sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.

Browse Source 
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
This commit is contained in:
Bernardo Damele 2010-11-28 21:27:47 +00:00
parent 7e3b24afe6
commit 472f4465a6
6 changed files with 33 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/checks.py
View File

@ -306,7 +306,10 @@ def checkSqlInjection(place, parameter, value):
break break
return injection if injection.place is not None and injection.parameter is not None:
return injection
else:
return None
def heuristicCheckSqlInjection(place, parameter, value): def heuristicCheckSqlInjection(place, parameter, value):
if kb.nullConnection: if kb.nullConnection:

23
lib/controller/controller.py
View File

@ -126,22 +126,23 @@ def __selectInjection():
kb.injection = kb.injections[index] kb.injection = kb.injections[index]
def __formatInjection(inj): def __formatInjection(inj):
header = "Place: %s\n" % inj.place data = "Place: %s\n" % inj.place
header += "Parameter: %s\n" % inj.parameter data += "Parameter: %s\n" % inj.parameter
data = ""
for stype, sdata in inj.data.items(): for stype, sdata in inj.data.items():
data += "Type: %s\n" % PAYLOAD.SQLINJECTION[stype] data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
data += "Payload: %s\n\n" % sdata[3] data += " Payload: %s\n\n" % sdata[3]
return header, data return data
def __showInjections(): def __showInjections():
dataToStdout("sqlmap identified the following injection points:\n") header = "sqlmap identified the following injection points"
data = ""
for inj in kb.injections: for inj in kb.injections:
header, data = __formatInjection(inj) data += __formatInjection(inj)
dumper.technic(header, data)
dumper.technic(header, data)
def start(): def start():
""" """
@ -318,9 +319,6 @@ def start():
for parameter, value in paramDict.items(): for parameter, value in paramDict.items():
testSqlInj = True testSqlInj = True
# TODO: with the new detection engine, review this
# part. Perhaps dynamicity test will not be of any
# use
paramKey = (conf.hostname, conf.path, place, parameter) paramKey = (conf.hostname, conf.path, place, parameter)
if paramKey in kb.testedParams: if paramKey in kb.testedParams:
@ -337,7 +335,6 @@ def start():
elif not checkDynParam(place, parameter, value): elif not checkDynParam(place, parameter, value):
warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter) warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
logger.warn(warnMsg) logger.warn(warnMsg)
testSqlInj = False
else: else:
logMsg = "%s parameter '%s' is dynamic" % (place, parameter) logMsg = "%s parameter '%s' is dynamic" % (place, parameter)

12
lib/controller/handler.py
View File

@ -63,15 +63,23 @@ def setHandler():
] ]
if kb.htmlFp: if kb.htmlFp:
inferencedDbms = kb.htmlFp[-1]
elif hasattr(kb.injection, "dbms"):
inferencedDbms = kb.injection.dbms
else:
inferencedDbms = None
if inferencedDbms is not None:
for i in xrange(len(dbmsMap)): for i in xrange(len(dbmsMap)):
dbmsAliases, _, _ = dbmsMap[i] dbmsAliases, _, _ = dbmsMap[i]
if kb.htmlFp[-1].lower() in dbmsAliases:
if inferencedDbms.lower() in dbmsAliases:
if i > 0: if i > 0:
pushValue(dbmsMap[i]) pushValue(dbmsMap[i])
dbmsMap.remove(dbmsMap[i]) dbmsMap.remove(dbmsMap[i])
dbmsMap.insert(0, popValue()) dbmsMap.insert(0, popValue())
break
break
for dbmsAliases, dbmsMap, dbmsConn in dbmsMap: for dbmsAliases, dbmsMap, dbmsConn in dbmsMap:
if conf.dbms and conf.dbms not in dbmsAliases: if conf.dbms and conf.dbms not in dbmsAliases:

2
lib/core/dump.py
View File

@ -89,7 +89,7 @@ class Dump:
if elements: if elements:
self.__write("") self.__write("")
def technic(self,header,data): def technic(self, header, data):
self.string(header, data) self.string(header, data)
def banner(self,data): def banner(self,data):

2
lib/core/option.py
View File

@ -1129,6 +1129,7 @@ def __setKnowledgeBaseAttributes():
kb.errorTest = None kb.errorTest = None
kb.stackedTest = None kb.stackedTest = None
kb.timeTest = None kb.timeTest = None
kb.unionTest = None
# Basic back-end DBMS fingerprint # Basic back-end DBMS fingerprint
kb.dbms = None kb.dbms = None
@ -1180,7 +1181,6 @@ def __setKnowledgeBaseAttributes():
kb.unionPosition = None kb.unionPosition = None
kb.unionNegative = False kb.unionNegative = False
kb.unionFalseCond = False kb.unionFalseCond = False
kb.unionTest = None
kb.userAgents = None kb.userAgents = None
kb.valueStack = [] kb.valueStack = []

9
lib/request/inject.py
View File

@ -28,6 +28,7 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import queries from lib.core.data import queries
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.exception import sqlmapNotVulnerableException
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.request.direct import direct from lib.request.direct import direct
@ -346,7 +347,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
if conf.direct: if conf.direct:
value = direct(expression) value = direct(expression)
else: elif kb.booleanTest or kb.errorTest or kb.unionTest:
expression = cleanQuery(expression) expression = cleanQuery(expression)
expression = expandAsteriskForColumns(expression) expression = expandAsteriskForColumns(expression)
value = None value = None
@ -376,7 +377,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
kb.unionFalseCond = False kb.unionFalseCond = False
kb.unionNegative = False kb.unionNegative = False
if blind and not value: if blind and kb.booleanTest and not value:
value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar) value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
kb.unionFalseCond = oldParamFalseCond kb.unionFalseCond = oldParamFalseCond
@ -384,6 +385,10 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
if value and isinstance(value, basestring): if value and isinstance(value, basestring):
value = value.strip() value = value.strip()
else:
errMsg = "none of the injection types identified can be "
errMsg += "leveraged to retrieve queries output"
raise sqlmapNotVulnerableException, errMsg
if suppressOutput: if suppressOutput:
conf.verbose = popValue() conf.verbose = popValue()