sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementation of an Issue #131

Browse Source
This commit is contained in:
Miroslav Stampar 2012-07-30 21:50:46 +02:00
parent 93d35fe522
commit 47073f4afd
3 changed files with 28 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/parse/cmdline.py
View File

@ -655,6 +655,9 @@ def cmdLineParser():
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
parser.add_option("--force-dns", dest="forceDns", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--smoke-test", dest="smokeTest", action="store_true", parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)

1
lib/request/inject.py
View File

@ -395,6 +395,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if query and not 'COUNT(*)' in query: if query and not 'COUNT(*)' in query:
query = query.replace("DISTINCT ", "") query = query.replace("DISTINCT ", "")
if not conf.forceDns:
if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
kb.technique = PAYLOAD.TECHNIQUE.UNION kb.technique = PAYLOAD.TECHNIQUE.UNION
value = __goInband(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump) value = __goInband(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump)

10
lib/techniques/dns/test.py
View File

@ -10,6 +10,7 @@ from lib.core.common import randomInt
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapNotVulnerableException
from lib.core.settings import FROM_DUMMY_TABLE from lib.core.settings import FROM_DUMMY_TABLE
from lib.techniques.dns.use import dnsUse from lib.techniques.dns.use import dnsUse
@ -21,10 +22,13 @@ def dnsTest(payload):
kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt) kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt)
if not kb.dnsTest: if not kb.dnsTest:
errMsg = "data retrieval through DNS channel failed. Turning off DNS exfiltration support" errMsg = "data retrieval through DNS channel failed"
logger.error(errMsg) if not conf.forceDns:
conf.dnsName = None conf.dnsName = None
errMsg += ". Turning off DNS exfiltration support"
logger.error(errMsg)
else:
raise sqlmapNotVulnerableException, errMsg
else: else:
infoMsg = "data retrieval through DNS channel was successful" infoMsg = "data retrieval through DNS channel was successful"
logger.info(infoMsg) logger.info(infoMsg)