mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	code reviewing part 2
This commit is contained in:
		
							parent
							
								
									6a0e0cde3c
								
							
						
					
					
						commit
						1fa8f0cba7
					
				|  | @ -57,7 +57,7 @@ class CompleterNG(rlcompleter.Completer): | ||||||
| def autoCompletion(sqlShell=False, osShell=False): | def autoCompletion(sqlShell=False, osShell=False): | ||||||
|     # First of all we check if the readline is available, by default |     # First of all we check if the readline is available, by default | ||||||
|     # it is not in Python default installation on Windows |     # it is not in Python default installation on Windows | ||||||
|     if not readline.haveReadline: |     if not readline._readline: | ||||||
|         return |         return | ||||||
| 
 | 
 | ||||||
|     if sqlShell: |     if sqlShell: | ||||||
|  |  | ||||||
|  | @ -28,6 +28,8 @@ class MSSQLBannerHandler(ContentHandler): | ||||||
|     """ |     """ | ||||||
| 
 | 
 | ||||||
|     def __init__(self, banner, info): |     def __init__(self, banner, info): | ||||||
|  |         ContentHandler.__init__(self) | ||||||
|  | 
 | ||||||
|         self.__banner        = sanitizeStr(banner) |         self.__banner        = sanitizeStr(banner) | ||||||
|         self.__inVersion     = False |         self.__inVersion     = False | ||||||
|         self.__inServicePack = False |         self.__inServicePack = False | ||||||
|  |  | ||||||
|  | @ -18,6 +18,8 @@ class FingerprintHandler(ContentHandler): | ||||||
|     """ |     """ | ||||||
| 
 | 
 | ||||||
|     def __init__(self, banner, info): |     def __init__(self, banner, info): | ||||||
|  |         ContentHandler.__init__(self) | ||||||
|  | 
 | ||||||
|         self.__banner      = sanitizeStr(banner) |         self.__banner      = sanitizeStr(banner) | ||||||
|         self.__regexp      = None |         self.__regexp      = None | ||||||
|         self.__match       = None |         self.__match       = None | ||||||
|  |  | ||||||
|  | @ -25,6 +25,8 @@ class htmlHandler(ContentHandler): | ||||||
|     """ |     """ | ||||||
| 
 | 
 | ||||||
|     def __init__(self, page): |     def __init__(self, page): | ||||||
|  |         ContentHandler.__init__(self) | ||||||
|  | 
 | ||||||
|         self.__dbms   = None |         self.__dbms   = None | ||||||
|         self.__page   = page |         self.__page   = page | ||||||
|         self.__regexp = None |         self.__regexp = None | ||||||
|  |  | ||||||
|  | @ -23,7 +23,7 @@ from lib.core.settings import DIFF_TOLERANCE | ||||||
| from lib.core.settings import LOWER_RATIO_BOUND | from lib.core.settings import LOWER_RATIO_BOUND | ||||||
| from lib.core.settings import UPPER_RATIO_BOUND | from lib.core.settings import UPPER_RATIO_BOUND | ||||||
| 
 | 
 | ||||||
| def comparison(page, headers=None, getSeqMatcher=False, pageLength=None): | def comparison(page, getSeqMatcher=False, pageLength=None): | ||||||
|     if page is None and pageLength is None: |     if page is None and pageLength is None: | ||||||
|         return None |         return None | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -472,8 +472,8 @@ class Connect: | ||||||
|         if content or response: |         if content or response: | ||||||
|             return page, headers |             return page, headers | ||||||
|         elif getSeqMatcher: |         elif getSeqMatcher: | ||||||
|             return comparison(page, headers, getSeqMatcher=False, pageLength=pageLength), comparison(page, headers, getSeqMatcher=True, pageLength=pageLength) |             return comparison(page, getSeqMatcher=False, pageLength=pageLength), comparison(page, getSeqMatcher=True, pageLength=pageLength) | ||||||
|         elif pageLength or page: |         elif pageLength or page: | ||||||
|             return comparison(page, headers, getSeqMatcher, pageLength) |             return comparison(page, getSeqMatcher, pageLength) | ||||||
|         else: |         else: | ||||||
|             return False |             return False | ||||||
|  |  | ||||||
|  | @ -78,6 +78,7 @@ class Web: | ||||||
| 
 | 
 | ||||||
|     def __webFileStreamUpload(self, stream, destFileName, directory): |     def __webFileStreamUpload(self, stream, destFileName, directory): | ||||||
|         stream.seek(0) # Rewind |         stream.seek(0) # Rewind | ||||||
|  |         stream.name = destFileName | ||||||
| 
 | 
 | ||||||
|         if self.webApi in ("php", "asp", "aspx", "jsp"): |         if self.webApi in ("php", "asp", "aspx", "jsp"): | ||||||
|             multipartParams = { |             multipartParams = { | ||||||
|  |  | ||||||
|  | @ -31,7 +31,7 @@ from lib.utils.resume import resume | ||||||
| 
 | 
 | ||||||
| reqCount = 0 | reqCount = 0 | ||||||
| 
 | 
 | ||||||
| def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullChar=None, unpack=True, dump=False): | def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack=True, dump=False): | ||||||
|     """ |     """ | ||||||
|     This function tests for an inband SQL injection on the target |     This function tests for an inband SQL injection on the target | ||||||
|     url then call its subsidiary function to effectively perform an |     url then call its subsidiary function to effectively perform an | ||||||
|  |  | ||||||
|  | @ -92,7 +92,7 @@ class Filesystem(GenericFilesystem): | ||||||
|         logger.debug(debugMsg) |         logger.debug(debugMsg) | ||||||
| 
 | 
 | ||||||
|         sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile) |         sqlQuery = "%s INTO DUMPFILE '%s'" % (fcEncodedStr, dFile) | ||||||
|         unionUse(sqlQuery, direct=True, unescape=False, nullChar="''") |         unionUse(sqlQuery, direct=True, unescape=False) | ||||||
| 
 | 
 | ||||||
|         if confirm: |         if confirm: | ||||||
|             self.askCheckWrittenFile(wFile, dFile, fileType) |             self.askCheckWrittenFile(wFile, dFile, fileType) | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user