sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor bug fixes, code refactoring and enhanced --tamper functionality

Browse Source
This commit is contained in:
Bernardo Damele 2010-10-16 21:33:15 +00:00
parent 5c3d21065a
commit 2dae934a2b
9 changed files with 68 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/exception.py
View File

@ -70,7 +70,7 @@ class sqlmapValueException(Exception):
def unhandledException():
errMsg = "unhandled exception in %s, please copy " % VERSION_STRING
errMsg += "the command line and the following text and send by e-mail "
errMsg += "to sqlmap-users@lists.sourceforge.net. The developer will "
errMsg += "to sqlmap-users@lists.sourceforge.net. The developers will "
errMsg += "fix it as soon as possible:\nsqlmap version: %s\n" % VERSION
errMsg += "Python version: %s\n" % PYVERSION
errMsg += "Operating system: %s" % PLATFORM

39
lib/core/option.py
View File

@ -11,6 +11,7 @@ import codecs
import cookielib
import ctypes
import difflib
import inspect
import logging
import os
import re
@ -531,34 +532,33 @@ def __setDBMS():
def __setTamperingFunctions():
"""
Loads tampering functions from given module path(s).
Loads tampering functions from given script(s)
"""
if conf.tamper:
kb.tamperFunctions = []
for tfile in conf.tamper.split(';'):
found = False
import inspect
for file in conf.tamper.split(';'):
if not file:
if not tfile:
continue
elif not os.path.exists(file):
errMsg = "missing tampering module file '%s'" % file
elif not os.path.exists(tfile):
errMsg = "tamper script '%s' does not exist" % tfile
raise sqlmapFilePathException, errMsg
elif os.path.splitext(file)[1] != '.py':
errMsg = "tampering module file should have an extension '.py'"
elif not tfile.endswith('.py'):
errMsg = "tamper script '%s' should have an extension '.py'" % tfile
raise sqlmapSyntaxException, errMsg
dirname, filename = os.path.split(file)
dirname, filename = os.path.split(tfile)
dirname = os.path.abspath(dirname)
infoMsg = "loading tampering module: '%s'" % filename[:-3]
infoMsg = "loading tamper script '%s'" % filename[:-3]
logger.info(infoMsg)
if not os.path.exists(os.path.join(dirname, '__init__.py')):
errMsg = "make sure that there is an empty file '__init__.py' "
errMsg += "inside of tampering module directory '%s'" % dirname
errMsg += "inside of tamper scripts directory '%s'" % dirname
raise sqlmapGenericException, errMsg
if dirname not in sys.path:
@ -567,17 +567,17 @@ def __setTamperingFunctions():
try:
module = __import__(filename[:-3])
except ImportError, msg:
raise sqlmapSyntaxException, "can't import module file '%s' (%s)" % (file, msg)
raise sqlmapSyntaxException, "can not import tamper script '%s' (%s)" % (filename[:-3], msg)
found = False
for name, function in inspect.getmembers(module, inspect.isfunction):
if name=="tamper" and function.func_code.co_argcount == 2:
if name == "tamper" and function.func_code.co_argcount == 2:
kb.tamperFunctions.append(function)
found = True
break
if not found:
raise sqlmapGenericException, "missing function 'tamper(place, value)' in tampering module '%s'" % filename
raise sqlmapGenericException, "missing function 'tamper(place, value)' in tamper script '%s'" % tfile
def __setThreads():
if not isinstance(conf.threads, int) or conf.threads <= 0:
@ -943,6 +943,9 @@ def __cleanupOptions():
else:
conf.testParameter = []
if conf.tamper:
conf.tamper = conf.tamper.replace(" ", "")
if conf.db:
conf.db = conf.db.replace(" ", "")
@ -1071,7 +1074,7 @@ def __setKnowledgeBaseAttributes():
kb.queryCounter = 0
kb.resumedQueries = {}
kb.stackedTest = None
kb.tamperFunctions = None
kb.tamperFunctions = []
kb.targetUrls = set()
kb.testedParams = set()
kb.timeTest = None

19
tamper/between.py
View File

@ -7,15 +7,15 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urldecode
from lib.core.convert import urlencode
"""
'>' -> NOT BETWEEN 0 AND (e.g., A>B->A NOT BETWEEN 0 AND B)
"""
def tamper(place, value):
"""
Replaces '>' with 'NOT BETWEEN 0 AND #'
Example: 'A > B' becomes 'A NOT BETWEEN 0 AND B'
"""
retVal = value
if value:
@ -23,25 +23,26 @@ def tamper(place, value):
value = urldecode(value)
retVal = ""
qoute, doublequote, firstspace = False, False, False
quote, doublequote, firstspace = False, False, False
for i in xrange(len(value)):
if not firstspace:
if value[i].isspace():
firstspace = True
retVal += "/**/"
retVal += " "
continue
elif value[i] == '\'':
qoute = not qoute
quote = not quote
elif value[i] == '"':
doublequote = not doublequote
elif value[i]==">" and not doublequote and not qoute:
elif value[i] == ">" and not doublequote and not quote:
retVal += " " if i > 0 and not value[i-1].isspace() else ""
retVal += "NOT BETWEEN 0 AND"
retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else ""
continue
retVal += value[i]

11
tamper/charencode.py
View File

@ -7,15 +7,16 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
import string
from lib.core.exception import sqlmapUnsupportedFeatureException
"""
value -> urlencode of nonencoded chars in value (e.g., SELECT%20FIELD%20FROM%20TABLE -> %53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45)
"""
def tamper(place, value):
"""
Replaces value with urlencode of non-encoded chars in value
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes '%53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45'
"""
retVal = value
if value:
@ -31,6 +32,6 @@ def tamper(place, value):
retVal += '%%%X' % ord(value[i])
i += 1
else:
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
return retVal

14
tamper/doubleencode.py
View File

@ -7,19 +7,19 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urlencode
from lib.core.exception import sqlmapUnsupportedFeatureException
"""
Tampering value -> urlencode(value) (e.g., SELECT%20FIELD%20FROM%20TABLE -> SELECT%25%20FIELD%25%20FROM%25%20TABLE)
"""
def tamper(place, value):
"""
Replaces value with urlencode(value)
Example: 'SELECT%20FIELD%20FROM%20TABLE' becomes 'SELECT%25%20FIELD%25%20FROM%25%20TABLE'
"""
if value:
if place != "URI":
value = urlencode(value)
value = urlencode(value, convall=True)
else:
raise sqlmapUnsupportedFeatureException, "can't use tampering module '%s' with 'URI' type injections" % __name__
raise sqlmapUnsupportedFeatureException, "can't use tamper script '%s' with 'URI' type injections" % __name__
return value

9
tamper/ifnull2ifisnull.py
View File

@ -7,15 +7,14 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urldecode
from lib.core.convert import urlencode
"""
IFNULL(A,B) -> IF(ISNULL(A),B,A) (e.g., IFNULL(1,2) -> IF(ISNULL(1),2,1))
"""
def tamper(place, value):
"""
Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
Example: 'IFNULL(1, 2)' becomes 'IF(ISNULL(1), 2, 1)'
"""
if value and value.find("IFNULL") > -1:
if place != "URI":

9
tamper/randomcase.py
View File

@ -8,17 +8,18 @@ See the file 'doc/COPYING' for copying permission
"""
import re
import string
from lib.core.common import randomRange
from lib.core.convert import urldecode
from lib.core.convert import urlencode
from lib.core.data import kb
"""
value -> chars from value with random case (e.g., INSERT->InsERt)
"""
def tamper(place, value):
"""
Replaces each character with random case value
Example: 'INSERT' might become 'InsERt'
"""
retVal = value
if value:

9
tamper/randomblanks.py → tamper/randomcomments.py
View File

@ -8,17 +8,18 @@ See the file 'doc/COPYING' for copying permission
"""
import re
import string
from lib.core.common import randomRange
from lib.core.convert import urldecode
from lib.core.convert import urlencode
from lib.core.data import kb
"""
value -> value with inserted random blanks (e.g., INSERT->IN/**/S/**/ERT)
"""
def tamper(place, value):
"""
Add random comments to value
Example: 'INSERT' becomes 'IN/**/S/**/ERT'
"""
retVal = value
if value:

16
tamper/space2comment.py
View File

@ -7,15 +7,15 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.convert import urldecode
from lib.core.convert import urlencode
"""
' ' -> /**/ (e.g., SELECT id FROM users->SELECT/**/id/**/FROM users)
"""
def tamper(place, value):
"""
Replaces ' ' with '/**/'
Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM users'
"""
retVal = value
if value:
@ -23,7 +23,7 @@ def tamper(place, value):
value = urldecode(value)
retVal = ""
qoute, doublequote, firstspace = False, False, False
quote, doublequote, firstspace = False, False, False
for i in xrange(len(value)):
if not firstspace:
@ -33,12 +33,12 @@ def tamper(place, value):
continue
elif value[i] == '\'':
qoute = not qoute
quote = not quote
elif value[i] == '"':
doublequote = not doublequote
elif value[i]==" " and not doublequote and not qoute:
elif value[i]==" " and not doublequote and not quote:
retVal += "/**/"
continue