mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)
This commit is contained in:
parent
8b14a9eaa7
commit
05d12790f1
|
@ -96,10 +96,10 @@ def checkSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
# Skip test if the user's wants to test only for a specific
|
# Skip test if the user's wants to test only for a specific
|
||||||
# technique
|
# technique
|
||||||
if conf.technique and isinstance(conf.technique, list) and stype not in conf.technique:
|
if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:
|
||||||
debugMsg = "skipping test '%s' because the user " % title
|
debugMsg = "skipping test '%s' because the user " % title
|
||||||
debugMsg += "specified to test only for "
|
debugMsg += "specified to test only for "
|
||||||
debugMsg += "%s" % ",".join(map(lambda x: PAYLOAD.SQLINJECTION[x], conf.technique))
|
debugMsg += "%s" % ",".join(map(lambda x: PAYLOAD.SQLINJECTION[x], conf.tech))
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
|
|
@ -406,14 +406,19 @@ def start():
|
||||||
|
|
||||||
if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):
|
if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):
|
||||||
if not conf.realTest:
|
if not conf.realTest:
|
||||||
errMsg = "all parameters are not injectable, try "
|
errMsg = "all parameters are not injectable, try to "
|
||||||
errMsg += "a higher --level/--risk to use more tests"
|
errMsg += "increase --level/--risk values to perform "
|
||||||
|
errMsg += "more tests."
|
||||||
|
|
||||||
|
if isinstance(conf.tech, list) and len(conf.tech) > 0:
|
||||||
|
errMsg += " Rerun without providing the --technique switch."
|
||||||
|
|
||||||
if not conf.textOnly and kb.originalPage:
|
if not conf.textOnly and kb.originalPage:
|
||||||
percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) / len(kb.originalPage))
|
percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) / len(kb.originalPage))
|
||||||
errMsg += " and/or --text-only switch if the target page "
|
errMsg += " Give it a go with the --text-only switch "
|
||||||
errMsg += "has a low percentage of textual content "
|
errMsg += "if the target page has a low percentage of "
|
||||||
errMsg += "(approximately %.2f%% of page content is text)" % percent
|
errMsg += "textual content (~%.2f%% of " % percent
|
||||||
|
errMsg += "page content is text)"
|
||||||
|
|
||||||
raise sqlmapNotVulnerableException, errMsg
|
raise sqlmapNotVulnerableException, errMsg
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -2177,7 +2177,7 @@ def isTechniqueAvailable(technique=None):
|
||||||
technique specified
|
technique specified
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if conf.technique and isinstance(conf.technique, list) and technique not in conf.technique:
|
if conf.tech and isinstance(conf.tech, list) and technique not in conf.tech:
|
||||||
return False
|
return False
|
||||||
else:
|
else:
|
||||||
return getTechniqueData(technique) is not None
|
return getTechniqueData(technique) is not None
|
||||||
|
|
|
@ -605,10 +605,22 @@ def __setOS():
|
||||||
raise sqlmapUnsupportedDBMSException, errMsg
|
raise sqlmapUnsupportedDBMSException, errMsg
|
||||||
|
|
||||||
def __setTechnique():
|
def __setTechnique():
|
||||||
if not conf.technique or not isinstance(conf.technique, int):
|
if not conf.tech or not isinstance(conf.tech, int):
|
||||||
conf.technique = []
|
conf.tech = []
|
||||||
else:
|
else:
|
||||||
conf.technique = filter(lambda x: x in PAYLOAD.SQLINJECTION, [int(c) for c in str(conf.technique)])
|
conf.tech = filter(lambda x: x in PAYLOAD.SQLINJECTION, [int(c) for c in str(conf.tech)])
|
||||||
|
|
||||||
|
if len(conf.tech) > 0:
|
||||||
|
# TODO: consider MySQL/PHP/ASP/web backdoor case where stacked
|
||||||
|
# queries is technically not necessary
|
||||||
|
if any(map(lambda x: conf.__getitem__(x), ['rFile', 'wFile', \
|
||||||
|
'osCmd', 'osShell', 'osPwn', 'osSmb', 'osBof', 'regRead', \
|
||||||
|
'regAdd', 'regDel'])) and PAYLOAD.TECHNIQUE.STACKED not in conf.tech:
|
||||||
|
errMsg = "value for --technique must include stacked queries "
|
||||||
|
errMsg += "technique (4) when you want to access the file "
|
||||||
|
errMsg += "system, takeover the operating system or access "
|
||||||
|
errMsg += "Windows registry hives"
|
||||||
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
def __setDBMS():
|
def __setDBMS():
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -70,6 +70,7 @@ optDict = {
|
||||||
},
|
},
|
||||||
|
|
||||||
"Techniques": {
|
"Techniques": {
|
||||||
|
"tech": "integer",
|
||||||
"timeSec": "integer",
|
"timeSec": "integer",
|
||||||
"uCols": "string",
|
"uCols": "string",
|
||||||
"uChar": "string"
|
"uChar": "string"
|
||||||
|
|
|
@ -164,9 +164,9 @@ def resumeConfKb(expression, url, value):
|
||||||
if injection.place in conf.paramDict and \
|
if injection.place in conf.paramDict and \
|
||||||
injection.parameter in conf.paramDict[injection.place]:
|
injection.parameter in conf.paramDict[injection.place]:
|
||||||
|
|
||||||
if not conf.technique or intersect(conf.technique, injection.data.keys()):
|
if not conf.tech or intersect(conf.tech, injection.data.keys()):
|
||||||
if intersect(conf.technique, injection.data.keys()):
|
if intersect(conf.tech, injection.data.keys()):
|
||||||
injection.data = dict(filter(lambda (key, item): key in conf.technique, injection.data.items()))
|
injection.data = dict(filter(lambda (key, item): key in conf.tech, injection.data.items()))
|
||||||
|
|
||||||
if injection not in kb.injections:
|
if injection not in kb.injections:
|
||||||
kb.injections.append(injection)
|
kb.injections.append(injection)
|
||||||
|
|
|
@ -207,6 +207,10 @@ def cmdLineParser():
|
||||||
"used to tweak testing of specific SQL "
|
"used to tweak testing of specific SQL "
|
||||||
"injection techniques.")
|
"injection techniques.")
|
||||||
|
|
||||||
|
techniques.add_option("--technique", dest="tech", type="int",
|
||||||
|
default=0, help="SQL injection techniques to "
|
||||||
|
"test for (default all)")
|
||||||
|
|
||||||
techniques.add_option("--time-sec", dest="timeSec",
|
techniques.add_option("--time-sec", dest="timeSec",
|
||||||
type="int", default=TIME_DEFAULT_DELAY,
|
type="int", default=TIME_DEFAULT_DELAY,
|
||||||
help="Seconds to delay the DBMS response "
|
help="Seconds to delay the DBMS response "
|
||||||
|
@ -528,9 +532,6 @@ def cmdLineParser():
|
||||||
parser.add_option("--run-case", dest="runCase", type="int",
|
parser.add_option("--run-case", dest="runCase", type="int",
|
||||||
default=None, help=SUPPRESS_HELP)
|
default=None, help=SUPPRESS_HELP)
|
||||||
|
|
||||||
parser.add_option("--technique", dest="technique", type="int",
|
|
||||||
default=0, help=SUPPRESS_HELP)
|
|
||||||
|
|
||||||
parser.add_option("--group-concat", dest="groupConcat", action="store_true",
|
parser.add_option("--group-concat", dest="groupConcat", action="store_true",
|
||||||
default=False, help=SUPPRESS_HELP)
|
default=False, help=SUPPRESS_HELP)
|
||||||
|
|
||||||
|
|
12
sqlmap.conf
12
sqlmap.conf
|
@ -223,6 +223,18 @@ textOnly = False
|
||||||
# techniques.
|
# techniques.
|
||||||
[Techniques]
|
[Techniques]
|
||||||
|
|
||||||
|
# SQL injection techniques to test for.
|
||||||
|
# Valid: an integer composed by 1, 2, 3, 4 or 5 where:
|
||||||
|
# 1: boolean-based blind SQL injection
|
||||||
|
# 2: error-based SQL injection
|
||||||
|
# 3: UNION query SQL injection
|
||||||
|
# 4: stacked queries SQL injection
|
||||||
|
# 5: time-based blind SQL injection
|
||||||
|
# Example: 24 (means test for error-based and stacked queries SQL
|
||||||
|
# injection types only)
|
||||||
|
# Default: 0 (means test for all SQL injection types - recommended)
|
||||||
|
tech = 0
|
||||||
|
|
||||||
# Seconds to delay the response from the DBMS.
|
# Seconds to delay the response from the DBMS.
|
||||||
# Valid: integer
|
# Valid: integer
|
||||||
# Default: 5
|
# Default: 5
|
||||||
|
|
Loading…
Reference in New Issue
Block a user