sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

improvement for UNION/ERROR case

Browse Source
This commit is contained in:
Miroslav Stampar 2011-04-20 10:17:42 +00:00
parent 1c1c20fb64
commit 4fadcf0615
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/techniques/inband/union/test.py
View File

@ -25,6 +25,7 @@ from lib.core.common import pushValue
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import removeReflectiveValues from lib.core.common import removeReflectiveValues
from lib.core.common import stdev from lib.core.common import stdev
from lib.core.common import wasLastRequestDBMSError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -74,6 +75,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
deviation = stdev(ratios) deviation = stdev(ratios)
if abs(max_ - min_) < MIN_STATISTICAL_RANGE: if abs(max_ - min_) < MIN_STATISTICAL_RANGE:
kb.errorIsNone = popValue()
return None return None
lower, upper = average(ratios) - UNION_STDEV_COEFF * deviation, average(ratios) + UNION_STDEV_COEFF * deviation lower, upper = average(ratios) - UNION_STDEV_COEFF * deviation, average(ratios) + UNION_STDEV_COEFF * deviation
@ -129,6 +131,12 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
removeReflectiveValues(listToStrValue(headers.headers if headers else None), \ removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
payload, True) or "") payload, True) or "")
unionErrorCase = kb.errorIsNone and wasLastRequestDBMSError()
if unionErrorCase:
warnMsg = "combined UNION/ERROR sql injection case found on column %d. " % (position + 1)
warnMsg += "will try to find another column with better characteristics."
logger.warn(warnMsg)
if content and phrase in content: if content and phrase in content:
validPayload = payload validPayload = payload
vector = (position, count, comment, prefix, suffix, conf.uChar, where) vector = (position, count, comment, prefix, suffix, conf.uChar, where)
@ -151,6 +159,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
if content and ((phrase in content and phrase2 not in content) or (phrase not in content and phrase2 in content)): if content and ((phrase in content and phrase2 not in content) or (phrase not in content and phrase2 in content)):
vector = (position, count, comment, prefix, suffix, conf.uChar, PAYLOAD.WHERE.NEGATIVE) vector = (position, count, comment, prefix, suffix, conf.uChar, PAYLOAD.WHERE.NEGATIVE)
if not unionErrorCase:
break break
return validPayload, vector return validPayload, vector