mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 01:26:42 +03:00
Minor refactoring
This commit is contained in:
parent
5b99180ffe
commit
56a4e507e8
1
.github/CONTRIBUTING.md
vendored
1
.github/CONTRIBUTING.md
vendored
|
@ -24,7 +24,6 @@ Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md)
|
|||
In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions:
|
||||
|
||||
* Each patch should make one logical change.
|
||||
* Wrap code to 76 columns when possible.
|
||||
* Avoid tabbing, use four blank spaces instead.
|
||||
* Before you put time into a non-trivial patch, it is worth discussing it privately by [email](mailto:dev@sqlmap.org).
|
||||
* Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected.
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.2.2.5"
|
||||
VERSION = "1.2.2.6"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOWEST
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.ACCESS))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
@ -10,7 +10,7 @@ import base64
|
|||
from lib.core.enums import PRIORITY
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
|
||||
__priority__ = PRIORITY.LOWEST
|
||||
__priority__ = PRIORITY.LOW
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
|
|
|
@ -18,7 +18,7 @@ def dependencies():
|
|||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Replaces space character after SQL statement with a valid random blank character.
|
||||
Afterwards replace character = with LIKE operator
|
||||
Afterwards replace character '=' with operator LIKE
|
||||
|
||||
Requirement:
|
||||
* Blue Coat SGOS with WAF activated as documented in
|
||||
|
|
|
@ -9,7 +9,7 @@ import string
|
|||
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOWEST
|
||||
__priority__ = PRIORITY.NORMAL
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
@ -7,12 +7,14 @@ See the file 'LICENSE' for copying permission
|
|||
|
||||
import re
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGH
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
@ -9,12 +9,13 @@ import os
|
|||
import re
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGH
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
@ -9,7 +9,7 @@ import re
|
|||
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOW
|
||||
__priority__ = PRIORITY.NORMAL
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
|
|
|
@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHEST
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
@ -7,7 +7,7 @@ See the file 'LICENSE' for copying permission
|
|||
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOWEST
|
||||
__priority__ = PRIORITY.NORMAL
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
|
|
|
@ -9,7 +9,7 @@ import re
|
|||
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.LOW
|
||||
__priority__ = PRIORITY.NORMAL
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
@ -28,7 +28,6 @@ def tamper(payload, **kwargs):
|
|||
Notes:
|
||||
* Useful to bypass very weak and bespoke web application firewalls
|
||||
that has poorly written permissive regular expressions
|
||||
* This tamper script should work against all (?) databases
|
||||
|
||||
>>> tamper('INSERT')
|
||||
'insert'
|
||||
|
@ -37,7 +36,7 @@ def tamper(payload, **kwargs):
|
|||
retVal = payload
|
||||
|
||||
if payload:
|
||||
for match in re.finditer(r"[A-Za-z_]+", retVal):
|
||||
for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
|
||||
word = match.group()
|
||||
|
||||
if word.upper() in kb.keywords:
|
||||
|
|
|
@ -6,12 +6,14 @@ See the file 'LICENSE' for copying permission
|
|||
"""
|
||||
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHER
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
@ -5,12 +5,14 @@ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHER
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
|
|
@ -36,7 +36,7 @@ def tamper(payload, **kwargs):
|
|||
if payload:
|
||||
words = set()
|
||||
|
||||
for match in re.finditer(r"[A-Za-z_]+", payload):
|
||||
for match in re.finditer(r"\b[A-Za-z_]+\b", payload):
|
||||
word = match.group()
|
||||
|
||||
if word.upper() in kb.keywords:
|
||||
|
|
|
@ -7,13 +7,15 @@ See the file 'LICENSE' for copying permission
|
|||
|
||||
import re
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.common import zeroDepthSearch
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHEST
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
@ -58,7 +60,7 @@ def tamper(payload, **kwargs):
|
|||
|
||||
retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:])
|
||||
else:
|
||||
match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
|
||||
match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal)
|
||||
if match:
|
||||
part = match.group(0)
|
||||
indexes = set(zeroDepthSearch(match.group(1), '+'))
|
||||
|
|
|
@ -7,13 +7,15 @@ See the file 'LICENSE' for copying permission
|
|||
|
||||
import re
|
||||
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.common import zeroDepthSearch
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import PRIORITY
|
||||
|
||||
__priority__ = PRIORITY.HIGHEST
|
||||
|
||||
def dependencies():
|
||||
pass
|
||||
singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
|
@ -64,7 +66,7 @@ def tamper(payload, **kwargs):
|
|||
|
||||
retVal = "%s%s%s)}%s" % (retVal[:start], "{fn CONCAT(" * count, ''.join(chars)[start:end].replace('\x01', ")},"), retVal[end:])
|
||||
else:
|
||||
match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal)
|
||||
match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal)
|
||||
if match:
|
||||
part = match.group(0)
|
||||
indexes = set(zeroDepthSearch(match.group(1), '+'))
|
||||
|
|
|
@ -40,7 +40,7 @@ def tamper(payload, **kwargs):
|
|||
retVal = payload
|
||||
|
||||
if payload:
|
||||
for match in re.finditer(r"[A-Za-z_]+", retVal):
|
||||
for match in re.finditer(r"\b[A-Za-z_]+\b", retVal):
|
||||
word = match.group()
|
||||
|
||||
if word.upper() in kb.keywords:
|
||||
|
|
|
@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py
|
|||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||
15c5a15fc1c24170aff99c32d2bae75d lib/core/settings.py
|
||||
99f9e29606ab1c3f48c822c77d1dc18b lib/core/settings.py
|
||||
d0adc28a38e43a787df4471f7f027413 lib/core/shell.py
|
||||
63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py
|
||||
505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py
|
||||
|
@ -227,39 +227,39 @@ c3cc8b7727161e64ab59f312c33b541a shell/stagers/stager.aspx_
|
|||
3e2e790c370442c3d98eaa88a3523b15 sqlmap.py
|
||||
4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py
|
||||
4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py
|
||||
4b1024cecb00f13a4e1be78391e9cedb tamper/appendnullbyte.py
|
||||
84e6ad0010ed1d9a326d51b493116256 tamper/base64encode.py
|
||||
5be6e24825d34437512b9021f35ee026 tamper/appendnullbyte.py
|
||||
0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py
|
||||
55e9fbe57967e57a05a8ca77c312dc70 tamper/between.py
|
||||
f942ad818d3e26ec34f0d15ca8b84207 tamper/bluecoat.py
|
||||
e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py
|
||||
e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py
|
||||
3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py
|
||||
b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py
|
||||
8bc697b143bba852b459806fcfaa5422 tamper/charunicodeescape.py
|
||||
9e9719d822afab818d6a8a42351baa40 tamper/commalesslimit.py
|
||||
7f0110c706aca9cd090c0371e6d1a4cb tamper/commalessmid.py
|
||||
8070799415795bd6f23d11d02b99fbe9 tamper/commentbeforeparentheses.py
|
||||
6498568524665729cb04a41c5f67f975 tamper/concat2concatws.py
|
||||
2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py
|
||||
763aa317d43909a51dd4c2f36834718d tamper/commalesslimit.py
|
||||
211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py
|
||||
19acfde79c9a2d8458e15182f5b73d71 tamper/commentbeforeparentheses.py
|
||||
61f895acaaf3dea78e237bdf5fe30a81 tamper/concat2concatws.py
|
||||
dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py
|
||||
0a61e7b57ad593202b8449601e757f16 tamper/escapequotes.py
|
||||
06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py
|
||||
4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py
|
||||
25ec62158d3e289bda8a04c8b65686ba tamper/halfversionedmorekeywords.py
|
||||
9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py
|
||||
838212f289632526777b7224bf8aacf9 tamper/ifnull2casewhenisnull.py
|
||||
e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py
|
||||
2416ff8e020fc2db29a580f55dcb6fb1 tamper/informationschemacomment.py
|
||||
91c92ee203e7e619cb547643883924ca tamper/informationschemacomment.py
|
||||
1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py
|
||||
2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py
|
||||
22a740e6fbcb8cc3ada430e3fb1be05f tamper/lowercase.py
|
||||
e44163d21e055805b5e55667e72f5978 tamper/modsecurityversioned.py
|
||||
f83a11d594fad3ed3291074c7b37b281 tamper/modsecurityzeroversioned.py
|
||||
abd6490408551a8c8226a32fbc2b5345 tamper/multiplespaces.py
|
||||
1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py
|
||||
b7e892fc185927c7eb4a604f87b8b6c1 tamper/modsecurityversioned.py
|
||||
a15ae5a795661fe992bb476346d54794 tamper/modsecurityzeroversioned.py
|
||||
b4cadf2ddcdc0598c9a3bf24521a2fa1 tamper/multiplespaces.py
|
||||
be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py
|
||||
e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py
|
||||
b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py
|
||||
bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py
|
||||
4fa8b6c0e7573e395330bb6a405abbaf tamper/plus2concat.py
|
||||
5b947c6cd78eab22ee53f5f534c532d3 tamper/plus2fnconcat.py
|
||||
44fd1c13a7dd6ae792f11afb28976480 tamper/randomcase.py
|
||||
b30240804cce482b6ab77714508de89c tamper/plus2concat.py
|
||||
a8f4a85be6e98b53060b066cd18eed15 tamper/plus2fnconcat.py
|
||||
e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py
|
||||
6368a971a80b1acbbbc6b76616bd96b9 tamper/randomcomments.py
|
||||
48228322d40d97016b05e408c5234634 tamper/securesphere.py
|
||||
cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user