sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor adjustment to UNION query SQL injection detection function.

Browse Source 
Updated command line help message based upon recent developments.
Updated copyright note of lib/contrib/multipartpost.py.
This commit is contained in:
Bernardo Damele 2008-12-21 16:35:03 +00:00
parent 996a872e51
commit 35708a0b97
5 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/contrib/multipartpost.py
View File

@ -5,6 +5,8 @@ $Id$
02/2006 Will Holcomb <wholcomb@gmail.com> 02/2006 Will Holcomb <wholcomb@gmail.com>
Reference: http://odin.himinbi.org/MultipartPostHandler.py
This library is free software; you can redistribute it and/or This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either License as published by the Free Software Foundation; either
@ -14,6 +16,10 @@ This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details. Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
""" """

7
lib/controller/checks.py
View File

@ -295,15 +295,12 @@ def checkStability():
logger.info(infoMsg) logger.info(infoMsg)
firstPage, firstHeaders = Request.queryPage(content=True) firstPage, firstHeaders = Request.queryPage(content=True)
time.sleep(0.5) time.sleep(1)
secondPage, secondHeaders = Request.queryPage(content=True) secondPage, secondHeaders = Request.queryPage(content=True)
time.sleep(0.5) time.sleep(0.5)
thirdPage, thirdHeaders = Request.queryPage(content=True) condition = firstPage == secondPage
condition = firstPage == secondPage
condition &= secondPage == thirdPage
if condition == False: if condition == False:
warnMsg = "url is not stable, sqlmap will base the page " warnMsg = "url is not stable, sqlmap will base the page "

4
lib/parse/cmdline.py
View File

@ -189,7 +189,7 @@ def cmdLineParser():
"be used to enumerate the back-end database " "be used to enumerate the back-end database "
"management system information, structure " "management system information, structure "
"and data contained in the tables. Moreover " "and data contained in the tables. Moreover "
"you can run your own SQL SELECT queries.") "you can run your own SQL statements.")
enumeration.add_option("-b", "--banner", dest="getBanner", enumeration.add_option("-b", "--banner", dest="getBanner",
action="store_true", help="Retrieve DBMS banner") action="store_true", help="Retrieve DBMS banner")
@ -258,7 +258,7 @@ def cmdLineParser():
help="Last table entry to dump") help="Last table entry to dump")
enumeration.add_option("--sql-query", dest="query", enumeration.add_option("--sql-query", dest="query",
help="SQL SELECT query to be executed") help="SQL statement to be executed")
enumeration.add_option("--sql-shell", dest="sqlShell", enumeration.add_option("--sql-shell", dest="sqlShell",
action="store_true", action="store_true",

4
lib/request/comparison.py
View File

@ -72,9 +72,9 @@ def comparison(page, headers=None, getSeqMatcher=False):
conf.seqMatcher.set_seq2(page) conf.seqMatcher.set_seq2(page)
if getSeqMatcher: if getSeqMatcher:
return round(conf.seqMatcher.ratio(), 5) return round(conf.seqMatcher.ratio(), 3)
elif round(conf.seqMatcher.ratio(), 5) >= MATCH_RATIO: elif round(conf.seqMatcher.ratio(), 3) >= MATCH_RATIO:
return True return True
else: else:

16
lib/techniques/inband/union/test.py
View File

@ -54,27 +54,27 @@ def __effectiveUnionTest(query, comment):
commentedQuery = agent.postfixQuery(query, comment) commentedQuery = agent.postfixQuery(query, comment)
payload = agent.payload(newValue=commentedQuery) payload = agent.payload(newValue=commentedQuery)
newResult = Request.queryPage(payload) newResult = Request.queryPage(payload, getSeqMatcher=True)
if not newResult in resultDict.keys(): if not newResult in resultDict.keys():
resultDict[newResult] = (1, commentedQuery) resultDict[newResult] = (1, commentedQuery)
else: else:
resultDict[newResult] = (resultDict[newResult][0] + 1, commentedQuery) resultDict[newResult] = (resultDict[newResult][0] + 1, commentedQuery)
if count: if count > 3:
for element in resultDict.values(): for ratio, element in resultDict.items():
if element[0] == 1: if element[0] == 1 and ratio > 0.5:
if kb.injPlace == "GET": if kb.injPlace == "GET":
value = "%s?%s" % (conf.url, payload) value = "%s?%s" % (conf.url, element[1])
elif kb.injPlace == "POST": elif kb.injPlace == "POST":
value = "URL:\t'%s'" % conf.url value = "URL:\t'%s'" % conf.url
value += "\nPOST:\t'%s'\n" % payload value += "\nPOST:\t'%s'\n" % element[1]
elif kb.injPlace == "Cookie": elif kb.injPlace == "Cookie":
value = "URL:\t'%s'" % conf.url value = "URL:\t'%s'" % conf.url
value += "\nCookie:\t'%s'\n" % payload value += "\nCookie:\t'%s'\n" % element[1]
elif kb.injPlace == "User-Agent": elif kb.injPlace == "User-Agent":
value = "URL:\t\t'%s'" % conf.url value = "URL:\t\t'%s'" % conf.url
value += "\nUser-Agent:\t'%s'\n" % payload value += "\nUser-Agent:\t'%s'\n" % element[1]
return value return value