# in case of read timeout we GET a false postive type we don't test it further..
892
+
break
898
893
except KeyboardInterrupt as error:
899
894
logger.warning("user aborted during time-based confirmation phase.")
900
895
break
skipped 126 lines
1027
1022
payloads_list = merge_time_based_attack_payloads(
1028
1023
time_based_payloads, stack_queries_payloads
1029
1024
)
1030
-
param_key = parameter.get("key")
1031
-
param_value = parameter.get("value")
1025
+
param_key = parameter.key
1026
+
param_value = parameter.value
1032
1027
# in case of very slow internet users we will consider timesec value for testing and it should be >= 10 otherwise with good internet we are good to consider random sleep value
1033
1028
sleep_time = timesec if timesec >= 10 else random.randint(5, 9)
1034
1029
injection_type = injection_type.upper()
skipped 140 lines
1175
1170
if param_key == "#1*":
1176
1171
_it = "URI"
1177
1172
if is_multipart:
1178
-
message = f"(custom) {injection_type} parameter '{mc}MULTIPART{param_key}{nc}' appears to be '{mc}{entry.title}{nc}' injectable{with_status_code_msg}"
1173
+
message = f"(custom) {injection_type} parameter '{mc}{parameter.type}{param_key}{nc}' appears to be '{mc}{entry.title}{nc}' injectable{with_status_code_msg}"
1179
1174
elif is_json:
1180
-
message = f"(custom) {injection_type} parameter '{mc}JSON{param_key}{nc}' appears to be '{mc}{entry.title}{nc}' injectable{with_status_code_msg}"
1175
+
message = f"(custom) {injection_type} parameter '{mc}{parameter.type}{param_key}{nc}' appears to be '{mc}{entry.title}{nc}' injectable{with_status_code_msg}"
1181
1176
else:
1182
-
message = f"{_it} parameter '{mc}{param_key}{nc}' appears to be '{mc}{entry.title}{nc}' injectable{with_status_code_msg}"
1177
+
message = f"{_it} parameter '{mc}{parameter.type}{param_key}{nc}' appears to be '{mc}{entry.title}{nc}' injectable{with_status_code_msg}"
1183
1178
if with_status_code_msg and "ReadTimeout" in with_status_code_msg:
1184
1179
logger.warning(
1185
1180
"in case of read timeout performing further tests to confirm if the detected payload is working.."
if parameter.get("key") not in ok.tested_parameters:
1683
-
logger.debug(f"parameter '{parameter.get('key')}' is not tested..")
1677
+
if parameter.key not in ok.tested_parameters:
1678
+
logger.debug(f"parameter '{parameter.key}' is not tested..")
1684
1679
return None
1685
1680
Response = collections.namedtuple(
1686
1681
"Session",
skipped 328 lines
2015
2010
not_match_string=not_match_string,
2016
2011
vectors=vectors,
2017
2012
injection_type=entry.injection_type,
2018
-
param=vars(param_info),
2013
+
param=param_info,
2019
2014
backend=entry.backend,
2020
2015
is_string=is_string,
2021
2016
)
skipped 5 lines
2027
2022
msg += "(custom) "
2028
2023
msg += f"{entry.injection_type} parameter "
2029
2024
if is_multipart:
2030
-
name = f"MULTIPART{param_info.key}"
2025
+
name = f"{param_info.type}{param_info.key}"
2031
2026
if is_json:
2032
-
name = f"JSON{param_info.key}"
2027
+
name = f"{param_info.type}{param_info.key}"
2033
2028
msg += f"'{name}' does not seem to be injectable"
2034
2029
logger.debug(msg)
2035
2030
if not bool(_temp):
skipped 167 lines
2203
2198
match_string=retval_session.match_string,
2204
2199
is_string=retval_session.is_string,
2205
2200
)
2206
-
param_name += parameter.get("key")
2207
-
param_value = parameter.get("value")
2201
+
param_name += parameter.key
2202
+
param_value = parameter.value
2208
2203
if "E" in techniques and possible_dbms:
2209
2204
esqli = check_errorbased_sqli(
2210
2205
base,
skipped 141 lines
2352
2347
if param_name == "#1*":
2353
2348
_it = "URI"
2354
2349
if is_multipart:
2355
-
message = f"checking if the injection point on (custom) {injection_type} parameter 'MULTIPART{param_name}' is a false positive"
2350
+
message = f"checking if the injection point on (custom) {injection_type} parameter '{parameter.type}{param_name}' is a false positive"
2356
2351
elif is_json:
2357
-
message = f"checking if the injection point on (custom) {injection_type} parameter 'JSON{param_name}' is a false positive"
2352
+
message = f"checking if the injection point on (custom) {injection_type} parameter '{parameter.type}{param_name}' is a false positive"
2358
2353
else:
2359
-
message = f"checking if the injection point on {_it} parameter '{param_name}' is a false positive"
2354
+
message = f"checking if the injection point on {_it} parameter '{parameter.type}{param_name}' is a false positive"
2360
2355
logger.info(message)
2361
2356
if "boolean-based" in priority_keys and not error_based_in_priority:
2362
2357
retval = priorities.get("boolean-based")
skipped 59 lines
2422
2417
if param_name == "#1*":
2423
2418
_it = "URI"
2424
2419
if is_multipart:
2425
-
message = f"\n(custom) {injection_type} parameter 'MULTIPART{param_name}' is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
2420
+
message = f"\n(custom) {injection_type} parameter '{parameter.type}{param_name}' is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
2426
2421
elif is_json:
2427
-
message = f"\n(custom) {injection_type} parameter 'JSON{param_name}' is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
2422
+
message = f"\n(custom) {injection_type} parameter '{parameter.type}{param_name}' is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
2428
2423
else:
2429
-
message = f"\n{_it} parameter '{param_name}' is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
2424
+
message = f"\n{_it} parameter '{parameter.type}{param_name}' is vulnerable. Do you want to keep testing the others (if any)? [y/N] "