mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-02 20:54:13 +03:00
further updates
This commit is contained in:
Miroslav Stampar
parent
de6fa1247b
commit
1bf8939e2f
|
|
@ -22,18 +22,16 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
||||||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import codecs
|
|
||||||
import re
|
import re
|
||||||
import socket
|
import socket
|
||||||
import time
|
import time
|
||||||
|
|
||||||
from xml.dom import minidom
|
|
||||||
|
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import getUnicode
|
from lib.core.common import getUnicode
|
||||||
from lib.core.common import preparePageForLineComparison
|
from lib.core.common import preparePageForLineComparison
|
||||||
from lib.core.common import randomInt
|
from lib.core.common import randomInt
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
|
from lib.core.common import readXmlFile
|
||||||
from lib.core.common import DynamicContentItem
|
from lib.core.common import DynamicContentItem
|
||||||
from lib.core.convert import md5hash
|
from lib.core.convert import md5hash
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
|
@ -69,18 +67,12 @@ def checkSqlInjection(place, parameter, value, parenthesis):
|
||||||
if conf.postfix:
|
if conf.postfix:
|
||||||
postfix = conf.postfix
|
postfix = conf.postfix
|
||||||
|
|
||||||
f = codecs.open(paths.INJECTIONS_XML, 'r', conf.dataEncoding)
|
injections = readXmlFile(paths.INJECTIONS_XML)
|
||||||
injections = minidom.parse(f).documentElement
|
|
||||||
f.close()
|
|
||||||
|
|
||||||
for case in injections.getElementsByTagName("case"):
|
for case in injections.getElementsByTagName("case"):
|
||||||
tag = case.getAttribute("tag")
|
tag = case.getAttribute("tag")
|
||||||
desc = case.getAttribute("desc")
|
desc = case.getAttribute("desc")
|
||||||
|
|
||||||
infoMsg = "testing %s injection " % desc
|
|
||||||
infoMsg += "on %s parameter '%s'" % (place, parameter)
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
positive = case.getElementsByTagName("positive")[0]
|
positive = case.getElementsByTagName("positive")[0]
|
||||||
negative = case.getElementsByTagName("negative")[0]
|
negative = case.getElementsByTagName("negative")[0]
|
||||||
|
|
||||||
|
|
@ -89,6 +81,10 @@ def checkSqlInjection(place, parameter, value, parenthesis):
|
||||||
|
|
||||||
if not prefix and not postfix and tag == "custom":
|
if not prefix and not postfix and tag == "custom":
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
infoMsg = "testing %s injection " % desc
|
||||||
|
infoMsg += "on %s parameter '%s'" % (place, parameter)
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
payload = agent.payload(place, parameter, value, format % eval(params))
|
payload = agent.payload(place, parameter, value, format % eval(params))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,7 @@ from subprocess import Popen as execute
|
||||||
from tempfile import NamedTemporaryFile
|
from tempfile import NamedTemporaryFile
|
||||||
from tempfile import mkstemp
|
from tempfile import mkstemp
|
||||||
from xml.etree import ElementTree as ET
|
from xml.etree import ElementTree as ET
|
||||||
|
from xml.dom import minidom
|
||||||
from xml.sax import parse
|
from xml.sax import parse
|
||||||
|
|
||||||
from extra.cloak.cloak import decloak
|
from extra.cloak.cloak import decloak
|
||||||
|
|
@ -1218,6 +1219,7 @@ def getConsoleWidth(default=80):
|
||||||
return width if width else default
|
return width if width else default
|
||||||
|
|
||||||
def parseXmlFile(xmlFile, handler):
|
def parseXmlFile(xmlFile, handler):
|
||||||
|
checkFile(xmlFile)
|
||||||
xfile = codecs.open(xmlFile, 'rb', conf.dataEncoding)
|
xfile = codecs.open(xmlFile, 'rb', conf.dataEncoding)
|
||||||
content = xfile.read()
|
content = xfile.read()
|
||||||
stream = StringIO(content)
|
stream = StringIO(content)
|
||||||
|
|
@ -1225,6 +1227,13 @@ def parseXmlFile(xmlFile, handler):
|
||||||
stream.close()
|
stream.close()
|
||||||
xfile.close()
|
xfile.close()
|
||||||
|
|
||||||
|
def readXmlFile(xmlFile):
|
||||||
|
checkFile(xmlFile)
|
||||||
|
xfile = codecs.open(xmlFile, 'r', conf.dataEncoding)
|
||||||
|
retVal = minidom.parse(xfile).documentElement
|
||||||
|
xfile.close()
|
||||||
|
return retVal
|
||||||
|
|
||||||
def calculateDeltaSeconds(start, epsilon=0.05):
|
def calculateDeltaSeconds(start, epsilon=0.05):
|
||||||
"""
|
"""
|
||||||
Returns elapsed time from start till now (including expected
|
Returns elapsed time from start till now (including expected
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
||||||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import codecs
|
|
||||||
import doctest
|
import doctest
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
|
|
@ -31,12 +30,11 @@ import sys
|
||||||
import tempfile
|
import tempfile
|
||||||
import time
|
import time
|
||||||
|
|
||||||
from xml.dom import minidom
|
|
||||||
|
|
||||||
from lib.controller.controller import start
|
from lib.controller.controller import start
|
||||||
from lib.core.common import dataToStdout
|
from lib.core.common import dataToStdout
|
||||||
from lib.core.common import getCompiledRegex
|
from lib.core.common import getCompiledRegex
|
||||||
from lib.core.common import getConsoleWidth
|
from lib.core.common import getConsoleWidth
|
||||||
|
from lib.core.common import readXmlFile
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.data import paths
|
from lib.core.data import paths
|
||||||
|
|
@ -112,9 +110,7 @@ def liveTest():
|
||||||
count = 0
|
count = 0
|
||||||
global_ = {}
|
global_ = {}
|
||||||
vars_ = {}
|
vars_ = {}
|
||||||
xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding)
|
livetests = readXmlFile(paths.LIVE_TESTS_XML)
|
||||||
livetests = minidom.parse(xfile).documentElement
|
|
||||||
xfile.close()
|
|
||||||
length = len(livetests.getElementsByTagName("case"))
|
length = len(livetests.getElementsByTagName("case"))
|
||||||
|
|
||||||
element = livetests.getElementsByTagName("global")
|
element = livetests.getElementsByTagName("global")
|
||||||
|
|
|
||||||
|
|
@ -22,13 +22,11 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
|
||||||
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import codecs
|
|
||||||
import re
|
import re
|
||||||
import sre_constants
|
import sre_constants
|
||||||
|
|
||||||
from xml.dom import minidom
|
|
||||||
|
|
||||||
from lib.core.common import getCompiledRegex
|
from lib.core.common import getCompiledRegex
|
||||||
|
from lib.core.common import readXmlFile
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import paths
|
from lib.core.data import paths
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
|
|
@ -53,9 +51,7 @@ def checkPayload(string):
|
||||||
global rules
|
global rules
|
||||||
|
|
||||||
if not rules:
|
if not rules:
|
||||||
xfile = codecs.open(paths.DETECTION_RULES_XML, 'r', conf.dataEncoding)
|
xmlrules = readXmlFile(paths.DETECTION_RULES_XML)
|
||||||
xmlrules = minidom.parse(xfile).documentElement
|
|
||||||
xfile.close()
|
|
||||||
rules = []
|
rules = []
|
||||||
|
|
||||||
for xmlrule in xmlrules.getElementsByTagName("filter"):
|
for xmlrule in xmlrules.getElementsByTagName("filter"):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user