From 0265b3fcfa87f15d9b865e12b49da3199604399d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 19 Jun 2018 16:11:49 +0200 Subject: [PATCH] Second commit regarding #739 --- lib/core/dicts.py | 1 + lib/core/optiondict.py | 2 +- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 2 +- lib/request/connect.py | 4 ++-- sqlmap.conf | 2 +- txt/checksum.md5 | 10 +++++----- 7 files changed, 12 insertions(+), 11 deletions(-) diff --git a/lib/core/dicts.py b/lib/core/dicts.py index c07f65ff4..a457b0262 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -279,6 +279,7 @@ DEPRECATED_OPTIONS = { "--binary": "use '--binary-fields' instead", "--auth-private": "use '--auth-file' instead", "--ignore-401": "use '--ignore-code' instead", + "--second-order": "use '--second-url' instead", "--check-payload": None, "--check-waf": None, "--pickled-options": "use '--api -c ...' instead", diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index b1f80398a..56f1529f2 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -109,7 +109,7 @@ optDict = { "uChar": "string", "uFrom": "string", "dnsDomain": "string", - "secondOrder": "string", + "secondUrl": "string", }, "Fingerprint": { diff --git a/lib/core/settings.py b/lib/core/settings.py index ca9de2434..83d74d3bc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.22" +VERSION = "1.2.6.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index b8e843fcc..ab6b2f8e1 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -333,7 +333,7 @@ def cmdLineParser(argv=None): techniques.add_option("--dns-domain", dest="dnsDomain", help="Domain name used for DNS exfiltration attack") - techniques.add_option("--second-order", dest="secondOrder", + techniques.add_option("--second-url", dest="secondUrl", help="Resulting page URL searched for second-order response") # Fingerprint options diff --git a/lib/request/connect.py b/lib/request/connect.py index 3ad2ed32d..50f287bee 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1235,8 +1235,8 @@ class Connect(object): warnMsg += "behavior in custom WAF/IPS/IDS solutions" singleTimeWarnMessage(warnMsg) - if conf.secondOrder: - page, headers, code = Connect.getPage(url=conf.secondOrder, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) + if conf.secondUrl: + page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) threadData.lastQueryDuration = calculateDeltaSeconds(start) threadData.lastPage = page diff --git a/sqlmap.conf b/sqlmap.conf index f29a7be42..e0c9eda00 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -388,7 +388,7 @@ dnsDomain = # Resulting page URL searched for second-order response # Valid: string -secondOrder = +secondUrl = [Fingerprint] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e05247ead..a96a1bd28 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -34,13 +34,13 @@ e57bda5d5e3011b4e2d8e0a21f546e77 lib/core/common.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py -da98f5288aad57855c6d287ba3b397a1 lib/core/dicts.py +f92abf47b2a41b75cd4b89ff0c93194c lib/core/dicts.py 9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py bfffdc74a93ff647c49b79c215d96d8a lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py +262b62d685a2403586e6ca0aac2e41d8 lib/core/optiondict.py 90a061be1a0658c2bdb197511b61d6fa lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -dd2c8c71982173660be8b77f2af0fc3e lib/core/settings.py +9c986c5efbfe712c434b9372e8572a8d lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py @@ -59,7 +59,7 @@ c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -dc7b8fef4125abb26869689b8921b195 lib/parse/cmdline.py +d6ac9df0bafd0ee171380a7b0581f6d2 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -70,7 +70,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -8500dfaccd8ac4a6eecbca266f6327c9 lib/request/connect.py +60c9d366d0f2173d8dc9f504a7e9d374 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py