1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#!/usr/bin/env python
import sys
import re
import libinjection
import urllib
import urlparse
logre = re.compile(r' /diagnostics\?([^ ]+) HTTP')
notsqli = set([
'1ov',
'UEvEv',
'v',
'Uv',
'Uv,',
'UoEvE',
'1v',
'sov',
'1nn',
'UonnE',
'no1',
'Evk',
'E1k',
'E11k',
'Ek',
'Uv,Ev',
'UvEvk',
'UvEv,',
'Uvon'
])
def doline(logline):
"""
...GET /diagnostics?id=%22union+select HTTP/1.1
"""
mo = logre.search(logline)
if not mo:
return
sqli= False
fp = None
for key, val in urlparse.parse_qsl(mo.group(1)):
val = urllib.unquote(val)
extra = {}
argsqli = libinjection.detectsqli(val, extra)
if argsqli:
fp = extra['fingerprint']
print urllib.quote(val)
sqli = sqli or argsqli
if False: # and not sqli:
#print "\n---"
#print mo.group(1)
for key, val in urlparse.parse_qsl(mo.group(1)):
val = urllib.unquote(val)
extra = {}
argsqli = libinjection.detectsqli(val, extra)
if not argsqli and extra['fingerprint'] not in notsqli:
print "NO", extra['fingerprint'], mo.group(1)
print " ", val
if __name__ == '__main__':
for line in sys.stdin:
doline(line)
|
