mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
update
This commit is contained in:
parent
73f33c1999
commit
017ea9e686
|
@ -387,7 +387,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
elif detailKey == "os" and injection.os is None:
|
||||
injection.os = detailValue
|
||||
|
||||
if conf.beep or conf.scriptKiddie:
|
||||
if conf.beep or conf.realTest:
|
||||
beep()
|
||||
|
||||
# There is no need to perform this test for other
|
||||
|
@ -589,7 +589,7 @@ def checkStability():
|
|||
logger.warn(warnMsg)
|
||||
|
||||
message = "how do you want to proceed? [C(ontinue)/s(tring)/r(egex)/q(uit)] "
|
||||
if not conf.scriptKiddie:
|
||||
if not conf.realTest:
|
||||
test = readInput(message, default="C")
|
||||
else:
|
||||
test = None
|
||||
|
|
|
@ -227,7 +227,7 @@ def start():
|
|||
elif test[0] in ("q", "Q"):
|
||||
break
|
||||
|
||||
elif conf.scriptKiddie:
|
||||
elif conf.realTest:
|
||||
logger.info(message)
|
||||
else:
|
||||
message += "\ndo you want to test this url? [Y/n/q]"
|
||||
|
@ -343,7 +343,7 @@ def start():
|
|||
|
||||
if testSqlInj:
|
||||
check = heuristicCheckSqlInjection(place, parameter, value)
|
||||
if not check and conf.scriptKiddie:
|
||||
if not check and conf.realTest:
|
||||
continue
|
||||
|
||||
logMsg = "testing sql injection on %s " % place
|
||||
|
@ -376,7 +376,7 @@ def start():
|
|||
logger.warn(warnMsg)
|
||||
|
||||
if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):
|
||||
if not conf.scriptKiddie:
|
||||
if not conf.realTest:
|
||||
errMsg = "all parameters are not injectable, try "
|
||||
errMsg += "a higher --level"
|
||||
raise sqlmapNotVulnerableException, errMsg
|
||||
|
|
|
@ -676,7 +676,6 @@ def setPaths():
|
|||
paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt")
|
||||
paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
|
||||
paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
|
||||
paths.DORKS = os.path.join(paths.SQLMAP_TXT_PATH, "dorks.txt")
|
||||
paths.SQL_KEYWORDS = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt")
|
||||
paths.ORACLE_DEFAULT_PASSWD = os.path.join(paths.SQLMAP_TXT_PATH, "oracle-default-passwords.txt")
|
||||
paths.WORDLIST = os.path.join(paths.SQLMAP_TXT_PATH, "wordlist.txt")
|
||||
|
|
|
@ -303,20 +303,6 @@ def __setRequestFromFile():
|
|||
|
||||
__feedTargetsDict(conf.requestFile, addedTargetUrls)
|
||||
|
||||
def __setScriptKiddie():
|
||||
"""
|
||||
This function sets a random google dork
|
||||
"""
|
||||
if not conf.scriptKiddie or conf.url or conf.list or conf.requestFile or conf.googleDork:
|
||||
return
|
||||
|
||||
dorks = getFileItems(paths.DORKS)
|
||||
conf.googleDork = dorks[randomRange(0, len(dorks) - 1)]
|
||||
conf.multipleTargets = True
|
||||
|
||||
logMsg = "setting random google dork to: '%s'" % conf.googleDork
|
||||
logger.info(logMsg)
|
||||
|
||||
def __setGoogleDorking():
|
||||
"""
|
||||
This function checks if the way to request testable hosts is through
|
||||
|
@ -1393,7 +1379,7 @@ def init(inputOptions=advancedDict()):
|
|||
parseTargetUrl()
|
||||
parseTargetDirect()
|
||||
|
||||
if conf.url or conf.list or conf.requestFile or conf.googleDork or conf.liveTest or conf.scriptKiddie:
|
||||
if conf.url or conf.list or conf.requestFile or conf.googleDork or conf.liveTest:
|
||||
__setHTTPTimeout()
|
||||
__setHTTPExtraHeaders()
|
||||
__setHTTPCookies()
|
||||
|
@ -1404,7 +1390,6 @@ def init(inputOptions=advancedDict()):
|
|||
__setHTTPProxy()
|
||||
__setSafeUrl()
|
||||
__setUnion()
|
||||
__setScriptKiddie()
|
||||
__setGoogleDorking()
|
||||
__urllib2Opener()
|
||||
__findPageForms()
|
||||
|
|
|
@ -529,10 +529,10 @@ def cmdLineParser():
|
|||
parser.add_option("--live-test", dest="liveTest", action="store_true",
|
||||
default=False, help=SUPPRESS_HELP)
|
||||
|
||||
parser.add_option("--technique", dest="technique", type="int",
|
||||
parser.add_option("--real-test", dest="realTest", action="store_true",
|
||||
default=False, help=SUPPRESS_HELP)
|
||||
|
||||
parser.add_option("--script-kiddie", dest="scriptKiddie", action="store_true",
|
||||
parser.add_option("--technique", dest="technique", type="int",
|
||||
default=False, help=SUPPRESS_HELP)
|
||||
|
||||
parser.add_option_group(target)
|
||||
|
@ -561,7 +561,7 @@ def cmdLineParser():
|
|||
|
||||
if not args.direct and not args.url and not args.list and not args.googleDork and not args.configFile\
|
||||
and not args.requestFile and not args.updateAll and not args.smokeTest and not args.liveTest\
|
||||
and not args.scriptKiddie:
|
||||
and not args.realTest:
|
||||
errMsg = "missing a mandatory parameter ('-d', '-u', '-l', '-r', '-g', '-c' or '--update'), "
|
||||
errMsg += "-h for help"
|
||||
parser.error(errMsg)
|
||||
|
|
|
@ -195,7 +195,7 @@ class Connect:
|
|||
if hasattr(conn, "setcookie"):
|
||||
kb.redirectSetCookie = conn.setcookie
|
||||
|
||||
if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled and not conf.scriptKiddie:
|
||||
if hasattr(conn, "redurl") and hasattr(conn, "redcode") and not conf.redirectHandled and not conf.realTest:
|
||||
msg = "sqlmap got a %d redirect to " % conn.redcode
|
||||
msg += "%s - What target address do you " % conn.redurl
|
||||
msg += "want to use from now on? %s " % conf.url
|
||||
|
@ -294,7 +294,7 @@ class Connect:
|
|||
|
||||
if silent or (ignoreTimeout and "timeout" in tbMsg):
|
||||
return None, None
|
||||
elif kb.retriesCount < conf.retries and not kb.threadException and not conf.scriptKiddie:
|
||||
elif kb.retriesCount < conf.retries and not kb.threadException and not conf.realTest:
|
||||
kb.retriesCount += 1
|
||||
|
||||
warnMsg += ", sqlmap is going to retry the request"
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()"
|
||||
inurl:"id=" & intext:"Warning: mysql_fetch_array()"
|
||||
inurl:"id=" & intext:"Warning: mysql_num_rows()"
|
||||
inurl:"id=" & intext:"Warning: session_start()"
|
||||
inurl:"id=" & intext:"Warning: getimagesize()"
|
||||
inurl:"id=" & intext:"Warning: is_writable()"
|
||||
inurl:"id=" & intext:"Warning: getimagesize()"
|
||||
inurl:"id=" & intext:"Warning: Unknown()"
|
||||
inurl:"id=" & intext:"Warning: session_start()"
|
||||
inurl:"id=" & intext:"Warning: mysql_result()"
|
||||
inurl:"id=" & intext:"Warning: pg_exec()"
|
||||
inurl:"id=" & intext:"Warning: pg_fetch_object"
|
||||
inurl:"id=" & intext:"Warning: pg_fetch_array"
|
||||
inurl:"id=" & intext:"Warning: mysql_result()"
|
||||
inurl:"id=" & intext:"Warning: mysql_num_rows()"
|
||||
inurl:"id=" & intext:"Warning: mysql_query()"
|
||||
inurl:"id=" & intext:"Warning: array_merge()"
|
||||
inurl:"id=" & intext:"Warning: preg_match()"
|
||||
inurl:"id=" & intext:"Warning: filesize()"
|
||||
inurl:"id=" & intext:"Warning: filesize()"
|
||||
inurl:"id=" & intext:"Warning: require()"
|
||||
inurl:"id=" & intext:"unexpected end of SQL command"
|
||||
inurl:"id=" & intext:"Unclosed quotation mark before the character string"
|
||||
inurl:"id=" & intext:"Microsoft OLE DB Provider for ODBC Drivers error"
|
||||
inurl:"id=" & intext:"Microsoft Jet Database"
|
||||
inurl:"id=" & intext:"VbScript"
|
||||
inurl:"id=" & intext:"ODBC SQL Server Driver"
|
Loading…
Reference in New Issue
Block a user