sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 08:14:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Just.. cosmetics ;)

Browse Source
This commit is contained in:
Bernardo Damele 2011-01-31 22:51:14 +00:00
parent 35b6d7278a
commit 6761933f75
7 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/checks.py
View File

@ -322,8 +322,9 @@ def checkSqlInjection(place, parameter, value):
# Perform the test's request and grep the response # Perform the test's request and grep the response
# body for the test's <grep> regular expression # body for the test's <grep> regular expression
page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False) page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE)\ output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
or extractRegexResult(check, listToStrValue(headers.headers if headers else None), re.DOTALL | re.IGNORECASE) or extractRegexResult(check, listToStrValue(headers.headers \
if headers else None), re.DOTALL | re.IGNORECASE)
if output: if output:
result = output.replace(kb.misc.space, " ") == "1" result = output.replace(kb.misc.space, " ") == "1"

2
lib/controller/controller.py
View File

@ -196,7 +196,7 @@ def start():
if conf.forms: if conf.forms:
message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl) message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
else: else:
message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PR: %s)" % get_pagerank(targetUrl) if conf.googleDork else "") message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork else "")
if conf.cookie: if conf.cookie:
message += "\nCookie: %s" % conf.cookie message += "\nCookie: %s" % conf.cookie

4
lib/core/common.py
View File

@ -2300,6 +2300,10 @@ def listToStrValue(value):
>>> listToStrValue([1,2,3]) >>> listToStrValue([1,2,3])
'1, 2, 3' '1, 2, 3'
""" """
if isinstance(value, (set, tuple)):
value = list(value)
if isinstance(value, list): if isinstance(value, list):
retValue = value.__str__().lstrip('[').rstrip(']') retValue = value.__str__().lstrip('[').rstrip(']')
else: else:

1
lib/core/update.py
View File

@ -83,5 +83,6 @@ def update():
logger.error(errMsg) logger.error(errMsg)
elif svnStdout: elif svnStdout:
revision = re.search("revision\s+([\d]+)", svnStdout, re.I) revision = re.search("revision\s+([\d]+)", svnStdout, re.I)
if revision: if revision:
logger.info('updated to the latest revision %s' % revision.group(1)) logger.info('updated to the latest revision %s' % revision.group(1))

1
lib/request/connect.py
View File

@ -257,6 +257,7 @@ class Connect:
except urllib2.HTTPError, e: except urllib2.HTTPError, e:
page = None page = None
responseHeaders = None responseHeaders = None
try: try:
page = e.read() page = e.read()
responseHeaders = e.info() responseHeaders = e.info()

7
lib/techniques/blind/inference.py
View File

@ -147,8 +147,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
def validateChar(idx, value): def validateChar(idx, value):
""" """
used in time based inference (in case that original and retrieved value are not equal there will be deliberate delay) Used in time-based inference (in case that original and retrieved
value are not equal there will be a deliberate delay).
""" """
forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value)) forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
@ -240,9 +242,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
return None return None
else: else:
retVal = minValue + 1 retVal = minValue + 1
if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload): if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload):
if timeBasedCompare and not validateChar(idx, retVal): if timeBasedCompare and not validateChar(idx, retVal):
errMsg = "invalid character detected. retrying..." errMsg = "invalid character detected. retrying.."
logger.error(errMsg) logger.error(errMsg)
conf.timeSec += 1 conf.timeSec += 1

5
lib/techniques/error/use.py
View File

@ -61,8 +61,9 @@ def __oneShotErrorUse(expression, field):
# Parse the returned page to get the exact error-based # Parse the returned page to get the exact error-based
# sql injection output # sql injection output
output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE)\ output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
or extractRegexResult(check, listToStrValue(headers.headers if headers else None), re.DOTALL | re.IGNORECASE) or extractRegexResult(check, listToStrValue(headers.headers \
if headers else None), re.DOTALL | re.IGNORECASE)
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(output))) dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(output)))