mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Minor update
This commit is contained in:
parent
0ea39098bd
commit
7a0a4c28e5
|
@ -83,6 +83,10 @@
|
||||||
<info type="Linux"/>
|
<info type="Linux"/>
|
||||||
</regexp>
|
</regexp>
|
||||||
|
|
||||||
|
<regexp value="\bArch\b">
|
||||||
|
<info type="Linux" distrib="Arch"/>
|
||||||
|
</regexp>
|
||||||
|
|
||||||
<regexp value="CentOS">
|
<regexp value="CentOS">
|
||||||
<info type="Linux" distrib="CentOS"/>
|
<info type="Linux" distrib="CentOS"/>
|
||||||
</regexp>
|
</regexp>
|
||||||
|
@ -115,10 +119,22 @@
|
||||||
<info type="Linux" distrib="Mandrake"/>
|
<info type="Linux" distrib="Mandrake"/>
|
||||||
</regexp>
|
</regexp>
|
||||||
|
|
||||||
|
<regexp value="Manjaro">
|
||||||
|
<info type="Linux" distrib="Manjaro"/>
|
||||||
|
</regexp>
|
||||||
|
|
||||||
<regexp value="Mandriva">
|
<regexp value="Mandriva">
|
||||||
<info type="Linux" distrib="Mandriva"/>
|
<info type="Linux" distrib="Mandriva"/>
|
||||||
</regexp>
|
</regexp>
|
||||||
|
|
||||||
|
<regexp value="\bMint\b">
|
||||||
|
<info type="Linux" distrib="Mint"/>
|
||||||
|
</regexp>
|
||||||
|
|
||||||
|
<regexp value="\bPuppy\b">
|
||||||
|
<info type="Linux" distrib="Puppy"/>
|
||||||
|
</regexp>
|
||||||
|
|
||||||
<regexp value="Red[\-\_\ ]?Hat">
|
<regexp value="Red[\-\_\ ]?Hat">
|
||||||
<info type="Linux" distrib="Red Hat"/>
|
<info type="Linux" distrib="Red Hat"/>
|
||||||
</regexp>
|
</regexp>
|
||||||
|
|
|
@ -1139,7 +1139,7 @@ def _setSafeVisit():
|
||||||
conf.safeUrl = "http://%s" % conf.safeUrl
|
conf.safeUrl = "http://%s" % conf.safeUrl
|
||||||
|
|
||||||
if (conf.safeFreq or 0) <= 0:
|
if (conf.safeFreq or 0) <= 0:
|
||||||
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe visit features"
|
errMsg = "please provide a valid value (>0) for safe frequency ('--safe-freq') while using safe visit features"
|
||||||
raise SqlmapSyntaxException(errMsg)
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
def _setPrefixSuffix():
|
def _setPrefixSuffix():
|
||||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.4.1.9"
|
VERSION = "1.4.1.10"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
|
@ -60,8 +60,8 @@ def vulnTest():
|
||||||
"""
|
"""
|
||||||
|
|
||||||
TESTS = (
|
TESTS = (
|
||||||
(u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'",)),
|
(u"-c <config> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'",)),
|
||||||
(u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape", (u": '\u0161u\u0107uraj'",)),
|
(u"-u <url> --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther", (u": '\u0161u\u0107uraj'",)),
|
||||||
("--list-tampers", ("between", "MySQL", "xforwardedfor")),
|
("--list-tampers", ("between", "MySQL", "xforwardedfor")),
|
||||||
("-r <request> --flush-session -v 5", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar")),
|
("-r <request> --flush-session -v 5", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar")),
|
||||||
("-l <log> --flush-session --keep-alive --skip-waf -v 5 --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")),
|
("-l <log> --flush-session --keep-alive --skip-waf -v 5 --technique=U --union-from=users --banner --parse-errors", ("banner: '3.", "ORDER BY term out of range", "~xp_cmdshell", "Connection: keep-alive")),
|
||||||
|
@ -76,7 +76,7 @@ def vulnTest():
|
||||||
("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner", ("NULL connection is supported with HEAD method", "banner: '3.")),
|
("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner", ("NULL connection is supported with HEAD method", "banner: '3.")),
|
||||||
("-u <url> --flush-session --parse-errors --test-filter=\"subquery\" --eval=\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\"localhost\"", ("might be injectable", ": syntax error", "back-end DBMS: SQLite", "WHERE or HAVING clause (subquery")),
|
("-u <url> --flush-session --parse-errors --test-filter=\"subquery\" --eval=\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\"localhost\"", ("might be injectable", ": syntax error", "back-end DBMS: SQLite", "WHERE or HAVING clause (subquery")),
|
||||||
("-u <url> --banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
|
("-u <url> --banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
|
||||||
("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --answer=\"crack=n\" -v 3", ("performed 6 queries", "nameisnull", "~using default dictionary")),
|
("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --answers=\"crack=n\" -v 3", ("performed 6 queries", "nameisnull", "~using default dictionary")),
|
||||||
("-u <url> --flush-session --all", ("5 entries", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
|
("-u <url> --flush-session --all", ("5 entries", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
|
||||||
("-u <url> -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [5]", "nameisnull")),
|
("-u <url> -z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT * FROM users\"", ("SELECT * FROM users [5]", "nameisnull")),
|
||||||
("-u '<url>&echo=foobar*' --flush-session", ("might be vulnerable to cross-site scripting",)),
|
("-u '<url>&echo=foobar*' --flush-session", ("might be vulnerable to cross-site scripting",)),
|
||||||
|
@ -105,6 +105,9 @@ def vulnTest():
|
||||||
except:
|
except:
|
||||||
time.sleep(1)
|
time.sleep(1)
|
||||||
|
|
||||||
|
handle, config = tempfile.mkstemp(suffix=".conf")
|
||||||
|
os.close(handle)
|
||||||
|
|
||||||
handle, database = tempfile.mkstemp(suffix=".sqlite")
|
handle, database = tempfile.mkstemp(suffix=".sqlite")
|
||||||
os.close(handle)
|
os.close(handle)
|
||||||
|
|
||||||
|
@ -126,11 +129,14 @@ def vulnTest():
|
||||||
url = "http://%s:%d/?id=1" % (address, port)
|
url = "http://%s:%d/?id=1" % (address, port)
|
||||||
direct = "sqlite3://%s" % database
|
direct = "sqlite3://%s" % database
|
||||||
|
|
||||||
|
content = open(os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.conf"))).read().replace("url =", "url = %s" % url)
|
||||||
|
open(config, "w+").write(content)
|
||||||
|
|
||||||
for options, checks in TESTS:
|
for options, checks in TESTS:
|
||||||
status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS)))
|
status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS)))
|
||||||
dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status))
|
dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status))
|
||||||
|
|
||||||
cmd = "%s %s %s --batch" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options.replace("<url>", url).replace("<direct>", direct).replace("<request>", request).replace("<log>", log))
|
cmd = "%s %s %s --batch" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), options.replace("<url>", url).replace("<direct>", direct).replace("<request>", request).replace("<log>", log).replace("<config>", config))
|
||||||
output = shellExec(cmd)
|
output = shellExec(cmd)
|
||||||
|
|
||||||
if not all((check in output if not check.startswith('~') else check[1:] not in output) for check in checks):
|
if not all((check in output if not check.startswith('~') else check[1:] not in output) for check in checks):
|
||||||
|
|
|
@ -252,7 +252,7 @@ def cmdLineParser(argv=None):
|
||||||
help="Load safe HTTP request from a file")
|
help="Load safe HTTP request from a file")
|
||||||
|
|
||||||
request.add_argument("--safe-freq", dest="safeFreq", type=int,
|
request.add_argument("--safe-freq", dest="safeFreq", type=int,
|
||||||
help="Test requests between two visits to a given safe URL")
|
help="Regular requests between visits to a safe URL")
|
||||||
|
|
||||||
request.add_argument("--skip-urlencode", dest="skipUrlEncode", action="store_true",
|
request.add_argument("--skip-urlencode", dest="skipUrlEncode", action="store_true",
|
||||||
help="Skip URL encoding of payload data")
|
help="Skip URL encoding of payload data")
|
||||||
|
|
|
@ -171,7 +171,7 @@ safePost =
|
||||||
# Load safe HTTP request from a file.
|
# Load safe HTTP request from a file.
|
||||||
safeReqFile =
|
safeReqFile =
|
||||||
|
|
||||||
# Test requests between two visits to a given safe URL (default 0).
|
# Regular requests between visits to a safe URL (default 0).
|
||||||
# Valid: integer
|
# Valid: integer
|
||||||
# Default: 0
|
# Default: 0
|
||||||
safeFreq = 0
|
safeFreq = 0
|
||||||
|
|
Loading…
Reference in New Issue
Block a user