diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 6a9ff03d3..23c8b6ed5 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -33,7 +33,6 @@ from lib.core.common import trimAlphaNum from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastRequestHTTPError from lib.core.common import DynamicContentItem -from lib.core.common import configUnion from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -57,6 +56,7 @@ from lib.core.settings import UPPER_RATIO_BOUND from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.request.templates import getPageTemplate +from lib.techniques.inband.union.use import configUnion from lib.techniques.inband.union.test import unionTest def unescape(string, dbms): diff --git a/lib/core/common.py b/lib/core/common.py index 194230022..071ee3a65 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2089,38 +2089,3 @@ def openFile(filename, mode='r'): ('w' in mode or 'a' in mode or '+' in mode) else "read") errMsg += "and that it's not locked by another process." raise sqlmapFilePathException, errMsg - -def __configUnionChar(char): - if char.isdigit() or char == "NULL": - conf.uChar = char - elif not char.startswith("'") or not char.endswith("'"): - conf.uChar = "'%s'" % char - -def __configUnionCols(columns): - if "-" not in columns or len(columns.split("-")) != 2: - raise sqlmapSyntaxException, "--union-cols must be a range with hyphon (e.g. 1-10)" - - columns = columns.replace(" ", "") - conf.uColsStart, conf.uColsStop = columns.split("-") - - if not conf.uColsStart.isdigit() or not conf.uColsStop.isdigit(): - raise sqlmapSyntaxException, "--union-cols must be a range of integers" - - conf.uColsStart = int(conf.uColsStart) - conf.uColsStop = int(conf.uColsStop) - - if conf.uColsStart > conf.uColsStop: - errMsg = "--union-cols range has to be from lower to " - errMsg += "higher number of columns" - raise sqlmapSyntaxException, errMsg - -def configUnion(char, columns): - if isinstance(conf.uChar, basestring): - __configUnionChar(conf.uChar) - elif isinstance(char, basestring): - __configUnionChar(char) - - if isinstance(conf.uCols, basestring): - __configUnionCols(conf.uCols) - elif isinstance(columns, basestring): - __configUnionCols(columns) diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index b8f0162e2..89296904f 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -234,3 +234,38 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh logger.debug(debugMsg) return value + +def __configUnionChar(char): + if char.isdigit() or char == "NULL": + conf.uChar = char + elif not char.startswith("'") or not char.endswith("'"): + conf.uChar = "'%s'" % char + +def __configUnionCols(columns): + if "-" not in columns or len(columns.split("-")) != 2: + raise sqlmapSyntaxException, "--union-cols must be a range with hyphon (e.g. 1-10)" + + columns = columns.replace(" ", "") + conf.uColsStart, conf.uColsStop = columns.split("-") + + if not conf.uColsStart.isdigit() or not conf.uColsStop.isdigit(): + raise sqlmapSyntaxException, "--union-cols must be a range of integers" + + conf.uColsStart = int(conf.uColsStart) + conf.uColsStop = int(conf.uColsStop) + + if conf.uColsStart > conf.uColsStop: + errMsg = "--union-cols range has to be from lower to " + errMsg += "higher number of columns" + raise sqlmapSyntaxException, errMsg + +def configUnion(char, columns): + if isinstance(conf.uChar, basestring): + __configUnionChar(conf.uChar) + elif isinstance(char, basestring): + __configUnionChar(char) + + if isinstance(conf.uCols, basestring): + __configUnionCols(conf.uCols) + elif isinstance(columns, basestring): + __configUnionCols(columns)