mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-24 18:43:47 +03:00
Trivial patches
This commit is contained in:
parent
94709c93bb
commit
5bf52c3f9c
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
|||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.4.12.20"
|
||||
VERSION = "1.4.12.21"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
@ -649,7 +649,7 @@ SOCKET_PRE_CONNECT_QUEUE_SIZE = 3
|
|||
TRIM_STDOUT_DUMP_SIZE = 256
|
||||
|
||||
# Reference: http://stackoverflow.com/a/3168436
|
||||
# Reference: https://support.microsoft.com/en-us/kb/899149
|
||||
# Reference: https://web.archive.org/web/20150407141500/https://support.microsoft.com/en-us/kb/899149
|
||||
DUMP_FILE_BUFFER_SIZE = 1024
|
||||
|
||||
# Parse response headers only first couple of times
|
||||
|
@ -874,7 +874,7 @@ CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token")
|
|||
# Prefixes used in brute force search for web server document root
|
||||
BRUTE_DOC_ROOT_PREFIXES = {
|
||||
OS.LINUX: ("/var/www", "/usr/local/apache", "/usr/local/apache2", "/usr/local/www/apache22", "/usr/local/www/apache24", "/usr/local/httpd", "/var/www/nginx-default", "/srv/www", "/var/www/%TARGET%", "/var/www/vhosts/%TARGET%", "/var/www/virtual/%TARGET%", "/var/www/clients/vhosts/%TARGET%", "/var/www/clients/virtual/%TARGET%"),
|
||||
OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
|
||||
OS.WINDOWS: ("/xampp", "/Program Files/xampp", "/wamp", "/Program Files/wampp", "/Apache/Apache", "/apache", "/Program Files/Apache Group/Apache", "/Program Files/Apache Group/Apache2", "/Program Files/Apache Group/Apache2.2", "/Program Files/Apache Group/Apache2.4", "/Inetpub/wwwroot", "/Inetpub/wwwroot/%TARGET%", "/Inetpub/vhosts/%TARGET%")
|
||||
}
|
||||
|
||||
# Suffixes used in brute force search for web server document root
|
||||
|
|
|
@ -116,7 +116,7 @@ class HashDB(object):
|
|||
self._write_cache[hash_] = getUnicode(value) if not serialize else serializeObject(value)
|
||||
self._cache_lock.release()
|
||||
|
||||
if getCurrentThreadName() in ('0', 'MainThread'):
|
||||
if getCurrentThreadName() in ('0', "MainThread"):
|
||||
self.flush()
|
||||
|
||||
def flush(self, forced=False):
|
||||
|
|
|
@ -113,7 +113,7 @@ def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
|
|||
break
|
||||
|
||||
if not validColumnList:
|
||||
errMsg = "all column name(s) provided are non-existent"
|
||||
errMsg = "all provided column name(s) are non-existent"
|
||||
raise SqlmapNoneDataException(errMsg)
|
||||
|
||||
if not validPivotValue:
|
||||
|
|
|
@ -130,7 +130,7 @@ def _search(dork):
|
|||
url = "https://www.bing.com/search?q=%s&first=%d" % (urlencode(dork, convall=True), (gpage - 1) * 10 + 1)
|
||||
regex = BING_REGEX
|
||||
else:
|
||||
url = "https://duckduckgo.com/html/"
|
||||
url = "https://html.duckduckgo.com/html/"
|
||||
data = "q=%s&s=%d" % (urlencode(dork, convall=True), (gpage - 1) * 30)
|
||||
regex = DUCKDUCKGO_REGEX
|
||||
|
||||
|
|
|
@ -328,20 +328,20 @@ def main():
|
|||
|
||||
elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")):
|
||||
errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) "
|
||||
errMsg += "(Reference: https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe)"
|
||||
errMsg += "(Reference: 'https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe')"
|
||||
logger.critical(errMsg)
|
||||
raise SystemExit
|
||||
|
||||
elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")):
|
||||
errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) "
|
||||
errMsg += "(Reference: https://github.com/PyMySQL/PyMySQL/issues/700)"
|
||||
errMsg += "(Reference: 'https://github.com/PyMySQL/PyMySQL/issues/700')"
|
||||
logger.critical(errMsg)
|
||||
raise SystemExit
|
||||
|
||||
elif "must be pinned buffer, not bytearray" in excMsg:
|
||||
errMsg = "error occurred at Python interpreter which "
|
||||
errMsg += "is fixed in 2.7. Please update accordingly "
|
||||
errMsg += "(Reference: https://bugs.python.org/issue8104)"
|
||||
errMsg += "(Reference: 'https://bugs.python.org/issue8104')"
|
||||
logger.critical(errMsg)
|
||||
raise SystemExit
|
||||
|
||||
|
@ -431,7 +431,7 @@ def main():
|
|||
|
||||
elif all(_ in excMsg for _ in ("HTTPNtlmAuthHandler", "'str' object has no attribute 'decode'")):
|
||||
errMsg = "package 'python-ntlm' has a known compatibility issue with the "
|
||||
errMsg += "Python 3 (Reference: https://github.com/mullender/python-ntlm/pull/61)"
|
||||
errMsg += "Python 3 (Reference: 'https://github.com/mullender/python-ntlm/pull/61')"
|
||||
logger.critical(errMsg)
|
||||
raise SystemExit
|
||||
|
||||
|
|
|
@ -18,9 +18,9 @@ def tamper(payload, **kwargs):
|
|||
|
||||
References:
|
||||
* http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
|
||||
* http://lukasz.pilorz.net/testy/unicode_conversion/
|
||||
* http://sla.ckers.org/forum/read.php?13,11562,11850
|
||||
* http://lukasz.pilorz.net/testy/full_width_utf/index.phps
|
||||
* https://web.archive.org/web/20130614183121/http://lukasz.pilorz.net/testy/unicode_conversion/
|
||||
* https://web.archive.org/web/20131121094431/sla.ckers.org/forum/read.php?13,11562,11850
|
||||
* https://web.archive.org/web/20070624194958/http://lukasz.pilorz.net/testy/full_width_utf/index.phps
|
||||
|
||||
>>> tamper("1 AND '1'='1")
|
||||
'1 AND %EF%BC%871%EF%BC%87=%EF%BC%871'
|
||||
|
|
Loading…
Reference in New Issue
Block a user