mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Consistency between --*-test switches/output
This commit is contained in:
parent
dac7436edf
commit
45ec8c169a
|
@ -1112,6 +1112,7 @@ def __setKnowledgeBaseAttributes():
|
||||||
kb.unionPosition = None
|
kb.unionPosition = None
|
||||||
kb.unionNegative = False
|
kb.unionNegative = False
|
||||||
kb.unionFalseCond = False
|
kb.unionFalseCond = False
|
||||||
|
kb.unionTest = None
|
||||||
kb.userAgents = None
|
kb.userAgents = None
|
||||||
kb.valueStack = []
|
kb.valueStack = []
|
||||||
|
|
||||||
|
|
|
@ -353,7 +353,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
|
||||||
expression = expression.replace("DISTINCT ", "")
|
expression = expression.replace("DISTINCT ", "")
|
||||||
|
|
||||||
if error and conf.errorTest:
|
if error and conf.errorTest:
|
||||||
value = errorUse(expression)
|
value = goError(expression)
|
||||||
|
|
||||||
if not value:
|
if not value:
|
||||||
warnMsg = "for some reason(s) it was not possible to retrieve "
|
warnMsg = "for some reason(s) it was not possible to retrieve "
|
||||||
|
@ -408,7 +408,12 @@ def goStacked(expression, silent=False):
|
||||||
return payload, page
|
return payload, page
|
||||||
|
|
||||||
def goError(expression, suppressOutput=False, returnPayload=False):
|
def goError(expression, suppressOutput=False, returnPayload=False):
|
||||||
#expression = cleanQuery(expression)
|
"""
|
||||||
|
Retrieve the output of a SQL query taking advantage of an error-based
|
||||||
|
SQL injection vulnerability on the affected parameter.
|
||||||
|
"""
|
||||||
|
|
||||||
|
result = None
|
||||||
|
|
||||||
if suppressOutput:
|
if suppressOutput:
|
||||||
pushValue(conf.verbose)
|
pushValue(conf.verbose)
|
||||||
|
@ -417,9 +422,21 @@ def goError(expression, suppressOutput=False, returnPayload=False):
|
||||||
if conf.direct:
|
if conf.direct:
|
||||||
return direct(expression), None
|
return direct(expression), None
|
||||||
|
|
||||||
result, payload = errorUse(expression, returnPayload)
|
condition = (
|
||||||
|
kb.resumedQueries and conf.url in kb.resumedQueries.keys()
|
||||||
|
and expression in kb.resumedQueries[conf.url].keys()
|
||||||
|
)
|
||||||
|
|
||||||
|
if condition:
|
||||||
|
result = resume(expression, None)
|
||||||
|
|
||||||
|
if not result:
|
||||||
|
result = errorUse(expression, returnPayload)
|
||||||
|
|
||||||
|
if not returnPayload:
|
||||||
|
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, result))
|
||||||
|
|
||||||
if suppressOutput:
|
if suppressOutput:
|
||||||
conf.verbose = popValue()
|
conf.verbose = popValue()
|
||||||
|
|
||||||
return result, payload
|
return result
|
||||||
|
|
|
@ -19,6 +19,9 @@ from lib.request import inject
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
|
||||||
def timeTest():
|
def timeTest():
|
||||||
|
if kb.timeTest is not None:
|
||||||
|
return kb.timeTest
|
||||||
|
|
||||||
infoMsg = "testing time-based blind sql injection on parameter "
|
infoMsg = "testing time-based blind sql injection on parameter "
|
||||||
infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
|
infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
@ -37,7 +40,7 @@ def timeTest():
|
||||||
infoMsg += "'%s'" % kb.injParameter
|
infoMsg += "'%s'" % kb.injParameter
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
kb.timeTest = payload
|
kb.timeTest = agent.removePayloadDelimiters(payload, False)
|
||||||
else:
|
else:
|
||||||
warnMsg = "the target url is not affected by a time-based blind "
|
warnMsg = "the target url is not affected by a time-based blind "
|
||||||
warnMsg += "sql injection with AND condition syntax on parameter "
|
warnMsg += "sql injection with AND condition syntax on parameter "
|
||||||
|
@ -59,7 +62,7 @@ def timeTest():
|
||||||
infoMsg += "'%s'" % kb.injParameter
|
infoMsg += "'%s'" % kb.injParameter
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
kb.timeTest = payload
|
kb.timeTest = agent.removePayloadDelimiters(payload, False)
|
||||||
else:
|
else:
|
||||||
warnMsg = "the target url is not affected by a time-based blind "
|
warnMsg = "the target url is not affected by a time-based blind "
|
||||||
warnMsg += "sql injection with stacked queries syntax on parameter "
|
warnMsg += "sql injection with stacked queries syntax on parameter "
|
||||||
|
|
|
@ -9,6 +9,7 @@ See the file 'doc/COPYING' for copying permission
|
||||||
|
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
from lib.core.agent import agent
|
||||||
from lib.core.common import getUnicode
|
from lib.core.common import getUnicode
|
||||||
from lib.core.common import randomInt
|
from lib.core.common import randomInt
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
@ -38,7 +39,7 @@ def errorTest():
|
||||||
infoMsg += "injection on parameter '%s'" % kb.injParameter
|
infoMsg += "injection on parameter '%s'" % kb.injParameter
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
kb.errorTest = True
|
kb.errorTest = agent.removePayloadDelimiters(usedPayload, False)
|
||||||
else:
|
else:
|
||||||
warnMsg = "the target url is not affected by an error-based sql "
|
warnMsg = "the target url is not affected by an error-based sql "
|
||||||
warnMsg += "injection on parameter '%s'" % kb.injParameter
|
warnMsg += "injection on parameter '%s'" % kb.injParameter
|
||||||
|
@ -48,7 +49,4 @@ def errorTest():
|
||||||
|
|
||||||
setError()
|
setError()
|
||||||
|
|
||||||
if kb.errorTest:
|
return kb.errorTest
|
||||||
return usedPayload
|
|
||||||
else:
|
|
||||||
return False
|
|
||||||
|
|
|
@ -73,6 +73,7 @@ def errorUse(expression, returnPayload=False):
|
||||||
|
|
||||||
if match:
|
if match:
|
||||||
output = match.group('result')
|
output = match.group('result')
|
||||||
|
|
||||||
if output:
|
if output:
|
||||||
output = output.replace(ERROR_SPACE, " ").replace(ERROR_EMPTY_CHAR, "")
|
output = output.replace(ERROR_SPACE, " ").replace(ERROR_EMPTY_CHAR, "")
|
||||||
|
|
||||||
|
|
|
@ -174,8 +174,8 @@ def unionTest():
|
||||||
if conf.direct:
|
if conf.direct:
|
||||||
return
|
return
|
||||||
|
|
||||||
if kb.unionCount is not None and kb.unionPosition is not None:
|
if kb.unionTest is not None:
|
||||||
return
|
return kb.unionTest
|
||||||
|
|
||||||
if conf.uTech == "orderby":
|
if conf.uTech == "orderby":
|
||||||
technique = "ORDER BY clause bruteforcing"
|
technique = "ORDER BY clause bruteforcing"
|
||||||
|
@ -209,5 +209,7 @@ def unionTest():
|
||||||
|
|
||||||
if validPayload is None:
|
if validPayload is None:
|
||||||
validPayload = ""
|
validPayload = ""
|
||||||
|
elif isinstance(validPayload, basestring):
|
||||||
|
kb.unionTest = agent.removePayloadDelimiters(validPayload, False)
|
||||||
|
|
||||||
return validPayload
|
return kb.unionTest
|
||||||
|
|
|
@ -9,6 +9,7 @@ See the file 'doc/COPYING' for copying permission
|
||||||
|
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
from lib.core.agent import agent
|
||||||
from lib.core.common import calculateDeltaSeconds
|
from lib.core.common import calculateDeltaSeconds
|
||||||
from lib.core.common import getDelayQuery
|
from lib.core.common import getDelayQuery
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
@ -38,7 +39,7 @@ def stackedTest():
|
||||||
infoMsg += "sql injection on parameter '%s'" % kb.injParameter
|
infoMsg += "sql injection on parameter '%s'" % kb.injParameter
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
kb.stackedTest = payload
|
kb.stackedTest = agent.removePayloadDelimiters(payload, False)
|
||||||
else:
|
else:
|
||||||
warnMsg = "the target url is not affected by a stacked queries "
|
warnMsg = "the target url is not affected by a stacked queries "
|
||||||
warnMsg += "sql injection on parameter '%s'" % kb.injParameter
|
warnMsg += "sql injection on parameter '%s'" % kb.injParameter
|
||||||
|
|
Loading…
Reference in New Issue
Block a user