mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
warp 5 mr spock :)
This commit is contained in:
parent
001cbff2a9
commit
20988e58ed
|
@ -54,6 +54,7 @@ from lib.core.enums import HTTPHEADER
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
from lib.core.enums import PLACE
|
from lib.core.enums import PLACE
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
|
from lib.core.enums import REFLECTIVE_COUNTER
|
||||||
from lib.core.enums import SORTORDER
|
from lib.core.enums import SORTORDER
|
||||||
from lib.core.enums import WARNFLAGS
|
from lib.core.enums import WARNFLAGS
|
||||||
from lib.core.exception import sqlmapDataException
|
from lib.core.exception import sqlmapDataException
|
||||||
|
@ -94,6 +95,7 @@ from lib.core.settings import REFLECTED_VALUE_MARKER
|
||||||
from lib.core.settings import TIME_DEFAULT_DELAY
|
from lib.core.settings import TIME_DEFAULT_DELAY
|
||||||
from lib.core.settings import TIME_STDEV_COEFF
|
from lib.core.settings import TIME_STDEV_COEFF
|
||||||
from lib.core.settings import DYNAMICITY_MARK_LENGTH
|
from lib.core.settings import DYNAMICITY_MARK_LENGTH
|
||||||
|
from lib.core.settings import REFLECTIVE_MISS_THRESHOLD
|
||||||
from lib.core.settings import SENSITIVE_DATA_REGEX
|
from lib.core.settings import SENSITIVE_DATA_REGEX
|
||||||
from lib.core.settings import SUPPORTED_OS
|
from lib.core.settings import SUPPORTED_OS
|
||||||
from lib.core.settings import UNKNOWN_DBMS_VERSION
|
from lib.core.settings import UNKNOWN_DBMS_VERSION
|
||||||
|
@ -2498,7 +2500,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
|
||||||
|
|
||||||
retVal = content
|
retVal = content
|
||||||
|
|
||||||
if all([content, payload]):
|
if all([content, payload]) and kb.reflectiveMechanism:
|
||||||
payload = payload.replace(PAYLOAD_DELIMITER, '')
|
payload = payload.replace(PAYLOAD_DELIMITER, '')
|
||||||
|
|
||||||
regex = filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX)
|
regex = filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX)
|
||||||
|
@ -2508,9 +2510,19 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
|
||||||
|
|
||||||
retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
|
retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
|
||||||
|
|
||||||
if retVal != content and not suppressWarning:
|
if retVal != content:
|
||||||
debugMsg = "reflective value found and filtered out"
|
kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
|
||||||
logger.debug(debugMsg)
|
if not suppressWarning:
|
||||||
|
debugMsg = "reflective value found and filtered out"
|
||||||
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
|
elif not kb.testMode and not kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT]:
|
||||||
|
kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] += 1
|
||||||
|
if kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] > REFLECTIVE_MISS_THRESHOLD:
|
||||||
|
kb.reflectiveMechanism = False
|
||||||
|
if not suppressWarning:
|
||||||
|
debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
|
||||||
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
|
|
@ -57,6 +57,10 @@ class NULLCONNECTION:
|
||||||
HEAD = "HEAD"
|
HEAD = "HEAD"
|
||||||
RANGE = "Range"
|
RANGE = "Range"
|
||||||
|
|
||||||
|
class REFLECTIVE_COUNTER:
|
||||||
|
MISS = "MISS"
|
||||||
|
HIT = "HIT"
|
||||||
|
|
||||||
class HASH:
|
class HASH:
|
||||||
MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'
|
MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'
|
||||||
MYSQL_OLD = r'(?i)\A[0-9a-f]{16}\Z'
|
MYSQL_OLD = r'(?i)\A[0-9a-f]{16}\Z'
|
||||||
|
|
|
@ -61,6 +61,7 @@ from lib.core.enums import HTTPMETHOD
|
||||||
from lib.core.enums import MOBILES
|
from lib.core.enums import MOBILES
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
from lib.core.enums import PRIORITY
|
from lib.core.enums import PRIORITY
|
||||||
|
from lib.core.enums import REFLECTIVE_COUNTER
|
||||||
from lib.core.exception import sqlmapConnectionException
|
from lib.core.exception import sqlmapConnectionException
|
||||||
from lib.core.exception import sqlmapFilePathException
|
from lib.core.exception import sqlmapFilePathException
|
||||||
from lib.core.exception import sqlmapGenericException
|
from lib.core.exception import sqlmapGenericException
|
||||||
|
@ -1378,6 +1379,8 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.proxyAuthHeader = None
|
kb.proxyAuthHeader = None
|
||||||
kb.queryCounter = 0
|
kb.queryCounter = 0
|
||||||
kb.redirectSetCookie = None
|
kb.redirectSetCookie = None
|
||||||
|
kb.reflectiveMechanism = True
|
||||||
|
kb.reflectiveCounters = {REFLECTIVE_COUNTER.MISS:0, REFLECTIVE_COUNTER.HIT:0}
|
||||||
kb.responseTimes = []
|
kb.responseTimes = []
|
||||||
kb.resumedQueries = {}
|
kb.resumedQueries = {}
|
||||||
kb.singleLogFlags = set()
|
kb.singleLogFlags = set()
|
||||||
|
|
|
@ -302,7 +302,7 @@ EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREA
|
||||||
REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'
|
REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'
|
||||||
|
|
||||||
# Regular expression used for marking non-alphanum characters
|
# Regular expression used for marking non-alphanum characters
|
||||||
REFLECTED_NON_ALPHA_NUM_REGEX = r'\W+?'
|
REFLECTED_NON_ALPHA_NUM_REGEX = r'\W+'
|
||||||
|
|
||||||
# Chars which can be used as a failsafe values in case of too long URL encoding value
|
# Chars which can be used as a failsafe values in case of too long URL encoding value
|
||||||
URLENCODE_FAILSAFE_CHARS = '()|,'
|
URLENCODE_FAILSAFE_CHARS = '()|,'
|
||||||
|
@ -348,3 +348,6 @@ LOW_TEXT_PERCENT = 20
|
||||||
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")
|
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")
|
||||||
|
|
||||||
LEGAL_DISCLAIMER = "usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program."
|
LEGAL_DISCLAIMER = "usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program."
|
||||||
|
|
||||||
|
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)
|
||||||
|
REFLECTIVE_MISS_THRESHOLD = 20
|
||||||
|
|
Loading…
Reference in New Issue
Block a user