sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 09:57:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:sqlmapproject/sqlmap

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-18 15:36:32 +00:00
commit 6cd780ecc0
3 changed files with 18 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/controller/checks.py
View File

@ -360,11 +360,11 @@ def checkSqlInjection(place, parameter, value):
kb.matchRatio = None
kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE)
Request.queryPage(genCmpPayload(), place, raise404=False)
falsePage = threadData.lastComparisonPage or ""
falseContent = threadData.lastComparisonContent
# Perform the test's True request
trueResult = Request.queryPage(reqPayload, place, raise404=False)
truePage = threadData.lastComparisonPage or ""
trueContent = threadData.lastComparisonContent
if trueResult:
falseResult = Request.queryPage(genCmpPayload(), place, raise404=False)
@ -377,11 +377,11 @@ def checkSqlInjection(place, parameter, value):
injectable = True
if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable:
trueSet = set(extractTextTagContent(truePage))
falseSet = set(extractTextTagContent(falsePage))
candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet)))
trueSet = set(extractTextTagContent(trueContent))
falseSet = set(extractTextTagContent(falseContent))
candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falseContent else None for _ in (trueSet - falseSet)))
if candidates:
conf.string = random.sample(candidates, 1)[0]
conf.string = candidates[0]
infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'"))
logger.info(infoMsg)

2
lib/core/threads.py
View File

@ -41,7 +41,7 @@ class _ThreadData(threading.local):
self.disableStdOut = False
self.hashDBCursor = None
self.inTransaction = False
self.lastComparisonPage = None
self.lastComparisonContent = None
self.lastErrorPage = None
self.lastHTTPError = None
self.lastRedirectMsg = None

13
lib/request/comparison.py
View File

@ -46,8 +46,8 @@ def _adjust(condition, getRatioValue):
def _comparison(page, headers, code, getRatioValue, pageLength):
threadData = getCurrentThreadData()
if kb.testMode:
threadData.lastComparisonPage = page
if kb.testMode or any((conf.string, conf.notString, conf.regexp)):
threadData.lastComparisonContent = "%s%s" % (listToStrValue(headers.headers if headers else ""), page or "")
if page is None and pageLength is None:
return None
@ -55,20 +55,17 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
seqMatcher = threadData.seqMatcher
seqMatcher.set_seq1(kb.pageTemplate)
if any((conf.string, conf.notString, conf.regexp)):
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
# String to match in page when the query is True and/or valid
if conf.string:
return conf.string in rawResponse
return conf.string in threadData.lastComparisonContent
# String to match in page when the query is False and/or invalid
if conf.notString:
return conf.notString not in rawResponse
return conf.notString not in threadData.lastComparisonContent
# Regular expression to match in page when the query is True and/or valid
if conf.regexp:
return re.search(conf.regexp, rawResponse, re.I | re.M) is not None
return re.search(conf.regexp, threadData.lastComparisonContent, re.I | re.M) is not None
# HTTP code to match when the query is valid
if conf.code: