mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-05-07 17:23:46 +03:00
Bug fix (in some cases lack of warning message for SQLi appearing)
This commit is contained in:
Miroslav Stampar
parent
733a32de32
commit
0175acd028
|
|
@ -475,34 +475,21 @@ def checkSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
injectable = True
|
injectable = True
|
||||||
|
|
||||||
if injectable and kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
|
if injectable:
|
||||||
if all((falseCode, trueCode)) and falseCode != trueCode:
|
if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
|
||||||
conf.code = trueCode
|
if all((falseCode, trueCode)) and falseCode != trueCode:
|
||||||
|
conf.code = trueCode
|
||||||
|
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --code=%d)" % (paramType, parameter, title, conf.code)
|
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --code=%d)" % (paramType, parameter, title, conf.code)
|
||||||
logger.info(infoMsg)
|
|
||||||
else:
|
|
||||||
trueSet = set(extractTextTagContent(trueRawResponse))
|
|
||||||
trueSet = trueSet.union(__ for _ in trueSet for __ in _.split())
|
|
||||||
|
|
||||||
falseSet = set(extractTextTagContent(falseRawResponse))
|
|
||||||
falseSet = falseSet.union(__ for _ in falseSet for __ in _.split())
|
|
||||||
|
|
||||||
candidates = filter(None, (_.strip() if _.strip() in trueRawResponse and _.strip() not in falseRawResponse else None for _ in (trueSet - falseSet)))
|
|
||||||
|
|
||||||
if candidates:
|
|
||||||
candidates = sorted(candidates, key=lambda _: len(_))
|
|
||||||
for candidate in candidates:
|
|
||||||
if re.match(r"\A\w+\Z", candidate):
|
|
||||||
break
|
|
||||||
|
|
||||||
conf.string = candidate
|
|
||||||
|
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'"))
|
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
else:
|
||||||
|
trueSet = set(extractTextTagContent(trueRawResponse))
|
||||||
|
trueSet = trueSet.union(__ for _ in trueSet for __ in _.split())
|
||||||
|
|
||||||
if not any((conf.string, conf.notString)):
|
falseSet = set(extractTextTagContent(falseRawResponse))
|
||||||
candidates = filter(None, (_.strip() if _.strip() in falseRawResponse and _.strip() not in trueRawResponse else None for _ in (falseSet - trueSet)))
|
falseSet = falseSet.union(__ for _ in falseSet for __ in _.split())
|
||||||
|
|
||||||
|
candidates = filter(None, (_.strip() if _.strip() in trueRawResponse and _.strip() not in falseRawResponse else None for _ in (trueSet - falseSet)))
|
||||||
|
|
||||||
if candidates:
|
if candidates:
|
||||||
candidates = sorted(candidates, key=lambda _: len(_))
|
candidates = sorted(candidates, key=lambda _: len(_))
|
||||||
|
|
@ -510,11 +497,25 @@ def checkSqlInjection(place, parameter, value):
|
||||||
if re.match(r"\A\w+\Z", candidate):
|
if re.match(r"\A\w+\Z", candidate):
|
||||||
break
|
break
|
||||||
|
|
||||||
conf.notString = candidate
|
conf.string = candidate
|
||||||
|
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % (paramType, parameter, title, repr(conf.notString).lstrip('u').strip("'"))
|
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'"))
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
if not any((conf.string, conf.notString)):
|
||||||
|
candidates = filter(None, (_.strip() if _.strip() in falseRawResponse and _.strip() not in trueRawResponse else None for _ in (falseSet - trueSet)))
|
||||||
|
|
||||||
|
if candidates:
|
||||||
|
candidates = sorted(candidates, key=lambda _: len(_))
|
||||||
|
for candidate in candidates:
|
||||||
|
if re.match(r"\A\w+\Z", candidate):
|
||||||
|
break
|
||||||
|
|
||||||
|
conf.notString = candidate
|
||||||
|
|
||||||
|
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % (paramType, parameter, title, repr(conf.notString).lstrip('u').strip("'"))
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if not any((conf.string, conf.notString, conf.code)):
|
if not any((conf.string, conf.notString, conf.code)):
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType, parameter, title)
|
infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType, parameter, title)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ from lib.core.enums import OS
|
||||||
from lib.core.revision import getRevisionNumber
|
from lib.core.revision import getRevisionNumber
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.0.6.51"
|
VERSION = "1.0.6.52"
|
||||||
REVISION = getRevisionNumber()
|
REVISION = getRevisionNumber()
|
||||||
STABLE = VERSION.count('.') <= 2
|
STABLE = VERSION.count('.') <= 2
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
|
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user