Example 1 with SuspendableGetVendor
use of com.jsql.model.suspendable.SuspendableGetVendor in project jsql-injection by ron190.
the class InjectionModel method testStrategies.
/**
* Find the insertion character, test each strategy, inject metadata and list databases.
* @param isParamByUser true if mode standard/JSON/full, false if injection point
* @param isJson true if param contains JSON
* @param parameter to be tested, null when injection point
* @return true when successful injection
* @throws JSqlException when no params' integrity, process stopped by user, or injection failure
*/
// TODO Merge isParamByUser and parameter: isParamByUser = parameter != null
private boolean testStrategies(boolean isParamByUser, boolean isJson, SimpleEntry<String, String> parameter) throws JSqlException {
// Define insertionCharacter, i.e, -1 in "[..].php?id=-1 union select[..]",
LOGGER.trace(I18n.valueByKey("LOG_GET_INSERTION_CHARACTER"));
// Test for params integrity
String characterInsertionByUser = ParameterUtil.checkParametersFormat(false, isParamByUser, parameter);
// Force to insertion char otherwise.
if (parameter != null) {
String charInsertion = new SuspendableGetCharInsertion().run(characterInsertionByUser, parameter, isJson);
LOGGER.info(I18n.valueByKey("LOG_USING_INSERTION_CHARACTER") + " [" + charInsertion.replace(InjectionModel.STAR, "") + "]");
}
// Fingerprint database
this.vendor = new SuspendableGetVendor().run();
// Test each injection strategies: time, blind, error, normal
StrategyInjection.TIME.instance().checkApplicability();
StrategyInjection.BLIND.instance().checkApplicability();
StrategyInjection.ERROR.instance().checkApplicability();
StrategyInjection.NORMAL.instance().checkApplicability();
// Choose the most efficient strategy: normal > error > blind > time
if (StrategyInjection.NORMAL.instance().isApplicable()) {
StrategyInjection.NORMAL.instance().activateStrategy();
} else if (StrategyInjection.ERROR.instance().isApplicable()) {
StrategyInjection.ERROR.instance().activateStrategy();
} else if (StrategyInjection.BLIND.instance().isApplicable()) {
StrategyInjection.BLIND.instance().activateStrategy();
} else if (StrategyInjection.TIME.instance().isApplicable()) {
StrategyInjection.TIME.instance().activateStrategy();
} else if (PreferencesUtil.isEvasionEnabled() && this.stepSecurity < 3) {
// No injection possible, increase evasion level and restart whole process
this.stepSecurity++;
LOGGER.warn("Injection failed, testing evasion level " + this.stepSecurity + "...");
Request request = new Request();
request.setMessage(Interaction.RESET_STRATEGY_LABEL);
this.sendToViews(request);
// sinon perte de insertionCharacter entre 2 injections
// ConnectionUtil.setQueryString(ConnectionUtil.getQueryString() + this.charInsertion);
this.beginInjection();
return false;
} else {
throw new InjectionFailureException("No injection found");
}
if (!this.isScanning) {
if (!PreferencesUtil.isNotInjectingMetadata()) {
DataAccess.getDatabaseInfos();
}
DataAccess.listDatabases();
}
return true;
}
Also used :
SuspendableGetVendor(com.jsql.model.suspendable.SuspendableGetVendor)
SuspendableGetCharInsertion(com.jsql.model.suspendable.SuspendableGetCharInsertion)
Request(com.jsql.model.bean.util.Request)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
Aggregations
Request (com.jsql.model.bean.util.Request)1
InjectionFailureException (com.jsql.model.exception.InjectionFailureException)1
SuspendableGetCharInsertion (com.jsql.model.suspendable.SuspendableGetCharInsertion)1
SuspendableGetVendor (com.jsql.model.suspendable.SuspendableGetVendor)1
