mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
Minor update
This commit is contained in:
Miroslav Stampar
parent
a4ebd5418f
commit
4a4fa07bdd
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||||
from lib.core.enums import OS
|
from lib.core.enums import OS
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.1.7.6"
|
VERSION = "1.1.7.7"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
@ -453,6 +453,9 @@ LOW_TEXT_PERCENT = 20
|
||||||
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
|
# Reference: http://dev.mysql.com/doc/refman/5.1/en/function-resolution.html
|
||||||
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")
|
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")
|
||||||
|
|
||||||
|
# Keywords expected to be in UPPERCASE in getValue()
|
||||||
|
GET_VALUE_UPPERCASE_KEYWORDS = ("SELECT", "FROM", "WHERE", "DISTINCT", "COUNT")
|
||||||
|
|
||||||
LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"
|
LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"
|
||||||
|
|
||||||
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)
|
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,7 @@ from lib.core.exception import SqlmapConnectionException
|
||||||
from lib.core.exception import SqlmapDataException
|
from lib.core.exception import SqlmapDataException
|
||||||
from lib.core.exception import SqlmapNotVulnerableException
|
from lib.core.exception import SqlmapNotVulnerableException
|
||||||
from lib.core.exception import SqlmapUserQuitException
|
from lib.core.exception import SqlmapUserQuitException
|
||||||
|
from lib.core.settings import GET_VALUE_UPPERCASE_KEYWORDS
|
||||||
from lib.core.settings import MAX_TECHNIQUES_PER_VALUE
|
from lib.core.settings import MAX_TECHNIQUES_PER_VALUE
|
||||||
from lib.core.settings import SQL_SCALAR_REGEX
|
from lib.core.settings import SQL_SCALAR_REGEX
|
||||||
from lib.core.threads import getCurrentThreadData
|
from lib.core.threads import getCurrentThreadData
|
||||||
|
|
@ -345,8 +346,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
|
||||||
kb.safeCharEncode = safeCharEncode
|
kb.safeCharEncode = safeCharEncode
|
||||||
kb.resumeValues = resumeValue
|
kb.resumeValues = resumeValue
|
||||||
|
|
||||||
# Note: following keywords are expected to be in uppercase
|
for keyword in GET_VALUE_UPPERCASE_KEYWORDS:
|
||||||
for keyword in ("SELECT", "FROM", "WHERE"):
|
|
||||||
expression = re.sub("(?i)(\A|\(|\)|\s)%s(\Z|\(|\)|\s)" % keyword, r"\g<1>%s\g<2>" % keyword, expression)
|
expression = re.sub("(?i)(\A|\(|\)|\s)%s(\Z|\(|\)|\s)" % keyword, r"\g<1>%s\g<2>" % keyword, expression)
|
||||||
|
|
||||||
if suppressOutput is not None:
|
if suppressOutput is not None:
|
||||||
|
|
@ -418,7 +418,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
|
||||||
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
|
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
|
||||||
|
|
||||||
if found and conf.dnsDomain:
|
if found and conf.dnsDomain:
|
||||||
_ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E": PAYLOAD.TECHNIQUE.ERROR, "Q": PAYLOAD.TECHNIQUE.QUERY, "U": PAYLOAD.TECHNIQUE.UNION}.items())))
|
_ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {'E': PAYLOAD.TECHNIQUE.ERROR, 'Q': PAYLOAD.TECHNIQUE.QUERY, 'U': PAYLOAD.TECHNIQUE.UNION}.items())))
|
||||||
warnMsg = "option '--dns-domain' will be ignored "
|
warnMsg = "option '--dns-domain' will be ignored "
|
||||||
warnMsg += "as faster techniques are usable "
|
warnMsg += "as faster techniques are usable "
|
||||||
warnMsg += "(%s) " % _
|
warnMsg += "(%s) " % _
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ b9ff4e622c416116bee6024c0f050349 lib/core/enums.py
|
||||||
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
|
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
|
||||||
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
|
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
|
||||||
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
|
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
|
||||||
7d6af4ab9aa4b6c10cefe0062409a228 lib/core/settings.py
|
938c43b15900804e53882140493ffb71 lib/core/settings.py
|
||||||
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
|
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
|
||||||
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
|
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
|
||||||
baa3f47efa6701076d026e43a6874a51 lib/core/target.py
|
baa3f47efa6701076d026e43a6874a51 lib/core/target.py
|
||||||
|
|
@ -73,7 +73,7 @@ fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py
|
||||||
cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py
|
cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py
|
||||||
5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py
|
5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py
|
||||||
310efc965c862cfbd7b0da5150a5ad36 lib/request/__init__.py
|
310efc965c862cfbd7b0da5150a5ad36 lib/request/__init__.py
|
||||||
62b01fc81e0ee708d1b92add612f659e lib/request/inject.py
|
f7660e11e23e977b00922e241b1a3000 lib/request/inject.py
|
||||||
dc1e0af84ee8eb421797d61c8cb8f172 lib/request/methodrequest.py
|
dc1e0af84ee8eb421797d61c8cb8f172 lib/request/methodrequest.py
|
||||||
bb9c165b050f7696b089b96b5947fac3 lib/request/pkihandler.py
|
bb9c165b050f7696b089b96b5947fac3 lib/request/pkihandler.py
|
||||||
602d4338a9fceaaee40c601410d8ac0b lib/request/rangehandler.py
|
602d4338a9fceaaee40c601410d8ac0b lib/request/rangehandler.py
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user