sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Patch for cases when error page looks more like original, than the False one does

Browse Source
This commit is contained in:
Miroslav Stampar 2016-05-30 16:46:23 +02:00
parent b965e5bf1c
commit 229d3a7dd0
4 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/controller/checks.py
View File

@ -79,6 +79,7 @@ from lib.core.settings import URI_HTTP_HEADER
from lib.core.settings import UPPER_RATIO_BOUND from lib.core.settings import UPPER_RATIO_BOUND
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.request.comparison import comparison
from lib.request.inject import checkBooleanExpression from lib.request.inject import checkBooleanExpression
from lib.request.templates import getPageTemplate from lib.request.templates import getPageTemplate
from lib.techniques.union.test import unionTest from lib.techniques.union.test import unionTest
@ -464,6 +465,11 @@ def checkSqlInjection(place, parameter, value):
errorResult = Request.queryPage(errorPayload, place, raise404=False) errorResult = Request.queryPage(errorPayload, place, raise404=False)
if errorResult: if errorResult:
continue continue
elif not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
_ = comparison(kb.heuristicPage, None, getRatioValue=True)
if _ > kb.matchRatio:
kb.matchRatio = _
logger.debug("adjusting match ratio for current parameter to %.3f" % kb.matchRatio)
infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType, parameter, title) infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType, parameter, title)
logger.info(infoMsg) logger.info(infoMsg)
@ -899,6 +905,7 @@ def heuristicCheckSqlInjection(place, parameter):
payload = agent.payload(place, parameter, newValue=payload) payload = agent.payload(place, parameter, newValue=payload)
page, _ = Request.queryPage(payload, place, content=True, raise404=False) page, _ = Request.queryPage(payload, place, content=True, raise404=False)
kb.heuristicPage = page
kb.heuristicMode = False kb.heuristicMode = False
parseFilePaths(page) parseFilePaths(page)

8
lib/controller/controller.py
View File

@ -593,24 +593,24 @@ def start():
if not conf.string and not conf.notString and not conf.regexp: if not conf.string and not conf.notString and not conf.regexp:
errMsg += " Also, you can try to rerun by providing " errMsg += " Also, you can try to rerun by providing "
errMsg += "either a valid value for option '--string' " errMsg += "either a valid value for option '--string' "
errMsg += "(or '--regexp')" errMsg += "(or '--regexp')."
elif conf.string: elif conf.string:
errMsg += " Also, you can try to rerun by providing a " errMsg += " Also, you can try to rerun by providing a "
errMsg += "valid value for option '--string' as perhaps the string you " errMsg += "valid value for option '--string' as perhaps the string you "
errMsg += "have chosen does not match " errMsg += "have chosen does not match "
errMsg += "exclusively True responses" errMsg += "exclusively True responses."
elif conf.regexp: elif conf.regexp:
errMsg += " Also, you can try to rerun by providing a " errMsg += " Also, you can try to rerun by providing a "
errMsg += "valid value for option '--regexp' as perhaps the regular " errMsg += "valid value for option '--regexp' as perhaps the regular "
errMsg += "expression that you have chosen " errMsg += "expression that you have chosen "
errMsg += "does not match exclusively True responses" errMsg += "does not match exclusively True responses."
if not conf.tamper: if not conf.tamper:
errMsg += " If you suspect that there is some kind of protection mechanism " errMsg += " If you suspect that there is some kind of protection mechanism "
errMsg += "involved (e.g. WAF) maybe you could retry " errMsg += "involved (e.g. WAF) maybe you could retry "
errMsg += "with an option '--tamper' (e.g. '--tamper=space2comment')" errMsg += "with an option '--tamper' (e.g. '--tamper=space2comment')"
raise SqlmapNotVulnerableException(errMsg) raise SqlmapNotVulnerableException(errMsg.rstrip('.'))
else: else:
# Flush the flag # Flush the flag
kb.testMode = False kb.testMode = False

1
lib/core/option.py
View File

@ -1855,6 +1855,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.headersFp = {} kb.headersFp = {}
kb.heuristicDbms = None kb.heuristicDbms = None
kb.heuristicMode = False kb.heuristicMode = False
kb.heuristicPage = False
kb.heuristicTest = None kb.heuristicTest = None
kb.hintValue = None kb.hintValue = None
kb.htmlFp = [] kb.htmlFp = []

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import OS
from lib.core.revision import getRevisionNumber from lib.core.revision import getRevisionNumber
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.5.110" VERSION = "1.0.5.112"
REVISION = getRevisionNumber() REVISION = getRevisionNumber()
STABLE = VERSION.count('.') <= 2 STABLE = VERSION.count('.') <= 2
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")