mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-04-25 11:23:44 +03:00
Minor beautification (e.g. HTTP header cases like Host parameter 'Host')
This commit is contained in:
Miroslav Stampar
parent
23d0a04f32
commit
36f2bb5390
|
|
@ -575,7 +575,7 @@ def checkSqlInjection(place, parameter, value):
|
||||||
conf.string = candidate
|
conf.string = candidate
|
||||||
injectable = True
|
injectable = True
|
||||||
|
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'"))
|
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.string).lstrip('u').strip("'"))
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
break
|
break
|
||||||
|
|
@ -585,7 +585,7 @@ def checkSqlInjection(place, parameter, value):
|
||||||
if all((falseCode, trueCode)) and falseCode != trueCode:
|
if all((falseCode, trueCode)) and falseCode != trueCode:
|
||||||
conf.code = trueCode
|
conf.code = trueCode
|
||||||
|
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --code=%d)" % (paramType, parameter, title, conf.code)
|
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --code=%d)" % ("%s " % paramType if paramType != parameter else "", parameter, title, conf.code)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
else:
|
else:
|
||||||
trueSet = set(extractTextTagContent(trueRawResponse))
|
trueSet = set(extractTextTagContent(trueRawResponse))
|
||||||
|
|
@ -610,7 +610,7 @@ def checkSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
conf.string = candidate
|
conf.string = candidate
|
||||||
|
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'"))
|
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.string).lstrip('u').strip("'"))
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if not any((conf.string, conf.notString)):
|
if not any((conf.string, conf.notString)):
|
||||||
|
|
@ -624,11 +624,11 @@ def checkSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
conf.notString = candidate
|
conf.notString = candidate
|
||||||
|
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % (paramType, parameter, title, repr(conf.notString).lstrip('u').strip("'"))
|
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.notString).lstrip('u').strip("'"))
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if not any((conf.string, conf.notString, conf.code)):
|
if not any((conf.string, conf.notString, conf.code)):
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType, parameter, title)
|
infoMsg = "%sparameter '%s' appears to be '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title)
|
||||||
singleTimeLogMessage(infoMsg)
|
singleTimeLogMessage(infoMsg)
|
||||||
|
|
||||||
# In case of error-based SQL injection
|
# In case of error-based SQL injection
|
||||||
|
|
@ -646,7 +646,7 @@ def checkSqlInjection(place, parameter, value):
|
||||||
result = output == "1"
|
result = output == "1"
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
infoMsg = "%s parameter '%s' is '%s' injectable " % (paramType, parameter, title)
|
infoMsg = "%sparameter '%s' is '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
injectable = True
|
injectable = True
|
||||||
|
|
@ -675,7 +675,7 @@ def checkSqlInjection(place, parameter, value):
|
||||||
trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True, raise404=False)
|
trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True, raise404=False)
|
||||||
|
|
||||||
if trueResult:
|
if trueResult:
|
||||||
infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType, parameter, title)
|
infoMsg = "%sparameter '%s' appears to be '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
injectable = True
|
injectable = True
|
||||||
|
|
@ -714,7 +714,7 @@ def checkSqlInjection(place, parameter, value):
|
||||||
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
|
reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
|
||||||
|
|
||||||
if isinstance(reqPayload, six.string_types):
|
if isinstance(reqPayload, six.string_types):
|
||||||
infoMsg = "%s parameter '%s' is '%s' injectable" % (paramType, parameter, title)
|
infoMsg = "%sparameter '%s' is '%s' injectable" % ("%s " % paramType if paramType != parameter else "", parameter, title)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
injectable = True
|
injectable = True
|
||||||
|
|
@ -1053,8 +1053,7 @@ def heuristicCheckSqlInjection(place, parameter):
|
||||||
parseFilePaths(page)
|
parseFilePaths(page)
|
||||||
result = wasLastResponseDBMSError()
|
result = wasLastResponseDBMSError()
|
||||||
|
|
||||||
infoMsg = "heuristic (basic) test shows that %s parameter " % paramType
|
infoMsg = "heuristic (basic) test shows that %sparameter '%s' might " % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
infoMsg += "'%s' might " % parameter
|
|
||||||
|
|
||||||
def _(page):
|
def _(page):
|
||||||
return any(_ in (page or "") for _ in FORMAT_EXCEPTION_STRINGS)
|
return any(_ in (page or "") for _ in FORMAT_EXCEPTION_STRINGS)
|
||||||
|
|
@ -1116,14 +1115,12 @@ def heuristicCheckSqlInjection(place, parameter):
|
||||||
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
||||||
|
|
||||||
if value.lower() in (page or "").lower():
|
if value.lower() in (page or "").lower():
|
||||||
infoMsg = "heuristic (XSS) test shows that %s parameter " % paramType
|
infoMsg = "heuristic (XSS) test shows that %sparameter '%s' might be vulnerable to cross-site scripting (XSS) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
infoMsg += "'%s' might be vulnerable to cross-site scripting (XSS) attacks" % parameter
|
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
for match in re.finditer(FI_ERROR_REGEX, page or ""):
|
for match in re.finditer(FI_ERROR_REGEX, page or ""):
|
||||||
if randStr1.lower() in match.group(0).lower():
|
if randStr1.lower() in match.group(0).lower():
|
||||||
infoMsg = "heuristic (FI) test shows that %s parameter " % paramType
|
infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
infoMsg += "'%s' might be vulnerable to file inclusion (FI) attacks" % parameter
|
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
break
|
break
|
||||||
|
|
||||||
|
|
@ -1147,7 +1144,7 @@ def checkDynParam(place, parameter, value):
|
||||||
|
|
||||||
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
||||||
|
|
||||||
infoMsg = "testing if %s parameter '%s' is dynamic" % (paramType, parameter)
|
infoMsg = "testing if %sparameter '%s' is dynamic" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
||||||
|
|
@ -498,7 +498,7 @@ def start():
|
||||||
if paramKey in kb.testedParams:
|
if paramKey in kb.testedParams:
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
|
|
||||||
infoMsg = "skipping previously processed %s parameter '%s'" % (paramType, parameter)
|
infoMsg = "skipping previously processed %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
elif any(_ in conf.testParameter for _ in (parameter, removePostHintPrefix(parameter))):
|
elif any(_ in conf.testParameter for _ in (parameter, removePostHintPrefix(parameter))):
|
||||||
|
|
@ -507,19 +507,19 @@ def start():
|
||||||
elif parameter in conf.rParam:
|
elif parameter in conf.rParam:
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
|
|
||||||
infoMsg = "skipping randomizing %s parameter '%s'" % (paramType, parameter)
|
infoMsg = "skipping randomizing %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
elif parameter in conf.skip or kb.postHint and parameter.split(' ')[-1] in conf.skip:
|
elif parameter in conf.skip or kb.postHint and parameter.split(' ')[-1] in conf.skip:
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
|
|
||||||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):
|
elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
|
|
||||||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
elif conf.csrfToken and re.search(conf.csrfToken, parameter, re.I):
|
elif conf.csrfToken and re.search(conf.csrfToken, parameter, re.I):
|
||||||
|
|
@ -532,23 +532,23 @@ def start():
|
||||||
elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
|
elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
|
|
||||||
infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter)
|
infoMsg = "ignoring %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech or conf.skipStatic:
|
elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech or conf.skipStatic:
|
||||||
check = checkDynParam(place, parameter, value)
|
check = checkDynParam(place, parameter, value)
|
||||||
|
|
||||||
if not check:
|
if not check:
|
||||||
warnMsg = "%s parameter '%s' does not appear to be dynamic" % (paramType, parameter)
|
warnMsg = "%sparameter '%s' does not appear to be dynamic" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
if conf.skipStatic:
|
if conf.skipStatic:
|
||||||
infoMsg = "skipping static %s parameter '%s'" % (paramType, parameter)
|
infoMsg = "skipping static %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
else:
|
else:
|
||||||
infoMsg = "%s parameter '%s' appears to be dynamic" % (paramType, parameter)
|
infoMsg = "%sparameter '%s' appears to be dynamic" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
kb.testedParams.add(paramKey)
|
kb.testedParams.add(paramKey)
|
||||||
|
|
@ -563,12 +563,11 @@ def start():
|
||||||
|
|
||||||
if check != HEURISTIC_TEST.POSITIVE:
|
if check != HEURISTIC_TEST.POSITIVE:
|
||||||
if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
|
if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
|
||||||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
infoMsg = "testing for SQL injection on %s " % paramType
|
infoMsg = "testing for SQL injection on %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
infoMsg += "parameter '%s'" % parameter
|
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
injection = checkSqlInjection(place, parameter, value)
|
injection = checkSqlInjection(place, parameter, value)
|
||||||
|
|
@ -587,7 +586,7 @@ def start():
|
||||||
if not proceed:
|
if not proceed:
|
||||||
break
|
break
|
||||||
|
|
||||||
msg = "%s parameter '%s' " % (injection.place, injection.parameter)
|
msg = "%sparameter '%s' " % ("%s " % injection.place if injection.place != injection.parameter else "", injection.parameter)
|
||||||
msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
|
msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
|
||||||
|
|
||||||
if not readInput(msg, default='N', boolean=True):
|
if not readInput(msg, default='N', boolean=True):
|
||||||
|
|
@ -596,8 +595,7 @@ def start():
|
||||||
kb.testedParams.add(paramKey)
|
kb.testedParams.add(paramKey)
|
||||||
|
|
||||||
if not injectable:
|
if not injectable:
|
||||||
warnMsg = "%s parameter '%s' does not seem to be " % (paramType, parameter)
|
warnMsg = "%sparameter '%s' does not seem to be injectable" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||||
warnMsg += "injectable"
|
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
finally:
|
finally:
|
||||||
|
|
|
||||||
|
|
@ -679,7 +679,7 @@ def paramToDict(place, parameters=None):
|
||||||
walk(deserialized)
|
walk(deserialized)
|
||||||
|
|
||||||
if candidates:
|
if candidates:
|
||||||
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
|
message = "it appears that provided value for %sparameter '%s' " % ("%s " % place if place != parameter else "", parameter)
|
||||||
message += "is JSON deserializable. Do you want to inject inside? [y/N] "
|
message += "is JSON deserializable. Do you want to inject inside? [y/N] "
|
||||||
|
|
||||||
if readInput(message, default='N', boolean=True):
|
if readInput(message, default='N', boolean=True):
|
||||||
|
|
@ -692,7 +692,7 @@ def paramToDict(place, parameters=None):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
_ = re.sub(regex, r"\g<1>%s\g<%d>" % (kb.customInjectionMark, len(match.groups())), testableParameters[parameter])
|
_ = re.sub(regex, r"\g<1>%s\g<%d>" % (kb.customInjectionMark, len(match.groups())), testableParameters[parameter])
|
||||||
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
|
message = "it appears that provided value for %sparameter '%s' " % ("%s " % place if place != parameter else "", parameter)
|
||||||
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % getUnicode(_)
|
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % getUnicode(_)
|
||||||
|
|
||||||
if readInput(message, default='N', boolean=True):
|
if readInput(message, default='N', boolean=True):
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.3.5.121"
|
VERSION = "1.3.5.122"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
||||||
|
|
@ -407,7 +407,7 @@ def _setRequestParams():
|
||||||
|
|
||||||
for parameter in conf.paramDict.get(place, {}):
|
for parameter in conf.paramDict.get(place, {}):
|
||||||
if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
|
if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
|
||||||
message = "%s parameter '%s' appears to hold anti-CSRF token. " % (place, parameter)
|
message = "%sparameter '%s' appears to hold anti-CSRF token. " % ("%s " % place if place != parameter else "", parameter)
|
||||||
message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
|
message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
|
||||||
|
|
||||||
if readInput(message, default='N', boolean=True):
|
if readInput(message, default='N', boolean=True):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user