sql

package

v1.0.8 Latest Latest Go to latest Published: Apr 12, 2024 License: AGPL-3.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/yhy0/Jie

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Plugin
type Sqlmap
- func (sql *Sqlmap) HeuristicCheckSqlInjection()

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	SimilarityRatio = 0.9  // 页面相似度
	UpperRatioBound = 0.98 // 上边界
	LowerRatioBound = 0.02 // 下边界

	DiffTolerance = 0.05 // 容差

	// MaxDifflibSequenceLength 用于检测页面相似度的最大长度
	MaxDifflibSequenceLength = 10 * 1024 * 1024

	CloseType = map[int]string{0: `'`, 1: `"`, 2: ``, 3: `')`, 4: `")`}

	// FormatExceptionStrings 用于检测格式错误的字符串
	FormatExceptionStrings = []string{
		"Type mismatch", "Error converting", "Please enter a", "Conversion failed",
		"String or binary data would be truncated", "Failed to convert", "unable to interpret text value",
		"Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException",
		"ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", "CF_SQL_NUMERIC",
		"for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException",
		"Invalid parameter type", "Attribute validation error for tag", "is not of type numeric",
		"<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type",
		"invalid number", "character to number conversion error", "unable to interpret text value",
		"String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ",
		"InvalidDataException", "Arguments are of the wrong type",
	}

	// DummyNonSqliCheckAppendix String used for dummy non-SQLi (e.g. XSS) heuristic checks of a tested parameter value
	DummyNonSqliCheckAppendix = "<'\">"

	// FiErrorRegex Regular expression used for recognition of file inclusion errors
	FiErrorRegex = `(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}`

	// DbmsErrors 用于报错检查的字典
	DbmsErrors = map[string][]string{}
)

Functions ¶

This section is empty.

Types ¶

type Plugin ¶

type Plugin struct {
	SeenRequests sync.Map
}

func (*Plugin) IsScanned ¶

func (p *Plugin) IsScanned(key string) bool

func (*Plugin) Name ¶

func (p *Plugin) Name() string

func (*Plugin) Scan ¶

func (p *Plugin) Scan(target string, path string, in *input.CrawlResult, client *httpx.Client)

type Sqlmap ¶

type Sqlmap struct {
	Method      string
	Url         string
	RequestBody string
	Headers     map[string]string
	Client      *httpx.Client
	ContentType string
	Variations  *httpx.Variations

	OriginalBody    string // 原始请求页面
	TemplateBody    string // 经过处理去除动态部分的模板页面
	TemplateCode    int
	DynamicPara     []string          // 动态参数
	DynamicMarkings map[string]string // 动态标记内容
	DBMS            string            // 数据库类型
}

func (*Sqlmap) HeuristicCheckSqlInjection ¶

func (sql *Sqlmap) HeuristicCheckSqlInjection()

HeuristicCheckSqlInjection 启发式检测 sql 注入, 先过滤出有效参数，即不存在转型的参数, 之后在进行闭合检测

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
sqlmap

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL