sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-25 11:23:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update regarding boolean logic comparison mechanism

Browse Source
This commit is contained in:
Miroslav Stampar 2012-03-30 09:42:58 +00:00
parent 5469186540
commit 6acf6b193a
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/parse/html.py
View File

@ -26,20 +26,23 @@ class htmlHandler(ContentHandler):
def __init__(self, page): def __init__(self, page):
ContentHandler.__init__(self) ContentHandler.__init__(self)
self.__dbms = None self._dbms = None
self.__page = page self._page = page
self.dbms = None self.dbms = None
def _markAsErrorPage(self):
threadData = getCurrentThreadData()
threadData.lastErrorPage = (threadData.lastRequestUID, self._page)
def startElement(self, name, attrs): def startElement(self, name, attrs):
if name == "dbms": if name == "dbms":
self.__dbms = attrs.get("value") self._dbms = attrs.get("value")
elif name == "error": elif name == "error":
if re.search(attrs.get("regexp"), self.__page, re.I): if re.search(attrs.get("regexp"), self._page, re.I):
self.dbms = self.__dbms self.dbms = self._dbms
threadData = getCurrentThreadData() self._markAsErrorPage()
threadData.lastErrorPage = (threadData.lastRequestUID, self.__page)
def htmlParser(page): def htmlParser(page):
""" """
@ -59,4 +62,8 @@ def htmlParser(page):
else: else:
kb.lastParserStatus = None kb.lastParserStatus = None
# generic SQL warning/error messages
if re.search(r"SQL (warning|error|syntax)", page, re.I):
handler._markAsErrorPage()
return handler.dbms return handler.dbms

7
lib/request/comparison.py
View File

@ -29,7 +29,8 @@ from lib.core.settings import UPPER_RATIO_BOUND
from lib.core.threads import getCurrentThreadData from lib.core.threads import getCurrentThreadData
def comparison(page, headers, code=None, getRatioValue=False, pageLength=None): def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
return _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue) _ = _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
return _
def _adjust(condition, getRatioValue): def _adjust(condition, getRatioValue):
if not any([conf.string, conf.regexp, conf.code]): if not any([conf.string, conf.regexp, conf.code]):
@ -37,7 +38,7 @@ def _adjust(condition, getRatioValue):
# PAYLOAD.WHERE.NEGATIVE response is considered as True; in switch based approach negative logic is not # PAYLOAD.WHERE.NEGATIVE response is considered as True; in switch based approach negative logic is not
# applied as that what is by user considered as True is that what is returned by the comparison mechanism # applied as that what is by user considered as True is that what is returned by the comparison mechanism
# itself # itself
retVal = not (condition or False) if kb.negativeLogic else condition retVal = not condition if kb.negativeLogic and condition is not None else condition
else: else:
retVal = condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO) retVal = condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
@ -67,7 +68,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
if page: if page:
# In case of an DBMS error page return None # In case of an DBMS error page return None
if not kb.negativeLogic and kb.errorIsNone and (wasLastRequestDBMSError() or wasLastRequestHTTPError()): if kb.errorIsNone and (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
return None return None
# Dynamic content lines to be excluded before comparison # Dynamic content lines to be excluded before comparison