sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-21 14:02:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:sqlmapproject/sqlmap

Browse Source
This commit is contained in:
Bernardo Damele 2015-03-10 09:25:54 +00:00
commit 0a0c3edf06
5 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/controller/checks.py
View File

@ -719,16 +719,14 @@ def checkFalsePositives(injection):
kb.injection = injection kb.injection = injection
for i in xrange(conf.level): for i in xrange(conf.level):
while True:
randInt1, randInt2, randInt3 = (_() for j in xrange(3)) randInt1, randInt2, randInt3 = (_() for j in xrange(3))
randInt1 = min(randInt1, randInt2, randInt3) randInt1 = min(randInt1, randInt2, randInt3)
randInt3 = max(randInt1, randInt2, randInt3) randInt3 = max(randInt1, randInt2, randInt3)
while randInt1 >= randInt2: if randInt3 > randInt2 > randInt1:
randInt2 = _() break
while randInt2 >= randInt3:
randInt3 = _()
if not checkBooleanExpression("%d=%d" % (randInt1, randInt1)): if not checkBooleanExpression("%d=%d" % (randInt1, randInt1)):
retVal = None retVal = None

4
lib/parse/cmdline.py
View File

@ -694,7 +694,7 @@ def cmdLineParser():
miscellaneous.add_option("--identify-waf", dest="identifyWaf", miscellaneous.add_option("--identify-waf", dest="identifyWaf",
action="store_true", action="store_true",
help="Make a through testing for a WAF/IPS/IDS protection") help="Make a thorough testing for a WAF/IPS/IDS protection")
miscellaneous.add_option("--mobile", dest="mobile", miscellaneous.add_option("--mobile", dest="mobile",
action="store_true", action="store_true",
@ -710,7 +710,7 @@ def cmdLineParser():
miscellaneous.add_option("--smart", dest="smart", miscellaneous.add_option("--smart", dest="smart",
action="store_true", action="store_true",
help="Conduct through tests only if positive heuristic(s)") help="Conduct thorough tests only if positive heuristic(s)")
miscellaneous.add_option("--sqlmap-shell", dest="sqlmapShell", action="store_true", miscellaneous.add_option("--sqlmap-shell", dest="sqlmapShell", action="store_true",
help="Prompt for an interactive sqlmap shell") help="Prompt for an interactive sqlmap shell")

2
lib/request/connect.py
View File

@ -701,7 +701,7 @@ class Connect(object):
payload = payload.replace("'", REPLACEMENT_MARKER).replace('"', "'").replace(REPLACEMENT_MARKER, '"') payload = payload.replace("'", REPLACEMENT_MARKER).replace('"', "'").replace(REPLACEMENT_MARKER, '"')
value = agent.replacePayload(value, payload) value = agent.replacePayload(value, payload)
else: else:
# GET, POST, URI and Cookie payload needs to be throughly URL encoded # GET, POST, URI and Cookie payload needs to be thoroughly URL encoded
if place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and kb.postUrlEncode: if place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and kb.postUrlEncode:
payload = urlencode(payload, '%', False, place != PLACE.URI) # spaceplus is handled down below payload = urlencode(payload, '%', False, place != PLACE.URI) # spaceplus is handled down below
value = agent.replacePayload(value, payload) value = agent.replacePayload(value, payload)

7
lib/utils/api.py
View File

@ -29,6 +29,7 @@ from lib.core.datatype import AttribDict
from lib.core.defaults import _defaults from lib.core.defaults import _defaults
from lib.core.enums import CONTENT_STATUS from lib.core.enums import CONTENT_STATUS
from lib.core.enums import PART_RUN_CONTENT_TYPES from lib.core.enums import PART_RUN_CONTENT_TYPES
from lib.core.exception import SqlmapConnectionException
from lib.core.log import LOGGER_HANDLER from lib.core.log import LOGGER_HANDLER
from lib.core.optiondict import optDict from lib.core.optiondict import optDict
from lib.core.subprocessng import Popen from lib.core.subprocessng import Popen
@ -66,7 +67,10 @@ class Database(object):
logger.debug("REST-JSON API %s connected to IPC database" % who) logger.debug("REST-JSON API %s connected to IPC database" % who)
def disconnect(self): def disconnect(self):
if self.cursor:
self.cursor.close() self.cursor.close()
if self.connection:
self.connection.close() self.connection.close()
def commit(self): def commit(self):
@ -252,8 +256,11 @@ class LogRecorder(logging.StreamHandler):
def setRestAPILog(): def setRestAPILog():
if hasattr(conf, "api"): if hasattr(conf, "api"):
try:
conf.database_cursor = Database(conf.database) conf.database_cursor = Database(conf.database)
conf.database_cursor.connect("client") conf.database_cursor.connect("client")
except sqlite3.OperationalError, ex:
raise SqlmapConnectionException, "%s ('%s')" % (ex, conf.database)
# Set a logging handler that writes log messages to a IPC database # Set a logging handler that writes log messages to a IPC database
logger.removeHandler(LOGGER_HANDLER) logger.removeHandler(LOGGER_HANDLER)

4
sqlmap.conf
View File

@ -735,7 +735,7 @@ disableColoring = False
# Default: 1 # Default: 1
googlePage = 1 googlePage = 1
# Make a through testing for a WAF/IPS/IDS protection. # Make a thorough testing for a WAF/IPS/IDS protection.
# Valid: True or False # Valid: True or False
identifyWaf = False identifyWaf = False
@ -747,7 +747,7 @@ mobile = False
# Valid: True or False # Valid: True or False
pageRank = False pageRank = False
# Conduct through tests only if positive heuristic(s). # Conduct thorough tests only if positive heuristic(s).
# Valid: True or False # Valid: True or False
smart = False smart = False