mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-16 19:40:37 +03:00
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
This commit is contained in:
Bernardo Damele
parent
2dae934a2b
commit
2129935e06
|
|
@ -167,7 +167,7 @@ def start():
|
|||
if not checkConnection() or not checkString() or not checkRegexp():
|
||||
continue
|
||||
|
||||
if conf.useNullConnection:
|
||||
if conf.nullConnection:
|
||||
checkNullConnection()
|
||||
|
||||
if not conf.dropSetCookie and conf.cj:
|
||||
|
|
|
|||
|
|
@ -536,7 +536,7 @@ def __setTamperingFunctions():
|
|||
"""
|
||||
|
||||
if conf.tamper:
|
||||
for tfile in conf.tamper.split(';'):
|
||||
for tfile in conf.tamper.split(','):
|
||||
found = False
|
||||
|
||||
if not tfile:
|
||||
|
|
@ -980,8 +980,8 @@ def __cleanupOptions():
|
|||
conf.multipleTargets = True
|
||||
|
||||
if conf.optimize:
|
||||
conf.useCommonPrediction = conf.keepAlive = True
|
||||
conf.useNullConnection = not conf.textOnly
|
||||
conf.commonPrediction = conf.keepAlive = True
|
||||
conf.nullConnection = not conf.textOnly
|
||||
|
||||
def __setConfAttributes():
|
||||
"""
|
||||
|
|
@ -1207,11 +1207,11 @@ def __basicOptionValidation():
|
|||
errMsg = "value for --threshold (thold) option must be in range [0,1]"
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
|
||||
if conf.textOnly and conf.useNullConnection:
|
||||
if conf.textOnly and conf.nullConnection:
|
||||
errMsg = "switch --text-only is incompatible with switch --null-connection"
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
|
||||
if conf.data and conf.useNullConnection:
|
||||
if conf.data and conf.nullConnection:
|
||||
errMsg = "switch --data is incompatible with switch --null-connection"
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
|
||||
|
|
|
|||
|
|
@ -27,18 +27,16 @@ optDict = {
|
|||
"cookie": "string",
|
||||
"cookieUrlencode": "boolean",
|
||||
"dropSetCookie": "boolean",
|
||||
"referer": "string",
|
||||
"agent": "string",
|
||||
"userAgentsFile": "string",
|
||||
"referer": "string",
|
||||
"headers": "string",
|
||||
"aType": "string",
|
||||
"aCred": "string",
|
||||
"aCert": "string",
|
||||
"keepAlive": "boolean",
|
||||
"proxy": "string",
|
||||
"pCred": "string",
|
||||
"ignoreProxy": "boolean",
|
||||
"threads": "integer",
|
||||
"delay": "float",
|
||||
"timeout": "float",
|
||||
"retries": "integer",
|
||||
|
|
@ -47,6 +45,14 @@ optDict = {
|
|||
"saFreq": "integer"
|
||||
},
|
||||
|
||||
"Optimization": {
|
||||
"optimize": "boolean",
|
||||
"commonPrediction": "boolean",
|
||||
"keepAlive": "boolean",
|
||||
"nullConnection": "boolean",
|
||||
"threads": "integer"
|
||||
},
|
||||
|
||||
"Injection": {
|
||||
"testParameter": "string",
|
||||
"dbms": "string",
|
||||
|
|
@ -58,6 +64,8 @@ optDict = {
|
|||
"eString": "string",
|
||||
"eRegexp": "string",
|
||||
"thold": "float",
|
||||
"textOnly": "boolean",
|
||||
"tamper": "string"
|
||||
},
|
||||
|
||||
"Techniques": {
|
||||
|
|
@ -88,17 +96,19 @@ optDict = {
|
|||
"dumpTable": "boolean",
|
||||
"dumpAll": "boolean",
|
||||
"search": "boolean",
|
||||
"user": "string",
|
||||
"db": "string",
|
||||
"tbl": "string",
|
||||
"col": "string",
|
||||
"user": "string",
|
||||
"excludeSysDbs": "boolean",
|
||||
"limitStart": "integer",
|
||||
"limitStop": "integer",
|
||||
"firstChar": "integer",
|
||||
"lastChar": "integer",
|
||||
"query": "string",
|
||||
"sqlShell": "boolean"
|
||||
"sqlShell": "boolean",
|
||||
"cExists": "boolean",
|
||||
"tableFile": "string"
|
||||
},
|
||||
|
||||
"User-defined function": {
|
||||
|
|
@ -137,6 +147,7 @@ optDict = {
|
|||
"xmlFile": "string",
|
||||
"sessionFile": "string",
|
||||
"flushSession": "boolean",
|
||||
"forms": "boolean",
|
||||
"eta": "boolean",
|
||||
"googlePage": "integer",
|
||||
"updateAll": "boolean",
|
||||
|
|
|
|||
|
|
@ -128,6 +128,28 @@ def cmdLineParser():
|
|||
request.add_option("--safe-freq", dest="saFreq", type="int", default=0,
|
||||
help="Test requests between two visits to a given safe url")
|
||||
|
||||
# Optimization options
|
||||
optimization = OptionGroup(parser, "Optimization", "These "
|
||||
"options can be used to optimize the "
|
||||
"performance of sqlmap.")
|
||||
|
||||
optimization.add_option("-o", dest="optimize",
|
||||
action="store_true", default=False,
|
||||
help="Use all optimization options")
|
||||
|
||||
optimization.add_option("--common-prediction", dest="commonPrediction", action="store_true",
|
||||
default=False, help="Use 'Good samaritan' feature")
|
||||
|
||||
optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
|
||||
default=False, help="Use persistent HTTP(s) connections")
|
||||
|
||||
optimization.add_option("--null-connection", dest="nullConnection", action="store_true",
|
||||
default=False, help="Retrieve page length without actual HTTP response body")
|
||||
|
||||
optimization.add_option("--threads", dest="threads", type="int", default=1,
|
||||
help="Maximum number of concurrent HTTP "
|
||||
"requests (default 1)")
|
||||
|
||||
# Injection options
|
||||
injection = OptionGroup(parser, "Injection", "These options can be "
|
||||
"used to specify which parameters to test "
|
||||
|
|
@ -415,28 +437,6 @@ def cmdLineParser():
|
|||
windows.add_option("--reg-type", dest="regType",
|
||||
help="Windows registry key value type")
|
||||
|
||||
# Optimization options
|
||||
optimization = OptionGroup(parser, "Optimization", "These "
|
||||
"options can be used to optimize the "
|
||||
"performance of sqlmap.")
|
||||
|
||||
optimization.add_option("-o", dest="optimize",
|
||||
action="store_true", default=False,
|
||||
help="Use all optimization options")
|
||||
|
||||
optimization.add_option("--common-prediction", dest="useCommonPrediction", action="store_true",
|
||||
default=False, help="Use 'Good samaritan' feature")
|
||||
|
||||
optimization.add_option("--keep-alive", dest="keepAlive", action="store_true",
|
||||
default=False, help="Use persistent HTTP(s) connections")
|
||||
|
||||
optimization.add_option("--null-connection", dest="useNullConnection", action="store_true",
|
||||
default=False, help="Retrieve page length without actual HTTP response body")
|
||||
|
||||
optimization.add_option("--threads", dest="threads", type="int", default=1,
|
||||
help="Maximum number of concurrent HTTP "
|
||||
"requests (default 1)")
|
||||
|
||||
# Miscellaneous options
|
||||
miscellaneous = OptionGroup(parser, "Miscellaneous")
|
||||
|
||||
|
|
@ -499,6 +499,7 @@ def cmdLineParser():
|
|||
|
||||
parser.add_option_group(target)
|
||||
parser.add_option_group(request)
|
||||
parser.add_option_group(optimization)
|
||||
parser.add_option_group(injection)
|
||||
parser.add_option_group(techniques)
|
||||
parser.add_option_group(fingerprint)
|
||||
|
|
@ -507,7 +508,6 @@ def cmdLineParser():
|
|||
parser.add_option_group(filesystem)
|
||||
parser.add_option_group(takeover)
|
||||
parser.add_option_group(windows)
|
||||
parser.add_option_group(optimization)
|
||||
parser.add_option_group(miscellaneous)
|
||||
|
||||
args = []
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
|
||||
# Set kb.partRun in case "common prediction" feature (a.k.a. "good
|
||||
# samaritan") is used
|
||||
kb.partRun = getPartRun() if conf.useCommonPrediction else None
|
||||
kb.partRun = getPartRun() if conf.commonPrediction else None
|
||||
|
||||
if "LENGTH(" in expression or "LEN(" in expression:
|
||||
firstChar = 0
|
||||
|
|
@ -427,7 +427,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
# Common prediction feature (a.k.a. "good samaritan")
|
||||
# NOTE: to be used only when multi-threading is not set for
|
||||
# the moment
|
||||
if conf.useCommonPrediction and len(finalValue) > 0 and kb.partRun is not None:
|
||||
if conf.commonPrediction and len(finalValue) > 0 and kb.partRun is not None:
|
||||
val = None
|
||||
commonValue, commonPattern, commonCharset, otherCharset = goGoodSamaritan(finalValue, asciiTbl)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user