#!/usr/bin/env python2 # -*-coding:UTF-8 -* """ Sql Injection module """ import time import string import urllib2 import re from pubsublogger import publisher from Helper import Process from packages import Paste from pyfaup.faup import Faup # Config Var regex_injection = [] word_injection = [] word_injection_suspect = [] # Classic atome injection regex_injection1 = "([[AND |OR ]+[\'|\"]?[0-9a-zA-Z]+[\'|\"]?=[\'|\"]?[0-9a-zA-Z]+[\'|\"]?])" regex_injection.append(regex_injection1) # Time-based attack regex_injection2 = ["SLEEP\([0-9]+", "BENCHMARK\([0-9]+", "WAIT FOR DELAY ", "WAITFOR DELAY"] regex_injection2 = re.compile('|'.join(regex_injection2)) regex_injection.append(regex_injection2) # Interesting keyword word_injection1 = [" IF ", " ELSE ", " CASE ", " WHEN ", " END ", " UNION ", "SELECT ", " FROM ", " ORDER BY ", " WHERE ", " DELETE ", " DROP ", " UPDATE ", " EXEC "] word_injection.append(word_injection1) # Database special keywords word_injection2 = ["@@version", "POW(", "BITAND(", "SQUARE("] word_injection.append(word_injection2) # Html keywords word_injection3 = ["