sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
b481c0352f
sqlmap/lib/techniques/union/use.py

344 lines
14 KiB
Python
Raw Normal View History

After the storm, a restore..
2008-10-15 19:38:22 +04:00
#!/usr/bin/env python
"""
propsets..
2008-10-15 19:56:32 +04:00
$Id$
After the storm, a restore..
2008-10-15 19:38:22 +04:00
updating copyright date
2012-01-11 18:59:46 +04:00
Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
sorry, cosmetics
2010-10-15 03:18:29 +04:00
See the file 'doc/COPYING' for copying permission
After the storm, a restore..
2008-10-15 19:38:22 +04:00
"""
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
import re
After the storm, a restore..
2008-10-15 19:38:22 +04:00
import time
removing of unused imports together with some general code refactoring
2012-02-22 14:40:11 +04:00
from extra.safe2bin.safe2bin import safecharencode
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.agent import agent
minor refactoring
2012-02-16 13:46:41 +04:00
from lib.core.bigarray import BigArray
refactoring (class names should always be Capital cased)
2011-01-28 19:36:09 +03:00
from lib.core.common import Backend
now union technique parses headers too
2011-01-31 15:41:39 +03:00
from lib.core.common import calculateDeltaSeconds
it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)
2011-03-26 00:31:26 +03:00
from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout
refactoring
2011-03-17 11:54:20 +03:00
from lib.core.common import extractRegexResult
implemented retrieved items info for partial union too
2011-04-13 18:33:15 +04:00
from lib.core.common import getConsoleWidth
more unicode refactoring
2010-06-02 16:45:40 +04:00
from lib.core.common import getUnicode
minor refactoring
2011-12-21 15:50:49 +04:00
from lib.core.common import incrementCounter
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. Major refactoring to Agent.payload() method. Minor bug fixes, some code refactoring and a lot of core adjustments here and there. Added more checks for injection in GROUP BY and ORDER BY.
2011-01-12 01:18:47 +03:00
from lib.core.common import initTechnique
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup.
2011-01-19 02:02:11 +03:00
from lib.core.common import isNumPosStrValue
now union technique parses headers too
2011-01-31 15:41:39 +03:00
from lib.core.common import listToStrValue
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
from lib.core.common import parseUnionPage
incorporation of method for neutralization of reflective values
2011-02-25 12:22:44 +03:00
from lib.core.common import removeReflectiveValues
more concise
2011-06-08 18:35:23 +04:00
from lib.core.common import singleTimeWarnMessage
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
from lib.core.data import queries
further refactoring (all enumerations are now put into enums.py)
2010-11-08 12:20:02 +03:00
from lib.core.enums import DBMS
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. Major refactoring to Agent.payload() method. Minor bug fixes, some code refactoring and a lot of core adjustments here and there. Added more checks for injection in GROUP BY and ORDER BY.
2011-01-12 01:18:47 +03:00
from lib.core.enums import PAYLOAD
minor update
2011-01-14 12:45:47 +03:00
from lib.core.exception import sqlmapSyntaxException
just a makeup
2012-02-07 16:05:23 +04:00
from lib.core.settings import FROM_DUMMY_TABLE
improvement for recognition of scalar vs multiple-row commands
2011-05-19 20:45:05 +04:00
from lib.core.settings import SQL_SCALAR_REGEX
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 23:58:10 +04:00
from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT
implementation of multithreading for UNION and ERROR techniques
2011-05-30 03:17:50 +04:00
from lib.core.threads import getCurrentThreadData
from lib.core.threads import runThreads
After the storm, a restore..
2008-10-15 19:38:22 +04:00
from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request
improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)
2011-08-01 03:40:09 +04:00
def __oneShotUnionUse(expression, unpack=True, limited=False):
gazillion changes, nothing will work, muhahaha
2012-02-17 18:22:48 +04:00
retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries, not kb.resumeValues]) else None
switching to SQLite resume support (on error and union techniques this moment)
2011-09-26 00:36:32 +04:00
minor update
2011-10-12 02:40:00 +04:00
threadData = getCurrentThreadData()
threadData.resumed = retVal is not None
minor update
2011-10-12 01:58:57 +04:00
if retVal is None:
refactoring
2011-09-26 01:10:45 +04:00
check = "(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop)
trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
switching to SQLite resume support (on error and union techniques this moment)
2011-09-26 00:36:32 +04:00
# Prepare expression with delimiters
minor refactoring
2011-12-21 15:50:49 +04:00
injExpression = unescaper.unescape(agent.concatQuery(expression, unpack))
switching to SQLite resume support (on error and union techniques this moment)
2011-09-26 00:36:32 +04:00
minor refactoring
2011-12-21 15:50:49 +04:00
where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None
switching to SQLite resume support (on error and union techniques this moment)
2011-09-26 00:36:32 +04:00
# Forge the inband SQL injection request
vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
using UNION SELECT for where=..NEGATIVE
2012-02-22 13:41:58 +04:00
query = agent.forgeInbandQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, limited)
switching to SQLite resume support (on error and union techniques this moment)
2011-09-26 00:36:32 +04:00
payload = agent.payload(newValue=query, where=where)
# Perform the request
page, headers = Request.queryPage(payload, content=True, raise404=False)
minor refactoring
2011-12-21 15:50:49 +04:00
incrementCounter(PAYLOAD.TECHNIQUE.UNION)
switching to SQLite resume support (on error and union techniques this moment)
2011-09-26 00:36:32 +04:00
# Parse the returned page to get the exact union-based
# sql injection output
some optimization
2011-12-22 03:23:00 +04:00
retVal = reduce(lambda x, y: x if x is not None else y, ( \
switching to SQLite resume support (on error and union techniques this moment)
2011-09-26 00:36:32 +04:00
extractRegexResult(check, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \
extractRegexResult(check, removeReflectiveValues(listToStrValue(headers.headers \
some optimization
2011-12-22 03:23:00 +04:00
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), \
switching to SQLite resume support (on error and union techniques this moment)
2011-09-26 00:36:32 +04:00
None)
if retVal is not None:
retVal = getUnicode(retVal, kb.pageEncoding)
else:
trimmed = extractRegexResult(trimcheck, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE) \
or extractRegexResult(trimcheck, removeReflectiveValues(listToStrValue(headers.headers \
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)
if trimmed:
warnMsg = "possible server trimmed output detected (due to its length): "
warnMsg += trimmed
logger.warn(warnMsg)
elif Backend.isDbms(DBMS.MYSQL) and not kb.multiThreadMode:
warnMsg = "if the problem persists with 'None' values please try to use "
some estetic updates
2012-02-01 18:49:42 +04:00
warnMsg += "hidden switch '--no-cast' (fixing problems with some collation "
minor update
2012-02-21 17:49:30 +04:00
warnMsg += "issues) or switch '--hex'"
switching to SQLite resume support (on error and union techniques this moment)
2011-09-26 00:36:32 +04:00
singleTimeWarnMessage(warnMsg)
conf.hashDB.write(expression, retVal)
return retVal
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
minor cosmetics
2011-01-20 01:48:06 +03:00
def configUnion(char=None, columns=None):
def __configUnionChar(char):
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
2011-05-10 19:34:54 +04:00
if not isinstance(char, basestring):
return
kb.uChar = char
if conf.uChar is not None:
kb.uChar = char.replace("[CHAR]", conf.uChar if conf.uChar.isdigit() else "'%s'" % conf.uChar.strip("'"))
Proper support for --union-cols
2011-01-18 01:57:33 +03:00
minor cosmetics
2011-01-20 01:48:06 +03:00
def __configUnionCols(columns):
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
2011-05-10 19:34:54 +04:00
if not isinstance(columns, basestring):
return
minor cosmetics
2011-01-20 01:48:06 +03:00
columns = columns.replace(" ", "")
now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)
2011-06-18 14:51:14 +04:00
if "-" in columns:
colsStart, colsStop = columns.split("-")
else:
colsStart, colsStop = columns, columns
Proper support for --union-cols
2011-01-18 01:57:33 +03:00
minor refactoring
2011-01-25 16:04:13 +03:00
if not colsStart.isdigit() or not colsStop.isdigit():
minor cosmetics
2011-01-20 01:48:06 +03:00
raise sqlmapSyntaxException, "--union-cols must be a range of integers"
Proper support for --union-cols
2011-01-18 01:57:33 +03:00
minor refactoring
2011-12-21 15:50:49 +04:00
conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
Proper support for --union-cols
2011-01-18 01:57:33 +03:00
minor cosmetics
2011-01-20 01:48:06 +03:00
if conf.uColsStart > conf.uColsStop:
errMsg = "--union-cols range has to be from lower to "
errMsg += "higher number of columns"
raise sqlmapSyntaxException, errMsg
Proper support for --union-cols
2011-01-18 01:57:33 +03:00
Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches
2011-05-10 19:34:54 +04:00
__configUnionChar(char)
__configUnionCols(conf.uCols or columns)
Proper support for --union-cols
2011-01-18 01:57:33 +03:00
Code cleanup
2011-02-07 01:32:44 +03:00
def unionUse(expression, unpack=True, dump=False):
After the storm, a restore..
2008-10-15 19:38:22 +04:00
"""
This function tests for an inband SQL injection on the target
url then call its subsidiary function to effectively perform an
inband SQL injection on the affected url
"""
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though. Major refactoring to Agent.payload() method. Minor bug fixes, some code refactoring and a lot of core adjustments here and there. Added more checks for injection in GROUP BY and ORDER BY.
2011-01-12 01:18:47 +03:00
initTechnique(PAYLOAD.TECHNIQUE.UNION)
bug fix
2012-02-03 14:38:04 +04:00
abortedFlag = False
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup.
2011-01-19 02:02:11 +03:00
count = None
origExpr = expression
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
startLimit = 0
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup.
2011-01-19 02:02:11 +03:00
stopLimit = None
minor fix
2012-02-23 17:31:50 +04:00
value = None
minor refactoring
2011-12-21 15:50:49 +04:00
implemented retrieved items info for partial union too
2011-04-13 18:33:15 +04:00
width = getConsoleWidth()
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
start = time.time()
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(origExpr)
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
minor fix
2012-02-01 14:14:23 +04:00
if expressionFieldsList and len(expressionFieldsList) > 1 and " ORDER BY " in expression.upper():
minor update
2011-11-23 19:51:48 +04:00
# No need for it in multicolumn dumps (one row is retrieved per request) and just slowing down on large table dumps
minor fix
2012-02-01 14:14:23 +04:00
expression = expression[:expression.upper().rindex(" ORDER BY ")]
minor update
2011-11-23 19:38:31 +04:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
# We have to check if the SQL query might return multiple entries
# and in such case forge the SQL limiting the query output one
# entry per time
# NOTE: I assume that only queries that get data from a table can
# return multiple entries
adding WHERE enum for payloads
2011-02-02 16:34:09 +03:00
if (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or \
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
(dump and (conf.limitStart or conf.limitStop))) and \
" FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \
minor fix
2012-02-07 18:57:48 +04:00
not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE \
just a makeup
2012-02-07 16:05:23 +04:00
and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \
improvement for recognition of scalar vs multiple-row commands
2011-05-19 20:45:05 +04:00
and not re.search(SQL_SCALAR_REGEX, expression, re.I):
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
if limitRegExp or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
if limitRegExp:
refactoring (class names should always be Capital cased)
2011-01-28 19:36:09 +03:00
limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query
limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
if limitGroupStart.isdigit():
startLimit = int(limitRegExp.group(int(limitGroupStart)))
stopLimit = limitRegExp.group(int(limitGroupStop))
limitCond = int(stopLimit) > 1
incorporation of method for neutralization of reflective values
2011-02-25 12:22:44 +03:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
elif topLimit:
startLimit = 0
stopLimit = int(topLimit.group(1))
limitCond = int(stopLimit) > 1
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
More code refactoring of Backend class methods used
2011-04-30 18:54:29 +04:00
elif Backend.isDbms(DBMS.ORACLE):
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
limitCond = False
else:
limitCond = True
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. Alignment of SQL statement payload packing/unpacking between all of the techniques. Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too. Minor code cleanup.
2011-01-19 02:02:11 +03:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
# I assume that only queries NOT containing a "LIMIT #, 1"
# (or similar depending on the back-end DBMS) can return
# multiple entries
if limitCond:
if limitRegExp:
stopLimit = int(stopLimit)
Ctrl+C added to union dump
2011-01-06 12:48:04 +03:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
# From now on we need only the expression until the " LIMIT "
# (or similar, depending on the back-end DBMS) word
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL):
stopLimit += startLimit
untilLimitChar = expression.index(queries[Backend.getIdentifiedDbms()].limitstring.query)
expression = expression[:untilLimitChar]
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
stopLimit += startLimit
elif dump:
if conf.limitStart:
Proper fix for --start and --stop consistency amongst different techniques
2011-07-26 14:06:28 +04:00
startLimit = conf.limitStart - 1
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
if conf.limitStop:
stopLimit = conf.limitStop
# Count the number of SQL query entries output
minor refactoring
2011-10-24 13:55:50 +04:00
countedExpression = expression.replace(expressionFields, queries[Backend.getIdentifiedDbms()].count.query % '*', 1)
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
minor fix
2012-02-01 14:14:23 +04:00
if " ORDER BY " in countedExpression.upper():
_ = countedExpression.upper().rindex(" ORDER BY ")
countedExpression = countedExpression[:_]
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
gazillion changes, nothing will work, muhahaha
2012-02-17 18:22:48 +04:00
output = __oneShotUnionUse(countedExpression, unpack)
count = parseUnionPage(output)
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
"unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance
2011-05-12 15:36:02 +04:00
if isNumPosStrValue(count):
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
if isinstance(stopLimit, int) and stopLimit > 0:
stopLimit = min(int(count), int(stopLimit))
else:
stopLimit = int(count)
infoMsg = "the SQL query used returns "
infoMsg += "%d entries" % stopLimit
logger.info(infoMsg)
incorporation of method for neutralization of reflective values
2011-02-25 12:22:44 +03:00
minor patch
2012-02-01 16:28:06 +04:00
elif count and (not isinstance(count, basestring) or not count.isdigit()):
"unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance
2011-05-12 15:36:02 +04:00
warnMsg = "it was not possible to count the number "
proper way of handling 0 length results (as in __goInferenceProxy)
2011-08-02 12:39:32 +04:00
warnMsg += "of entries for the SQL query provided. "
"unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance
2011-05-12 15:36:02 +04:00
warnMsg += "sqlmap will assume that it returns only "
warnMsg += "one entry"
logger.warn(warnMsg)
stopLimit = 1
minor "patch"
2012-02-01 15:00:01 +04:00
elif not count or int(count) == 0:
more concise language
2012-01-07 21:45:45 +04:00
if not count:
warnMsg = "the SQL query provided does not "
warnMsg += "return any output"
logger.warn(warnMsg)
proper way of handling 0 length results (as in __goInferenceProxy)
2011-08-02 12:39:32 +04:00
minor fix
2011-08-02 21:31:13 +04:00
return value
proper way of handling 0 length results (as in __goInferenceProxy)
2011-08-02 12:39:32 +04:00
bulk of fixes
2011-07-03 02:48:56 +04:00
threadData = getCurrentThreadData()
minor optimization and refactoring
2011-07-26 00:17:44 +04:00
threadData.shared.limits = iter(xrange(startLimit, stopLimit))
numThreads = min(conf.threads, (stopLimit - startLimit))
doing proper big table support for partial union too
2011-07-25 00:36:44 +04:00
threadData.shared.value = BigArray()
fix for a Ctrl+C bug reported by nightman@email.de
2011-06-07 21:16:01 +04:00
bulk of fixes
2011-07-03 02:48:56 +04:00
if stopLimit > TURN_OFF_RESUME_INFO_LIMIT:
kb.suppressResumeInfo = True
debugMsg = "suppressing possible resume console info because of "
debugMsg += "large number of rows. It might take too long"
logger.debug(debugMsg)
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 23:58:10 +04:00
bulk of fixes
2011-07-03 02:48:56 +04:00
try:
implementation of multithreading for UNION and ERROR techniques
2011-05-30 03:17:50 +04:00
def unionThread():
refactoring and stabilization of multithreading
2011-06-07 13:50:00 +04:00
threadData = getCurrentThreadData()
while kb.threadContinue:
kb.locks.limits.acquire()
minor optimization and refactoring
2011-07-26 00:17:44 +04:00
try:
num = threadData.shared.limits.next()
except StopIteration:
refactoring and stabilization of multithreading
2011-06-07 13:50:00 +04:00
break
minor optimization and refactoring
2011-07-26 00:17:44 +04:00
finally:
kb.locks.limits.release()
refactoring and stabilization of multithreading
2011-06-07 13:50:00 +04:00
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
field = expressionFieldsList[0]
elif Backend.isDbms(DBMS.ORACLE):
field = expressionFieldsList
else:
field = None
limitedExpr = agent.limitQuery(num, expression, field)
gazillion changes, nothing will work, muhahaha
2012-02-17 18:22:48 +04:00
output = __oneShotUnionUse(limitedExpr, unpack, True)
refactoring and stabilization of multithreading
2011-06-07 13:50:00 +04:00
if not kb.threadContinue:
break
if output:
refactoring
2011-09-26 01:10:45 +04:00
if all(map(lambda x: x in output, [kb.chars.start, kb.chars.stop])):
items = extractRegexResult(r'%s(?P<result>.*?)%s' % (kb.chars.start, kb.chars.stop), output, re.DOTALL | re.IGNORECASE).split(kb.chars.delimiter)
doing proper big table support for partial union too
2011-07-25 00:36:44 +04:00
kb.locks.value.acquire()
minor update regarding last commit (cleaner code)
2011-07-25 00:44:17 +04:00
threadData.shared.value.append(items[0] if len(items) == 1 else items)
doing proper big table support for partial union too
2011-07-25 00:36:44 +04:00
kb.locks.value.release()
else:
refactoring
2011-09-26 01:10:45 +04:00
items = output.replace(kb.chars.start, "").replace(kb.chars.stop, "").split(kb.chars.delimiter)
refactoring and stabilization of multithreading
2011-06-07 13:50:00 +04:00
if conf.verbose == 1:
minor output fix
2012-02-12 23:11:54 +04:00
status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", safecharencode(",".join(map(lambda x: "\"%s\"" % x, items))))
refactoring and stabilization of multithreading
2011-06-07 13:50:00 +04:00
if len(status) > width:
status = "%s..." % status[:width - 3]
minor output fix
2012-02-12 23:11:54 +04:00
dataToStdout("%s\r\n" % status, True)
implementation of multithreading for UNION and ERROR techniques
2011-05-30 03:17:50 +04:00
runThreads(numThreads, unionThread)
it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)
2011-03-26 00:31:26 +03:00
if conf.verbose == 1:
clearConsoleLine(True)
Major enhancement to support Partial UNION query SQL injection technique too. Minor code cleanup.
2008-12-10 20:23:07 +03:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
except KeyboardInterrupt:
bug fix
2012-02-03 14:38:04 +04:00
abortedFlag = True
Minor code adjustments
2011-04-06 18:40:45 +04:00
warnMsg = "user aborted during enumeration. sqlmap "
Minor layout adjustments
2011-03-31 18:13:53 +04:00
warnMsg += "will display partial output"
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
logger.warn(warnMsg)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 23:58:10 +04:00
finally:
fix for a Ctrl+C bug reported by nightman@email.de
2011-06-07 21:16:01 +04:00
value = threadData.shared.value
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
2011-04-22 23:58:10 +04:00
kb.suppressResumeInfo = False
bug fix
2012-02-03 14:38:04 +04:00
if not value and not abortedFlag:
bug fix
2011-10-28 19:24:35 +04:00
expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full inband doesn't play well with ORDER BY
Code cleanup
2011-02-07 01:32:44 +03:00
value = __oneShotUnionUse(expression, unpack)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
2011-02-02 01:07:42 +03:00
duration = calculateDeltaSeconds(start)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
fix for those ugly DEBUG messages in brute mode
2011-04-08 15:02:21 +04:00
if not kb.bruteMode:
minor refactoring
2011-12-21 15:50:49 +04:00
debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.UNION], duration)
fix for those ugly DEBUG messages in brute mode
2011-04-08 15:02:21 +04:00
logger.debug(debugMsg)
After the storm, a restore..
2008-10-15 19:38:22 +04:00
return value
Reference in New Issue Copy Permalink