sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

removed --useBetween switch and added new tampering module ./tamper/between.py

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-15 23:48:07 +00:00
parent 1ae4d0fc2a
commit 1336b97c2c
4 changed files with 54 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/optiondict.py
View File

@ -58,7 +58,6 @@ optDict = {
"eString": "string", "eString": "string",
"eRegexp": "string", "eRegexp": "string",
"thold": "float", "thold": "float",
"useBetween": "boolean",
}, },
"Techniques": { "Techniques": {

4
lib/parse/cmdline.py
View File

@ -175,10 +175,6 @@ def cmdLineParser():
action="store_true", default=False, action="store_true", default=False,
help="Compare pages based only on their textual content") help="Compare pages based only on their textual content")
injection.add_option("--use-between", dest="useBetween",
action="store_true", default=False,
help="Use operator BETWEEN instead of default '>'")
injection.add_option("--tamper", dest="tamper", injection.add_option("--tamper", dest="tamper",
help="Use given module(s) for tampering injection data") help="Use given module(s) for tampering injection data")

5
lib/techniques/blind/inference.py
View File

@ -169,10 +169,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
posValueOld = posValue posValueOld = posValue
posValue = chr(posValue) if posValue < 128 else unichr(posValue) posValue = chr(posValue) if posValue < 128 else unichr(posValue)
if not conf.useBetween or kb.dbms == "SQLite": forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
else:
forgedPayload = safeStringFormat(payload.replace('%3E', 'NOT BETWEEN 0 AND'), (expressionUnescaped, idx, posValue))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(urlencode(forgedPayload)) result = Request.queryPage(urlencode(forgedPayload))

53
tamper/between.py Normal file
View File

@ -0,0 +1,53 @@
#!/usr/bin/env python
"""
$Id$
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urldecode
from lib.core.convert import urlencode
"""
'>' -> NOT BETWEEN 0 AND (e.g., A>B->A NOT BETWEEN 0 AND B)
"""
def tamper(place, value):
retVal = value
if value:
if place != "URI":
value = urldecode(value)
retVal = ""
qoute, doublequote, firstspace = False, False, False
for i in xrange(len(value)):
if not firstspace:
if value[i].isspace():
firstspace = True
retVal += "/**/"
continue
elif value[i] == '\'':
qoute = not qoute
elif value[i] == '"':
doublequote = not doublequote
elif value[i]==">" and not doublequote and not qoute:
retVal += " " if i > 0 and not value[i-1].isspace() else ""
retVal += "NOT BETWEEN 0 AND"
retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else ""
continue
retVal += value[i]
if place != "URI":
retVal = urlencode(retVal)
return retVal