mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Minor adjustment to UNION query SQL injection detection function.
Updated command line help message based upon recent developments. Updated copyright note of lib/contrib/multipartpost.py.
This commit is contained in:
parent
996a872e51
commit
35708a0b97
|
@ -5,6 +5,8 @@ $Id$
|
|||
|
||||
02/2006 Will Holcomb <wholcomb@gmail.com>
|
||||
|
||||
Reference: http://odin.himinbi.org/MultipartPostHandler.py
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
|
@ -14,6 +16,10 @@ This library is distributed in the hope that it will be useful,
|
|||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with this library; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
"""
|
||||
|
||||
|
||||
|
|
|
@ -295,15 +295,12 @@ def checkStability():
|
|||
logger.info(infoMsg)
|
||||
|
||||
firstPage, firstHeaders = Request.queryPage(content=True)
|
||||
time.sleep(0.5)
|
||||
time.sleep(1)
|
||||
|
||||
secondPage, secondHeaders = Request.queryPage(content=True)
|
||||
time.sleep(0.5)
|
||||
|
||||
thirdPage, thirdHeaders = Request.queryPage(content=True)
|
||||
|
||||
condition = firstPage == secondPage
|
||||
condition &= secondPage == thirdPage
|
||||
condition = firstPage == secondPage
|
||||
|
||||
if condition == False:
|
||||
warnMsg = "url is not stable, sqlmap will base the page "
|
||||
|
|
|
@ -189,7 +189,7 @@ def cmdLineParser():
|
|||
"be used to enumerate the back-end database "
|
||||
"management system information, structure "
|
||||
"and data contained in the tables. Moreover "
|
||||
"you can run your own SQL SELECT queries.")
|
||||
"you can run your own SQL statements.")
|
||||
|
||||
enumeration.add_option("-b", "--banner", dest="getBanner",
|
||||
action="store_true", help="Retrieve DBMS banner")
|
||||
|
@ -258,7 +258,7 @@ def cmdLineParser():
|
|||
help="Last table entry to dump")
|
||||
|
||||
enumeration.add_option("--sql-query", dest="query",
|
||||
help="SQL SELECT query to be executed")
|
||||
help="SQL statement to be executed")
|
||||
|
||||
enumeration.add_option("--sql-shell", dest="sqlShell",
|
||||
action="store_true",
|
||||
|
|
|
@ -72,9 +72,9 @@ def comparison(page, headers=None, getSeqMatcher=False):
|
|||
conf.seqMatcher.set_seq2(page)
|
||||
|
||||
if getSeqMatcher:
|
||||
return round(conf.seqMatcher.ratio(), 5)
|
||||
return round(conf.seqMatcher.ratio(), 3)
|
||||
|
||||
elif round(conf.seqMatcher.ratio(), 5) >= MATCH_RATIO:
|
||||
elif round(conf.seqMatcher.ratio(), 3) >= MATCH_RATIO:
|
||||
return True
|
||||
|
||||
else:
|
||||
|
|
|
@ -54,27 +54,27 @@ def __effectiveUnionTest(query, comment):
|
|||
|
||||
commentedQuery = agent.postfixQuery(query, comment)
|
||||
payload = agent.payload(newValue=commentedQuery)
|
||||
newResult = Request.queryPage(payload)
|
||||
newResult = Request.queryPage(payload, getSeqMatcher=True)
|
||||
|
||||
if not newResult in resultDict.keys():
|
||||
resultDict[newResult] = (1, commentedQuery)
|
||||
else:
|
||||
resultDict[newResult] = (resultDict[newResult][0] + 1, commentedQuery)
|
||||
|
||||
if count:
|
||||
for element in resultDict.values():
|
||||
if element[0] == 1:
|
||||
if count > 3:
|
||||
for ratio, element in resultDict.items():
|
||||
if element[0] == 1 and ratio > 0.5:
|
||||
if kb.injPlace == "GET":
|
||||
value = "%s?%s" % (conf.url, payload)
|
||||
value = "%s?%s" % (conf.url, element[1])
|
||||
elif kb.injPlace == "POST":
|
||||
value = "URL:\t'%s'" % conf.url
|
||||
value += "\nPOST:\t'%s'\n" % payload
|
||||
value += "\nPOST:\t'%s'\n" % element[1]
|
||||
elif kb.injPlace == "Cookie":
|
||||
value = "URL:\t'%s'" % conf.url
|
||||
value += "\nCookie:\t'%s'\n" % payload
|
||||
value += "\nCookie:\t'%s'\n" % element[1]
|
||||
elif kb.injPlace == "User-Agent":
|
||||
value = "URL:\t\t'%s'" % conf.url
|
||||
value += "\nUser-Agent:\t'%s'\n" % payload
|
||||
value += "\nUser-Agent:\t'%s'\n" % element[1]
|
||||
|
||||
return value
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user