in a mood for more changes

This commit is contained in:
Miroslav Stampar 2010-05-21 12:44:09 +00:00
parent 219628aa01
commit 64f2afe585
3 changed files with 25 additions and 19 deletions

View File

@ -1166,49 +1166,54 @@ def calculateDeltaSeconds(start, epsilon=0.05):
def initCommonOutputs():
kb.commonOutputs = {}
key = None
fileName = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
file = open(fileName, 'r')
key = None
for line in file.xreadlines():
line = line.strip()
if len(line) > 1:
if line[0] == '[' and line[-1] == ']':
key = line[1:-1]
elif key:
if key not in kb.commonTables:
kb.commonTables[key] = []
kb.commonTables[key].append(line.strip())
if key not in kb.commonOutputs:
kb.commonOutputs[key] = []
kb.commonOutputs[key].append(line.strip())
file.close()
def getGoodSamaritanCharsets(part, originalCharset):
def getGoodSamaritanCharsets(part, prevValue, originalCharset):
###wild card . (dot) is supported for compatibility with threading
if not kb.commonOutputs:
initCommonOutputs()
predictionSet = set()
wildIndexes = []
if value[-1] != '.':
value += '.'
if prevValue[-1] != '.':
prevValue += '.'
charIndex = 0
findIndex = value.find('.', charIndex)
findIndex = prevValue.find('.', charIndex)
while findIndex != -1:
wildIndexes.append(findIndex)
charIndex += 1
findIndex = value.find('.', charIndex)
if kb.dbms in kb.commonTables:
for item in kb.commonTables[kb.dbms]:
if re.search('\A%s' % value, item):
findIndex = prevValue.find('.', charIndex)
if part in kb.commonOutputs:
for item in kb.commonOutputs[kb.dbms]:
if re.search('\A%s' % prevValue, item):
for index in wildIndexes:
char = item[index]
if char not in predictionSet:
predictionSet.add(char)
predictionTable = []
otherTable = []
predictedCharset = []
otherCharset = []
for ordChar in originalTable:
if chr(ordChar) not in predictionSet:
otherTable.append(ordChar)
otherCharset.append(ordChar)
else:
predictionTable.append(ordChar)
predictionTable.sort()
return predictionTable, otherTable
predictedCharset.append(ordChar)
predictedCharset.sort()
return predictedCharset, otherCharset
else:
return None, originalTable

View File

@ -954,6 +954,7 @@ def __setKnowledgeBaseAttributes():
kb.osSP = None
kb.parenthesis = None
kb.partRun = None
kb.queryCounter = 0
kb.resumedQueries = {}
kb.stackedTest = None

View File

@ -343,7 +343,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
charStart = time.time()
if conf.useCommonPrediction:
predictedCharset, otherCharset = getGoodSamaritanCharsets(finalValue, asciiTbl)
predictedCharset, otherCharset = getGoodSamaritanCharsets(kb.partRun, finalValue, asciiTbl)
val = getChar(index, predictedCharset) if predictedCharset else None
if not val:
val = getChar(index, otherCharset)