sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 11:45:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

some changes regarding --common-outputs feature

Browse Source
This commit is contained in:
Miroslav Stampar 2010-05-31 09:41:41 +00:00
parent 0450df8a77
commit 4bb5885413
3 changed files with 69 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lib/core/common.py
View File

@ -54,6 +54,8 @@ from lib.core.data import logger
from lib.core.data import paths
from lib.core.data import queries
from lib.core.data import temp
from lib.core.convert import md5hash
from lib.core.convert import sha1hash
from lib.core.convert import urlencode
from lib.core.convert import utf8decode
from lib.core.exception import sqlmapFilePathException
@ -1224,7 +1226,9 @@ def initCommonOutputs():
if key not in kb.commonOutputs:
kb.commonOutputs[key] = []
kb.commonOutputs[key].append(line.strip())
item = line.strip()
if item not in kb.commonOutputs[key]:
kb.commonOutputs[key].append(item)
cfile.close()
@ -1252,29 +1256,23 @@ def goGoodSamaritan(part, prevValue, originalCharset):
predictionSet = set()
wildIndexes = []
singleValue = None
reObj = getCompiledRegex('\A%s' % prevValue)
if prevValue[-1] != '.':
prevValue += '.'
charIndex = 0
findIndex = prevValue.find('.', charIndex)
while findIndex != -1:
wildIndexes.append(findIndex)
charIndex += 1
findIndex = prevValue.find('.', charIndex)
# If the header we are looking for has common outputs defined
if part in kb.commonOutputs:
for item in kb.commonOutputs[part]:
#if part == 'Passwords':
#if prevValue.startswith('*'): #MySQL_160bit
#return None, None, originalCharset
#if item not in kb.cache.md5:
#kb.cache.md5[item] = md5hash(item).upper()
#item = kb.cache.md5[item]
# Check if the common output (item) starts with prevValue
if reObj.search(item):
if item.startswith(prevValue):
singleValue = item
for index in wildIndexes:
char = item[index]
if len(item) > len(prevValue):
char = item[len(prevValue)]
if char not in predictionSet:
predictionSet.add(char)

15
lib/techniques/blind/inference.py
View File

@ -214,14 +214,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
else:
if minValue == maxChar or maxValue == minChar:
return None
retVal = originalTbl[originalTbl.index(minValue) + 1]
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal))
queriesCount[0] += 1
result = Request.queryPage(urlencode(forgedPayload))
if result:
return chr(retVal) if retVal < 128 else unichr(retVal)
else:
return None
for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]):
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal))
queriesCount[0] += 1
result = Request.queryPage(urlencode(forgedPayload))
if result:
return chr(retVal) if retVal < 128 else unichr(retVal)
return None
def etaProgressUpdate(charTime, index):
if len(progressTime) <= ( (length * 3) / 100 ):

47
txt/common-outputs.txt
View File

@ -1,10 +1,14 @@
[Databases]
#MySQL
information_schema
mysql
public
master
[Tables]
#MySQL
CHARACTER_SETS
COLLATION_CHARACTER_SET_APPLICABILITY
COLLATIONS
@ -33,3 +37,46 @@ TABLES
TRIGGERS
USER_PRIVILEGES
VIEWS
#Oracle
BONUS
DEPT
EMP
SALGRADE
USERS
[Passwords]
root
test
testpass
password
abc123
qwertz
12345
123456
[Users]
#Oracle
SCOTT
MGMT_VIEW
MDDATA
SYSMAN
MDSYS
SI_INFORMTN_SCHEMA
ORDPLUGINS
ORDSYS
OLAPSYS
ANONYMOUS
XDB
CTXSYS
EXFSYS
WMSYS
DBSNMP
TSMSYS
DMSYS
DIP
OUTLN
SYSTEM
SYS