Merge branch 'master' of github.com:sqlmapproject/sqlmap

This commit is contained in:
Bernardo Damele 2013-01-07 11:10:08 +00:00
commit 7fa75792dd
87 changed files with 362 additions and 359 deletions

View File

@ -92,7 +92,7 @@ def main():
req = urllib2.Request(sqlfile)
response = urllib2.urlopen(req)
if response.headers.has_key("Content-Length"):
if "Content-Length" in response.headers:
if int(response.headers.get("Content-Length")) > MAX_FILE_SIZE:
continue

View File

@ -51,7 +51,7 @@ def action():
errMsg += ". Support for this DBMS will be implemented at "
errMsg += "some point"
raise SqlmapUnsupportedDBMSException, errMsg
raise SqlmapUnsupportedDBMSException(errMsg)
conf.dumper.singleString(conf.dbmsHandler.getFingerprint())

View File

@ -879,7 +879,7 @@ def checkStability():
kb.nullConnection = None
else:
errMsg = "Empty value supplied"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
elif test and test[0] in ("r", "R"):
message = "please enter value for parameter 'regex': "
@ -896,7 +896,7 @@ def checkStability():
kb.nullConnection = None
else:
errMsg = "Empty value supplied"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
else:
checkDynamicContent(firstPage, secondPage)
@ -1027,7 +1027,7 @@ def checkNullConnection():
except SqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg)
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
return kb.nullConnection is not None
@ -1037,7 +1037,7 @@ def checkConnection(suppressOutput=False):
socket.getaddrinfo(conf.hostname, None)
except socket.gaierror:
errMsg = "host '%s' does not exist" % conf.hostname
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
if not suppressOutput:
infoMsg = "testing connection to the target url"
@ -1051,7 +1051,7 @@ def checkConnection(suppressOutput=False):
if not kb.originalPage and wasLastRequestHTTPError():
errMsg = "unable to retrieve page content"
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
elif wasLastRequestDBMSError():
warnMsg = "there is a DBMS error found in the HTTP response body "
warnMsg += "which could interfere with the results of the tests"

View File

@ -117,7 +117,7 @@ def _selectInjection():
raise SqlmapUserQuitException
else:
errMsg = "invalid choice"
raise SqlmapValueException, errMsg
raise SqlmapValueException(errMsg)
kb.injection = kb.injections[index]
@ -365,13 +365,13 @@ def start():
# a warning message to the user in case the page is not stable
checkStability()
# Do a little prioritization reorder of a testable parameter list
# Do a little prioritization reorder of a testable parameter list
parameters = conf.parameters.keys()
# Order of testing list (last to first)
orderList = (PLACE.URI, PLACE.GET, PLACE.POST, PLACE.CUSTOM_POST)
# Order of testing list (first to last)
orderList = (PLACE.CUSTOM_POST, PLACE.URI, PLACE.POST, PLACE.GET)
for place in orderList:
for place in orderList[::-1]:
if place in parameters:
parameters.remove(place)
parameters.insert(0, place)
@ -496,7 +496,7 @@ def start():
if kb.vainRun and not conf.multipleTargets:
errMsg = "no parameter(s) found for testing in the provided data "
errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
else:
errMsg = "all tested parameters appear to be not injectable."
@ -544,7 +544,7 @@ def start():
errMsg += "expression that you have choosen "
errMsg += "does not match exclusively True responses"
raise SqlmapNotVulnerableException, errMsg
raise SqlmapNotVulnerableException(errMsg)
else:
# Flush the flag
kb.testMode = False

View File

@ -252,7 +252,7 @@ class Agent(object):
else:
errMsg = "invalid usage of inference payload without "
errMsg += "knowledge of underlying DBMS"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
return payload

View File

@ -736,7 +736,7 @@ def dataToTrafficFile(data):
except IOError, ex:
errMsg = "something went wrong while trying "
errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex)
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def dataToDumpFile(dumpFile, data):
dumpFile.write(data)
@ -861,7 +861,7 @@ def checkFile(filename):
"""
if not os.path.isfile(filename):
raise SqlmapFilePathException, "unable to read file '%s'" % filename
raise SqlmapFilePathException("unable to read file '%s'" % filename)
def banner():
"""
@ -997,7 +997,7 @@ def parseTargetDirect():
errMsg = "invalid target details, valid syntax is for instance "
errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' "
errMsg += "or 'access://DATABASE_FILEPATH'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
for dbmsName, data in DBMS_DICT.items():
if conf.dbms in data[0]:
@ -1012,7 +1012,7 @@ def parseTargetDirect():
conf.port = 0
elif not remote:
errMsg = "missing remote connection details"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):
import _mssql
@ -1022,7 +1022,7 @@ def parseTargetDirect():
errMsg = "'%s' third-party library must be " % data[1]
errMsg += "version >= 1.0.2 to work properly. "
errMsg += "Download from '%s'" % data[2]
raise SqlmapMissingDependence, errMsg
raise SqlmapMissingDependence(errMsg)
elif dbmsName == DBMS.MYSQL:
import pymysql
@ -1040,7 +1040,7 @@ def parseTargetDirect():
errMsg = "sqlmap requires '%s' third-party library " % data[1]
errMsg += "in order to directly connect to the database "
errMsg += "%s. Download from '%s'" % (dbmsName, data[2])
raise SqlmapMissingDependence, errMsg
raise SqlmapMissingDependence(errMsg)
def parseTargetUrl():
"""
@ -1055,7 +1055,7 @@ def parseTargetUrl():
if re.search("\[.+\]", conf.url) and not socket.has_ipv6:
errMsg = "IPv6 addressing is not supported "
errMsg += "on this platform"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
if not re.search("^http[s]*://", conf.url, re.I):
if ":443/" in conf.url:
@ -1083,14 +1083,14 @@ def parseTargetUrl():
if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))):
errMsg = "invalid target url"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if len(hostnamePort) == 2:
try:
conf.port = int(hostnamePort[1])
except:
errMsg = "invalid target url"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif conf.scheme == "https":
conf.port = 443
else:
@ -1353,7 +1353,7 @@ def safeStringFormat(format_, params):
if count < len(params):
retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:]
else:
raise SqlmapNoneDataException, "wrong number of parameters during string formatting"
raise SqlmapNoneDataException("wrong number of parameters during string formatting")
count += 1
return retVal
@ -2377,7 +2377,7 @@ def initTechnique(technique=None):
errMsg = "missing data in old session file(s). "
errMsg += "Please use '--flush-session' to deal "
errMsg += "with this error"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
def arrayizeValue(value):
"""
@ -2496,7 +2496,7 @@ def openFile(filename, mode='r'):
errMsg += "Please check %s permissions on a file " % ("write" if \
mode and ('w' in mode or 'a' in mode or '+' in mode) else "read")
errMsg += "and that it's not locked by another process."
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
def decodeIntToUnicode(value):
"""
@ -2810,7 +2810,7 @@ def expandMnemonics(mnemonics, parser, args):
if pointer in (None, head):
errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif len(pointer.current) > 1:
options = {}
@ -2849,7 +2849,7 @@ def expandMnemonics(mnemonics, parser, args):
setattr(args, found.dest, True)
else:
errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type)
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
def safeCSValue(value):
"""
@ -2997,7 +2997,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
if not content:
errMsg = "can't parse forms as the page content appears to be blank"
if raise_:
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
logger.debug(errMsg)
@ -3017,7 +3017,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
except ParseError:
errMsg = "no success"
if raise_:
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
logger.debug(errMsg)
@ -3038,7 +3038,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
errMsg = "there has been a problem while "
errMsg += "processing page forms ('%s')" % ex
if raise_:
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
logger.debug(errMsg)
else:
@ -3057,7 +3057,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
else:
errMsg = "there were no forms found at the given target url"
if raise_:
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
logger.debug(errMsg)
@ -3105,7 +3105,7 @@ def checkDeprecatedOptions(args):
errMsg = "switch/option '%s' is deprecated" % _
if _ in DEPRECATED_HINTS:
errMsg += " (hint: %s)" % DEPRECATED_HINTS[_]
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
def evaluateCode(code, variables=None):
"""
@ -3118,7 +3118,7 @@ def evaluateCode(code, variables=None):
raise
except Exception, ex:
errMsg = "an error occured while evaluating provided code ('%s'). " % ex
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def serializeObject(object_):
"""
@ -3259,7 +3259,7 @@ def resetCookieJar(cookieJar):
except cookielib.LoadError, msg:
errMsg = "there was a problem loading "
errMsg += "cookies file ('%s')" % msg
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def prioritySortColumns(columns):
"""

View File

@ -47,7 +47,7 @@ def hexencode(value):
return utf8encode(value).encode("hex")
def md5hash(value):
if sys.modules.has_key('hashlib'):
if "hashlib" in sys.modules:
return hashlib.md5(value).hexdigest()
else:
return md5.new(value).hexdigest()
@ -60,7 +60,7 @@ def ordencode(value):
return tuple(ord(char) for char in value)
def sha1hash(value):
if sys.modules.has_key('hashlib'):
if "hashlib" in sys.modules:
return hashlib.sha1(value).hexdigest()
else:
return sha.new(value).hexdigest()

View File

@ -38,7 +38,7 @@ class AttribDict(dict):
try:
return self.__getitem__(item)
except KeyError:
raise SqlmapDataException, "unable to access item '%s'" % item
raise SqlmapDataException("unable to access item '%s'" % item)
def __setattr__(self, item, value):
"""
@ -47,11 +47,11 @@ class AttribDict(dict):
"""
# This test allows attributes to be set in the __init__ method
if not self.__dict__.has_key('_AttribDict__initialised'):
if "_AttribDict__initialised" not in self.__dict__:
return dict.__setattr__(self, item, value)
# Any normal attributes are handled normally
elif self.__dict__.has_key(item):
elif item in self.__dict__:
dict.__setattr__(self, item, value)
else:

View File

@ -21,51 +21,51 @@ from lib.core.settings import SYBASE_ALIASES
from lib.core.settings import DB2_ALIASES
FIREBIRD_TYPES = {
"261":"BLOB",
"14":"CHAR",
"40":"CSTRING",
"11":"D_FLOAT",
"27":"DOUBLE",
"10":"FLOAT",
"16":"INT64",
"8":"INTEGER",
"9":"QUAD",
"7":"SMALLINT",
"12":"DATE",
"13":"TIME",
"35":"TIMESTAMP",
"37":"VARCHAR"
"261": "BLOB",
"14": "CHAR",
"40": "CSTRING",
"11": "D_FLOAT",
"27": "DOUBLE",
"10": "FLOAT",
"16": "INT64",
"8": "INTEGER",
"9": "QUAD",
"7": "SMALLINT",
"12": "DATE",
"13": "TIME",
"35": "TIMESTAMP",
"37": "VARCHAR"
}
SYBASE_TYPES = {
"14":"floatn",
"8":"float",
"15":"datetimn",
"12":"datetime",
"23":"real",
"28":"numericn",
"10":"numeric",
"27":"decimaln",
"26":"decimal",
"17":"moneyn",
"11":"money",
"21":"smallmoney",
"22":"smalldatetime",
"13":"intn",
"7":"int",
"6":"smallint",
"5":"tinyint",
"16":"bit",
"2":"varchar",
"18":"sysname",
"25":"nvarchar",
"1":"char",
"24":"nchar",
"4":"varbinary",
"80":"timestamp",
"3":"binary",
"19":"text",
"20":"image",
"14": "floatn",
"8": "float",
"15": "datetimn",
"12": "datetime",
"23": "real",
"28": "numericn",
"10": "numeric",
"27": "decimaln",
"26": "decimal",
"17": "moneyn",
"11": "money",
"21": "smallmoney",
"22": "smalldatetime",
"13": "intn",
"7": "int",
"6": "smallint",
"5": "tinyint",
"16": "bit",
"2": "varchar",
"18": "sysname",
"25": "nvarchar",
"1": "char",
"24": "nchar",
"4": "varbinary",
"80": "timestamp",
"3": "binary",
"19": "text",
"20": "image",
}
MYSQL_PRIVS = {

View File

@ -70,7 +70,7 @@ class Dump(object):
self._outputFP = codecs.open(self._outputFile, "ab" if not conf.flushSession else "wb", UNICODE_ENCODING)
except IOError, ex:
errMsg = "error occurred while opening log file ('%s')" % ex
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def getOutputFile(self):
return self._outputFile

View File

@ -24,7 +24,7 @@ class SORT_ORDER:
class DBMS:
ACCESS = "Microsoft Access"
DB2 = "IBM DB2"
DB2 = "IBM DB2"
FIREBIRD = "Firebird"
MAXDB = "SAP MaxDB"
MSSQL = "Microsoft SQL Server"
@ -173,39 +173,39 @@ class REDIRECTION:
class PAYLOAD:
SQLINJECTION = {
1: "boolean-based blind",
2: "error-based",
3: "UNION query",
4: "stacked queries",
5: "AND/OR time-based blind",
6: "inline query"
1: "boolean-based blind",
2: "error-based",
3: "UNION query",
4: "stacked queries",
5: "AND/OR time-based blind",
6: "inline query"
}
PARAMETER = {
1: "Unescaped numeric",
2: "Single quoted string",
3: "LIKE single quoted string",
4: "Double quoted string",
5: "LIKE double quoted string"
1: "Unescaped numeric",
2: "Single quoted string",
3: "LIKE single quoted string",
4: "Double quoted string",
5: "LIKE double quoted string"
}
RISK = {
0: "No risk",
1: "Low risk",
2: "Medium risk",
3: "High risk"
0: "No risk",
1: "Low risk",
2: "Medium risk",
3: "High risk"
}
CLAUSE = {
0: "Always",
1: "WHERE",
2: "GROUP BY",
3: "ORDER BY",
4: "LIMIT",
5: "OFFSET",
6: "TOP",
7: "Table name",
8: "Column name"
0: "Always",
1: "WHERE",
2: "GROUP BY",
3: "ORDER BY",
4: "LIMIT",
5: "OFFSET",
6: "TOP",
7: "Table name",
8: "Column name"
}
class METHOD:

View File

@ -388,7 +388,7 @@ def _setMultipleTargets():
if not os.path.exists(conf.logFile):
errMsg = "the specified list of targets does not exist"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
if os.path.isfile(conf.logFile):
_feedTargetsDict(conf.logFile, addedTargetUrls)
@ -406,7 +406,7 @@ def _setMultipleTargets():
else:
errMsg = "the specified list of targets is not a file "
errMsg += "nor a directory"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
updatedTargetsCount = len(kb.targets)
@ -453,7 +453,7 @@ def _setRequestFromFile():
if not os.path.isfile(conf.requestFile):
errMsg = "the specified HTTP request file "
errMsg += "does not exist"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
_feedTargetsDict(conf.requestFile, addedTargetUrls)
@ -504,7 +504,7 @@ def _setGoogleDorking():
if not links:
errMsg = "unable to find results for your "
errMsg += "Google dork expression"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
for link in links:
link = urldecode(link)
@ -560,7 +560,7 @@ def _setBulkMultipleTargets():
if not os.path.isfile(conf.bulkFile):
errMsg = "the specified bulk file "
errMsg += "does not exist"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
for line in getFileItems(conf.bulkFile):
if re.search(r"[^ ]+\?(.+)", line, re.I):
@ -597,7 +597,7 @@ def _setDBMSAuthentication():
if not match:
errMsg = "DBMS authentication credentials value must be in format "
errMsg += "username:password"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
conf.dbmsUsername = match.group(1)
conf.dbmsPassword = match.group(2)
@ -638,7 +638,7 @@ def _setMetasploit():
errMsg += "if you want to perform a SMB relay attack because "
errMsg += "it will need to listen on a user-specified SMB "
errMsg += "TCP port for incoming connection attempts"
raise SqlmapMissingPrivileges, errMsg
raise SqlmapMissingPrivileges(errMsg)
if conf.msfPath:
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
@ -687,7 +687,7 @@ def _setMetasploit():
if not msfEnvPathExists:
errMsg = "unable to locate Metasploit Framework installation. "
errMsg += "You can get it at 'http://metasploit.com/framework/download/'"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
def _setWriteFile():
if not conf.wFile:
@ -698,12 +698,12 @@ def _setWriteFile():
if not os.path.exists(conf.wFile):
errMsg = "the provided local file '%s' does not exist" % conf.wFile
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
if not conf.dFile:
errMsg = "you did not provide the back-end DBMS absolute path "
errMsg += "where you want to write the local file '%s'" % conf.wFile
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)
conf.wFileType = getFileType(conf.wFile)
@ -722,7 +722,7 @@ def _setOS():
errMsg += "If you do not know the back-end DBMS underlying OS, "
errMsg += "do not provide it and sqlmap will fingerprint it for "
errMsg += "you."
raise SqlmapUnsupportedDBMSException, errMsg
raise SqlmapUnsupportedDBMSException(errMsg)
debugMsg = "forcing back-end DBMS operating system to user defined "
debugMsg += "value '%s'" % conf.os
@ -742,7 +742,7 @@ def _setTechnique():
errMsg = "value for --technique must be a string composed "
errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters)
errMsg += "user's manual for details"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
for validTech, validInt in validTechniques:
if letter == validTech[0]:
@ -774,7 +774,7 @@ def _setDBMS():
errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT])
errMsg += "If you do not know the back-end DBMS, do not provide "
errMsg += "it and sqlmap will fingerprint it for you."
raise SqlmapUnsupportedDBMSException, errMsg
raise SqlmapUnsupportedDBMSException(errMsg)
for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \
SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \
@ -808,11 +808,11 @@ def _setTamperingFunctions():
elif not os.path.exists(tfile):
errMsg = "tamper script '%s' does not exist" % tfile
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
elif not tfile.endswith('.py'):
errMsg = "tamper script '%s' should have an extension '.py'" % tfile
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
dirname, filename = os.path.split(tfile)
dirname = os.path.abspath(dirname)
@ -823,7 +823,7 @@ def _setTamperingFunctions():
if not os.path.exists(os.path.join(dirname, '__init__.py')):
errMsg = "make sure that there is an empty file '__init__.py' "
errMsg += "inside of tamper scripts directory '%s'" % dirname
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
if dirname not in sys.path:
sys.path.insert(0, dirname)
@ -831,7 +831,7 @@ def _setTamperingFunctions():
try:
module = __import__(filename[:-3])
except ImportError, msg:
raise SqlmapSyntaxException, "cannot import tamper script '%s' (%s)" % (filename[:-3], msg)
raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], msg))
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
@ -866,7 +866,7 @@ def _setTamperingFunctions():
if not found:
errMsg = "missing function 'tamper(payload, headers)' "
errMsg += "in tamper script '%s'" % tfile
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
if resolve_priorities and priorities:
priorities.sort(reverse=True)
@ -929,14 +929,14 @@ def _setHTTPProxy():
if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)):
errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.pCred:
_ = re.search("^(.*?):(.*?)$", conf.pCred)
if not _:
errMsg = "Proxy authentication credentials "
errMsg += "value must be in format username:password"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
else:
username = _.group(1)
password = _.group(2)
@ -979,7 +979,7 @@ def _setSafeUrl():
if conf.saFreq <= 0:
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
def _setPrefixSuffix():
if conf.prefix is not None and conf.suffix is not None:
@ -1033,12 +1033,12 @@ def _setHTTPAuthentication():
elif conf.aType and not conf.aCred:
errMsg = "you specified the HTTP authentication type, but "
errMsg += "did not provide the credentials"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif not conf.aType and conf.aCred:
errMsg = "you specified the HTTP authentication credentials, "
errMsg += "but did not provide the type"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if not conf.aCert:
debugMsg = "setting the HTTP authentication type and credentials"
@ -1049,7 +1049,7 @@ def _setHTTPAuthentication():
if aTypeLower not in ( "basic", "digest", "ntlm" ):
errMsg = "HTTP authentication type value must be "
errMsg += "Basic, Digest or NTLM"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif aTypeLower in ( "basic", "digest" ):
regExp = "^(.*?):(.*?)$"
errMsg = "HTTP %s authentication credentials " % aTypeLower
@ -1062,7 +1062,7 @@ def _setHTTPAuthentication():
aCredRegExp = re.search(regExp, conf.aCred)
if not aCredRegExp:
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
conf.authUsername = aCredRegExp.group(1)
conf.authPassword = aCredRegExp.group(2)
@ -1084,7 +1084,7 @@ def _setHTTPAuthentication():
errMsg = "sqlmap requires Python NTLM third-party library "
errMsg += "in order to authenticate via NTLM, "
errMsg += "http://code.google.com/p/python-ntlm/"
raise SqlmapMissingDependence, errMsg
raise SqlmapMissingDependence(errMsg)
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)
else:
@ -1096,7 +1096,7 @@ def _setHTTPAuthentication():
if not aCertRegExp:
errMsg = "HTTP authentication certificate option "
errMsg += "must be in format key_file,cert_file"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
# os.path.expanduser for support of paths with ~
key_file = os.path.expanduser(aCertRegExp.group(1))
@ -1105,7 +1105,7 @@ def _setHTTPAuthentication():
for ifile in (key_file, cert_file):
if not os.path.exists(ifile):
errMsg = "File '%s' does not exist" % ifile
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
authHandler = HTTPSCertAuthHandler(key_file, cert_file)
@ -1134,7 +1134,7 @@ def _setHTTPExtraHeaders():
conf.httpHeaders.append((header, value))
else:
errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u')
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif not conf.httpHeaders or len(conf.httpHeaders) == 1:
conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5"))
@ -1809,13 +1809,13 @@ def _setDNSServer():
except socket.error, msg:
errMsg = "there was an error while setting up "
errMsg += "DNS server instance ('%s')" % msg
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
errMsg = "you need to run sqlmap as an administrator "
errMsg += "if you want to perform a DNS data exfiltration attack "
errMsg += "as it will need to listen on privileged UDP port 53 "
errMsg += "for incoming address resolution attempts"
raise SqlmapMissingPrivileges, errMsg
raise SqlmapMissingPrivileges(errMsg)
def _setTorProxySettings():
if not conf.tor:
@ -1856,7 +1856,7 @@ def _setTorHttpProxySettings():
else:
errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)"
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
if not conf.checkTor:
warnMsg = "use switch '--check-tor' at "
@ -1885,7 +1885,7 @@ def _checkTor():
page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False)
if not page or 'Congratulations' not in page:
errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'"
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
else:
infoMsg = "Tor is properly being used"
logger.info(infoMsg)
@ -1893,135 +1893,135 @@ def _checkTor():
def _basicOptionValidation():
if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0):
errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0):
errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0):
errMsg = "value for option '--level' must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0):
errMsg = "value for option '--risk' must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart:
errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \
conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar:
errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0):
errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.textOnly and conf.nullConnection:
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.titles and conf.nullConnection:
errMsg = "switch '--titles' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.data and conf.nullConnection:
errMsg = "option '--data' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.string and conf.nullConnection:
errMsg = "option '--string' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.notString and conf.nullConnection:
errMsg = "option '--not-string' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.string and conf.notString:
errMsg = "option '--string' is incompatible with switch '--not-string'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.regexp and conf.nullConnection:
errMsg = "option '--regexp' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.dumpTable and conf.dumpAll:
errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.predictOutput and (conf.threads > 1 or conf.optimize):
errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.threads > MAX_NUMBER_OF_THREADS:
errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.forms and not conf.url:
errMsg = "switch '--forms' requires usage of option '-u' (--url)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.requestFile and conf.url:
errMsg = "option '-r' is incompatible with option '-u' (--url)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.tor and conf.ignoreProxy:
errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.tor and conf.proxy:
errMsg = "switch '--tor' is incompatible with option '--proxy'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.checkTor and not any((conf.tor, conf.proxy)):
errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0):
errMsg = "value for option '--tor-port' must be a positive integer"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True):
errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True))
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True):
errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True))
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.skip and conf.testParameter:
errMsg = "option '--skip' is incompatible with option '-p'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.mobile and conf.agent:
errMsg = "switch '--mobile' is incompatible with option '--user-agent'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.proxy and conf.ignoreProxy:
errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]):
errMsg = "switch '--forms' is compatible only with option '-u' (--url)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.timeSec < 1:
errMsg = "value for option '--time-sec' must be a positive integer"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar):
errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if isinstance(conf.uCols, basestring):
if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2):
errMsg = "value for option '--union-cols' must be a range with hyphon "
errMsg += "(e.g. 1-10) or integer value (e.g. 5)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.charset:
_ = checkCharEncoding(conf.charset, False)
@ -2029,14 +2029,14 @@ def _basicOptionValidation():
errMsg = "unknown charset '%s'. Please visit " % conf.charset
errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE
errMsg += "supported charsets"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
else:
conf.charset = _
if conf.loadCookies:
if not os.path.exists(conf.loadCookies):
errMsg = "cookies file '%s' does not exist" % conf.loadCookies
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
def _resolveCrossReferences():
lib.core.threads.readInput = readInput

View File

@ -64,7 +64,7 @@ class Replication(object):
self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values))
else:
errMsg = "wrong number of columns used in replicating insert"
raise SqlmapValueException, errMsg
raise SqlmapValueException(errMsg)
def execute(self, sql, parameters=[]):
try:
@ -73,7 +73,7 @@ class Replication(object):
errMsg = "problem occurred ('%s') while accessing sqlite database " % ex
errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
errMsg += "it's not used by some other program"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def beginTransaction(self):
"""

View File

@ -34,13 +34,13 @@ def blockingReadFromFD(fd):
# Uncomment the following line if the process seems to
# take a huge amount of cpu time
# time.sleep(0.01)
continue
continue
else:
raise
break
if not output:
raise EOFError, "fd %s has been closed." % fd
raise EOFError("fd %s has been closed." % fd )
return output
@ -52,9 +52,9 @@ def blockingWriteToFD(fd, data):
wrote_data = os.write(fd, data)
except (OSError, IOError), io:
if io.errno in (errno.EAGAIN, errno.EINTR):
continue
continue
else:
raise
raise
if wrote_data < data_length:
blockingWriteToFD(fd, data[wrote_data:])

View File

@ -79,7 +79,7 @@ def _setRequestParams():
# Perform checks on POST parameters
if conf.method == HTTPMETHOD.POST and conf.data is None:
errMsg = "HTTP POST method depends on HTTP data value to be posted"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.data is not None:
conf.method = HTTPMETHOD.POST
@ -237,12 +237,12 @@ def _setRequestParams():
if not conf.parameters:
errMsg = "you did not provide any GET, POST and Cookie "
errMsg += "parameter, neither an User-Agent, Referer or Host header value"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
elif not testableParameters:
errMsg = "all testable parameters you provided are not present "
errMsg += "within the GET, POST and Cookie parameters"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def _setHashDB():
"""
@ -259,7 +259,7 @@ def _setHashDB():
logger.info("flushing session file")
except OSError, msg:
errMsg = "unable to flush the session file (%s)" % msg
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
conf.hashDB = HashDB(conf.hashDBFile)
@ -460,7 +460,7 @@ def _createTargetDirs():
errMsg = "something went wrong while trying "
errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, ex)
raise SqlmapMissingPrivileges, errMsg
raise SqlmapMissingPrivileges(errMsg)
_createDumpDir()
_createFilesDir()

View File

@ -165,7 +165,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
pass
except KeyboardInterrupt:
raise SqlmapThreadException, "user aborted (Ctrl+C was pressed multiple times)"
raise SqlmapThreadException("user aborted (Ctrl+C was pressed multiple times)")
if forwardException:
raise

View File

@ -42,7 +42,7 @@ class Wordlist(object):
_ = zipfile.ZipFile(current, 'r')
if len(_.namelist()) == 0:
errMsg = "no file(s) inside '%s'" % current
raise SqlmapDataException, errMsg
raise SqlmapDataException(errMsg)
self.fp = _.open(_.namelist()[0])
else:
self.fp = open(current, 'r')

View File

@ -66,11 +66,11 @@ def configFileParser(configFile):
config.readfp(configFP)
except MissingSectionHeaderError:
errMsg = "you have provided an invalid configuration file"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if not config.has_section("Target"):
errMsg = "missing a mandatory section 'Target' in the configuration file"
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)
condition = not config.has_option("Target", "url")
condition &= not config.has_option("Target", "logFile")
@ -82,7 +82,7 @@ def configFileParser(configFile):
if condition:
errMsg = "missing a mandatory option in the configuration file "
errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)"
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)
for family, optionData in optDict.items():
for option, datatype in optionData.items():

View File

@ -199,7 +199,7 @@ def decodePage(page, contentEncoding, contentType):
data = gzip.GzipFile("", "rb", 9, StringIO.StringIO(page))
size = struct.unpack("<l", page[-4:])[0] # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py
if size > MAX_CONNECTION_TOTAL_SIZE:
raise Exception, "size too large"
raise Exception("size too large")
page = data.read()
except Exception, msg:

View File

@ -92,7 +92,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
errMsg = "problem occured while retrieving original page content "
errMsg += "which prevents sqlmap from continuation. Please rerun, "
errMsg += "and if the problem persists turn off any optimization switches"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
ratio = 1. * pageLength / len(seqMatcher.a)

View File

@ -466,11 +466,11 @@ class Connect(object):
if e.code == httplib.UNAUTHORIZED:
errMsg = "not authorized, try to provide right HTTP "
errMsg += "authentication type and valid credentials (%d)" % code
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
elif e.code == httplib.NOT_FOUND:
if raise404:
errMsg = "page not found (%d)" % code
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
else:
debugMsg = "page not found (%d)" % code
logger.debug(debugMsg)
@ -488,7 +488,7 @@ class Connect(object):
logger.critical(warnMsg)
return None, None, None
else:
raise SqlmapConnectionException, warnMsg
raise SqlmapConnectionException(warnMsg)
else:
debugMsg = "got HTTP error code: %d (%s)" % (code, status)
logger.debug(debugMsg)
@ -498,7 +498,7 @@ class Connect(object):
if "no host given" in tbMsg:
warnMsg = "invalid url address used (%s)" % repr(url)
raise SqlmapSyntaxException, warnMsg
raise SqlmapSyntaxException(warnMsg)
elif "forcibly closed" in tbMsg:
warnMsg = "connection was forcibly closed by the target url"
elif "timed out" in tbMsg:
@ -531,7 +531,7 @@ class Connect(object):
logger.critical(warnMsg)
return None, None, None
else:
raise SqlmapConnectionException, warnMsg
raise SqlmapConnectionException(warnMsg)
finally:
page = page if isinstance(page, unicode) else getUnicode(page)
@ -600,7 +600,7 @@ class Connect(object):
if not isinstance(payload, basestring):
errMsg = "tamper function '%s' returns " % function.func_name
errMsg += "invalid payload type ('%s')" % type(payload)
raise SqlmapValueException, errMsg
raise SqlmapValueException(errMsg)
value = agent.replacePayload(value, payload)

View File

@ -57,7 +57,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
logger.debug("SSL connection error occured ('%s')" % errMsg)
if not success:
raise SqlmapConnectionException, "can't establish SSL connection"
raise SqlmapConnectionException("can't establish SSL connection")
class HTTPSHandler(urllib2.HTTPSHandler):
def https_open(self, req):

View File

@ -394,7 +394,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
else:
errMsg = "none of the injection types identified can be "
errMsg += "leveraged to retrieve queries output"
raise SqlmapNotVulnerableException, errMsg
raise SqlmapNotVulnerableException(errMsg)
finally:
kb.resumeValues = True

View File

@ -25,7 +25,7 @@ class ProxyHTTPConnection(httplib.HTTPConnection):
proto, rest = urllib.splittype(url)
if proto is None:
raise ValueError, "unknown URL type: %s" % url
raise ValueError("unknown URL type: %s" % url)
# Get host
host, rest = urllib.splithost(rest)
@ -38,7 +38,7 @@ class ProxyHTTPConnection(httplib.HTTPConnection):
try:
port = self._ports[proto]
except KeyError:
raise ValueError, "unknown protocol for: %s" % url
raise ValueError("unknown protocol for: %s" % url)
self._real_host = host
self._real_port = int(port)
@ -117,4 +117,4 @@ else:
class ProxyHTTPSHandler:
def __init__(self, *args, **kwargs):
errMsg = "unsupported feature on versions of Python before 2.6"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -17,8 +17,8 @@ class HTTPRangeHandler(urllib2.BaseHandler):
Reference: http://stackoverflow.com/questions/1971240/python-seek-on-remote-file
This was extremely simple. The Range header is a HTTP feature to
begin with so all this class does is tell urllib2 that the
"206 Partial Content" response from the HTTP server is what we
begin with so all this class does is tell urllib2 that the
"206 Partial Content" response from the HTTP server is what we
expected.
Example:
@ -47,4 +47,4 @@ class HTTPRangeHandler(urllib2.BaseHandler):
def http_error_416(self, req, fp, code, msg, hdrs):
# HTTP's Range Not Satisfiable error
errMsg = "Invalid range"
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)

View File

@ -110,4 +110,4 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):
errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())
errMsg += "please check all provided parameters and/or provide missing ones."
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)

View File

@ -49,7 +49,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
else:
errMsg = "Feature not yet implemented for the back-end DBMS"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def evalCmd(self, cmd, first=None, last=None):
retVal = None
@ -65,7 +65,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
else:
errMsg = "Feature not yet implemented for the back-end DBMS"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
return safechardecode(retVal)
@ -110,7 +110,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
else:
errMsg = "feature not yet implemented for the back-end DBMS"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows")
infoMsg += "'x' or 'q' and press ENTER"

View File

@ -280,7 +280,7 @@ class Metasploit:
return None
else:
raise SqlmapDataException, "unexpected connection type"
raise SqlmapDataException("unexpected connection type")
def _selectLhost(self):
if self.connectionStr.startswith("reverse"):
@ -296,7 +296,7 @@ class Metasploit:
return None
else:
raise SqlmapDataException, "unexpected connection type"
raise SqlmapDataException("unexpected connection type")
def _selectConnection(self):
return self._skeletonSelection("connection type", self._msfConnectionsList)
@ -320,7 +320,7 @@ class Metasploit:
elif self.connectionStr.startswith("reverse"):
self._cliCmd += " LHOST=%s" % self.lhostStr
else:
raise SqlmapDataException, "unexpected connection type"
raise SqlmapDataException("unexpected connection type")
if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject":
self._cliCmd += " DisableCourtesyShell=true"
@ -341,7 +341,7 @@ class Metasploit:
elif self.connectionStr.startswith("reverse"):
self._cliCmd += " LHOST=%s" % self.lhostStr
else:
raise SqlmapDataException, "unexpected connection type"
raise SqlmapDataException("unexpected connection type")
self._cliCmd += " E"
@ -353,7 +353,7 @@ class Metasploit:
if self.connectionStr.startswith("reverse"):
self._payloadCmd += " LHOST=%s" % self.lhostStr
elif not self.connectionStr.startswith("bind"):
raise SqlmapDataException, "unexpected connection type"
raise SqlmapDataException("unexpected connection type")
if Backend.isOs(OS.LINUX) and conf.privEsc:
self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
@ -525,7 +525,7 @@ class Metasploit:
logger.debug(debugMsg)
else:
errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "")
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
self._shellcodeFP = open(self._shellcodeFilePath, "rb")
self.shellcodeString = self._shellcodeFP.read()

View File

@ -276,7 +276,7 @@ class Xp_cmdshell:
if not kb.xpCmdshellAvailable:
errMsg = "unable to proceed without xp_cmdshell"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
debugMsg = "creating a support table to write commands standard "
debugMsg += "output to"

View File

@ -549,7 +549,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
logger.info(infoMsg)
if kb.threadException:
raise SqlmapThreadException, "something unexpected happened inside the threads"
raise SqlmapThreadException("something unexpected happened inside the threads")
if abortedFlag:
raise KeyboardInterrupt

View File

@ -53,7 +53,7 @@ def tableExists(tableFile, regex=None):
errMsg = "can't use table existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection "
errMsg += "to distinguish errornous results)"
raise SqlmapDataException, errMsg
raise SqlmapDataException(errMsg)
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
@ -138,14 +138,14 @@ def tableExists(tableFile, regex=None):
def columnExists(columnFile, regex=None):
if not conf.tbl:
errMsg = "missing table parameter"
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))
if result:
errMsg = "can't use column existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection "
errMsg += "to distinguish errornous results)"
raise SqlmapDataException, errMsg
raise SqlmapDataException(errMsg)
infoMsg = "checking column existence using items from '%s'" % columnFile
logger.info(infoMsg)

View File

@ -28,7 +28,7 @@ def dnsTest(payload):
errMsg += ". Turning off DNS exfiltration support"
logger.error(errMsg)
else:
raise SqlmapNotVulnerableException, errMsg
raise SqlmapNotVulnerableException(errMsg)
else:
infoMsg = "data retrieval through DNS channel was successful"
logger.info(infoMsg)

View File

@ -24,6 +24,7 @@ from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite
from lib.core.common import incrementCounter
from lib.core.common import initTechnique
from lib.core.common import isListLike
from lib.core.common import isNoneValue
from lib.core.common import isNumPosStrValue
from lib.core.common import listToStrValue
@ -128,14 +129,14 @@ def configUnion(char=None, columns=None):
colsStart, colsStop = columns, columns
if not colsStart.isdigit() or not colsStop.isdigit():
raise SqlmapSyntaxException, "--union-cols must be a range of integers"
raise SqlmapSyntaxException("--union-cols must be a range of integers")
conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
if conf.uColsStart > conf.uColsStop:
errMsg = "--union-cols range has to be from lower to "
errMsg += "higher number of columns"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
_configUnionChar(char)
_configUnionCols(conf.uCols or columns)
@ -262,6 +263,8 @@ def unionUse(expression, unpack=True, dump=False):
items = parseUnionPage(output)
with kb.locks.value:
if isListLike(items) and len(items) > 1 and len(expressionFieldsList) > 1:
items = [item for item in items if isListLike(item) and len(item) == len(expressionFieldsList)]
index = None
for index in xrange(len(threadData.shared.buffered)):
if threadData.shared.buffered[index][0] >= num:

View File

@ -44,7 +44,7 @@ class Google(object):
e.info()
except urllib2.URLError:
errMsg = "unable to connect to Google"
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
def search(self, dork):
"""
@ -94,13 +94,13 @@ class Google(object):
return None
except (urllib2.URLError, socket.error, socket.timeout):
errMsg = "unable to connect to Google"
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
retVal = [urllib.unquote(match.group(1)) for match in re.finditer(GOOGLE_REGEX, page, re.I | re.S)]
if not retVal and "detected unusual traffic" in page:
warnMsg = "Google has detected 'unusual' traffic from "
warnMsg += "this computer disabling further searches"
raise SqlmapGenericException, warnMsg
raise SqlmapGenericException(warnMsg)
return retVal

View File

@ -39,7 +39,7 @@ class HashDB(object):
except Exception, ex:
errMsg = "error occurred while opening a session "
errMsg += "file '%s' ('%s')" % (self.filepath, ex)
raise SqlmapDataException, errMsg
raise SqlmapDataException(errMsg)
return threadData.hashDBCursor

View File

@ -83,7 +83,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
if not validColumnList:
errMsg = "all column name(s) provided are non-existent"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
if not validPivotValue:
warnMsg = "no proper pivot column provided (with unique values)."

View File

@ -35,7 +35,7 @@ class Connector(GenericConnector):
if not IS_WIN:
errMsg = "currently, direct connection to Microsoft Access database(s) "
errMsg += "is restricted to Windows platforms"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
self.initConnection()
self.checkFileDb()
@ -43,7 +43,7 @@ class Connector(GenericConnector):
try:
self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db)
except (pyodbc.Error, pyodbc.OperationalError), msg:
raise SqlmapConnectionException, msg[1]
raise SqlmapConnectionException(msg[1])
self.setCursor()
self.connected()
@ -61,7 +61,7 @@ class Connector(GenericConnector):
except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except pyodbc.Error, msg:
raise SqlmapConnectionException, msg[1]
raise SqlmapConnectionException(msg[1])
self.connector.commit()

View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile):
errMsg = "on Microsoft Access it is not possible to read files"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Microsoft Access it is not possible to write files"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
@ -56,7 +56,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex]

View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self):
errMsg = "on Microsoft Access it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self):
errMsg = "on Microsoft Access it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self):
errMsg = "on Microsoft Access it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self):
errMsg = "on Microsoft Access it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -35,7 +35,7 @@ class Connector(GenericConnector):
database = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port)
self.connector = ibm_db_dbi.connect(database, self.user, self.password)
except ibm_db_dbi.OperationalError, msg:
raise SqlmapConnectionException, msg
raise SqlmapConnectionException(msg)
self.setCursor()
@ -54,7 +54,7 @@ class Connector(GenericConnector):
except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except ibm_db_dbi.InternalError, msg:
raise SqlmapConnectionException, msg[1]
raise SqlmapConnectionException(msg[1])
self.connector.commit()

View File

@ -11,7 +11,7 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration):
def __init__(self):
GenericEnumeration.__init__(self)
GenericEnumeration.__init__(self)
def getPasswordHashes(self):
warnMsg = "on DB2 it is not possible to list password hashes"

View File

@ -25,7 +25,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
@ -55,7 +55,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex]

View File

@ -42,7 +42,7 @@ class Connector(GenericConnector):
self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \
user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html
except kinterbasdb.OperationalError, msg:
raise SqlmapConnectionException, msg[1]
raise SqlmapConnectionException(msg[1])
self.setCursor()
self.connected()
@ -59,7 +59,7 @@ class Connector(GenericConnector):
except kinterbasdb.OperationalError, msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except kinterbasdb.Error, msg:
raise SqlmapConnectionException, msg[1]
raise SqlmapConnectionException(msg[1])
self.connector.commit()

View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile):
errMsg = "on Firebird it is not possible to read files"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Firebird it is not possible to write files"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -26,7 +26,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
@ -58,7 +58,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex]

View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self):
errMsg = "on Firebird it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self):
errMsg = "on Firebird it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self):
errMsg = "on Firebird it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self):
errMsg = "on Firebird it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -15,4 +15,4 @@ class Connector(GenericConnector):
def connect(self):
errMsg = "on SAP MaxDB it is not possible to establish a "
errMsg += "direct connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -81,7 +81,7 @@ class Enumeration(GenericEnumeration):
if retVal:
for table in retVal[0].values()[0]:
if not kb.data.cachedTables.has_key(db):
if db not in kb.data.cachedTables:
kb.data.cachedTables[db] = [table]
else:
kb.data.cachedTables[db].append(table)
@ -107,7 +107,7 @@ class Enumeration(GenericEnumeration):
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)
conf.db = safeSQLIdentificatorNaming(conf.db)
@ -124,7 +124,7 @@ class Enumeration(GenericEnumeration):
else:
errMsg = "unable to retrieve the tables "
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)

View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile):
errMsg = "on SAP MaxDB reading of files is not supported"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on SAP MaxDB writing of files is not supported"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self):
errMsg = "on SAP MaxDB it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self):
errMsg = "on SAP MaxDB it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self):
errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self):
errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -42,7 +42,7 @@ class Connector(GenericConnector):
try:
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
except pymssql.OperationalError, msg:
raise SqlmapConnectionException, msg
raise SqlmapConnectionException(msg)
self.setCursor()
self.connected()
@ -63,7 +63,7 @@ class Connector(GenericConnector):
except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " "))
except pymssql.InternalError, msg:
raise SqlmapConnectionException, msg
raise SqlmapConnectionException(msg)
return retVal

View File

@ -261,22 +261,22 @@ class Filesystem(GenericFilesystem):
Set file = fs.GetFile(inputFilePath)
If file.Size Then
Wscript.Echo "Loading from: " & inputFilePath
Wscript.Echo
Wscript.Echo
Set fd = fs.OpenTextFile(inputFilePath, 1)
data = fd.ReadAll
fd.Close
data = Replace(data, " ", "")
data = Replace(data, vbCr, "")
data = Replace(data, vbLf, "")
Wscript.Echo "Fixed Input: "
Wscript.Echo "Fixed Input: "
Wscript.Echo data
Wscript.Echo
Wscript.Echo
decodedData = base64_decode(data)
Wscript.Echo "Output: "
Wscript.Echo "Output: "
Wscript.Echo decodedData
Wscript.Echo
Wscript.Echo
Wscript.Echo "Writing output in: " & outputFilePath
Wscript.Echo
Wscript.Echo
Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile(outputFilePath, 2, True)
ofs.Write decodedData
ofs.close

View File

@ -37,7 +37,7 @@ class Connector(GenericConnector):
try:
self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
except (pymysql.OperationalError, pymysql.InternalError), msg:
raise SqlmapConnectionException, msg[1]
raise SqlmapConnectionException(msg[1])
self.setCursor()
self.connected()
@ -58,7 +58,7 @@ class Connector(GenericConnector):
except (pymysql.OperationalError, pymysql.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except pymysql.InternalError, msg:
raise SqlmapConnectionException, msg[1]
raise SqlmapConnectionException(msg[1])
self.connector.commit()

View File

@ -63,7 +63,7 @@ class Filesystem(GenericFilesystem):
logger.warn(warnMsg)
result = self.nonStackedReadFile(rFile)
else:
raise SqlmapNoneDataException, warnMsg
raise SqlmapNoneDataException(warnMsg)
else:
length = int(length)
sustrLen = 1024

View File

@ -41,7 +41,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex]

View File

@ -46,7 +46,7 @@ class Connector(GenericConnector):
try:
self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password)
except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg:
raise SqlmapConnectionException, msg
raise SqlmapConnectionException(msg)
self.setCursor()
self.connected()
@ -67,7 +67,7 @@ class Connector(GenericConnector):
except (cx_Oracle.DatabaseError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
except cx_Oracle.InternalError, msg:
raise SqlmapConnectionException, msg
raise SqlmapConnectionException(msg)
self.connector.commit()

View File

@ -160,6 +160,6 @@ class Enumeration(GenericEnumeration):
if not kb.data.cachedUsersRoles:
errMsg = "unable to retrieve the roles "
errMsg += "for the database users"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
return kb.data.cachedUsersRoles, areAdmins

View File

@ -15,9 +15,9 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile):
errMsg = "File system read access not yet implemented for "
errMsg += "Oracle"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "File system write access not yet implemented for "
errMsg += "Oracle"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
@ -47,7 +47,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("))")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex]

View File

@ -15,19 +15,19 @@ class Takeover(GenericTakeover):
def osCmd(self):
errMsg = "Operating system command execution functionality not "
errMsg += "yet implemented for Oracle"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self):
errMsg = "Operating system shell functionality not yet "
errMsg += "implemented for Oracle"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self):
errMsg = "Operating system out-of-band control functionality "
errMsg += "not yet implemented for Oracle"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self):
errMsg = "One click operating system out-of-band control "
errMsg += "functionality not yet implemented for Oracle"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -37,7 +37,7 @@ class Connector(GenericConnector):
try:
self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port)
except psycopg2.OperationalError, msg:
raise SqlmapConnectionException, msg
raise SqlmapConnectionException(msg)
self.connector.set_client_encoding('UNICODE')
@ -60,7 +60,7 @@ class Connector(GenericConnector):
except (psycopg2.OperationalError, psycopg2.ProgrammingError), msg:
logger.warn(("(remote) %s" % msg).strip())
except psycopg2.InternalError, msg:
raise SqlmapConnectionException, msg
raise SqlmapConnectionException(msg)
self.connector.commit()

View File

@ -31,7 +31,7 @@ class Filesystem(GenericFilesystem):
def unionWriteFile(self, wFile, dFile, fileType):
errMsg = "PostgreSQL does not support file upload with UNION "
errMsg += "query SQL injection technique"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def stackedWriteFile(self, wFile, dFile, fileType):
wFileSize = os.path.getsize(wFile)
@ -39,7 +39,7 @@ class Filesystem(GenericFilesystem):
if wFileSize > 8192:
errMsg = "on PostgreSQL it is not possible to write files "
errMsg += "bigger than 8192 bytes at the moment"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
self.oid = randomInt()

View File

@ -29,7 +29,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
@ -52,7 +52,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("))")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex]

View File

@ -53,7 +53,7 @@ class Takeover(GenericTakeover):
majorVer = "8.2"
else:
errMsg = "unsupported feature on versions of PostgreSQL before 8.2"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
if Backend.isOs(OS.WINDOWS):
self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer)

View File

@ -56,12 +56,12 @@ class Connector(GenericConnector):
except ImportError:
errMsg = "sqlmap requires 'python-sqlite2' third-party library "
errMsg += "in order to directly connect to the database '%s'" % self.db
raise SqlmapMissingDependence, errMsg
raise SqlmapMissingDependence(errMsg)
self.__sqlite = sqlite
self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout)
except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg:
raise SqlmapConnectionException, msg[0]
raise SqlmapConnectionException(msg[0])
self.setCursor()
self.connected()
@ -79,7 +79,7 @@ class Connector(GenericConnector):
except self.__sqlite.OperationalError, msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[0])
except self.__sqlite.DatabaseError, msg:
raise SqlmapConnectionException, msg[0]
raise SqlmapConnectionException(msg[0])
self.connector.commit()

View File

@ -57,7 +57,7 @@ class Enumeration(GenericEnumeration):
def searchColumn(self):
errMsg = "on SQLite you must specify the table and columns to dump"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def getHostname(self):
warnMsg = "on SQLite it is not possible to enumerate the hostname"

View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile):
errMsg = "on SQLite it is not possible to read files"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on SQLite it is not possible to write files"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -42,7 +42,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex+2:].find("'")
if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index + 3
old = expression[firstIndex:lastIndex]

View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self):
errMsg = "on SQLite it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self):
errMsg = "on SQLite it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self):
errMsg = "on SQLite it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self):
errMsg = "on SQLite it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -42,7 +42,7 @@ class Connector(GenericConnector):
try:
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
except pymssql.OperationalError, msg:
raise SqlmapConnectionException, msg
raise SqlmapConnectionException(msg)
self.setCursor()
self.connected()
@ -60,7 +60,7 @@ class Connector(GenericConnector):
except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
except pymssql.InternalError, msg:
raise SqlmapConnectionException, msg
raise SqlmapConnectionException(msg)
def select(self, query):
self.execute(query)

View File

@ -145,7 +145,7 @@ class Enumeration(GenericEnumeration):
if retVal:
for table in retVal[0].values()[0]:
if not kb.data.cachedTables.has_key(db):
if db not in kb.data.cachedTables:
kb.data.cachedTables[db] = [table]
else:
kb.data.cachedTables[db].append(table)
@ -172,7 +172,7 @@ class Enumeration(GenericEnumeration):
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)
conf.db = safeSQLIdentificatorNaming(conf.db)
@ -197,7 +197,7 @@ class Enumeration(GenericEnumeration):
else:
errMsg = "unable to retrieve the tables "
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl)

View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile):
errMsg = "on Sybase it is not possible to read files"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Sybase it is not possible to write files"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self):
errMsg = "on Sybase it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self):
errMsg = "on Sybase it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self):
errMsg = "on Sybase it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self):
errMsg = "on Sybase it is not possible to establish an "
errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)

View File

@ -59,24 +59,24 @@ class Connector:
def checkFileDb(self):
if not os.path.exists(self.db):
errMsg = "the provided database file '%s' does not exist" % self.db
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
def connect(self):
errMsg = "'connect' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def fetchall(self):
errMsg = "'fetchall' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def execute(self, query):
errMsg = "'execute' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def select(self, query):
errMsg = "'select' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)

View File

@ -166,7 +166,7 @@ class Databases:
kb.data.cachedDbs = [kb.data.currentDb]
else:
errMsg = "unable to retrieve the database names"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
else:
kb.data.cachedDbs.sort()
@ -354,7 +354,7 @@ class Databases:
logger.error(errMsg)
return self.getTables(bruteForce=True)
else:
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
else:
for db, tables in kb.data.cachedTables.items():
kb.data.cachedTables[db] = sorted(tables) if tables else tables
@ -384,7 +384,7 @@ class Databases:
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)
conf.db = safeSQLIdentificatorNaming(conf.db)
@ -422,7 +422,7 @@ class Databases:
else:
errMsg = "unable to retrieve the tables "
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)

View File

@ -67,7 +67,7 @@ class Entries:
if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)
conf.db = safeSQLIdentificatorNaming(conf.db)
@ -87,7 +87,7 @@ class Entries:
else:
errMsg = "unable to retrieve the tables "
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
@ -329,7 +329,7 @@ class Entries:
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0"
raise SqlmapUnsupportedFeatureException, errMsg
raise SqlmapUnsupportedFeatureException(errMsg)
infoMsg = "sqlmap will dump entries of all tables from all databases now"
logger.info(infoMsg)

View File

@ -161,22 +161,22 @@ class Filesystem:
def nonStackedReadFile(self, remoteFile):
errMsg = "'nonStackedReadFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def stackedReadFile(self, remoteFile):
errMsg = "'stackedReadFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def unionWriteFile(self, localFile, remoteFile, fileType):
errMsg = "'unionWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def stackedWriteFile(self, localFile, remoteFile, fileType):
errMsg = "'stackedWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def readFile(self, remoteFiles):
localFilePaths = []

View File

@ -22,17 +22,17 @@ class Fingerprint:
def getFingerprint(self):
errMsg = "'getFingerprint' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def checkDbms(self):
errMsg = "'checkDbms' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def checkDbmsOs(self, detailed=False):
errMsg = "'checkDbmsOs' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def forceDbmsEnum(self):
pass

View File

@ -79,7 +79,7 @@ class Miscellaneous:
first, last = 29, 9
else:
raise SqlmapUnsupportedFeatureException, "unsupported DBMS"
raise SqlmapUnsupportedFeatureException("unsupported DBMS")
query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last)
@ -189,6 +189,6 @@ class Miscellaneous:
condParam = "='%s'"
else:
errMsg = "invalid value"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
return choice, condParam

View File

@ -558,4 +558,4 @@ class Search:
else:
errMsg = "missing parameter, provide -D, -T or -C along "
errMsg += "with --search"
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)

View File

@ -19,10 +19,10 @@ class Syntax:
def unescape(expression, quote=True):
errMsg = "'unescape' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
@staticmethod
def escape(expression):
errMsg = "'escape' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)

View File

@ -124,7 +124,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "if you want to establish an out-of-band ICMP "
errMsg += "tunnel because icmpsh uses raw sockets to "
errMsg += "sniff and craft ICMP packets"
raise SqlmapMissingPrivileges, errMsg
raise SqlmapMissingPrivileges(errMsg)
try:
from impacket import ImpactDecoder
@ -133,7 +133,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg = "sqlmap requires 'impacket' third-party library "
errMsg += "in order to run icmpsh master. Download from "
errMsg += "http://oss.coresecurity.com/projects/impacket.html"
raise SqlmapMissingDependence, errMsg
raise SqlmapMissingDependence(errMsg)
sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all"
@ -325,7 +325,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def uncPathRequest(self):
errMsg = "'uncPathRequest' method must be defined "
errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg
raise SqlmapUndefinedMethod(errMsg)
def _regInit(self):
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:

View File

@ -116,7 +116,7 @@ class Users:
if not isNumPosStrValue(count):
errMsg = "unable to retrieve the number of database users"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2)
indexRange = getLimitRange(count, plusOne=plusOne)
@ -135,7 +135,7 @@ class Users:
if not kb.data.cachedUsers:
errMsg = "unable to retrieve the database users"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
return kb.data.cachedUsers
@ -296,7 +296,7 @@ class Users:
errMsg += "database users (most probably because the session "
errMsg += "user has no read privileges over the relevant "
errMsg += "system database table)"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
else:
for user in kb.data.cachedUsersPasswords:
kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user]))
@ -585,7 +585,7 @@ class Users:
if not kb.data.cachedUsersPrivileges:
errMsg = "unable to retrieve the privileges "
errMsg += "for the database users"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
return (kb.data.cachedUsersPrivileges, areAdmins)

View File

@ -22,7 +22,7 @@ def tamper(payload, **kwargs):
Example:
* Input: UNION SELECT
* Output: UNION SELECT
* Output: UNION SELECT
Notes:
* Useful to bypass very weak and bespoke web application firewalls

View File

@ -51,7 +51,7 @@ def tamper(payload, **kwargs):
else:
return match.group()
retVal = ""
retVal = ""
if payload:
payload = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), payload)

View File

@ -42,16 +42,16 @@ def tamper(payload, **kwargs):
# STX 02 start of text
# ETX 03 end of text
# EOT 04 end of transmission
# ENQ 05 enquiry
# ACK 06 acknowledge
# ENQ 05 enquiry
# ACK 06 acknowledge
# BEL 07 bell
# BS 08 backspace
# TAB 09 horizontal tab
# LF 0A new line
# VT 0B vertical TAB
# FF 0C new page
# CR 0D carriage return
# SO 0E shift out
# VT 0B vertical TAB
# FF 0C new page
# CR 0D carriage return
# SO 0E shift out
# SI 0F shift in
blanks = ('%01', '%02', '%03', '%04', '%05', '%06', '%07', '%08', '%09', '%0B', '%0C', '%0D', '%0E', '%0F', '%0A')
retVal = payload
@ -82,7 +82,7 @@ def tamper(payload, **kwargs):
else:
retVal += random.choice(blanks)
continue
continue
retVal += payload[i]