# frozen_string_literal: true # # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and # payload crafting functionality. # # Copyright (c) 2007-2024 Hal Brodigan (postmodern.mod3 at gmail.com) # # ronin-exploits is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ronin-exploits is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ronin-exploits. If not, see . # require 'ronin/exploits/web_vuln' require 'ronin/exploits/mixins/has_payload' require 'ronin/vulns/sqli' require 'ronin/payloads/sql_payload' module Ronin module Exploits # # Represents a [SQL injection (SQLi)][SQLI] exploit. # # [SQLI]: https://owasp.org/www-community/attacks/SQL_Injection # # ## Example # # require 'ronin/exploits/sqli' # # module Ronin # module Exploits # class MyExploit < SQLI # # register 'my_exploit' # # base_path '/path/to/page.php' # query_param 'id' # escape_quote true # # end # end # end # # @api public # # @since 1.0.0 # class SQLI < WebVuln include Mixins::HasPayload payload_class Payloads::SQLPayload references [ 'https://owasp.org/www-community/attacks/SQL_Injection' ] # # Returns the type or kind of exploit. # # @return [Symbol] # # @note # This is used internally to map an exploit class to a printable type. # # @api private # def self.exploit_type :sqli end # # Gets or sets whether to escape quotation marks. # # @param [Boolean, nil] new_escape_quote # The optional new escape quote value. # # @return [Boolean] # Specifies whether to escape quotation marks. # def self.escape_quote(new_escape_quote=nil) if !new_escape_quote.nil? @escape_quote = new_escape_quote else if !@escape_quote.nil? @escape_quote elsif superclass < SQLI superclass.escape_quote else false end end end # # Gets or sets whether to escape parenthesis. # # @param [Boolean, nil] new_escape_parens # The optional new escape parenthesis value. # # @return [Boolean] # Specifies whether to escape parenthesis. # def self.escape_parens(new_escape_parens=nil) if !new_escape_parens.nil? @escape_parens = new_escape_parens else if !@escape_parens.nil? @escape_parens elsif superclass < SQLI superclass.escape_parens else false end end end # # Gets or sets whether to terminate the injected SQL expression. # # @param [Boolean, nil] new_terminate # The optional new terminate value. # # @return [Boolean] # Specifies whether to terminate the injected SQL expression. # def self.terminate(new_terminate=nil) if !new_terminate.nil? @terminate = new_terminate else if !@terminate.nil? @terminate elsif superclass < SQLI superclass.terminate else false end end end # # The SQL injection (SQLi) vulnerability to exploit. # # @return [Ronin::Vulns::SQLi] # def vuln @vuln ||= Vulns::SQLI.new( url, escape_quote: self.class.escape_quote, escape_parens: self.class.escape_parens, terminate: self.class.terminate, **web_vuln_kwargs ) end # # Launches SQL injection (SQLi) exploit with the SQL payload. # def launch vuln.exploit(@payload) end end end end