mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-23 01:56:36 +03:00
more changes
This commit is contained in:
Miroslav Stampar
parent
440ff639bb
commit
18d27cabc5
|
|
@ -54,6 +54,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
|
||||||
* Double quoted string injection
|
* Double quoted string injection
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
logic = conf.logic
|
||||||
randInt = randomInt()
|
randInt = randomInt()
|
||||||
randStr = randomStr()
|
randStr = randomStr()
|
||||||
prefix = ""
|
prefix = ""
|
||||||
|
|
@ -73,7 +74,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
|
||||||
if not prefix and not postfix and case.name == "custom":
|
if not prefix and not postfix and case.name == "custom":
|
||||||
continue
|
continue
|
||||||
|
|
||||||
infoMsg = "testing %s injection " % case.desc
|
infoMsg = "testing %s (%s) injection " % (case.desc, logic)
|
||||||
infoMsg += "on %s parameter '%s'" % (place, parameter)
|
infoMsg += "on %s parameter '%s'" % (place, parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
|
@ -86,7 +87,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
|
||||||
falseResult = Request.queryPage(payload, place)
|
falseResult = Request.queryPage(payload, place)
|
||||||
|
|
||||||
if not falseResult:
|
if not falseResult:
|
||||||
infoMsg = "%s parameter '%s' is %s injectable " % (place, parameter, case.desc)
|
infoMsg = "%s parameter '%s' is %s (%s) injectable " % (place, parameter, case.desc, logic)
|
||||||
infoMsg += "with %d parenthesis" % parenthesis
|
infoMsg += "with %d parenthesis" % parenthesis
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
return case.name
|
return case.name
|
||||||
|
|
|
||||||
|
|
@ -143,6 +143,7 @@ class Agent:
|
||||||
if conf.direct:
|
if conf.direct:
|
||||||
return self.payloadDirect(string)
|
return self.payloadDirect(string)
|
||||||
|
|
||||||
|
logic = conf.logic
|
||||||
query = str()
|
query = str()
|
||||||
case = getInjectionCase(kb.injType)
|
case = getInjectionCase(kb.injType)
|
||||||
|
|
||||||
|
|
@ -172,6 +173,7 @@ class Agent:
|
||||||
if conf.direct:
|
if conf.direct:
|
||||||
return self.payloadDirect(string)
|
return self.payloadDirect(string)
|
||||||
|
|
||||||
|
logic = conf.logic
|
||||||
case = getInjectionCase(kb.injType)
|
case = getInjectionCase(kb.injType)
|
||||||
|
|
||||||
if case is None:
|
if case is None:
|
||||||
|
|
|
||||||
|
|
@ -955,6 +955,7 @@ def __setConfAttributes():
|
||||||
conf.httpHeaders = []
|
conf.httpHeaders = []
|
||||||
conf.hostname = None
|
conf.hostname = None
|
||||||
conf.loggedToOut = None
|
conf.loggedToOut = None
|
||||||
|
conf.logic = "AND"
|
||||||
conf.matchRatio = None
|
conf.matchRatio = None
|
||||||
conf.md5hash = None
|
conf.md5hash = None
|
||||||
conf.multipleTargets = False
|
conf.multipleTargets = False
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,7 @@ def checkForParenthesis():
|
||||||
logMsg = "testing for parenthesis on injectable parameter"
|
logMsg = "testing for parenthesis on injectable parameter"
|
||||||
logger.info(logMsg)
|
logger.info(logMsg)
|
||||||
|
|
||||||
|
logic = conf.logic
|
||||||
count = 0
|
count = 0
|
||||||
case = getInjectionCase(kb.injType)
|
case = getInjectionCase(kb.injType)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,62 +3,62 @@
|
||||||
<root>
|
<root>
|
||||||
<case name="custom" desc="custom">
|
<case name="custom" desc="custom">
|
||||||
<test>
|
<test>
|
||||||
<positive format="%s%s%s AND %s%d=%d %s" params="value, prefix, ")" * parenthesis, "(" * parenthesis, randInt, randInt, postfix"/>
|
<positive format="%s%s%s %s %s%d=%d %s" params="value, prefix, ")" * parenthesis, logic, "(" * parenthesis, randInt, randInt, postfix"/>
|
||||||
<negative format="%s%s%s AND %s%d=%d %s" params="value, prefix, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1, postfix"/>
|
<negative format="%s%s%s %s %s%d=%d %s" params="value, prefix, ")" * parenthesis, logic, "(" * parenthesis, randInt, randInt + 1, postfix"/>
|
||||||
</test>
|
</test>
|
||||||
<usage>
|
<usage>
|
||||||
<prefix format="%s " params="')' * parenthesis"/>
|
<prefix format="%s " params="')' * parenthesis"/>
|
||||||
<postfix format=" AND %s" params="'(' * parenthesis"/>
|
<postfix format=" %s %s" params="logic, '(' * parenthesis"/>
|
||||||
</usage>
|
</usage>
|
||||||
</case>
|
</case>
|
||||||
<case name="numeric" desc="unescaped numeric">
|
<case name="numeric" desc="unescaped numeric">
|
||||||
<test>
|
<test>
|
||||||
<positive format="%s%s AND %s%d=%d" params="value, ")" * parenthesis, "(" * parenthesis, randInt, randInt"/>
|
<positive format="%s%s %s %s%d=%d" params="value, ")" * parenthesis, logic, "(" * parenthesis, randInt, randInt"/>
|
||||||
<negative format="%s%s AND %s%d=%d" params="value, ")" * parenthesis, "(" * parenthesis, randInt, randInt + 1"/>
|
<negative format="%s%s %s %s%d=%d" params="value, ")" * parenthesis, logic, "(" * parenthesis, randInt, randInt + 1"/>
|
||||||
</test>
|
</test>
|
||||||
<usage>
|
<usage>
|
||||||
<prefix format="%s " params="')' * parenthesis"/>
|
<prefix format="%s " params="')' * parenthesis"/>
|
||||||
<postfix format=" AND %s%d=%d" params="'(' * parenthesis, randInt, randInt"/>
|
<postfix format=" %s %s%d=%d" params="logic, '(' * parenthesis, randInt, randInt"/>
|
||||||
</usage>
|
</usage>
|
||||||
</case>
|
</case>
|
||||||
<case name="stringsingle" desc="single quoted string">
|
<case name="stringsingle" desc="single quoted string">
|
||||||
<test>
|
<test>
|
||||||
<positive format="%s'%s AND %s'%s'='%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr"/>
|
<positive format="%s'%s %s %s'%s'='%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr"/>
|
||||||
<negative format="%s'%s AND %s'%s'='%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/>
|
<negative format="%s'%s %s %s'%s'='%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr + randomStr(1)"/>
|
||||||
</test>
|
</test>
|
||||||
<usage>
|
<usage>
|
||||||
<prefix format="'%s " params="')' * parenthesis"/>
|
<prefix format="'%s " params="')' * parenthesis"/>
|
||||||
<postfix format=" AND %s'%s'='%s" params="'(' * parenthesis, randStr, randStr"/>
|
<postfix format=" %s %s'%s'='%s" params="logic, '(' * parenthesis, randStr, randStr"/>
|
||||||
</usage>
|
</usage>
|
||||||
</case>
|
</case>
|
||||||
<case name="likesingle" desc="LIKE single quoted string">
|
<case name="likesingle" desc="LIKE single quoted string">
|
||||||
<test>
|
<test>
|
||||||
<positive format="%s'%s AND %s'%s' LIKE '%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr"/>
|
<positive format="%s'%s %s %s'%s' LIKE '%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr"/>
|
||||||
<negative format="%s'%s AND %s'%s' LIKE '%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/>
|
<negative format="%s'%s %s %s'%s' LIKE '%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr + randomStr(1)"/>
|
||||||
</test>
|
</test>
|
||||||
<usage>
|
<usage>
|
||||||
<prefix format="'%s " params="')' * parenthesis"/>
|
<prefix format="'%s " params="')' * parenthesis"/>
|
||||||
<postfix format=" AND %s'%s' LIKE '%s" params="'(' * parenthesis, randStr, randStr"/>
|
<postfix format=" %s %s'%s' LIKE '%s" params="logic, '(' * parenthesis, randStr, randStr"/>
|
||||||
</usage>
|
</usage>
|
||||||
</case>
|
</case>
|
||||||
<case name="stringdouble" desc="double quoted string">
|
<case name="stringdouble" desc="double quoted string">
|
||||||
<test>
|
<test>
|
||||||
<positive format="%s\"%s AND %s\"%s\"=\"%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr"/>
|
<positive format="%s\"%s %s %s\"%s\"=\"%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr"/>
|
||||||
<negative format="%s\"%s AND %s\"%s\"=\"%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/>
|
<negative format="%s\"%s %s %s\"%s\"=\"%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr + randomStr(1)"/>
|
||||||
</test>
|
</test>
|
||||||
<usage>
|
<usage>
|
||||||
<prefix format=""%s " params="')' * parenthesis"/>
|
<prefix format=""%s " params="')' * parenthesis"/>
|
||||||
<postfix format=" AND %s\"%s\"=\"%s" params="'(' * parenthesis, randStr, randStr"/>
|
<postfix format=" %s %s\"%s\"=\"%s" params="logic, '(' * parenthesis, randStr, randStr"/>
|
||||||
</usage>
|
</usage>
|
||||||
</case>
|
</case>
|
||||||
<case name="likedouble" desc="LIKE double quoted string">
|
<case name="likedouble" desc="LIKE double quoted string">
|
||||||
<test>
|
<test>
|
||||||
<positive format="%s\"%s AND %s\"%s\" LIKE \"%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr"/>
|
<positive format="%s\"%s %s %s\"%s\" LIKE \"%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr"/>
|
||||||
<negative format="%s\"%s AND %s\"%s\" LIKE \"%s" params="value, ")" * parenthesis, "(" * parenthesis, randStr, randStr + randomStr(1)"/>
|
<negative format="%s\"%s %s %s\"%s\" LIKE \"%s" params="value, ")" * parenthesis, logic, "(" * parenthesis, randStr, randStr + randomStr(1)"/>
|
||||||
</test>
|
</test>
|
||||||
<usage>
|
<usage>
|
||||||
<prefix format=""%s " params="')' * parenthesis"/>
|
<prefix format=""%s " params="')' * parenthesis"/>
|
||||||
<postfix format=" AND %s\"%s\" LIKE \"%s" params="'(' * parenthesis, randStr, randStr"/>
|
<postfix format=" %s %s\"%s\" LIKE \"%s" params="logic, '(' * parenthesis, randStr, randStr"/>
|
||||||
</usage>
|
</usage>
|
||||||
</case>
|
</case>
|
||||||
</root>
|
</root>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user