Class: Ronin::Exploits::SQLI

Inherits:

WebVuln

• Object
• Exploit
• Web
• WebVuln
• Ronin::Exploits::SQLI

Includes:

Mixins::HasPayload

Defined in:

lib/ronin/exploits/sqli.rb

Overview

Represents a SQL injection (SQLi) exploit.

Example

require 'ronin/exploits/sqli'

module Ronin
  module Exploits
    class MyExploit < SQLI

      register 'my_exploit'

      base_path '/path/to/page.php'
      query_param 'id'
      escape_quote true

    end
  end
end

Since:

• 1.0.0

Constant Summary

Constants included from Mixins::HTTP

Mixins::HTTP::HTTP_USER_AGENT_ALIASES

Instance Attribute Summary

Attributes included from Mixins::HasPayload

#payload

Class Method Summary

• .escape_parens(new_escape_parens = nil) ⇒ Boolean

  Gets or sets whether to escape parenthesis.

• .escape_quote(new_escape_quote = nil) ⇒ Boolean

  Gets or sets whether to escape quotation marks.

• .exploit_type ⇒ Symbol private

  Returns the type or kind of exploit.

• .terminate(new_terminate = nil) ⇒ Boolean

  Gets or sets whether to terminate the injected SQL expression.

Instance Method Summary

• #launch ⇒ Object

  Launches SQL injection (SQLi) exploit with the SQL payload.

• #vuln ⇒ Ronin::Vulns::SQLi

  The SQL injection (SQLi) vulnerability to exploit.

Methods included from Mixins::HasPayload

included, #initialize, #perform_build, #perform_cleanup, #perform_launch, #perform_validate

Methods inherited from WebVuln

base_path, cookie, #cookie, cookie_param, form_data, #form_data, form_param, header_name, headers, #headers, query_param, referer, #referer, request_method, #test, #url, #web_vuln_kwargs

Methods included from Mixins::HTTP

#http, #http_allowed_methods, #http_cookie, #http_copy, #http_delete, #http_get, #http_get_body, #http_get_cookies, #http_get_headers, #http_head, #http_headers, #http_lock, #http_mkcol, #http_move, #http_ok?, #http_options, #http_password, #http_patch, #http_post, #http_post_body, #http_post_headers, #http_powered_by_header, #http_propfind, #http_proppatch, #http_proxy, #http_put, #http_request, #http_response_body, #http_response_headers, #http_response_status, #http_server_header, #http_trace, #http_unlock, #http_user, #http_user_agent, included

Methods inherited from Exploit

#NotVulnerable, #Unknown, #Vulnerable, advisories, advisory, #build, #cleanup, disclosed?, disclosure_date, exploit, #exploit, #fail, #initialize, #perform_build, #perform_cleanup, #perform_launch, #perform_test, #perform_validate, quality, register, release_date, released?, software, software_versions, #test, #validate

Class Method Details

.escape_parens(new_escape_parens = nil) ⇒ Boolean

Gets or sets whether to escape parenthesis.

Parameters:

• new_escape_parens (Boolean, nil) (defaults to: nil) —

  The optional new escape parenthesis value.

Returns:

• (Boolean) —

  Specifies whether to escape parenthesis.

Since:

• 1.0.0

# File 'lib/ronin/exploits/sqli.rb', line 113

def self.escape_parens(new_escape_parens=nil)
  if !new_escape_parens.nil?
    @escape_parens = new_escape_parens
  else
    if !@escape_parens.nil?
      @escape_parens
    elsif superclass < SQLI
      superclass.escape_parens
    else
      false
    end
  end
end

.escape_quote(new_escape_quote = nil) ⇒ Boolean

Gets or sets whether to escape quotation marks.

Parameters:

• new_escape_quote (Boolean, nil) (defaults to: nil) —

  The optional new escape quote value.

Returns:

• (Boolean) —

  Specifies whether to escape quotation marks.

Since:

• 1.0.0

# File 'lib/ronin/exploits/sqli.rb', line 90

def self.escape_quote(new_escape_quote=nil)
  if !new_escape_quote.nil?
    @escape_quote = new_escape_quote
  else
    if !@escape_quote.nil?
      @escape_quote
    elsif superclass < SQLI
      superclass.escape_quote
    else
      false
    end
  end
end

.exploit_type ⇒ Symbol

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Note:

This is used internally to map an exploit class to a printable type.

Returns the type or kind of exploit.

Returns:

• (Symbol)

Since:

• 1.0.0

# File 'lib/ronin/exploits/sqli.rb', line 77

def self.exploit_type
  :sqli
end

.terminate(new_terminate = nil) ⇒ Boolean

Gets or sets whether to terminate the injected SQL expression.

Parameters:

• new_terminate (Boolean, nil) (defaults to: nil) —

  The optional new terminate value.

Returns:

• (Boolean) —

  Specifies whether to terminate the injected SQL expression.

Since:

• 1.0.0

# File 'lib/ronin/exploits/sqli.rb', line 136

def self.terminate(new_terminate=nil)
  if !new_terminate.nil?
    @terminate = new_terminate
  else
    if !@terminate.nil?
      @terminate
    elsif superclass < SQLI
      superclass.terminate
    else
      false
    end
  end
end

Instance Method Details

#launch ⇒ Object

Launches SQL injection (SQLi) exploit with the SQL payload.

Since:

• 1.0.0

# File 'lib/ronin/exploits/sqli.rb', line 167

def launch
  vuln.exploit(@payload)
end

#vuln ⇒ Ronin::Vulns::SQLi

The SQL injection (SQLi) vulnerability to exploit.

Returns:

• (Ronin::Vulns::SQLi)

Since:

• 1.0.0

# File 'lib/ronin/exploits/sqli.rb', line 155

def vuln
  @vuln ||= Vulns::SQLI.new(
              url, escape_quote:  self.class.escape_quote,
                   escape_parens: self.class.escape_parens,
                   terminate:     self.class.terminate,
                   **web_vuln_kwargs
            )
end