sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Ahead with enhancements on comparison algorithm: implemented content-length technique

Browse Source
This commit is contained in:
Bernardo Damele 2008-12-18 22:49:35 +00:00
parent afbd66f6d9
commit 68354be45a
3 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/controller/checks.py
View File

@ -320,15 +320,16 @@ def checkStability():
contentLengths.append(int(clHeader.group(1))) contentLengths.append(int(clHeader.group(1)))
if contentLengths: if contentLengths:
clSum = 0 conf.contentLengths = ( min(contentLengths), max(contentLengths) )
for cl in contentLengths: warnMsg = "url is not stable, sqlmap inspected the headers "
clSum += cl warnMsg += "and identified that Content-Length can be used "
warnMsg += "in the comparison algorithm"
logger.warn(warnMsg)
clAverage = clSum / len(contentLengths) kb.defaultResult = True
# TODO: go ahead here with the technique to compare True/False return True
# based upon clAverage discard (conf.contentLengths)
# Prepare for the comparison algorithm based on page content's # Prepare for the comparison algorithm based on page content's
# stable lines subset # stable lines subset
@ -356,6 +357,10 @@ def checkStability():
return True return True
if condition == True:
logMsg = "url is stable"
logger.info(logMsg)
return condition return condition

5
lib/controller/controller.py
View File

@ -175,10 +175,7 @@ def start():
if not kb.injPlace or not kb.injParameter or not kb.injType: if not kb.injPlace or not kb.injParameter or not kb.injType:
if not conf.string and not conf.regexp and not conf.eRegexp: if not conf.string and not conf.regexp and not conf.eRegexp:
if checkStability(): if not checkStability():
logMsg = "url is stable"
logger.info(logMsg)
else:
errMsg = "url is not stable, try with --string or " errMsg = "url is not stable, try with --string or "
errMsg += "--regexp options, refer to the user's manual " errMsg += "--regexp options, refer to the user's manual "
errMsg += "paragraph 'Page comparison' for details" errMsg += "paragraph 'Page comparison' for details"

6
lib/request/comparison.py
View File

@ -75,7 +75,11 @@ def comparison(page, headers=None, content=False):
# Comparison algorithm based on Content-Length header value # Comparison algorithm based on Content-Length header value
elif conf.contentLengths: elif conf.contentLengths:
pass minValue = conf.contentLengths[0] - 10
maxValue = conf.contentLengths[1] + 10
if len(page) >= minValue and len(page) <= maxValue:
return True
# Comparison algorithm based on page content's stable lines subset # Comparison algorithm based on page content's stable lines subset
elif conf.equalLines: elif conf.equalLines: