mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
update
This commit is contained in:
parent
20d8275f0e
commit
6fd1f7f77c
|
@ -1578,7 +1578,16 @@ connection timeouts. By default it retries up to three times.
|
|||
|
||||
<p>
|
||||
Option: <tt>-</tt><tt>-scope</tt>
|
||||
#TODO
|
||||
|
||||
<p>
|
||||
Rather than using all hosts parsed from provided logs with option
|
||||
<tt>-l</tt>, in combination with this option you can specify valid
|
||||
python regular expression to be used for filtering desired ones.
|
||||
|
||||
Example usage:
|
||||
|
||||
<tscreen><verb>
|
||||
$ python sqlmap.py -l /tmp/webscarab.log/conversations/ --scope="(www)?\.target\.(com|net|org)"
|
||||
|
||||
|
||||
<sect1>Injection
|
||||
|
@ -1588,6 +1597,7 @@ These options can be used to specify which parameters to test for, provide
|
|||
custom injection payloads and how to parse and compare HTTP responses page
|
||||
content when using the blind SQL injection technique.
|
||||
|
||||
|
||||
<sect2>Testable parameter(s)
|
||||
|
||||
<p>
|
||||
|
@ -5380,7 +5390,42 @@ counts the number of retrieved query output characters.
|
|||
|
||||
<p>
|
||||
Option: <tt>-</tt><tt>-gpage</tt>
|
||||
#TODO
|
||||
|
||||
<p>
|
||||
Default sqlmap behavior with option <tt>-g</tt> is to do a google
|
||||
search and use resulting urls from first (100) result page for further
|
||||
sql injection testing. In combination with this option you can specify
|
||||
some other page other than the first one for retrieving target urls.
|
||||
|
||||
<p>
|
||||
Example of Google dorking with expression <tt>login ext:php</tt>
|
||||
and resulting page set to 3:
|
||||
|
||||
<tscreen><verb>
|
||||
$ python sqlmap.py -g "login ext:php" --gpage=3 -v 1
|
||||
|
||||
[14:11:12] [INFO] first request to Google to get the session cookie
|
||||
[14:11:12] [INFO] using search result page #3
|
||||
[14:11:12] [INFO] sqlmap got 100 results for your Google dork expression, 5 of them are testable targets
|
||||
[14:11:12] [INFO] sqlmap got a total of 5 targets
|
||||
url 1:
|
||||
GET http://myjobstreet-beta.jobstreet.com/home/login.php?site=in
|
||||
do you want to test this url? [Y/n/q]
|
||||
>
|
||||
[14:11:14] [INFO] testing url http://myjobstreet-beta.jobstreet.com/home/login.php?site=in
|
||||
[14:11:14] [INFO] using '/home/stamparm/Work/sqlmap/sqlmap/output/None/session' as session file
|
||||
[14:11:14] [INFO] testing connection to the target url
|
||||
[14:11:15] [INFO] testing if the url is stable, wait a few seconds
|
||||
[14:11:19] [INFO] url is stable
|
||||
[14:11:19] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
|
||||
[14:11:21] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
|
||||
[14:11:21] [INFO] testing if Cookie parameter 'REFERP' is dynamic
|
||||
[14:11:22] [WARNING] Cookie parameter 'REFERP' is not dynamic
|
||||
[14:11:22] [INFO] testing if Cookie parameter 'PHPSESSID' is dynamic
|
||||
[14:11:24] [INFO] confirming that Cookie parameter 'PHPSESSID' is dynamic
|
||||
[14:11:27] [INFO] Cookie parameter 'PHPSESSID' is dynamic
|
||||
[...]
|
||||
</verb></tscreen>
|
||||
|
||||
|
||||
<sect2>Update <tt>sqlmap</tt>
|
||||
|
|
|
@ -104,6 +104,9 @@ def __feedTargetsDict(reqFile, addedTargetUrls):
|
|||
port = None
|
||||
scheme = None
|
||||
|
||||
if conf.scope:
|
||||
logger.info("using regex: '%s' for filtering targets" % conf.scope)
|
||||
|
||||
for request in reqResList:
|
||||
if scheme is None:
|
||||
schemePort = re.search("\d\d[\:|\.]\d\d[\:|\.]\d\d\s+(http[\w]*)\:\/\/.*?\:([\d]+)", request, re.I)
|
||||
|
|
|
@ -93,6 +93,7 @@ class Google:
|
|||
"""
|
||||
|
||||
gpage = conf.googlePage if conf.googlePage > 1 else 1
|
||||
logger.info("using search result page #%d" % gpage)
|
||||
|
||||
if not googleDork:
|
||||
return None
|
||||
|
|
Loading…
Reference in New Issue
Block a user