mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 05:01:32 +03:00 
			
		
		
		
	Ahead with enhancements on comparison algorithm: implemented content-length technique
This commit is contained in:
		
							parent
							
								
									afbd66f6d9
								
							
						
					
					
						commit
						68354be45a
					
				|  | @ -320,15 +320,16 @@ def checkStability(): | |||
|                 contentLengths.append(int(clHeader.group(1))) | ||||
| 
 | ||||
|         if contentLengths: | ||||
|             clSum = 0 | ||||
|             conf.contentLengths = ( min(contentLengths), max(contentLengths) ) | ||||
| 
 | ||||
|             for cl in contentLengths: | ||||
|                 clSum += cl | ||||
|             warnMsg  = "url is not stable, sqlmap inspected the headers " | ||||
|             warnMsg += "and identified that Content-Length can be used " | ||||
|             warnMsg += "in the comparison algorithm" | ||||
|             logger.warn(warnMsg) | ||||
| 
 | ||||
|             clAverage = clSum / len(contentLengths) | ||||
|             kb.defaultResult = True | ||||
| 
 | ||||
|         # TODO: go ahead here with the technique to compare True/False | ||||
|         # based upon clAverage discard (conf.contentLengths) | ||||
|             return True | ||||
| 
 | ||||
|         # Prepare for the comparison algorithm based on page content's | ||||
|         # stable lines subset | ||||
|  | @ -356,6 +357,10 @@ def checkStability(): | |||
| 
 | ||||
|             return True | ||||
| 
 | ||||
|     if condition == True: | ||||
|         logMsg = "url is stable" | ||||
|         logger.info(logMsg) | ||||
| 
 | ||||
|     return condition | ||||
| 
 | ||||
| 
 | ||||
|  |  | |||
|  | @ -175,10 +175,7 @@ def start(): | |||
| 
 | ||||
|         if not kb.injPlace or not kb.injParameter or not kb.injType: | ||||
|             if not conf.string and not conf.regexp and not conf.eRegexp: | ||||
|                 if checkStability(): | ||||
|                     logMsg = "url is stable" | ||||
|                     logger.info(logMsg) | ||||
|                 else: | ||||
|                 if not checkStability(): | ||||
|                     errMsg  = "url is not stable, try with --string or " | ||||
|                     errMsg += "--regexp options, refer to the user's manual " | ||||
|                     errMsg += "paragraph 'Page comparison' for details" | ||||
|  |  | |||
|  | @ -75,7 +75,11 @@ def comparison(page, headers=None, content=False): | |||
| 
 | ||||
|     # Comparison algorithm based on Content-Length header value | ||||
|     elif conf.contentLengths: | ||||
|         pass | ||||
|         minValue = conf.contentLengths[0] - 10 | ||||
|         maxValue = conf.contentLengths[1] + 10 | ||||
| 
 | ||||
|         if len(page) >= minValue and len(page) <= maxValue: | ||||
|             return True | ||||
| 
 | ||||
|     # Comparison algorithm based on page content's stable lines subset | ||||
|     elif conf.equalLines: | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user