From 36f2bb5390df1fddde815f9fda0a386d80e29b8c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 21 May 2019 12:07:19 +0200 Subject: [PATCH] Minor beautification (e.g. HTTP header cases like Host parameter 'Host') --- lib/controller/checks.py | 27 ++++++++++++--------------- lib/controller/controller.py | 26 ++++++++++++-------------- lib/core/common.py | 4 ++-- lib/core/settings.py | 2 +- lib/core/target.py | 2 +- 5 files changed, 28 insertions(+), 33 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index ff87aa5a2..acef09e32 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -575,7 +575,7 @@ def checkSqlInjection(place, parameter, value): conf.string = candidate injectable = True - infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'")) + infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.string).lstrip('u').strip("'")) logger.info(infoMsg) break @@ -585,7 +585,7 @@ def checkSqlInjection(place, parameter, value): if all((falseCode, trueCode)) and falseCode != trueCode: conf.code = trueCode - infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --code=%d)" % (paramType, parameter, title, conf.code) + infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --code=%d)" % ("%s " % paramType if paramType != parameter else "", parameter, title, conf.code) logger.info(infoMsg) else: trueSet = set(extractTextTagContent(trueRawResponse)) @@ -610,7 +610,7 @@ def checkSqlInjection(place, parameter, value): conf.string = candidate - infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'")) + infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.string).lstrip('u').strip("'")) logger.info(infoMsg) if not any((conf.string, conf.notString)): @@ -624,11 +624,11 @@ def checkSqlInjection(place, parameter, value): conf.notString = candidate - infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % (paramType, parameter, title, repr(conf.notString).lstrip('u').strip("'")) + infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.notString).lstrip('u').strip("'")) logger.info(infoMsg) if not any((conf.string, conf.notString, conf.code)): - infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType, parameter, title) + infoMsg = "%sparameter '%s' appears to be '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title) singleTimeLogMessage(infoMsg) # In case of error-based SQL injection @@ -646,7 +646,7 @@ def checkSqlInjection(place, parameter, value): result = output == "1" if result: - infoMsg = "%s parameter '%s' is '%s' injectable " % (paramType, parameter, title) + infoMsg = "%sparameter '%s' is '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title) logger.info(infoMsg) injectable = True @@ -675,7 +675,7 @@ def checkSqlInjection(place, parameter, value): trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True, raise404=False) if trueResult: - infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType, parameter, title) + infoMsg = "%sparameter '%s' appears to be '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title) logger.info(infoMsg) injectable = True @@ -714,7 +714,7 @@ def checkSqlInjection(place, parameter, value): reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix) if isinstance(reqPayload, six.string_types): - infoMsg = "%s parameter '%s' is '%s' injectable" % (paramType, parameter, title) + infoMsg = "%sparameter '%s' is '%s' injectable" % ("%s " % paramType if paramType != parameter else "", parameter, title) logger.info(infoMsg) injectable = True @@ -1053,8 +1053,7 @@ def heuristicCheckSqlInjection(place, parameter): parseFilePaths(page) result = wasLastResponseDBMSError() - infoMsg = "heuristic (basic) test shows that %s parameter " % paramType - infoMsg += "'%s' might " % parameter + infoMsg = "heuristic (basic) test shows that %sparameter '%s' might " % ("%s " % paramType if paramType != parameter else "", parameter) def _(page): return any(_ in (page or "") for _ in FORMAT_EXCEPTION_STRINGS) @@ -1116,14 +1115,12 @@ def heuristicCheckSqlInjection(place, parameter): paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place if value.lower() in (page or "").lower(): - infoMsg = "heuristic (XSS) test shows that %s parameter " % paramType - infoMsg += "'%s' might be vulnerable to cross-site scripting (XSS) attacks" % parameter + infoMsg = "heuristic (XSS) test shows that %sparameter '%s' might be vulnerable to cross-site scripting (XSS) attacks" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) for match in re.finditer(FI_ERROR_REGEX, page or ""): if randStr1.lower() in match.group(0).lower(): - infoMsg = "heuristic (FI) test shows that %s parameter " % paramType - infoMsg += "'%s' might be vulnerable to file inclusion (FI) attacks" % parameter + infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) break @@ -1147,7 +1144,7 @@ def checkDynParam(place, parameter, value): paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place - infoMsg = "testing if %s parameter '%s' is dynamic" % (paramType, parameter) + infoMsg = "testing if %sparameter '%s' is dynamic" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) try: diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 632caed20..655620942 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -498,7 +498,7 @@ def start(): if paramKey in kb.testedParams: testSqlInj = False - infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter) + infoMsg = "skipping previously processed %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) elif any(_ in conf.testParameter for _ in (parameter, removePostHintPrefix(parameter))): @@ -507,19 +507,19 @@ def start(): elif parameter in conf.rParam: testSqlInj = False - infoMsg = "skipping randomizing %s parameter '%s'" % (paramType, parameter) + infoMsg = "skipping randomizing %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) elif parameter in conf.skip or kb.postHint and parameter.split(' ')[-1] in conf.skip: testSqlInj = False - infoMsg = "skipping %s parameter '%s'" % (paramType, parameter) + infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)): testSqlInj = False - infoMsg = "skipping %s parameter '%s'" % (paramType, parameter) + infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) elif conf.csrfToken and re.search(conf.csrfToken, parameter, re.I): @@ -532,23 +532,23 @@ def start(): elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)): testSqlInj = False - infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter) + infoMsg = "ignoring %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech or conf.skipStatic: check = checkDynParam(place, parameter, value) if not check: - warnMsg = "%s parameter '%s' does not appear to be dynamic" % (paramType, parameter) + warnMsg = "%sparameter '%s' does not appear to be dynamic" % ("%s " % paramType if paramType != parameter else "", parameter) logger.warn(warnMsg) if conf.skipStatic: - infoMsg = "skipping static %s parameter '%s'" % (paramType, parameter) + infoMsg = "skipping static %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) testSqlInj = False else: - infoMsg = "%s parameter '%s' appears to be dynamic" % (paramType, parameter) + infoMsg = "%sparameter '%s' appears to be dynamic" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) kb.testedParams.add(paramKey) @@ -563,12 +563,11 @@ def start(): if check != HEURISTIC_TEST.POSITIVE: if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED): - infoMsg = "skipping %s parameter '%s'" % (paramType, parameter) + infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) continue - infoMsg = "testing for SQL injection on %s " % paramType - infoMsg += "parameter '%s'" % parameter + infoMsg = "testing for SQL injection on %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) injection = checkSqlInjection(place, parameter, value) @@ -587,7 +586,7 @@ def start(): if not proceed: break - msg = "%s parameter '%s' " % (injection.place, injection.parameter) + msg = "%sparameter '%s' " % ("%s " % injection.place if injection.place != injection.parameter else "", injection.parameter) msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] " if not readInput(msg, default='N', boolean=True): @@ -596,8 +595,7 @@ def start(): kb.testedParams.add(paramKey) if not injectable: - warnMsg = "%s parameter '%s' does not seem to be " % (paramType, parameter) - warnMsg += "injectable" + warnMsg = "%sparameter '%s' does not seem to be injectable" % ("%s " % paramType if paramType != parameter else "", parameter) logger.warn(warnMsg) finally: diff --git a/lib/core/common.py b/lib/core/common.py index e3a21ef96..9ca883b06 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -679,7 +679,7 @@ def paramToDict(place, parameters=None): walk(deserialized) if candidates: - message = "it appears that provided value for %s parameter '%s' " % (place, parameter) + message = "it appears that provided value for %sparameter '%s' " % ("%s " % place if place != parameter else "", parameter) message += "is JSON deserializable. Do you want to inject inside? [y/N] " if readInput(message, default='N', boolean=True): @@ -692,7 +692,7 @@ def paramToDict(place, parameters=None): pass _ = re.sub(regex, r"\g<1>%s\g<%d>" % (kb.customInjectionMark, len(match.groups())), testableParameters[parameter]) - message = "it appears that provided value for %s parameter '%s' " % (place, parameter) + message = "it appears that provided value for %sparameter '%s' " % ("%s " % place if place != parameter else "", parameter) message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % getUnicode(_) if readInput(message, default='N', boolean=True): diff --git a/lib/core/settings.py b/lib/core/settings.py index cdeb5e075..4f48b92a3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.5.121" +VERSION = "1.3.5.122" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 57cac840c..604818dd0 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -407,7 +407,7 @@ def _setRequestParams(): for parameter in conf.paramDict.get(place, {}): if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES): - message = "%s parameter '%s' appears to hold anti-CSRF token. " % (place, parameter) + message = "%sparameter '%s' appears to hold anti-CSRF token. " % ("%s " % place if place != parameter else "", parameter) message += "Do you want sqlmap to automatically update it in further requests? [y/N] " if readInput(message, default='N', boolean=True):