Documentation
¶
Overview ¶
Package payload provides SQL injection payload construction with context-aware boundary detection and encoding utilities.
Index ¶
- Constants
- func PrefixesForType(paramType int) []string
- func SuffixesForDBMS(dbms string) []string
- type Base64Encoder
- type Boundary
- type Builder
- func (b *Builder) Build() *Payload
- func (b *Builder) WithCore(core string) *Builder
- func (b *Builder) WithDBMS(dbms string) *Builder
- func (b *Builder) WithEncoder(enc Encoder) *Builder
- func (b *Builder) WithPrefix(prefix string) *Builder
- func (b *Builder) WithSuffix(suffix string) *Builder
- func (b *Builder) WithTechnique(technique string) *Builder
- type ChainEncoder
- type DoubleURLEncoder
- type Encoder
- type HexEncoder
- type Payload
- type URLEncoder
- type UnicodeEncoder
Constants ¶
const ( TypeString = 0 TypeInteger = 1 TypeFloat = 2 )
Parameter type constants matching engine.ParameterType values.
Variables ¶
This section is empty.
Functions ¶
func PrefixesForType ¶
PrefixesForType returns likely prefixes based on parameter type. TypeInteger (1): "", ")", "))" TypeString (0) or TypeFloat (2): "'", "\"", "')", "\")", "'))"
func SuffixesForDBMS ¶
SuffixesForDBMS returns likely suffixes for a given DBMS. MySQL: "-- -", "#", "/*" PostgreSQL: "-- -", "/*" Generic: "-- -", "#", "/*", "%00"
Types ¶
type Base64Encoder ¶
type Base64Encoder struct{}
Base64Encoder encodes to standard base64.
func (*Base64Encoder) Encode ¶
func (e *Base64Encoder) Encode(s string) string
Encode applies standard base64 encoding.
type Boundary ¶
Boundary represents a prefix/suffix pair for closing SQL context.
func CommonBoundaries ¶
func CommonBoundaries() []Boundary
CommonBoundaries returns all common prefix/suffix pairs to try. These are ordered by likelihood/simplicity.
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
Builder constructs payloads with context-aware boundaries.
func (*Builder) WithEncoder ¶
WithEncoder adds an encoder to the chain.
func (*Builder) WithPrefix ¶
WithPrefix sets the injection prefix.
func (*Builder) WithSuffix ¶
WithSuffix sets the injection suffix.
func (*Builder) WithTechnique ¶
WithTechnique sets the technique name.
type ChainEncoder ¶
type ChainEncoder struct {
// contains filtered or unexported fields
}
ChainEncoder applies multiple encoders in sequence.
func NewChainEncoder ¶
func NewChainEncoder(encoders ...Encoder) *ChainEncoder
NewChainEncoder creates a ChainEncoder with the given encoders.
func (*ChainEncoder) Encode ¶
func (e *ChainEncoder) Encode(s string) string
Encode applies each encoder in order.
type DoubleURLEncoder ¶
type DoubleURLEncoder struct{}
DoubleURLEncoder performs double URL encoding.
func (*DoubleURLEncoder) Encode ¶
func (e *DoubleURLEncoder) Encode(s string) string
Encode applies URL percent-encoding twice: first encode, then encode the result again.
func (*DoubleURLEncoder) Name ¶
func (e *DoubleURLEncoder) Name() string
Name returns the encoder name.
type HexEncoder ¶
type HexEncoder struct{}
HexEncoder converts each byte to its hex representation (0xHH).
func (*HexEncoder) Encode ¶
func (e *HexEncoder) Encode(s string) string
Encode converts each byte of the input to 0xHH format.
type Payload ¶
type Payload struct {
Prefix string // Boundary prefix to close original query context (e.g., "'" or ")")
Core string // The actual injection logic (e.g., "AND 1=1")
Suffix string // Boundary suffix (e.g., "-- -" or "#")
Encoded string // Final form after encoding
Technique string // Which technique generated this (e.g., "error-based")
DBMS string // Target DBMS (e.g., "MySQL")
}
Payload represents a complete injection payload.
type URLEncoder ¶
type URLEncoder struct{}
URLEncoder performs URL encoding.
type UnicodeEncoder ¶
type UnicodeEncoder struct{}
UnicodeEncoder converts each byte to unicode escape format (%u00XX).
func (*UnicodeEncoder) Encode ¶
func (e *UnicodeEncoder) Encode(s string) string
Encode converts each byte of the input to %u00XX format.
Source Files