1#!/usr/bin/env python 2import sys 3import re 4import libinjection 5import urllib 6import urlparse 7 8logre = re.compile(r' /diagnostics\?([^ ]+) HTTP') 9 10notsqli = set([ 11'1ov', 12'UEvEv', 13'v', 14'Uv', 15'Uv,', 16'UoEvE', 17'1v', 18'sov', 19'1nn', 20'UonnE', 21'no1', 22'Evk', 23'E1k', 24'E11k', 25'Ek', 26'Uv,Ev', 27'UvEvk', 28'UvEv,', 29'Uvon' 30]) 31 32def doline(logline): 33 """ 34 ...GET /diagnostics?id=%22union+select HTTP/1.1 35 """ 36 mo = logre.search(logline) 37 if not mo: 38 return 39 40 sqli= False 41 fp = None 42 for key, val in urlparse.parse_qsl(mo.group(1)): 43 val = urllib.unquote(val) 44 extra = {} 45 argsqli = libinjection.detectsqli(val, extra) 46 if argsqli: 47 fp = extra['fingerprint'] 48 print urllib.quote(val) 49 sqli = sqli or argsqli 50 51 if False: # and not sqli: 52 #print "\n---" 53 #print mo.group(1) 54 for key, val in urlparse.parse_qsl(mo.group(1)): 55 val = urllib.unquote(val) 56 extra = {} 57 argsqli = libinjection.detectsqli(val, extra) 58 if not argsqli and extra['fingerprint'] not in notsqli: 59 print "NO", extra['fingerprint'], mo.group(1) 60 print " ", val 61 62if __name__ == '__main__': 63 for line in sys.stdin: 64 doline(line) 65