CERBERUS/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-06-28 12:31:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Adding support for NoSQL injection
Some checks failed
/ build (macos-latest, 3.8) (push) Has been cancelled
Details
/ build (ubuntu-latest, pypy-2.7) (push) Has been cancelled
Details
/ build (windows-latest, 3.14) (push) Has been cancelled
Details

Browse source
This commit is contained in:
Miroslav Štampar 2026-06-24 22:57:09 +02:00
parent 0a331f2f89
commit 2893fd5c4d
11 changed files with 1535 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/controller/checks.py
View file

@ -87,6 +87,7 @@ from lib.core.settings import IPS_WAF_CHECK_TIMEOUT
from lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH
from lib.core.settings import MAX_STABILITY_DELAY
from lib.core.settings import NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH
from lib.core.settings import NOSQL_ERROR_REGEX
from lib.core.settings import PRECONNECT_INCOMPATIBLE_SERVERS
from lib.core.settings import SINGLE_QUOTE_MARKER
from lib.core.settings import SLEEP_TIME_MARKER
@ -1170,6 +1171,13 @@ def heuristicCheckSqlInjection(place, parameter):
except (SystemError, RuntimeError) as ex:
logger.debug("Skipping FI heuristic due to regex failure: %s", getSafeExString(ex))
if not conf.nosql and re.search(NOSQL_ERROR_REGEX, page or ""):
infoMsg = "heuristic (NoSQL) test shows that %sparameter '%s' might be vulnerable to NoSQL injection attacks (rerun with switch '--nosql')" % ("%s " % paramType if paramType != parameter else "", parameter)
logger.info(infoMsg)
if conf.beep:
beep()
kb.disableHtmlDecoding = False
kb.heuristicMode = False

5
lib/controller/controller.py
View file

@ -520,6 +520,11 @@ def start():
checkWaf()
if conf.nosql:
from lib.techniques.nosql.inject import nosqlScan
nosqlScan()
continue
if conf.nullConnection:
checkNullConnection()