mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 13:41:10 +03:00 
			
		
		
		
	Merge branch 'master' of github.com:sqlmapproject/sqlmap
This commit is contained in:
		
						commit
						3f84cefc77
					
				|  | @ -736,7 +736,9 @@ class Connect(object): | ||||||
|                         else: |                         else: | ||||||
|                             get += "%s%s=%s" % (delimiter, name, value) |                             get += "%s%s=%s" % (delimiter, name, value) | ||||||
| 
 | 
 | ||||||
|  |         if not skipUrlEncode: | ||||||
|             get = urlencode(get, limit=True) |             get = urlencode(get, limit=True) | ||||||
|  | 
 | ||||||
|         if post is not None: |         if post is not None: | ||||||
|             if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE): |             if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE): | ||||||
|                 post = getattr(post, UNENCODED_ORIGINAL_VALUE) |                 post = getattr(post, UNENCODED_ORIGINAL_VALUE) | ||||||
|  |  | ||||||
|  | @ -119,7 +119,8 @@ def _oneShotErrorUse(expression, field=None): | ||||||
|                         threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE) |                         threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE) | ||||||
| 
 | 
 | ||||||
|                     if trimmed: |                     if trimmed: | ||||||
|                         warnMsg = "possible server trimmed output detected (due to its length): " |                         warnMsg = "possible server trimmed output detected " | ||||||
|  |                         warnMsg += "(due to its length and/or content): " | ||||||
|                         warnMsg += safecharencode(trimmed) |                         warnMsg += safecharencode(trimmed) | ||||||
|                         logger.warn(warnMsg) |                         logger.warn(warnMsg) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -102,7 +102,8 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): | ||||||
|             trimmed = _("%s(?P<result>.*?)<" % (kb.chars.start)) |             trimmed = _("%s(?P<result>.*?)<" % (kb.chars.start)) | ||||||
| 
 | 
 | ||||||
|             if trimmed: |             if trimmed: | ||||||
|                 warnMsg = "possible server trimmed output detected (probably due to its length): " |                 warnMsg = "possible server trimmed output detected " | ||||||
|  |                 warnMsg += "(probably due to its length and/or content): " | ||||||
|                 warnMsg += safecharencode(trimmed) |                 warnMsg += safecharencode(trimmed) | ||||||
|                 logger.warn(warnMsg) |                 logger.warn(warnMsg) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -7,20 +7,18 @@ See the file 'doc/COPYING' for copying permission | ||||||
| 
 | 
 | ||||||
| class xrange(object): | class xrange(object): | ||||||
|     """ |     """ | ||||||
|     Advanced implementation of xrange (supports slice/copy/etc.) |     Advanced (re)implementation of xrange (supports slice/copy/etc.) | ||||||
|     Reference: http://code.activestate.com/recipes/521885-a-pythonic-implementation-of-xrange/ |     Reference: http://code.activestate.com/recipes/521885-a-pythonic-implementation-of-xrange/ | ||||||
|     """ |     """ | ||||||
| 
 | 
 | ||||||
|     __slots__ = ['_slice'] |     __slots__ = ['_slice'] | ||||||
| 
 | 
 | ||||||
|     def __init__(self, *args): |     def __init__(self, *args): | ||||||
|         if args and isinstance(args[0], xrange): |         if args and isinstance(args[0], type(self)): | ||||||
|             self._slice = slice(args[0].start, args[0].stop, args[0].step) |             self._slice = slice(args[0].start, args[0].stop, args[0].step) | ||||||
|         else: |         else: | ||||||
|             self._slice = slice(*args) |             self._slice = slice(*args) | ||||||
|         if self._slice.stop is None: |         if self._slice.stop is None: | ||||||
|             # slice(*args) will never put None in stop unless it was |  | ||||||
|             # given as None explicitly. |  | ||||||
|             raise TypeError("xrange stop must not be None") |             raise TypeError("xrange stop must not be None") | ||||||
|          |          | ||||||
|     @property |     @property | ||||||
|  | @ -47,7 +45,7 @@ class xrange(object): | ||||||
|                 cmp(self._slice, other._slice)) |                 cmp(self._slice, other._slice)) | ||||||
| 
 | 
 | ||||||
|     def __repr__(self): |     def __repr__(self): | ||||||
|         return '%s(%r, %r, %r)' % (self.__class__.__name__, |         return '%s(%r, %r, %r)' % (type(self).__name__, | ||||||
|                                    self.start, self.stop, self.step) |                                    self.start, self.stop, self.step) | ||||||
| 
 | 
 | ||||||
|     def __len__(self): |     def __len__(self): | ||||||
|  |  | ||||||
|  | @ -2003,8 +2003,8 @@ | ||||||
|     </case> |     </case> | ||||||
|     <!-- End of operating system access switches --> |     <!-- End of operating system access switches --> | ||||||
| 
 | 
 | ||||||
|     <!-- Technique switches and corner cases --> |     <!-- Corner cases --> | ||||||
|     <case name="MySQL 4 time-based against unresponsive page"> |     <case name="Time-based (heavy query)"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_benchmark.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_benchmark.php?id=1"/> | ||||||
|             <tech value="T"/> |             <tech value="T"/> | ||||||
|  | @ -2017,7 +2017,7 @@ | ||||||
|             <item value="Title: MySQL < 5.0.12 AND time-based blind (heavy query)"/> |             <item value="Title: MySQL < 5.0.12 AND time-based blind (heavy query)"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL OR boolean-based multi-threaded enumeration"> |     <case name="OR boolean-based"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/> | ||||||
|             <threads value="4"/> |             <threads value="4"/> | ||||||
|  | @ -2032,7 +2032,7 @@ | ||||||
|             <item value="current user is DBA:    True"/> |             <item value="current user is DBA:    True"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL against page protected by custom weak filter"> |     <case name="Page protected by custom (weak) filter"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_filtered.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_filtered.php?id=1"/> | ||||||
|             <tech value="BE"/> |             <tech value="BE"/> | ||||||
|  | @ -2043,7 +2043,7 @@ | ||||||
|             <item value="Title: MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)"/> |             <item value="Title: MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL injection in GROUP BY clause"> |     <case name="GROUP BY clause"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_groupby.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_groupby.php?id=1"/> | ||||||
|             <tech value="B"/> |             <tech value="B"/> | ||||||
|  | @ -2053,7 +2053,7 @@ | ||||||
|             <item value="MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/> |             <item value="MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL boolean-based multi-threaded enumeration - international data"> |     <case name="International data"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_international.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_international.php?id=1"/> | ||||||
|             <threads value="4"/> |             <threads value="4"/> | ||||||
|  | @ -2068,7 +2068,7 @@ | ||||||
|             <item value="r'Database: testdb.+Table: international.+3 entries.+šućuraj.+река Москва'"/> |             <item value="r'Database: testdb.+Table: international.+3 entries.+šućuraj.+река Москва'"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL against highly dynamic page"> |     <case name="Highly dynamic page"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_rand.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_rand.php?id=1"/> | ||||||
|             <timeSec value="2"/> |             <timeSec value="2"/> | ||||||
|  | @ -2080,7 +2080,7 @@ | ||||||
|             <item value="Title: MySQL > 5.0.11 AND time-based blind"/> |             <item value="Title: MySQL > 5.0.11 AND time-based blind"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL against a page that returns a 302 redirect page when SQL statement return no output"> |     <case name="302 redirect page when SQL statement return no output"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_redirected.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_redirected.php?id=1"/> | ||||||
|             <timeSec value="2"/> |             <timeSec value="2"/> | ||||||
|  | @ -2091,7 +2091,7 @@ | ||||||
|             <item value="Title: MySQL > 5.0.11 AND time-based blind"/> |             <item value="Title: MySQL > 5.0.11 AND time-based blind"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL against a page that returns an image"> |     <case name="Page that returns an image"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_img.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_img.php?id=1"/> | ||||||
|             <tech value="BT"/> |             <tech value="BT"/> | ||||||
|  | @ -2102,7 +2102,7 @@ | ||||||
|             <item value="Title: MySQL > 5.0.11 AND time-based blind"/> |             <item value="Title: MySQL > 5.0.11 AND time-based blind"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL against a page that returns a 302 redirect page when SQL statement returns output"> |     <case name="302 redirect page when SQL statement returns output"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_redirected_true.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_redirected_true.php?id=1"/> | ||||||
|             <tech value="E"/> |             <tech value="E"/> | ||||||
|  | @ -2111,7 +2111,7 @@ | ||||||
|             <item value="Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause"/> |             <item value="Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL partial UNION query multi-threaded enumeration - invalid bignum"> |     <case name="Invalid bignum"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/> | ||||||
|             <tech value="U"/> |             <tech value="U"/> | ||||||
|  | @ -2126,7 +2126,7 @@ | ||||||
|             <item value="current user is DBA:    True"/> |             <item value="current user is DBA:    True"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL partial UNION query multi-threaded enumeration - invalid logical"> |     <case name="Invalid logical"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/> | ||||||
|             <tech value="U"/> |             <tech value="U"/> | ||||||
|  | @ -2141,10 +2141,10 @@ | ||||||
|             <item value="current user is DBA:    True"/> |             <item value="current user is DBA:    True"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <!-- End of technique switches --> |     <!-- End of corner cases --> | ||||||
| 
 | 
 | ||||||
|     <!-- Other switches --> |     <!-- Other switches --> | ||||||
|     <case name="MySQL error-based HTTP basic authentication"> |     <case name="HTTP basic authentication"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/basic/get_int.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/basic/get_int.php?id=1"/> | ||||||
|             <tech value="E"/> |             <tech value="E"/> | ||||||
|  | @ -2156,7 +2156,7 @@ | ||||||
|             <item value="banner:    '5.1.66-0+squeeze1'"/> |             <item value="banner:    '5.1.66-0+squeeze1'"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL error-based HTTP digest authentication"> |     <case name="HTTP digest authentication"> | ||||||
|         <switches> |         <switches> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/digest/get_int.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/digest/get_int.php?id=1"/> | ||||||
|             <tech value="E"/> |             <tech value="E"/> | ||||||
|  | @ -2168,7 +2168,7 @@ | ||||||
|             <item value="banner:    '5.1.66-0+squeeze1'"/> |             <item value="banner:    '5.1.66-0+squeeze1'"/> | ||||||
|         </parse> |         </parse> | ||||||
|     </case> |     </case> | ||||||
|     <case name="MySQL boolean-based predict output enumeration"> |     <case name="Predict output enumeration"> | ||||||
|         <switches> |         <switches> | ||||||
|             <verbose value="2"/> |             <verbose value="2"/> | ||||||
|             <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/> |             <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/> | ||||||
|  |  | ||||||
|  | @ -15,12 +15,6 @@ | ||||||
|         <order query="ORDER BY %s ASC"/> |         <order query="ORDER BY %s ASC"/> | ||||||
|         <count query="COUNT(%s)"/> |         <count query="COUNT(%s)"/> | ||||||
|         <comment query="-- " query2="/*" query3="#"/> |         <comment query="-- " query2="/*" query3="#"/> | ||||||
|         <!-- |  | ||||||
|              NOTE: MySQL 5.0.12 introduced SLEEP() function |  | ||||||
|                    References: |  | ||||||
|                    * http://dev.mysql.com/doc/refman/5.0/en/news-5-0-12.html |  | ||||||
|                    * http://dev.mysql.com/doc/refman/5.1/en/miscellaneous-functions.html#function_sleep |  | ||||||
|         --> |  | ||||||
|         <substring query="MID((%s),%d,%d)"/> |         <substring query="MID((%s),%d,%d)"/> | ||||||
|         <concatenate query="CONCAT(%s,%s)"/> |         <concatenate query="CONCAT(%s,%s)"/> | ||||||
|         <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> |         <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> | ||||||
|  | @ -89,12 +83,6 @@ | ||||||
|         <order query="ORDER BY %s ASC"/> |         <order query="ORDER BY %s ASC"/> | ||||||
|         <count query="COUNT(%s)"/> |         <count query="COUNT(%s)"/> | ||||||
|         <comment query="--" query2="/*"/> |         <comment query="--" query2="/*"/> | ||||||
|         <!-- |  | ||||||
|              NOTE: PostgreSQL 8.2 introduced PG_SLEEP() function |  | ||||||
|                    References: |  | ||||||
|                    * http://www.postgresql.org/docs/8.3/interactive/release-8-2.html |  | ||||||
|                    * http://www.postgresql.org/docs/8.3/interactive/functions-datetime.html#FUNCTIONS-DATETIME-DELAY |  | ||||||
|         --> |  | ||||||
|         <substring query="SUBSTR((%s)::text,%d,%d)"/> |         <substring query="SUBSTR((%s)::text,%d,%d)"/> | ||||||
|         <concatenate query="%s||%s"/> |         <concatenate query="%s||%s"/> | ||||||
|         <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/> |         <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/> | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user