mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-02 20:54:13 +03:00
further updates
This commit is contained in:
Miroslav Stampar
parent
de6fa1247b
commit
1bf8939e2f
|
|
@ -22,18 +22,16 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
|||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
"""
|
||||
|
||||
import codecs
|
||||
import re
|
||||
import socket
|
||||
import time
|
||||
|
||||
from xml.dom import minidom
|
||||
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import getUnicode
|
||||
from lib.core.common import preparePageForLineComparison
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.common import readXmlFile
|
||||
from lib.core.common import DynamicContentItem
|
||||
from lib.core.convert import md5hash
|
||||
from lib.core.data import conf
|
||||
|
|
@ -69,18 +67,12 @@ def checkSqlInjection(place, parameter, value, parenthesis):
|
|||
if conf.postfix:
|
||||
postfix = conf.postfix
|
||||
|
||||
f = codecs.open(paths.INJECTIONS_XML, 'r', conf.dataEncoding)
|
||||
injections = minidom.parse(f).documentElement
|
||||
f.close()
|
||||
injections = readXmlFile(paths.INJECTIONS_XML)
|
||||
|
||||
for case in injections.getElementsByTagName("case"):
|
||||
tag = case.getAttribute("tag")
|
||||
desc = case.getAttribute("desc")
|
||||
|
||||
infoMsg = "testing %s injection " % desc
|
||||
infoMsg += "on %s parameter '%s'" % (place, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
positive = case.getElementsByTagName("positive")[0]
|
||||
negative = case.getElementsByTagName("negative")[0]
|
||||
|
||||
|
|
@ -89,6 +81,10 @@ def checkSqlInjection(place, parameter, value, parenthesis):
|
|||
|
||||
if not prefix and not postfix and tag == "custom":
|
||||
continue
|
||||
|
||||
infoMsg = "testing %s injection " % desc
|
||||
infoMsg += "on %s parameter '%s'" % (place, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
payload = agent.payload(place, parameter, value, format % eval(params))
|
||||
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ from subprocess import Popen as execute
|
|||
from tempfile import NamedTemporaryFile
|
||||
from tempfile import mkstemp
|
||||
from xml.etree import ElementTree as ET
|
||||
from xml.dom import minidom
|
||||
from xml.sax import parse
|
||||
|
||||
from extra.cloak.cloak import decloak
|
||||
|
|
@ -1218,6 +1219,7 @@ def getConsoleWidth(default=80):
|
|||
return width if width else default
|
||||
|
||||
def parseXmlFile(xmlFile, handler):
|
||||
checkFile(xmlFile)
|
||||
xfile = codecs.open(xmlFile, 'rb', conf.dataEncoding)
|
||||
content = xfile.read()
|
||||
stream = StringIO(content)
|
||||
|
|
@ -1225,6 +1227,13 @@ def parseXmlFile(xmlFile, handler):
|
|||
stream.close()
|
||||
xfile.close()
|
||||
|
||||
def readXmlFile(xmlFile):
|
||||
checkFile(xmlFile)
|
||||
xfile = codecs.open(xmlFile, 'r', conf.dataEncoding)
|
||||
retVal = minidom.parse(xfile).documentElement
|
||||
xfile.close()
|
||||
return retVal
|
||||
|
||||
def calculateDeltaSeconds(start, epsilon=0.05):
|
||||
"""
|
||||
Returns elapsed time from start till now (including expected
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
|||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
"""
|
||||
|
||||
import codecs
|
||||
import doctest
|
||||
import logging
|
||||
import os
|
||||
|
|
@ -31,12 +30,11 @@ import sys
|
|||
import tempfile
|
||||
import time
|
||||
|
||||
from xml.dom import minidom
|
||||
|
||||
from lib.controller.controller import start
|
||||
from lib.core.common import dataToStdout
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import getConsoleWidth
|
||||
from lib.core.common import readXmlFile
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import paths
|
||||
|
|
@ -112,9 +110,7 @@ def liveTest():
|
|||
count = 0
|
||||
global_ = {}
|
||||
vars_ = {}
|
||||
xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding)
|
||||
livetests = minidom.parse(xfile).documentElement
|
||||
xfile.close()
|
||||
livetests = readXmlFile(paths.LIVE_TESTS_XML)
|
||||
length = len(livetests.getElementsByTagName("case"))
|
||||
|
||||
element = livetests.getElementsByTagName("global")
|
||||
|
|
|
|||
|
|
@ -22,13 +22,11 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
|||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
"""
|
||||
|
||||
import codecs
|
||||
import re
|
||||
import sre_constants
|
||||
|
||||
from xml.dom import minidom
|
||||
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import readXmlFile
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import paths
|
||||
from lib.core.data import logger
|
||||
|
|
@ -53,9 +51,7 @@ def checkPayload(string):
|
|||
global rules
|
||||
|
||||
if not rules:
|
||||
xfile = codecs.open(paths.DETECTION_RULES_XML, 'r', conf.dataEncoding)
|
||||
xmlrules = minidom.parse(xfile).documentElement
|
||||
xfile.close()
|
||||
xmlrules = readXmlFile(paths.DETECTION_RULES_XML)
|
||||
rules = []
|
||||
|
||||
for xmlrule in xmlrules.getElementsByTagName("filter"):
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user