mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Adding support for multi-threading in (testing) vulnserver
This commit is contained in:
parent
4e938ea4fd
commit
07e6a0a079
|
@ -12,6 +12,7 @@ from __future__ import print_function
|
||||||
import re
|
import re
|
||||||
import sqlite3
|
import sqlite3
|
||||||
import sys
|
import sys
|
||||||
|
import threading
|
||||||
import traceback
|
import traceback
|
||||||
|
|
||||||
if sys.version_info >= (3, 0):
|
if sys.version_info >= (3, 0):
|
||||||
|
@ -53,14 +54,17 @@ LISTEN_PORT = 8440
|
||||||
|
|
||||||
_conn = None
|
_conn = None
|
||||||
_cursor = None
|
_cursor = None
|
||||||
|
_lock = None
|
||||||
_server = None
|
_server = None
|
||||||
|
|
||||||
def init(quiet=False):
|
def init(quiet=False):
|
||||||
global _conn
|
global _conn
|
||||||
global _cursor
|
global _cursor
|
||||||
|
global _lock
|
||||||
|
|
||||||
_conn = sqlite3.connect(":memory:", isolation_level=None, check_same_thread=False)
|
_conn = sqlite3.connect(":memory:", isolation_level=None, check_same_thread=False)
|
||||||
_cursor = _conn.cursor()
|
_cursor = _conn.cursor()
|
||||||
|
_lock = threading.Lock()
|
||||||
|
|
||||||
_cursor.executescript(SCHEMA)
|
_cursor.executescript(SCHEMA)
|
||||||
|
|
||||||
|
@ -116,11 +120,13 @@ class ReqHandler(BaseHTTPRequestHandler):
|
||||||
self.end_headers()
|
self.end_headers()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
with _lock:
|
||||||
_cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params.get("id", ""))
|
_cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params.get("id", ""))
|
||||||
|
results = _cursor.fetchall()
|
||||||
|
|
||||||
output = "<b>SQL results:</b>\n"
|
output = "<b>SQL results:</b>\n"
|
||||||
output += "<table border=\"1\">\n"
|
output += "<table border=\"1\">\n"
|
||||||
for row in _cursor.fetchall():
|
for row in results:
|
||||||
output += "<tr>"
|
output += "<tr>"
|
||||||
for value in row:
|
for value in row:
|
||||||
output += "<td>%s</td>" % value
|
output += "<td>%s</td>" % value
|
||||||
|
|
|
@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.4.41"
|
VERSION = "1.3.4.42"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -20,7 +20,6 @@ import traceback
|
||||||
from extra.beep.beep import beep
|
from extra.beep.beep import beep
|
||||||
from extra.vulnserver import vulnserver
|
from extra.vulnserver import vulnserver
|
||||||
from lib.controller.controller import start
|
from lib.controller.controller import start
|
||||||
from lib.core.common import checkIntegrity
|
|
||||||
from lib.core.common import clearConsoleLine
|
from lib.core.common import clearConsoleLine
|
||||||
from lib.core.common import dataToStdout
|
from lib.core.common import dataToStdout
|
||||||
from lib.core.common import getUnicode
|
from lib.core.common import getUnicode
|
||||||
|
@ -66,15 +65,16 @@ def vulnTest():
|
||||||
thread.start()
|
thread.start()
|
||||||
|
|
||||||
for options, checks in (
|
for options, checks in (
|
||||||
("--identify-waf", ("CloudFlare",)),
|
("--flush-session --identify-waf", ("CloudFlare",)),
|
||||||
("--flush-session", ("Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
|
("--flush-session", ("Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
|
||||||
("--banner --schema --dump -T users --binary-fields=surname --where 'id>3'", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
|
("--banner --schema --dump -T users --binary-fields=surname --where 'id>3'", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
|
||||||
("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
|
("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
|
||||||
("--technique=B --hex --fresh-queries --sql-query='SELECT 987654321'", ("single-thread", ": '987654321'",)),
|
("--technique=B --hex --fresh-queries --threads=4 --sql-query='SELECT 987654321'", ("length of query output", ": '987654321'",)),
|
||||||
("--technique=T --fresh-queries --sql-query='SELECT 1234'", (": '1234'",)),
|
("--technique=T --fresh-queries --sql-query='SELECT 1234'", (": '1234'",)),
|
||||||
):
|
):
|
||||||
output = shellExec("python %s -u http://%s:%d/?id=1 --batch %s" % (os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py"), address, port, options))
|
output = shellExec("python %s -u http://%s:%d/?id=1 --batch %s" % (os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py"), address, port, options))
|
||||||
if not all(check in output for check in checks):
|
if not all(check in output for check in checks):
|
||||||
|
print output
|
||||||
retVal = False
|
retVal = False
|
||||||
|
|
||||||
count += 1
|
count += 1
|
||||||
|
|
Loading…
Reference in New Issue
Block a user