sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implementation of an Issue #131

Browse Source
This commit is contained in:
Miroslav Stampar 2012-07-30 21:50:46 +02:00
parent 93d35fe522
commit 47073f4afd
3 changed files with 28 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/parse/cmdline.py
View File

@ -655,6 +655,9 @@ def cmdLineParser():
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int", parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
parser.add_option("--force-dns", dest="forceDns", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--smoke-test", dest="smokeTest", action="store_true", parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)

33
lib/request/inject.py
View File

@ -395,24 +395,25 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if query and not 'COUNT(*)' in query: if query and not 'COUNT(*)' in query:
query = query.replace("DISTINCT ", "") query = query.replace("DISTINCT ", "")
if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): if not conf.forceDns:
kb.technique = PAYLOAD.TECHNIQUE.UNION if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
value = __goInband(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump) kb.technique = PAYLOAD.TECHNIQUE.UNION
count += 1 value = __goInband(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump)
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
if error and isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and not found: if error and isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and not found:
kb.technique = PAYLOAD.TECHNIQUE.ERROR kb.technique = PAYLOAD.TECHNIQUE.ERROR
value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump) value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump)
count += 1 count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
if found and conf.dnsName: if found and conf.dnsName:
_ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E":PAYLOAD.TECHNIQUE.ERROR, "U":PAYLOAD.TECHNIQUE.UNION}.items()))) _ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E":PAYLOAD.TECHNIQUE.ERROR, "U":PAYLOAD.TECHNIQUE.UNION}.items())))
warnMsg = "option '--dns-domain' will be ignored " warnMsg = "option '--dns-domain' will be ignored "
warnMsg += "as faster techniques are usable " warnMsg += "as faster techniques are usable "
warnMsg += "(%s) " % _ warnMsg += "(%s) " % _
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found: if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found:
kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN

12
lib/techniques/dns/test.py
View File

@ -10,6 +10,7 @@ from lib.core.common import randomInt
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapNotVulnerableException
from lib.core.settings import FROM_DUMMY_TABLE from lib.core.settings import FROM_DUMMY_TABLE
from lib.techniques.dns.use import dnsUse from lib.techniques.dns.use import dnsUse
@ -21,10 +22,13 @@ def dnsTest(payload):
kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt) kb.dnsTest = dnsUse(payload, "SELECT %d%s" % (randInt, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""))) == str(randInt)
if not kb.dnsTest: if not kb.dnsTest:
errMsg = "data retrieval through DNS channel failed. Turning off DNS exfiltration support" errMsg = "data retrieval through DNS channel failed"
logger.error(errMsg) if not conf.forceDns:
conf.dnsName = None
conf.dnsName = None errMsg += ". Turning off DNS exfiltration support"
logger.error(errMsg)
else:
raise sqlmapNotVulnerableException, errMsg
else: else:
infoMsg = "data retrieval through DNS channel was successful" infoMsg = "data retrieval through DNS channel was successful"
logger.info(infoMsg) logger.info(infoMsg)