sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-06 06:03:22 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-10 12:30:36 +00:00
parent 4d8628e8fb
commit 1fc9ed10a8
2 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/enums.py
View File

@ -54,6 +54,10 @@ class HASH:
MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z' MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z'
SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z' SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z'
class EXPECTED:
BOOL = "bool"
INT = "int"
class PAYLOAD: class PAYLOAD:
SQLINJECTION = { SQLINJECTION = {
1: "boolean-based blind", 1: "boolean-based blind",

30
lib/request/inject.py
View File

@ -28,6 +28,7 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import queries from lib.core.data import queries
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNotVulnerableException from lib.core.exception import sqlmapNotVulnerableException
from lib.core.settings import MIN_TIME_RESPONSES from lib.core.settings import MIN_TIME_RESPONSES
@ -79,7 +80,7 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
if resumeValue: if resumeValue:
output = resume(expressionReplaced, payload) output = resume(expressionReplaced, payload)
if not output or ( expected == "int" and not output.isdigit() ): if not output or ( expected == EXPECTED.INT and not output.isdigit() ):
if output: if output:
warnMsg = "expected value type %s, resumed '%s', " % (expected, output) warnMsg = "expected value type %s, resumed '%s', " % (expected, output)
warnMsg += "sqlmap is going to retrieve the value again" warnMsg += "sqlmap is going to retrieve the value again"
@ -145,7 +146,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
else: else:
output = None output = None
if output and ( expected is None or ( expected == "int" and output.isdigit() ) ): if output and ( expected is None or ( expected == EXPECTED.INT and output.isdigit() ) ):
return output return output
if not unpack: if not unpack:
@ -377,7 +378,7 @@ def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=Tr
if condition and resumeValue: if condition and resumeValue:
output = resume(expression, None) output = resume(expression, None)
if not output or ( expected == "int" and not output.isdigit() ): if not output or ( expected == EXPECTED.INT and not output.isdigit() ):
partial = True partial = True
if not output: if not output:
@ -431,7 +432,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if blind and kb.booleanTest and not found: if blind and kb.booleanTest and not found:
kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN
if expected == "bool": if expected == EXPECTED.BOOL:
value = __goBooleanProxy(expression, resumeValue) value = __goBooleanProxy(expression, resumeValue)
else: else:
value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar) value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
@ -457,6 +458,16 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if suppressOutput: if suppressOutput:
conf.verbose = popValue() conf.verbose = popValue()
if expected == EXPECTED.BOOL:
if isinstance(value, basestring):
value = value.lower()
if value in ("true", "false"):
value = bool(value)
else:
value = value != "0"
elif isinstance(value, int):
value = bool(value)
return value return value
def goStacked(expression, silent=False): def goStacked(expression, silent=False):
@ -479,13 +490,4 @@ def goStacked(expression, silent=False):
return payload, page return payload, page
def checkBooleanExpression(expression, expectingNone=False): def checkBooleanExpression(expression, expectingNone=False):
retVal = getValue(expression, expected="bool", expectingNone=expectingNone) return getValue(expression, expected=EXPECTED.BOOL, expectingNone=expectingNone)
if isinstance(retVal, basestring):
retVal = retVal.lower()
if retVal in ("true", "false"):
retVal = bool(retVal)
else:
retVal = retVal != "0"
elif isinstance(retVal, int):
retVal = bool(retVal)
return retVal