sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

removed temp dictionary and replaced with kb.misc

Browse Source
This commit is contained in:
Miroslav Stampar 2010-10-19 23:00:19 +00:00
parent 813f44da16
commit 1b376c99a6
6 changed files with 41 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
lib/core/agent.py
View File

@ -18,7 +18,7 @@ from lib.core.convert import urlencode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import queries from lib.core.data import queries
from lib.core.data import temp from lib.core.datatype import advancedDict
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapNoneDataException
class Agent: class Agent:
@ -27,9 +27,10 @@ class Agent:
""" """
def __init__(self): def __init__(self):
temp.delimiter = randomStr(6) kb.misc = advancedDict()
temp.start = randomStr(6) kb.misc.delimiter = randomStr(6)
temp.stop = randomStr(6) kb.misc.start = randomStr(6)
kb.misc.stop = randomStr(6)
def payloadDirect(self, query): def payloadDirect(self, query):
if query.startswith(" AND "): if query.startswith(" AND "):
@ -265,7 +266,7 @@ class Agent:
for field in fieldsSplitted: for field in fieldsSplitted:
nulledCastedFields.append(self.nullAndCastField(field)) nulledCastedFields.append(self.nullAndCastField(field))
delimiterStr = "%s'%s'%s" % (dbmsDelimiter, temp.delimiter, dbmsDelimiter) delimiterStr = "%s'%s'%s" % (dbmsDelimiter, kb.misc.delimiter, dbmsDelimiter)
nulledCastedConcatFields = delimiterStr.join([field for field in nulledCastedFields]) nulledCastedConcatFields = delimiterStr.join([field for field in nulledCastedFields])
return nulledCastedConcatFields return nulledCastedConcatFields
@ -368,29 +369,29 @@ class Agent:
if kb.dbms == "MySQL": if kb.dbms == "MySQL":
if fieldsSelectCase: if fieldsSelectCase:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % temp.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
concatenatedQuery += ",'%s')" % temp.stop concatenatedQuery += ",'%s')" % kb.misc.stop
elif fieldsSelectFrom: elif fieldsSelectFrom:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % temp.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
concatenatedQuery = concatenatedQuery.replace(" FROM ", ",'%s') FROM " % temp.stop, 1) concatenatedQuery = concatenatedQuery.replace(" FROM ", ",'%s') FROM " % kb.misc.stop, 1)
elif fieldsSelect: elif fieldsSelect:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % temp.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
concatenatedQuery += ",'%s')" % temp.stop concatenatedQuery += ",'%s')" % kb.misc.stop
elif fieldsNoSelect: elif fieldsNoSelect:
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (temp.start, concatenatedQuery, temp.stop) concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
elif kb.dbms in ( "PostgreSQL", "Oracle", "SQLite" ): elif kb.dbms in ( "PostgreSQL", "Oracle", "SQLite" ):
if fieldsSelectCase: if fieldsSelectCase:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % temp.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
concatenatedQuery += "||'%s'" % temp.stop concatenatedQuery += "||'%s'" % kb.misc.stop
elif fieldsSelectFrom: elif fieldsSelectFrom:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % temp.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
concatenatedQuery = concatenatedQuery.replace(" FROM ", "||'%s' FROM " % temp.stop, 1) concatenatedQuery = concatenatedQuery.replace(" FROM ", "||'%s' FROM " % kb.misc.stop, 1)
elif fieldsSelect: elif fieldsSelect:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % temp.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
concatenatedQuery += "||'%s'" % temp.stop concatenatedQuery += "||'%s'" % kb.misc.stop
elif fieldsNoSelect: elif fieldsNoSelect:
concatenatedQuery = "'%s'||%s||'%s'" % (temp.start, concatenatedQuery, temp.stop) concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
if kb.dbms == "Oracle" and " FROM " not in concatenatedQuery and ( fieldsSelect or fieldsNoSelect ): if kb.dbms == "Oracle" and " FROM " not in concatenatedQuery and ( fieldsSelect or fieldsNoSelect ):
concatenatedQuery += " FROM DUAL" concatenatedQuery += " FROM DUAL"
@ -398,19 +399,19 @@ class Agent:
elif kb.dbms == "Microsoft SQL Server": elif kb.dbms == "Microsoft SQL Server":
if fieldsSelectTop: if fieldsSelectTop:
topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1) topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1)
concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, temp.start), 1) concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.misc.start), 1)
concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % temp.stop, 1) concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.misc.stop, 1)
elif fieldsSelectCase: elif fieldsSelectCase:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % temp.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
concatenatedQuery += "+'%s'" % temp.stop concatenatedQuery += "+'%s'" % kb.misc.stop
elif fieldsSelectFrom: elif fieldsSelectFrom:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % temp.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % temp.stop, 1) concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.misc.stop, 1)
elif fieldsSelect: elif fieldsSelect:
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % temp.start, 1) concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
concatenatedQuery += "+'%s'" % temp.stop concatenatedQuery += "+'%s'" % kb.misc.stop
elif fieldsNoSelect: elif fieldsNoSelect:
concatenatedQuery = "'%s'+%s+'%s'" % (temp.start, concatenatedQuery, temp.stop) concatenatedQuery = "'%s'+%s+'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
return concatenatedQuery return concatenatedQuery

9
lib/core/common.py
View File

@ -40,7 +40,6 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.data import queries from lib.core.data import queries
from lib.core.data import temp
from lib.core.convert import urlencode from lib.core.convert import urlencode
from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapFilePathException
from lib.core.exception import sqlmapGenericException from lib.core.exception import sqlmapGenericException
@ -585,7 +584,7 @@ def replaceNewlineTabs(inpStr, stdout=False):
else: else:
replacedString = inpStr.replace("\n", "__NEWLINE__").replace("\t", "__TAB__") replacedString = inpStr.replace("\n", "__NEWLINE__").replace("\t", "__TAB__")
replacedString = replacedString.replace(temp.delimiter, "__DEL__") replacedString = replacedString.replace(kb.misc.delimiter, "__DEL__")
return replacedString return replacedString
@ -860,12 +859,12 @@ def getRange(count, dump=False, plusOne=False):
def parseUnionPage(output, expression, partial=False, condition=None, sort=True): def parseUnionPage(output, expression, partial=False, condition=None, sort=True):
data = [] data = []
outCond1 = ( output.startswith(temp.start) and output.endswith(temp.stop) ) outCond1 = ( output.startswith(kb.misc.start) and output.endswith(kb.misc.stop) )
outCond2 = ( output.startswith("__START__") and output.endswith("__STOP__") ) outCond2 = ( output.startswith("__START__") and output.endswith("__STOP__") )
if outCond1 or outCond2: if outCond1 or outCond2:
if outCond1: if outCond1:
regExpr = '%s(.*?)%s' % (temp.start, temp.stop) regExpr = '%s(.*?)%s' % (kb.misc.start, kb.misc.stop)
elif outCond2: elif outCond2:
regExpr = '__START__(.*?)__STOP__' regExpr = '__START__(.*?)__STOP__'
@ -890,7 +889,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
if "__DEL__" in entry: if "__DEL__" in entry:
entry = entry.split("__DEL__") entry = entry.split("__DEL__")
else: else:
entry = entry.split(temp.delimiter) entry = entry.split(kb.misc.delimiter)
if len(entry) == 1: if len(entry) == 1:
data.append(entry[0]) data.append(entry[0])

4
lib/core/data.py
View File

@ -20,10 +20,6 @@ conf = advancedDict()
# object to share within function and classes results # object to share within function and classes results
kb = advancedDict() kb = advancedDict()
# object to share within function and classes temporary data,
# just for internal use
temp = advancedDict()
# object with each database management system specific queries # object with each database management system specific queries
queries = {} queries = {}

9
lib/request/inject.py
View File

@ -27,7 +27,6 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import queries from lib.core.data import queries
from lib.core.data import temp
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.request.direct import direct from lib.request.direct import direct
@ -97,7 +96,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
parameter through a bisection algorithm. parameter through a bisection algorithm.
""" """
query = agent.prefixQuery(" %s" % temp.inference) query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].inference)
query = agent.postfixQuery(query) query = agent.postfixQuery(query)
payload = agent.payload(newValue=query) payload = agent.payload(newValue=query)
count = None count = None
@ -336,7 +335,7 @@ def __goError(expression, resumeValue=True):
Retrieve the output of a SQL query taking advantage of an error SQL Retrieve the output of a SQL query taking advantage of an error SQL
injection vulnerability on the affected parameter. injection vulnerability on the affected parameter.
""" """
query = agent.prefixQuery(" %s" % temp.error) query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error)
query = agent.postfixQuery(query) query = agent.postfixQuery(query)
payload = agent.payload(newValue=query) payload = agent.payload(newValue=query)
@ -356,13 +355,13 @@ def __goError(expression, resumeValue=True):
forgedPayload = safeStringFormat(payload, expressionUnescaped) forgedPayload = safeStringFormat(payload, expressionUnescaped)
result = Request.queryPage(urlencode(forgedPayload), content=True) result = Request.queryPage(urlencode(forgedPayload), content=True)
match = re.search(temp.errorRegex, result[0], re.DOTALL | re.IGNORECASE) match = re.search(queries[kb.misc.testedDbms].errorRegex, result[0], re.DOTALL | re.IGNORECASE)
if match: if match:
output = match.group('result') output = match.group('result')
if output: if output:
output = output.replace("%c%c%c" % (58, 95, 58), " ").replace("%c%c%c" % (58, 120, 58), "") #':_:' -> EMPTY CHAR, ':x:' -> SPACE CHAR output = output.replace("%c%c%c" % (58, 95, 58), " ").replace("%c%c%c" % (58, 120, 58), "") #':_:' -> EMPTY CHAR, ':x:' -> SPACE CHAR
if temp.error == queries['MySQL'].error: if kb.misc.testedDbms == 'MySQL':
output = output[:-1] output = output[:-1]
infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True) infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)

7
lib/techniques/inband/union/use.py
View File

@ -18,7 +18,6 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import queries from lib.core.data import queries
from lib.core.data import temp
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.techniques.inband.union.test import unionTest from lib.techniques.inband.union.test import unionTest
@ -206,13 +205,13 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
resultPage, _ = Request.queryPage(payload, content=True) resultPage, _ = Request.queryPage(payload, content=True)
reqCount += 1 reqCount += 1
if temp.start not in resultPage or temp.stop not in resultPage: if kb.misc.start not in resultPage or kb.misc.stop not in resultPage:
return return
# Parse the returned page to get the exact inband # Parse the returned page to get the exact inband
# sql injection output # sql injection output
startPosition = resultPage.index(temp.start) startPosition = resultPage.index(kb.misc.start)
endPosition = resultPage.rindex(temp.stop) + len(temp.stop) endPosition = resultPage.rindex(kb.misc.stop) + len(kb.misc.stop)
value = getUnicode(resultPage[startPosition:endPosition]) value = getUnicode(resultPage[startPosition:endPosition])
duration = calculateDeltaSeconds(start) duration = calculateDeltaSeconds(start)

6
plugins/generic/enumeration.py
View File

@ -29,7 +29,6 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.data import queries from lib.core.data import queries
from lib.core.data import temp
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import sqlmapUnsupportedFeatureException from lib.core.exception import sqlmapUnsupportedFeatureException
@ -62,10 +61,7 @@ class Enumeration:
kb.data.cachedTables = {} kb.data.cachedTables = {}
kb.data.cachedColumns = {} kb.data.cachedColumns = {}
kb.data.dumpedTable = {} kb.data.dumpedTable = {}
kb.misc.testedDbms = dbms
temp.inference = queries[dbms].inference
temp.error = queries[dbms].error
temp.errorRegex = queries[dbms].errorRegex
def getBanner(self): def getBanner(self):
if not conf.getBanner: if not conf.getBanner: