sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

added concept of tamper script priority

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-04 10:29:40 +00:00
parent 303359e8b1
commit 18aea251b3
13 changed files with 85 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/common.py
View File

@ -110,7 +110,6 @@ class DynamicContentItem:
self.lineContentBefore = lineContentBefore self.lineContentBefore = lineContentBefore
self.lineContentAfter = lineContentAfter self.lineContentAfter = lineContentAfter
def paramToDict(place, parameters=None): def paramToDict(place, parameters=None):
""" """
Split the parameters into names and values, check if these parameters Split the parameters into names and values, check if these parameters

33
lib/core/option.py
View File

@ -31,6 +31,7 @@ from lib.core.common import parseTargetDirect
from lib.core.common import parseTargetUrl from lib.core.common import parseTargetUrl
from lib.core.common import paths from lib.core.common import paths
from lib.core.common import randomRange from lib.core.common import randomRange
from lib.core.common import readInput
from lib.core.common import runningAsAdmin from lib.core.common import runningAsAdmin
from lib.core.common import sanitizeStr from lib.core.common import sanitizeStr
from lib.core.common import UnicodeRawConfigParser from lib.core.common import UnicodeRawConfigParser
@ -47,7 +48,9 @@ from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapMissingPrivileges from lib.core.exception import sqlmapMissingPrivileges
from lib.core.exception import sqlmapSyntaxException from lib.core.exception import sqlmapSyntaxException
from lib.core.exception import sqlmapUnsupportedDBMSException from lib.core.exception import sqlmapUnsupportedDBMSException
from lib.core.exception import sqlmapUserQuitException
from lib.core.optiondict import optDict from lib.core.optiondict import optDict
from lib.core.priority import PRIORITY
from lib.core.settings import IS_WIN from lib.core.settings import IS_WIN
from lib.core.settings import PLATFORM from lib.core.settings import PLATFORM
from lib.core.settings import PYVERSION from lib.core.settings import PYVERSION
@ -521,6 +524,11 @@ def __setTamperingFunctions():
""" """
if conf.tamper: if conf.tamper:
last_priority = PRIORITY.LOWEST
check_priority = True
resolve_priorities = False
priorities = []
for tfile in conf.tamper.split(','): for tfile in conf.tamper.split(','):
found = False found = False
@ -556,16 +564,41 @@ def __setTamperingFunctions():
except ImportError, msg: except ImportError, msg:
raise sqlmapSyntaxException, "can not import tamper script '%s' (%s)" % (filename[:-3], msg) raise sqlmapSyntaxException, "can not import tamper script '%s' (%s)" % (filename[:-3], msg)
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
for name, function in inspect.getmembers(module, inspect.isfunction): for name, function in inspect.getmembers(module, inspect.isfunction):
if name == "tamper" and function.func_code.co_argcount == 1: if name == "tamper" and function.func_code.co_argcount == 1:
kb.tamperFunctions.append(function) kb.tamperFunctions.append(function)
found = True found = True
if check_priority and priority < last_priority:
message = "it seems that you've probably "
message += "mixed order of tamper scripts.\n"
message += "do you want to auto resolve this? [Y/n/q]"
test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"):
resolve_priorities = True
elif test[0] in ("n", "N"):
resolve_priorities = False
elif test[0] in ("q", "Q"):
raise sqlmapUserQuitException
check_priority = False
priorities.append((priority, function))
last_priority = priority
break break
if not found: if not found:
raise sqlmapGenericException, "missing function 'tamper(value)' in tamper script '%s'" % tfile raise sqlmapGenericException, "missing function 'tamper(value)' in tamper script '%s'" % tfile
if resolve_priorities and priorities:
priorities.sort()
kb.tamperFunctions = []
for _, function in priorities:
kb.tamperFunctions.append(function)
def __setThreads(): def __setThreads():
if not isinstance(conf.threads, int) or conf.threads <= 0: if not isinstance(conf.threads, int) or conf.threads <= 0:
conf.threads = 1 conf.threads = 1

17
lib/core/priority.py Normal file
View File

@ -0,0 +1,17 @@
#!/usr/bin/env python
"""
$Id$
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
class PRIORITY:
LOWEST = -100
LOWER = -50
LOW = -10
NORMAL = 0
HIGH = 10
HIGHER = 50
HIGHEST = 100

4
tamper/between.py
View File

@ -7,6 +7,10 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.HIGHEST
def tamper(value): def tamper(value):
""" """
Replaces '>' with 'NOT BETWEEN 0 AND #' Replaces '>' with 'NOT BETWEEN 0 AND #'

3
tamper/charencode.py
View File

@ -10,6 +10,9 @@ See the file 'doc/COPYING' for copying permission
import string import string
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.LOWEST
def tamper(value): def tamper(value):
""" """

3
tamper/charunicodeencode.py
View File

@ -10,6 +10,9 @@ See the file 'doc/COPYING' for copying permission
import string import string
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.LOWEST
def tamper(value): def tamper(value):
""" """

4
tamper/ifnull2ifisnull.py
View File

@ -7,6 +7,10 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.HIGHEST
def tamper(value): def tamper(value):
""" """
Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'

3
tamper/randomcase.py
View File

@ -11,6 +11,9 @@ import re
from lib.core.common import randomRange from lib.core.common import randomRange
from lib.core.data import kb from lib.core.data import kb
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.NORMAL
def tamper(value): def tamper(value):
""" """

3
tamper/randomcomments.py
View File

@ -11,6 +11,9 @@ import re
from lib.core.common import randomRange from lib.core.common import randomRange
from lib.core.data import kb from lib.core.data import kb
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(value): def tamper(value):
""" """

4
tamper/space2comment.py
View File

@ -7,6 +7,10 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(value): def tamper(value):
""" """
Replaces ' ' with '/**/' Replaces ' ' with '/**/'

4
tamper/space2plus.py
View File

@ -7,6 +7,10 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(value): def tamper(value):
""" """
Replaces ' ' with '+' Replaces ' ' with '+'

4
tamper/space2randomblank.py
View File

@ -9,6 +9,10 @@ See the file 'doc/COPYING' for copying permission
import random import random
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.LOW
def tamper(value): def tamper(value):
""" """
Replaces ' ' with a random blank char from a set ('\r', '\n', '\t') Replaces ' ' with a random blank char from a set ('\r', '\n', '\t')

3
tamper/urlencode.py
View File

@ -9,6 +9,9 @@ See the file 'doc/COPYING' for copying permission
from lib.core.convert import urlencode from lib.core.convert import urlencode
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.priority import PRIORITY
__priority__ = PRIORITY.LOWER
def tamper(value): def tamper(value):
""" """