diff --git a/lib/controller/checks.py b/lib/controller/checks.py index d206a95eb..58e8bc4d5 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission import copy import httplib +import logging import os import random import re @@ -629,11 +630,12 @@ def checkSqlInjection(place, parameter, value): Backend.forceDbms(kb.dbmsFilter[0]) elif not Backend.getIdentifiedDbms(): if kb.heuristicDbms is None: - warnMsg = "using unescaped version of the test " - warnMsg += "because of zero knowledge of the " - warnMsg += "back-end DBMS. You can try to " - warnMsg += "explicitly set it with option '--dbms'" - singleTimeWarnMessage(warnMsg) + if kb.heuristicTest == HEURISTIC_TEST.POSITIVE or injection.data: + warnMsg = "using unescaped version of the test " + warnMsg += "because of zero knowledge of the " + warnMsg += "back-end DBMS. You can try to " + warnMsg += "explicitly set it with option '--dbms'" + singleTimeWarnMessage(warnMsg) else: Backend.forceDbms(kb.heuristicDbms) @@ -1143,16 +1145,16 @@ def checkDynamicContent(firstPage, secondPage): count += 1 if count > conf.retries: - warnMsg = "target URL is too dynamic. " + warnMsg = "target URL content appears to be too dynamic. " warnMsg += "Switching to '--text-only' " logger.warn(warnMsg) conf.textOnly = True return - warnMsg = "target URL is heavily dynamic" - warnMsg += ". sqlmap is going to retry the request" - logger.critical(warnMsg) + warnMsg = "target URL content appears to be heavily dynamic. " + warnMsg += "sqlmap is going to retry the request(s)" + singleTimeLogMessage(warnMsg, logging.CRITICAL) secondPage, _, _ = Request.queryPage(content=True) findDynamicContent(firstPage, secondPage) @@ -1168,7 +1170,7 @@ def checkStability(): like for instance string matching (--string). """ - infoMsg = "testing if the target URL is stable" + infoMsg = "testing if the target URL content is stable" logger.info(infoMsg) firstPage = kb.originalPage # set inside checkConnection() @@ -1186,7 +1188,7 @@ def checkStability(): if kb.pageStable: if firstPage: - infoMsg = "target URL is stable" + infoMsg = "target URL content is stable" logger.info(infoMsg) else: errMsg = "there was an error checking the stability of page " @@ -1196,12 +1198,11 @@ def checkStability(): logger.error(errMsg) else: - warnMsg = "target URL is not stable. sqlmap will base the page " + warnMsg = "target URL content is not stable. sqlmap will base the page " warnMsg += "comparison on a sequence matcher. If no dynamic nor " warnMsg += "injectable parameters are detected, or in case of " warnMsg += "junk results, refer to user's manual paragraph " - warnMsg += "'Page comparison' and provide a string or regular " - warnMsg += "expression to match on" + warnMsg += "'Page comparison'" logger.warn(warnMsg) message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] " diff --git a/lib/controller/controller.py b/lib/controller/controller.py index fb6664287..50bad20bd 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -583,11 +583,11 @@ def start(): errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')" raise SqlmapNoneDataException(errMsg) else: - errMsg = "all tested parameters appear to be not injectable." + errMsg = "all tested parameters do not appear to be injectable." if conf.level < 5 or conf.risk < 3: - errMsg += " Try to increase '--level'/'--risk' values " - errMsg += "to perform more tests." + errMsg += " Try to increase values for '--level'/'--risk' options " + errMsg += "if you wish to perform more tests." if isinstance(conf.tech, list) and len(conf.tech) < 5: errMsg += " Rerun without providing the option '--technique'." @@ -610,15 +610,9 @@ def start(): if kb.heuristicTest == HEURISTIC_TEST.POSITIVE: errMsg += " As heuristic test turned out positive you are " - errMsg += "strongly advised to continue on with the tests. " - errMsg += "Please, consider usage of tampering scripts as " - errMsg += "your target might filter the queries." + errMsg += "strongly advised to continue on with the tests." - if not conf.string and not conf.notString and not conf.regexp: - errMsg += " Also, you can try to rerun by providing " - errMsg += "either a valid value for option '--string' " - errMsg += "(or '--regexp')." - elif conf.string: + if conf.string: errMsg += " Also, you can try to rerun by providing a " errMsg += "valid value for option '--string' as perhaps the string you " errMsg += "have chosen does not match " @@ -631,8 +625,8 @@ def start(): if not conf.tamper: errMsg += " If you suspect that there is some kind of protection mechanism " - errMsg += "involved (e.g. WAF) maybe you could retry " - errMsg += "with an option '--tamper' (e.g. '--tamper=space2comment')" + errMsg += "involved (e.g. WAF) maybe you could try to use " + errMsg += "option '--tamper' (e.g. '--tamper=space2comment')" raise SqlmapNotVulnerableException(errMsg.rstrip('.')) else: diff --git a/lib/core/settings.py b/lib/core/settings.py index ae2dd48bd..3383253c0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.1.11.35" +VERSION = "1.1.11.36" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4fa179406..7d985f6c0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,8 +21,8 @@ f96467fc5cd1d87f52dd7966c8ae6e79 extra/shutils/regressiontest.py 5fb9aaf874daa47ea2b672a22740e56b extra/sqlharvest/__init__.py 1fc7772edce5a01c31f3932b2fc4c1c6 extra/sqlharvest/sqlharvest.py 21bf2b3a7a22b8cd5d96a6457a1b4997 lib/controller/action.py -7683a078a1766a3ef60fc44701d76ad1 lib/controller/checks.py -7d31b88dab81774316c99e6a8c9b5082 lib/controller/controller.py +52192122202908c89bc84b8563d63280 lib/controller/checks.py +2db2666dba713c710d248a62b2c1c1fe lib/controller/controller.py d2cdb9e832e18a81e936ca3348144b16 lib/controller/handler.py 5fb9aaf874daa47ea2b672a22740e56b lib/controller/__init__.py fd69e56ce20a5a49ce10a7a745022378 lib/core/agent.py @@ -46,7 +46,7 @@ e1c000db9be27f973569b1a430629037 lib/core/option.py 760d9df2a27ded29109b390ab202e72d lib/core/replication.py a2466b62e67f8b31736bac4dac590e51 lib/core/revision.py 02d4762140a72fd44668d3dab5eabda9 lib/core/session.py -a8384d71c6ec22df3c2fc67bf660aee8 lib/core/settings.py +e89b14c4721391f547a76476221beaa8 lib/core/settings.py 35bffbad762eb9e03db9e93b1c991103 lib/core/shell.py a59ec28371ae067a6fdd8f810edbee3d lib/core/subprocessng.py d5a04d672a18f78deb2839c3745ff83c lib/core/target.py