fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)

This commit is contained in:
Miroslav Stampar 2010-12-24 12:13:48 +00:00
parent aab14fa2d3
commit 2c23a59ba5
9 changed files with 52 additions and 32 deletions

View File

@ -265,7 +265,7 @@ def checkSqlInjection(place, parameter, value):
elif where == 3:
origValue = ""
kb.pageTemplate = getPageTemplate(templatePayload, place)
kb.pageTemplate, kb.errorIsNone = getPageTemplate(templatePayload, place)
# Forge request payload by prepending with boundary's
# prefix and appending the boundary's suffix to the
@ -762,6 +762,7 @@ def checkConnection(suppressOutput=False):
try:
page, _ = Request.queryPage(content=True)
kb.originalPage = kb.pageTemplate = page
kb.errorIsNone = not wasLastRequestDBMSError()
except sqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg)
raise sqlmapConnectionException, errMsg

View File

@ -21,7 +21,6 @@ import urlparse
import ntpath
import posixpath
import subprocess
import threading
from ConfigParser import DEFAULTSECT
from ConfigParser import RawConfigParser
@ -72,6 +71,7 @@ from lib.core.settings import DUMP_START_MARKER
from lib.core.settings import DUMP_STOP_MARKER
from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import TIME_STDEV_COEFF
from lib.core.threads import getCurrentThreadData
class UnicodeRawConfigParser(RawConfigParser):
"""
@ -115,17 +115,6 @@ class DynamicContentItem:
self.lineContentAfter = lineContentAfter
class ThreadData():
"""
Represents thread independent data
"""
def __init__(self):
self.lastErrorPage = None
self.lastQueryDuration = 0
self.lastRequestUID = 0
self.valueStack = []
def paramToDict(place, parameters=None):
"""
Split the parameters into names and values, check if these parameters
@ -1544,19 +1533,6 @@ def longestCommonPrefix(*sequences):
def commonFinderOnly(initial, sequence):
return longestCommonPrefix(*filter(lambda x: x.startswith(initial), sequence))
def getCurrentThreadUID():
return hash(threading.currentThread())
def getCurrentThreadData():
"""
Returns current thread's dependent data
"""
threadUID = getCurrentThreadUID()
if threadUID not in kb.threadData:
kb.threadData[threadUID] = ThreadData()
return kb.threadData[threadUID]
def pushValue(value):
"""
Push value to the stack (thread dependent)
@ -1856,7 +1832,7 @@ def initTechnique(technique=None):
data = getTechniqueData(technique)
if data:
kb.pageTemplate = getPageTemplate(data.templatePayload, kb.injection.place)
kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)
kb.matchRatio = data.matchRatio
else:
warnMsg = "there is no injection data available for technique "

View File

@ -37,7 +37,6 @@ from lib.core.common import readCachedFileContent
from lib.core.common import readInput
from lib.core.common import runningAsAdmin
from lib.core.common import sanitizeStr
from lib.core.common import ThreadData
from lib.core.common import UnicodeRawConfigParser
from lib.core.data import conf
from lib.core.data import kb
@ -1147,6 +1146,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.docRoot = None
kb.dynamicMarkings = []
kb.endDetection = False
kb.errorIsNone = True
kb.formNames = []
kb.headersCount = 0
kb.headersFp = {}

37
lib/core/threads.py Normal file
View File

@ -0,0 +1,37 @@
#!/usr/bin/env python
"""
$Id: unescaper.py 2635 2010-12-10 10:52:55Z inquisb $
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import threading
from lib.core.data import kb
class ThreadData():
"""
Represents thread independent data
"""
def __init__(self):
self.lastErrorPage = None
self.lastQueryDuration = 0
self.lastRequestUID = 0
self.valueStack = []
def getCurrentThreadUID():
return hash(threading.currentThread())
def getCurrentThreadData():
"""
Returns current thread's dependent data
"""
threadUID = getCurrentThreadUID()
if threadUID not in kb.threadData:
kb.threadData[threadUID] = ThreadData()
return kb.threadData[threadUID]

View File

@ -12,11 +12,11 @@ import re
from xml.sax.handler import ContentHandler
from lib.core.common import checkFile
from lib.core.common import getCurrentThreadData
from lib.core.common import parseXmlFile
from lib.core.common import sanitizeStr
from lib.core.data import kb
from lib.core.data import paths
from lib.core.threads import getCurrentThreadData
class htmlHandler(ContentHandler):
"""
@ -59,6 +59,9 @@ def htmlParser(page):
parseXmlFile(xmlfile, handler)
if handler.dbms and handler.dbms not in kb.htmlFp:
kb.lastParserStatus = handler.dbms
kb.htmlFp.append(handler.dbms)
else:
kb.lastParserStatus = None
return handler.dbms

View File

@ -58,7 +58,7 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
return re.search(conf.regexp, page, re.I | re.M) is not None
# In case of an DBMS error page return None
if wasLastRequestDBMSError():
if kb.errorIsNone and wasLastRequestDBMSError():
return None
# Dynamic content lines to be excluded before comparison

View File

@ -40,6 +40,7 @@ from lib.core.enums import PLACE
from lib.core.exception import sqlmapConnectionException
from lib.core.exception import sqlmapSyntaxException
from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.threads import getCurrentThreadData
from lib.request.basic import decodePage
from lib.request.basic import forgeHeaders
from lib.request.basic import parseResponse

View File

@ -13,11 +13,12 @@ from lib.core.data import kb
from lib.request.connect import Connect as Request
def getPageTemplate(payload, place):
retVal = kb.originalPage
retVal = kb.originalPage, kb.errorIsNone
if payload and place:
if (payload, place) not in kb.pageTemplates:
kb.pageTemplates[(payload, place)], _ = Request.queryPage(payload, place, content=True)
page, _ = Request.queryPage(payload, place, content=True)
kb.pageTemplates[(payload, place)] = (page, kb.lastParserStatus is None)
retVal = kb.pageTemplates[(payload, place)]

View File

@ -24,6 +24,7 @@ from lib.core.enums import DBMS
from lib.core.session import setDbms
from lib.core.settings import ACCESS_ALIASES
from lib.core.settings import METADB_SUFFIX
from lib.core.threads import getCurrentThreadData
from lib.request import inject
from lib.request.connect import Connect as Request