diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py index b5175711b..ebde61ce5 100644 --- a/extra/vulnserver/vulnserver.py +++ b/extra/vulnserver/vulnserver.py @@ -147,16 +147,21 @@ class ReqHandler(BaseHTTPRequestHandler): _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params["id"]) results = _cursor.fetchall() - output += "SQL results:\n" - output += "\n" + output += "SQL results:
\n" - for row in results: - output += "" - for value in row: - output += "" % value - output += "\n" + if results: + output += "
%s
\n" + + for row in results: + output += "" + for value in row: + output += "" % value + output += "\n" + + output += "
%s
\n" + else: + output += "no results found" - output += "\n" output += "" except Exception as ex: code = INTERNAL_SERVER_ERROR diff --git a/lib/controller/checks.py b/lib/controller/checks.py index cf934a753..883767ae0 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -939,6 +939,9 @@ def checkFalsePositives(injection): if conf.string and any(conf.string in getUnicode(_) for _ in (randInt1, randInt2, randInt3)): continue + if conf.notString and any(conf.notString in getUnicode(_) for _ in (randInt1, randInt2, randInt3)): + continue + if randInt3 > randInt2 > randInt1: break diff --git a/lib/core/settings.py b/lib/core/settings.py index 37fa380c8..6b7f01f9c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.5.3" +VERSION = "1.4.5.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 6568fb3da..b779be244 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -48,6 +48,7 @@ def vulnTest(): ("-r --flush-session -v 5 --test-skip='heavy' --save=", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind")), ("-l --flush-session --keep-alive --skip-waf -v 5 --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")), ("-l --offline --banner -v 5", ("banner: '3.", "~[TRAFFIC OUT]")), + ("-u --flush-session --banner --technique=B --not-string 'no results'", ("banner: '3.",)), ("-u --flush-session --banner --technique=B --first=1 --last=2", ("banner: '3.'",)), ("-u --flush-session --encoding=ascii --forms --crawl=2 --threads=2 --banner", ("total of 2 targets", "might be injectable", "Type: UNION query", "banner: '3.")), ("-u --flush-session --data='{\"id\": 1}' --banner", ("might be injectable", "3 columns", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3.")), diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 90fb14c53..29c32893c 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -63,13 +63,19 @@ def _comparison(page, headers, code, getRatioValue, pageLength): if any((conf.string, conf.notString, conf.regexp)): rawResponse = "%s%s" % (listToStrValue(_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)) if headers else "", page) - # String to match in page when the query is True and/or valid + # String to match in page when the query is True if conf.string: return conf.string in rawResponse - # String to match in page when the query is False and/or invalid + # String to match in page when the query is False if conf.notString: - return conf.notString not in rawResponse + if conf.notString in rawResponse: + return False + else: + if kb.errorIsNone and (wasLastResponseDBMSError() or wasLastResponseHTTPError()): + return None + else: + return True # Regular expression to match in page when the query is True and/or valid if conf.regexp: