mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-06-07 06:33:06 +03:00
Minor bug fix in common.py goGoodSamaritan().
Minor code cleanup and adjustments.
This commit is contained in:
Bernardo Damele
parent
bb6e3c6cc2
commit
6df2d98fc9
|
|
@ -54,10 +54,7 @@ from lib.core.data import logger
|
||||||
from lib.core.data import paths
|
from lib.core.data import paths
|
||||||
from lib.core.data import queries
|
from lib.core.data import queries
|
||||||
from lib.core.data import temp
|
from lib.core.data import temp
|
||||||
from lib.core.convert import md5hash
|
|
||||||
from lib.core.convert import sha1hash
|
|
||||||
from lib.core.convert import urlencode
|
from lib.core.convert import urlencode
|
||||||
from lib.core.convert import utf8decode
|
|
||||||
from lib.core.exception import sqlmapFilePathException
|
from lib.core.exception import sqlmapFilePathException
|
||||||
from lib.core.exception import sqlmapNoneDataException
|
from lib.core.exception import sqlmapNoneDataException
|
||||||
from lib.core.exception import sqlmapMissingDependence
|
from lib.core.exception import sqlmapMissingDependence
|
||||||
|
|
@ -1220,15 +1217,14 @@ def initCommonOutputs():
|
||||||
line = line.strip()
|
line = line.strip()
|
||||||
|
|
||||||
if len(line) > 1:
|
if len(line) > 1:
|
||||||
if line[0] == '[' and line[-1] == ']':
|
if line.startswith('[') and line.endswith(']'):
|
||||||
key = line[1:-1]
|
key = line[1:-1]
|
||||||
elif key:
|
elif key:
|
||||||
if key not in kb.commonOutputs:
|
if key not in kb.commonOutputs:
|
||||||
kb.commonOutputs[key] = []
|
kb.commonOutputs[key] = []
|
||||||
|
|
||||||
item = line.strip()
|
if line not in kb.commonOutputs[key]:
|
||||||
if item not in kb.commonOutputs[key]:
|
kb.commonOutputs[key].append(line)
|
||||||
kb.commonOutputs[key].append(item)
|
|
||||||
|
|
||||||
cfile.close()
|
cfile.close()
|
||||||
|
|
||||||
|
|
@ -1257,15 +1253,19 @@ def goGoodSamaritan(part, prevValue, originalCharset):
|
||||||
wildIndexes = []
|
wildIndexes = []
|
||||||
singleValue = None
|
singleValue = None
|
||||||
|
|
||||||
# If the header we are looking for has common outputs defined
|
# If the header (e.g. Databases) we are looking for has common
|
||||||
|
# outputs defined
|
||||||
if part in kb.commonOutputs:
|
if part in kb.commonOutputs:
|
||||||
|
# For each common output
|
||||||
for item in kb.commonOutputs[part]:
|
for item in kb.commonOutputs[part]:
|
||||||
# Check if the common output (item) starts with prevValue
|
# Check if the common output (item) starts with prevValue
|
||||||
|
# where prevValue is the enumerated character(s) so far
|
||||||
if item.startswith(prevValue):
|
if item.startswith(prevValue):
|
||||||
singleValue = item
|
singleValue = item
|
||||||
|
|
||||||
if len(item) > len(prevValue):
|
if len(item) > len(prevValue):
|
||||||
char = item[len(prevValue)]
|
char = item[len(prevValue)]
|
||||||
|
|
||||||
if char not in predictionSet:
|
if char not in predictionSet:
|
||||||
predictionSet.add(char)
|
predictionSet.add(char)
|
||||||
|
|
||||||
|
|
@ -1285,7 +1285,7 @@ def goGoodSamaritan(part, prevValue, originalCharset):
|
||||||
if len(commonCharset) > 1:
|
if len(commonCharset) > 1:
|
||||||
return None, commonCharset, otherCharset
|
return None, commonCharset, otherCharset
|
||||||
else:
|
else:
|
||||||
return singleValue, None, originalCharset
|
return singleValue, commonCharset, originalCharset
|
||||||
else:
|
else:
|
||||||
return None, None, originalCharset
|
return None, None, originalCharset
|
||||||
|
|
||||||
|
|
@ -1294,6 +1294,7 @@ def getCompiledRegex(regex, *args):
|
||||||
Returns compiled regular expression and stores it in cache for further
|
Returns compiled regular expression and stores it in cache for further
|
||||||
usage
|
usage
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if (regex, args) in kb.cache.regex:
|
if (regex, args) in kb.cache.regex:
|
||||||
return kb.cache.regex[(regex, args)]
|
return kb.cache.regex[(regex, args)]
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
|
|
@ -157,6 +157,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0]))
|
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0]))
|
||||||
queriesCount[0] += 1
|
queriesCount[0] += 1
|
||||||
result = Request.queryPage(urlencode(forgedPayload))
|
result = Request.queryPage(urlencode(forgedPayload))
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
return chr(charTbl[0]) if charTbl[0] < 128 else unichr(charTbl[0])
|
return chr(charTbl[0]) if charTbl[0] < 128 else unichr(charTbl[0])
|
||||||
else:
|
else:
|
||||||
|
|
@ -171,10 +172,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
|
|
||||||
if kb.dbms == "SQLite":
|
if kb.dbms == "SQLite":
|
||||||
posValueOld = posValue
|
posValueOld = posValue
|
||||||
if posValue < 128:
|
posValue = chr(posValue) if posValue < 128 else unichr(posValue)
|
||||||
posValue = chr(posValue)
|
|
||||||
else:
|
|
||||||
posValue = unichr(posValue)
|
|
||||||
|
|
||||||
if not conf.useBetween or kb.dbms == "SQLite":
|
if not conf.useBetween or kb.dbms == "SQLite":
|
||||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||||
|
|
@ -189,12 +187,14 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
minValue = posValue
|
minValue = posValue
|
||||||
|
|
||||||
if type(charTbl) != xrange:
|
if type(charTbl) != xrange:
|
||||||
charTbl = charTbl[position:]
|
charTbl = charTbl[position:]
|
||||||
else:
|
else:
|
||||||
charTbl = xrange(charTbl[position], charTbl[-1] + 1)
|
charTbl = xrange(charTbl[position], charTbl[-1] + 1)
|
||||||
else:
|
else:
|
||||||
maxValue = posValue
|
maxValue = posValue
|
||||||
|
|
||||||
if type(charTbl) != xrange:
|
if type(charTbl) != xrange:
|
||||||
charTbl = charTbl[:position]
|
charTbl = charTbl[:position]
|
||||||
else:
|
else:
|
||||||
|
|
@ -214,12 +214,15 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
else:
|
else:
|
||||||
if minValue == maxChar or maxValue == minChar:
|
if minValue == maxChar or maxValue == minChar:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]):
|
for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]):
|
||||||
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal))
|
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal))
|
||||||
queriesCount[0] += 1
|
queriesCount[0] += 1
|
||||||
result = Request.queryPage(urlencode(forgedPayload))
|
result = Request.queryPage(urlencode(forgedPayload))
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
return chr(retVal) if retVal < 128 else unichr(retVal)
|
return chr(retVal) if retVal < 128 else unichr(retVal)
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def etaProgressUpdate(charTime, index):
|
def etaProgressUpdate(charTime, index):
|
||||||
|
|
@ -390,9 +393,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
val = None
|
val = None
|
||||||
singleValue, commonCharset, otherCharset = goGoodSamaritan(kb.partRun, finalValue, asciiTbl)
|
singleValue, commonCharset, otherCharset = goGoodSamaritan(kb.partRun, finalValue, asciiTbl)
|
||||||
|
|
||||||
# If there is no singleValue (single match from
|
# If there is one single output in common-outputs, check
|
||||||
# txt/common-outputs.txt) use the returned common
|
# it via equal against the query output
|
||||||
# charset only to retrieve the query output
|
|
||||||
if singleValue is not None:
|
if singleValue is not None:
|
||||||
# One-shot query containing equals singleValue
|
# One-shot query containing equals singleValue
|
||||||
query = agent.prefixQuery(" %s" % safeStringFormat('AND (%s) = %s', (expressionUnescaped, unescaper.unescape('\'%s\'' % singleValue))))
|
query = agent.prefixQuery(" %s" % safeStringFormat('AND (%s) = %s', (expressionUnescaped, unescaper.unescape('\'%s\'' % singleValue))))
|
||||||
|
|
@ -412,7 +414,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
finalValue = singleValue
|
finalValue = singleValue
|
||||||
|
|
||||||
break
|
break
|
||||||
elif commonCharset:
|
|
||||||
|
# Otherwise if there is no singleValue (single match from
|
||||||
|
# txt/common-outputs.txt) use the returned common
|
||||||
|
# charset only to retrieve the query output
|
||||||
|
if commonCharset:
|
||||||
val = getChar(index, commonCharset, False)
|
val = getChar(index, commonCharset, False)
|
||||||
|
|
||||||
# If we had no luck with singleValue and common charset,
|
# If we had no luck with singleValue and common charset,
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,6 @@
|
||||||
# MySQL
|
# MySQL
|
||||||
information_schema
|
information_schema
|
||||||
mysql
|
mysql
|
||||||
public
|
|
||||||
master
|
|
||||||
phpmyadmin
|
phpmyadmin
|
||||||
|
|
||||||
# Microsoft SQL Server
|
# Microsoft SQL Server
|
||||||
|
|
@ -13,8 +11,8 @@ model
|
||||||
master
|
master
|
||||||
msdb
|
msdb
|
||||||
|
|
||||||
[Tables]
|
|
||||||
|
|
||||||
|
[Tables]
|
||||||
# MySQL
|
# MySQL
|
||||||
CHARACTER_SETS
|
CHARACTER_SETS
|
||||||
COLLATION_CHARACTER_SET_APPLICABILITY
|
COLLATION_CHARACTER_SET_APPLICABILITY
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user