sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 18:07:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

in a mood for more changes

Browse Source
This commit is contained in:
Miroslav Stampar 2010-05-21 12:44:09 +00:00
parent 219628aa01
commit 64f2afe585
3 changed files with 25 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
lib/core/common.py
View File

@ -1166,49 +1166,54 @@ def calculateDeltaSeconds(start, epsilon=0.05):
def initCommonOutputs(): def initCommonOutputs():
kb.commonOutputs = {} kb.commonOutputs = {}
key = None
fileName = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt') fileName = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
file = open(fileName, 'r') file = open(fileName, 'r')
key = None
for line in file.xreadlines(): for line in file.xreadlines():
line = line.strip() line = line.strip()
if len(line) > 1: if len(line) > 1:
if line[0] == '[' and line[-1] == ']': if line[0] == '[' and line[-1] == ']':
key = line[1:-1] key = line[1:-1]
elif key: elif key:
if key not in kb.commonTables: if key not in kb.commonOutputs:
kb.commonTables[key] = [] kb.commonOutputs[key] = []
kb.commonTables[key].append(line.strip()) kb.commonOutputs[key].append(line.strip())
file.close()
def getGoodSamaritanCharsets(part, originalCharset): def getGoodSamaritanCharsets(part, prevValue, originalCharset):
###wild card . (dot) is supported for compatibility with threading
if not kb.commonOutputs: if not kb.commonOutputs:
initCommonOutputs() initCommonOutputs()
predictionSet = set() predictionSet = set()
wildIndexes = [] wildIndexes = []
if value[-1] != '.': if prevValue[-1] != '.':
value += '.' prevValue += '.'
charIndex = 0 charIndex = 0
findIndex = value.find('.', charIndex) findIndex = prevValue.find('.', charIndex)
while findIndex != -1: while findIndex != -1:
wildIndexes.append(findIndex) wildIndexes.append(findIndex)
charIndex += 1 charIndex += 1
findIndex = value.find('.', charIndex) findIndex = prevValue.find('.', charIndex)
if kb.dbms in kb.commonTables:
for item in kb.commonTables[kb.dbms]: if part in kb.commonOutputs:
if re.search('\A%s' % value, item): for item in kb.commonOutputs[kb.dbms]:
if re.search('\A%s' % prevValue, item):
for index in wildIndexes: for index in wildIndexes:
char = item[index] char = item[index]
if char not in predictionSet: if char not in predictionSet:
predictionSet.add(char) predictionSet.add(char)
predictionTable = [] predictedCharset = []
otherTable = [] otherCharset = []
for ordChar in originalTable: for ordChar in originalTable:
if chr(ordChar) not in predictionSet: if chr(ordChar) not in predictionSet:
otherTable.append(ordChar) otherCharset.append(ordChar)
else: else:
predictionTable.append(ordChar) predictedCharset.append(ordChar)
predictionTable.sort() predictedCharset.sort()
return predictionTable, otherTable return predictedCharset, otherCharset
else: else:
return None, originalTable return None, originalTable

1
lib/core/option.py
View File

@ -954,6 +954,7 @@ def __setKnowledgeBaseAttributes():
kb.osSP = None kb.osSP = None
kb.parenthesis = None kb.parenthesis = None
kb.partRun = None
kb.queryCounter = 0 kb.queryCounter = 0
kb.resumedQueries = {} kb.resumedQueries = {}
kb.stackedTest = None kb.stackedTest = None

2
lib/techniques/blind/inference.py
View File

@ -343,7 +343,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
charStart = time.time() charStart = time.time()
if conf.useCommonPrediction: if conf.useCommonPrediction:
predictedCharset, otherCharset = getGoodSamaritanCharsets(finalValue, asciiTbl) predictedCharset, otherCharset = getGoodSamaritanCharsets(kb.partRun, finalValue, asciiTbl)
val = getChar(index, predictedCharset) if predictedCharset else None val = getChar(index, predictedCharset) if predictedCharset else None
if not val: if not val:
val = getChar(index, otherCharset) val = getChar(index, otherCharset)