improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names

lib/controller/checks.py

@@ -334,22 +334,29 @@ def checkSqlInjection(place, parameter, value):
                         elif method == PAYLOAD.METHOD.GREP:
                             # Perform the test's request and grep the response
                             # body for the test's <grep> regular expression
-                            page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
+                            try:
-                            output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
+                                page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
-                                    or extractRegexResult(check, listToStrValue(headers.headers \
+                                output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
-                                    if headers else None), re.DOTALL | re.IGNORECASE) \
+                                        or extractRegexResult(check, listToStrValue(headers.headers \
-                                    or extractRegexResult(check, threadData.lastRedirectMsg[1] \
+                                        if headers else None), re.DOTALL | re.IGNORECASE) \
-                                    if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \
+                                        or extractRegexResult(check, threadData.lastRedirectMsg[1] \
-                                    threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)
+                                        if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \
+                                        threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)
 
-                            if output:
+                                if output:
-                                result = output == "1"
+                                    result = output == "1"
 
-                                if result:
+                                    if result:
-                                    infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
+                                        infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
-                                    logger.info(infoMsg)
+                                        logger.info(infoMsg)
 
-                                    injectable = True
+                                        injectable = True
+
+                            except sqlmapConnectionException, msg:
+                                debugMsg  = "problem occured most likely because the "
+                                debugMsg += "server hasn't recovered as expected from the "
+                                debugMsg += "error-based payload used ('%s')" % msg
+                                logger.debug(debugMsg)
 
                         # In case of time-based blind or stacked queries
                         # SQL injections

lib/techniques/brute/use.py

@@ -208,6 +208,12 @@ def columnExists(columnFile, regex=None):
         infoMsg = "starting %d threads" % conf.threads
         logger.info(infoMsg)
     else:
+        message = "please enter number of threads? [Enter for default (%d)] " % conf.threads
+        choice = readInput(message, default=str(conf.threads))
+        if choice and choice.isdigit():
+            conf.threads = int(choice)
+        
+    if conf.threads == 1:
         warnMsg = "running in a single-thread mode. this could take a while."
         logger.warn(warnMsg)