-
Notifications
You must be signed in to change notification settings - Fork 1
/
apitest.py
executable file
·58 lines (49 loc) · 1.18 KB
/
apitest.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/usr/bin/python
"""
Work-in-progress
"""
from libinjection import *
from words import words
print(dir(libinjection))
def print_token_string(tok):
"""
returns the value of token, handling opening and closing quote characters
"""
out = ''
if tok.str_open != "\0":
out += tok.str_open
out += tok.val
if tok.str_close != "\0":
out += tok.str_close
return out
def print_token(tok):
"""
prints a token for use in unit testing
"""
out = ''
out += tok.type
out += ' '
if tok.type == 's':
out += print_token_string(tok)
elif tok.type == 'v':
vc = tok.count;
if vc == 1:
out += '@'
elif vc == 2:
out += '@@'
out += print_token_string(tok)
else:
out += tok.val
return out
def lookup(state, stype, keyword):
keyword = keyword.upper()
if stype == 'v':
keyword = '0' + keyword
ch = words.get(keyword, '')
return ch
sqli = '1 union all select 1 --'
s = sqli_state()
sqli_init(s, sqli, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI)
sqli_callback(s, lookup)
while sqli_tokenize(s):
print(print_token(s.current))