  rescue => bang
    puts bang
    puts "ERROR!! #{Module.nesting[0].name}"
    raise
  end
end