mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
refactoring
This commit is contained in:
parent
744636a8c1
commit
7e80274fac
|
@ -467,6 +467,8 @@ def checkSqlInjection(place, parameter, value):
|
||||||
injection.conf.regexp = conf.regexp
|
injection.conf.regexp = conf.regexp
|
||||||
injection.conf.optimize = conf.optimize
|
injection.conf.optimize = conf.optimize
|
||||||
|
|
||||||
|
injection.chars = kb.chars
|
||||||
|
|
||||||
if conf.beep or conf.realTest:
|
if conf.beep or conf.realTest:
|
||||||
beep()
|
beep()
|
||||||
|
|
||||||
|
|
|
@ -214,11 +214,11 @@ class Agent:
|
||||||
payload = payload.replace("[RANDNUM1]", str(randInt1))
|
payload = payload.replace("[RANDNUM1]", str(randInt1))
|
||||||
payload = payload.replace("[RANDSTR]", randStr)
|
payload = payload.replace("[RANDSTR]", randStr)
|
||||||
payload = payload.replace("[RANDSTR1]", randStr1)
|
payload = payload.replace("[RANDSTR1]", randStr1)
|
||||||
payload = payload.replace("[DELIMITER_START]", kb.misc.start)
|
payload = payload.replace("[DELIMITER_START]", kb.chars.start)
|
||||||
payload = payload.replace("[DELIMITER_STOP]", kb.misc.stop)
|
payload = payload.replace("[DELIMITER_STOP]", kb.chars.stop)
|
||||||
payload = payload.replace("[AT_REPLACE]", kb.misc.at)
|
payload = payload.replace("[AT_REPLACE]", kb.chars.at)
|
||||||
payload = payload.replace("[SPACE_REPLACE]", kb.misc.space)
|
payload = payload.replace("[SPACE_REPLACE]", kb.chars.space)
|
||||||
payload = payload.replace("[DOLLAR_REPLACE]", kb.misc.dollar)
|
payload = payload.replace("[DOLLAR_REPLACE]", kb.chars.dollar)
|
||||||
payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
|
payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
|
||||||
|
|
||||||
if origValue is not None:
|
if origValue is not None:
|
||||||
|
@ -342,7 +342,7 @@ class Agent:
|
||||||
for field in fieldsSplitted:
|
for field in fieldsSplitted:
|
||||||
nulledCastedFields.append(self.nullAndCastField(field))
|
nulledCastedFields.append(self.nullAndCastField(field))
|
||||||
|
|
||||||
delimiterStr = "%s'%s'%s" % (dbmsDelimiter, kb.misc.delimiter, dbmsDelimiter)
|
delimiterStr = "%s'%s'%s" % (dbmsDelimiter, kb.chars.delimiter, dbmsDelimiter)
|
||||||
nulledCastedConcatFields = delimiterStr.join([field for field in nulledCastedFields])
|
nulledCastedConcatFields = delimiterStr.join([field for field in nulledCastedFields])
|
||||||
|
|
||||||
return nulledCastedConcatFields
|
return nulledCastedConcatFields
|
||||||
|
@ -454,71 +454,71 @@ class Agent:
|
||||||
|
|
||||||
if Backend.isDbms(DBMS.MYSQL):
|
if Backend.isDbms(DBMS.MYSQL):
|
||||||
if fieldsExists:
|
if fieldsExists:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1)
|
||||||
concatenatedQuery += ",'%s')" % kb.misc.stop
|
concatenatedQuery += ",'%s')" % kb.chars.stop
|
||||||
elif fieldsSelectCase:
|
elif fieldsSelectCase:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1)
|
||||||
concatenatedQuery += ",'%s')" % kb.misc.stop
|
concatenatedQuery += ",'%s')" % kb.chars.stop
|
||||||
elif fieldsSelectFrom:
|
elif fieldsSelectFrom:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1)
|
||||||
concatenatedQuery = concatenatedQuery.replace(" FROM ", ",'%s') FROM " % kb.misc.stop, 1)
|
concatenatedQuery = concatenatedQuery.replace(" FROM ", ",'%s') FROM " % kb.chars.stop, 1)
|
||||||
elif fieldsSelect:
|
elif fieldsSelect:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.chars.start, 1)
|
||||||
concatenatedQuery += ",'%s')" % kb.misc.stop
|
concatenatedQuery += ",'%s')" % kb.chars.stop
|
||||||
elif fieldsNoSelect:
|
elif fieldsNoSelect:
|
||||||
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
|
concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2):
|
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2):
|
||||||
if fieldsExists:
|
if fieldsExists:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
|
||||||
concatenatedQuery += "||'%s'" % kb.misc.stop
|
concatenatedQuery += "||'%s'" % kb.chars.stop
|
||||||
elif fieldsSelectCase:
|
elif fieldsSelectCase:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||(SELECT " % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||(SELECT " % kb.chars.start, 1)
|
||||||
concatenatedQuery += ")||'%s'" % kb.misc.stop
|
concatenatedQuery += ")||'%s'" % kb.chars.stop
|
||||||
elif fieldsSelectFrom:
|
elif fieldsSelectFrom:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
|
||||||
concatenatedQuery = concatenatedQuery.replace(" FROM ", "||'%s' FROM " % kb.misc.stop, 1)
|
concatenatedQuery = concatenatedQuery.replace(" FROM ", "||'%s' FROM " % kb.chars.stop, 1)
|
||||||
elif fieldsSelect:
|
elif fieldsSelect:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1)
|
||||||
concatenatedQuery += "||'%s'" % kb.misc.stop
|
concatenatedQuery += "||'%s'" % kb.chars.stop
|
||||||
elif fieldsNoSelect:
|
elif fieldsNoSelect:
|
||||||
concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
|
concatenatedQuery = "'%s'||%s||'%s'" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
|
||||||
|
|
||||||
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
|
||||||
if fieldsExists:
|
if fieldsExists:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.chars.start, 1)
|
||||||
concatenatedQuery += "+'%s'" % kb.misc.stop
|
concatenatedQuery += "+'%s'" % kb.chars.stop
|
||||||
elif fieldsSelectTop:
|
elif fieldsSelectTop:
|
||||||
topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1)
|
topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1)
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.misc.start), 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.chars.start), 1)
|
||||||
concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.misc.stop, 1)
|
concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.chars.stop, 1)
|
||||||
elif fieldsSelectCase:
|
elif fieldsSelectCase:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.chars.start, 1)
|
||||||
concatenatedQuery += "+'%s'" % kb.misc.stop
|
concatenatedQuery += "+'%s'" % kb.chars.stop
|
||||||
elif fieldsSelectFrom:
|
elif fieldsSelectFrom:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.chars.start, 1)
|
||||||
concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.misc.stop, 1)
|
concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.chars.stop, 1)
|
||||||
elif fieldsSelect:
|
elif fieldsSelect:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.chars.start, 1)
|
||||||
concatenatedQuery += "+'%s'" % kb.misc.stop
|
concatenatedQuery += "+'%s'" % kb.chars.stop
|
||||||
elif fieldsNoSelect:
|
elif fieldsNoSelect:
|
||||||
concatenatedQuery = "'%s'+%s+'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
|
concatenatedQuery = "'%s'+%s+'%s'" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
|
||||||
|
|
||||||
elif Backend.isDbms(DBMS.ACCESS):
|
elif Backend.isDbms(DBMS.ACCESS):
|
||||||
if fieldsExists:
|
if fieldsExists:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'&" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'&" % kb.chars.start, 1)
|
||||||
concatenatedQuery += "&'%s'" % kb.misc.stop
|
concatenatedQuery += "&'%s'" % kb.chars.stop
|
||||||
elif fieldsSelectCase:
|
elif fieldsSelectCase:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'&(SELECT " % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'&(SELECT " % kb.chars.start, 1)
|
||||||
concatenatedQuery += ")&'%s'" % kb.misc.stop
|
concatenatedQuery += ")&'%s'" % kb.chars.stop
|
||||||
elif fieldsSelectFrom:
|
elif fieldsSelectFrom:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'&" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'&" % kb.chars.start, 1)
|
||||||
concatenatedQuery = concatenatedQuery.replace(" FROM ", "&'%s' FROM " % kb.misc.stop, 1)
|
concatenatedQuery = concatenatedQuery.replace(" FROM ", "&'%s' FROM " % kb.chars.stop, 1)
|
||||||
elif fieldsSelect:
|
elif fieldsSelect:
|
||||||
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'&" % kb.misc.start, 1)
|
concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'&" % kb.chars.start, 1)
|
||||||
concatenatedQuery += "&'%s'" % kb.misc.stop
|
concatenatedQuery += "&'%s'" % kb.chars.stop
|
||||||
elif fieldsNoSelect:
|
elif fieldsNoSelect:
|
||||||
concatenatedQuery = "'%s'&%s&'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop)
|
concatenatedQuery = "'%s'&%s&'%s'" % (kb.chars.start, concatenatedQuery, kb.chars.stop)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
concatenatedQuery = query
|
concatenatedQuery = query
|
||||||
|
|
|
@ -453,15 +453,15 @@ class Backend:
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def forceDbms(dbms, sticky=False):
|
def forceDbms(dbms, sticky=False):
|
||||||
if not kb.misc.stickyFlag:
|
if not kb.stickyFlag:
|
||||||
kb.misc.forcedDbms = aliasToDbmsEnum(dbms)
|
kb.forcedDbms = aliasToDbmsEnum(dbms)
|
||||||
kb.misc.stickyFlag = sticky
|
kb.stickyFlag = sticky
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def flushForcedDbms(force=False):
|
def flushForcedDbms(force=False):
|
||||||
if not kb.misc.stickyFlag or force:
|
if not kb.stickyFlag or force:
|
||||||
kb.misc.forcedDbms = None
|
kb.forcedDbms = None
|
||||||
kb.misc.stickyFlag = False
|
kb.stickyFlag = False
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def setOs(os):
|
def setOs(os):
|
||||||
|
@ -518,7 +518,7 @@ class Backend:
|
||||||
# Get methods
|
# Get methods
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def getForcedDbms():
|
def getForcedDbms():
|
||||||
return aliasToDbmsEnum(kb.misc.forcedDbms)
|
return aliasToDbmsEnum(kb.forcedDbms)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def getDbms():
|
def getDbms():
|
||||||
|
@ -1026,7 +1026,7 @@ def replaceNewlineTabs(inpStr, stdout=False):
|
||||||
else:
|
else:
|
||||||
replacedString = inpStr.replace("\n", DUMP_NEWLINE_MARKER).replace("\r", DUMP_CR_MARKER).replace("\t", DUMP_TAB_MARKER)
|
replacedString = inpStr.replace("\n", DUMP_NEWLINE_MARKER).replace("\r", DUMP_CR_MARKER).replace("\t", DUMP_TAB_MARKER)
|
||||||
|
|
||||||
replacedString = replacedString.replace(kb.misc.delimiter, DUMP_DEL_MARKER)
|
replacedString = replacedString.replace(kb.chars.delimiter, DUMP_DEL_MARKER)
|
||||||
|
|
||||||
return replacedString
|
return replacedString
|
||||||
|
|
||||||
|
@ -1335,12 +1335,12 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
|
||||||
|
|
||||||
data = BigArray()
|
data = BigArray()
|
||||||
|
|
||||||
outCond1 = ( output.startswith(kb.misc.start) and output.endswith(kb.misc.stop) )
|
outCond1 = ( output.startswith(kb.chars.start) and output.endswith(kb.chars.stop) )
|
||||||
outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) )
|
outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) )
|
||||||
|
|
||||||
if outCond1 or outCond2:
|
if outCond1 or outCond2:
|
||||||
if outCond1:
|
if outCond1:
|
||||||
regExpr = '%s(.*?)%s' % (kb.misc.start, kb.misc.stop)
|
regExpr = '%s(.*?)%s' % (kb.chars.start, kb.chars.stop)
|
||||||
elif outCond2:
|
elif outCond2:
|
||||||
regExpr = '%s(.*?)%s' % (DUMP_START_MARKER, DUMP_STOP_MARKER)
|
regExpr = '%s(.*?)%s' % (DUMP_START_MARKER, DUMP_STOP_MARKER)
|
||||||
|
|
||||||
|
@ -1367,7 +1367,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
|
||||||
if DUMP_DEL_MARKER in entry:
|
if DUMP_DEL_MARKER in entry:
|
||||||
entry = entry.split(DUMP_DEL_MARKER)
|
entry = entry.split(DUMP_DEL_MARKER)
|
||||||
else:
|
else:
|
||||||
entry = entry.split(kb.misc.delimiter)
|
entry = entry.split(kb.chars.delimiter)
|
||||||
|
|
||||||
if len(entry) == 1:
|
if len(entry) == 1:
|
||||||
data.append(entry[0])
|
data.append(entry[0])
|
||||||
|
@ -2478,6 +2478,7 @@ def initTechnique(technique=None):
|
||||||
if data:
|
if data:
|
||||||
kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)
|
kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)
|
||||||
kb.matchRatio = data.matchRatio
|
kb.matchRatio = data.matchRatio
|
||||||
|
kb.chars = kb.injection.chars
|
||||||
|
|
||||||
# Restoring stored conf options
|
# Restoring stored conf options
|
||||||
for key, value in kb.injection.conf.items():
|
for key, value in kb.injection.conf.items():
|
||||||
|
|
|
@ -1422,6 +1422,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.httpErrorCodes = {}
|
kb.httpErrorCodes = {}
|
||||||
kb.explicitSettings = set()
|
kb.explicitSettings = set()
|
||||||
kb.errorIsNone = True
|
kb.errorIsNone = True
|
||||||
|
kb.forcedDbms = None
|
||||||
kb.formNames = []
|
kb.formNames = []
|
||||||
kb.headersCount = 0
|
kb.headersCount = 0
|
||||||
kb.headersFp = {}
|
kb.headersFp = {}
|
||||||
|
@ -1469,6 +1470,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.safeCharEncode = False
|
kb.safeCharEncode = False
|
||||||
kb.singleLogFlags = set()
|
kb.singleLogFlags = set()
|
||||||
kb.skipOthersDbms = None
|
kb.skipOthersDbms = None
|
||||||
|
kb.stickyFlag = False
|
||||||
kb.suppressSession = False
|
kb.suppressSession = False
|
||||||
kb.suppressResumeInfo = False
|
kb.suppressResumeInfo = False
|
||||||
kb.technique = None
|
kb.technique = None
|
||||||
|
@ -1479,15 +1481,13 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.uChar = "NULL"
|
kb.uChar = "NULL"
|
||||||
kb.xpCmdshellAvailable = False
|
kb.xpCmdshellAvailable = False
|
||||||
|
|
||||||
kb.misc = AttribDict()
|
kb.chars = AttribDict()
|
||||||
kb.misc.delimiter = randomStr(length=6, lowercase=True)
|
kb.chars.delimiter = randomStr(length=6, lowercase=True)
|
||||||
kb.misc.start = ":%s:" % randomStr(length=3, lowercase=True)
|
kb.chars.start = ":%s:" % randomStr(length=3, lowercase=True)
|
||||||
kb.misc.stop = ":%s:" % randomStr(length=3, lowercase=True)
|
kb.chars.stop = ":%s:" % randomStr(length=3, lowercase=True)
|
||||||
kb.misc.at = ":%s:" % randomStr(length=1, lowercase=True)
|
kb.chars.at = ":%s:" % randomStr(length=1, lowercase=True)
|
||||||
kb.misc.space = ":%s:" % randomStr(length=1, lowercase=True)
|
kb.chars.space = ":%s:" % randomStr(length=1, lowercase=True)
|
||||||
kb.misc.dollar = ":%s:" % randomStr(length=1, lowercase=True)
|
kb.chars.dollar = ":%s:" % randomStr(length=1, lowercase=True)
|
||||||
kb.misc.forcedDbms = None
|
|
||||||
kb.misc.stickyFlag = False
|
|
||||||
|
|
||||||
if flushAll:
|
if flushAll:
|
||||||
kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))
|
kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))
|
||||||
|
|
|
@ -60,8 +60,8 @@ def __oneShotErrorUse(expression, field):
|
||||||
|
|
||||||
if not retVal:
|
if not retVal:
|
||||||
while True:
|
while True:
|
||||||
check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
|
check = "%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
|
||||||
trimcheck = "%s(?P<result>.*?)</" % (kb.misc.start)
|
trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
|
||||||
|
|
||||||
nulledCastedField = agent.nullAndCastField(field)
|
nulledCastedField = agent.nullAndCastField(field)
|
||||||
|
|
||||||
|
@ -189,7 +189,7 @@ def __errorReplaceChars(value):
|
||||||
retVal = value
|
retVal = value
|
||||||
|
|
||||||
if value:
|
if value:
|
||||||
retVal = retVal.replace(kb.misc.space, " ").replace(kb.misc.dollar, "$").replace(kb.misc.at, "@")
|
retVal = retVal.replace(kb.chars.space, " ").replace(kb.chars.dollar, "$").replace(kb.chars.at, "@")
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
|
|
@ -176,7 +176,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
|
||||||
for position in positions:
|
for position in positions:
|
||||||
# Prepare expression with delimiters
|
# Prepare expression with delimiters
|
||||||
randQuery = randomStr(UNION_MIN_RESPONSE_CHARS)
|
randQuery = randomStr(UNION_MIN_RESPONSE_CHARS)
|
||||||
phrase = "%s%s%s".lower() % (kb.misc.start, randQuery, kb.misc.stop)
|
phrase = "%s%s%s".lower() % (kb.chars.start, randQuery, kb.chars.stop)
|
||||||
randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
|
randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
|
||||||
randQueryUnescaped = unescaper.unescape(randQueryProcessed)
|
randQueryUnescaped = unescaper.unescape(randQueryProcessed)
|
||||||
|
|
||||||
|
@ -197,7 +197,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
|
||||||
if where == PAYLOAD.WHERE.ORIGINAL:
|
if where == PAYLOAD.WHERE.ORIGINAL:
|
||||||
# Prepare expression with delimiters
|
# Prepare expression with delimiters
|
||||||
randQuery2 = randomStr(UNION_MIN_RESPONSE_CHARS)
|
randQuery2 = randomStr(UNION_MIN_RESPONSE_CHARS)
|
||||||
phrase2 = "%s%s%s".lower() % (kb.misc.start, randQuery2, kb.misc.stop)
|
phrase2 = "%s%s%s".lower() % (kb.chars.start, randQuery2, kb.chars.stop)
|
||||||
randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
|
randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
|
||||||
randQueryUnescaped2 = unescaper.unescape(randQueryProcessed2)
|
randQueryUnescaped2 = unescaper.unescape(randQueryProcessed2)
|
||||||
|
|
||||||
|
|
|
@ -53,12 +53,12 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
|
||||||
retVal = conf.hashDB.retrieve(expression) if not conf.freshQueries else None
|
retVal = conf.hashDB.retrieve(expression) if not conf.freshQueries else None
|
||||||
|
|
||||||
if not retVal:
|
if not retVal:
|
||||||
check = "(?P<result>%s.*%s)" % (kb.misc.start, kb.misc.stop)
|
check = "(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop)
|
||||||
trimcheck = "%s(?P<result>.*?)</" % (kb.misc.start)
|
trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
|
||||||
|
|
||||||
# Prepare expression with delimiters
|
# Prepare expression with delimiters
|
||||||
expression = agent.concatQuery(expression, unpack)
|
injExpression = agent.concatQuery(expression, unpack)
|
||||||
expression = unescaper.unescape(expression)
|
injExpression = unescaper.unescape(injExpression)
|
||||||
|
|
||||||
if conf.limitStart or conf.limitStop:
|
if conf.limitStart or conf.limitStop:
|
||||||
where = PAYLOAD.WHERE.NEGATIVE
|
where = PAYLOAD.WHERE.NEGATIVE
|
||||||
|
@ -67,7 +67,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
|
||||||
|
|
||||||
# Forge the inband SQL injection request
|
# Forge the inband SQL injection request
|
||||||
vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
|
vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
|
||||||
query = agent.forgeInbandQuery(expression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], None, limited)
|
query = agent.forgeInbandQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], None, limited)
|
||||||
payload = agent.payload(newValue=query, where=where)
|
payload = agent.payload(newValue=query, where=where)
|
||||||
|
|
||||||
# Perform the request
|
# Perform the request
|
||||||
|
@ -317,13 +317,13 @@ def unionUse(expression, unpack=True, dump=False):
|
||||||
break
|
break
|
||||||
|
|
||||||
if output:
|
if output:
|
||||||
if all(map(lambda x: x in output, [kb.misc.start, kb.misc.stop])):
|
if all(map(lambda x: x in output, [kb.chars.start, kb.chars.stop])):
|
||||||
items = extractRegexResult(r'%s(?P<result>.*?)%s' % (kb.misc.start, kb.misc.stop), output, re.DOTALL | re.IGNORECASE).split(kb.misc.delimiter)
|
items = extractRegexResult(r'%s(?P<result>.*?)%s' % (kb.chars.start, kb.chars.stop), output, re.DOTALL | re.IGNORECASE).split(kb.chars.delimiter)
|
||||||
kb.locks.value.acquire()
|
kb.locks.value.acquire()
|
||||||
threadData.shared.value.append(items[0] if len(items) == 1 else items)
|
threadData.shared.value.append(items[0] if len(items) == 1 else items)
|
||||||
kb.locks.value.release()
|
kb.locks.value.release()
|
||||||
else:
|
else:
|
||||||
items = output.replace(kb.misc.start, "").replace(kb.misc.stop, "").split(kb.misc.delimiter)
|
items = output.replace(kb.chars.start, "").replace(kb.chars.stop, "").split(kb.chars.delimiter)
|
||||||
|
|
||||||
if conf.verbose == 1:
|
if conf.verbose == 1:
|
||||||
status = "[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), safecharencode(",".join(map(lambda x: "\"%s\"" % x, items))))
|
status = "[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), safecharencode(",".join(map(lambda x: "\"%s\"" % x, items))))
|
||||||
|
|
Loading…
Reference in New Issue
Block a user