sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-06 15:50:19 +00:00
parent e8be14e00a
commit 27ee9a5ccf
2 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/controller/checks.py
View File

@ -16,6 +16,7 @@ from difflib import SequenceMatcher
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import beep from lib.core.common import beep
from lib.core.common import calculateDeltaSeconds from lib.core.common import calculateDeltaSeconds
from lib.core.common import extractRegexResult
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import popValue from lib.core.common import popValue
from lib.core.common import pushValue from lib.core.common import pushValue
@ -197,9 +198,9 @@ def checkSqlInjection(place, parameter, value):
boundary.ptype = 3 boundary.ptype = 3
elif '"' in boundary.suffix.lower(): elif '"' in boundary.suffix.lower():
boundary.ptype = 5 boundary.ptype = 5
elif "'" in boundary.suffix.lower(): elif "'" in boundary.suffix:
boundary.ptype = 2 boundary.ptype = 2
elif '"' in boundary.suffix.lower(): elif '"' in boundary.suffix:
boundary.ptype = 4 boundary.ptype = 4
else: else:
boundary.ptype = 1 boundary.ptype = 1
@ -289,7 +290,7 @@ def checkSqlInjection(place, parameter, value):
check = agent.cleanupPayload(check, value) check = agent.cleanupPayload(check, value)
# In case of boolean-based blind SQL injection # In case of boolean-based blind SQL injection
if method == "comparison": if method == PAYLOAD.METHOD.COMPARISON:
sndPayload = agent.cleanupPayload(test.response.comparison, value) sndPayload = agent.cleanupPayload(test.response.comparison, value)
sndPayload = unescapeDbms(sndPayload, injection, dbms) sndPayload = unescapeDbms(sndPayload, injection, dbms)
sndPayload = "%s%s" % (sndPayload, comment) sndPayload = "%s%s" % (sndPayload, comment)
@ -324,29 +325,24 @@ def checkSqlInjection(place, parameter, value):
kb.paramMatchRatio[(place, parameter)] = conf.matchRatio kb.paramMatchRatio[(place, parameter)] = conf.matchRatio
# In case of error-based or UNION query SQL injections # In case of error-based or UNION query SQL injections
elif method == "grep": elif method == PAYLOAD.METHOD.GREP:
# Perform the test's request and grep the response # Perform the test's request and grep the response
# body for the test's <grep> regular expression # body for the test's <grep> regular expression
reqBody, _ = Request.queryPage(reqPayload, place, content=True) reqBody, _ = Request.queryPage(reqPayload, place, content=True)
match = re.search(check, reqBody, re.DOTALL | re.IGNORECASE) output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE)
if not match:
continue
output = match.group('result')
if output: if output:
output = output.replace(ERROR_SPACE, " ").replace(ERROR_EMPTY_CHAR, "") output = output.replace(ERROR_SPACE, " ").replace(ERROR_EMPTY_CHAR, "")
if output == "1": if output == "1":
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg) logger.info(infoMsg)
injectable = True injectable = True
# In case of time-based blind or stacked queries # In case of time-based blind or stacked queries
# SQL injections # SQL injections
elif method == "time": elif method == PAYLOAD.METHOD.TIME:
# Store old value of socket timeout # Store old value of socket timeout
pushValue(socket.getdefaulttimeout()) pushValue(socket.getdefaulttimeout())
# Set socket timeout to 2 minutes as some # Set socket timeout to 2 minutes as some
@ -725,6 +721,7 @@ def checkNullConnection():
try: try:
page, headers = Request.getPage(method=HTTPMETHOD.HEAD) page, headers = Request.getPage(method=HTTPMETHOD.HEAD)
if not page and 'Content-Length' in headers: if not page and 'Content-Length' in headers:
kb.nullConnection = NULLCONNECTION.HEAD kb.nullConnection = NULLCONNECTION.HEAD
@ -732,12 +729,14 @@ def checkNullConnection():
logger.info(infoMsg) logger.info(infoMsg)
else: else:
page, headers = Request.getPage(auxHeaders={"Range": "bytes=-1"}) page, headers = Request.getPage(auxHeaders={"Range": "bytes=-1"})
if page and len(page) == 1 and 'Content-Range' in headers: if page and len(page) == 1 and 'Content-Range' in headers:
kb.nullConnection = NULLCONNECTION.RANGE kb.nullConnection = NULLCONNECTION.RANGE
infoMsg = "NULL connection is supported with GET header " infoMsg = "NULL connection is supported with GET header "
infoMsg += "'%s'" % kb.nullConnection infoMsg += "'%s'" % kb.nullConnection
logger.info(infoMsg) logger.info(infoMsg)
except sqlmapConnectionException, errMsg: except sqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg) errMsg = getUnicode(errMsg)
raise sqlmapConnectionException, errMsg raise sqlmapConnectionException, errMsg

5
lib/core/enums.py
View File

@ -89,3 +89,8 @@ class PAYLOAD:
7: "Table name", 7: "Table name",
8: "Column name" 8: "Column name"
} }
class METHOD:
COMPARISON = "comparison"
GREP = "grep"
TIME = "time"