mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 05:31:04 +03:00 
			
		
		
		
	Merge branch 'master' of github.com:sqlmapproject/sqlmap
This commit is contained in:
		
						commit
						7fa75792dd
					
				|  | @ -92,7 +92,7 @@ def main(): | ||||||
|                     req = urllib2.Request(sqlfile) |                     req = urllib2.Request(sqlfile) | ||||||
|                     response = urllib2.urlopen(req) |                     response = urllib2.urlopen(req) | ||||||
| 
 | 
 | ||||||
|                     if response.headers.has_key("Content-Length"): |                     if "Content-Length" in response.headers: | ||||||
|                         if int(response.headers.get("Content-Length")) > MAX_FILE_SIZE: |                         if int(response.headers.get("Content-Length")) > MAX_FILE_SIZE: | ||||||
|                             continue |                             continue | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -51,7 +51,7 @@ def action(): | ||||||
|             errMsg += ". Support for this DBMS will be implemented at " |             errMsg += ". Support for this DBMS will be implemented at " | ||||||
|             errMsg += "some point" |             errMsg += "some point" | ||||||
| 
 | 
 | ||||||
|         raise SqlmapUnsupportedDBMSException, errMsg |         raise SqlmapUnsupportedDBMSException(errMsg) | ||||||
| 
 | 
 | ||||||
|     conf.dumper.singleString(conf.dbmsHandler.getFingerprint()) |     conf.dumper.singleString(conf.dbmsHandler.getFingerprint()) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -879,7 +879,7 @@ def checkStability(): | ||||||
|                     kb.nullConnection = None |                     kb.nullConnection = None | ||||||
|             else: |             else: | ||||||
|                 errMsg = "Empty value supplied" |                 errMsg = "Empty value supplied" | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         elif test and test[0] in ("r", "R"): |         elif test and test[0] in ("r", "R"): | ||||||
|             message = "please enter value for parameter 'regex': " |             message = "please enter value for parameter 'regex': " | ||||||
|  | @ -896,7 +896,7 @@ def checkStability(): | ||||||
|                     kb.nullConnection = None |                     kb.nullConnection = None | ||||||
|             else: |             else: | ||||||
|                 errMsg = "Empty value supplied" |                 errMsg = "Empty value supplied" | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         else: |         else: | ||||||
|             checkDynamicContent(firstPage, secondPage) |             checkDynamicContent(firstPage, secondPage) | ||||||
|  | @ -1027,7 +1027,7 @@ def checkNullConnection(): | ||||||
| 
 | 
 | ||||||
|     except SqlmapConnectionException, errMsg: |     except SqlmapConnectionException, errMsg: | ||||||
|         errMsg = getUnicode(errMsg) |         errMsg = getUnicode(errMsg) | ||||||
|         raise SqlmapConnectionException, errMsg |         raise SqlmapConnectionException(errMsg) | ||||||
| 
 | 
 | ||||||
|     return kb.nullConnection is not None |     return kb.nullConnection is not None | ||||||
| 
 | 
 | ||||||
|  | @ -1037,7 +1037,7 @@ def checkConnection(suppressOutput=False): | ||||||
|             socket.getaddrinfo(conf.hostname, None) |             socket.getaddrinfo(conf.hostname, None) | ||||||
|         except socket.gaierror: |         except socket.gaierror: | ||||||
|             errMsg = "host '%s' does not exist" % conf.hostname |             errMsg = "host '%s' does not exist" % conf.hostname | ||||||
|             raise SqlmapConnectionException, errMsg |             raise SqlmapConnectionException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if not suppressOutput: |     if not suppressOutput: | ||||||
|         infoMsg = "testing connection to the target url" |         infoMsg = "testing connection to the target url" | ||||||
|  | @ -1051,7 +1051,7 @@ def checkConnection(suppressOutput=False): | ||||||
| 
 | 
 | ||||||
|         if not kb.originalPage and wasLastRequestHTTPError(): |         if not kb.originalPage and wasLastRequestHTTPError(): | ||||||
|             errMsg = "unable to retrieve page content" |             errMsg = "unable to retrieve page content" | ||||||
|             raise SqlmapConnectionException, errMsg |             raise SqlmapConnectionException(errMsg) | ||||||
|         elif wasLastRequestDBMSError(): |         elif wasLastRequestDBMSError(): | ||||||
|             warnMsg = "there is a DBMS error found in the HTTP response body " |             warnMsg = "there is a DBMS error found in the HTTP response body " | ||||||
|             warnMsg += "which could interfere with the results of the tests" |             warnMsg += "which could interfere with the results of the tests" | ||||||
|  |  | ||||||
|  | @ -117,7 +117,7 @@ def _selectInjection(): | ||||||
|             raise SqlmapUserQuitException |             raise SqlmapUserQuitException | ||||||
|         else: |         else: | ||||||
|             errMsg = "invalid choice" |             errMsg = "invalid choice" | ||||||
|             raise SqlmapValueException, errMsg |             raise SqlmapValueException(errMsg) | ||||||
| 
 | 
 | ||||||
|         kb.injection = kb.injections[index] |         kb.injection = kb.injections[index] | ||||||
| 
 | 
 | ||||||
|  | @ -368,10 +368,10 @@ def start(): | ||||||
|                 # Do a little prioritization reorder of a testable parameter list |                 # Do a little prioritization reorder of a testable parameter list | ||||||
|                 parameters = conf.parameters.keys() |                 parameters = conf.parameters.keys() | ||||||
| 
 | 
 | ||||||
|                 # Order of testing list (last to first) |                 # Order of testing list (first to last) | ||||||
|                 orderList = (PLACE.URI, PLACE.GET, PLACE.POST, PLACE.CUSTOM_POST) |                 orderList = (PLACE.CUSTOM_POST, PLACE.URI, PLACE.POST, PLACE.GET) | ||||||
| 
 | 
 | ||||||
|                 for place in orderList: |                 for place in orderList[::-1]: | ||||||
|                     if place in parameters: |                     if place in parameters: | ||||||
|                         parameters.remove(place) |                         parameters.remove(place) | ||||||
|                         parameters.insert(0, place) |                         parameters.insert(0, place) | ||||||
|  | @ -496,7 +496,7 @@ def start(): | ||||||
|                 if kb.vainRun and not conf.multipleTargets: |                 if kb.vainRun and not conf.multipleTargets: | ||||||
|                     errMsg = "no parameter(s) found for testing in the provided data " |                     errMsg = "no parameter(s) found for testing in the provided data " | ||||||
|                     errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')" |                     errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')" | ||||||
|                     raise SqlmapNoneDataException, errMsg |                     raise SqlmapNoneDataException(errMsg) | ||||||
|                 else: |                 else: | ||||||
|                     errMsg = "all tested parameters appear to be not injectable." |                     errMsg = "all tested parameters appear to be not injectable." | ||||||
| 
 | 
 | ||||||
|  | @ -544,7 +544,7 @@ def start(): | ||||||
|                         errMsg += "expression that you have choosen " |                         errMsg += "expression that you have choosen " | ||||||
|                         errMsg += "does not match exclusively True responses" |                         errMsg += "does not match exclusively True responses" | ||||||
| 
 | 
 | ||||||
|                     raise SqlmapNotVulnerableException, errMsg |                     raise SqlmapNotVulnerableException(errMsg) | ||||||
|             else: |             else: | ||||||
|                 # Flush the flag |                 # Flush the flag | ||||||
|                 kb.testMode = False |                 kb.testMode = False | ||||||
|  |  | ||||||
|  | @ -252,7 +252,7 @@ class Agent(object): | ||||||
|             else: |             else: | ||||||
|                 errMsg = "invalid usage of inference payload without " |                 errMsg = "invalid usage of inference payload without " | ||||||
|                 errMsg += "knowledge of underlying DBMS" |                 errMsg += "knowledge of underlying DBMS" | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         return payload |         return payload | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -736,7 +736,7 @@ def dataToTrafficFile(data): | ||||||
|     except IOError, ex: |     except IOError, ex: | ||||||
|         errMsg = "something went wrong while trying " |         errMsg = "something went wrong while trying " | ||||||
|         errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex) |         errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex) | ||||||
|         raise SqlmapGenericException, errMsg |         raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
| def dataToDumpFile(dumpFile, data): | def dataToDumpFile(dumpFile, data): | ||||||
|     dumpFile.write(data) |     dumpFile.write(data) | ||||||
|  | @ -861,7 +861,7 @@ def checkFile(filename): | ||||||
|     """ |     """ | ||||||
| 
 | 
 | ||||||
|     if not os.path.isfile(filename): |     if not os.path.isfile(filename): | ||||||
|         raise SqlmapFilePathException, "unable to read file '%s'" % filename |         raise SqlmapFilePathException("unable to read file '%s'" % filename) | ||||||
| 
 | 
 | ||||||
| def banner(): | def banner(): | ||||||
|     """ |     """ | ||||||
|  | @ -997,7 +997,7 @@ def parseTargetDirect(): | ||||||
|         errMsg = "invalid target details, valid syntax is for instance " |         errMsg = "invalid target details, valid syntax is for instance " | ||||||
|         errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' " |         errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' " | ||||||
|         errMsg += "or 'access://DATABASE_FILEPATH'" |         errMsg += "or 'access://DATABASE_FILEPATH'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     for dbmsName, data in DBMS_DICT.items(): |     for dbmsName, data in DBMS_DICT.items(): | ||||||
|         if conf.dbms in data[0]: |         if conf.dbms in data[0]: | ||||||
|  | @ -1012,7 +1012,7 @@ def parseTargetDirect(): | ||||||
|                         conf.port = 0 |                         conf.port = 0 | ||||||
|                 elif not remote: |                 elif not remote: | ||||||
|                         errMsg = "missing remote connection details" |                         errMsg = "missing remote connection details" | ||||||
|                         raise SqlmapSyntaxException, errMsg |                         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|                 if dbmsName in (DBMS.MSSQL, DBMS.SYBASE): |                 if dbmsName in (DBMS.MSSQL, DBMS.SYBASE): | ||||||
|                     import _mssql |                     import _mssql | ||||||
|  | @ -1022,7 +1022,7 @@ def parseTargetDirect(): | ||||||
|                         errMsg = "'%s' third-party library must be " % data[1] |                         errMsg = "'%s' third-party library must be " % data[1] | ||||||
|                         errMsg += "version >= 1.0.2 to work properly. " |                         errMsg += "version >= 1.0.2 to work properly. " | ||||||
|                         errMsg += "Download from '%s'" % data[2] |                         errMsg += "Download from '%s'" % data[2] | ||||||
|                         raise SqlmapMissingDependence, errMsg |                         raise SqlmapMissingDependence(errMsg) | ||||||
| 
 | 
 | ||||||
|                 elif dbmsName == DBMS.MYSQL: |                 elif dbmsName == DBMS.MYSQL: | ||||||
|                     import pymysql |                     import pymysql | ||||||
|  | @ -1040,7 +1040,7 @@ def parseTargetDirect(): | ||||||
|                 errMsg = "sqlmap requires '%s' third-party library " % data[1] |                 errMsg = "sqlmap requires '%s' third-party library " % data[1] | ||||||
|                 errMsg += "in order to directly connect to the database " |                 errMsg += "in order to directly connect to the database " | ||||||
|                 errMsg += "%s. Download from '%s'" % (dbmsName, data[2]) |                 errMsg += "%s. Download from '%s'" % (dbmsName, data[2]) | ||||||
|                 raise SqlmapMissingDependence, errMsg |                 raise SqlmapMissingDependence(errMsg) | ||||||
| 
 | 
 | ||||||
| def parseTargetUrl(): | def parseTargetUrl(): | ||||||
|     """ |     """ | ||||||
|  | @ -1055,7 +1055,7 @@ def parseTargetUrl(): | ||||||
|     if re.search("\[.+\]", conf.url) and not socket.has_ipv6: |     if re.search("\[.+\]", conf.url) and not socket.has_ipv6: | ||||||
|         errMsg = "IPv6 addressing is not supported " |         errMsg = "IPv6 addressing is not supported " | ||||||
|         errMsg += "on this platform" |         errMsg += "on this platform" | ||||||
|         raise SqlmapGenericException, errMsg |         raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if not re.search("^http[s]*://", conf.url, re.I): |     if not re.search("^http[s]*://", conf.url, re.I): | ||||||
|         if ":443/" in conf.url: |         if ":443/" in conf.url: | ||||||
|  | @ -1083,14 +1083,14 @@ def parseTargetUrl(): | ||||||
| 
 | 
 | ||||||
|     if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))): |     if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))): | ||||||
|         errMsg = "invalid target url" |         errMsg = "invalid target url" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if len(hostnamePort) == 2: |     if len(hostnamePort) == 2: | ||||||
|         try: |         try: | ||||||
|             conf.port = int(hostnamePort[1]) |             conf.port = int(hostnamePort[1]) | ||||||
|         except: |         except: | ||||||
|             errMsg = "invalid target url" |             errMsg = "invalid target url" | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
|     elif conf.scheme == "https": |     elif conf.scheme == "https": | ||||||
|         conf.port = 443 |         conf.port = 443 | ||||||
|     else: |     else: | ||||||
|  | @ -1353,7 +1353,7 @@ def safeStringFormat(format_, params): | ||||||
|                 if count < len(params): |                 if count < len(params): | ||||||
|                     retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:] |                     retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:] | ||||||
|                 else: |                 else: | ||||||
|                     raise SqlmapNoneDataException, "wrong number of parameters during string formatting" |                     raise SqlmapNoneDataException("wrong number of parameters during string formatting") | ||||||
|                 count += 1 |                 count += 1 | ||||||
| 
 | 
 | ||||||
|     return retVal |     return retVal | ||||||
|  | @ -2377,7 +2377,7 @@ def initTechnique(technique=None): | ||||||
|         errMsg = "missing data in old session file(s). " |         errMsg = "missing data in old session file(s). " | ||||||
|         errMsg += "Please use '--flush-session' to deal " |         errMsg += "Please use '--flush-session' to deal " | ||||||
|         errMsg += "with this error" |         errMsg += "with this error" | ||||||
|         raise SqlmapNoneDataException, errMsg |         raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
| def arrayizeValue(value): | def arrayizeValue(value): | ||||||
|     """ |     """ | ||||||
|  | @ -2496,7 +2496,7 @@ def openFile(filename, mode='r'): | ||||||
|         errMsg += "Please check %s permissions on a file " % ("write" if \ |         errMsg += "Please check %s permissions on a file " % ("write" if \ | ||||||
|           mode and ('w' in mode or 'a' in mode or '+' in mode) else "read") |           mode and ('w' in mode or 'a' in mode or '+' in mode) else "read") | ||||||
|         errMsg += "and that it's not locked by another process." |         errMsg += "and that it's not locked by another process." | ||||||
|         raise SqlmapFilePathException, errMsg |         raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
| def decodeIntToUnicode(value): | def decodeIntToUnicode(value): | ||||||
|     """ |     """ | ||||||
|  | @ -2810,7 +2810,7 @@ def expandMnemonics(mnemonics, parser, args): | ||||||
| 
 | 
 | ||||||
|         if pointer in (None, head): |         if pointer in (None, head): | ||||||
|             errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name |             errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|         elif len(pointer.current) > 1: |         elif len(pointer.current) > 1: | ||||||
|             options = {} |             options = {} | ||||||
|  | @ -2849,7 +2849,7 @@ def expandMnemonics(mnemonics, parser, args): | ||||||
|                 setattr(args, found.dest, True) |                 setattr(args, found.dest, True) | ||||||
|             else: |             else: | ||||||
|                 errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type) |                 errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type) | ||||||
|                 raise SqlmapSyntaxException, errMsg |                 raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
| def safeCSValue(value): | def safeCSValue(value): | ||||||
|     """ |     """ | ||||||
|  | @ -2997,7 +2997,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False): | ||||||
|     if not content: |     if not content: | ||||||
|         errMsg = "can't parse forms as the page content appears to be blank" |         errMsg = "can't parse forms as the page content appears to be blank" | ||||||
|         if raise_: |         if raise_: | ||||||
|             raise SqlmapGenericException, errMsg |             raise SqlmapGenericException(errMsg) | ||||||
|         else: |         else: | ||||||
|             logger.debug(errMsg) |             logger.debug(errMsg) | ||||||
| 
 | 
 | ||||||
|  | @ -3017,7 +3017,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False): | ||||||
|         except ParseError: |         except ParseError: | ||||||
|             errMsg = "no success" |             errMsg = "no success" | ||||||
|             if raise_: |             if raise_: | ||||||
|                 raise SqlmapGenericException, errMsg |                 raise SqlmapGenericException(errMsg) | ||||||
|             else: |             else: | ||||||
|                 logger.debug(errMsg) |                 logger.debug(errMsg) | ||||||
| 
 | 
 | ||||||
|  | @ -3038,7 +3038,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False): | ||||||
|                 errMsg = "there has been a problem while " |                 errMsg = "there has been a problem while " | ||||||
|                 errMsg += "processing page forms ('%s')" % ex |                 errMsg += "processing page forms ('%s')" % ex | ||||||
|                 if raise_: |                 if raise_: | ||||||
|                     raise SqlmapGenericException, errMsg |                     raise SqlmapGenericException(errMsg) | ||||||
|                 else: |                 else: | ||||||
|                     logger.debug(errMsg) |                     logger.debug(errMsg) | ||||||
|             else: |             else: | ||||||
|  | @ -3057,7 +3057,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False): | ||||||
|     else: |     else: | ||||||
|         errMsg = "there were no forms found at the given target url" |         errMsg = "there were no forms found at the given target url" | ||||||
|         if raise_: |         if raise_: | ||||||
|             raise SqlmapGenericException, errMsg |             raise SqlmapGenericException(errMsg) | ||||||
|         else: |         else: | ||||||
|             logger.debug(errMsg) |             logger.debug(errMsg) | ||||||
| 
 | 
 | ||||||
|  | @ -3105,7 +3105,7 @@ def checkDeprecatedOptions(args): | ||||||
|             errMsg = "switch/option '%s' is deprecated" % _ |             errMsg = "switch/option '%s' is deprecated" % _ | ||||||
|             if _ in DEPRECATED_HINTS: |             if _ in DEPRECATED_HINTS: | ||||||
|                 errMsg += " (hint: %s)" % DEPRECATED_HINTS[_] |                 errMsg += " (hint: %s)" % DEPRECATED_HINTS[_] | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
| def evaluateCode(code, variables=None): | def evaluateCode(code, variables=None): | ||||||
|     """ |     """ | ||||||
|  | @ -3118,7 +3118,7 @@ def evaluateCode(code, variables=None): | ||||||
|         raise |         raise | ||||||
|     except Exception, ex: |     except Exception, ex: | ||||||
|         errMsg = "an error occured while evaluating provided code ('%s'). " % ex |         errMsg = "an error occured while evaluating provided code ('%s'). " % ex | ||||||
|         raise SqlmapGenericException, errMsg |         raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
| def serializeObject(object_): | def serializeObject(object_): | ||||||
|     """ |     """ | ||||||
|  | @ -3259,7 +3259,7 @@ def resetCookieJar(cookieJar): | ||||||
|         except cookielib.LoadError, msg: |         except cookielib.LoadError, msg: | ||||||
|             errMsg = "there was a problem loading " |             errMsg = "there was a problem loading " | ||||||
|             errMsg += "cookies file ('%s')" % msg |             errMsg += "cookies file ('%s')" % msg | ||||||
|             raise SqlmapGenericException, errMsg |             raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
| def prioritySortColumns(columns): | def prioritySortColumns(columns): | ||||||
|     """ |     """ | ||||||
|  |  | ||||||
|  | @ -47,7 +47,7 @@ def hexencode(value): | ||||||
|     return utf8encode(value).encode("hex") |     return utf8encode(value).encode("hex") | ||||||
| 
 | 
 | ||||||
| def md5hash(value): | def md5hash(value): | ||||||
|     if sys.modules.has_key('hashlib'): |     if "hashlib" in sys.modules: | ||||||
|         return hashlib.md5(value).hexdigest() |         return hashlib.md5(value).hexdigest() | ||||||
|     else: |     else: | ||||||
|         return md5.new(value).hexdigest() |         return md5.new(value).hexdigest() | ||||||
|  | @ -60,7 +60,7 @@ def ordencode(value): | ||||||
|     return tuple(ord(char) for char in value) |     return tuple(ord(char) for char in value) | ||||||
| 
 | 
 | ||||||
| def sha1hash(value): | def sha1hash(value): | ||||||
|     if sys.modules.has_key('hashlib'): |     if "hashlib" in sys.modules: | ||||||
|         return hashlib.sha1(value).hexdigest() |         return hashlib.sha1(value).hexdigest() | ||||||
|     else: |     else: | ||||||
|         return sha.new(value).hexdigest() |         return sha.new(value).hexdigest() | ||||||
|  |  | ||||||
|  | @ -38,7 +38,7 @@ class AttribDict(dict): | ||||||
|         try: |         try: | ||||||
|             return self.__getitem__(item) |             return self.__getitem__(item) | ||||||
|         except KeyError: |         except KeyError: | ||||||
|             raise SqlmapDataException, "unable to access item '%s'" % item |             raise SqlmapDataException("unable to access item '%s'" % item) | ||||||
| 
 | 
 | ||||||
|     def __setattr__(self, item, value): |     def __setattr__(self, item, value): | ||||||
|         """ |         """ | ||||||
|  | @ -47,11 +47,11 @@ class AttribDict(dict): | ||||||
|         """ |         """ | ||||||
| 
 | 
 | ||||||
|         # This test allows attributes to be set in the __init__ method |         # This test allows attributes to be set in the __init__ method | ||||||
|         if not self.__dict__.has_key('_AttribDict__initialised'): |         if "_AttribDict__initialised" not in self.__dict__: | ||||||
|             return dict.__setattr__(self, item, value) |             return dict.__setattr__(self, item, value) | ||||||
| 
 | 
 | ||||||
|         # Any normal attributes are handled normally |         # Any normal attributes are handled normally | ||||||
|         elif self.__dict__.has_key(item): |         elif item in self.__dict__: | ||||||
|             dict.__setattr__(self, item, value) |             dict.__setattr__(self, item, value) | ||||||
| 
 | 
 | ||||||
|         else: |         else: | ||||||
|  |  | ||||||
|  | @ -21,51 +21,51 @@ from lib.core.settings import SYBASE_ALIASES | ||||||
| from lib.core.settings import DB2_ALIASES | from lib.core.settings import DB2_ALIASES | ||||||
| 
 | 
 | ||||||
| FIREBIRD_TYPES = { | FIREBIRD_TYPES = { | ||||||
|                     "261":"BLOB", |                     "261": "BLOB", | ||||||
|                     "14":"CHAR", |                     "14": "CHAR", | ||||||
|                     "40":"CSTRING", |                     "40": "CSTRING", | ||||||
|                     "11":"D_FLOAT", |                     "11": "D_FLOAT", | ||||||
|                     "27":"DOUBLE", |                     "27": "DOUBLE", | ||||||
|                     "10":"FLOAT", |                     "10": "FLOAT", | ||||||
|                     "16":"INT64", |                     "16": "INT64", | ||||||
|                     "8":"INTEGER", |                     "8": "INTEGER", | ||||||
|                     "9":"QUAD", |                     "9": "QUAD", | ||||||
|                     "7":"SMALLINT", |                     "7": "SMALLINT", | ||||||
|                     "12":"DATE", |                     "12": "DATE", | ||||||
|                     "13":"TIME", |                     "13": "TIME", | ||||||
|                     "35":"TIMESTAMP", |                     "35": "TIMESTAMP", | ||||||
|                     "37":"VARCHAR" |                     "37": "VARCHAR" | ||||||
|                 } |                 } | ||||||
| 
 | 
 | ||||||
| SYBASE_TYPES = { | SYBASE_TYPES = { | ||||||
|                     "14":"floatn", |                     "14": "floatn", | ||||||
|                     "8":"float", |                     "8": "float", | ||||||
|                     "15":"datetimn", |                     "15": "datetimn", | ||||||
|                     "12":"datetime", |                     "12": "datetime", | ||||||
|                     "23":"real", |                     "23": "real", | ||||||
|                     "28":"numericn", |                     "28": "numericn", | ||||||
|                     "10":"numeric", |                     "10": "numeric", | ||||||
|                     "27":"decimaln", |                     "27": "decimaln", | ||||||
|                     "26":"decimal", |                     "26": "decimal", | ||||||
|                     "17":"moneyn", |                     "17": "moneyn", | ||||||
|                     "11":"money", |                     "11": "money", | ||||||
|                     "21":"smallmoney", |                     "21": "smallmoney", | ||||||
|                     "22":"smalldatetime", |                     "22": "smalldatetime", | ||||||
|                     "13":"intn", |                     "13": "intn", | ||||||
|                     "7":"int", |                     "7": "int", | ||||||
|                     "6":"smallint", |                     "6": "smallint", | ||||||
|                     "5":"tinyint", |                     "5": "tinyint", | ||||||
|                     "16":"bit", |                     "16": "bit", | ||||||
|                     "2":"varchar", |                     "2": "varchar", | ||||||
|                     "18":"sysname", |                     "18": "sysname", | ||||||
|                     "25":"nvarchar", |                     "25": "nvarchar", | ||||||
|                     "1":"char", |                     "1": "char", | ||||||
|                     "24":"nchar", |                     "24": "nchar", | ||||||
|                     "4":"varbinary", |                     "4": "varbinary", | ||||||
|                     "80":"timestamp", |                     "80": "timestamp", | ||||||
|                     "3":"binary", |                     "3": "binary", | ||||||
|                     "19":"text", |                     "19": "text", | ||||||
|                     "20":"image", |                     "20": "image", | ||||||
|                 } |                 } | ||||||
| 
 | 
 | ||||||
| MYSQL_PRIVS = { | MYSQL_PRIVS = { | ||||||
|  |  | ||||||
|  | @ -70,7 +70,7 @@ class Dump(object): | ||||||
|             self._outputFP = codecs.open(self._outputFile, "ab" if not conf.flushSession else "wb", UNICODE_ENCODING) |             self._outputFP = codecs.open(self._outputFile, "ab" if not conf.flushSession else "wb", UNICODE_ENCODING) | ||||||
|         except IOError, ex: |         except IOError, ex: | ||||||
|             errMsg = "error occurred while opening log file ('%s')" % ex |             errMsg = "error occurred while opening log file ('%s')" % ex | ||||||
|             raise SqlmapGenericException, errMsg |             raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def getOutputFile(self): |     def getOutputFile(self): | ||||||
|         return self._outputFile |         return self._outputFile | ||||||
|  |  | ||||||
|  | @ -173,39 +173,39 @@ class REDIRECTION: | ||||||
| 
 | 
 | ||||||
| class PAYLOAD: | class PAYLOAD: | ||||||
|     SQLINJECTION = { |     SQLINJECTION = { | ||||||
|                      1: "boolean-based blind", |                         1: "boolean-based blind", | ||||||
|                      2: "error-based", |                         2: "error-based", | ||||||
|                      3: "UNION query", |                         3: "UNION query", | ||||||
|                      4: "stacked queries", |                         4: "stacked queries", | ||||||
|                      5: "AND/OR time-based blind", |                         5: "AND/OR time-based blind", | ||||||
|                      6: "inline query" |                         6: "inline query" | ||||||
|                    } |                    } | ||||||
| 
 | 
 | ||||||
|     PARAMETER = { |     PARAMETER = { | ||||||
|                   1: "Unescaped numeric", |                     1: "Unescaped numeric", | ||||||
|                   2: "Single quoted string", |                     2: "Single quoted string", | ||||||
|                   3: "LIKE single quoted string", |                     3: "LIKE single quoted string", | ||||||
|                   4: "Double quoted string", |                     4: "Double quoted string", | ||||||
|                   5: "LIKE double quoted string" |                     5: "LIKE double quoted string" | ||||||
|                 } |                 } | ||||||
| 
 | 
 | ||||||
|     RISK = { |     RISK = { | ||||||
|              0: "No risk", |                 0: "No risk", | ||||||
|              1: "Low risk", |                 1: "Low risk", | ||||||
|              2: "Medium risk", |                 2: "Medium risk", | ||||||
|              3: "High risk" |                 3: "High risk" | ||||||
|            } |            } | ||||||
| 
 | 
 | ||||||
|     CLAUSE = { |     CLAUSE = { | ||||||
|                0: "Always", |                 0: "Always", | ||||||
|                1: "WHERE", |                 1: "WHERE", | ||||||
|                2: "GROUP BY", |                 2: "GROUP BY", | ||||||
|                3: "ORDER BY", |                 3: "ORDER BY", | ||||||
|                4: "LIMIT", |                 4: "LIMIT", | ||||||
|                5: "OFFSET", |                 5: "OFFSET", | ||||||
|                6: "TOP", |                 6: "TOP", | ||||||
|                7: "Table name", |                 7: "Table name", | ||||||
|                8: "Column name" |                 8: "Column name" | ||||||
|              } |              } | ||||||
| 
 | 
 | ||||||
|     class METHOD: |     class METHOD: | ||||||
|  |  | ||||||
|  | @ -388,7 +388,7 @@ def _setMultipleTargets(): | ||||||
| 
 | 
 | ||||||
|     if not os.path.exists(conf.logFile): |     if not os.path.exists(conf.logFile): | ||||||
|         errMsg = "the specified list of targets does not exist" |         errMsg = "the specified list of targets does not exist" | ||||||
|         raise SqlmapFilePathException, errMsg |         raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if os.path.isfile(conf.logFile): |     if os.path.isfile(conf.logFile): | ||||||
|         _feedTargetsDict(conf.logFile, addedTargetUrls) |         _feedTargetsDict(conf.logFile, addedTargetUrls) | ||||||
|  | @ -406,7 +406,7 @@ def _setMultipleTargets(): | ||||||
|     else: |     else: | ||||||
|         errMsg = "the specified list of targets is not a file " |         errMsg = "the specified list of targets is not a file " | ||||||
|         errMsg += "nor a directory" |         errMsg += "nor a directory" | ||||||
|         raise SqlmapFilePathException, errMsg |         raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
|     updatedTargetsCount = len(kb.targets) |     updatedTargetsCount = len(kb.targets) | ||||||
| 
 | 
 | ||||||
|  | @ -453,7 +453,7 @@ def _setRequestFromFile(): | ||||||
|     if not os.path.isfile(conf.requestFile): |     if not os.path.isfile(conf.requestFile): | ||||||
|         errMsg = "the specified HTTP request file " |         errMsg = "the specified HTTP request file " | ||||||
|         errMsg += "does not exist" |         errMsg += "does not exist" | ||||||
|         raise SqlmapFilePathException, errMsg |         raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
|     _feedTargetsDict(conf.requestFile, addedTargetUrls) |     _feedTargetsDict(conf.requestFile, addedTargetUrls) | ||||||
| 
 | 
 | ||||||
|  | @ -504,7 +504,7 @@ def _setGoogleDorking(): | ||||||
|         if not links: |         if not links: | ||||||
|             errMsg = "unable to find results for your " |             errMsg = "unable to find results for your " | ||||||
|             errMsg += "Google dork expression" |             errMsg += "Google dork expression" | ||||||
|             raise SqlmapGenericException, errMsg |             raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
|         for link in links: |         for link in links: | ||||||
|             link = urldecode(link) |             link = urldecode(link) | ||||||
|  | @ -560,7 +560,7 @@ def _setBulkMultipleTargets(): | ||||||
|     if not os.path.isfile(conf.bulkFile): |     if not os.path.isfile(conf.bulkFile): | ||||||
|         errMsg = "the specified bulk file " |         errMsg = "the specified bulk file " | ||||||
|         errMsg += "does not exist" |         errMsg += "does not exist" | ||||||
|         raise SqlmapFilePathException, errMsg |         raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
|     for line in getFileItems(conf.bulkFile): |     for line in getFileItems(conf.bulkFile): | ||||||
|         if re.search(r"[^ ]+\?(.+)", line, re.I): |         if re.search(r"[^ ]+\?(.+)", line, re.I): | ||||||
|  | @ -597,7 +597,7 @@ def _setDBMSAuthentication(): | ||||||
|     if not match: |     if not match: | ||||||
|         errMsg = "DBMS authentication credentials value must be in format " |         errMsg = "DBMS authentication credentials value must be in format " | ||||||
|         errMsg += "username:password" |         errMsg += "username:password" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     conf.dbmsUsername = match.group(1) |     conf.dbmsUsername = match.group(1) | ||||||
|     conf.dbmsPassword = match.group(2) |     conf.dbmsPassword = match.group(2) | ||||||
|  | @ -638,7 +638,7 @@ def _setMetasploit(): | ||||||
|             errMsg += "if you want to perform a SMB relay attack because " |             errMsg += "if you want to perform a SMB relay attack because " | ||||||
|             errMsg += "it will need to listen on a user-specified SMB " |             errMsg += "it will need to listen on a user-specified SMB " | ||||||
|             errMsg += "TCP port for incoming connection attempts" |             errMsg += "TCP port for incoming connection attempts" | ||||||
|             raise SqlmapMissingPrivileges, errMsg |             raise SqlmapMissingPrivileges(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.msfPath: |     if conf.msfPath: | ||||||
|         for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")): |         for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")): | ||||||
|  | @ -687,7 +687,7 @@ def _setMetasploit(): | ||||||
|     if not msfEnvPathExists: |     if not msfEnvPathExists: | ||||||
|         errMsg = "unable to locate Metasploit Framework installation. " |         errMsg = "unable to locate Metasploit Framework installation. " | ||||||
|         errMsg += "You can get it at 'http://metasploit.com/framework/download/'" |         errMsg += "You can get it at 'http://metasploit.com/framework/download/'" | ||||||
|         raise SqlmapFilePathException, errMsg |         raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
| def _setWriteFile(): | def _setWriteFile(): | ||||||
|     if not conf.wFile: |     if not conf.wFile: | ||||||
|  | @ -698,12 +698,12 @@ def _setWriteFile(): | ||||||
| 
 | 
 | ||||||
|     if not os.path.exists(conf.wFile): |     if not os.path.exists(conf.wFile): | ||||||
|         errMsg = "the provided local file '%s' does not exist" % conf.wFile |         errMsg = "the provided local file '%s' does not exist" % conf.wFile | ||||||
|         raise SqlmapFilePathException, errMsg |         raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if not conf.dFile: |     if not conf.dFile: | ||||||
|         errMsg = "you did not provide the back-end DBMS absolute path " |         errMsg = "you did not provide the back-end DBMS absolute path " | ||||||
|         errMsg += "where you want to write the local file '%s'" % conf.wFile |         errMsg += "where you want to write the local file '%s'" % conf.wFile | ||||||
|         raise SqlmapMissingMandatoryOptionException, errMsg |         raise SqlmapMissingMandatoryOptionException(errMsg) | ||||||
| 
 | 
 | ||||||
|     conf.wFileType = getFileType(conf.wFile) |     conf.wFileType = getFileType(conf.wFile) | ||||||
| 
 | 
 | ||||||
|  | @ -722,7 +722,7 @@ def _setOS(): | ||||||
|         errMsg += "If you do not know the back-end DBMS underlying OS, " |         errMsg += "If you do not know the back-end DBMS underlying OS, " | ||||||
|         errMsg += "do not provide it and sqlmap will fingerprint it for " |         errMsg += "do not provide it and sqlmap will fingerprint it for " | ||||||
|         errMsg += "you." |         errMsg += "you." | ||||||
|         raise SqlmapUnsupportedDBMSException, errMsg |         raise SqlmapUnsupportedDBMSException(errMsg) | ||||||
| 
 | 
 | ||||||
|     debugMsg = "forcing back-end DBMS operating system to user defined " |     debugMsg = "forcing back-end DBMS operating system to user defined " | ||||||
|     debugMsg += "value '%s'" % conf.os |     debugMsg += "value '%s'" % conf.os | ||||||
|  | @ -742,7 +742,7 @@ def _setTechnique(): | ||||||
|                 errMsg = "value for --technique must be a string composed " |                 errMsg = "value for --technique must be a string composed " | ||||||
|                 errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters) |                 errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters) | ||||||
|                 errMsg += "user's manual for details" |                 errMsg += "user's manual for details" | ||||||
|                 raise SqlmapSyntaxException, errMsg |                 raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|             for validTech, validInt in validTechniques: |             for validTech, validInt in validTechniques: | ||||||
|                 if letter == validTech[0]: |                 if letter == validTech[0]: | ||||||
|  | @ -774,7 +774,7 @@ def _setDBMS(): | ||||||
|         errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT]) |         errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT]) | ||||||
|         errMsg += "If you do not know the back-end DBMS, do not provide " |         errMsg += "If you do not know the back-end DBMS, do not provide " | ||||||
|         errMsg += "it and sqlmap will fingerprint it for you." |         errMsg += "it and sqlmap will fingerprint it for you." | ||||||
|         raise SqlmapUnsupportedDBMSException, errMsg |         raise SqlmapUnsupportedDBMSException(errMsg) | ||||||
| 
 | 
 | ||||||
|     for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \ |     for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \ | ||||||
|                     SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \ |                     SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \ | ||||||
|  | @ -808,11 +808,11 @@ def _setTamperingFunctions(): | ||||||
| 
 | 
 | ||||||
|             elif not os.path.exists(tfile): |             elif not os.path.exists(tfile): | ||||||
|                 errMsg = "tamper script '%s' does not exist" % tfile |                 errMsg = "tamper script '%s' does not exist" % tfile | ||||||
|                 raise SqlmapFilePathException, errMsg |                 raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
|             elif not tfile.endswith('.py'): |             elif not tfile.endswith('.py'): | ||||||
|                 errMsg = "tamper script '%s' should have an extension '.py'" % tfile |                 errMsg = "tamper script '%s' should have an extension '.py'" % tfile | ||||||
|                 raise SqlmapSyntaxException, errMsg |                 raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|             dirname, filename = os.path.split(tfile) |             dirname, filename = os.path.split(tfile) | ||||||
|             dirname = os.path.abspath(dirname) |             dirname = os.path.abspath(dirname) | ||||||
|  | @ -823,7 +823,7 @@ def _setTamperingFunctions(): | ||||||
|             if not os.path.exists(os.path.join(dirname, '__init__.py')): |             if not os.path.exists(os.path.join(dirname, '__init__.py')): | ||||||
|                 errMsg = "make sure that there is an empty file '__init__.py' " |                 errMsg = "make sure that there is an empty file '__init__.py' " | ||||||
|                 errMsg += "inside of tamper scripts directory '%s'" % dirname |                 errMsg += "inside of tamper scripts directory '%s'" % dirname | ||||||
|                 raise SqlmapGenericException, errMsg |                 raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
|             if dirname not in sys.path: |             if dirname not in sys.path: | ||||||
|                 sys.path.insert(0, dirname) |                 sys.path.insert(0, dirname) | ||||||
|  | @ -831,7 +831,7 @@ def _setTamperingFunctions(): | ||||||
|             try: |             try: | ||||||
|                 module = __import__(filename[:-3]) |                 module = __import__(filename[:-3]) | ||||||
|             except ImportError, msg: |             except ImportError, msg: | ||||||
|                 raise SqlmapSyntaxException, "cannot import tamper script '%s' (%s)" % (filename[:-3], msg) |                 raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], msg)) | ||||||
| 
 | 
 | ||||||
|             priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__ |             priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__ | ||||||
| 
 | 
 | ||||||
|  | @ -866,7 +866,7 @@ def _setTamperingFunctions(): | ||||||
|             if not found: |             if not found: | ||||||
|                 errMsg = "missing function 'tamper(payload, headers)' " |                 errMsg = "missing function 'tamper(payload, headers)' " | ||||||
|                 errMsg += "in tamper script '%s'" % tfile |                 errMsg += "in tamper script '%s'" % tfile | ||||||
|                 raise SqlmapGenericException, errMsg |                 raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
|         if resolve_priorities and priorities: |         if resolve_priorities and priorities: | ||||||
|             priorities.sort(reverse=True) |             priorities.sort(reverse=True) | ||||||
|  | @ -929,14 +929,14 @@ def _setHTTPProxy(): | ||||||
| 
 | 
 | ||||||
|     if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)): |     if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)): | ||||||
|         errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE)) |         errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE)) | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.pCred: |     if conf.pCred: | ||||||
|         _ = re.search("^(.*?):(.*?)$", conf.pCred) |         _ = re.search("^(.*?):(.*?)$", conf.pCred) | ||||||
|         if not _: |         if not _: | ||||||
|             errMsg = "Proxy authentication credentials " |             errMsg = "Proxy authentication credentials " | ||||||
|             errMsg += "value must be in format username:password" |             errMsg += "value must be in format username:password" | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
|         else: |         else: | ||||||
|             username = _.group(1) |             username = _.group(1) | ||||||
|             password = _.group(2) |             password = _.group(2) | ||||||
|  | @ -979,7 +979,7 @@ def _setSafeUrl(): | ||||||
| 
 | 
 | ||||||
|     if conf.saFreq <= 0: |     if conf.saFreq <= 0: | ||||||
|         errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature" |         errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
| def _setPrefixSuffix(): | def _setPrefixSuffix(): | ||||||
|     if conf.prefix is not None and conf.suffix is not None: |     if conf.prefix is not None and conf.suffix is not None: | ||||||
|  | @ -1033,12 +1033,12 @@ def _setHTTPAuthentication(): | ||||||
|     elif conf.aType and not conf.aCred: |     elif conf.aType and not conf.aCred: | ||||||
|         errMsg = "you specified the HTTP authentication type, but " |         errMsg = "you specified the HTTP authentication type, but " | ||||||
|         errMsg += "did not provide the credentials" |         errMsg += "did not provide the credentials" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     elif not conf.aType and conf.aCred: |     elif not conf.aType and conf.aCred: | ||||||
|         errMsg = "you specified the HTTP authentication credentials, " |         errMsg = "you specified the HTTP authentication credentials, " | ||||||
|         errMsg += "but did not provide the type" |         errMsg += "but did not provide the type" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if not conf.aCert: |     if not conf.aCert: | ||||||
|         debugMsg = "setting the HTTP authentication type and credentials" |         debugMsg = "setting the HTTP authentication type and credentials" | ||||||
|  | @ -1049,7 +1049,7 @@ def _setHTTPAuthentication(): | ||||||
|         if aTypeLower not in ( "basic", "digest", "ntlm" ): |         if aTypeLower not in ( "basic", "digest", "ntlm" ): | ||||||
|             errMsg = "HTTP authentication type value must be " |             errMsg = "HTTP authentication type value must be " | ||||||
|             errMsg += "Basic, Digest or NTLM" |             errMsg += "Basic, Digest or NTLM" | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
|         elif aTypeLower in ( "basic", "digest" ): |         elif aTypeLower in ( "basic", "digest" ): | ||||||
|             regExp = "^(.*?):(.*?)$" |             regExp = "^(.*?):(.*?)$" | ||||||
|             errMsg = "HTTP %s authentication credentials " % aTypeLower |             errMsg = "HTTP %s authentication credentials " % aTypeLower | ||||||
|  | @ -1062,7 +1062,7 @@ def _setHTTPAuthentication(): | ||||||
|         aCredRegExp = re.search(regExp, conf.aCred) |         aCredRegExp = re.search(regExp, conf.aCred) | ||||||
| 
 | 
 | ||||||
|         if not aCredRegExp: |         if not aCredRegExp: | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|         conf.authUsername = aCredRegExp.group(1) |         conf.authUsername = aCredRegExp.group(1) | ||||||
|         conf.authPassword = aCredRegExp.group(2) |         conf.authPassword = aCredRegExp.group(2) | ||||||
|  | @ -1084,7 +1084,7 @@ def _setHTTPAuthentication(): | ||||||
|                 errMsg = "sqlmap requires Python NTLM third-party library " |                 errMsg = "sqlmap requires Python NTLM third-party library " | ||||||
|                 errMsg += "in order to authenticate via NTLM, " |                 errMsg += "in order to authenticate via NTLM, " | ||||||
|                 errMsg += "http://code.google.com/p/python-ntlm/" |                 errMsg += "http://code.google.com/p/python-ntlm/" | ||||||
|                 raise SqlmapMissingDependence, errMsg |                 raise SqlmapMissingDependence(errMsg) | ||||||
| 
 | 
 | ||||||
|             authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr) |             authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr) | ||||||
|     else: |     else: | ||||||
|  | @ -1096,7 +1096,7 @@ def _setHTTPAuthentication(): | ||||||
|         if not aCertRegExp: |         if not aCertRegExp: | ||||||
|             errMsg = "HTTP authentication certificate option " |             errMsg = "HTTP authentication certificate option " | ||||||
|             errMsg += "must be in format key_file,cert_file" |             errMsg += "must be in format key_file,cert_file" | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|         # os.path.expanduser for support of paths with ~ |         # os.path.expanduser for support of paths with ~ | ||||||
|         key_file = os.path.expanduser(aCertRegExp.group(1)) |         key_file = os.path.expanduser(aCertRegExp.group(1)) | ||||||
|  | @ -1105,7 +1105,7 @@ def _setHTTPAuthentication(): | ||||||
|         for ifile in (key_file, cert_file): |         for ifile in (key_file, cert_file): | ||||||
|             if not os.path.exists(ifile): |             if not os.path.exists(ifile): | ||||||
|                 errMsg = "File '%s' does not exist" % ifile |                 errMsg = "File '%s' does not exist" % ifile | ||||||
|                 raise SqlmapSyntaxException, errMsg |                 raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|         authHandler = HTTPSCertAuthHandler(key_file, cert_file) |         authHandler = HTTPSCertAuthHandler(key_file, cert_file) | ||||||
| 
 | 
 | ||||||
|  | @ -1134,7 +1134,7 @@ def _setHTTPExtraHeaders(): | ||||||
|                     conf.httpHeaders.append((header, value)) |                     conf.httpHeaders.append((header, value)) | ||||||
|             else: |             else: | ||||||
|                 errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u') |                 errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u') | ||||||
|                 raise SqlmapSyntaxException, errMsg |                 raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     elif not conf.httpHeaders or len(conf.httpHeaders) == 1: |     elif not conf.httpHeaders or len(conf.httpHeaders) == 1: | ||||||
|         conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5")) |         conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5")) | ||||||
|  | @ -1809,13 +1809,13 @@ def _setDNSServer(): | ||||||
|         except socket.error, msg: |         except socket.error, msg: | ||||||
|             errMsg = "there was an error while setting up " |             errMsg = "there was an error while setting up " | ||||||
|             errMsg += "DNS server instance ('%s')" % msg |             errMsg += "DNS server instance ('%s')" % msg | ||||||
|             raise SqlmapGenericException, errMsg |             raise SqlmapGenericException(errMsg) | ||||||
|     else: |     else: | ||||||
|         errMsg = "you need to run sqlmap as an administrator " |         errMsg = "you need to run sqlmap as an administrator " | ||||||
|         errMsg += "if you want to perform a DNS data exfiltration attack " |         errMsg += "if you want to perform a DNS data exfiltration attack " | ||||||
|         errMsg += "as it will need to listen on privileged UDP port 53 " |         errMsg += "as it will need to listen on privileged UDP port 53 " | ||||||
|         errMsg += "for incoming address resolution attempts" |         errMsg += "for incoming address resolution attempts" | ||||||
|         raise SqlmapMissingPrivileges, errMsg |         raise SqlmapMissingPrivileges(errMsg) | ||||||
| 
 | 
 | ||||||
| def _setTorProxySettings(): | def _setTorProxySettings(): | ||||||
|     if not conf.tor: |     if not conf.tor: | ||||||
|  | @ -1856,7 +1856,7 @@ def _setTorHttpProxySettings(): | ||||||
|         else: |         else: | ||||||
|             errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)" |             errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)" | ||||||
| 
 | 
 | ||||||
|         raise SqlmapConnectionException, errMsg |         raise SqlmapConnectionException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if not conf.checkTor: |     if not conf.checkTor: | ||||||
|         warnMsg = "use switch '--check-tor' at " |         warnMsg = "use switch '--check-tor' at " | ||||||
|  | @ -1885,7 +1885,7 @@ def _checkTor(): | ||||||
|     page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False) |     page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False) | ||||||
|     if not page or 'Congratulations' not in page: |     if not page or 'Congratulations' not in page: | ||||||
|         errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'" |         errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'" | ||||||
|         raise SqlmapConnectionException, errMsg |         raise SqlmapConnectionException(errMsg) | ||||||
|     else: |     else: | ||||||
|         infoMsg = "Tor is properly being used" |         infoMsg = "Tor is properly being used" | ||||||
|         logger.info(infoMsg) |         logger.info(infoMsg) | ||||||
|  | @ -1893,135 +1893,135 @@ def _checkTor(): | ||||||
| def _basicOptionValidation(): | def _basicOptionValidation(): | ||||||
|     if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0): |     if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0): | ||||||
|         errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)" |         errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0): |     if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0): | ||||||
|         errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)" |         errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0): |     if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0): | ||||||
|         errMsg = "value for option '--level' must be an integer value greater than zero (>0)" |         errMsg = "value for option '--level' must be an integer value greater than zero (>0)" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0): |     if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0): | ||||||
|         errMsg = "value for option '--risk' must be an integer value greater than zero (>0)" |         errMsg = "value for option '--risk' must be an integer value greater than zero (>0)" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \ |     if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \ | ||||||
|        conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart: |        conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart: | ||||||
|         errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option" |         errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \ |     if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \ | ||||||
|        conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar: |        conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar: | ||||||
|         errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option" |         errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0): |     if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0): | ||||||
|         errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]" |         errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.textOnly and conf.nullConnection: |     if conf.textOnly and conf.nullConnection: | ||||||
|         errMsg = "switch '--text-only' is incompatible with switch '--null-connection'" |         errMsg = "switch '--text-only' is incompatible with switch '--null-connection'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.titles and conf.nullConnection: |     if conf.titles and conf.nullConnection: | ||||||
|         errMsg = "switch '--titles' is incompatible with switch '--null-connection'" |         errMsg = "switch '--titles' is incompatible with switch '--null-connection'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.data and conf.nullConnection: |     if conf.data and conf.nullConnection: | ||||||
|         errMsg = "option '--data' is incompatible with switch '--null-connection'" |         errMsg = "option '--data' is incompatible with switch '--null-connection'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.string and conf.nullConnection: |     if conf.string and conf.nullConnection: | ||||||
|         errMsg = "option '--string' is incompatible with switch '--null-connection'" |         errMsg = "option '--string' is incompatible with switch '--null-connection'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.notString and conf.nullConnection: |     if conf.notString and conf.nullConnection: | ||||||
|         errMsg = "option '--not-string' is incompatible with switch '--null-connection'" |         errMsg = "option '--not-string' is incompatible with switch '--null-connection'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.string and conf.notString: |     if conf.string and conf.notString: | ||||||
|         errMsg = "option '--string' is incompatible with switch '--not-string'" |         errMsg = "option '--string' is incompatible with switch '--not-string'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.regexp and conf.nullConnection: |     if conf.regexp and conf.nullConnection: | ||||||
|         errMsg = "option '--regexp' is incompatible with switch '--null-connection'" |         errMsg = "option '--regexp' is incompatible with switch '--null-connection'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.dumpTable and conf.dumpAll: |     if conf.dumpTable and conf.dumpAll: | ||||||
|         errMsg = "switch '--dump' is incompatible with switch '--dump-all'" |         errMsg = "switch '--dump' is incompatible with switch '--dump-all'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.predictOutput and (conf.threads > 1 or conf.optimize): |     if conf.predictOutput and (conf.threads > 1 or conf.optimize): | ||||||
|         errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'" |         errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.threads > MAX_NUMBER_OF_THREADS: |     if conf.threads > MAX_NUMBER_OF_THREADS: | ||||||
|         errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS |         errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.forms and not conf.url: |     if conf.forms and not conf.url: | ||||||
|         errMsg = "switch '--forms' requires usage of option '-u' (--url)" |         errMsg = "switch '--forms' requires usage of option '-u' (--url)" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.requestFile and conf.url: |     if conf.requestFile and conf.url: | ||||||
|         errMsg = "option '-r' is incompatible with option '-u' (--url)" |         errMsg = "option '-r' is incompatible with option '-u' (--url)" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.tor and conf.ignoreProxy: |     if conf.tor and conf.ignoreProxy: | ||||||
|         errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'" |         errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.tor and conf.proxy: |     if conf.tor and conf.proxy: | ||||||
|         errMsg = "switch '--tor' is incompatible with option '--proxy'" |         errMsg = "switch '--tor' is incompatible with option '--proxy'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.checkTor and not any((conf.tor, conf.proxy)): |     if conf.checkTor and not any((conf.tor, conf.proxy)): | ||||||
|         errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)" |         errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0): |     if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0): | ||||||
|         errMsg = "value for option '--tor-port' must be a positive integer" |         errMsg = "value for option '--tor-port' must be a positive integer" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True): |     if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True): | ||||||
|         errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True)) |         errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True)) | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True): |     if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True): | ||||||
|         errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True)) |         errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True)) | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.skip and conf.testParameter: |     if conf.skip and conf.testParameter: | ||||||
|         errMsg = "option '--skip' is incompatible with option '-p'" |         errMsg = "option '--skip' is incompatible with option '-p'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.mobile and conf.agent: |     if conf.mobile and conf.agent: | ||||||
|         errMsg = "switch '--mobile' is incompatible with option '--user-agent'" |         errMsg = "switch '--mobile' is incompatible with option '--user-agent'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.proxy and conf.ignoreProxy: |     if conf.proxy and conf.ignoreProxy: | ||||||
|         errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'" |         errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]): |     if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]): | ||||||
|         errMsg = "switch '--forms' is compatible only with option '-u' (--url)" |         errMsg = "switch '--forms' is compatible only with option '-u' (--url)" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.timeSec < 1: |     if conf.timeSec < 1: | ||||||
|         errMsg = "value for option '--time-sec' must be a positive integer" |         errMsg = "value for option '--time-sec' must be a positive integer" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar): |     if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar): | ||||||
|         errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)" |         errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if isinstance(conf.uCols, basestring): |     if isinstance(conf.uCols, basestring): | ||||||
|         if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2): |         if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2): | ||||||
|             errMsg = "value for option '--union-cols' must be a range with hyphon " |             errMsg = "value for option '--union-cols' must be a range with hyphon " | ||||||
|             errMsg += "(e.g. 1-10) or integer value (e.g. 5)" |             errMsg += "(e.g. 1-10) or integer value (e.g. 5)" | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.charset: |     if conf.charset: | ||||||
|         _ = checkCharEncoding(conf.charset, False) |         _ = checkCharEncoding(conf.charset, False) | ||||||
|  | @ -2029,14 +2029,14 @@ def _basicOptionValidation(): | ||||||
|             errMsg = "unknown charset '%s'. Please visit " % conf.charset |             errMsg = "unknown charset '%s'. Please visit " % conf.charset | ||||||
|             errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE |             errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE | ||||||
|             errMsg += "supported charsets" |             errMsg += "supported charsets" | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
|         else: |         else: | ||||||
|             conf.charset = _ |             conf.charset = _ | ||||||
| 
 | 
 | ||||||
|     if conf.loadCookies: |     if conf.loadCookies: | ||||||
|         if not os.path.exists(conf.loadCookies): |         if not os.path.exists(conf.loadCookies): | ||||||
|             errMsg = "cookies file '%s' does not exist" % conf.loadCookies |             errMsg = "cookies file '%s' does not exist" % conf.loadCookies | ||||||
|             raise SqlmapFilePathException, errMsg |             raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
| def _resolveCrossReferences(): | def _resolveCrossReferences(): | ||||||
|     lib.core.threads.readInput = readInput |     lib.core.threads.readInput = readInput | ||||||
|  |  | ||||||
|  | @ -64,7 +64,7 @@ class Replication(object): | ||||||
|                 self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values)) |                 self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values)) | ||||||
|             else: |             else: | ||||||
|                 errMsg = "wrong number of columns used in replicating insert" |                 errMsg = "wrong number of columns used in replicating insert" | ||||||
|                 raise SqlmapValueException, errMsg |                 raise SqlmapValueException(errMsg) | ||||||
| 
 | 
 | ||||||
|         def execute(self, sql, parameters=[]): |         def execute(self, sql, parameters=[]): | ||||||
|             try: |             try: | ||||||
|  | @ -73,7 +73,7 @@ class Replication(object): | ||||||
|                 errMsg = "problem occurred ('%s') while accessing sqlite database " % ex |                 errMsg = "problem occurred ('%s') while accessing sqlite database " % ex | ||||||
|                 errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath |                 errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath | ||||||
|                 errMsg += "it's not used by some other program" |                 errMsg += "it's not used by some other program" | ||||||
|                 raise SqlmapGenericException, errMsg |                 raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
|         def beginTransaction(self): |         def beginTransaction(self): | ||||||
|             """ |             """ | ||||||
|  |  | ||||||
|  | @ -40,7 +40,7 @@ def blockingReadFromFD(fd): | ||||||
|         break |         break | ||||||
| 
 | 
 | ||||||
|     if not output: |     if not output: | ||||||
|         raise EOFError, "fd %s has been closed." % fd  |         raise EOFError("fd %s has been closed." % fd ) | ||||||
| 
 | 
 | ||||||
|     return output |     return output | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -79,7 +79,7 @@ def _setRequestParams(): | ||||||
|     # Perform checks on POST parameters |     # Perform checks on POST parameters | ||||||
|     if conf.method == HTTPMETHOD.POST and conf.data is None: |     if conf.method == HTTPMETHOD.POST and conf.data is None: | ||||||
|         errMsg = "HTTP POST method depends on HTTP data value to be posted" |         errMsg = "HTTP POST method depends on HTTP data value to be posted" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if conf.data is not None: |     if conf.data is not None: | ||||||
|         conf.method = HTTPMETHOD.POST |         conf.method = HTTPMETHOD.POST | ||||||
|  | @ -237,12 +237,12 @@ def _setRequestParams(): | ||||||
|     if not conf.parameters: |     if not conf.parameters: | ||||||
|         errMsg = "you did not provide any GET, POST and Cookie " |         errMsg = "you did not provide any GET, POST and Cookie " | ||||||
|         errMsg += "parameter, neither an User-Agent, Referer or Host header value" |         errMsg += "parameter, neither an User-Agent, Referer or Host header value" | ||||||
|         raise SqlmapGenericException, errMsg |         raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
|     elif not testableParameters: |     elif not testableParameters: | ||||||
|         errMsg = "all testable parameters you provided are not present " |         errMsg = "all testable parameters you provided are not present " | ||||||
|         errMsg += "within the GET, POST and Cookie parameters" |         errMsg += "within the GET, POST and Cookie parameters" | ||||||
|         raise SqlmapGenericException, errMsg |         raise SqlmapGenericException(errMsg) | ||||||
| 
 | 
 | ||||||
| def _setHashDB(): | def _setHashDB(): | ||||||
|     """ |     """ | ||||||
|  | @ -259,7 +259,7 @@ def _setHashDB(): | ||||||
|                 logger.info("flushing session file") |                 logger.info("flushing session file") | ||||||
|             except OSError, msg: |             except OSError, msg: | ||||||
|                 errMsg = "unable to flush the session file (%s)" % msg |                 errMsg = "unable to flush the session file (%s)" % msg | ||||||
|                 raise SqlmapFilePathException, errMsg |                 raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
|     conf.hashDB = HashDB(conf.hashDBFile) |     conf.hashDB = HashDB(conf.hashDBFile) | ||||||
| 
 | 
 | ||||||
|  | @ -460,7 +460,7 @@ def _createTargetDirs(): | ||||||
|             errMsg = "something went wrong while trying " |             errMsg = "something went wrong while trying " | ||||||
|         errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, ex) |         errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, ex) | ||||||
| 
 | 
 | ||||||
|         raise SqlmapMissingPrivileges, errMsg |         raise SqlmapMissingPrivileges(errMsg) | ||||||
| 
 | 
 | ||||||
|     _createDumpDir() |     _createDumpDir() | ||||||
|     _createFilesDir() |     _createFilesDir() | ||||||
|  |  | ||||||
|  | @ -165,7 +165,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio | ||||||
|                 pass |                 pass | ||||||
| 
 | 
 | ||||||
|         except KeyboardInterrupt: |         except KeyboardInterrupt: | ||||||
|             raise SqlmapThreadException, "user aborted (Ctrl+C was pressed multiple times)" |             raise SqlmapThreadException("user aborted (Ctrl+C was pressed multiple times)") | ||||||
| 
 | 
 | ||||||
|         if forwardException: |         if forwardException: | ||||||
|             raise |             raise | ||||||
|  |  | ||||||
|  | @ -42,7 +42,7 @@ class Wordlist(object): | ||||||
|                 _ = zipfile.ZipFile(current, 'r') |                 _ = zipfile.ZipFile(current, 'r') | ||||||
|                 if len(_.namelist()) == 0: |                 if len(_.namelist()) == 0: | ||||||
|                     errMsg = "no file(s) inside '%s'" % current |                     errMsg = "no file(s) inside '%s'" % current | ||||||
|                     raise SqlmapDataException, errMsg |                     raise SqlmapDataException(errMsg) | ||||||
|                 self.fp = _.open(_.namelist()[0]) |                 self.fp = _.open(_.namelist()[0]) | ||||||
|             else: |             else: | ||||||
|                 self.fp = open(current, 'r') |                 self.fp = open(current, 'r') | ||||||
|  |  | ||||||
|  | @ -66,11 +66,11 @@ def configFileParser(configFile): | ||||||
|         config.readfp(configFP) |         config.readfp(configFP) | ||||||
|     except MissingSectionHeaderError: |     except MissingSectionHeaderError: | ||||||
|         errMsg = "you have provided an invalid configuration file" |         errMsg = "you have provided an invalid configuration file" | ||||||
|         raise SqlmapSyntaxException, errMsg |         raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if not config.has_section("Target"): |     if not config.has_section("Target"): | ||||||
|         errMsg = "missing a mandatory section 'Target' in the configuration file" |         errMsg = "missing a mandatory section 'Target' in the configuration file" | ||||||
|         raise SqlmapMissingMandatoryOptionException, errMsg |         raise SqlmapMissingMandatoryOptionException(errMsg) | ||||||
| 
 | 
 | ||||||
|     condition = not config.has_option("Target", "url") |     condition = not config.has_option("Target", "url") | ||||||
|     condition &= not config.has_option("Target", "logFile") |     condition &= not config.has_option("Target", "logFile") | ||||||
|  | @ -82,7 +82,7 @@ def configFileParser(configFile): | ||||||
|     if condition: |     if condition: | ||||||
|         errMsg = "missing a mandatory option in the configuration file " |         errMsg = "missing a mandatory option in the configuration file " | ||||||
|         errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)" |         errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)" | ||||||
|         raise SqlmapMissingMandatoryOptionException, errMsg |         raise SqlmapMissingMandatoryOptionException(errMsg) | ||||||
| 
 | 
 | ||||||
|     for family, optionData in optDict.items(): |     for family, optionData in optDict.items(): | ||||||
|         for option, datatype in optionData.items(): |         for option, datatype in optionData.items(): | ||||||
|  |  | ||||||
|  | @ -199,7 +199,7 @@ def decodePage(page, contentEncoding, contentType): | ||||||
|                 data = gzip.GzipFile("", "rb", 9, StringIO.StringIO(page)) |                 data = gzip.GzipFile("", "rb", 9, StringIO.StringIO(page)) | ||||||
|                 size = struct.unpack("<l", page[-4:])[0]  # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py |                 size = struct.unpack("<l", page[-4:])[0]  # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py | ||||||
|                 if size > MAX_CONNECTION_TOTAL_SIZE: |                 if size > MAX_CONNECTION_TOTAL_SIZE: | ||||||
|                     raise Exception, "size too large" |                     raise Exception("size too large") | ||||||
| 
 | 
 | ||||||
|             page = data.read() |             page = data.read() | ||||||
|         except Exception, msg: |         except Exception, msg: | ||||||
|  |  | ||||||
|  | @ -92,7 +92,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength): | ||||||
|             errMsg = "problem occured while retrieving original page content " |             errMsg = "problem occured while retrieving original page content " | ||||||
|             errMsg += "which prevents sqlmap from continuation. Please rerun, " |             errMsg += "which prevents sqlmap from continuation. Please rerun, " | ||||||
|             errMsg += "and if the problem persists turn off any optimization switches" |             errMsg += "and if the problem persists turn off any optimization switches" | ||||||
|             raise SqlmapNoneDataException, errMsg |             raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         ratio = 1. * pageLength / len(seqMatcher.a) |         ratio = 1. * pageLength / len(seqMatcher.a) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -466,11 +466,11 @@ class Connect(object): | ||||||
|             if e.code == httplib.UNAUTHORIZED: |             if e.code == httplib.UNAUTHORIZED: | ||||||
|                 errMsg = "not authorized, try to provide right HTTP " |                 errMsg = "not authorized, try to provide right HTTP " | ||||||
|                 errMsg += "authentication type and valid credentials (%d)" % code |                 errMsg += "authentication type and valid credentials (%d)" % code | ||||||
|                 raise SqlmapConnectionException, errMsg |                 raise SqlmapConnectionException(errMsg) | ||||||
|             elif e.code == httplib.NOT_FOUND: |             elif e.code == httplib.NOT_FOUND: | ||||||
|                 if raise404: |                 if raise404: | ||||||
|                     errMsg = "page not found (%d)" % code |                     errMsg = "page not found (%d)" % code | ||||||
|                     raise SqlmapConnectionException, errMsg |                     raise SqlmapConnectionException(errMsg) | ||||||
|                 else: |                 else: | ||||||
|                     debugMsg = "page not found (%d)" % code |                     debugMsg = "page not found (%d)" % code | ||||||
|                     logger.debug(debugMsg) |                     logger.debug(debugMsg) | ||||||
|  | @ -488,7 +488,7 @@ class Connect(object): | ||||||
|                         logger.critical(warnMsg) |                         logger.critical(warnMsg) | ||||||
|                         return None, None, None |                         return None, None, None | ||||||
|                     else: |                     else: | ||||||
|                         raise SqlmapConnectionException, warnMsg |                         raise SqlmapConnectionException(warnMsg) | ||||||
|             else: |             else: | ||||||
|                 debugMsg = "got HTTP error code: %d (%s)" % (code, status) |                 debugMsg = "got HTTP error code: %d (%s)" % (code, status) | ||||||
|                 logger.debug(debugMsg) |                 logger.debug(debugMsg) | ||||||
|  | @ -498,7 +498,7 @@ class Connect(object): | ||||||
| 
 | 
 | ||||||
|             if "no host given" in tbMsg: |             if "no host given" in tbMsg: | ||||||
|                 warnMsg = "invalid url address used (%s)" % repr(url) |                 warnMsg = "invalid url address used (%s)" % repr(url) | ||||||
|                 raise SqlmapSyntaxException, warnMsg |                 raise SqlmapSyntaxException(warnMsg) | ||||||
|             elif "forcibly closed" in tbMsg: |             elif "forcibly closed" in tbMsg: | ||||||
|                 warnMsg = "connection was forcibly closed by the target url" |                 warnMsg = "connection was forcibly closed by the target url" | ||||||
|             elif "timed out" in tbMsg: |             elif "timed out" in tbMsg: | ||||||
|  | @ -531,7 +531,7 @@ class Connect(object): | ||||||
|                 logger.critical(warnMsg) |                 logger.critical(warnMsg) | ||||||
|                 return None, None, None |                 return None, None, None | ||||||
|             else: |             else: | ||||||
|                 raise SqlmapConnectionException, warnMsg |                 raise SqlmapConnectionException(warnMsg) | ||||||
| 
 | 
 | ||||||
|         finally: |         finally: | ||||||
|             page = page if isinstance(page, unicode) else getUnicode(page) |             page = page if isinstance(page, unicode) else getUnicode(page) | ||||||
|  | @ -600,7 +600,7 @@ class Connect(object): | ||||||
|                     if not isinstance(payload, basestring): |                     if not isinstance(payload, basestring): | ||||||
|                         errMsg = "tamper function '%s' returns " % function.func_name |                         errMsg = "tamper function '%s' returns " % function.func_name | ||||||
|                         errMsg += "invalid payload type ('%s')" % type(payload) |                         errMsg += "invalid payload type ('%s')" % type(payload) | ||||||
|                         raise SqlmapValueException, errMsg |                         raise SqlmapValueException(errMsg) | ||||||
| 
 | 
 | ||||||
|                 value = agent.replacePayload(value, payload) |                 value = agent.replacePayload(value, payload) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -57,7 +57,7 @@ class HTTPSConnection(httplib.HTTPSConnection): | ||||||
|                 logger.debug("SSL connection error occured ('%s')" % errMsg) |                 logger.debug("SSL connection error occured ('%s')" % errMsg) | ||||||
| 
 | 
 | ||||||
|         if not success: |         if not success: | ||||||
|             raise SqlmapConnectionException, "can't establish SSL connection" |             raise SqlmapConnectionException("can't establish SSL connection") | ||||||
| 
 | 
 | ||||||
| class HTTPSHandler(urllib2.HTTPSHandler): | class HTTPSHandler(urllib2.HTTPSHandler): | ||||||
|     def https_open(self, req): |     def https_open(self, req): | ||||||
|  |  | ||||||
|  | @ -394,7 +394,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser | ||||||
|         else: |         else: | ||||||
|             errMsg = "none of the injection types identified can be " |             errMsg = "none of the injection types identified can be " | ||||||
|             errMsg += "leveraged to retrieve queries output" |             errMsg += "leveraged to retrieve queries output" | ||||||
|             raise SqlmapNotVulnerableException, errMsg |             raise SqlmapNotVulnerableException(errMsg) | ||||||
| 
 | 
 | ||||||
|     finally: |     finally: | ||||||
|         kb.resumeValues = True |         kb.resumeValues = True | ||||||
|  |  | ||||||
|  | @ -25,7 +25,7 @@ class ProxyHTTPConnection(httplib.HTTPConnection): | ||||||
|         proto, rest = urllib.splittype(url) |         proto, rest = urllib.splittype(url) | ||||||
| 
 | 
 | ||||||
|         if proto is None: |         if proto is None: | ||||||
|             raise ValueError, "unknown URL type: %s" % url |             raise ValueError("unknown URL type: %s" % url) | ||||||
| 
 | 
 | ||||||
|         # Get host |         # Get host | ||||||
|         host, rest = urllib.splithost(rest) |         host, rest = urllib.splithost(rest) | ||||||
|  | @ -38,7 +38,7 @@ class ProxyHTTPConnection(httplib.HTTPConnection): | ||||||
|             try: |             try: | ||||||
|                 port = self._ports[proto] |                 port = self._ports[proto] | ||||||
|             except KeyError: |             except KeyError: | ||||||
|                 raise ValueError, "unknown protocol for: %s" % url |                 raise ValueError("unknown protocol for: %s" % url) | ||||||
| 
 | 
 | ||||||
|         self._real_host = host |         self._real_host = host | ||||||
|         self._real_port = int(port) |         self._real_port = int(port) | ||||||
|  | @ -117,4 +117,4 @@ else: | ||||||
|     class ProxyHTTPSHandler: |     class ProxyHTTPSHandler: | ||||||
|         def __init__(self, *args, **kwargs): |         def __init__(self, *args, **kwargs): | ||||||
|             errMsg = "unsupported feature on versions of Python before 2.6" |             errMsg = "unsupported feature on versions of Python before 2.6" | ||||||
|             raise SqlmapUnsupportedFeatureException, errMsg |             raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -47,4 +47,4 @@ class HTTPRangeHandler(urllib2.BaseHandler): | ||||||
|     def http_error_416(self, req, fp, code, msg, hdrs): |     def http_error_416(self, req, fp, code, msg, hdrs): | ||||||
|         # HTTP's Range Not Satisfiable error |         # HTTP's Range Not Satisfiable error | ||||||
|         errMsg = "Invalid range" |         errMsg = "Invalid range" | ||||||
|         raise SqlmapConnectionException, errMsg |         raise SqlmapConnectionException(errMsg) | ||||||
|  |  | ||||||
|  | @ -110,4 +110,4 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler): | ||||||
|         if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS): |         if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS): | ||||||
|             errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys()) |             errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys()) | ||||||
|             errMsg += "please check all provided parameters and/or provide missing ones." |             errMsg += "please check all provided parameters and/or provide missing ones." | ||||||
|             raise SqlmapConnectionException, errMsg |             raise SqlmapConnectionException(errMsg) | ||||||
|  |  | ||||||
|  | @ -49,7 +49,7 @@ class Abstraction(Web, UDF, Xp_cmdshell): | ||||||
| 
 | 
 | ||||||
|         else: |         else: | ||||||
|             errMsg = "Feature not yet implemented for the back-end DBMS" |             errMsg = "Feature not yet implemented for the back-end DBMS" | ||||||
|             raise SqlmapUnsupportedFeatureException, errMsg |             raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def evalCmd(self, cmd, first=None, last=None): |     def evalCmd(self, cmd, first=None, last=None): | ||||||
|         retVal = None |         retVal = None | ||||||
|  | @ -65,7 +65,7 @@ class Abstraction(Web, UDF, Xp_cmdshell): | ||||||
| 
 | 
 | ||||||
|         else: |         else: | ||||||
|             errMsg = "Feature not yet implemented for the back-end DBMS" |             errMsg = "Feature not yet implemented for the back-end DBMS" | ||||||
|             raise SqlmapUnsupportedFeatureException, errMsg |             raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|         return safechardecode(retVal) |         return safechardecode(retVal) | ||||||
| 
 | 
 | ||||||
|  | @ -110,7 +110,7 @@ class Abstraction(Web, UDF, Xp_cmdshell): | ||||||
| 
 | 
 | ||||||
|             else: |             else: | ||||||
|                 errMsg = "feature not yet implemented for the back-end DBMS" |                 errMsg = "feature not yet implemented for the back-end DBMS" | ||||||
|                 raise SqlmapUnsupportedFeatureException, errMsg |                 raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|             infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows") |             infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows") | ||||||
|             infoMsg += "'x' or 'q' and press ENTER" |             infoMsg += "'x' or 'q' and press ENTER" | ||||||
|  |  | ||||||
|  | @ -280,7 +280,7 @@ class Metasploit: | ||||||
|             return None |             return None | ||||||
| 
 | 
 | ||||||
|         else: |         else: | ||||||
|             raise SqlmapDataException, "unexpected connection type" |             raise SqlmapDataException("unexpected connection type") | ||||||
| 
 | 
 | ||||||
|     def _selectLhost(self): |     def _selectLhost(self): | ||||||
|         if self.connectionStr.startswith("reverse"): |         if self.connectionStr.startswith("reverse"): | ||||||
|  | @ -296,7 +296,7 @@ class Metasploit: | ||||||
|             return None |             return None | ||||||
| 
 | 
 | ||||||
|         else: |         else: | ||||||
|             raise SqlmapDataException, "unexpected connection type" |             raise SqlmapDataException("unexpected connection type") | ||||||
| 
 | 
 | ||||||
|     def _selectConnection(self): |     def _selectConnection(self): | ||||||
|         return self._skeletonSelection("connection type", self._msfConnectionsList) |         return self._skeletonSelection("connection type", self._msfConnectionsList) | ||||||
|  | @ -320,7 +320,7 @@ class Metasploit: | ||||||
|         elif self.connectionStr.startswith("reverse"): |         elif self.connectionStr.startswith("reverse"): | ||||||
|             self._cliCmd += " LHOST=%s" % self.lhostStr |             self._cliCmd += " LHOST=%s" % self.lhostStr | ||||||
|         else: |         else: | ||||||
|             raise SqlmapDataException, "unexpected connection type" |             raise SqlmapDataException("unexpected connection type") | ||||||
| 
 | 
 | ||||||
|         if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject": |         if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject": | ||||||
|             self._cliCmd += " DisableCourtesyShell=true" |             self._cliCmd += " DisableCourtesyShell=true" | ||||||
|  | @ -341,7 +341,7 @@ class Metasploit: | ||||||
|         elif self.connectionStr.startswith("reverse"): |         elif self.connectionStr.startswith("reverse"): | ||||||
|             self._cliCmd += " LHOST=%s" % self.lhostStr |             self._cliCmd += " LHOST=%s" % self.lhostStr | ||||||
|         else: |         else: | ||||||
|             raise SqlmapDataException, "unexpected connection type" |             raise SqlmapDataException("unexpected connection type") | ||||||
| 
 | 
 | ||||||
|         self._cliCmd += " E" |         self._cliCmd += " E" | ||||||
| 
 | 
 | ||||||
|  | @ -353,7 +353,7 @@ class Metasploit: | ||||||
|         if self.connectionStr.startswith("reverse"): |         if self.connectionStr.startswith("reverse"): | ||||||
|             self._payloadCmd += " LHOST=%s" % self.lhostStr |             self._payloadCmd += " LHOST=%s" % self.lhostStr | ||||||
|         elif not self.connectionStr.startswith("bind"): |         elif not self.connectionStr.startswith("bind"): | ||||||
|             raise SqlmapDataException, "unexpected connection type" |             raise SqlmapDataException("unexpected connection type") | ||||||
| 
 | 
 | ||||||
|         if Backend.isOs(OS.LINUX) and conf.privEsc: |         if Backend.isOs(OS.LINUX) and conf.privEsc: | ||||||
|             self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true" |             self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true" | ||||||
|  | @ -525,7 +525,7 @@ class Metasploit: | ||||||
|             logger.debug(debugMsg) |             logger.debug(debugMsg) | ||||||
|         else: |         else: | ||||||
|             errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "") |             errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "") | ||||||
|             raise SqlmapFilePathException, errMsg |             raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
|         self._shellcodeFP = open(self._shellcodeFilePath, "rb") |         self._shellcodeFP = open(self._shellcodeFilePath, "rb") | ||||||
|         self.shellcodeString = self._shellcodeFP.read() |         self.shellcodeString = self._shellcodeFP.read() | ||||||
|  |  | ||||||
|  | @ -276,7 +276,7 @@ class Xp_cmdshell: | ||||||
| 
 | 
 | ||||||
|             if not kb.xpCmdshellAvailable: |             if not kb.xpCmdshellAvailable: | ||||||
|                 errMsg = "unable to proceed without xp_cmdshell" |                 errMsg = "unable to proceed without xp_cmdshell" | ||||||
|                 raise SqlmapUnsupportedFeatureException, errMsg |                 raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|         debugMsg = "creating a support table to write commands standard " |         debugMsg = "creating a support table to write commands standard " | ||||||
|         debugMsg += "output to" |         debugMsg += "output to" | ||||||
|  |  | ||||||
|  | @ -549,7 +549,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None | ||||||
|             logger.info(infoMsg) |             logger.info(infoMsg) | ||||||
| 
 | 
 | ||||||
|     if kb.threadException: |     if kb.threadException: | ||||||
|         raise SqlmapThreadException, "something unexpected happened inside the threads" |         raise SqlmapThreadException("something unexpected happened inside the threads") | ||||||
| 
 | 
 | ||||||
|     if abortedFlag: |     if abortedFlag: | ||||||
|         raise KeyboardInterrupt |         raise KeyboardInterrupt | ||||||
|  |  | ||||||
|  | @ -53,7 +53,7 @@ def tableExists(tableFile, regex=None): | ||||||
|         errMsg = "can't use table existence check because of detected invalid results " |         errMsg = "can't use table existence check because of detected invalid results " | ||||||
|         errMsg += "(most probably caused by inability of the used injection " |         errMsg += "(most probably caused by inability of the used injection " | ||||||
|         errMsg += "to distinguish errornous results)" |         errMsg += "to distinguish errornous results)" | ||||||
|         raise SqlmapDataException, errMsg |         raise SqlmapDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|     tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True) |     tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True) | ||||||
| 
 | 
 | ||||||
|  | @ -138,14 +138,14 @@ def tableExists(tableFile, regex=None): | ||||||
| def columnExists(columnFile, regex=None): | def columnExists(columnFile, regex=None): | ||||||
|     if not conf.tbl: |     if not conf.tbl: | ||||||
|         errMsg = "missing table parameter" |         errMsg = "missing table parameter" | ||||||
|         raise SqlmapMissingMandatoryOptionException, errMsg |         raise SqlmapMissingMandatoryOptionException(errMsg) | ||||||
| 
 | 
 | ||||||
|     result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr()))) |     result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr()))) | ||||||
|     if result: |     if result: | ||||||
|         errMsg = "can't use column existence check because of detected invalid results " |         errMsg = "can't use column existence check because of detected invalid results " | ||||||
|         errMsg += "(most probably caused by inability of the used injection " |         errMsg += "(most probably caused by inability of the used injection " | ||||||
|         errMsg += "to distinguish errornous results)" |         errMsg += "to distinguish errornous results)" | ||||||
|         raise SqlmapDataException, errMsg |         raise SqlmapDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|     infoMsg = "checking column existence using items from '%s'" % columnFile |     infoMsg = "checking column existence using items from '%s'" % columnFile | ||||||
|     logger.info(infoMsg) |     logger.info(infoMsg) | ||||||
|  |  | ||||||
|  | @ -28,7 +28,7 @@ def dnsTest(payload): | ||||||
|             errMsg += ". Turning off DNS exfiltration support" |             errMsg += ". Turning off DNS exfiltration support" | ||||||
|             logger.error(errMsg) |             logger.error(errMsg) | ||||||
|         else: |         else: | ||||||
|             raise SqlmapNotVulnerableException, errMsg |             raise SqlmapNotVulnerableException(errMsg) | ||||||
|     else: |     else: | ||||||
|         infoMsg = "data retrieval through DNS channel was successful" |         infoMsg = "data retrieval through DNS channel was successful" | ||||||
|         logger.info(infoMsg) |         logger.info(infoMsg) | ||||||
|  |  | ||||||
|  | @ -24,6 +24,7 @@ from lib.core.common import hashDBRetrieve | ||||||
| from lib.core.common import hashDBWrite | from lib.core.common import hashDBWrite | ||||||
| from lib.core.common import incrementCounter | from lib.core.common import incrementCounter | ||||||
| from lib.core.common import initTechnique | from lib.core.common import initTechnique | ||||||
|  | from lib.core.common import isListLike | ||||||
| from lib.core.common import isNoneValue | from lib.core.common import isNoneValue | ||||||
| from lib.core.common import isNumPosStrValue | from lib.core.common import isNumPosStrValue | ||||||
| from lib.core.common import listToStrValue | from lib.core.common import listToStrValue | ||||||
|  | @ -128,14 +129,14 @@ def configUnion(char=None, columns=None): | ||||||
|             colsStart, colsStop = columns, columns |             colsStart, colsStop = columns, columns | ||||||
| 
 | 
 | ||||||
|         if not colsStart.isdigit() or not colsStop.isdigit(): |         if not colsStart.isdigit() or not colsStop.isdigit(): | ||||||
|             raise SqlmapSyntaxException, "--union-cols must be a range of integers" |             raise SqlmapSyntaxException("--union-cols must be a range of integers") | ||||||
| 
 | 
 | ||||||
|         conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop) |         conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop) | ||||||
| 
 | 
 | ||||||
|         if conf.uColsStart > conf.uColsStop: |         if conf.uColsStart > conf.uColsStop: | ||||||
|             errMsg = "--union-cols range has to be from lower to " |             errMsg = "--union-cols range has to be from lower to " | ||||||
|             errMsg += "higher number of columns" |             errMsg += "higher number of columns" | ||||||
|             raise SqlmapSyntaxException, errMsg |             raise SqlmapSyntaxException(errMsg) | ||||||
| 
 | 
 | ||||||
|     _configUnionChar(char) |     _configUnionChar(char) | ||||||
|     _configUnionCols(conf.uCols or columns) |     _configUnionCols(conf.uCols or columns) | ||||||
|  | @ -262,6 +263,8 @@ def unionUse(expression, unpack=True, dump=False): | ||||||
|                                 items = parseUnionPage(output) |                                 items = parseUnionPage(output) | ||||||
| 
 | 
 | ||||||
|                                 with kb.locks.value: |                                 with kb.locks.value: | ||||||
|  |                                     if isListLike(items) and len(items) > 1 and len(expressionFieldsList) > 1: | ||||||
|  |                                         items = [item for item in items if isListLike(item) and len(item) == len(expressionFieldsList)] | ||||||
|                                     index = None |                                     index = None | ||||||
|                                     for index in xrange(len(threadData.shared.buffered)): |                                     for index in xrange(len(threadData.shared.buffered)): | ||||||
|                                         if threadData.shared.buffered[index][0] >= num: |                                         if threadData.shared.buffered[index][0] >= num: | ||||||
|  |  | ||||||
|  | @ -44,7 +44,7 @@ class Google(object): | ||||||
|             e.info() |             e.info() | ||||||
|         except urllib2.URLError: |         except urllib2.URLError: | ||||||
|             errMsg = "unable to connect to Google" |             errMsg = "unable to connect to Google" | ||||||
|             raise SqlmapConnectionException, errMsg |             raise SqlmapConnectionException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def search(self, dork): |     def search(self, dork): | ||||||
|         """ |         """ | ||||||
|  | @ -94,13 +94,13 @@ class Google(object): | ||||||
|                 return None |                 return None | ||||||
|         except (urllib2.URLError, socket.error, socket.timeout): |         except (urllib2.URLError, socket.error, socket.timeout): | ||||||
|             errMsg = "unable to connect to Google" |             errMsg = "unable to connect to Google" | ||||||
|             raise SqlmapConnectionException, errMsg |             raise SqlmapConnectionException(errMsg) | ||||||
| 
 | 
 | ||||||
|         retVal = [urllib.unquote(match.group(1)) for match in re.finditer(GOOGLE_REGEX, page, re.I | re.S)] |         retVal = [urllib.unquote(match.group(1)) for match in re.finditer(GOOGLE_REGEX, page, re.I | re.S)] | ||||||
| 
 | 
 | ||||||
|         if not retVal and "detected unusual traffic" in page: |         if not retVal and "detected unusual traffic" in page: | ||||||
|             warnMsg = "Google has detected 'unusual' traffic from " |             warnMsg = "Google has detected 'unusual' traffic from " | ||||||
|             warnMsg += "this computer disabling further searches" |             warnMsg += "this computer disabling further searches" | ||||||
|             raise SqlmapGenericException, warnMsg |             raise SqlmapGenericException(warnMsg) | ||||||
| 
 | 
 | ||||||
|         return retVal |         return retVal | ||||||
|  |  | ||||||
|  | @ -39,7 +39,7 @@ class HashDB(object): | ||||||
|             except Exception, ex: |             except Exception, ex: | ||||||
|                 errMsg = "error occurred while opening a session " |                 errMsg = "error occurred while opening a session " | ||||||
|                 errMsg += "file '%s' ('%s')" % (self.filepath, ex) |                 errMsg += "file '%s' ('%s')" % (self.filepath, ex) | ||||||
|                 raise SqlmapDataException, errMsg |                 raise SqlmapDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         return threadData.hashDBCursor |         return threadData.hashDBCursor | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -83,7 +83,7 @@ def pivotDumpTable(table, colList, count=None, blind=True): | ||||||
| 
 | 
 | ||||||
|     if not validColumnList: |     if not validColumnList: | ||||||
|         errMsg = "all column name(s) provided are non-existent" |         errMsg = "all column name(s) provided are non-existent" | ||||||
|         raise SqlmapNoneDataException, errMsg |         raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|     if not validPivotValue: |     if not validPivotValue: | ||||||
|         warnMsg = "no proper pivot column provided (with unique values)." |         warnMsg = "no proper pivot column provided (with unique values)." | ||||||
|  |  | ||||||
|  | @ -35,7 +35,7 @@ class Connector(GenericConnector): | ||||||
|         if not IS_WIN: |         if not IS_WIN: | ||||||
|             errMsg = "currently, direct connection to Microsoft Access database(s) " |             errMsg = "currently, direct connection to Microsoft Access database(s) " | ||||||
|             errMsg += "is restricted to Windows platforms" |             errMsg += "is restricted to Windows platforms" | ||||||
|             raise SqlmapUnsupportedFeatureException, errMsg |             raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|         self.initConnection() |         self.initConnection() | ||||||
|         self.checkFileDb() |         self.checkFileDb() | ||||||
|  | @ -43,7 +43,7 @@ class Connector(GenericConnector): | ||||||
|         try: |         try: | ||||||
|             self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db) |             self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db) | ||||||
|         except (pyodbc.Error, pyodbc.OperationalError), msg: |         except (pyodbc.Error, pyodbc.OperationalError), msg: | ||||||
|             raise SqlmapConnectionException, msg[1] |             raise SqlmapConnectionException(msg[1]) | ||||||
| 
 | 
 | ||||||
|         self.setCursor() |         self.setCursor() | ||||||
|         self.connected() |         self.connected() | ||||||
|  | @ -61,7 +61,7 @@ class Connector(GenericConnector): | ||||||
|         except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg: |         except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg: | ||||||
|             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) |             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) | ||||||
|         except pyodbc.Error, msg: |         except pyodbc.Error, msg: | ||||||
|             raise SqlmapConnectionException, msg[1] |             raise SqlmapConnectionException(msg[1]) | ||||||
| 
 | 
 | ||||||
|         self.connector.commit() |         self.connector.commit() | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -14,8 +14,8 @@ class Filesystem(GenericFilesystem): | ||||||
| 
 | 
 | ||||||
|     def readFile(self, rFile): |     def readFile(self, rFile): | ||||||
|         errMsg = "on Microsoft Access it is not possible to read files" |         errMsg = "on Microsoft Access it is not possible to read files" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def writeFile(self, wFile, dFile, fileType=None): |     def writeFile(self, wFile, dFile, fileType=None): | ||||||
|         errMsg = "on Microsoft Access it is not possible to write files" |         errMsg = "on Microsoft Access it is not possible to write files" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -24,7 +24,7 @@ class Syntax(GenericSyntax): | ||||||
|                 index = expression[firstIndex:].find("'") |                 index = expression[firstIndex:].find("'") | ||||||
| 
 | 
 | ||||||
|                 if index == -1: |                 if index == -1: | ||||||
|                     raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression |                     raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|                 lastIndex = firstIndex + index |                 lastIndex = firstIndex + index | ||||||
|                 old = "'%s'" % expression[firstIndex:lastIndex] |                 old = "'%s'" % expression[firstIndex:lastIndex] | ||||||
|  | @ -56,7 +56,7 @@ class Syntax(GenericSyntax): | ||||||
|             index = expression[firstIndex:].find(")") |             index = expression[firstIndex:].find(")") | ||||||
| 
 | 
 | ||||||
|             if index == -1: |             if index == -1: | ||||||
|                 raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression |                 raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|             lastIndex = firstIndex + index + 1 |             lastIndex = firstIndex + index + 1 | ||||||
|             old = expression[firstIndex:lastIndex] |             old = expression[firstIndex:lastIndex] | ||||||
|  |  | ||||||
|  | @ -14,18 +14,18 @@ class Takeover(GenericTakeover): | ||||||
| 
 | 
 | ||||||
|     def osCmd(self): |     def osCmd(self): | ||||||
|         errMsg = "on Microsoft Access it is not possible to execute commands" |         errMsg = "on Microsoft Access it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osShell(self): |     def osShell(self): | ||||||
|         errMsg = "on Microsoft Access it is not possible to execute commands" |         errMsg = "on Microsoft Access it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osPwn(self): |     def osPwn(self): | ||||||
|         errMsg = "on Microsoft Access it is not possible to establish an " |         errMsg = "on Microsoft Access it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osSmb(self): |     def osSmb(self): | ||||||
|         errMsg = "on Microsoft Access it is not possible to establish an " |         errMsg = "on Microsoft Access it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -35,7 +35,7 @@ class Connector(GenericConnector): | ||||||
|             database = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port) |             database = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port) | ||||||
|             self.connector = ibm_db_dbi.connect(database, self.user, self.password) |             self.connector = ibm_db_dbi.connect(database, self.user, self.password) | ||||||
|         except ibm_db_dbi.OperationalError, msg: |         except ibm_db_dbi.OperationalError, msg: | ||||||
|             raise SqlmapConnectionException, msg |             raise SqlmapConnectionException(msg) | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|         self.setCursor() |         self.setCursor() | ||||||
|  | @ -54,7 +54,7 @@ class Connector(GenericConnector): | ||||||
|         except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg: |         except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg: | ||||||
|             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) |             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) | ||||||
|         except ibm_db_dbi.InternalError, msg: |         except ibm_db_dbi.InternalError, msg: | ||||||
|             raise SqlmapConnectionException, msg[1] |             raise SqlmapConnectionException(msg[1]) | ||||||
| 
 | 
 | ||||||
|         self.connector.commit() |         self.connector.commit() | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -25,7 +25,7 @@ class Syntax(GenericSyntax): | ||||||
|                 index = expression[firstIndex:].find("'") |                 index = expression[firstIndex:].find("'") | ||||||
| 
 | 
 | ||||||
|                 if index == -1: |                 if index == -1: | ||||||
|                     raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression |                     raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|                 lastIndex = firstIndex + index |                 lastIndex = firstIndex + index | ||||||
|                 old = "'%s'" % expression[firstIndex:lastIndex] |                 old = "'%s'" % expression[firstIndex:lastIndex] | ||||||
|  | @ -55,7 +55,7 @@ class Syntax(GenericSyntax): | ||||||
|             index = expression[firstIndex:].find(")") |             index = expression[firstIndex:].find(")") | ||||||
| 
 | 
 | ||||||
|             if index == -1: |             if index == -1: | ||||||
|                 raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression |                 raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|             lastIndex = firstIndex + index + 1 |             lastIndex = firstIndex + index + 1 | ||||||
|             old = expression[firstIndex:lastIndex] |             old = expression[firstIndex:lastIndex] | ||||||
|  |  | ||||||
|  | @ -42,7 +42,7 @@ class Connector(GenericConnector): | ||||||
|             self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \ |             self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \ | ||||||
|                 user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html |                 user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html | ||||||
|         except kinterbasdb.OperationalError, msg: |         except kinterbasdb.OperationalError, msg: | ||||||
|             raise SqlmapConnectionException, msg[1] |             raise SqlmapConnectionException(msg[1]) | ||||||
|         self.setCursor() |         self.setCursor() | ||||||
|         self.connected() |         self.connected() | ||||||
| 
 | 
 | ||||||
|  | @ -59,7 +59,7 @@ class Connector(GenericConnector): | ||||||
|         except kinterbasdb.OperationalError, msg: |         except kinterbasdb.OperationalError, msg: | ||||||
|             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) |             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) | ||||||
|         except kinterbasdb.Error, msg: |         except kinterbasdb.Error, msg: | ||||||
|             raise SqlmapConnectionException, msg[1] |             raise SqlmapConnectionException(msg[1]) | ||||||
| 
 | 
 | ||||||
|         self.connector.commit() |         self.connector.commit() | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -14,8 +14,8 @@ class Filesystem(GenericFilesystem): | ||||||
| 
 | 
 | ||||||
|     def readFile(self, rFile): |     def readFile(self, rFile): | ||||||
|         errMsg = "on Firebird it is not possible to read files" |         errMsg = "on Firebird it is not possible to read files" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def writeFile(self, wFile, dFile, fileType=None): |     def writeFile(self, wFile, dFile, fileType=None): | ||||||
|         errMsg = "on Firebird it is not possible to write files" |         errMsg = "on Firebird it is not possible to write files" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -26,7 +26,7 @@ class Syntax(GenericSyntax): | ||||||
|                     index = expression[firstIndex:].find("'") |                     index = expression[firstIndex:].find("'") | ||||||
| 
 | 
 | ||||||
|                     if index == -1: |                     if index == -1: | ||||||
|                         raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression |                         raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|                     lastIndex = firstIndex + index |                     lastIndex = firstIndex + index | ||||||
|                     old = "'%s'" % expression[firstIndex:lastIndex] |                     old = "'%s'" % expression[firstIndex:lastIndex] | ||||||
|  | @ -58,7 +58,7 @@ class Syntax(GenericSyntax): | ||||||
|             index = expression[firstIndex:].find(")") |             index = expression[firstIndex:].find(")") | ||||||
| 
 | 
 | ||||||
|             if index == -1: |             if index == -1: | ||||||
|                 raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression |                 raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|             lastIndex = firstIndex + index + 1 |             lastIndex = firstIndex + index + 1 | ||||||
|             old = expression[firstIndex:lastIndex] |             old = expression[firstIndex:lastIndex] | ||||||
|  |  | ||||||
|  | @ -14,18 +14,18 @@ class Takeover(GenericTakeover): | ||||||
| 
 | 
 | ||||||
|     def osCmd(self): |     def osCmd(self): | ||||||
|         errMsg = "on Firebird it is not possible to execute commands" |         errMsg = "on Firebird it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osShell(self): |     def osShell(self): | ||||||
|         errMsg = "on Firebird it is not possible to execute commands" |         errMsg = "on Firebird it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osPwn(self): |     def osPwn(self): | ||||||
|         errMsg = "on Firebird it is not possible to establish an " |         errMsg = "on Firebird it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osSmb(self): |     def osSmb(self): | ||||||
|         errMsg = "on Firebird it is not possible to establish an " |         errMsg = "on Firebird it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -15,4 +15,4 @@ class Connector(GenericConnector): | ||||||
|     def connect(self): |     def connect(self): | ||||||
|         errMsg = "on SAP MaxDB it is not possible to establish a " |         errMsg = "on SAP MaxDB it is not possible to establish a " | ||||||
|         errMsg += "direct connection" |         errMsg += "direct connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -81,7 +81,7 @@ class Enumeration(GenericEnumeration): | ||||||
| 
 | 
 | ||||||
|             if retVal: |             if retVal: | ||||||
|                 for table in retVal[0].values()[0]: |                 for table in retVal[0].values()[0]: | ||||||
|                     if not kb.data.cachedTables.has_key(db): |                     if db not in kb.data.cachedTables: | ||||||
|                         kb.data.cachedTables[db] = [table] |                         kb.data.cachedTables[db] = [table] | ||||||
|                     else: |                     else: | ||||||
|                         kb.data.cachedTables[db].append(table) |                         kb.data.cachedTables[db].append(table) | ||||||
|  | @ -107,7 +107,7 @@ class Enumeration(GenericEnumeration): | ||||||
|             if  ',' in conf.db: |             if  ',' in conf.db: | ||||||
|                 errMsg = "only one database name is allowed when enumerating " |                 errMsg = "only one database name is allowed when enumerating " | ||||||
|                 errMsg += "the tables' columns" |                 errMsg += "the tables' columns" | ||||||
|                 raise SqlmapMissingMandatoryOptionException, errMsg |                 raise SqlmapMissingMandatoryOptionException(errMsg) | ||||||
| 
 | 
 | ||||||
|         conf.db = safeSQLIdentificatorNaming(conf.db) |         conf.db = safeSQLIdentificatorNaming(conf.db) | ||||||
| 
 | 
 | ||||||
|  | @ -124,7 +124,7 @@ class Enumeration(GenericEnumeration): | ||||||
|             else: |             else: | ||||||
|                 errMsg = "unable to retrieve the tables " |                 errMsg = "unable to retrieve the tables " | ||||||
|                 errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) |                 errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         for tbl in tblList: |         for tbl in tblList: | ||||||
|             tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) |             tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) | ||||||
|  |  | ||||||
|  | @ -14,8 +14,8 @@ class Filesystem(GenericFilesystem): | ||||||
| 
 | 
 | ||||||
|     def readFile(self, rFile): |     def readFile(self, rFile): | ||||||
|         errMsg = "on SAP MaxDB reading of files is not supported" |         errMsg = "on SAP MaxDB reading of files is not supported" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def writeFile(self, wFile, dFile, fileType=None): |     def writeFile(self, wFile, dFile, fileType=None): | ||||||
|         errMsg = "on SAP MaxDB writing of files is not supported" |         errMsg = "on SAP MaxDB writing of files is not supported" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -14,18 +14,18 @@ class Takeover(GenericTakeover): | ||||||
| 
 | 
 | ||||||
|     def osCmd(self): |     def osCmd(self): | ||||||
|         errMsg = "on SAP MaxDB it is not possible to execute commands" |         errMsg = "on SAP MaxDB it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osShell(self): |     def osShell(self): | ||||||
|         errMsg = "on SAP MaxDB it is not possible to execute commands" |         errMsg = "on SAP MaxDB it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osPwn(self): |     def osPwn(self): | ||||||
|         errMsg = "on SAP MaxDB it is not possible to establish an " |         errMsg = "on SAP MaxDB it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osSmb(self): |     def osSmb(self): | ||||||
|         errMsg = "on SAP MaxDB it is not possible to establish an " |         errMsg = "on SAP MaxDB it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -42,7 +42,7 @@ class Connector(GenericConnector): | ||||||
|         try: |         try: | ||||||
|             self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) |             self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) | ||||||
|         except pymssql.OperationalError, msg: |         except pymssql.OperationalError, msg: | ||||||
|             raise SqlmapConnectionException, msg |             raise SqlmapConnectionException(msg) | ||||||
| 
 | 
 | ||||||
|         self.setCursor() |         self.setCursor() | ||||||
|         self.connected() |         self.connected() | ||||||
|  | @ -63,7 +63,7 @@ class Connector(GenericConnector): | ||||||
|         except (pymssql.OperationalError, pymssql.ProgrammingError), msg: |         except (pymssql.OperationalError, pymssql.ProgrammingError), msg: | ||||||
|             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " ")) |             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " ")) | ||||||
|         except pymssql.InternalError, msg: |         except pymssql.InternalError, msg: | ||||||
|             raise SqlmapConnectionException, msg |             raise SqlmapConnectionException(msg) | ||||||
| 
 | 
 | ||||||
|         return retVal |         return retVal | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -37,7 +37,7 @@ class Connector(GenericConnector): | ||||||
|         try: |         try: | ||||||
|             self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True) |             self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True) | ||||||
|         except (pymysql.OperationalError, pymysql.InternalError), msg: |         except (pymysql.OperationalError, pymysql.InternalError), msg: | ||||||
|             raise SqlmapConnectionException, msg[1] |             raise SqlmapConnectionException(msg[1]) | ||||||
| 
 | 
 | ||||||
|         self.setCursor() |         self.setCursor() | ||||||
|         self.connected() |         self.connected() | ||||||
|  | @ -58,7 +58,7 @@ class Connector(GenericConnector): | ||||||
|         except (pymysql.OperationalError, pymysql.ProgrammingError), msg: |         except (pymysql.OperationalError, pymysql.ProgrammingError), msg: | ||||||
|             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) |             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) | ||||||
|         except pymysql.InternalError, msg: |         except pymysql.InternalError, msg: | ||||||
|             raise SqlmapConnectionException, msg[1] |             raise SqlmapConnectionException(msg[1]) | ||||||
| 
 | 
 | ||||||
|         self.connector.commit() |         self.connector.commit() | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -63,7 +63,7 @@ class Filesystem(GenericFilesystem): | ||||||
|                 logger.warn(warnMsg) |                 logger.warn(warnMsg) | ||||||
|                 result = self.nonStackedReadFile(rFile) |                 result = self.nonStackedReadFile(rFile) | ||||||
|             else: |             else: | ||||||
|                 raise SqlmapNoneDataException, warnMsg |                 raise SqlmapNoneDataException(warnMsg) | ||||||
|         else: |         else: | ||||||
|             length = int(length) |             length = int(length) | ||||||
|             sustrLen = 1024 |             sustrLen = 1024 | ||||||
|  |  | ||||||
|  | @ -41,7 +41,7 @@ class Syntax(GenericSyntax): | ||||||
|             index = expression[firstIndex:].find(")") |             index = expression[firstIndex:].find(")") | ||||||
| 
 | 
 | ||||||
|             if index == -1: |             if index == -1: | ||||||
|                 raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression |                 raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|             lastIndex = firstIndex + index + 1 |             lastIndex = firstIndex + index + 1 | ||||||
|             old = expression[firstIndex:lastIndex] |             old = expression[firstIndex:lastIndex] | ||||||
|  |  | ||||||
|  | @ -46,7 +46,7 @@ class Connector(GenericConnector): | ||||||
|             try: |             try: | ||||||
|                 self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password) |                 self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password) | ||||||
|             except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg: |             except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg: | ||||||
|                 raise SqlmapConnectionException, msg |                 raise SqlmapConnectionException(msg) | ||||||
| 
 | 
 | ||||||
|         self.setCursor() |         self.setCursor() | ||||||
|         self.connected() |         self.connected() | ||||||
|  | @ -67,7 +67,7 @@ class Connector(GenericConnector): | ||||||
|         except (cx_Oracle.DatabaseError), msg: |         except (cx_Oracle.DatabaseError), msg: | ||||||
|             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg) |             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg) | ||||||
|         except cx_Oracle.InternalError, msg: |         except cx_Oracle.InternalError, msg: | ||||||
|             raise SqlmapConnectionException, msg |             raise SqlmapConnectionException(msg) | ||||||
| 
 | 
 | ||||||
|         self.connector.commit() |         self.connector.commit() | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -160,6 +160,6 @@ class Enumeration(GenericEnumeration): | ||||||
|         if not kb.data.cachedUsersRoles: |         if not kb.data.cachedUsersRoles: | ||||||
|             errMsg = "unable to retrieve the roles " |             errMsg = "unable to retrieve the roles " | ||||||
|             errMsg += "for the database users" |             errMsg += "for the database users" | ||||||
|             raise SqlmapNoneDataException, errMsg |             raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         return kb.data.cachedUsersRoles, areAdmins |         return kb.data.cachedUsersRoles, areAdmins | ||||||
|  |  | ||||||
|  | @ -15,9 +15,9 @@ class Filesystem(GenericFilesystem): | ||||||
|     def readFile(self, rFile): |     def readFile(self, rFile): | ||||||
|         errMsg = "File system read access not yet implemented for " |         errMsg = "File system read access not yet implemented for " | ||||||
|         errMsg += "Oracle" |         errMsg += "Oracle" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def writeFile(self, wFile, dFile, fileType=None): |     def writeFile(self, wFile, dFile, fileType=None): | ||||||
|         errMsg = "File system write access not yet implemented for " |         errMsg = "File system write access not yet implemented for " | ||||||
|         errMsg += "Oracle" |         errMsg += "Oracle" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -24,7 +24,7 @@ class Syntax(GenericSyntax): | ||||||
|                 index = expression[firstIndex:].find("'") |                 index = expression[firstIndex:].find("'") | ||||||
| 
 | 
 | ||||||
|                 if index == -1: |                 if index == -1: | ||||||
|                     raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression |                     raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|                 lastIndex = firstIndex + index |                 lastIndex = firstIndex + index | ||||||
|                 old = "'%s'" % expression[firstIndex:lastIndex] |                 old = "'%s'" % expression[firstIndex:lastIndex] | ||||||
|  | @ -47,7 +47,7 @@ class Syntax(GenericSyntax): | ||||||
|             index = expression[firstIndex:].find("))") |             index = expression[firstIndex:].find("))") | ||||||
| 
 | 
 | ||||||
|             if index == -1: |             if index == -1: | ||||||
|                 raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression |                 raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|             lastIndex = firstIndex + index + 1 |             lastIndex = firstIndex + index + 1 | ||||||
|             old = expression[firstIndex:lastIndex] |             old = expression[firstIndex:lastIndex] | ||||||
|  |  | ||||||
|  | @ -15,19 +15,19 @@ class Takeover(GenericTakeover): | ||||||
|     def osCmd(self): |     def osCmd(self): | ||||||
|         errMsg = "Operating system command execution functionality not " |         errMsg = "Operating system command execution functionality not " | ||||||
|         errMsg += "yet implemented for Oracle" |         errMsg += "yet implemented for Oracle" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osShell(self): |     def osShell(self): | ||||||
|         errMsg = "Operating system shell functionality not yet " |         errMsg = "Operating system shell functionality not yet " | ||||||
|         errMsg += "implemented for Oracle" |         errMsg += "implemented for Oracle" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osPwn(self): |     def osPwn(self): | ||||||
|         errMsg = "Operating system out-of-band control functionality " |         errMsg = "Operating system out-of-band control functionality " | ||||||
|         errMsg += "not yet implemented for Oracle" |         errMsg += "not yet implemented for Oracle" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osSmb(self): |     def osSmb(self): | ||||||
|         errMsg = "One click operating system out-of-band control " |         errMsg = "One click operating system out-of-band control " | ||||||
|         errMsg += "functionality not yet implemented for Oracle" |         errMsg += "functionality not yet implemented for Oracle" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -37,7 +37,7 @@ class Connector(GenericConnector): | ||||||
|         try: |         try: | ||||||
|             self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port) |             self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port) | ||||||
|         except psycopg2.OperationalError, msg: |         except psycopg2.OperationalError, msg: | ||||||
|             raise SqlmapConnectionException, msg |             raise SqlmapConnectionException(msg) | ||||||
| 
 | 
 | ||||||
|         self.connector.set_client_encoding('UNICODE') |         self.connector.set_client_encoding('UNICODE') | ||||||
| 
 | 
 | ||||||
|  | @ -60,7 +60,7 @@ class Connector(GenericConnector): | ||||||
|         except (psycopg2.OperationalError, psycopg2.ProgrammingError), msg: |         except (psycopg2.OperationalError, psycopg2.ProgrammingError), msg: | ||||||
|             logger.warn(("(remote) %s" % msg).strip()) |             logger.warn(("(remote) %s" % msg).strip()) | ||||||
|         except psycopg2.InternalError, msg: |         except psycopg2.InternalError, msg: | ||||||
|             raise SqlmapConnectionException, msg |             raise SqlmapConnectionException(msg) | ||||||
| 
 | 
 | ||||||
|         self.connector.commit() |         self.connector.commit() | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -31,7 +31,7 @@ class Filesystem(GenericFilesystem): | ||||||
|     def unionWriteFile(self, wFile, dFile, fileType): |     def unionWriteFile(self, wFile, dFile, fileType): | ||||||
|         errMsg = "PostgreSQL does not support file upload with UNION " |         errMsg = "PostgreSQL does not support file upload with UNION " | ||||||
|         errMsg += "query SQL injection technique" |         errMsg += "query SQL injection technique" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def stackedWriteFile(self, wFile, dFile, fileType): |     def stackedWriteFile(self, wFile, dFile, fileType): | ||||||
|         wFileSize = os.path.getsize(wFile) |         wFileSize = os.path.getsize(wFile) | ||||||
|  | @ -39,7 +39,7 @@ class Filesystem(GenericFilesystem): | ||||||
|         if wFileSize > 8192: |         if wFileSize > 8192: | ||||||
|             errMsg = "on PostgreSQL it is not possible to write files " |             errMsg = "on PostgreSQL it is not possible to write files " | ||||||
|             errMsg += "bigger than 8192 bytes at the moment" |             errMsg += "bigger than 8192 bytes at the moment" | ||||||
|             raise SqlmapUnsupportedFeatureException, errMsg |             raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|         self.oid = randomInt() |         self.oid = randomInt() | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -29,7 +29,7 @@ class Syntax(GenericSyntax): | ||||||
|                 index = expression[firstIndex:].find("'") |                 index = expression[firstIndex:].find("'") | ||||||
| 
 | 
 | ||||||
|                 if index == -1: |                 if index == -1: | ||||||
|                     raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression |                     raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|                 lastIndex = firstIndex + index |                 lastIndex = firstIndex + index | ||||||
|                 old = "'%s'" % expression[firstIndex:lastIndex] |                 old = "'%s'" % expression[firstIndex:lastIndex] | ||||||
|  | @ -52,7 +52,7 @@ class Syntax(GenericSyntax): | ||||||
|             index = expression[firstIndex:].find("))") |             index = expression[firstIndex:].find("))") | ||||||
| 
 | 
 | ||||||
|             if index == -1: |             if index == -1: | ||||||
|                 raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression |                 raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|             lastIndex = firstIndex + index + 1 |             lastIndex = firstIndex + index + 1 | ||||||
|             old = expression[firstIndex:lastIndex] |             old = expression[firstIndex:lastIndex] | ||||||
|  |  | ||||||
|  | @ -53,7 +53,7 @@ class Takeover(GenericTakeover): | ||||||
|             majorVer = "8.2" |             majorVer = "8.2" | ||||||
|         else: |         else: | ||||||
|             errMsg = "unsupported feature on versions of PostgreSQL before 8.2" |             errMsg = "unsupported feature on versions of PostgreSQL before 8.2" | ||||||
|             raise SqlmapUnsupportedFeatureException, errMsg |             raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|         if Backend.isOs(OS.WINDOWS): |         if Backend.isOs(OS.WINDOWS): | ||||||
|             self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer) |             self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer) | ||||||
|  |  | ||||||
|  | @ -56,12 +56,12 @@ class Connector(GenericConnector): | ||||||
|                 except ImportError: |                 except ImportError: | ||||||
|                     errMsg = "sqlmap requires 'python-sqlite2' third-party library " |                     errMsg = "sqlmap requires 'python-sqlite2' third-party library " | ||||||
|                     errMsg += "in order to directly connect to the database '%s'" % self.db |                     errMsg += "in order to directly connect to the database '%s'" % self.db | ||||||
|                     raise SqlmapMissingDependence, errMsg |                     raise SqlmapMissingDependence(errMsg) | ||||||
| 
 | 
 | ||||||
|                 self.__sqlite = sqlite |                 self.__sqlite = sqlite | ||||||
|                 self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout) |                 self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout) | ||||||
|             except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg: |             except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg: | ||||||
|                 raise SqlmapConnectionException, msg[0] |                 raise SqlmapConnectionException(msg[0]) | ||||||
| 
 | 
 | ||||||
|         self.setCursor() |         self.setCursor() | ||||||
|         self.connected() |         self.connected() | ||||||
|  | @ -79,7 +79,7 @@ class Connector(GenericConnector): | ||||||
|         except self.__sqlite.OperationalError, msg: |         except self.__sqlite.OperationalError, msg: | ||||||
|             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[0]) |             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[0]) | ||||||
|         except self.__sqlite.DatabaseError, msg: |         except self.__sqlite.DatabaseError, msg: | ||||||
|             raise SqlmapConnectionException, msg[0] |             raise SqlmapConnectionException(msg[0]) | ||||||
| 
 | 
 | ||||||
|         self.connector.commit() |         self.connector.commit() | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -57,7 +57,7 @@ class Enumeration(GenericEnumeration): | ||||||
| 
 | 
 | ||||||
|     def searchColumn(self): |     def searchColumn(self): | ||||||
|         errMsg = "on SQLite you must specify the table and columns to dump" |         errMsg = "on SQLite you must specify the table and columns to dump" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def getHostname(self): |     def getHostname(self): | ||||||
|         warnMsg = "on SQLite it is not possible to enumerate the hostname" |         warnMsg = "on SQLite it is not possible to enumerate the hostname" | ||||||
|  |  | ||||||
|  | @ -14,8 +14,8 @@ class Filesystem(GenericFilesystem): | ||||||
| 
 | 
 | ||||||
|     def readFile(self, rFile): |     def readFile(self, rFile): | ||||||
|         errMsg = "on SQLite it is not possible to read files" |         errMsg = "on SQLite it is not possible to read files" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def writeFile(self, wFile, dFile, fileType=None): |     def writeFile(self, wFile, dFile, fileType=None): | ||||||
|         errMsg = "on SQLite it is not possible to write files" |         errMsg = "on SQLite it is not possible to write files" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -42,7 +42,7 @@ class Syntax(GenericSyntax): | ||||||
|             index = expression[firstIndex+2:].find("'") |             index = expression[firstIndex+2:].find("'") | ||||||
| 
 | 
 | ||||||
|             if index == -1: |             if index == -1: | ||||||
|                 raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression |                 raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression) | ||||||
| 
 | 
 | ||||||
|             lastIndex = firstIndex + index + 3 |             lastIndex = firstIndex + index + 3 | ||||||
|             old = expression[firstIndex:lastIndex] |             old = expression[firstIndex:lastIndex] | ||||||
|  |  | ||||||
|  | @ -14,18 +14,18 @@ class Takeover(GenericTakeover): | ||||||
| 
 | 
 | ||||||
|     def osCmd(self): |     def osCmd(self): | ||||||
|         errMsg = "on SQLite it is not possible to execute commands" |         errMsg = "on SQLite it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osShell(self): |     def osShell(self): | ||||||
|         errMsg = "on SQLite it is not possible to execute commands" |         errMsg = "on SQLite it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osPwn(self): |     def osPwn(self): | ||||||
|         errMsg = "on SQLite it is not possible to establish an " |         errMsg = "on SQLite it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osSmb(self): |     def osSmb(self): | ||||||
|         errMsg = "on SQLite it is not possible to establish an " |         errMsg = "on SQLite it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -42,7 +42,7 @@ class Connector(GenericConnector): | ||||||
|         try: |         try: | ||||||
|             self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) |             self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) | ||||||
|         except pymssql.OperationalError, msg: |         except pymssql.OperationalError, msg: | ||||||
|             raise SqlmapConnectionException, msg |             raise SqlmapConnectionException(msg) | ||||||
| 
 | 
 | ||||||
|         self.setCursor() |         self.setCursor() | ||||||
|         self.connected() |         self.connected() | ||||||
|  | @ -60,7 +60,7 @@ class Connector(GenericConnector): | ||||||
|         except (pymssql.OperationalError, pymssql.ProgrammingError), msg: |         except (pymssql.OperationalError, pymssql.ProgrammingError), msg: | ||||||
|             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg) |             logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg) | ||||||
|         except pymssql.InternalError, msg: |         except pymssql.InternalError, msg: | ||||||
|             raise SqlmapConnectionException, msg |             raise SqlmapConnectionException(msg) | ||||||
| 
 | 
 | ||||||
|     def select(self, query): |     def select(self, query): | ||||||
|         self.execute(query) |         self.execute(query) | ||||||
|  |  | ||||||
|  | @ -145,7 +145,7 @@ class Enumeration(GenericEnumeration): | ||||||
| 
 | 
 | ||||||
|                 if retVal: |                 if retVal: | ||||||
|                     for table in retVal[0].values()[0]: |                     for table in retVal[0].values()[0]: | ||||||
|                         if not kb.data.cachedTables.has_key(db): |                         if db not in kb.data.cachedTables: | ||||||
|                             kb.data.cachedTables[db] = [table] |                             kb.data.cachedTables[db] = [table] | ||||||
|                         else: |                         else: | ||||||
|                             kb.data.cachedTables[db].append(table) |                             kb.data.cachedTables[db].append(table) | ||||||
|  | @ -172,7 +172,7 @@ class Enumeration(GenericEnumeration): | ||||||
|             if  ',' in conf.db: |             if  ',' in conf.db: | ||||||
|                 errMsg = "only one database name is allowed when enumerating " |                 errMsg = "only one database name is allowed when enumerating " | ||||||
|                 errMsg += "the tables' columns" |                 errMsg += "the tables' columns" | ||||||
|                 raise SqlmapMissingMandatoryOptionException, errMsg |                 raise SqlmapMissingMandatoryOptionException(errMsg) | ||||||
| 
 | 
 | ||||||
|         conf.db = safeSQLIdentificatorNaming(conf.db) |         conf.db = safeSQLIdentificatorNaming(conf.db) | ||||||
| 
 | 
 | ||||||
|  | @ -197,7 +197,7 @@ class Enumeration(GenericEnumeration): | ||||||
|             else: |             else: | ||||||
|                 errMsg = "unable to retrieve the tables " |                 errMsg = "unable to retrieve the tables " | ||||||
|                 errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) |                 errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         for tbl in tblList: |         for tbl in tblList: | ||||||
|             tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl) |             tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl) | ||||||
|  |  | ||||||
|  | @ -14,8 +14,8 @@ class Filesystem(GenericFilesystem): | ||||||
| 
 | 
 | ||||||
|     def readFile(self, rFile): |     def readFile(self, rFile): | ||||||
|         errMsg = "on Sybase it is not possible to read files" |         errMsg = "on Sybase it is not possible to read files" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def writeFile(self, wFile, dFile, fileType=None): |     def writeFile(self, wFile, dFile, fileType=None): | ||||||
|         errMsg = "on Sybase it is not possible to write files" |         errMsg = "on Sybase it is not possible to write files" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -14,18 +14,18 @@ class Takeover(GenericTakeover): | ||||||
| 
 | 
 | ||||||
|     def osCmd(self): |     def osCmd(self): | ||||||
|         errMsg = "on Sybase it is not possible to execute commands" |         errMsg = "on Sybase it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osShell(self): |     def osShell(self): | ||||||
|         errMsg = "on Sybase it is not possible to execute commands" |         errMsg = "on Sybase it is not possible to execute commands" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osPwn(self): |     def osPwn(self): | ||||||
|         errMsg = "on Sybase it is not possible to establish an " |         errMsg = "on Sybase it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def osSmb(self): |     def osSmb(self): | ||||||
|         errMsg = "on Sybase it is not possible to establish an " |         errMsg = "on Sybase it is not possible to establish an " | ||||||
|         errMsg += "out-of-band connection" |         errMsg += "out-of-band connection" | ||||||
|         raise SqlmapUnsupportedFeatureException, errMsg |         raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
|  |  | ||||||
|  | @ -59,24 +59,24 @@ class Connector: | ||||||
|     def checkFileDb(self): |     def checkFileDb(self): | ||||||
|         if not os.path.exists(self.db): |         if not os.path.exists(self.db): | ||||||
|             errMsg = "the provided database file '%s' does not exist" % self.db |             errMsg = "the provided database file '%s' does not exist" % self.db | ||||||
|             raise SqlmapFilePathException, errMsg |             raise SqlmapFilePathException(errMsg) | ||||||
| 
 | 
 | ||||||
|     def connect(self): |     def connect(self): | ||||||
|         errMsg = "'connect' method must be defined " |         errMsg = "'connect' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def fetchall(self): |     def fetchall(self): | ||||||
|         errMsg = "'fetchall' method must be defined " |         errMsg = "'fetchall' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def execute(self, query): |     def execute(self, query): | ||||||
|         errMsg = "'execute' method must be defined " |         errMsg = "'execute' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def select(self, query): |     def select(self, query): | ||||||
|         errMsg = "'select' method must be defined " |         errMsg = "'select' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
|  |  | ||||||
|  | @ -166,7 +166,7 @@ class Databases: | ||||||
|                 kb.data.cachedDbs = [kb.data.currentDb] |                 kb.data.cachedDbs = [kb.data.currentDb] | ||||||
|             else: |             else: | ||||||
|                 errMsg = "unable to retrieve the database names" |                 errMsg = "unable to retrieve the database names" | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
|         else: |         else: | ||||||
|             kb.data.cachedDbs.sort() |             kb.data.cachedDbs.sort() | ||||||
| 
 | 
 | ||||||
|  | @ -354,7 +354,7 @@ class Databases: | ||||||
|                 logger.error(errMsg) |                 logger.error(errMsg) | ||||||
|                 return self.getTables(bruteForce=True) |                 return self.getTables(bruteForce=True) | ||||||
|             else: |             else: | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
|         else: |         else: | ||||||
|             for db, tables in kb.data.cachedTables.items(): |             for db, tables in kb.data.cachedTables.items(): | ||||||
|                 kb.data.cachedTables[db] = sorted(tables) if tables else tables |                 kb.data.cachedTables[db] = sorted(tables) if tables else tables | ||||||
|  | @ -384,7 +384,7 @@ class Databases: | ||||||
|             if  ',' in conf.db: |             if  ',' in conf.db: | ||||||
|                 errMsg = "only one database name is allowed when enumerating " |                 errMsg = "only one database name is allowed when enumerating " | ||||||
|                 errMsg += "the tables' columns" |                 errMsg += "the tables' columns" | ||||||
|                 raise SqlmapMissingMandatoryOptionException, errMsg |                 raise SqlmapMissingMandatoryOptionException(errMsg) | ||||||
| 
 | 
 | ||||||
|         conf.db = safeSQLIdentificatorNaming(conf.db) |         conf.db = safeSQLIdentificatorNaming(conf.db) | ||||||
| 
 | 
 | ||||||
|  | @ -422,7 +422,7 @@ class Databases: | ||||||
|             else: |             else: | ||||||
|                 errMsg = "unable to retrieve the tables " |                 errMsg = "unable to retrieve the tables " | ||||||
|                 errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) |                 errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         for tbl in tblList: |         for tbl in tblList: | ||||||
|             tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) |             tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) | ||||||
|  |  | ||||||
|  | @ -67,7 +67,7 @@ class Entries: | ||||||
|             if  ',' in conf.db: |             if  ',' in conf.db: | ||||||
|                 errMsg = "only one database name is allowed when enumerating " |                 errMsg = "only one database name is allowed when enumerating " | ||||||
|                 errMsg += "the tables' columns" |                 errMsg += "the tables' columns" | ||||||
|                 raise SqlmapMissingMandatoryOptionException, errMsg |                 raise SqlmapMissingMandatoryOptionException(errMsg) | ||||||
| 
 | 
 | ||||||
|         conf.db = safeSQLIdentificatorNaming(conf.db) |         conf.db = safeSQLIdentificatorNaming(conf.db) | ||||||
| 
 | 
 | ||||||
|  | @ -87,7 +87,7 @@ class Entries: | ||||||
|             else: |             else: | ||||||
|                 errMsg = "unable to retrieve the tables " |                 errMsg = "unable to retrieve the tables " | ||||||
|                 errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) |                 errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         for tbl in tblList: |         for tbl in tblList: | ||||||
|             tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) |             tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) | ||||||
|  | @ -329,7 +329,7 @@ class Entries: | ||||||
|         if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: |         if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: | ||||||
|             errMsg = "information_schema not available, " |             errMsg = "information_schema not available, " | ||||||
|             errMsg += "back-end DBMS is MySQL < 5.0" |             errMsg += "back-end DBMS is MySQL < 5.0" | ||||||
|             raise SqlmapUnsupportedFeatureException, errMsg |             raise SqlmapUnsupportedFeatureException(errMsg) | ||||||
| 
 | 
 | ||||||
|         infoMsg = "sqlmap will dump entries of all tables from all databases now" |         infoMsg = "sqlmap will dump entries of all tables from all databases now" | ||||||
|         logger.info(infoMsg) |         logger.info(infoMsg) | ||||||
|  |  | ||||||
|  | @ -161,22 +161,22 @@ class Filesystem: | ||||||
|     def nonStackedReadFile(self, remoteFile): |     def nonStackedReadFile(self, remoteFile): | ||||||
|         errMsg = "'nonStackedReadFile' method must be defined " |         errMsg = "'nonStackedReadFile' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def stackedReadFile(self, remoteFile): |     def stackedReadFile(self, remoteFile): | ||||||
|         errMsg = "'stackedReadFile' method must be defined " |         errMsg = "'stackedReadFile' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def unionWriteFile(self, localFile, remoteFile, fileType): |     def unionWriteFile(self, localFile, remoteFile, fileType): | ||||||
|         errMsg = "'unionWriteFile' method must be defined " |         errMsg = "'unionWriteFile' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def stackedWriteFile(self, localFile, remoteFile, fileType): |     def stackedWriteFile(self, localFile, remoteFile, fileType): | ||||||
|         errMsg = "'stackedWriteFile' method must be defined " |         errMsg = "'stackedWriteFile' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def readFile(self, remoteFiles): |     def readFile(self, remoteFiles): | ||||||
|         localFilePaths = [] |         localFilePaths = [] | ||||||
|  |  | ||||||
|  | @ -22,17 +22,17 @@ class Fingerprint: | ||||||
|     def getFingerprint(self): |     def getFingerprint(self): | ||||||
|         errMsg = "'getFingerprint' method must be defined " |         errMsg = "'getFingerprint' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def checkDbms(self): |     def checkDbms(self): | ||||||
|         errMsg = "'checkDbms' method must be defined " |         errMsg = "'checkDbms' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def checkDbmsOs(self, detailed=False): |     def checkDbmsOs(self, detailed=False): | ||||||
|         errMsg = "'checkDbmsOs' method must be defined " |         errMsg = "'checkDbmsOs' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def forceDbmsEnum(self): |     def forceDbmsEnum(self): | ||||||
|         pass |         pass | ||||||
|  |  | ||||||
|  | @ -79,7 +79,7 @@ class Miscellaneous: | ||||||
|             first, last = 29, 9 |             first, last = 29, 9 | ||||||
| 
 | 
 | ||||||
|         else: |         else: | ||||||
|             raise SqlmapUnsupportedFeatureException, "unsupported DBMS" |             raise SqlmapUnsupportedFeatureException("unsupported DBMS") | ||||||
| 
 | 
 | ||||||
|         query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last) |         query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last) | ||||||
| 
 | 
 | ||||||
|  | @ -189,6 +189,6 @@ class Miscellaneous: | ||||||
|             condParam = "='%s'" |             condParam = "='%s'" | ||||||
|         else: |         else: | ||||||
|             errMsg = "invalid value" |             errMsg = "invalid value" | ||||||
|             raise SqlmapNoneDataException, errMsg |             raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         return choice, condParam |         return choice, condParam | ||||||
|  |  | ||||||
|  | @ -558,4 +558,4 @@ class Search: | ||||||
|         else: |         else: | ||||||
|             errMsg = "missing parameter, provide -D, -T or -C along " |             errMsg = "missing parameter, provide -D, -T or -C along " | ||||||
|             errMsg += "with --search" |             errMsg += "with --search" | ||||||
|             raise SqlmapMissingMandatoryOptionException, errMsg |             raise SqlmapMissingMandatoryOptionException(errMsg) | ||||||
|  |  | ||||||
|  | @ -19,10 +19,10 @@ class Syntax: | ||||||
|     def unescape(expression, quote=True): |     def unescape(expression, quote=True): | ||||||
|         errMsg = "'unescape' method must be defined " |         errMsg = "'unescape' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     def escape(expression): |     def escape(expression): | ||||||
|         errMsg = "'escape' method must be defined " |         errMsg = "'escape' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
|  |  | ||||||
|  | @ -124,7 +124,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): | ||||||
|                 errMsg += "if you want to establish an out-of-band ICMP " |                 errMsg += "if you want to establish an out-of-band ICMP " | ||||||
|                 errMsg += "tunnel because icmpsh uses raw sockets to " |                 errMsg += "tunnel because icmpsh uses raw sockets to " | ||||||
|                 errMsg += "sniff and craft ICMP packets" |                 errMsg += "sniff and craft ICMP packets" | ||||||
|                 raise SqlmapMissingPrivileges, errMsg |                 raise SqlmapMissingPrivileges(errMsg) | ||||||
| 
 | 
 | ||||||
|             try: |             try: | ||||||
|                 from impacket import ImpactDecoder |                 from impacket import ImpactDecoder | ||||||
|  | @ -133,7 +133,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): | ||||||
|                 errMsg = "sqlmap requires 'impacket' third-party library " |                 errMsg = "sqlmap requires 'impacket' third-party library " | ||||||
|                 errMsg += "in order to run icmpsh master. Download from " |                 errMsg += "in order to run icmpsh master. Download from " | ||||||
|                 errMsg += "http://oss.coresecurity.com/projects/impacket.html" |                 errMsg += "http://oss.coresecurity.com/projects/impacket.html" | ||||||
|                 raise SqlmapMissingDependence, errMsg |                 raise SqlmapMissingDependence(errMsg) | ||||||
| 
 | 
 | ||||||
|             sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all" |             sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all" | ||||||
| 
 | 
 | ||||||
|  | @ -325,7 +325,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous): | ||||||
|     def uncPathRequest(self): |     def uncPathRequest(self): | ||||||
|         errMsg = "'uncPathRequest' method must be defined " |         errMsg = "'uncPathRequest' method must be defined " | ||||||
|         errMsg += "into the specific DBMS plugin" |         errMsg += "into the specific DBMS plugin" | ||||||
|         raise SqlmapUndefinedMethod, errMsg |         raise SqlmapUndefinedMethod(errMsg) | ||||||
| 
 | 
 | ||||||
|     def _regInit(self): |     def _regInit(self): | ||||||
|         if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: |         if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: | ||||||
|  |  | ||||||
|  | @ -116,7 +116,7 @@ class Users: | ||||||
| 
 | 
 | ||||||
|             if not isNumPosStrValue(count): |             if not isNumPosStrValue(count): | ||||||
|                 errMsg = "unable to retrieve the number of database users" |                 errMsg = "unable to retrieve the number of database users" | ||||||
|                 raise SqlmapNoneDataException, errMsg |                 raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|             plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2) |             plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2) | ||||||
|             indexRange = getLimitRange(count, plusOne=plusOne) |             indexRange = getLimitRange(count, plusOne=plusOne) | ||||||
|  | @ -135,7 +135,7 @@ class Users: | ||||||
| 
 | 
 | ||||||
|         if not kb.data.cachedUsers: |         if not kb.data.cachedUsers: | ||||||
|             errMsg = "unable to retrieve the database users" |             errMsg = "unable to retrieve the database users" | ||||||
|             raise SqlmapNoneDataException, errMsg |             raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         return kb.data.cachedUsers |         return kb.data.cachedUsers | ||||||
| 
 | 
 | ||||||
|  | @ -296,7 +296,7 @@ class Users: | ||||||
|             errMsg += "database users (most probably because the session " |             errMsg += "database users (most probably because the session " | ||||||
|             errMsg += "user has no read privileges over the relevant " |             errMsg += "user has no read privileges over the relevant " | ||||||
|             errMsg += "system database table)" |             errMsg += "system database table)" | ||||||
|             raise SqlmapNoneDataException, errMsg |             raise SqlmapNoneDataException(errMsg) | ||||||
|         else: |         else: | ||||||
|             for user in kb.data.cachedUsersPasswords: |             for user in kb.data.cachedUsersPasswords: | ||||||
|                 kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user])) |                 kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user])) | ||||||
|  | @ -585,7 +585,7 @@ class Users: | ||||||
|         if not kb.data.cachedUsersPrivileges: |         if not kb.data.cachedUsersPrivileges: | ||||||
|             errMsg = "unable to retrieve the privileges " |             errMsg = "unable to retrieve the privileges " | ||||||
|             errMsg += "for the database users" |             errMsg += "for the database users" | ||||||
|             raise SqlmapNoneDataException, errMsg |             raise SqlmapNoneDataException(errMsg) | ||||||
| 
 | 
 | ||||||
|         return (kb.data.cachedUsersPrivileges, areAdmins) |         return (kb.data.cachedUsersPrivileges, areAdmins) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user