fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)

2025-04-05 09:44:16 +03:00 · 2010-12-24 12:13:48 +00:00 · 2010-12-24 12:13:48 +00:00 · 2c23a59ba5
commit 2c23a59ba5
parent aab14fa2d3
9 changed files with 52 additions and 32 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -265,7 +265,7 @@ def checkSqlInjection(place, parameter, value):
                    elif where == 3:
                        origValue = ""

-                    kb.pageTemplate = getPageTemplate(templatePayload, place)
+                    kb.pageTemplate, kb.errorIsNone = getPageTemplate(templatePayload, place)

                    # Forge request payload by prepending with boundary's
                    # prefix and appending the boundary's suffix to the
@ -762,6 +762,7 @@ def checkConnection(suppressOutput=False):
    try:
        page, _ = Request.queryPage(content=True)
        kb.originalPage = kb.pageTemplate = page
+        kb.errorIsNone = not wasLastRequestDBMSError()
    except sqlmapConnectionException, errMsg:
        errMsg = getUnicode(errMsg)
        raise sqlmapConnectionException, errMsg
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -21,7 +21,6 @@ import urlparse
 import ntpath
 import posixpath
 import subprocess
-import threading

 from ConfigParser import DEFAULTSECT
 from ConfigParser import RawConfigParser
@ -72,6 +71,7 @@ from lib.core.settings import DUMP_START_MARKER
 from lib.core.settings import DUMP_STOP_MARKER
 from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import TIME_STDEV_COEFF
+from lib.core.threads import getCurrentThreadData

 class UnicodeRawConfigParser(RawConfigParser):
    """
@ -115,17 +115,6 @@ class DynamicContentItem:
        self.lineContentAfter = lineContentAfter


-class ThreadData():
-    """
-    Represents thread independent data
-    """
-
-    def __init__(self):
-        self.lastErrorPage = None
-        self.lastQueryDuration = 0
-        self.lastRequestUID = 0
-        self.valueStack = []
-
 def paramToDict(place, parameters=None):
    """
    Split the parameters into names and values, check if these parameters
@ -1544,19 +1533,6 @@ def longestCommonPrefix(*sequences):
 def commonFinderOnly(initial, sequence):
    return longestCommonPrefix(*filter(lambda x: x.startswith(initial), sequence))

-def getCurrentThreadUID():
-    return hash(threading.currentThread())
-
-def getCurrentThreadData():
-    """
-    Returns current thread's dependent data
-    """
-
-    threadUID = getCurrentThreadUID()
-    if threadUID not in kb.threadData:
-        kb.threadData[threadUID] = ThreadData()
-    return kb.threadData[threadUID]
-
 def pushValue(value):
    """
    Push value to the stack (thread dependent)
@ -1856,7 +1832,7 @@ def initTechnique(technique=None):
    data = getTechniqueData(technique)

    if data:
-        kb.pageTemplate = getPageTemplate(data.templatePayload, kb.injection.place)
+        kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)
        kb.matchRatio = data.matchRatio
    else:
        warnMsg = "there is no injection data available for technique "
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -37,7 +37,6 @@ from lib.core.common import readCachedFileContent
 from lib.core.common import readInput
 from lib.core.common import runningAsAdmin
 from lib.core.common import sanitizeStr
-from lib.core.common import ThreadData
 from lib.core.common import UnicodeRawConfigParser
 from lib.core.data import conf
 from lib.core.data import kb
@ -1147,6 +1146,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.docRoot         = None
    kb.dynamicMarkings = []
    kb.endDetection    = False
+    kb.errorIsNone     = True
    kb.formNames       = []
    kb.headersCount    = 0
    kb.headersFp       = {}
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@ -0,0 +1,37 @@
+#!/usr/bin/env python
+
+"""
+$Id: unescaper.py 2635 2010-12-10 10:52:55Z inquisb $
+
+Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import threading
+
+from lib.core.data import kb
+
+class ThreadData():
+    """
+    Represents thread independent data
+    """
+
+    def __init__(self):
+        self.lastErrorPage = None
+        self.lastQueryDuration = 0
+        self.lastRequestUID = 0
+        self.valueStack = []
+
+def getCurrentThreadUID():
+    return hash(threading.currentThread())
+
+def getCurrentThreadData():
+    """
+    Returns current thread's dependent data
+    """
+
+    threadUID = getCurrentThreadUID()
+    if threadUID not in kb.threadData:
+        kb.threadData[threadUID] = ThreadData()
+    return kb.threadData[threadUID]
+
--- a/lib/parse/html.py
+++ b/lib/parse/html.py
@ -12,11 +12,11 @@ import re
 from xml.sax.handler import ContentHandler

 from lib.core.common import checkFile
-from lib.core.common import getCurrentThreadData
 from lib.core.common import parseXmlFile
 from lib.core.common import sanitizeStr
 from lib.core.data import kb
 from lib.core.data import paths
+from lib.core.threads import getCurrentThreadData

 class htmlHandler(ContentHandler):
    """
@ -59,6 +59,9 @@ def htmlParser(page):
    parseXmlFile(xmlfile, handler)

    if handler.dbms and handler.dbms not in kb.htmlFp:
+        kb.lastParserStatus = handler.dbms
        kb.htmlFp.append(handler.dbms)
+    else:
+        kb.lastParserStatus = None

    return handler.dbms
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -58,7 +58,7 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
            return re.search(conf.regexp, page, re.I | re.M) is not None

        # In case of an DBMS error page return None
-        if wasLastRequestDBMSError():
+        if kb.errorIsNone and wasLastRequestDBMSError():
            return None

        # Dynamic content lines to be excluded before comparison
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -40,6 +40,7 @@ from lib.core.enums import PLACE
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapSyntaxException
 from lib.core.settings import MIN_TIME_RESPONSES
+from lib.core.threads import getCurrentThreadData
 from lib.request.basic import decodePage
 from lib.request.basic import forgeHeaders
 from lib.request.basic import parseResponse
--- a/lib/request/templates.py
+++ b/lib/request/templates.py
@ -13,11 +13,12 @@ from lib.core.data import kb
 from lib.request.connect import Connect as Request

 def getPageTemplate(payload, place):
-    retVal = kb.originalPage
+    retVal = kb.originalPage, kb.errorIsNone

    if payload and place:
        if (payload, place) not in kb.pageTemplates:
-            kb.pageTemplates[(payload, place)], _ = Request.queryPage(payload, place, content=True)
+            page, _ = Request.queryPage(payload, place, content=True)
+            kb.pageTemplates[(payload, place)] = (page, kb.lastParserStatus is None)

        retVal = kb.pageTemplates[(payload, place)]

--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@ -24,6 +24,7 @@ from lib.core.enums import DBMS
 from lib.core.session import setDbms
 from lib.core.settings import ACCESS_ALIASES
 from lib.core.settings import METADB_SUFFIX
+from lib.core.threads import getCurrentThreadData
 from lib.request import inject
 from lib.request.connect import Connect as Request