sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor improvements

Browse Source
This commit is contained in:
Miroslav Stampar 2019-11-14 14:21:53 +01:00
parent aa9ff9e8a6
commit 7e28c02948
6 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
extra/vulnserver/vulnserver.py
View File

@ -124,13 +124,14 @@ class ReqHandler(BaseHTTPRequestHandler):
self.url, self.params = path, params self.url, self.params = path, params
if self.url == '/': if self.url == '/':
self.send_response(OK)
if "id" not in params: if "id" not in params:
self.send_response(FOUND) self.send_header("Content-type", "text/html")
self.send_header("Connection", "close") self.send_header("Connection", "close")
self.send_header("Location", "/?id=1")
self.end_headers() self.end_headers()
self.wfile.write(b"<html><p><h3>GET:</h3><a href='/?id=1'>link</a></p><hr><p><h3>POST:</h3><form method='post'>ID: <input type='text' name='id'><input type='submit' value='Submit'></form></p></html>")
else: else:
self.send_response(OK)
self.send_header("Content-type", "text/html") self.send_header("Content-type", "text/html")
self.send_header("Connection", "close") self.send_header("Connection", "close")

6
lib/controller/controller.py
View File

@ -36,6 +36,7 @@ from lib.core.common import isListLike
from lib.core.common import parseTargetUrl from lib.core.common import parseTargetUrl
from lib.core.common import popValue from lib.core.common import popValue
from lib.core.common import pushValue from lib.core.common import pushValue
from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import removePostHintPrefix from lib.core.common import removePostHintPrefix
@ -203,10 +204,11 @@ def _randomFillBlankFields(value):
for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal): for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):
item = match.group("result") item = match.group("result")
if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item): if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):
newValue = randomStr() if not re.search(r"^id|id$", item, re.I) else randomInt()
if item[-1] == DEFAULT_GET_POST_DELIMITER: if item[-1] == DEFAULT_GET_POST_DELIMITER:
retVal = retVal.replace(item, "%s%s%s" % (item[:-1], randomStr(), DEFAULT_GET_POST_DELIMITER)) retVal = retVal.replace(item, "%s%s%s" % (item[:-1], newValue, DEFAULT_GET_POST_DELIMITER))
else: else:
retVal = retVal.replace(item, "%s%s" % (item, randomStr())) retVal = retVal.replace(item, "%s%s" % (item, newValue))
return retVal return retVal

2
lib/core/common.py
View File

@ -4909,7 +4909,7 @@ def prioritySortColumns(columns):
""" """
def _(column): def _(column):
return column and "id" in column.lower() return column and re.search(r"^id|id$", column, re.I) is not None
return sorted(sorted(columns, key=len), key=functools.cmp_to_key(lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0)) return sorted(sorted(columns, key=len), key=functools.cmp_to_key(lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0))

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.11.49" VERSION = "1.3.11.50"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

1
lib/core/testing.py
View File

@ -64,6 +64,7 @@ def vulnTest():
TESTS = ( TESTS = (
("--flush-session", ("CloudFlare",)), ("--flush-session", ("CloudFlare",)),
("--flush-session --forms --crawl=2 --banner", ("total of 2 targets", "might be injectable", "Type: UNION query", "banner: '3")),
("--flush-session --data='{\"id\": 1}' --banner", ("might be injectable", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3")), ("--flush-session --data='{\"id\": 1}' --banner", ("might be injectable", "Payload: {\"id\"", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3")),
("--flush-session --data='<root><param name=\"id\" value=\"1*\"/></root>' --mobile --banner --smart", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3")), ("--flush-session --data='<root><param name=\"id\" value=\"1*\"/></root>' --mobile --banner --smart", ("might be injectable", "Payload: <root><param name=\"id\" value=\"1", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "banner: '3")),
("--flush-session --method=PUT --data='a=1&b=2&c=3&id=1' --skip-static --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "2 entries")), ("--flush-session --method=PUT --data='a=1&b=2&c=3&id=1' --skip-static --dump -T users --start=1 --stop=2", ("might be injectable", "Parameter: id (PUT)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "2 entries")),

8
lib/utils/crawler.py
View File

@ -136,6 +136,14 @@ def crawl(target):
threadData.shared.deeper = set() threadData.shared.deeper = set()
threadData.shared.unprocessed = set([target]) threadData.shared.unprocessed = set([target])
_ = re.sub(r"(?<!/)/(?!/).*", "", target)
if _:
if target.strip('/') != _.strip('/'):
threadData.shared.unprocessed.add(_)
if re.search(r"\?.*\b\w+=", target):
threadData.shared.value.add(target)
if kb.checkSitemap is None: if kb.checkSitemap is None:
message = "do you want to check for the existence of " message = "do you want to check for the existence of "
message += "site's sitemap(.xml) [y/N] " message += "site's sitemap(.xml) [y/N] "