several bug fixes

doc/THANKS

@@ -423,7 +423,7 @@ Sylphid <sylphid.su@sti.com.tw>
     for suggesting some features
 
 ToR <sstidus@email.it>
-    for reporting a minor bug
+    for reporting several bugs
 
 == Organizations ==
 

lib/controller/checks.py

@@ -104,7 +104,7 @@ def heuristicCheckSqlInjection(place, parameter, value):
 
     payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
     payload = agent.payload(place, parameter, value, payload)
-    Request.queryPage(payload, place)
+    Request.queryPage(payload, place, raise404=False)
     result = wasLastRequestError()
 
     infoMsg  = "(error based) heuristics shows that %s " % place
@@ -153,6 +153,9 @@ def checkDynamicContent(firstPage, secondPage):
     This function checks if the provided pages have dynamic content. If they
     are dynamic, proper markings will be made.
     """
+    
+    if kb.nullConnection:
+        return
 
     infoMsg = "searching for dynamic content"
     logger.info(infoMsg)
@@ -245,6 +248,7 @@ def checkStability():
 
             if test:
                 conf.string = test
+                kb.nullConnection = None
             else:
                 raise sqlmapSilentQuitException
 
@@ -254,6 +258,7 @@ def checkStability():
 
             if test:
                 conf.regex = test
+                kb.nullConnection = None
             else:
                 raise sqlmapSilentQuitException
         else:

lib/request/comparison.py

@@ -18,48 +18,53 @@ from lib.core.data import logger
 from lib.core.session import setMatchRatio
 
 def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
+    if page is None and pageLength is None:
+        return None
+
     regExpResults = None
 
-    # String to be excluded before calculating page hash
+    if page:
-    if conf.eString and conf.eString in page:
+        # String to be excluded before calculating page hash
-        index              = page.index(conf.eString)
+        if conf.eString and conf.eString in page:
-        length             = len(conf.eString)
+            index              = page.index(conf.eString)
-        pageWithoutString  = page[:index]
+            length             = len(conf.eString)
-        pageWithoutString += page[index+length:]
+            pageWithoutString  = page[:index]
-        page               = pageWithoutString
+            pageWithoutString += page[index+length:]
+            page               = pageWithoutString
 
-    # Regular expression matches to be excluded before calculating page hash
+        # Regular expression matches to be excluded before calculating page hash
-    if conf.eRegexp:
+        if conf.eRegexp:
-        regExpResults = re.findall(conf.eRegexp, page, re.I | re.M)
+            regExpResults = re.findall(conf.eRegexp, page, re.I | re.M)
 
-        if regExpResults:
+            if regExpResults:
-            for regExpResult in regExpResults:
+                for regExpResult in regExpResults:
-                index              = page.index(regExpResult)
+                    index              = page.index(regExpResult)
-                length             = len(regExpResult)
+                    length             = len(regExpResult)
-                pageWithoutRegExp  = page[:index]
+                    pageWithoutRegExp  = page[:index]
-                pageWithoutRegExp += page[index+length:]
+                    pageWithoutRegExp += page[index+length:]
-                page               = pageWithoutRegExp
+                    page               = pageWithoutRegExp
 
-    # String to match in page when the query is valid
+        # String to match in page when the query is valid
-    if conf.string:
+        if conf.string:
-        return conf.string in page
+            return conf.string in page
 
-    # Regular expression to match in page when the query is valid
+        # Regular expression to match in page when the query is valid
-    if conf.regexp:
+        if conf.regexp:
-        return re.search(conf.regexp, page, re.I | re.M) is not None
+            return re.search(conf.regexp, page, re.I | re.M) is not None
 
-    # Dynamic content lines to be excluded before calculating page hash
+        # Dynamic content lines to be excluded before calculating page hash
-    for item in kb.dynamicMarkings:
+        if not kb.nullConnection:
-        prefix, postfix = item
+            for item in kb.dynamicMarkings:
-        if prefix is None:
+                prefix, postfix = item
-            page = re.sub('(?s)^.+%s' % postfix, postfix, page)
+                if prefix is None:
-        elif postfix is None:
+                    page = re.sub('(?s)^.+%s' % postfix, postfix, page)
-            page = re.sub('(?s)%s.+$' % prefix, prefix, page)
+                elif postfix is None:
-        else:
+                    page = re.sub('(?s)%s.+$' % prefix, prefix, page)
-            page = re.sub('(?s)%s.+%s' % (prefix, postfix), '%s%s' % (prefix, postfix), page)
+                else:
+                    page = re.sub('(?s)%s.+%s' % (prefix, postfix), '%s%s' % (prefix, postfix), page)
 
-    if not pageLength and page:
+        if not pageLength:
-        pageLength = len(page)
+            pageLength = len(page)
 
     if kb.locks.seqLock:
         kb.locks.seqLock.acquire()

lib/request/connect.py

@@ -214,10 +214,10 @@ class Connect:
         except urllib2.HTTPError, e:
             if e.code == 401:
                 errMsg  = "not authorized, try to provide right HTTP "
-                errMsg += "authentication type and valid credentials"
+                errMsg += "authentication type and valid credentials (%d)" % e.code
                 raise sqlmapConnectionException, errMsg
             elif e.code == 404 and raise404:
-                errMsg = "page not found"
+                errMsg = "page not found (%d)" % e.code
                 raise sqlmapConnectionException, errMsg
             else:
                 try:
@@ -285,7 +285,7 @@ class Connect:
         return page, responseHeaders
 
     @staticmethod
-    def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None, response=False):
+    def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None, response=False, raise404 = None):
         """
         This method calls a function to get the target url page content
         and returns its page MD5 hash or a boolean value in case of
@@ -302,7 +302,7 @@ class Connect:
         page        = None
         pageLength  = None
         uri         = None
-        raise404    = place != "URI"
+        raise404    = place != "URI" if raise404 is None else raise404
         toUrlencode = { "GET": True, "POST": True, "Cookie": conf.cookieUrlencode, "User-Agent": True, "URI": False }
 
         if not place: