sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor patches (pydiatra)

Browse Source
This commit is contained in:
Miroslav Stampar 2017-04-14 13:08:51 +02:00
parent 81e6dab965
commit 0e206da7c0
13 changed files with 29 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
extra/mssqlsig/update.py
View File

@ -43,7 +43,7 @@ def updateMSSQLXML():
return return
releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I | re.M) releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I)
releasesCount = len(releases) releasesCount = len(releases)
# Create the minidom document # Create the minidom document
@ -74,7 +74,7 @@ def updateMSSQLXML():
stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1]) stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1])
mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx] mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx]
servicepackVersion = re.findall("</td><td>[7\.0|2000|2005|2008|2008 R2]*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I | re.M) servicepackVersion = re.findall("</td><td>[7\.0|2000|2005|2008|2008 R2]*(.*?)</td><td.*?([\d\.]+)</td>[\r]*\n", mssqlVersionsReleaseString, re.I)
for servicePack, version in servicepackVersion: for servicePack, version in servicepackVersion:
if servicePack.startswith(" "): if servicePack.startswith(" "):

2
extra/shutils/regressiontest.py
View File

@ -83,7 +83,7 @@ def main():
if stderr: if stderr:
failure_email("Execution of regression test failed with error:\n\n%s" % stderr) failure_email("Execution of regression test failed with error:\n\n%s" % stderr)
failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout, re.M) failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout)
for failed_test in failed_tests: for failed_test in failed_tests:
title = failed_test[0] title = failed_test[0]

2
lib/controller/controller.py
View File

@ -140,7 +140,7 @@ def _formatInjection(inj):
if inj.place == PLACE.CUSTOM_HEADER: if inj.place == PLACE.CUSTOM_HEADER:
payload = payload.split(',', 1)[1] payload = payload.split(',', 1)[1]
if stype == PAYLOAD.TECHNIQUE.UNION: if stype == PAYLOAD.TECHNIQUE.UNION:
count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1 count = re.sub(r"(?i)(\(.+\))|(\blimit[^a-z]+)", "", sdata.payload).count(',') + 1
title = re.sub(r"\d+ to \d+", str(count), title) title = re.sub(r"\d+ to \d+", str(count), title)
vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6]) vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
if count == 1: if count == 1:

2
lib/core/agent.py
View File

@ -296,7 +296,7 @@ class Agent(object):
elif suffix and not comment: elif suffix and not comment:
expression += suffix.replace('\\', BOUNDARY_BACKSLASH_MARKER) expression += suffix.replace('\\', BOUNDARY_BACKSLASH_MARKER)
return re.sub(r"(?s);\W*;", ";", expression) return re.sub(r";\W*;", ";", expression)
def cleanupPayload(self, payload, origValue=None): def cleanupPayload(self, payload, origValue=None):
if payload is None: if payload is None:

2
lib/core/common.py
View File

@ -1961,7 +1961,7 @@ def getSQLSnippet(dbms, sfile, **variables):
retVal = readCachedFileContent(filename) retVal = readCachedFileContent(filename)
retVal = re.sub(r"#.+", "", retVal) retVal = re.sub(r"#.+", "", retVal)
retVal = re.sub(r"(?s);\s+", "; ", retVal).strip("\r\n") retVal = re.sub(r";\s+", "; ", retVal).strip("\r\n")
for _ in variables.keys(): for _ in variables.keys():
retVal = re.sub(r"%%%s%%" % _, variables[_], retVal) retVal = re.sub(r"%%%s%%" % _, variables[_], retVal)

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.1.4.23" VERSION = "1.1.4.24"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

3
lib/core/target.py
View File

@ -532,7 +532,8 @@ def _setResultsFile():
except (OSError, IOError), ex: except (OSError, IOError), ex:
try: try:
warnMsg = "unable to create results file '%s' ('%s'). " % (conf.resultsFilename, getUnicode(ex)) warnMsg = "unable to create results file '%s' ('%s'). " % (conf.resultsFilename, getUnicode(ex))
conf.resultsFilename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.RESULTS, suffix=".csv")[1] handle, conf.resultsFilename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.RESULTS, suffix=".csv")
os.close(handle)
conf.resultsFP = openFile(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0) conf.resultsFP = openFile(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0)
warnMsg += "Using temporary file '%s' instead" % conf.resultsFilename warnMsg += "Using temporary file '%s' instead" % conf.resultsFilename
logger.warn(warnMsg) logger.warn(warnMsg)

6
lib/utils/api.py
View File

@ -163,7 +163,8 @@ class Task(object):
self.options = AttribDict(self._original_options) self.options = AttribDict(self._original_options)
def engine_start(self): def engine_start(self):
configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)[1] handle, configFile = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.CONFIG, text=True)
os.close(handle)
saveConfig(self.options, configFile) saveConfig(self.options, configFile)
if os.path.exists("sqlmap.py"): if os.path.exists("sqlmap.py"):
@ -651,7 +652,8 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST
REST-JSON API server REST-JSON API server
""" """
DataStore.admin_id = hexencode(os.urandom(16)) DataStore.admin_id = hexencode(os.urandom(16))
Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False)[1] handle, Database.filepath = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.IPC, text=False)
os.close(handle)
if port == 0: # random if port == 0: # random
with contextlib.closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as s: with contextlib.closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as s:

2
lib/utils/crawler.py
View File

@ -87,7 +87,7 @@ def crawl(target):
tags = soup('a') tags = soup('a')
if not tags: if not tags:
tags = re.finditer(r'(?si)<a[^>]+href="(?P<href>[^>"]+)"', content) tags = re.finditer(r'(?i)<a[^>]+href="(?P<href>[^>"]+)"', content)
for tag in tags: for tag in tags:
href = tag.get("href") if hasattr(tag, "get") else tag.group("href") href = tag.get("href") if hasattr(tag, "get") else tag.group("href")

2
plugins/generic/syntax.py
View File

@ -22,7 +22,7 @@ class Syntax:
retVal = expression retVal = expression
if quote: if quote:
for item in re.findall(r"'[^']*'+", expression, re.S): for item in re.findall(r"'[^']*'+", expression):
_ = item[1:-1] _ = item[1:-1]
if _: if _:
retVal = retVal.replace(item, escaper(_)) retVal = retVal.replace(item, escaper(_))

24
txt/checksum.md5
View File

@ -8,7 +8,7 @@ acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_
2176d964f2d5ba2d871383d6a1868b8f extra/icmpsh/icmpsh_m.py 2176d964f2d5ba2d871383d6a1868b8f extra/icmpsh/icmpsh_m.py
2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py 2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py
310efc965c862cfbd7b0da5150a5ad36 extra/__init__.py 310efc965c862cfbd7b0da5150a5ad36 extra/__init__.py
c7973dc651586ba26d9553ad1ecfee74 extra/mssqlsig/update.py 20dd956898077268ce1acc017ecdbfd7 extra/mssqlsig/update.py
310efc965c862cfbd7b0da5150a5ad36 extra/safe2bin/__init__.py 310efc965c862cfbd7b0da5150a5ad36 extra/safe2bin/__init__.py
d3e99da5b5c2209e97836af9098124ee extra/safe2bin/safe2bin.py d3e99da5b5c2209e97836af9098124ee extra/safe2bin/safe2bin.py
d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_ d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_
@ -16,17 +16,17 @@ d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_
c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_
3c07d5ecd7208748892c0459f6ca084a extra/shutils/duplicates.py 3c07d5ecd7208748892c0459f6ca084a extra/shutils/duplicates.py
8cd064eea3506e5dd913e03171bc418f extra/shutils/pylint.py 8cd064eea3506e5dd913e03171bc418f extra/shutils/pylint.py
02b87ce441efb4e9e6249237a6ce9655 extra/shutils/regressiontest.py 07afd64e65926bba66cee5ca092ac7d9 extra/shutils/regressiontest.py
310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py 310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py
7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py 7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py
5df358defc488bee9b40084892e3d1cb lib/controller/action.py 5df358defc488bee9b40084892e3d1cb lib/controller/action.py
9cb94acd4c59822a5e1a258c4d1a4860 lib/controller/checks.py 9cb94acd4c59822a5e1a258c4d1a4860 lib/controller/checks.py
20fbacfdcef41214dc2e9ad31fbc28ad lib/controller/controller.py 8bf4fde39867b94600f61dc7fddcf3b0 lib/controller/controller.py
d79481ab99acd739615e747d4a79d9d0 lib/controller/handler.py d79481ab99acd739615e747d4a79d9d0 lib/controller/handler.py
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
19905ecb4437b94512cf21d5f1720091 lib/core/agent.py 5c4cddb0016d02a57bd1b05b3fc60c54 lib/core/agent.py
6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py 6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py
8f827c514751b85890da09581c21285c lib/core/common.py 1fa78f8104a2b39e87c19cb20e8eab72 lib/core/common.py
5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py 5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py
a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py
7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py 7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py
@ -45,10 +45,10 @@ dd19b4d930d418f8aef498941346ab2d lib/core/option.py
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py 785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py 40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
4682e416a9eb8d2c5d0f8c6d433760b3 lib/core/settings.py c6ecd382fa5a3e8de450e55aa92c8b84 lib/core/settings.py
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py 2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py 2571146b71f487a3d11867746c033e40 lib/core/target.py
8970b88627902239d695280b1160e16c lib/core/testing.py 8970b88627902239d695280b1160e16c lib/core/testing.py
5521241c750855a4e44747fbac7771c6 lib/core/threads.py 5521241c750855a4e44747fbac7771c6 lib/core/threads.py
ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py
@ -99,8 +99,8 @@ be752c8075641bc390368c9955f34c91 lib/techniques/error/use.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py
19fd73af7a278fd72b46a5a60f5bdd09 lib/techniques/union/test.py 19fd73af7a278fd72b46a5a60f5bdd09 lib/techniques/union/test.py
c2bf28aab749b0de30bfdeea6d09449f lib/techniques/union/use.py c2bf28aab749b0de30bfdeea6d09449f lib/techniques/union/use.py
981318873e2df1cc55173e8b8a4a7637 lib/utils/api.py 67f0ad96ec2207d7e59c788b858afd6d lib/utils/api.py
29e32d59fcdd63c5a13498af1f367c8c lib/utils/crawler.py c42203069fef3b326b42b464f3aa60d3 lib/utils/crawler.py
ba12c69a90061aa14d848b8396e79191 lib/utils/deps.py ba12c69a90061aa14d848b8396e79191 lib/utils/deps.py
3b9fd519164e0bf275d5fd361c3f11ff lib/utils/getch.py 3b9fd519164e0bf275d5fd361c3f11ff lib/utils/getch.py
ccfdad414ce2ec0c394c3deaa39a82bf lib/utils/hashdb.py ccfdad414ce2ec0c394c3deaa39a82bf lib/utils/hashdb.py
@ -210,7 +210,7 @@ feca57a968c528a2fe3ccafbc83a17f8 plugins/generic/fingerprint.py
310efc965c862cfbd7b0da5150a5ad36 plugins/generic/__init__.py 310efc965c862cfbd7b0da5150a5ad36 plugins/generic/__init__.py
8fd5913823e97e21a8eea717cd12fc96 plugins/generic/misc.py 8fd5913823e97e21a8eea717cd12fc96 plugins/generic/misc.py
64b052d1df6d7fe34d73b51196f68ae3 plugins/generic/search.py 64b052d1df6d7fe34d73b51196f68ae3 plugins/generic/search.py
dca509ef83bf7d74ad26ebe4a03e4c6a plugins/generic/syntax.py 562cfa80a15d5f7f1d52e10c5736d7e2 plugins/generic/syntax.py
25cc2788cc3da6f8a0bcff0e41ff586e plugins/generic/takeover.py 25cc2788cc3da6f8a0bcff0e41ff586e plugins/generic/takeover.py
02c8da99874f1cfd869d9e3bbb7c84e6 plugins/generic/users.py 02c8da99874f1cfd869d9e3bbb7c84e6 plugins/generic/users.py
310efc965c862cfbd7b0da5150a5ad36 plugins/__init__.py 310efc965c862cfbd7b0da5150a5ad36 plugins/__init__.py
@ -389,7 +389,7 @@ a0200fc79bae0ec597b98c82894562a5 waf/armor.py
d764bf3b9456a02a7f8a0149a93ff950 waf/aws.py d764bf3b9456a02a7f8a0149a93ff950 waf/aws.py
dbc89fc642074c6d17a04532e623f976 waf/baidu.py dbc89fc642074c6d17a04532e623f976 waf/baidu.py
e4e713cc4e5504eed0311fa62b05a6f9 waf/barracuda.py e4e713cc4e5504eed0311fa62b05a6f9 waf/barracuda.py
8a6f2edc3ff9c031e2b58733ee76cfa0 waf/bigip.py 81af1707c0783d205075d887c9868043 waf/bigip.py
2adee01cbf513944cd3d281af1c05a86 waf/binarysec.py 2adee01cbf513944cd3d281af1c05a86 waf/binarysec.py
db312318ee5309577917faca1cd2c077 waf/blockdos.py db312318ee5309577917faca1cd2c077 waf/blockdos.py
520ef7b59340b96b4a43e7fdba760967 waf/ciscoacexml.py 520ef7b59340b96b4a43e7fdba760967 waf/ciscoacexml.py
@ -409,7 +409,7 @@ d50e17ed49e1a3cb846e652ed98e3b3c waf/hyperguard.py
5a364b68519a5872c4d60be11d2a23c1 waf/isaserver.py 5a364b68519a5872c4d60be11d2a23c1 waf/isaserver.py
8bfbae2b692538da0fb1a812330b2649 waf/jiasule.py 8bfbae2b692538da0fb1a812330b2649 waf/jiasule.py
0b50798c12802bf98a850dd716b0d96d waf/knownsec.py 0b50798c12802bf98a850dd716b0d96d waf/knownsec.py
6d47157944211d758483ff8f97b810e8 waf/kona.py bb4177a5a1b4a8d590bf556b409625ac waf/kona.py
4fed33de1ffb2214bc1baa9f925c3eb9 waf/modsecurity.py 4fed33de1ffb2214bc1baa9f925c3eb9 waf/modsecurity.py
fe690dfc4b2825c3682ceecef7ee9e6e waf/netcontinuum.py fe690dfc4b2825c3682ceecef7ee9e6e waf/netcontinuum.py
bd55ed30291b31db63b761db472f41ea waf/netscaler.py bd55ed30291b31db63b761db472f41ea waf/netscaler.py

2
waf/bigip.py
View File

@ -18,7 +18,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = headers.get("X-Cnection", "").lower() == "close" retval = headers.get("X-Cnection", "").lower() == "close"
retval |= re.search(r"\ATS[a-zA-Z0-9]{4,}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"\ATS\w{4,}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= re.search(r"\AF5\Z", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\AF5\Z", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None

2
waf/kona.py
View File

@ -17,7 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, headers, code = get_page(get=vector)
retval = code in (400, 403, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is not None retval = code in (400, 403, 501) and re.search(r"Reference #[0-9a-f.]+", page or "", re.I) is not None
retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval: if retval:
break break