sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #2934

Browse Source
This commit is contained in:
Miroslav Stampar 2018-02-14 17:10:44 +01:00
parent 8e8ae52288
commit 5ff54bf9c6
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.2.12" VERSION = "1.2.2.13"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

12
lib/techniques/union/test.py
View File

@ -48,7 +48,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
""" """
retVal = None retVal = None
def _orderByTechnique(): def _orderByTechnique(lowerCount, upperCount):
def _orderByTest(cols): def _orderByTest(cols):
query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix) query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix)
query = agent.suffixQuery(query, suffix=suffix, comment=comment) query = agent.suffixQuery(query, suffix=suffix, comment=comment)
@ -56,7 +56,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)
return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I)
if _orderByTest(1) and not _orderByTest(randomInt()): if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1):
infoMsg = "'ORDER BY' technique appears to be usable. " infoMsg = "'ORDER BY' technique appears to be usable. "
infoMsg += "This should reduce the time needed " infoMsg += "This should reduce the time needed "
infoMsg += "to find the right number " infoMsg += "to find the right number "
@ -64,10 +64,10 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
infoMsg += "range for current UNION query injection technique test" infoMsg += "range for current UNION query injection technique test"
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
lowCols, highCols = 1, ORDER_BY_STEP lowCols, highCols = 1 if lowerCount is None else lowerCount, ORDER_BY_STEP if upperCount is None else upperCount
found = None found = None
while not found: while not found:
if _orderByTest(highCols): if not conf.uCols and _orderByTest(highCols):
lowCols = highCols lowCols = highCols
highCols += ORDER_BY_STEP highCols += ORDER_BY_STEP
else: else:
@ -88,8 +88,8 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
kb.errorIsNone = False kb.errorIsNone = False
lowerCount, upperCount = conf.uColsStart, conf.uColsStop lowerCount, upperCount = conf.uColsStart, conf.uColsStop
if lowerCount == 1: if lowerCount == 1 or conf.uCols:
found = kb.orderByColumns or _orderByTechnique() found = kb.orderByColumns or _orderByTechnique(lowerCount, upperCount)
if found: if found:
kb.orderByColumns = found kb.orderByColumns = found
infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "") infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "")

4
txt/checksum.md5
View File

@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py
fea9bf09e60f66f4f0b1e9cac64dd842 lib/core/settings.py 7735e472a2d2661744bd6d04fd1c387d lib/core/settings.py
d0adc28a38e43a787df4471f7f027413 lib/core/shell.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py
63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py
505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py
@ -96,7 +96,7 @@ b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py
627ddc86a5a969e5509c7531c5c27a6c lib/techniques/error/use.py 627ddc86a5a969e5509c7531c5c27a6c lib/techniques/error/use.py
1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py
1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py
c497003ecf231d03a311a816a6b3b753 lib/techniques/union/test.py e58ab8029ffb2cc37e42d68747c4da39 lib/techniques/union/test.py
6c3c4c7d43ad75e61a73184323a81eac lib/techniques/union/use.py 6c3c4c7d43ad75e61a73184323a81eac lib/techniques/union/use.py
e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py
37dfb641358669f62c2acedff241348b lib/utils/brute.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py