sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

automatically turn on --text-only in case of heavily-dynamicity instead of critical exit

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-03 11:06:49 +00:00
parent adc41181e6
commit 3629c2737b
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/controller/checks.py
View File

@ -50,6 +50,7 @@ from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setDynamicMarkings from lib.core.session import setDynamicMarkings
from lib.core.session import setString from lib.core.session import setString
from lib.core.session import setRegexp from lib.core.session import setRegexp
from lib.core.session import setTextOnly
from lib.core.settings import CONSTANT_RATIO from lib.core.settings import CONSTANT_RATIO
from lib.core.settings import UPPER_RATIO_BOUND from lib.core.settings import UPPER_RATIO_BOUND
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
@ -487,7 +488,8 @@ def heuristicCheckSqlInjection(place, parameter, value):
def simpletonCheckSqlInjection(place, parameter, value): def simpletonCheckSqlInjection(place, parameter, value):
""" """
This is a function for the quickest and simplest This is a function for the quickest and simplest
sql injection check (e.g. AND 1=1) sql injection check (e.g. AND 1=1) - only works
with integer parameters
""" """
result = False result = False
@ -497,17 +499,14 @@ def simpletonCheckSqlInjection(place, parameter, value):
if value.isdigit(): if value.isdigit():
payload = "%s AND %d=%d" % (value, randInt, randInt) payload = "%s AND %d=%d" % (value, randInt, randInt)
else: else:
payload = "%s' AND '%s'='%s" % (value, randStr, randStr) return False
payload = agent.payload(place, parameter, value, payload) payload = agent.payload(place, parameter, value, payload)
firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False) firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()): if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO: if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
if value.isdigit():
payload = "%s AND %d=%d" % (value, randInt, randInt+1) payload = "%s AND %d=%d" % (value, randInt, randInt+1)
else:
payload = "%s' AND '%s'='%s" % (value, randStr, randomStr())
payload = agent.payload(place, parameter, value, payload) payload = agent.payload(place, parameter, value, payload)
secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False) secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
@ -582,10 +581,13 @@ def checkDynamicContent(firstPage, secondPage):
count += 1 count += 1
if count > conf.retries: if count > conf.retries:
errMsg = "target url is too dynamic. unable to continue. " warnMsg = "target url is too dynamic. "
errMsg += "consider using other switches (e.g. " warnMsg += "switching to --text-only. "
errMsg += "--longest-common, --string, --text-only, etc.)" logger.warn(warnMsg)
raise sqlmapSiteTooDynamic, errMsg
conf.textOnly = True
setTextOnly()
return
warnMsg = "target url is heavily dynamic" warnMsg = "target url is heavily dynamic"
warnMsg += ", sqlmap is going to retry the request" warnMsg += ", sqlmap is going to retry the request"