mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
removed --useBetween switch and added new tampering module ./tamper/between.py
This commit is contained in:
parent
1ae4d0fc2a
commit
1336b97c2c
|
@ -58,7 +58,6 @@ optDict = {
|
|||
"eString": "string",
|
||||
"eRegexp": "string",
|
||||
"thold": "float",
|
||||
"useBetween": "boolean",
|
||||
},
|
||||
|
||||
"Techniques": {
|
||||
|
|
|
@ -175,10 +175,6 @@ def cmdLineParser():
|
|||
action="store_true", default=False,
|
||||
help="Compare pages based only on their textual content")
|
||||
|
||||
injection.add_option("--use-between", dest="useBetween",
|
||||
action="store_true", default=False,
|
||||
help="Use operator BETWEEN instead of default '>'")
|
||||
|
||||
injection.add_option("--tamper", dest="tamper",
|
||||
help="Use given module(s) for tampering injection data")
|
||||
|
||||
|
|
|
@ -169,10 +169,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
posValueOld = posValue
|
||||
posValue = chr(posValue) if posValue < 128 else unichr(posValue)
|
||||
|
||||
if not conf.useBetween or kb.dbms == "SQLite":
|
||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||
else:
|
||||
forgedPayload = safeStringFormat(payload.replace('%3E', 'NOT BETWEEN 0 AND'), (expressionUnescaped, idx, posValue))
|
||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||
|
||||
queriesCount[0] += 1
|
||||
result = Request.queryPage(urlencode(forgedPayload))
|
||||
|
|
53
tamper/between.py
Normal file
53
tamper/between.py
Normal file
|
@ -0,0 +1,53 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
$Id$
|
||||
|
||||
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
||||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
|
||||
"""
|
||||
'>' -> NOT BETWEEN 0 AND (e.g., A>B->A NOT BETWEEN 0 AND B)
|
||||
"""
|
||||
def tamper(place, value):
|
||||
retVal = value
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
value = urldecode(value)
|
||||
|
||||
retVal = ""
|
||||
qoute, doublequote, firstspace = False, False, False
|
||||
|
||||
for i in xrange(len(value)):
|
||||
if not firstspace:
|
||||
if value[i].isspace():
|
||||
firstspace = True
|
||||
retVal += "/**/"
|
||||
continue
|
||||
|
||||
elif value[i] == '\'':
|
||||
qoute = not qoute
|
||||
|
||||
elif value[i] == '"':
|
||||
doublequote = not doublequote
|
||||
|
||||
elif value[i]==">" and not doublequote and not qoute:
|
||||
retVal += " " if i > 0 and not value[i-1].isspace() else ""
|
||||
retVal += "NOT BETWEEN 0 AND"
|
||||
retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else ""
|
||||
continue
|
||||
|
||||
retVal += value[i]
|
||||
|
||||
if place != "URI":
|
||||
retVal = urlencode(retVal)
|
||||
|
||||
return retVal
|
||||
|
Loading…
Reference in New Issue
Block a user