sql

package
v1.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 12, 2024 License: AGPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	SimilarityRatio = 0.9  // 页面相似度
	UpperRatioBound = 0.98 // 上边界
	LowerRatioBound = 0.02 // 下边界

	DiffTolerance = 0.05 // 容差

	// MaxDifflibSequenceLength 用于检测页面相似度的最大长度
	MaxDifflibSequenceLength = 10 * 1024 * 1024

	CloseType = map[int]string{0: `'`, 1: `"`, 2: ``, 3: `')`, 4: `")`}

	// FormatExceptionStrings 用于检测格式错误的字符串
	FormatExceptionStrings = []string{
		"Type mismatch", "Error converting", "Please enter a", "Conversion failed",
		"String or binary data would be truncated", "Failed to convert", "unable to interpret text value",
		"Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException",
		"ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", "CF_SQL_NUMERIC",
		"for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException",
		"Invalid parameter type", "Attribute validation error for tag", "is not of type numeric",
		"<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type",
		"invalid number", "character to number conversion error", "unable to interpret text value",
		"String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ",
		"InvalidDataException", "Arguments are of the wrong type",
	}

	// DummyNonSqliCheckAppendix String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value
	DummyNonSqliCheckAppendix = "<'\">"

	// FiErrorRegex Regular expression used for recognition of file inclusion errors
	FiErrorRegex = `(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}`

	// DbmsErrors 用于报错检查的字典
	DbmsErrors = map[string][]string{}
)

Functions

This section is empty.

Types

type Plugin

type Plugin struct {
	SeenRequests sync.Map
}

func (*Plugin) IsScanned

func (p *Plugin) IsScanned(key string) bool

func (*Plugin) Name

func (p *Plugin) Name() string

func (*Plugin) Scan

func (p *Plugin) Scan(target string, path string, in *input.CrawlResult, client *httpx.Client)

type Sqlmap

type Sqlmap struct {
	Method      string
	Url         string
	RequestBody string
	Headers     map[string]string
	Client      *httpx.Client
	ContentType string
	Variations  *httpx.Variations

	OriginalBody    string // 原始请求页面
	TemplateBody    string // 经过处理去除动态部分的模板页面
	TemplateCode    int
	DynamicPara     []string          // 动态参数
	DynamicMarkings map[string]string // 动态标记内容
	DBMS            string            // 数据库类型
}

func (*Sqlmap) HeuristicCheckSqlInjection

func (sql *Sqlmap) HeuristicCheckSqlInjection()

HeuristicCheckSqlInjection 启发式检测 sql 注入, 先过滤出有效参数,即不存在转型的参数, 之后在进行闭合检测

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL