class API_Fuzzer::SqlBlindCheck
Constants
- PAYLOAD_PATH
- SCAN_TIME
- SQL_ERRORS
Attributes
payloads[RW]
Public Class Methods
fetch_payloads()
click to toggle source
# File lib/API_Fuzzer/sql_blind_check.rb, line 45 def self.fetch_payloads file = File.expand_path(PAYLOAD_PATH, __FILE__) File.readlines(file).each do |line| @payloads << line.gsub('__TIME__', SCAN_TIME).gsub('__MARK__', '20000000') end end
fuzz_each_fragment(url, payload)
click to toggle source
# File lib/API_Fuzzer/sql_blind_check.rb, line 19 def self.fuzz_each_fragment(url, payload) process_vulnerability(url, payload) end
fuzz_each_parameter(parameter, payload)
click to toggle source
# File lib/API_Fuzzer/sql_blind_check.rb, line 14 def self.fuzz_each_parameter(parameter, payload) @params[parameter] << payload process_vulnerability(nil, payload) end
process_vulnerability(url, payload)
click to toggle source
# File lib/API_Fuzzer/sql_blind_check.rb, line 23 def self.process_vulnerability(url, payload) url = url ? url : @url ALLOWED_METHODS.each do |method| start_time = Time.now response = API_Fuzzer::Request.send_api_request( url: @url, params: @params, method: method, cookies: @cookies, headers: @headers ) end_time = Time.now diff = end_time - start_time if diff > 20 && diff < 25 @vulnerabilities << API_Fuzzer::Vulnerability.new( description: "Possible blind SQL injection in #{method} #{@url} parameter: #{parameter}", value: "[PAYLOAD] #{payload}" ) end end end