mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-03-03 11:45:46 +03:00
Consolidate logger messages for --*-test switches
This commit is contained in:
parent
46be570463
commit
486a113560
|
@ -56,16 +56,16 @@ def action():
|
|||
|
||||
# Techniques options
|
||||
if conf.stackedTest:
|
||||
conf.dumper.technic("stacked queries support", stackedTest())
|
||||
conf.dumper.technic("stacked queries injection payload", stackedTest())
|
||||
|
||||
if conf.errorTest:
|
||||
conf.dumper.technic("error based injection support", errorTest())
|
||||
conf.dumper.technic("error-based injection payload", errorTest())
|
||||
|
||||
if conf.timeTest:
|
||||
conf.dumper.technic("time based blind sql injection payload", timeTest())
|
||||
conf.dumper.technic("time-based blind injection payload", timeTest())
|
||||
|
||||
if conf.unionTest and kb.unionPosition is None:
|
||||
conf.dumper.technic("valid union", unionTest())
|
||||
conf.dumper.technic("inband injection payload", unionTest())
|
||||
|
||||
# Enumeration options
|
||||
if conf.getBanner:
|
||||
|
|
|
@ -406,7 +406,7 @@ def goStacked(expression, silent=False):
|
|||
|
||||
return payload, page
|
||||
|
||||
def goError(expression, suppressOutput=False):
|
||||
def goError(expression, suppressOutput=False, returnPayload=False):
|
||||
#expression = cleanQuery(expression)
|
||||
|
||||
if suppressOutput:
|
||||
|
@ -416,9 +416,9 @@ def goError(expression, suppressOutput=False):
|
|||
if conf.direct:
|
||||
return direct(expression), None
|
||||
|
||||
result = errorUse(expression)
|
||||
result, payload = errorUse(expression, returnPayload)
|
||||
|
||||
if suppressOutput:
|
||||
conf.verbose = popValue()
|
||||
|
||||
return result
|
||||
return result, payload
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.request import inject
|
|||
from lib.request.connect import Connect as Request
|
||||
|
||||
def timeTest():
|
||||
infoMsg = "testing time based blind sql injection on parameter "
|
||||
infoMsg = "testing time-based blind sql injection on parameter "
|
||||
infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -32,19 +32,20 @@ def timeTest():
|
|||
duration = calculateDeltaSeconds(start)
|
||||
|
||||
if duration >= conf.timeSec:
|
||||
infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter
|
||||
infoMsg += "based blind sql injection with AND condition syntax"
|
||||
infoMsg = "the target url is affected by a time-based blind "
|
||||
infoMsg += "sql injection with AND condition syntax on parameter "
|
||||
infoMsg += "'%s'" % kb.injParameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.timeTest = payload
|
||||
|
||||
else:
|
||||
warnMsg = "the parameter '%s' is not affected by a time " % kb.injParameter
|
||||
warnMsg += "based blind sql injection with AND condition syntax"
|
||||
warnMsg = "the target url is not affected by a time-based blind "
|
||||
warnMsg += "sql injection with AND condition syntax on parameter "
|
||||
warnMsg += "'%s'" % kb.injParameter
|
||||
logger.warn(warnMsg)
|
||||
|
||||
infoMsg = "testing time based blind sql injection on parameter "
|
||||
infoMsg += "'%s' with stacked query syntax" % kb.injParameter
|
||||
infoMsg = "testing time-based blind sql injection on parameter "
|
||||
infoMsg += "'%s' with stacked queries syntax" % kb.injParameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
timeQuery = getDelayQuery(andCond=True)
|
||||
|
@ -53,14 +54,16 @@ def timeTest():
|
|||
duration = calculateDeltaSeconds(start)
|
||||
|
||||
if duration >= conf.timeSec:
|
||||
infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter
|
||||
infoMsg += "based blind sql injection with stacked query syntax"
|
||||
infoMsg = "the target url is affected by a time-based blind sql "
|
||||
infoMsg += "injection with stacked queries syntax on parameter "
|
||||
infoMsg += "'%s'" % kb.injParameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.timeTest = payload
|
||||
else:
|
||||
warnMsg = "the parameter '%s' is not affected by a time " % kb.injParameter
|
||||
warnMsg += "based blind sql injection with stacked query syntax"
|
||||
warnMsg = "the target url is not affected by a time-based blind "
|
||||
warnMsg += "sql injection with stacked queries syntax on parameter "
|
||||
warnMsg += "'%s'" % kb.injParameter
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.timeTest = False
|
||||
|
|
|
@ -25,27 +25,30 @@ def errorTest():
|
|||
if kb.errorTest is not None:
|
||||
return kb.errorTest
|
||||
|
||||
infoMsg = "testing error based sql injection on parameter "
|
||||
infoMsg = "testing error-based sql injection on parameter "
|
||||
infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
|
||||
logger.info(infoMsg)
|
||||
|
||||
randInt = getUnicode(randomInt(1))
|
||||
query = queries[kb.dbms].case.query % ("%s=%s" % (randInt, randInt))
|
||||
result = inject.goError(query, True)
|
||||
result, usedPayload = inject.goError(query, suppressOutput=True, returnPayload=True)
|
||||
|
||||
if result:
|
||||
infoMsg = "the web application supports error based injection "
|
||||
infoMsg += "on parameter '%s'" % kb.injParameter
|
||||
infoMsg = "the target url is affected by an error-based sql "
|
||||
infoMsg += "injection on parameter '%s'" % kb.injParameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.errorTest = True
|
||||
else:
|
||||
warnMsg = "the web application does not support error based injection "
|
||||
warnMsg += "on parameter '%s'" % kb.injParameter
|
||||
warnMsg = "the target url is not affected by an error-based sql "
|
||||
warnMsg += "injection on parameter '%s'" % kb.injParameter
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.errorTest = False
|
||||
|
||||
setError()
|
||||
|
||||
return kb.errorTest
|
||||
if kb.errorTest:
|
||||
return usedPayload
|
||||
else:
|
||||
return False
|
||||
|
|
|
@ -29,7 +29,7 @@ from lib.core.settings import ERROR_EMPTY_CHAR
|
|||
from lib.core.settings import ERROR_START_CHAR
|
||||
from lib.core.settings import ERROR_END_CHAR
|
||||
|
||||
def errorUse(expression):
|
||||
def errorUse(expression, returnPayload=False):
|
||||
"""
|
||||
Retrieve the output of a SQL query taking advantage of an error SQL
|
||||
injection vulnerability on the affected parameter.
|
||||
|
@ -79,4 +79,7 @@ def errorUse(expression):
|
|||
infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
|
||||
logger.info(infoMsg)
|
||||
|
||||
return output
|
||||
if returnPayload:
|
||||
return output, payload
|
||||
else:
|
||||
return output
|
||||
|
|
|
@ -18,25 +18,8 @@ from lib.core.unescaper import unescaper
|
|||
from lib.parse.html import htmlParser
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
def __forgeUserFriendlyValue(payload):
|
||||
value = ""
|
||||
|
||||
if kb.injPlace == "GET":
|
||||
value = "%s?%s" % (conf.url, payload)
|
||||
elif kb.injPlace == "POST":
|
||||
value = "URL:\t'%s'" % conf.url
|
||||
value += "\nPOST:\t'%s'\n" % payload
|
||||
elif kb.injPlace == "Cookie":
|
||||
value = "URL:\t'%s'" % conf.url
|
||||
value += "\nCookie:\t'%s'\n" % payload
|
||||
elif kb.injPlace == "User-Agent":
|
||||
value = "URL:\t\t'%s'" % conf.url
|
||||
value += "\nUser-Agent:\t'%s'\n" % payload
|
||||
|
||||
return value
|
||||
|
||||
def __unionPosition(negative=False, falseCond=False):
|
||||
value = None
|
||||
validPayload = None
|
||||
|
||||
if negative or falseCond:
|
||||
negLogMsg = "partial (single entry)"
|
||||
|
@ -77,17 +60,19 @@ def __unionPosition(negative=False, falseCond=False):
|
|||
|
||||
if resultPage and randQuery in resultPage and not htmlParsed:
|
||||
setUnion(position=exprPosition)
|
||||
value = __forgeUserFriendlyValue(payload)
|
||||
validPayload = payload
|
||||
|
||||
break
|
||||
|
||||
if isinstance(kb.unionPosition, int):
|
||||
infoMsg = "the target url is affected by an exploitable "
|
||||
infoMsg += "%s inband sql injection vulnerability" % negLogMsg
|
||||
infoMsg += "%s inband sql injection vulnerability " % negLogMsg
|
||||
infoMsg += "on parameter '%s'" % kb.injParameter
|
||||
logger.info(infoMsg)
|
||||
else:
|
||||
warnMsg = "the target url is not affected by an exploitable "
|
||||
warnMsg += "%s inband sql injection vulnerability" % negLogMsg
|
||||
warnMsg += "%s inband sql injection vulnerability " % negLogMsg
|
||||
warnMsg += "on parameter '%s'" % kb.injParameter
|
||||
|
||||
if negLogMsg == "partial":
|
||||
warnMsg += ", sqlmap will retrieve the query output "
|
||||
|
@ -95,30 +80,30 @@ def __unionPosition(negative=False, falseCond=False):
|
|||
|
||||
logger.warn(warnMsg)
|
||||
|
||||
return value
|
||||
return validPayload
|
||||
|
||||
def __unionConfirm():
|
||||
value = None
|
||||
validPayload = None
|
||||
|
||||
# Confirm the inband SQL injection and get the exact column
|
||||
# position
|
||||
if not isinstance(kb.unionPosition, int):
|
||||
value = __unionPosition()
|
||||
validPayload = __unionPosition()
|
||||
|
||||
# Assure that the above function found the exploitable full inband
|
||||
# SQL injection position
|
||||
if not isinstance(kb.unionPosition, int):
|
||||
value = __unionPosition(negative=True)
|
||||
validPayload = __unionPosition(negative=True)
|
||||
|
||||
# Assure that the above function found the exploitable partial
|
||||
# (single entry) inband SQL injection position with negative
|
||||
# parameter value
|
||||
# parameter validPayload
|
||||
if not isinstance(kb.unionPosition, int):
|
||||
value = __unionPosition(falseCond=True)
|
||||
validPayload = __unionPosition(falseCond=True)
|
||||
|
||||
# Assure that the above function found the exploitable partial
|
||||
# (single entry) inband SQL injection position by appending
|
||||
# a false condition after the parameter value
|
||||
# a false condition after the parameter validPayload
|
||||
if not isinstance(kb.unionPosition, int):
|
||||
return
|
||||
else:
|
||||
|
@ -126,7 +111,7 @@ def __unionConfirm():
|
|||
else:
|
||||
setUnion(negative=True)
|
||||
|
||||
return value
|
||||
return validPayload
|
||||
|
||||
def __unionTestByNULLBruteforce(comment):
|
||||
"""
|
||||
|
@ -200,7 +185,7 @@ def unionTest():
|
|||
infoMsg += "'%s' with %s technique" % (kb.injParameter, technique)
|
||||
logger.info(infoMsg)
|
||||
|
||||
value = None
|
||||
validPayload = None
|
||||
columns = None
|
||||
|
||||
for comment in (queries[kb.dbms].comment.query, ""):
|
||||
|
@ -215,13 +200,13 @@ def unionTest():
|
|||
break
|
||||
|
||||
if kb.unionCount:
|
||||
value = __unionConfirm()
|
||||
validPayload = __unionConfirm()
|
||||
else:
|
||||
warnMsg = "the target url is not affected by an "
|
||||
warnMsg += "inband sql injection vulnerability"
|
||||
logger.warn(warnMsg)
|
||||
|
||||
if value is None:
|
||||
value = ""
|
||||
if validPayload is None:
|
||||
validPayload = ""
|
||||
|
||||
return value
|
||||
return validPayload
|
||||
|
|
|
@ -24,7 +24,7 @@ def stackedTest():
|
|||
if kb.stackedTest is not None:
|
||||
return kb.stackedTest
|
||||
|
||||
infoMsg = "testing stacked queries support on parameter "
|
||||
infoMsg = "testing stacked queries sql injection on parameter "
|
||||
infoMsg += "'%s'" % kb.injParameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
|
@ -34,14 +34,14 @@ def stackedTest():
|
|||
duration = calculateDeltaSeconds(start)
|
||||
|
||||
if duration >= conf.timeSec:
|
||||
infoMsg = "the web application supports stacked queries "
|
||||
infoMsg += "on parameter '%s'" % kb.injParameter
|
||||
infoMsg = "the target url is affected by a stacked queries "
|
||||
infoMsg += "sql injection on parameter '%s'" % kb.injParameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.stackedTest = payload
|
||||
else:
|
||||
warnMsg = "the web application does not support stacked queries "
|
||||
warnMsg += "on parameter '%s'" % kb.injParameter
|
||||
warnMsg = "the target url is not affected by a stacked queries "
|
||||
warnMsg += "sql injection on parameter '%s'" % kb.injParameter
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.stackedTest = False
|
||||
|
|
|
@ -75,7 +75,7 @@ class Enumeration:
|
|||
|
||||
if not kb.data.banner:
|
||||
if conf.unionTest:
|
||||
conf.dumper.technic("valid union", unionTest())
|
||||
conf.dumper.technic("inband injection payload", unionTest())
|
||||
|
||||
query = queries[kb.dbms].banner.query
|
||||
kb.data.banner = inject.getValue(query)
|
||||
|
|
Loading…
Reference in New Issue
Block a user