Consolidate logger messages for --*-test switches

lib/controller/action.py

@@ -56,16 +56,16 @@ def action():
 
     # Techniques options
     if conf.stackedTest:
-        conf.dumper.technic("stacked queries support", stackedTest())
+        conf.dumper.technic("stacked queries injection payload", stackedTest())
 
     if conf.errorTest:
-        conf.dumper.technic("error based injection support", errorTest())
+        conf.dumper.technic("error-based injection payload", errorTest())
 
     if conf.timeTest:
-        conf.dumper.technic("time based blind sql injection payload", timeTest())
+        conf.dumper.technic("time-based blind injection payload", timeTest())
 
     if conf.unionTest and kb.unionPosition is None:
-        conf.dumper.technic("valid union", unionTest())
+        conf.dumper.technic("inband injection payload", unionTest())
 
     # Enumeration options
     if conf.getBanner:

lib/request/inject.py

@@ -406,7 +406,7 @@ def goStacked(expression, silent=False):
 
     return payload, page
 
-def goError(expression, suppressOutput=False):
+def goError(expression, suppressOutput=False, returnPayload=False):
     #expression = cleanQuery(expression)
 
     if suppressOutput:
@@ -416,9 +416,9 @@ def goError(expression, suppressOutput=False):
     if conf.direct:
         return direct(expression), None
 
-    result = errorUse(expression)
+    result, payload = errorUse(expression, returnPayload)
 
     if suppressOutput:
         conf.verbose = popValue()
 
-    return result
+    return result, payload

lib/techniques/blind/timebased.py

@@ -19,7 +19,7 @@ from lib.request import inject
 from lib.request.connect import Connect as Request
 
 def timeTest():
-    infoMsg  = "testing time based blind sql injection on parameter "
+    infoMsg  = "testing time-based blind sql injection on parameter "
     infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
     logger.info(infoMsg)
 
@@ -32,19 +32,20 @@ def timeTest():
     duration  = calculateDeltaSeconds(start)
 
     if duration >= conf.timeSec:
-        infoMsg  = "the parameter '%s' is affected by a time " % kb.injParameter
-        infoMsg += "based blind sql injection with AND condition syntax"
+        infoMsg  = "the target url is affected by a time-based blind "
+        infoMsg += "sql injection with AND condition syntax on parameter "
+        infoMsg += "'%s'" % kb.injParameter
         logger.info(infoMsg)
 
         kb.timeTest = payload
-
     else:
-        warnMsg  = "the parameter '%s' is not affected by a time " % kb.injParameter
-        warnMsg += "based blind sql injection with AND condition syntax"
+        warnMsg  = "the target url is not affected by a time-based blind "
+        warnMsg += "sql injection with AND condition syntax on parameter "
+        warnMsg += "'%s'" % kb.injParameter
         logger.warn(warnMsg)
 
-        infoMsg  = "testing time based blind sql injection on parameter "
-        infoMsg += "'%s' with stacked query syntax" % kb.injParameter
+        infoMsg  = "testing time-based blind sql injection on parameter "
+        infoMsg += "'%s' with stacked queries syntax" % kb.injParameter
         logger.info(infoMsg)
 
         timeQuery  = getDelayQuery(andCond=True)
@@ -53,14 +54,16 @@ def timeTest():
         duration   = calculateDeltaSeconds(start)
 
         if duration >= conf.timeSec:
-            infoMsg  = "the parameter '%s' is affected by a time " % kb.injParameter
-            infoMsg += "based blind sql injection with stacked query syntax"
+            infoMsg  = "the target url is affected by a time-based blind sql "
+            infoMsg += "injection with stacked queries syntax on parameter "
+            infoMsg += "'%s'" % kb.injParameter
             logger.info(infoMsg)
 
             kb.timeTest = payload
         else:
-            warnMsg  = "the parameter '%s' is not affected by a time " % kb.injParameter
-            warnMsg += "based blind sql injection with stacked query syntax"
+            warnMsg  = "the target url is not affected by a time-based blind "
+            warnMsg += "sql injection with stacked queries syntax on parameter "
+            warnMsg += "'%s'" % kb.injParameter
             logger.warn(warnMsg)
 
             kb.timeTest = False

lib/techniques/error/test.py

@@ -25,27 +25,30 @@ def errorTest():
     if kb.errorTest is not None:
         return kb.errorTest
 
-    infoMsg  = "testing error based sql injection on parameter "
+    infoMsg  = "testing error-based sql injection on parameter "
     infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
     logger.info(infoMsg)
 
     randInt = getUnicode(randomInt(1))
     query = queries[kb.dbms].case.query % ("%s=%s" % (randInt, randInt))
-    result = inject.goError(query, True)
+    result, usedPayload = inject.goError(query, suppressOutput=True, returnPayload=True)
 
     if result:
-        infoMsg  = "the web application supports error based injection "
-        infoMsg += "on parameter '%s'" % kb.injParameter
+        infoMsg  = "the target url is affected by an error-based sql "
+        infoMsg += "injection on parameter '%s'" % kb.injParameter
         logger.info(infoMsg)
 
         kb.errorTest = True
     else:
-        warnMsg  = "the web application does not support error based injection "
-        warnMsg += "on parameter '%s'" % kb.injParameter
+        warnMsg  = "the target url is not affected by an error-based sql "
+        warnMsg += "injection on parameter '%s'" % kb.injParameter
         logger.warn(warnMsg)
 
         kb.errorTest = False
 
     setError()
 
-    return kb.errorTest
+    if kb.errorTest:
+        return usedPayload
+    else:
+        return False

lib/techniques/error/use.py

@@ -29,7 +29,7 @@ from lib.core.settings import ERROR_EMPTY_CHAR
 from lib.core.settings import ERROR_START_CHAR
 from lib.core.settings import ERROR_END_CHAR
 
-def errorUse(expression):
+def errorUse(expression, returnPayload=False):
     """
     Retrieve the output of a SQL query taking advantage of an error SQL
     injection vulnerability on the affected parameter.
@@ -79,4 +79,7 @@ def errorUse(expression):
                 infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
                 logger.info(infoMsg)
 
-    return output
+    if returnPayload:
+        return output, payload
+    else:
+        return output

lib/techniques/inband/union/test.py

@@ -18,25 +18,8 @@ from lib.core.unescaper import unescaper
 from lib.parse.html import htmlParser
 from lib.request.connect import Connect as Request
 
-def __forgeUserFriendlyValue(payload):
-    value = ""
-
-    if kb.injPlace == "GET":
-        value = "%s?%s" % (conf.url, payload)
-    elif kb.injPlace == "POST":
-        value  = "URL:\t'%s'" % conf.url
-        value += "\nPOST:\t'%s'\n" % payload
-    elif kb.injPlace == "Cookie":
-        value  = "URL:\t'%s'" % conf.url
-        value += "\nCookie:\t'%s'\n" % payload
-    elif kb.injPlace == "User-Agent":
-        value  = "URL:\t\t'%s'" % conf.url
-        value += "\nUser-Agent:\t'%s'\n" % payload
-
-    return value
-
 def __unionPosition(negative=False, falseCond=False):
-    value = None
+    validPayload = None
 
     if negative or falseCond:
         negLogMsg = "partial (single entry)"
@@ -77,17 +60,19 @@ def __unionPosition(negative=False, falseCond=False):
 
         if resultPage and randQuery in resultPage and not htmlParsed:
             setUnion(position=exprPosition)
-            value = __forgeUserFriendlyValue(payload)
+            validPayload = payload
 
             break
 
     if isinstance(kb.unionPosition, int):
         infoMsg  = "the target url is affected by an exploitable "
-        infoMsg += "%s inband sql injection vulnerability" % negLogMsg
+        infoMsg += "%s inband sql injection vulnerability " % negLogMsg
+        infoMsg += "on parameter '%s'" % kb.injParameter
         logger.info(infoMsg)
     else:
         warnMsg  = "the target url is not affected by an exploitable "
-        warnMsg += "%s inband sql injection vulnerability" % negLogMsg
+        warnMsg += "%s inband sql injection vulnerability " % negLogMsg
+        warnMsg += "on parameter '%s'" % kb.injParameter
 
         if negLogMsg == "partial":
             warnMsg += ", sqlmap will retrieve the query output "
@@ -95,30 +80,30 @@ def __unionPosition(negative=False, falseCond=False):
 
         logger.warn(warnMsg)
 
-    return value
+    return validPayload
 
 def __unionConfirm():
-    value = None
+    validPayload = None
 
     # Confirm the inband SQL injection and get the exact column
     # position
     if not isinstance(kb.unionPosition, int):
-        value = __unionPosition()
+        validPayload = __unionPosition()
 
         # Assure that the above function found the exploitable full inband
         # SQL injection position
         if not isinstance(kb.unionPosition, int):
-            value = __unionPosition(negative=True)
+            validPayload = __unionPosition(negative=True)
 
             # Assure that the above function found the exploitable partial
             # (single entry) inband SQL injection position with negative
-            # parameter value
+            # parameter validPayload
             if not isinstance(kb.unionPosition, int):
-                value = __unionPosition(falseCond=True)
+                validPayload = __unionPosition(falseCond=True)
 
                 # Assure that the above function found the exploitable partial
                 # (single entry) inband SQL injection position by appending
-                # a false condition after the parameter value
+                # a false condition after the parameter validPayload
                 if not isinstance(kb.unionPosition, int):
                     return
                 else:
@@ -126,7 +111,7 @@ def __unionConfirm():
             else:
                 setUnion(negative=True)
 
-    return value
+    return validPayload
 
 def __unionTestByNULLBruteforce(comment):
     """
@@ -200,7 +185,7 @@ def unionTest():
     infoMsg += "'%s' with %s technique" % (kb.injParameter, technique)
     logger.info(infoMsg)
 
-    value   = None
+    validPayload = None
     columns = None
 
     for comment in (queries[kb.dbms].comment.query, ""):
@@ -215,13 +200,13 @@ def unionTest():
             break
 
     if kb.unionCount:
-        value = __unionConfirm()
+        validPayload = __unionConfirm()
     else:
         warnMsg  = "the target url is not affected by an "
         warnMsg += "inband sql injection vulnerability"
         logger.warn(warnMsg)
 
-    if value is None:
-        value = ""
+    if validPayload is None:
+        validPayload = ""
 
-    return value
+    return validPayload

lib/techniques/outband/stacked.py

@@ -24,7 +24,7 @@ def stackedTest():
     if kb.stackedTest is not None:
         return kb.stackedTest
 
-    infoMsg  = "testing stacked queries support on parameter "
+    infoMsg  = "testing stacked queries sql injection on parameter "
     infoMsg += "'%s'" % kb.injParameter
     logger.info(infoMsg)
 
@@ -34,14 +34,14 @@ def stackedTest():
     duration   = calculateDeltaSeconds(start)
 
     if duration >= conf.timeSec:
-        infoMsg  = "the web application supports stacked queries "
-        infoMsg += "on parameter '%s'" % kb.injParameter
+        infoMsg  = "the target url is affected by a stacked queries "
+        infoMsg += "sql injection on parameter '%s'" % kb.injParameter
         logger.info(infoMsg)
 
         kb.stackedTest = payload
     else:
-        warnMsg  = "the web application does not support stacked queries "
-        warnMsg += "on parameter '%s'" % kb.injParameter
+        warnMsg  = "the target url is not affected by a stacked queries "
+        warnMsg += "sql injection on parameter '%s'" % kb.injParameter
         logger.warn(warnMsg)
 
         kb.stackedTest = False

plugins/generic/enumeration.py

@@ -75,7 +75,7 @@ class Enumeration:
 
         if not kb.data.banner:
             if conf.unionTest:
-                conf.dumper.technic("valid union", unionTest())
+                conf.dumper.technic("inband injection payload", unionTest())
 
             query          = queries[kb.dbms].banner.query
             kb.data.banner = inject.getValue(query)