Class: API_Fuzzer::SqlCheck
- Inherits:
-
Object
- Object
- API_Fuzzer::SqlCheck
- Defined in:
- lib/API_Fuzzer/sql_check.rb
Direct Known Subclasses
Constant Summary collapse
- ALLOWED_METHODS =
[:get, :post].freeze
- PAYLOAD_PATH =
File.('../../../payloads/sql.txt', __FILE__)
- DETECT_PATH =
File.('../../../payloads/detect/sql.txt', __FILE__)
Instance Attribute Summary collapse
-
#parameters ⇒ Object
Returns the value of attribute parameters.
-
#payloads ⇒ Object
Returns the value of attribute payloads.
-
#sql_errors ⇒ Object
Returns the value of attribute sql_errors.
Class Method Summary collapse
- .check_response?(body, payload) ⇒ Boolean
- .fetch_payloads ⇒ Object
- .fuzz_each_fragment(url, payload) ⇒ Object
- .fuzz_each_parameter(parameter, payload) ⇒ Object
- .fuzz_each_payload(payload) ⇒ Object
- .fuzz_payloads ⇒ Object
- .response_json?(response) ⇒ Boolean
- .scan(options = {}) ⇒ Object
- .success?(response) ⇒ Boolean
Instance Attribute Details
#parameters ⇒ Object
Returns the value of attribute parameters.
9 10 11 |
# File 'lib/API_Fuzzer/sql_check.rb', line 9 def parameters @parameters end |
#payloads ⇒ Object
Returns the value of attribute payloads.
10 11 12 |
# File 'lib/API_Fuzzer/sql_check.rb', line 10 def payloads @payloads end |
#sql_errors ⇒ Object
Returns the value of attribute sql_errors.
10 11 12 |
# File 'lib/API_Fuzzer/sql_check.rb', line 10 def sql_errors @sql_errors end |
Class Method Details
.check_response?(body, payload) ⇒ Boolean
126 127 128 129 130 131 132 133 134 |
# File 'lib/API_Fuzzer/sql_check.rb', line 126 def self.check_response?(body, payload) @sql_errors.each do |error| if body.match(error.chomp) puts error return true end end false end |
.fetch_payloads ⇒ Object
144 145 146 147 148 149 150 151 152 153 154 |
# File 'lib/API_Fuzzer/sql_check.rb', line 144 def self.fetch_payloads file = File.(PAYLOAD_PATH, __FILE__) File.readlines(file).each do |line| @payloads << line end file = File.(DETECT_PATH, __FILE__) File.readlines(file).each do |line| @sql_errors << line.downcase end end |
.fuzz_each_fragment(url, payload) ⇒ Object
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/API_Fuzzer/sql_check.rb', line 65 def self.fuzz_each_fragment(url, payload) ALLOWED_METHODS.each do |method| begin response = API_Fuzzer::Request.send_api_request( url: url, method: method, cookies: @cookies, headers: @headers ) @vulnerabilities << API_Fuzzer::Error.new(description: "#{method} #{@url}", status: response.status, value: response.body) unless success?(response) body = '' if response_json?(response) body = JSON.parse(response.body) else body = response.body end vulnerable = check_response?(body.to_s.downcase, payload) next unless vulnerable @vulnerabilities << API_Fuzzer::Vulnerability.new( description: "Possible SQL injection in #{method} #{@url}", parameter: "URL: #{url}", value: "[PAYLOAD] #{payload}", type: 'HIGH' ) rescue Exception => e puts e. end end end |
.fuzz_each_parameter(parameter, payload) ⇒ Object
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/API_Fuzzer/sql_check.rb', line 97 def self.fuzz_each_parameter(parameter, payload) @params[parameter] = payload ALLOWED_METHODS.each do |method| begin response = API_Fuzzer::Request.send_api_request( url: @url, params: @params, method: method, cookies: @cookies, headers: @headers ) @vulnerabilities << API_Fuzzer::Error.new(description: "[ERROR] #{method} #{@url}", status: response.status, value: response.body) unless success?(response) body = response.body.to_s.downcase vulnerable = check_response?(body, payload) next unless vulnerable @vulnerabilities << API_Fuzzer::Vulnerability.new( description: "Possible SQL injection in #{method} #{@url} parameter: #{parameter}", parameter: "parameter: #{@parameter}", value: "[PAYLOAD] #{payload}", type: 'HIGH' ) rescue Exception => e puts e. end end end |
.fuzz_each_payload(payload) ⇒ Object
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'lib/API_Fuzzer/sql_check.rb', line 42 def self.fuzz_each_payload(payload) uri = URI(@url) path = uri.path query = uri.query base_uri = query.nil? ? path : [path, query].join("?") fragments = base_uri.split(/[\/,?,&]/) - [''] fragments.each do |fragment| if fragment.match(/\A(\w)+=(\w)*\z/) url = @url.gsub(fragment, [fragment, payload].join('')).chomp fuzz_each_fragment(url, payload) else url = @url.gsub(fragment, payload).chomp fuzz_each_fragment(url, payload) end end return if @params.empty? @params.keys.each do |parameter| fuzz_each_parameter(parameter, payload) end end |
.fuzz_payloads ⇒ Object
36 37 38 39 40 |
# File 'lib/API_Fuzzer/sql_check.rb', line 36 def self.fuzz_payloads @payloads.each do |payload| fuzz_each_payload(payload) end end |
.response_json?(response) ⇒ Boolean
140 141 142 |
# File 'lib/API_Fuzzer/sql_check.rb', line 140 def self.response_json?(response) response && response.headers['Content-Type'] && response.headers['Content-Type'].downcase =~ /application\/json/ end |
.scan(options = {}) ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/API_Fuzzer/sql_check.rb', line 16 def self.scan( = {}) @payloads = [] @sql_errors = [] fetch_payloads @url = [:url] || nil raise InvalidURLError, "[ERROR] URL missing in argument" unless @url @params = [:params] || {} @cookies = [:cookies] || {} @json = [:json] || false @headers = [:headers] || {} @vulnerabilities = [] fuzz_payloads return @vulnerabilities.uniq { |vuln| vuln.description } rescue HTTP::ConnectionError => e sleep(5) fuzz_payloads return @vulnerabilities.uniq { |vuln| vuln.description } end |
.success?(response) ⇒ Boolean
136 137 138 |
# File 'lib/API_Fuzzer/sql_check.rb', line 136 def self.success?(response) response.code == 200 end |