sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-18 04:20:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

More adjustments related to unescape() and cleanupPayload().

Browse Source 
Minor code cleanup related to error-based payload.
This commit is contained in:
Bernardo Damele 2011-02-06 23:27:56 +00:00
parent 6a71629575
commit 061f56daf9
3 changed files with 13 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/controller/checks.py
View File

@ -166,10 +166,6 @@ def checkSqlInjection(place, parameter, value):
continue continue
# Force back-end DBMS according to the current
# test value for proper payload unescaping
Backend.forceDbms(dbms)
# Skip test if it does not match the same SQL injection clause # Skip test if it does not match the same SQL injection clause
# already identified by another test # already identified by another test
clauseMatch = False clauseMatch = False
@ -196,9 +192,13 @@ def checkSqlInjection(place, parameter, value):
infoMsg = "testing '%s'" % title infoMsg = "testing '%s'" % title
logger.info(infoMsg) logger.info(infoMsg)
# Force back-end DBMS according to the current
# test value for proper payload unescaping
Backend.forceDbms(dbms)
# Parse test's <request> # Parse test's <request>
comment = agent.getComment(test.request) comment = agent.getComment(test.request)
fstPayload = agent.cleanupPayload(test.request.payload, value) fstPayload = agent.cleanupPayload(test.request.payload, origValue=value)
for boundary in conf.boundaries: for boundary in conf.boundaries:
injectable = False injectable = False
@ -279,11 +279,11 @@ def checkSqlInjection(place, parameter, value):
# payload was successful # payload was successful
# Parse test's <response> # Parse test's <response>
for method, check in test.response.items(): for method, check in test.response.items():
check = agent.cleanupPayload(check, value) check = agent.cleanupPayload(check, origValue=value)
# In case of boolean-based blind SQL injection # In case of boolean-based blind SQL injection
if method == PAYLOAD.METHOD.COMPARISON: if method == PAYLOAD.METHOD.COMPARISON:
sndPayload = agent.cleanupPayload(test.response.comparison, value) sndPayload = agent.cleanupPayload(test.response.comparison, origValue=value)
# Forge response payload by prepending with # Forge response payload by prepending with
# boundary's prefix and appending the boundary's # boundary's prefix and appending the boundary's

14
lib/core/agent.py
View File

@ -139,6 +139,7 @@ class Agent:
if conf.direct: if conf.direct:
return self.payloadDirect(expression) return self.payloadDirect(expression)
expression = self.cleanupPayload(expression)
expression = unescaper.unescape(expression) expression = unescaper.unescape(expression)
query = None query = None
@ -167,7 +168,6 @@ class Agent:
query += " " query += " "
query = "%s%s" % (query, expression) query = "%s%s" % (query, expression)
query = self.cleanupPayload(query)
return query return query
@ -180,6 +180,7 @@ class Agent:
if conf.direct: if conf.direct:
return self.payloadDirect(expression) return self.payloadDirect(expression)
expression = self.cleanupPayload(expression)
expression = unescaper.unescape(expression) expression = unescaper.unescape(expression)
if comment is not None: if comment is not None:
@ -198,11 +199,9 @@ class Agent:
elif suffix is not None: elif suffix is not None:
expression += " %s" % suffix expression += " %s" % suffix
expression = self.cleanupPayload(expression)
return expression.rstrip() return expression.rstrip()
def cleanupPayload(self, payload, origvalue=None, query=None): def cleanupPayload(self, payload, origValue=None):
if payload is None: if payload is None:
return return
@ -220,11 +219,8 @@ class Agent:
payload = payload.replace("[SPACE_REPLACE]", kb.misc.space) payload = payload.replace("[SPACE_REPLACE]", kb.misc.space)
payload = payload.replace("[SLEEPTIME]", str(conf.timeSec)) payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
if query is not None: if origValue is not None:
payload = payload.replace("[QUERY]", query.lstrip()) payload = payload.replace("[ORIGVALUE]", origValue)
if origvalue is not None:
payload = payload.replace("[ORIGVALUE]", origvalue)
if "[INFERENCE]" in payload: if "[INFERENCE]" in payload:
if Backend.getIdentifiedDbms() is not None: if Backend.getIdentifiedDbms() is not None:

2
lib/techniques/error/use.py
View File

@ -47,7 +47,7 @@ def __oneShotErrorUse(expression, field):
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(%d))" % MYSQL_ERROR_TRIM_LENGTH) nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(%d))" % MYSQL_ERROR_TRIM_LENGTH)
# Forge the error-based SQL injection request # Forge the error-based SQL injection request
vector = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector) vector = kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector
query = agent.prefixQuery(vector) query = agent.prefixQuery(vector)
query = agent.suffixQuery(query) query = agent.suffixQuery(query)
injExpression = expression.replace(field, nulledCastedField, 1) injExpression = expression.replace(field, nulledCastedField, 1)