improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names

2025-03-19 09:32:25 +03:00 · 2011-03-30 18:32:10 +00:00 · 2011-03-30 18:32:10 +00:00 · 0916117447
commit 0916117447
parent dd01d66f13
2 changed files with 26 additions and 13 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -334,22 +334,29 @@ def checkSqlInjection(place, parameter, value):
                        elif method == PAYLOAD.METHOD.GREP:
                            # Perform the test's request and grep the response
                            # body for the test's <grep> regular expression
-                            page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
-                            output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
-                                    or extractRegexResult(check, listToStrValue(headers.headers \
-                                    if headers else None), re.DOTALL | re.IGNORECASE) \
-                                    or extractRegexResult(check, threadData.lastRedirectMsg[1] \
-                                    if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \
-                                    threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)
+                            try:
+                                page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
+                                output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
+                                        or extractRegexResult(check, listToStrValue(headers.headers \
+                                        if headers else None), re.DOTALL | re.IGNORECASE) \
+                                        or extractRegexResult(check, threadData.lastRedirectMsg[1] \
+                                        if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \
+                                        threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)

-                            if output:
-                                result = output == "1"
+                                if output:
+                                    result = output == "1"

-                                if result:
-                                    infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
-                                    logger.info(infoMsg)
+                                    if result:
+                                        infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
+                                        logger.info(infoMsg)

-                                    injectable = True
+                                        injectable = True
+
+                            except sqlmapConnectionException, msg:
+                                debugMsg  = "problem occured most likely because the "
+                                debugMsg += "server hasn't recovered as expected from the "
+                                debugMsg += "error-based payload used ('%s')" % msg
+                                logger.debug(debugMsg)

                        # In case of time-based blind or stacked queries
                        # SQL injections
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@ -208,6 +208,12 @@ def columnExists(columnFile, regex=None):
        infoMsg = "starting %d threads" % conf.threads
        logger.info(infoMsg)
    else:
+        message = "please enter number of threads? [Enter for default (%d)] " % conf.threads
+        choice = readInput(message, default=str(conf.threads))
+        if choice and choice.isdigit():
+            conf.threads = int(choice)
+        
+    if conf.threads == 1:
        warnMsg = "running in a single-thread mode. this could take a while."
        logger.warn(warnMsg)