Minor patches (and one bug from ML)

This commit is contained in:
Miroslav Stampar 2016-12-20 09:53:44 +01:00
parent edc6f47758
commit 17c556a63d
7 changed files with 37 additions and 13 deletions

View File

@ -3727,7 +3727,6 @@ def isAdminFromPrivileges(privileges):
# In Firebird there is no specific privilege that means # In Firebird there is no specific privilege that means
# that the user is DBA # that the user is DBA
# TODO: confirm
retVal |= (Backend.isDbms(DBMS.FIREBIRD) and all(_ in privileges for _ in ("SELECT", "INSERT", "UPDATE", "DELETE", "REFERENCES", "EXECUTE"))) retVal |= (Backend.isDbms(DBMS.FIREBIRD) and all(_ in privileges for _ in ("SELECT", "INSERT", "UPDATE", "DELETE", "REFERENCES", "EXECUTE")))
return retVal return retVal
@ -3810,7 +3809,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
continue continue
# flag to know if we are dealing with the same target host # flag to know if we are dealing with the same target host
_ = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], (response.geturl(), url))) _ = checkSameHost(response.geturl(), url)
if conf.scope: if conf.scope:
if not re.search(conf.scope, url, re.I): if not re.search(conf.scope, url, re.I):
@ -3833,6 +3832,18 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
return retVal return retVal
def checkSameHost(*urls):
"""
Returns True if all provided urls share that same host
>>> checkSameHost('http://www.target.com/page1.php?id=1', 'http://www.target.com/images/page2.php')
True
>>> checkSameHost('http://www.target.com/page1.php?id=1', 'http://www.target2.com/images/page2.php')
False
"""
return all(urlparse.urlparse(url or "").netloc.split(':')[0] == urlparse.urlparse(urls[0] or "").netloc.split(':')[0] for url in urls)
def getHostHeader(url): def getHostHeader(url):
""" """
Returns proper Host header value for a given target URL Returns proper Host header value for a given target URL
@ -3902,6 +3913,13 @@ def evaluateCode(code, variables=None):
def serializeObject(object_): def serializeObject(object_):
""" """
Serializes given object Serializes given object
>>> serializeObject([1, 2, 3, ('a', 'b')])
'gAJdcQEoSwFLAksDVQFhVQFihnECZS4='
>>> serializeObject(None)
'gAJOLg=='
>>> serializeObject('foobar')
'gAJVBmZvb2JhcnEBLg=='
""" """
return base64pickle(object_) return base64pickle(object_)
@ -3912,6 +3930,8 @@ def unserializeObject(value):
>>> unserializeObject(serializeObject([1, 2, 3])) == [1, 2, 3] >>> unserializeObject(serializeObject([1, 2, 3])) == [1, 2, 3]
True True
>>> unserializeObject('gAJVBmZvb2JhcnEBLg==')
'foobar'
""" """
return base64unpickle(value) if value else None return base64unpickle(value) if value else None
@ -3958,6 +3978,8 @@ def decodeHexValue(value, raw=False):
>>> decodeHexValue('3132332031') >>> decodeHexValue('3132332031')
u'123 1' u'123 1'
>>> decodeHexValue(['0x31', '0x32'])
[u'1', u'2']
""" """
retVal = value retVal = value

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.12.11" VERSION = "1.0.12.12"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -31,6 +31,7 @@ from extra.safe2bin.safe2bin import safecharencode
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import asciifyUrl from lib.core.common import asciifyUrl
from lib.core.common import calculateDeltaSeconds from lib.core.common import calculateDeltaSeconds
from lib.core.common import checkSameHost
from lib.core.common import clearConsoleLine from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import evaluateCode from lib.core.common import evaluateCode
@ -266,7 +267,7 @@ class Connect(object):
url = urlparse.urljoin(conf.url, url) url = urlparse.urljoin(conf.url, url)
# flag to know if we are dealing with the same target host # flag to know if we are dealing with the same target host
target = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], [url, conf.url or ""])) target = checkSameHost(url, conf.url)
if not retrying: if not retrying:
# Reset the number of connection retries # Reset the number of connection retries

View File

@ -12,6 +12,7 @@ import urlparse
import tempfile import tempfile
import time import time
from lib.core.common import checkSameHost
from lib.core.common import clearConsoleLine from lib.core.common import clearConsoleLine
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import findPageForms from lib.core.common import findPageForms
@ -97,7 +98,7 @@ def crawl(target):
url = urlparse.urljoin(current, href) url = urlparse.urljoin(current, href)
# flag to know if we are dealing with the same target host # flag to know if we are dealing with the same target host
_ = reduce(lambda x, y: x == y, map(lambda x: urlparse.urlparse(x).netloc.split(':')[0], (url, target))) _ = checkSameHost(url, target)
if conf.scope: if conf.scope:
if not re.search(conf.scope, url, re.I): if not re.search(conf.scope, url, re.I):

View File

@ -9,7 +9,7 @@ import sys
sys.dont_write_bytecode = True sys.dont_write_bytecode = True
from lib.utils import versioncheck # this has to be the first non-standard import __import__("lib.utils.versioncheck") # this has to be the first non-standard import
import bdb import bdb
import distutils import distutils

View File

@ -11,7 +11,7 @@ import sys
sys.dont_write_bytecode = True sys.dont_write_bytecode = True
from lib.utils import versioncheck # this has to be the first non-standard import __import__("lib.utils.versioncheck") # this has to be the first non-standard import
from sqlmap import modulePath from sqlmap import modulePath
from lib.core.common import setPaths from lib.core.common import setPaths

View File

@ -26,7 +26,7 @@ ec007a1424da78cfdae90da6ae49ed9b lib/controller/handler.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py
cdffff6260c40ccb4e4092fc21d9d63f lib/core/agent.py cdffff6260c40ccb4e4092fc21d9d63f lib/core/agent.py
eb0bd28b0bd9fbf67dcc3119116df377 lib/core/bigarray.py eb0bd28b0bd9fbf67dcc3119116df377 lib/core/bigarray.py
35f2579af5793e3c8299f05190eec734 lib/core/common.py 88578e4e2dd5f01cf0098dcd276ca598 lib/core/common.py
ab5ef8fe4e4beaef4016d458d0fdefe3 lib/core/convert.py ab5ef8fe4e4beaef4016d458d0fdefe3 lib/core/convert.py
e77cca1cb063016f71f6e6bdebf4ec73 lib/core/data.py e77cca1cb063016f71f6e6bdebf4ec73 lib/core/data.py
1d042f0bc0557d3fd564ea5a46deb77e lib/core/datatype.py 1d042f0bc0557d3fd564ea5a46deb77e lib/core/datatype.py
@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py
b3a62d41a5af6cd7fa733b6227febb0c lib/core/replication.py b3a62d41a5af6cd7fa733b6227febb0c lib/core/replication.py
dfb664b223ac3585d51e58839b777d9b lib/core/revision.py dfb664b223ac3585d51e58839b777d9b lib/core/revision.py
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
e892660b4e7981a575dde143ca06754b lib/core/settings.py 0e55924e1cd0e5ecdf0173e16ebefd5b lib/core/settings.py
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
c3ace7874a536d801f308cf1fd03df99 lib/core/target.py c3ace7874a536d801f308cf1fd03df99 lib/core/target.py
@ -67,7 +67,7 @@ b40a4c5d91770d347df36d3065b63798 lib/parse/sitemap.py
9299f21804033f099681525bb9bf51c0 lib/request/basicauthhandler.py 9299f21804033f099681525bb9bf51c0 lib/request/basicauthhandler.py
083e7f446909b12009e72ae8e5e5737c lib/request/basic.py 083e7f446909b12009e72ae8e5e5737c lib/request/basic.py
c48285682a61d49982cb508351013cb4 lib/request/comparison.py c48285682a61d49982cb508351013cb4 lib/request/comparison.py
de812e1f9e88659adc4d904014260ea9 lib/request/connect.py 80e962cf22d340226856f362ed8c5192 lib/request/connect.py
3d4416fb6802e7e29cf727aefa29355d lib/request/direct.py 3d4416fb6802e7e29cf727aefa29355d lib/request/direct.py
4ae7f4570fb859045f0487cc0b055a8e lib/request/dns.py 4ae7f4570fb859045f0487cc0b055a8e lib/request/dns.py
58f63132eb56ad41ae6af4fe61933a2d lib/request/httpshandler.py 58f63132eb56ad41ae6af4fe61933a2d lib/request/httpshandler.py
@ -100,7 +100,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/union/__init__.py
8c00374e60a7699d4d34337da951d64b lib/techniques/union/test.py 8c00374e60a7699d4d34337da951d64b lib/techniques/union/test.py
afd4d2e3896853299a9b449fe6db626a lib/techniques/union/use.py afd4d2e3896853299a9b449fe6db626a lib/techniques/union/use.py
26c1babc6289fac9056f8b21d10f3bb1 lib/utils/api.py 26c1babc6289fac9056f8b21d10f3bb1 lib/utils/api.py
7c94b6c3088b68975d468c86d47b1b03 lib/utils/crawler.py a450944bcd92eededbd5d640c5c2165b lib/utils/crawler.py
2f76b2667244d849cf8401446f571258 lib/utils/deps.py 2f76b2667244d849cf8401446f571258 lib/utils/deps.py
4dfd3a95e73e806f62372d63bc82511f lib/utils/getch.py 4dfd3a95e73e806f62372d63bc82511f lib/utils/getch.py
f71a7b0aec145ba77edd3c4543621fb9 lib/utils/hashdb.py f71a7b0aec145ba77edd3c4543621fb9 lib/utils/hashdb.py
@ -223,8 +223,8 @@ ff90cb0366f7cefbdd6e573e27e6238c shell/runcmd.exe_
c3cc8b7727161e64ab59f312c33b541a shell/stager.aspx_ c3cc8b7727161e64ab59f312c33b541a shell/stager.aspx_
1f7f125f30e0e800beb21e2ebbab18e1 shell/stager.jsp_ 1f7f125f30e0e800beb21e2ebbab18e1 shell/stager.jsp_
01e3505e796edf19aad6a996101c81c9 shell/stager.php_ 01e3505e796edf19aad6a996101c81c9 shell/stager.php_
c3ee3d5e5eab01436d4d5e1dab0f32db sqlmapapi.py f45056e2c5588acfecab92d70575fd05 sqlmapapi.py
c6c088ca8df6e60c63ef64767472bbcb sqlmap.py 034f6214e740191167d7100de9a4983b sqlmap.py
1316deb997418507e76221c84ec99946 tamper/apostrophemask.py 1316deb997418507e76221c84ec99946 tamper/apostrophemask.py
a6efe8f914c769c52afec703bd73609f tamper/apostrophenullencode.py a6efe8f914c769c52afec703bd73609f tamper/apostrophenullencode.py
b1c56983919b69f4f6f0e7929c881e7a tamper/appendnullbyte.py b1c56983919b69f4f6f0e7929c881e7a tamper/appendnullbyte.py