sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:sqlmapproject/sqlmap

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-15 14:59:22 +00:00
commit 3f84cefc77
6 changed files with 26 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/request/connect.py
View File

@ -736,7 +736,9 @@ class Connect(object):
else: else:
get += "%s%s=%s" % (delimiter, name, value) get += "%s%s=%s" % (delimiter, name, value)
get = urlencode(get, limit=True) if not skipUrlEncode:
get = urlencode(get, limit=True)
if post is not None: if post is not None:
if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE): if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
post = getattr(post, UNENCODED_ORIGINAL_VALUE) post = getattr(post, UNENCODED_ORIGINAL_VALUE)

3
lib/techniques/error/use.py
View File

@ -119,7 +119,8 @@ def _oneShotErrorUse(expression, field=None):
threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE) threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)
if trimmed: if trimmed:
warnMsg = "possible server trimmed output detected (due to its length): " warnMsg = "possible server trimmed output detected "
warnMsg += "(due to its length and/or content): "
warnMsg += safecharencode(trimmed) warnMsg += safecharencode(trimmed)
logger.warn(warnMsg) logger.warn(warnMsg)

3
lib/techniques/union/use.py
View File

@ -102,7 +102,8 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
trimmed = _("%s(?P<result>.*?)<" % (kb.chars.start)) trimmed = _("%s(?P<result>.*?)<" % (kb.chars.start))
if trimmed: if trimmed:
warnMsg = "possible server trimmed output detected (probably due to its length): " warnMsg = "possible server trimmed output detected "
warnMsg += "(probably due to its length and/or content): "
warnMsg += safecharencode(trimmed) warnMsg += safecharencode(trimmed)
logger.warn(warnMsg) logger.warn(warnMsg)

8
lib/utils/xrange.py
View File

@ -7,20 +7,18 @@ See the file 'doc/COPYING' for copying permission
class xrange(object): class xrange(object):
""" """
Advanced implementation of xrange (supports slice/copy/etc.) Advanced (re)implementation of xrange (supports slice/copy/etc.)
Reference: http://code.activestate.com/recipes/521885-a-pythonic-implementation-of-xrange/ Reference: http://code.activestate.com/recipes/521885-a-pythonic-implementation-of-xrange/
""" """
__slots__ = ['_slice'] __slots__ = ['_slice']
def __init__(self, *args): def __init__(self, *args):
if args and isinstance(args[0], xrange): if args and isinstance(args[0], type(self)):
self._slice = slice(args[0].start, args[0].stop, args[0].step) self._slice = slice(args[0].start, args[0].stop, args[0].step)
else: else:
self._slice = slice(*args) self._slice = slice(*args)
if self._slice.stop is None: if self._slice.stop is None:
# slice(*args) will never put None in stop unless it was
# given as None explicitly.
raise TypeError("xrange stop must not be None") raise TypeError("xrange stop must not be None")
@property @property
@ -47,7 +45,7 @@ class xrange(object):
cmp(self._slice, other._slice)) cmp(self._slice, other._slice))
def __repr__(self): def __repr__(self):
return '%s(%r, %r, %r)' % (self.__class__.__name__, return '%s(%r, %r, %r)' % (type(self).__name__,
self.start, self.stop, self.step) self.start, self.stop, self.step)
def __len__(self): def __len__(self):

32
xml/livetests.xml
View File

@ -2003,8 +2003,8 @@
</case> </case>
<!-- End of operating system access switches --> <!-- End of operating system access switches -->
<!-- Technique switches and corner cases --> <!-- Corner cases -->
<case name="MySQL 4 time-based against unresponsive page"> <case name="Time-based (heavy query)">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_benchmark.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_benchmark.php?id=1"/>
<tech value="T"/> <tech value="T"/>
@ -2017,7 +2017,7 @@
<item value="Title: MySQL &lt; 5.0.12 AND time-based blind (heavy query)"/> <item value="Title: MySQL &lt; 5.0.12 AND time-based blind (heavy query)"/>
</parse> </parse>
</case> </case>
<case name="MySQL OR boolean-based multi-threaded enumeration"> <case name="OR boolean-based">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<threads value="4"/> <threads value="4"/>
@ -2032,7 +2032,7 @@
<item value="current user is DBA: True"/> <item value="current user is DBA: True"/>
</parse> </parse>
</case> </case>
<case name="MySQL against page protected by custom weak filter"> <case name="Page protected by custom (weak) filter">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_filtered.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_filtered.php?id=1"/>
<tech value="BE"/> <tech value="BE"/>
@ -2043,7 +2043,7 @@
<item value="Title: MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)"/> <item value="Title: MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)"/>
</parse> </parse>
</case> </case>
<case name="MySQL injection in GROUP BY clause"> <case name="GROUP BY clause">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_groupby.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_groupby.php?id=1"/>
<tech value="B"/> <tech value="B"/>
@ -2053,7 +2053,7 @@
<item value="MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/> <item value="MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/>
</parse> </parse>
</case> </case>
<case name="MySQL boolean-based multi-threaded enumeration - international data"> <case name="International data">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_international.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_international.php?id=1"/>
<threads value="4"/> <threads value="4"/>
@ -2068,7 +2068,7 @@
<item value="r'Database: testdb.+Table: international.+3 entries.+šućuraj.+река Москва'"/> <item value="r'Database: testdb.+Table: international.+3 entries.+šućuraj.+река Москва'"/>
</parse> </parse>
</case> </case>
<case name="MySQL against highly dynamic page"> <case name="Highly dynamic page">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_rand.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_rand.php?id=1"/>
<timeSec value="2"/> <timeSec value="2"/>
@ -2080,7 +2080,7 @@
<item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/> <item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/>
</parse> </parse>
</case> </case>
<case name="MySQL against a page that returns a 302 redirect page when SQL statement return no output"> <case name="302 redirect page when SQL statement return no output">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_redirected.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_redirected.php?id=1"/>
<timeSec value="2"/> <timeSec value="2"/>
@ -2091,7 +2091,7 @@
<item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/> <item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/>
</parse> </parse>
</case> </case>
<case name="MySQL against a page that returns an image"> <case name="Page that returns an image">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_img.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_img.php?id=1"/>
<tech value="BT"/> <tech value="BT"/>
@ -2102,7 +2102,7 @@
<item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/> <item value="Title: MySQL &gt; 5.0.11 AND time-based blind"/>
</parse> </parse>
</case> </case>
<case name="MySQL against a page that returns a 302 redirect page when SQL statement returns output"> <case name="302 redirect page when SQL statement returns output">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_redirected_true.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_redirected_true.php?id=1"/>
<tech value="E"/> <tech value="E"/>
@ -2111,7 +2111,7 @@
<item value="Title: MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause"/> <item value="Title: MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause"/>
</parse> </parse>
</case> </case>
<case name="MySQL partial UNION query multi-threaded enumeration - invalid bignum"> <case name="Invalid bignum">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/>
<tech value="U"/> <tech value="U"/>
@ -2126,7 +2126,7 @@
<item value="current user is DBA: True"/> <item value="current user is DBA: True"/>
</parse> </parse>
</case> </case>
<case name="MySQL partial UNION query multi-threaded enumeration - invalid logical"> <case name="Invalid logical">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/>
<tech value="U"/> <tech value="U"/>
@ -2141,10 +2141,10 @@
<item value="current user is DBA: True"/> <item value="current user is DBA: True"/>
</parse> </parse>
</case> </case>
<!-- End of technique switches --> <!-- End of corner cases -->
<!-- Other switches --> <!-- Other switches -->
<case name="MySQL error-based HTTP basic authentication"> <case name="HTTP basic authentication">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/basic/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/basic/get_int.php?id=1"/>
<tech value="E"/> <tech value="E"/>
@ -2156,7 +2156,7 @@
<item value="banner: '5.1.66-0+squeeze1'"/> <item value="banner: '5.1.66-0+squeeze1'"/>
</parse> </parse>
</case> </case>
<case name="MySQL error-based HTTP digest authentication"> <case name="HTTP digest authentication">
<switches> <switches>
<url value="http://debiandev/sqlmap/mysql/digest/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/digest/get_int.php?id=1"/>
<tech value="E"/> <tech value="E"/>
@ -2168,7 +2168,7 @@
<item value="banner: '5.1.66-0+squeeze1'"/> <item value="banner: '5.1.66-0+squeeze1'"/>
</parse> </parse>
</case> </case>
<case name="MySQL boolean-based predict output enumeration"> <case name="Predict output enumeration">
<switches> <switches>
<verbose value="2"/> <verbose value="2"/>
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>

12
xml/queries.xml
View File

@ -15,12 +15,6 @@
<order query="ORDER BY %s ASC"/> <order query="ORDER BY %s ASC"/>
<count query="COUNT(%s)"/> <count query="COUNT(%s)"/>
<comment query="-- " query2="/*" query3="#"/> <comment query="-- " query2="/*" query3="#"/>
<!--
NOTE: MySQL 5.0.12 introduced SLEEP() function
References:
* http://dev.mysql.com/doc/refman/5.0/en/news-5-0-12.html
* http://dev.mysql.com/doc/refman/5.1/en/miscellaneous-functions.html#function_sleep
-->
<substring query="MID((%s),%d,%d)"/> <substring query="MID((%s),%d,%d)"/>
<concatenate query="CONCAT(%s,%s)"/> <concatenate query="CONCAT(%s,%s)"/>
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/> <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
@ -89,12 +83,6 @@
<order query="ORDER BY %s ASC"/> <order query="ORDER BY %s ASC"/>
<count query="COUNT(%s)"/> <count query="COUNT(%s)"/>
<comment query="--" query2="/*"/> <comment query="--" query2="/*"/>
<!--
NOTE: PostgreSQL 8.2 introduced PG_SLEEP() function
References:
* http://www.postgresql.org/docs/8.3/interactive/release-8-2.html
* http://www.postgresql.org/docs/8.3/interactive/functions-datetime.html#FUNCTIONS-DATETIME-DELAY
-->
<substring query="SUBSTR((%s)::text,%d,%d)"/> <substring query="SUBSTR((%s)::text,%d,%d)"/>
<concatenate query="%s||%s"/> <concatenate query="%s||%s"/>
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/> <case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>