sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-22 19:04:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names

Browse Source
This commit is contained in:
Miroslav Stampar 2011-03-30 18:32:10 +00:00
parent dd01d66f13
commit 0916117447
2 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/controller/checks.py
View File

@ -334,6 +334,7 @@ def checkSqlInjection(place, parameter, value):
elif method == PAYLOAD.METHOD.GREP: elif method == PAYLOAD.METHOD.GREP:
# Perform the test's request and grep the response # Perform the test's request and grep the response
# body for the test's <grep> regular expression # body for the test's <grep> regular expression
try:
page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False) page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \ output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
or extractRegexResult(check, listToStrValue(headers.headers \ or extractRegexResult(check, listToStrValue(headers.headers \
@ -351,6 +352,12 @@ def checkSqlInjection(place, parameter, value):
injectable = True injectable = True
except sqlmapConnectionException, msg:
debugMsg = "problem occured most likely because the "
debugMsg += "server hasn't recovered as expected from the "
debugMsg += "error-based payload used ('%s')" % msg
logger.debug(debugMsg)
# In case of time-based blind or stacked queries # In case of time-based blind or stacked queries
# SQL injections # SQL injections
elif method == PAYLOAD.METHOD.TIME: elif method == PAYLOAD.METHOD.TIME:

6
lib/techniques/brute/use.py
View File

@ -208,6 +208,12 @@ def columnExists(columnFile, regex=None):
infoMsg = "starting %d threads" % conf.threads infoMsg = "starting %d threads" % conf.threads
logger.info(infoMsg) logger.info(infoMsg)
else: else:
message = "please enter number of threads? [Enter for default (%d)] " % conf.threads
choice = readInput(message, default=str(conf.threads))
if choice and choice.isdigit():
conf.threads = int(choice)
if conf.threads == 1:
warnMsg = "running in a single-thread mode. this could take a while." warnMsg = "running in a single-thread mode. this could take a while."
logger.warn(warnMsg) logger.warn(warnMsg)