| skipped 427 lines |
428 | 428 | | is_vulner = bool(match_string == difference) |
429 | 429 | | ratio = get_boolean_ratio(match_string, difference) |
430 | 430 | | if is_vulner: |
431 | | - | logger.debug(f'vulnerable with ratio: {ratio}, --string="{difference}"') |
| 431 | + | logger.debug(f'page ratio: {ratio}, --string="{difference}"') |
432 | 432 | | else: |
433 | 433 | | logger.debug( |
434 | | - | f'could not inject ratio: {ratio}, --string="{match_string}" not found.' |
| 434 | + | f'page ratio: {ratio}, --string="{match_string}" (not found).' |
435 | 435 | | ) |
436 | 436 | | _temp = Response( |
437 | 437 | | is_vulner=is_vulner, difference=difference, case=case, ratio=ratio |
| skipped 18 lines |
456 | 456 | | It compares those two ratios and they should be clearly distinct based on https://github.com/sqlmapproject/sqlmap/issues/2442 |
457 | 457 | | case 4: when True attack status code = baseResponse status code, but attack-true-sc != attack-false-sc |
458 | 458 | | case 5: when False attack status code = baseResponse status code, but attack-true-sc != attack-false-sc |
459 | | - | case 7: when page ratio is the case we will evalutae difference between content of the pages for True and False attack payload |
| 459 | + | case 6: when page ratio is the case we will evalutae difference between content of the pages for True and False attack payload |
460 | 460 | | and add proper marks for --string or --not-string injectable type. |
461 | 461 | | """ |
462 | 462 | | is_vulner = False |
| skipped 6 lines |
469 | 469 | | case = "" |
470 | 470 | | difference = "" |
471 | 471 | | _cases = [] |
472 | | - | if text_only: |
| 472 | + | if not text_only: |
473 | 473 | | w0 = base.text |
474 | 474 | | w1 = attack_true.text |
475 | 475 | | w2 = attack_false.text |
476 | | - | if not text_only: |
| 476 | + | if text_only: |
477 | 477 | | w0 = base.filtered_text |
478 | 478 | | w1 = attack_true.filtered_text |
479 | 479 | | w2 = attack_false.filtered_text |
| skipped 47 lines |
527 | 527 | | _cases.append("Status Code") |
528 | 528 | | if _cases: |
529 | 529 | | case = ", ".join(_cases) |
| 530 | + | logger.debug(f"injectable cases detected: '{case}'") |
530 | 531 | | if case == "Page Ratio": |
531 | | - | # logger.debug("checking page difference.") |
532 | | - | w0set = set(get_filtered_page_content(w0, True, "\n").split("\n")) |
533 | | - | w1set = set(get_filtered_page_content(w1, True, "\n").split("\n")) |
534 | | - | w2set = set(get_filtered_page_content(w2, True, "\n").split("\n")) |
| 532 | + | w0set = set(get_filtered_page_content(base.text, True, "\n").split("\n")) |
| 533 | + | w1set = set(get_filtered_page_content(attack_true.text, True, "\n").split("\n")) |
| 534 | + | w2set = set( |
| 535 | + | get_filtered_page_content(attack_false.text, True, "\n").split("\n") |
| 536 | + | ) |
535 | 537 | | is_vulner = False |
536 | 538 | | case = "" |
537 | 539 | | if w0set == w1set != w2set: |
| skipped 12 lines |
550 | 552 | | is_vulner = True |
551 | 553 | | case = "Page Ratio" |
552 | 554 | | break |
553 | | - | else: |
| 555 | + | if w0set == w2set != w1set: |
| 556 | + | candidates = w2set - w1set - w0set |
| 557 | + | if candidates: |
| 558 | + | candidates = sorted(candidates, key=len) |
| 559 | + | for candidate in candidates: |
| 560 | + | mobj = re.match(r"\A[\w.,! ]+\Z", candidate) |
| 561 | + | if ( |
| 562 | + | mobj |
| 563 | + | and " " in candidate |
| 564 | + | and candidate.strip() |
| 565 | + | and len(candidate) > 10 |
| 566 | + | ): |
| 567 | + | difference = candidate |
| 568 | + | is_vulner = True |
| 569 | + | case = "Page Ratio" |
| 570 | + | break |
| 571 | + | if not difference and not is_vulner: |
| 572 | + | # special case when the above page ratio mechanism fails. |
554 | 573 | | ok = check_page_difference(w1, w2) |
555 | 574 | | difference = ok.difference |
556 | 575 | | is_vulner = ok.is_vulner |
| skipped 1056 lines |