Scanner-web/vulnerability.py at master · SuicV/Scanner-web · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
from Connection import connector
from urllib.parse import parse_qsl, urljoin

class vuln (object):
	sqlErrors = ["You have an error in your", "MySQL server", "MySql Error", "syntax error",
	 			 "syntax error,", "mysql error", "MySQL result ", "MySQL Error"]
	"""
	Method getparams(self,query)
		return dictionary of GET parameters {'PARAM0':'VALUE0',....}
	"""
	def __init__(self,connector):
		self.con = connector
	def getparams(self,query):
		"""
		param query string
		"""
		return dict(parse_qsl(query))

	"""
	Method rejoinparams(self,param)
		return query (string) using dictionary of params
	"""
	def rejoinparams(self,params):
		"""
		param param dict
		"""
		query = ""
		for key in params.keys():
			query +=key+"="+params[key]+"&"
		return query[:-1]

	"""
	Method sqlInjection(self,url):
		return true if the url is vulnerable to sql injection and a string response if not
	"""
	def sqlInjection(self, url):
		"""
		param url String
		"""
		parsedUrl = self.con.parser(url)

		# IF THE QUERY NOT FOUND IN THE URL
		if parsedUrl.query == "":
			return "No Params Found In The Url"

		# ELSE :
		params = self.getparams(parsedUrl.query)
		for param in params.keys():
			params[param] += "%27"
		htmlRespose = self.con.connection(urljoin(url,'?'+self.rejoinparams(params))).response.read().decode("utf-8","ignore")
		for sqlError in self.sqlErrors :
			if sqlError in htmlRespose :
				return True
		return "Sql Error not found"