sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2019-05-24 14:18:18 +02:00
parent ad01aa7449
commit 130bcd4b9b
9 changed files with 33 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/controller/checks.py
View File

@ -7,13 +7,11 @@ See the file 'LICENSE' for copying permission
import copy
import logging
import os
import random
import re
import socket
import subprocess
import sys
import tempfile
import time
from extra.beep.beep import beep
@ -33,7 +31,6 @@ from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite
from lib.core.common import intersect
from lib.core.common import listToStrValue
from lib.core.common import openFile
from lib.core.common import parseFilePaths
from lib.core.common import popValue
from lib.core.common import pushValue
@ -44,18 +41,15 @@ from lib.core.common import showStaticWords
from lib.core.common import singleTimeLogMessage
from lib.core.common import singleTimeWarnMessage
from lib.core.common import unArrayizeValue
from lib.core.common import urlencode
from lib.core.common import wasLastResponseDBMSError
from lib.core.common import wasLastResponseHTTPError
from lib.core.compat import xrange
from lib.core.convert import getUnicode
from lib.core.defaults import defaults
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.datatype import AttribDict
from lib.core.datatype import InjectionDict
from lib.core.decorators import cachedmethod
from lib.core.decorators import stackedmethod
from lib.core.dicts import FROM_DUMMY_TABLE
from lib.core.enums import DBMS
@ -63,7 +57,6 @@ from lib.core.enums import HASHDB_KEYS
from lib.core.enums import HEURISTIC_TEST
from lib.core.enums import HTTP_HEADER
from lib.core.enums import HTTPMETHOD
from lib.core.enums import MKSTEMP_PREFIX
from lib.core.enums import NOTE
from lib.core.enums import NULLCONNECTION
from lib.core.enums import PAYLOAD
@ -81,7 +74,6 @@ from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH
from lib.core.settings import CHECK_INTERNET_ADDRESS
from lib.core.settings import CHECK_INTERNET_VALUE
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import DEV_EMAIL_ADDRESS
from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
from lib.core.settings import FI_ERROR_REGEX
from lib.core.settings import FORMAT_EXCEPTION_STRINGS
@ -1387,6 +1379,7 @@ def checkWaf():
pushValue(kb.resendPostOnRedirect)
pushValue(conf.timeout)
kb.identYwaf = True
kb.redirectChoice = REDIRECTION.YES
kb.resendPostOnRedirect = False
conf.timeout = IDS_WAF_CHECK_TIMEOUT
@ -1396,12 +1389,15 @@ def checkWaf():
except SqlmapConnectionException:
retVal = True
finally:
kb.identYwaf = False
kb.matchRatio = None
conf.timeout = popValue()
kb.resendPostOnRedirect = popValue()
kb.redirectChoice = popValue()
hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
if retVal:
if not kb.identifiedWafs:
warnMsg = "heuristics detected that the target "
@ -1409,17 +1405,15 @@ def checkWaf():
logger.critical(warnMsg)
message = "are you sure that you want to "
message += "continue with further target testing? [y/N] "
choice = readInput(message, default='N', boolean=True)
if not conf.tamper:
warnMsg = "please consider usage of tamper scripts (option '--tamper')"
singleTimeWarnMessage(warnMsg)
message += "continue with further target testing? [Y/n] "
choice = readInput(message, default='Y', boolean=True)
if not choice:
raise SqlmapUserQuitException
hashDBWrite(HASHDB_KEYS.CHECK_WAF_RESULT, retVal, True)
else:
if not conf.tamper:
warnMsg = "please consider usage of tamper scripts (option '--tamper')"
singleTimeWarnMessage(warnMsg)
return retVal

14
lib/core/common.py
View File

@ -68,7 +68,7 @@ from lib.core.decorators import cachedmethod
from lib.core.defaults import defaults
from lib.core.dicts import DBMS_DICT
from lib.core.dicts import DEFAULT_DOC_ROOTS
from lib.core.dicts import DEPRECATED_OPTIONS
from lib.core.dicts import OLD_OPTIONS
from lib.core.dicts import SQL_STATEMENTS
from lib.core.enums import ADJUST_TIME_DELAY
from lib.core.enums import CONTENT_STATUS
@ -4457,17 +4457,19 @@ def getHostHeader(url):
return retVal
def checkDeprecatedOptions(args):
def checkOldOptions(args):
"""
Checks for deprecated options
Checks for deprecated/obsolete options
"""
for _ in args:
_ = _.split('=')[0].strip()
if _ in DEPRECATED_OPTIONS:
if _ in OLD_OPTIONS:
if OLD_OPTIONS[_]:
errMsg = "switch/option '%s' is deprecated" % _
if DEPRECATED_OPTIONS[_]:
errMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_]
errMsg += " (hint: %s)" % OLD_OPTIONS[_]
else:
errMsg = "switch/option '%s' is obsolete" % _
raise SqlmapSyntaxException(errMsg)
def checkSystemEncoding():

2
lib/core/dicts.py
View File

@ -280,7 +280,7 @@ POST_HINT_CONTENT_TYPES = {
POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
}
DEPRECATED_OPTIONS = {
OLD_OPTIONS = {
"--replicate": "use '--dump-format=SQLITE' instead",
"--no-unescape": "use '--no-escape' instead",
"--binary": "use '--binary-fields' instead",

1
lib/core/option.py
View File

@ -1886,6 +1886,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.hintValue = None
kb.htmlFp = []
kb.httpErrorCodes = {}
kb.identYwaf = False
kb.inferenceMode = False
kb.ignoreCasted = None
kb.ignoreNotFound = False

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.5.132"
VERSION = "1.3.5.133"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

2
lib/core/testing.py
View File

@ -71,7 +71,7 @@ def vulnTest():
thread.start()
for options, checks in (
("--flush-session --identify-waf", ("CloudFlare",)),
("--flush-session", ("CloudFlare",)),
("--flush-session --parse-errors --eval=\"id2=2\" --referer=\"localhost\" --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e\"", (": syntax error", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
("--banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),

1
lib/core/wordlist.py
View File

@ -5,7 +5,6 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import os
import zipfile
from lib.core.common import getSafeExString

4
lib/parse/cmdline.py
View File

@ -17,7 +17,7 @@ from optparse import OptionGroup
from optparse import OptionParser
from optparse import SUPPRESS_HELP
from lib.core.common import checkDeprecatedOptions
from lib.core.common import checkOldOptions
from lib.core.common import checkSystemEncoding
from lib.core.common import dataToStdout
from lib.core.common import expandMnemonics
@ -789,7 +789,7 @@ def cmdLineParser(argv=None):
_.append(getUnicode(arg, encoding=sys.stdin.encoding))
argv = _
checkDeprecatedOptions(argv)
checkOldOptions(argv)
prompt = "--sqlmap-shell" in argv

1
lib/request/basic.py
View File

@ -387,6 +387,7 @@ def processResponse(page, responseHeaders, code=None, status=None):
rawResponse = "%s %s %s\n%s\n%s" % (_http_client.HTTPConnection._http_vsn_str, code or "", status or "", "".join(responseHeaders.headers), page)
if kb.identYwaf:
identYwaf.non_blind.clear()
if identYwaf.non_blind_check(rawResponse, silent=True):
for waf in identYwaf.non_blind: