mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-24 18:43:47 +03:00
Patch for MsSQL column name injection
This commit is contained in:
Miroslav Stampar
parent
c37014b8e8
commit
2b56bdfaa6
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.2.9.9"
|
VERSION = "1.2.9.10"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
@ -324,6 +324,7 @@ FILE_PATH_REGEXES = (r"<b>(?P<result>[^<>]+?)</b> on line \d+", r"in (?P<result>
|
||||||
|
|
||||||
# Regular expressions used for parsing error messages (--parse-errors)
|
# Regular expressions used for parsing error messages (--parse-errors)
|
||||||
ERROR_PARSING_REGEXES = (
|
ERROR_PARSING_REGEXES = (
|
||||||
|
r"\[Microsoft\]\[ODBC SQL Server Driver\]\[SQL Server\](?P<result>[^<]+)",
|
||||||
r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
|
r"<b>[^<]*(fatal|error|warning|exception)[^<]*</b>:?\s*(?P<result>.+?)<br\s*/?\s*>",
|
||||||
r"(?m)^\s*(fatal|error|warning|exception):?\s*(?P<result>[^\n]+?)$",
|
r"(?m)^\s*(fatal|error|warning|exception):?\s*(?P<result>[^\n]+?)$",
|
||||||
r"(?P<result>[^\n>]*SQL Syntax[^\n<]+)",
|
r"(?P<result>[^\n>]*SQL Syntax[^\n<]+)",
|
||||||
|
|
|
||||||
14
thirdparty/ansistrm/ansistrm.py
vendored
14
thirdparty/ansistrm/ansistrm.py
vendored
|
|
@ -182,8 +182,8 @@ class ColorizingStreamHandler(logging.StreamHandler):
|
||||||
message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1)
|
message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1)
|
||||||
|
|
||||||
if level != "PAYLOAD":
|
if level != "PAYLOAD":
|
||||||
for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted
|
if any(_ in message for _ in ("parsed DBMS error message",)):
|
||||||
string = match.group(1)
|
string = re.search(r": '(.+)'", message).group(1)
|
||||||
if not message.endswith(self.reset):
|
if not message.endswith(self.reset):
|
||||||
reset = self.reset
|
reset = self.reset
|
||||||
elif self.bold in message: # bold
|
elif self.bold in message: # bold
|
||||||
|
|
@ -191,6 +191,16 @@ class ColorizingStreamHandler(logging.StreamHandler):
|
||||||
else:
|
else:
|
||||||
reset = self.reset
|
reset = self.reset
|
||||||
message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1)
|
message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1)
|
||||||
|
else:
|
||||||
|
for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted
|
||||||
|
string = match.group(1)
|
||||||
|
if not message.endswith(self.reset):
|
||||||
|
reset = self.reset
|
||||||
|
elif self.bold in message: # bold
|
||||||
|
reset = self.reset + self.bold
|
||||||
|
else:
|
||||||
|
reset = self.reset
|
||||||
|
message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1)
|
||||||
else:
|
else:
|
||||||
message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset))
|
message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
|
||||||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||||
c762da4ab30d1e245ca359df355ff7a7 lib/core/settings.py
|
021d606c9405fd23d630108bf5c39853 lib/core/settings.py
|
||||||
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
|
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
|
||||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||||
815d1cf27f0f8738d81531e73149867d lib/core/target.py
|
815d1cf27f0f8738d81531e73149867d lib/core/target.py
|
||||||
|
|
@ -287,7 +287,7 @@ f2b9eac52d346315f5705f71beeda791 tamper/varnish.py
|
||||||
0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py
|
0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py
|
||||||
0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py
|
0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py
|
||||||
de532c4e3160039335010c499129d54f tamper/xforwardedfor.py
|
de532c4e3160039335010c499129d54f tamper/xforwardedfor.py
|
||||||
1996d6afa985a526df02efa1bf121976 thirdparty/ansistrm/ansistrm.py
|
b422795c5e589decec725963e480ffba thirdparty/ansistrm/ansistrm.py
|
||||||
d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py
|
d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py
|
||||||
8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py
|
8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py
|
||||||
cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py
|
cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py
|
||||||
|
|
@ -469,7 +469,7 @@ d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml
|
||||||
d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml
|
d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml
|
||||||
350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml
|
350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml
|
||||||
817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml
|
817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml
|
||||||
b306c99a038b03421beea655dc804b64 xml/boundaries.xml
|
de871ef9c982799a7f7f84621f103f26 xml/boundaries.xml
|
||||||
6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml
|
6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml
|
||||||
a279656ea3fcb85c727249b02f828383 xml/livetests.xml
|
a279656ea3fcb85c727249b02f828383 xml/livetests.xml
|
||||||
fe2a865a8579f2045d2be057a00f5b49 xml/payloads/boolean_blind.xml
|
fe2a865a8579f2045d2be057a00f5b49 xml/payloads/boolean_blind.xml
|
||||||
|
|
|
||||||
|
|
@ -513,8 +513,8 @@ Formats:
|
||||||
<clause>8</clause>
|
<clause>8</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<ptype>6</ptype>
|
<ptype>6</ptype>
|
||||||
<prefix>]=[[ORIGINAL]]</prefix>
|
<prefix>]-(SELECT 0 WHERE [RANDNUM]=[RANDNUM]</prefix>
|
||||||
<suffix> AND [[ORIGINAL]]=[[ORIGINAL]</suffix>
|
<suffix>)|[[ORIGINAL]</suffix>
|
||||||
</boundary>
|
</boundary>
|
||||||
<!-- End of escaped column name boundaries -->
|
<!-- End of escaped column name boundaries -->
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user