mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-05-03 15:23:44 +03:00
one more level of defense against user himself
This commit is contained in:
Miroslav Stampar
parent
a675c88894
commit
2b5e429dc2
|
|
@ -78,6 +78,7 @@ from lib.core.optiondict import optDict
|
||||||
from lib.core.settings import BIGARRAY_CHUNK_LENGTH
|
from lib.core.settings import BIGARRAY_CHUNK_LENGTH
|
||||||
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
||||||
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
||||||
|
from lib.core.settings import DUMMY_USER_INJECTION
|
||||||
from lib.core.settings import INFERENCE_UNKNOWN_CHAR
|
from lib.core.settings import INFERENCE_UNKNOWN_CHAR
|
||||||
from lib.core.settings import UNICODE_ENCODING
|
from lib.core.settings import UNICODE_ENCODING
|
||||||
from lib.core.settings import DBMS_DICT
|
from lib.core.settings import DBMS_DICT
|
||||||
|
|
@ -675,13 +676,13 @@ def paramToDict(place, parameters=None):
|
||||||
if condition:
|
if condition:
|
||||||
testableParameters[parameter] = "=".join(elem[1:])
|
testableParameters[parameter] = "=".join(elem[1:])
|
||||||
if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\
|
if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\
|
||||||
or re.search(r'\A9{3,}', testableParameters[parameter]):
|
or re.search(r'\A9{3,}', testableParameters[parameter]) or re.search(DUMMY_USER_INJECTION, testableParameters[parameter]):
|
||||||
errMsg = "you have provided tainted parameter values "
|
errMsg = "you have provided tainted parameter values "
|
||||||
errMsg += "(%s) with most probably leftover " % element
|
errMsg += "('%s') with most probably leftover " % element
|
||||||
errMsg += "chars from manual sql injection "
|
errMsg += "chars from manual sql injection "
|
||||||
errMsg += "tests (%s) or non-valid numerical value. " % DUMMY_SQL_INJECTION_CHARS
|
errMsg += "tests (%s) or non-valid numerical value. " % DUMMY_SQL_INJECTION_CHARS
|
||||||
errMsg += "Please, always use only valid parameter values "
|
errMsg += "Please, always use only valid parameter values "
|
||||||
errMsg += "so sqlmap could be able to do a valid run."
|
errMsg += "so sqlmap could be able to properly run"
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
else:
|
else:
|
||||||
root = ET.XML(parameters)
|
root = ET.XML(parameters)
|
||||||
|
|
|
||||||
|
|
@ -373,6 +373,9 @@ ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
|
||||||
# Chars used to quickly distinguish if the user provided tainted parameter values
|
# Chars used to quickly distinguish if the user provided tainted parameter values
|
||||||
DUMMY_SQL_INJECTION_CHARS = ";()'"
|
DUMMY_SQL_INJECTION_CHARS = ";()'"
|
||||||
|
|
||||||
|
# Simple check against dummy users
|
||||||
|
DUMMY_USER_INJECTION = "(?i)[^\w](AND|OR)\s+[^\s]+[=><]"
|
||||||
|
|
||||||
# Extensions skipped by crawler
|
# Extensions skipped by crawler
|
||||||
CRAWL_EXCLUDE_EXTENSIONS = ("gif","jpg","jar","tif","bmp","war","ear","mpg","wmv","mpeg","scm","iso","dmp","dll","cab","so","avi","bin","exe","iso","tar","png","pdf","ps","mp3","zip","rar","gz")
|
CRAWL_EXCLUDE_EXTENSIONS = ("gif","jpg","jar","tif","bmp","war","ear","mpg","wmv","mpeg","scm","iso","dmp","dll","cab","so","avi","bin","exe","iso","tar","png","pdf","ps","mp3","zip","rar","gz")
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user