diff --git a/lib/controller/checks.py b/lib/controller/checks.py index ae1af5ac1..64a88cf82 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -72,7 +72,7 @@ def checkSqlInjection(place, parameter, value): # Localized thread data needed for some methods threadData = getCurrentThreadData() - # Set the flag for sql injection test mode + # Set the flag for SQL injection test mode kb.testMode = True for test in getSortedInjectionTests(): @@ -647,7 +647,7 @@ def heuristicCheckSqlInjection(place, parameter): def simpletonCheckSqlInjection(place, parameter, value): """ This is a function for the quickest and simplest - sql injection check (e.g. AND 1=1) - only works + SQL injection check (e.g. AND 1=1) - only works with integer parameters """ diff --git a/lib/controller/controller.py b/lib/controller/controller.py index e60db4a93..d5b1bf802 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -465,7 +465,7 @@ def start(): logger.info(infoMsg) continue - infoMsg = "testing sql injection on %s " % place + infoMsg = "testing for SQL injection on %s " % place infoMsg += "parameter '%s'" % parameter logger.info(infoMsg) diff --git a/lib/core/common.py b/lib/core/common.py index 0b50d8fd3..cf43095b6 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -544,7 +544,7 @@ def paramToDict(place, parameters=None): or re.search(r'\A9{3,}', testableParameters[parameter]) or re.search(DUMMY_USER_INJECTION, testableParameters[parameter]): warnMsg = "it appears that you have provided tainted parameter values " warnMsg += "('%s') with most probably leftover " % element - warnMsg += "chars from manual sql injection " + warnMsg += "chars from manual SQL injection " warnMsg += "tests (%s) or non-valid numerical value. " % DUMMY_SQL_INJECTION_CHARS warnMsg += "Please, always use only valid parameter values " warnMsg += "so sqlmap could be able to properly run " @@ -1966,7 +1966,7 @@ def wasLastRequestDelayed(): Returns True if the last web request resulted in a time-delay """ - # 99.9999999997440% of all non time-based sql injection affected + # 99.9999999997440% of all non time-based SQL injection affected # response times should be inside +-7*stdev([normal response times]) # Math reference: http://www.answers.com/topic/standard-deviation diff --git a/lib/core/target.py b/lib/core/target.py index 122388e53..11561e8dc 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -251,7 +251,7 @@ def __setOutputResume(): if not conf.sessionFile: conf.sessionFile = "%s%ssession" % (conf.outputPath, os.sep) - logger.info("using '%s' as session file" % conf.sessionFile) + logger.info("using '%s' as a session file" % conf.sessionFile) if os.path.exists(conf.sessionFile): if not conf.flushSession: diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index af6a1ff9d..573441fa4 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -83,7 +83,7 @@ def __oneShotErrorUse(expression, field): incrementCounter(PAYLOAD.TECHNIQUE.ERROR) # Parse the returned page to get the exact error-based - # sql injection output + # SQL injection output output = reduce(lambda x, y: x if x is not None else y, [ \ extractRegexResult(check, page, re.DOTALL | re.IGNORECASE), \ extractRegexResult(check, listToStrValue(headers.headers \ diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 67350701c..25972e7c2 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -76,7 +76,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False): incrementCounter(PAYLOAD.TECHNIQUE.UNION) # Parse the returned page to get the exact union-based - # sql injection output + # SQL injection output retVal = reduce(lambda x, y: x if x is not None else y, ( \ extractRegexResult(check, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \ extractRegexResult(check, removeReflectiveValues(listToStrValue(headers.headers \