mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
removed --useBetween switch and added new tampering module ./tamper/between.py
This commit is contained in:
parent
1ae4d0fc2a
commit
1336b97c2c
|
@ -58,7 +58,6 @@ optDict = {
|
||||||
"eString": "string",
|
"eString": "string",
|
||||||
"eRegexp": "string",
|
"eRegexp": "string",
|
||||||
"thold": "float",
|
"thold": "float",
|
||||||
"useBetween": "boolean",
|
|
||||||
},
|
},
|
||||||
|
|
||||||
"Techniques": {
|
"Techniques": {
|
||||||
|
|
|
@ -175,10 +175,6 @@ def cmdLineParser():
|
||||||
action="store_true", default=False,
|
action="store_true", default=False,
|
||||||
help="Compare pages based only on their textual content")
|
help="Compare pages based only on their textual content")
|
||||||
|
|
||||||
injection.add_option("--use-between", dest="useBetween",
|
|
||||||
action="store_true", default=False,
|
|
||||||
help="Use operator BETWEEN instead of default '>'")
|
|
||||||
|
|
||||||
injection.add_option("--tamper", dest="tamper",
|
injection.add_option("--tamper", dest="tamper",
|
||||||
help="Use given module(s) for tampering injection data")
|
help="Use given module(s) for tampering injection data")
|
||||||
|
|
||||||
|
|
|
@ -169,10 +169,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
posValueOld = posValue
|
posValueOld = posValue
|
||||||
posValue = chr(posValue) if posValue < 128 else unichr(posValue)
|
posValue = chr(posValue) if posValue < 128 else unichr(posValue)
|
||||||
|
|
||||||
if not conf.useBetween or kb.dbms == "SQLite":
|
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
|
||||||
else:
|
|
||||||
forgedPayload = safeStringFormat(payload.replace('%3E', 'NOT BETWEEN 0 AND'), (expressionUnescaped, idx, posValue))
|
|
||||||
|
|
||||||
queriesCount[0] += 1
|
queriesCount[0] += 1
|
||||||
result = Request.queryPage(urlencode(forgedPayload))
|
result = Request.queryPage(urlencode(forgedPayload))
|
||||||
|
|
53
tamper/between.py
Normal file
53
tamper/between.py
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
"""
|
||||||
|
$Id$
|
||||||
|
|
||||||
|
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
||||||
|
See the file 'doc/COPYING' for copying permission
|
||||||
|
"""
|
||||||
|
|
||||||
|
import re
|
||||||
|
|
||||||
|
from lib.core.convert import urldecode
|
||||||
|
from lib.core.convert import urlencode
|
||||||
|
|
||||||
|
"""
|
||||||
|
'>' -> NOT BETWEEN 0 AND (e.g., A>B->A NOT BETWEEN 0 AND B)
|
||||||
|
"""
|
||||||
|
def tamper(place, value):
|
||||||
|
retVal = value
|
||||||
|
|
||||||
|
if value:
|
||||||
|
if place != "URI":
|
||||||
|
value = urldecode(value)
|
||||||
|
|
||||||
|
retVal = ""
|
||||||
|
qoute, doublequote, firstspace = False, False, False
|
||||||
|
|
||||||
|
for i in xrange(len(value)):
|
||||||
|
if not firstspace:
|
||||||
|
if value[i].isspace():
|
||||||
|
firstspace = True
|
||||||
|
retVal += "/**/"
|
||||||
|
continue
|
||||||
|
|
||||||
|
elif value[i] == '\'':
|
||||||
|
qoute = not qoute
|
||||||
|
|
||||||
|
elif value[i] == '"':
|
||||||
|
doublequote = not doublequote
|
||||||
|
|
||||||
|
elif value[i]==">" and not doublequote and not qoute:
|
||||||
|
retVal += " " if i > 0 and not value[i-1].isspace() else ""
|
||||||
|
retVal += "NOT BETWEEN 0 AND"
|
||||||
|
retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else ""
|
||||||
|
continue
|
||||||
|
|
||||||
|
retVal += value[i]
|
||||||
|
|
||||||
|
if place != "URI":
|
||||||
|
retVal = urlencode(retVal)
|
||||||
|
|
||||||
|
return retVal
|
||||||
|
|
Loading…
Reference in New Issue
Block a user