Logo Search packages:      
Sourcecode: paros version File versions  Download package

org::parosproxy::paros::core::scanner::plugin::TestInjectionSQL Class Reference

Inheritance diagram for org::parosproxy::paros::core::scanner::plugin::TestInjectionSQL:

org::parosproxy::paros::core::scanner::AbstractAppParamPlugin org::parosproxy::paros::core::scanner::AbstractAppPlugin org::parosproxy::paros::core::scanner::AbstractPlugin org::parosproxy::paros::core::scanner::Plugin

List of all members.


Detailed Description

To change the template for this generated type comment go to Window - Preferences - Java - Code Generation - Code and Comments

Definition at line 39 of file TestInjectionSQL.java.


Public Member Functions

int compareTo (Object obj)
void createParamIfNotExist ()
boolean equals (Object obj)
int getCategory ()
String getCodeName ()
Configuration getConfig ()
String[] getDependency ()
String getDescription ()
int getId ()
String getName ()
String getProperty (String key)
String getReference ()
String getSolution ()
void init (HttpMessage msg, HostProcess parent)
void init ()
boolean isEnabled ()
boolean isVisible ()
void notifyPluginCompleted (HostProcess parent)
void run ()
void scan ()
void scan (HttpMessage baseMsg, String param, String value)
void scanSQL (HttpMessage baseMsg, String param, String value) throws HttpException, IOException
void setConfig (Configuration config)
void setEnabled (boolean enabled)
void setProperty (String key, String value)

Static Public Member Functions

static String getHTMLEncode (String msg)
static String getURLDecode (String msg)
static String getURLEncode (String msg)

Protected Member Functions

void bingo (int risk, int reliability, String name, String description, String uri, String param, String otherInfo, String solution, HttpMessage msg)
void bingo (int risk, int reliability, String uri, String param, String otherInfo, HttpMessage msg)
HttpMessage getBaseMsg ()
Kb getKb ()
Log getLog ()
HttpMessage getNewMsg ()
HostProcess getParent ()
boolean isFileExist (HttpMessage msg)
boolean isStop ()
boolean matchBodyPattern (HttpMessage msg, Pattern pattern, StringBuffer sb)
boolean matchHeaderPattern (HttpMessage msg, String header, Pattern pattern)
void sendAndReceive (HttpMessage msg, boolean isFollowRedirect) throws HttpException, IOException
void sendAndReceive (HttpMessage msg) throws HttpException, IOException
String setParameter (HttpMessage msg, String param, String value)
String stripOff (String body, String pattern)
void writeProgress (String msg)

Static Protected Attributes

static final String CRLF = "\r\n"
static final int PATTERN_PARAM = Pattern.CASE_INSENSITIVE | Pattern.MULTILINE

Private Member Functions

boolean checkANDResult (HttpMessage msg, String query)
boolean checkTimeResult (HttpMessage msg, String query, long defaultTimeUsed, long timeUsed)
void testBlindINSERT (HttpMessage msg, String param, String value) throws HttpException, IOException

Private Attributes

String mResBodyError = ""
String mResBodyNormal = ""

Static Private Attributes

static final String[] dependency = {"TestInjectionSQLFingerprint"}
static final Pattern patternErrorGeneric = Pattern.compile("JDBC|ODBC|not a valid MySQL|SQL", PATTERN_PARAM)
static final Pattern patternErrorODBC1 = Pattern.compile("Microsoft OLE DB Provider for ODBC Drivers.*error", PATTERN_PARAM)
static final Pattern patternErrorODBC2 = Pattern.compile("ODBC.*Drivers.*error", PATTERN_PARAM)
static final Pattern patternErrorODBCMSSQL = Pattern.compile("ODBC SQL Server Driver", PATTERN_PARAM)
static final String[] SQL_AND
static final String[] SQL_AND_ERR
static final String SQL_BLIND_MS_INSERT = ");waitfor delay '0:0:15';--"
static final String SQL_CHECK_ERR = "'INJECTED_PARAM"
static final String SQL_DELAY_1 = "';waitfor delay '0:0:15';--"
static final String SQL_DELAY_2 = ";waitfor delay '0:0:15';--"
static final String[] SQL_OR
static final int TIME_SPREAD = 15000

The documentation for this class was generated from the following file:

Generated by  Doxygen 1.6.0   Back to index