Projects STRLCPY ghauri Commits c59deca7
🤬
  • fixed few issues with boolean based page difference/ratio injection, updated code quality. bumped version 1.0.1#dev

  • Loading...
  • r0oth3x49 committed 1 year ago
    c59deca7
    1 parent bcf8a5e9
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■
    ghauri/__init__.py
    skipped 23 lines
    24 24   
    25 25  """
    26 26   
    27  -__version__ = "1.0#stable"
     27 +__version__ = "1.0.1#dev"
    28 28  __author__ = "Nasir Khan (r0ot h3x49)"
    29 29  __license__ = "MIT"
    30 30  __copyright__ = "Copyright (c) 2016-2025 Nasir Khan (r0ot h3x49)"
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/common/utils.py
    skipped 427 lines
    428 428   is_vulner = bool(match_string == difference)
    429 429   ratio = get_boolean_ratio(match_string, difference)
    430 430   if is_vulner:
    431  - logger.debug(f'vulnerable with ratio: {ratio}, --string="{difference}"')
     431 + logger.debug(f'page ratio: {ratio}, --string="{difference}"')
    432 432   else:
    433 433   logger.debug(
    434  - f'could not inject ratio: {ratio}, --string="{match_string}" not found.'
     434 + f'page ratio: {ratio}, --string="{match_string}" (not found).'
    435 435   )
    436 436   _temp = Response(
    437 437   is_vulner=is_vulner, difference=difference, case=case, ratio=ratio
    skipped 18 lines
    456 456   It compares those two ratios and they should be clearly distinct based on https://github.com/sqlmapproject/sqlmap/issues/2442
    457 457   case 4: when True attack status code = baseResponse status code, but attack-true-sc != attack-false-sc
    458 458   case 5: when False attack status code = baseResponse status code, but attack-true-sc != attack-false-sc
    459  - case 7: when page ratio is the case we will evalutae difference between content of the pages for True and False attack payload
     459 + case 6: when page ratio is the case we will evalutae difference between content of the pages for True and False attack payload
    460 460   and add proper marks for --string or --not-string injectable type.
    461 461   """
    462 462   is_vulner = False
    skipped 6 lines
    469 469   case = ""
    470 470   difference = ""
    471 471   _cases = []
    472  - if text_only:
     472 + if not text_only:
    473 473   w0 = base.text
    474 474   w1 = attack_true.text
    475 475   w2 = attack_false.text
    476  - if not text_only:
     476 + if text_only:
    477 477   w0 = base.filtered_text
    478 478   w1 = attack_true.filtered_text
    479 479   w2 = attack_false.filtered_text
    skipped 47 lines
    527 527   _cases.append("Status Code")
    528 528   if _cases:
    529 529   case = ", ".join(_cases)
     530 + logger.debug(f"injectable cases detected: '{case}'")
    530 531   if case == "Page Ratio":
    531  - # logger.debug("checking page difference.")
    532  - w0set = set(get_filtered_page_content(w0, True, "\n").split("\n"))
    533  - w1set = set(get_filtered_page_content(w1, True, "\n").split("\n"))
    534  - w2set = set(get_filtered_page_content(w2, True, "\n").split("\n"))
     532 + w0set = set(get_filtered_page_content(base.text, True, "\n").split("\n"))
     533 + w1set = set(get_filtered_page_content(attack_true.text, True, "\n").split("\n"))
     534 + w2set = set(
     535 + get_filtered_page_content(attack_false.text, True, "\n").split("\n")
     536 + )
    535 537   is_vulner = False
    536 538   case = ""
    537 539   if w0set == w1set != w2set:
    skipped 12 lines
    550 552   is_vulner = True
    551 553   case = "Page Ratio"
    552 554   break
    553  - else:
     555 + if w0set == w2set != w1set:
     556 + candidates = w2set - w1set - w0set
     557 + if candidates:
     558 + candidates = sorted(candidates, key=len)
     559 + for candidate in candidates:
     560 + mobj = re.match(r"\A[\w.,! ]+\Z", candidate)
     561 + if (
     562 + mobj
     563 + and " " in candidate
     564 + and candidate.strip()
     565 + and len(candidate) > 10
     566 + ):
     567 + difference = candidate
     568 + is_vulner = True
     569 + case = "Page Ratio"
     570 + break
     571 + if not difference and not is_vulner:
     572 + # special case when the above page ratio mechanism fails.
    554 573   ok = check_page_difference(w1, w2)
    555 574   difference = ok.difference
    556 575   is_vulner = ok.is_vulner
    skipped 1056 lines
  • ■ ■ ■ ■
    setup.py
    skipped 4 lines
    5 5   
    6 6  setup(
    7 7   name="ghauri",
    8  - version="1.0#stable",
     8 + version="1.0.1#dev",
    9 9   description="An advanced SQL injection detection & exploitation tool.",
    10 10   classifiers=["Programming Language :: Python3"],
    11 11   author="Nasir Khan",
    skipped 28 lines
Please wait...
Page is in error, reload to recover