CPD Results
The following document contains the results of PMD's CPD 7.17.0.
Duplications
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 59 |
| com/jsql/model/accessible/vendor/ExploitHsqldb.java | model | 60 |
nameTable, bodyExploit.replace("'", "''"),
nameTable,
pathExploit + nameExploit
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
var request = new Request();
request.setMessage(Interaction.ADD_TAB_EXPLOIT_WEB);
request.setParameters(urlSuccess);
this.injectionModel.sendToViews(request);
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getFile().getWrite(),
nameTable,
nameTable, bodyExploit.replace("'", "''"),
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 94 |
| com/jsql/model/accessible/vendor/ExploitHsqldb.java | model | 94 |
nameTable, bodyExploit.replace("'", "''"),
nameTable,
pathExploit + nameExploit
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public String getRead(String pathFile) throws AbstractSlidingException {
LOGGER.log(LogLevelUtil.CONSOLE_INFORM, CallableFile.REQUIRE_STACK);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
this.injectionModel.injectWithoutIndex(String.format(
this.injectionModel.getResourceAccess().getExploitDerby().getModelYaml().getFile().getCreateTable(),
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 97 |
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 128 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public String getRead(String pathFile) throws AbstractSlidingException {
LOGGER.log(LogLevelUtil.CONSOLE_INFORM, CallableFile.REQUIRE_STACK);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitH2.java | model | 138 |
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 128 |
), ResourceAccess.TBL_DUMP);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public String getRead(String pathFile) throws AbstractSlidingException {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 62 |
| com/jsql/model/accessible/vendor/ExploitH2.java | model | 100 |
| com/jsql/model/accessible/vendor/ExploitHsqldb.java | model | 62 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
var request = new Request();
request.setMessage(Interaction.ADD_TAB_EXPLOIT_WEB);
request.setParameters(urlSuccess);
this.injectionModel.sendToViews(request);
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 97 |
| com/jsql/model/accessible/vendor/ExploitH2.java | model | 138 |
| com/jsql/model/accessible/vendor/ExploitHsqldb.java | model | 96 |
| com/jsql/model/accessible/vendor/ExploitPostgres.java | model | 511 |
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 128 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public String getRead(String pathFile) throws AbstractSlidingException {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitH2.java | model | 100 |
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 93 |
), ResourceAccess.TBL_DUMP);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
var request = new Request();
request.setMessage(Interaction.ADD_TAB_EXPLOIT_WEB);
request.setParameters(urlSuccess);
this.injectionModel.sendToViews(request);
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 44 |
| com/jsql/model/injection/strategy/StrategyBlindBit.java | model | 44 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 44 |
this.injectionModel.getMediatorVendor().getVendor().instance().getModelYaml().getStrategy().getBinary().getTest().getBin()
)) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
AbstractStrategy.FORMAT_STRATEGY_NOT_IMPLEMENTED,
this.getName(),
this.injectionModel.getMediatorVendor().getVendor()
);
return;
}
this.checkInjection(BlindOperator.OR);
this.checkInjection(BlindOperator.AND);
this.checkInjection(BlindOperator.STACK);
this.checkInjection(BlindOperator.NO_MODE);
if (this.isApplicable) {
this.allow();
var requestMessageBinary = new Request();
requestMessageBinary.setMessage(Interaction.MESSAGE_BINARY);
requestMessageBinary.setParameters(this.injection.getInfoMessage());
this.injectionModel.sendToViews(requestMessageBinary);
} else {
this.unallow();
}
}
private void checkInjection(BlindOperator blindOperator) throws StoppedByUserSlidingException {
if (this.isApplicable) {
return;
}
LOGGER.log(
LogLevelUtil.CONSOLE_DEFAULT,
"{} [{}] with [{}]...",
() -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_CHECKING_STRATEGY),
this::getName,
() -> blindOperator
);
this.injection = new InjectionBlindBin(this.injectionModel, blindOperator);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 62 |
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 93 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
var request = new Request();
request.setMessage(Interaction.ADD_TAB_EXPLOIT_WEB);
request.setParameters(urlSuccess);
this.injectionModel.sendToViews(request);
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 82 |
| com/jsql/model/injection/strategy/StrategyBlindBit.java | model | 82 |
this.injection = new InjectionBlindBin(this.injectionModel, blindOperator);
this.isApplicable = this.injection.isInjectable();
if (this.isApplicable) {
LOGGER.log(
LogLevelUtil.CONSOLE_SUCCESS,
"{} [{}] injection with [{}]",
() -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE),
this::getName,
() -> blindOperator
);
}
}
@Override
public void allow(int... i) {
this.injectionModel.appendAnalysisReport(
StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
+ this.injectionModel.getReportWithoutIndex(
this.injectionModel.getMediatorVendor().getVendor().instance().sqlTestBlindWithOperator(
this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "<query>"), "0", true),
this.injection.getBlindOperator()
),
"metadataInjectionProcess",
null
)
);
this.markVulnerability(Interaction.MARK_BLIND_BIN_VULNERABLE);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/blind/InjectionCharInsertion.java | model | 94 |
| com/jsql/model/injection/strategy/blind/InjectionVendor.java | model | 69 |
List<Future<CallableCharInsertion>> listTagTrue = taskExecutor.invokeAll(listCallableTagTrue);
this.injectionModel.getMediatorUtils().getThreadUtil().shutdown(taskExecutor);
for (var i = 1 ; i < listTagTrue.size() ; i++) {
if (this.injectionModel.isStoppedByUser()) {
return;
}
if (this.constantTrueMark.isEmpty()) {
this.constantTrueMark = listTagTrue.get(i).get().getOpcodes();
} else {
this.constantTrueMark.retainAll(listTagTrue.get(i).get().getOpcodes());
}
}
} catch (ExecutionException e) {
LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e, e);
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
}
this.initFalseMarks();
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitPostgres.java | model | 409 |
| com/jsql/model/accessible/vendor/ExploitPostgres.java | model | 468 |
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var loid = this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
this.modelYaml.getFile().getWrite().getLargeObject().getFromText(),
bodyExploit.replace("'", "\"")
), ResourceAccess.ADD_LOID);
if (StringUtils.isEmpty(loid)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.LOID_NOT_FOUND);
return StringUtils.EMPTY;
}
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
this.modelYaml.getFile().getWrite().getLargeObject().getToFile(),
loid,
pathExploit + nameExploit
), ResourceAccess.WRITE_LOID);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/blind/InjectionBlindBin.java | model | 80 |
| com/jsql/model/injection/strategy/blind/InjectionBlindBit.java | model | 74 |
for (Future<CallableBlindBin> futureFalsy: futuresFalsys) {
if (this.injectionModel.isStoppedByUser()) {
return;
}
if (this.falseDiffs.isEmpty()) {
this.falseDiffs = futureFalsy.get().getDiffsWithReference(); // Init diffs
} else {
this.falseDiffs.retainAll(futureFalsy.get().getDiffsWithReference()); // Clean un-matching diffs
}
}
} catch (ExecutionException e) {
LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e, e);
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
}
if (this.injectionModel.isStoppedByUser()) {
return;
}
this.cleanTrueDiffs(injectionModel, blindOperator);
}
private void cleanTrueDiffs(InjectionModel injectionModel, BlindOperator blindOperator) {
ExecutorService taskExecutor = this.injectionModel.getMediatorUtils().getThreadUtil().getExecutor("CallableGetBlindBinTagTrue");
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 99 |
| com/jsql/model/accessible/vendor/ExploitMysql.java | model | 102 |
| com/jsql/model/accessible/vendor/ExploitPostgres.java | model | 513 |
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 130 |
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitH2.java | model | 140 |
| com/jsql/model/accessible/vendor/ExploitMysql.java | model | 102 |
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitHsqldb.java | model | 98 |
| com/jsql/model/accessible/vendor/ExploitMysql.java | model | 102 |
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
if (result.body().contains(DataAccess.LEAD +"y")) {
LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
} else {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
}
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
} catch (IOException | JSqlException e) {
throw new JSqlRuntimeException(e);
}
return urlSuccess;
};
this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 113 |
| com/jsql/model/injection/strategy/StrategyBlindBit.java | model | 113 |
this.markVulnerability(Interaction.MARK_BLIND_BIN_INVULNERABLE);
}
@Override
public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
return this.injection.inject(
this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(sqlQuery, startPosition, false),
stoppable
);
}
@Override
public void activateWhenApplicable() {
if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
"{} [{}] with [{}]",
() -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
this::getName,
() -> this.injection.getBlindOperator().name()
);
this.injectionModel.getMediatorStrategy().setStrategy(this);
var request = new Request();
request.setMessage(Interaction.MARK_BLIND_BIN_STRATEGY);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/view/terminal/interaction/MessageHeader.java | model | 33 |
| com/jsql/view/swing/interaction/MessageHeader.java | view | 44 |
@SuppressWarnings("unchecked")
public MessageHeader(Object[] interactionParams) {
Map<Header, Object> params = (Map<Header, Object>) interactionParams[0];
this.url = (String) params.getOrDefault(Header.URL, StringUtils.EMPTY);
this.post = (String) params.getOrDefault(Header.POST, StringUtils.EMPTY);
this.header = (Map<String, String>) params.getOrDefault(Header.HEADER, Collections.emptyMap());
this.response = (Map<String, String>) params.getOrDefault(Header.RESPONSE, Collections.emptyMap());
this.source = (String) params.getOrDefault(Header.SOURCE, StringUtils.EMPTY);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitH2.java | model | 84 |
| com/jsql/model/accessible/vendor/ExploitH2.java | model | 122 |
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getRce().getCreateTable(),
nameTable,
nameTable, bodyExploit.replace("'", "\"")
), ResourceAccess.TBL_CREATE);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getRce().getScriptSimple(),
pathExploit + nameExploit,
nameTable
), ResourceAccess.TBL_DUMP);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 41 |
| com/jsql/model/accessible/vendor/ExploitHsqldb.java | model | 42 |
ModelYamlDerby.class
);
}
public String createWeb(String pathExploit, String urlExploit) {
LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "RCE Web target requirements: stack query, web+db on same machine, jdbc bridge");
String bodyExploit = StringUtil.base64Decode(
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getFile().getWrite(),
nameTable,
nameTable, bodyExploit.replace("'", "''"),
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/blind/InjectionBlindBin.java | model | 123 |
| com/jsql/model/injection/strategy/blind/InjectionBlindBit.java | model | 116 |
for (Future<CallableBlindBin> futureTruthy: futuresTruthys) {
if (this.injectionModel.isStoppedByUser()) {
return;
}
if (this.trueDiffs.isEmpty()) {
this.trueDiffs = futureTruthy.get().getDiffsWithReference(); // Init diffs
} else {
this.trueDiffs.retainAll(futureTruthy.get().getDiffsWithReference()); // Clean un-matching diffs
}
this.falseDiffs.removeAll(futureTruthy.get().getDiffsWithReference());
}
} catch (ExecutionException e) {
LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e, e);
} catch (InterruptedException e) {
LOGGER.log(LogLevelUtil.IGNORE, e, e);
Thread.currentThread().interrupt();
}
}
@Override
public CallableBlindBin getCallableBitTest(String sqlQuery, int indexChar, int bit) {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/blind/InjectionCharInsertion.java | model | 172 |
| com/jsql/model/injection/strategy/blind/InjectionVendor.java | model | 136 |
);
try {
blindTest.call();
} catch (Exception e) {
LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e, e);
}
return blindTest.isTrue() && !this.constantTrueMark.isEmpty();
}
public String callUrl(String urlString, String metadataInjectionProcess) {
return this.injectionModel.injectWithoutIndex(urlString, metadataInjectionProcess);
}
public String callUrl(String urlString, String metadataInjectionProcess, AbstractCallableBit<?> callableBoolean) {
return this.injectionModel.injectWithoutIndex(urlString, metadataInjectionProcess, callableBoolean);
}
// Getter
public String getBlankFalseMark() {
return this.blankFalseMark;
}
public List<Diff> getConstantTrueMark() {
return this.constantTrueMark;
}
}
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 62 |
| com/jsql/model/accessible/vendor/ExploitPostgres.java | model | 427 |
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 93 |
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
String result = this.injectionModel.getResourceAccess().callCommand(
urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
);
if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
return StringUtils.EMPTY;
}
var request = new Request();
request.setMessage(Interaction.ADD_TAB_EXPLOIT_WEB);
request.setParameters(urlSuccess);
this.injectionModel.sendToViews(request);
return urlSuccess;
};
return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
}
public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 82 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 82 |
this.injection = new InjectionBlindBin(this.injectionModel, blindOperator);
this.isApplicable = this.injection.isInjectable();
if (this.isApplicable) {
LOGGER.log(
LogLevelUtil.CONSOLE_SUCCESS,
"{} [{}] injection with [{}]",
() -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE),
this::getName,
() -> blindOperator
);
}
}
@Override
public void allow(int... i) {
this.injectionModel.appendAnalysisReport(
StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
+ this.injectionModel.getReportWithoutIndex(
this.injectionModel.getMediatorVendor().getVendor().instance().sqlTestBlindWithOperator(
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 49 |
| com/jsql/model/accessible/vendor/ExploitDerby.java | model | 84 |
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getFile().getWrite(),
nameTable,
nameTable, bodyExploit.replace("'", "''"),
nameTable,
pathExploit + nameExploit
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitHsqldb.java | model | 50 |
| com/jsql/model/accessible/vendor/ExploitHsqldb.java | model | 84 |
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getFile().getWrite(),
nameTable,
nameTable, bodyExploit.replace("'", "\""),
nameTable, pathExploit + nameExploit
), ResourceAccess.TBL_CREATE);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 81 |
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 116 |
this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty("exploit.web")
)
.replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
.replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
var nameDbRandom = RandomStringUtils.secure().nextAlphabetic(8);
var nameTableRandom = RandomStringUtils.secure().nextAlphabetic(8);
var nameExploit = nameDbRandom + nameTableRandom +".php";
this.injectionModel.injectWithoutIndex(String.format(
this.modelYaml.getWriteFile(),
pathExploit + nameExploit, nameDbRandom,
nameDbRandom, nameTableRandom,
nameDbRandom, nameTableRandom, bodyExploit
), ResourceAccess.TBL_DUMP);
BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBin.java | model | 119 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 119 |
this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(sqlQuery, startPosition, false),
stoppable
);
}
@Override
public void activateWhenApplicable() {
if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
"{} [{}] with [{}]",
() -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
this::getName,
() -> this.injection.getBlindOperator().name()
);
this.injectionModel.getMediatorStrategy().setStrategy(this);
var request = new Request();
request.setMessage(Interaction.MARK_BLIND_BIN_STRATEGY);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/injection/strategy/StrategyBlindBit.java | model | 119 |
| com/jsql/model/injection/strategy/StrategyTime.java | model | 119 |
this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(sqlQuery, startPosition, false),
stoppable
);
}
@Override
public void activateWhenApplicable() {
if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
LOGGER.log(
LogLevelUtil.CONSOLE_INFORM,
"{} [{}] with [{}]",
() -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
this::getName,
() -> this.injection.getBlindOperator().name()
);
this.injectionModel.getMediatorStrategy().setStrategy(this);
var request = new Request();
request.setMessage(Interaction.MARK_BLIND_BIT_STRATEGY);
|
||
| File | Project | Line |
|---|---|---|
| com/jsql/model/accessible/vendor/ExploitH2.java | model | 67 |
| com/jsql/model/accessible/vendor/ExploitSqlite.java | model | 64 |
this.modelYaml.getRce().getRunCmd(),
command.replace(StringUtils.SPACE, "%20")
), ResourceAccess.RUN_FUNC);
} catch (JSqlException e) {
result = String.format(ResourceAccess.TEMPLATE_ERROR, e.getMessage(), command);
}
var request = new Request();
request.setMessage(Interaction.GET_TERMINAL_RESULT);
request.setParameters(uuidShell, result.trim() +"\n"); // missing newline on some extensions
this.injectionModel.sendToViews(request);
return result;
}
public String createWeb(String pathExploit, String urlExploit) {
LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "RCE Web target requirements: stack query, web+db on same machine, jdbc bridge");
|
||