mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
Minor bug fixes, code refactoring and enhanced --tamper functionality
This commit is contained in:
parent
5c3d21065a
commit
2dae934a2b
|
@ -70,7 +70,7 @@ class sqlmapValueException(Exception):
|
|||
def unhandledException():
|
||||
errMsg = "unhandled exception in %s, please copy " % VERSION_STRING
|
||||
errMsg += "the command line and the following text and send by e-mail "
|
||||
errMsg += "to sqlmap-users@lists.sourceforge.net. The developer will "
|
||||
errMsg += "to sqlmap-users@lists.sourceforge.net. The developers will "
|
||||
errMsg += "fix it as soon as possible:\nsqlmap version: %s\n" % VERSION
|
||||
errMsg += "Python version: %s\n" % PYVERSION
|
||||
errMsg += "Operating system: %s" % PLATFORM
|
||||
|
@ -95,4 +95,4 @@ exceptionsTuple = (
|
|||
sqlmapUnsupportedDBMSException,
|
||||
sqlmapUnsupportedFeatureException,
|
||||
sqlmapValueException,
|
||||
)
|
||||
)
|
||||
|
|
|
@ -11,6 +11,7 @@ import codecs
|
|||
import cookielib
|
||||
import ctypes
|
||||
import difflib
|
||||
import inspect
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
|
@ -531,34 +532,33 @@ def __setDBMS():
|
|||
|
||||
def __setTamperingFunctions():
|
||||
"""
|
||||
Loads tampering functions from given module path(s).
|
||||
Loads tampering functions from given script(s)
|
||||
"""
|
||||
|
||||
if conf.tamper:
|
||||
kb.tamperFunctions = []
|
||||
for tfile in conf.tamper.split(';'):
|
||||
found = False
|
||||
|
||||
import inspect
|
||||
|
||||
for file in conf.tamper.split(';'):
|
||||
if not file:
|
||||
if not tfile:
|
||||
continue
|
||||
|
||||
elif not os.path.exists(file):
|
||||
errMsg = "missing tampering module file '%s'" % file
|
||||
elif not os.path.exists(tfile):
|
||||
errMsg = "tamper script '%s' does not exist" % tfile
|
||||
raise sqlmapFilePathException, errMsg
|
||||
|
||||
elif os.path.splitext(file)[1] != '.py':
|
||||
errMsg = "tampering module file should have an extension '.py'"
|
||||
elif not tfile.endswith('.py'):
|
||||
errMsg = "tamper script '%s' should have an extension '.py'" % tfile
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
|
||||
dirname, filename = os.path.split(file)
|
||||
dirname, filename = os.path.split(tfile)
|
||||
dirname = os.path.abspath(dirname)
|
||||
|
||||
infoMsg = "loading tampering module: '%s'" % filename[:-3]
|
||||
infoMsg = "loading tamper script '%s'" % filename[:-3]
|
||||
logger.info(infoMsg)
|
||||
|
||||
if not os.path.exists(os.path.join(dirname, '__init__.py')):
|
||||
errMsg = "make sure that there is an empty file '__init__.py' "
|
||||
errMsg += "inside of tampering module directory '%s'" % dirname
|
||||
errMsg += "inside of tamper scripts directory '%s'" % dirname
|
||||
raise sqlmapGenericException, errMsg
|
||||
|
||||
if dirname not in sys.path:
|
||||
|
@ -567,17 +567,17 @@ def __setTamperingFunctions():
|
|||
try:
|
||||
module = __import__(filename[:-3])
|
||||
except ImportError, msg:
|
||||
raise sqlmapSyntaxException, "can't import module file '%s' (%s)" % (file, msg)
|
||||
raise sqlmapSyntaxException, "can not import tamper script '%s' (%s)" % (filename[:-3], msg)
|
||||
|
||||
found = False
|
||||
for name, function in inspect.getmembers(module, inspect.isfunction):
|
||||
if name=="tamper" and function.func_code.co_argcount == 2:
|
||||
if name == "tamper" and function.func_code.co_argcount == 2:
|
||||
kb.tamperFunctions.append(function)
|
||||
found = True
|
||||
|
||||
break
|
||||
|
||||
if not found:
|
||||
raise sqlmapGenericException, "missing function 'tamper(place, value)' in tampering module '%s'" % filename
|
||||
raise sqlmapGenericException, "missing function 'tamper(place, value)' in tamper script '%s'" % tfile
|
||||
|
||||
def __setThreads():
|
||||
if not isinstance(conf.threads, int) or conf.threads <= 0:
|
||||
|
@ -943,6 +943,9 @@ def __cleanupOptions():
|
|||
else:
|
||||
conf.testParameter = []
|
||||
|
||||
if conf.tamper:
|
||||
conf.tamper = conf.tamper.replace(" ", "")
|
||||
|
||||
if conf.db:
|
||||
conf.db = conf.db.replace(" ", "")
|
||||
|
||||
|
@ -1071,7 +1074,7 @@ def __setKnowledgeBaseAttributes():
|
|||
kb.queryCounter = 0
|
||||
kb.resumedQueries = {}
|
||||
kb.stackedTest = None
|
||||
kb.tamperFunctions = None
|
||||
kb.tamperFunctions = []
|
||||
kb.targetUrls = set()
|
||||
kb.testedParams = set()
|
||||
kb.timeTest = None
|
||||
|
|
|
@ -7,15 +7,15 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
|
||||
"""
|
||||
'>' -> NOT BETWEEN 0 AND (e.g., A>B->A NOT BETWEEN 0 AND B)
|
||||
"""
|
||||
def tamper(place, value):
|
||||
"""
|
||||
Replaces '>' with 'NOT BETWEEN 0 AND #'
|
||||
Example: 'A > B' becomes 'A NOT BETWEEN 0 AND B'
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
|
||||
if value:
|
||||
|
@ -23,25 +23,26 @@ def tamper(place, value):
|
|||
value = urldecode(value)
|
||||
|
||||
retVal = ""
|
||||
qoute, doublequote, firstspace = False, False, False
|
||||
quote, doublequote, firstspace = False, False, False
|
||||
|
||||
for i in xrange(len(value)):
|
||||
if not firstspace:
|
||||
if value[i].isspace():
|
||||
firstspace = True
|
||||
retVal += "/**/"
|
||||
retVal += " "
|
||||
continue
|
||||
|
||||
elif value[i] == '\'':
|
||||
qoute = not qoute
|
||||
quote = not quote
|
||||
|
||||
elif value[i] == '"':
|
||||
doublequote = not doublequote
|
||||
|
||||
elif value[i]==">" and not doublequote and not qoute:
|
||||
elif value[i] == ">" and not doublequote and not quote:
|
||||
retVal += " " if i > 0 and not value[i-1].isspace() else ""
|
||||
retVal += "NOT BETWEEN 0 AND"
|
||||
retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else ""
|
||||
|
||||
continue
|
||||
|
||||
retVal += value[i]
|
||||
|
|
|
@ -7,15 +7,16 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
import string
|
||||
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
||||
"""
|
||||
value -> urlencode of nonencoded chars in value (e.g., SELECT%20FIELD%20FROM%20TABLE -> %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45)
|
||||
"""
|
||||
def tamper(place, value):
|
||||
"""
|
||||
Replaces value with urlencode of non-encoded chars in value
|
||||
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes '%53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45'
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
|
||||
if value:
|
||||
|
@ -31,6 +32,6 @@ def tamper(place, value):
|
|||
retVal += '%%%X' % ord(value[i])
|
||||
i += 1
|
||||
else:
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
|
||||
|
||||
return retVal
|
||||
|
|
|
@ -7,19 +7,19 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||
|
||||
"""
|
||||
Tampering value -> urlencode(value) (e.g., SELECT%20FIELD%20FROM%20TABLE -> SELECT%25%20FIELD%25%20FROM%25%20TABLE)
|
||||
"""
|
||||
def tamper(place, value):
|
||||
"""
|
||||
Replaces value with urlencode(value)
|
||||
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes 'SELECT%25%20FIELD%25%20FROM%25%20TABLE'
|
||||
"""
|
||||
|
||||
if value:
|
||||
if place != "URI":
|
||||
value = urlencode(value)
|
||||
value = urlencode(value, convall=True)
|
||||
else:
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
|
||||
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
|
||||
|
||||
return value
|
||||
|
|
|
@ -7,15 +7,14 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
|
||||
"""
|
||||
IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1))
|
||||
"""
|
||||
def tamper(place, value):
|
||||
"""
|
||||
Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
|
||||
Example: 'IFNULL(1, 2)' becomes 'IF(ISNULL(1), 2, 1)'
|
||||
"""
|
||||
|
||||
if value and value.find("IFNULL") > -1:
|
||||
if place != "URI":
|
||||
|
|
|
@ -8,17 +8,18 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
import re
|
||||
import string
|
||||
|
||||
from lib.core.common import randomRange
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import kb
|
||||
|
||||
"""
|
||||
value -> chars from value with random case (e.g., INSERT->InsERt)
|
||||
"""
|
||||
def tamper(place, value):
|
||||
"""
|
||||
Replaces each character with random case value
|
||||
Example: 'INSERT' might become 'InsERt'
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
|
||||
if value:
|
||||
|
|
|
@ -8,17 +8,18 @@ See the file 'doc/COPYING' for copying permission
|
|||
"""
|
||||
|
||||
import re
|
||||
import string
|
||||
|
||||
from lib.core.common import randomRange
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
from lib.core.data import kb
|
||||
|
||||
"""
|
||||
value -> value with inserted random blanks (e.g., INSERT->IN/**/S/**/ERT)
|
||||
"""
|
||||
def tamper(place, value):
|
||||
"""
|
||||
Add random comments to value
|
||||
Example: 'INSERT' becomes 'IN/**/S/**/ERT'
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
|
||||
if value:
|
|
@ -7,15 +7,15 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|||
See the file 'doc/COPYING' for copying permission
|
||||
"""
|
||||
|
||||
import re
|
||||
|
||||
from lib.core.convert import urldecode
|
||||
from lib.core.convert import urlencode
|
||||
|
||||
"""
|
||||
' ' -> /**/ (e.g., SELECT id FROM users->SELECT/**/id/**/FROM users)
|
||||
"""
|
||||
def tamper(place, value):
|
||||
"""
|
||||
Replaces ' ' with '/**/'
|
||||
Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM users'
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
|
||||
if value:
|
||||
|
@ -23,7 +23,7 @@ def tamper(place, value):
|
|||
value = urldecode(value)
|
||||
|
||||
retVal = ""
|
||||
qoute, doublequote, firstspace = False, False, False
|
||||
quote, doublequote, firstspace = False, False, False
|
||||
|
||||
for i in xrange(len(value)):
|
||||
if not firstspace:
|
||||
|
@ -33,12 +33,12 @@ def tamper(place, value):
|
|||
continue
|
||||
|
||||
elif value[i] == '\'':
|
||||
qoute = not qoute
|
||||
quote = not quote
|
||||
|
||||
elif value[i] == '"':
|
||||
doublequote = not doublequote
|
||||
|
||||
elif value[i]==" " and not doublequote and not qoute:
|
||||
elif value[i]==" " and not doublequote and not quote:
|
||||
retVal += "/**/"
|
||||
continue
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user