View Javadoc
1   package com.jsql.model.injection.strategy.blind;
2   
3   import com.jsql.model.InjectionModel;
4   import com.jsql.model.injection.strategy.blind.callable.AbstractCallableBit;
5   
6   import java.util.List;
7   import java.util.concurrent.CompletionService;
8   import java.util.concurrent.atomic.AtomicInteger;
9   
10  public abstract class AbstractInjectionMonobit<T extends AbstractCallableBit<T>> extends AbstractInjectionBit<T> {
11  
12      protected AbstractInjectionMonobit(InjectionModel injectionModel, BlindOperator blindOperator) {
13          super(injectionModel, blindOperator);
14      }
15      
16      abstract T getCallableBitTest(String sqlQuery, int indexChar, int bit);
17  
18      public void initNextChar(
19          String sqlQuery,
20          List<char[]> bytes,
21          AtomicInteger indexChar,
22          CompletionService<T> taskCompletionService,
23          AtomicInteger countTasksSubmitted,
24          AtomicInteger countBadAsciiCode,
25          T currentCallable
26      ) {
27          indexChar.incrementAndGet();
28          
29          // New undefined bits of the next character
30          // Chars all have the last bit set to 0 in Ascii table
31          bytes.add(AbstractInjectionBit.getBitsUnset());
32          
33          // Test the 7 bits for the next character, save its position and current bit for later
34          // Ignore last bit 128 and only check for first seven bits
35          for (int bit: new int[]{ 1, 2, 4, 8, 16, 32, 64 }) {
36              taskCompletionService.submit(
37                  this.getCallableBitTest(
38                      sqlQuery,
39                      indexChar.get(),
40                      bit
41                  )
42              );
43              countTasksSubmitted.addAndGet(1);
44          }
45      }
46  
47      public char[] initMaskAsciiChar(List<char[]> bytes, T currentCallable) {
48          char[] asciiCodeMask = bytes.get(currentCallable.getCurrentIndex() - 1);  // bits for current url
49          int positionInMask = (int) (
50              8 - (Math.log(2) + Math.log(currentCallable.getCurrentBit())) / Math.log(2)  // some math (2^x => x)
51          );
52          asciiCodeMask[positionInMask] = currentCallable.isTrue() ? '1' : '0';  // set current bit
53          return asciiCodeMask;
54      }
55  }