sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

several bug fixes

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-03 21:51:36 +00:00
parent 043b189a4c
commit 71d0b1bcd7
4 changed files with 50 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/THANKS
View File

@ -423,7 +423,7 @@ Sylphid <sylphid.su@sti.com.tw>
for suggesting some features
ToR <sstidus@email.it>
for reporting a minor bug
for reporting several bugs
== Organizations ==

7
lib/controller/checks.py
View File

@ -104,7 +104,7 @@ def heuristicCheckSqlInjection(place, parameter, value):
payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
payload = agent.payload(place, parameter, value, payload)
Request.queryPage(payload, place)
Request.queryPage(payload, place, raise404=False)
result = wasLastRequestError()
infoMsg = "(error based) heuristics shows that %s " % place
@ -154,6 +154,9 @@ def checkDynamicContent(firstPage, secondPage):
are dynamic, proper markings will be made.
"""
if kb.nullConnection:
return
infoMsg = "searching for dynamic content"
logger.info(infoMsg)
@ -245,6 +248,7 @@ def checkStability():
if test:
conf.string = test
kb.nullConnection = None
else:
raise sqlmapSilentQuitException
@ -254,6 +258,7 @@ def checkStability():
if test:
conf.regex = test
kb.nullConnection = None
else:
raise sqlmapSilentQuitException
else:

7
lib/request/comparison.py
View File

@ -18,8 +18,12 @@ from lib.core.data import logger
from lib.core.session import setMatchRatio
def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
if page is None and pageLength is None:
return None
regExpResults = None
if page:
# String to be excluded before calculating page hash
if conf.eString and conf.eString in page:
index = page.index(conf.eString)
@ -49,6 +53,7 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
return re.search(conf.regexp, page, re.I | re.M) is not None
# Dynamic content lines to be excluded before calculating page hash
if not kb.nullConnection:
for item in kb.dynamicMarkings:
prefix, postfix = item
if prefix is None:
@ -58,7 +63,7 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
else:
page = re.sub('(?s)%s.+%s' % (prefix, postfix), '%s%s' % (prefix, postfix), page)
if not pageLength and page:
if not pageLength:
pageLength = len(page)
if kb.locks.seqLock:

8
lib/request/connect.py
View File

@ -214,10 +214,10 @@ class Connect:
except urllib2.HTTPError, e:
if e.code == 401:
errMsg = "not authorized, try to provide right HTTP "
errMsg += "authentication type and valid credentials"
errMsg += "authentication type and valid credentials (%d)" % e.code
raise sqlmapConnectionException, errMsg
elif e.code == 404 and raise404:
errMsg = "page not found"
errMsg = "page not found (%d)" % e.code
raise sqlmapConnectionException, errMsg
else:
try:
@ -285,7 +285,7 @@ class Connect:
return page, responseHeaders
@staticmethod
def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None, response=False):
def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None, response=False, raise404 = None):
"""
This method calls a function to get the target url page content
and returns its page MD5 hash or a boolean value in case of
@ -302,7 +302,7 @@ class Connect:
page = None
pageLength = None
uri = None
raise404 = place != "URI"
raise404 = place != "URI" if raise404 is None else raise404
toUrlencode = { "GET": True, "POST": True, "Cookie": conf.cookieUrlencode, "User-Agent": True, "URI": False }
if not place: