updated code, added function to check '>', 'IN' and '=' operators/function before extracting characters, this way we will know exactly which method to choose for characters guessing in case of boolean/time based SQL injections..
msg="it appears that the character '>' is filtered by the back-end server. ghauri will based data retrieval on IN() function",
203
+
)
204
+
if _type == "linear_search":
205
+
_temp = GuessUsing(
206
+
ok=True,
207
+
binary_search=binary_search,
208
+
in_based_search=in_based_search,
209
+
linear_search=True,
210
+
msg="it appears that the character '>' and function 'IN' both are filtered by the back-end server. ghauri will based data retrieval on '=' operator, You are advised to use --delay=3 in this case",
211
+
)
212
+
break
213
+
if vector_type == "time_vector":
214
+
response_time = attack.response_time
215
+
if response_time >= timesec:
216
+
if _type == "binary_search":
217
+
_temp = GuessUsing(
218
+
ok=True,
219
+
binary_search=True,
220
+
in_based_search=in_based_search,
221
+
linear_search=linear_search,
222
+
msg=None,
223
+
)
224
+
if _type == "in_based_search":
225
+
_temp = GuessUsing(
226
+
ok=True,
227
+
binary_search=binary_search,
228
+
in_based_search=True,
229
+
linear_search=linear_search,
230
+
msg="it appears that the character '>' is filtered by the back-end server. ghauri will based data retrieval on IN() function",
231
+
)
232
+
if _type == "linear_search":
233
+
_temp = GuessUsing(
234
+
ok=True,
235
+
binary_search=binary_search,
236
+
in_based_search=in_based_search,
237
+
linear_search=True,
238
+
msg="it appears that the character '>' and function 'IN' both are filtered by the back-end server. ghauri will based data retrieval on '=' operator, You are advised to use --delay=3 in this case",
239
+
)
240
+
break
241
+
start += 1
242
+
except KeyboardInterrupt as error:
243
+
logger.warning("user aborted during data extraction phase")
244
+
quest = logger.read_input(
245
+
"how do you want to proceed? [(C)continue/(e)nd this phase/(q)uit] ",
246
+
batch=False,
247
+
user_input="C",
248
+
)
249
+
if quest and quest == "e":
250
+
raise error
251
+
if quest and quest == "q":
252
+
logger.error("user quit")
253
+
logger.end("ending")
254
+
exit(0)
255
+
except ConnectionAbortedError as e:
256
+
logger.critical(
257
+
f"connection attempt to the target URL was aborted by the peer, Ghauri is going to retry"
258
+
)
259
+
retry_on_error += 1
260
+
except ConnectionRefusedError as e:
261
+
logger.critical(
262
+
f"connection attempt to the target URL was refused by the peer. Ghauri is going to retry"
263
+
)
264
+
retry_on_error += 1
265
+
except ConnectionResetError as e:
266
+
logger.critical(
267
+
f"connection attempt to the target URL was reset by the peer. Ghauri is going to retry"
268
+
)
269
+
retry_on_error += 1
270
+
except Exception as error:
271
+
logger.critical(
272
+
f"error {error}, during operator check phase. Ghauri is going to retry"
273
+
)
274
+
retry_on_error += 1
275
+
logger.debug(_temp)
276
+
if _temp.ok:
277
+
if _temp.msg:
278
+
logger.warning(_temp.msg)
279
+
return _temp
62
280
63
281
def validate_character(
64
282
self,
skipped 11 lines
76
294
timesec=5,
77
295
attack01=None,
78
296
match_string=None,
297
+
not_match_string=None,
79
298
suppress_output=False,
80
299
query_check=False,
81
300
identified_character=None,
skipped 1 lines
83
302
queryable=None,
84
303
offset=None,
85
304
expression_payload=None,
305
+
text_only=False,
306
+
retry=3,
86
307
):
87
308
# we will validate character indendified in case of boolean based blind sqli only for now..