sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:sqlmapproject/sqlmap

Browse Source
This commit is contained in:
Bernardo Damele 2013-01-07 11:10:08 +00:00
commit 7fa75792dd
87 changed files with 362 additions and 359 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
extra/sqlharvest/sqlharvest.py
View File

@ -92,7 +92,7 @@ def main():
req = urllib2.Request(sqlfile) req = urllib2.Request(sqlfile)
response = urllib2.urlopen(req) response = urllib2.urlopen(req)
if response.headers.has_key("Content-Length"): if "Content-Length" in response.headers:
if int(response.headers.get("Content-Length")) > MAX_FILE_SIZE: if int(response.headers.get("Content-Length")) > MAX_FILE_SIZE:
continue continue

2
lib/controller/action.py
View File

@ -51,7 +51,7 @@ def action():
errMsg += ". Support for this DBMS will be implemented at " errMsg += ". Support for this DBMS will be implemented at "
errMsg += "some point" errMsg += "some point"
raise SqlmapUnsupportedDBMSException, errMsg raise SqlmapUnsupportedDBMSException(errMsg)
conf.dumper.singleString(conf.dbmsHandler.getFingerprint()) conf.dumper.singleString(conf.dbmsHandler.getFingerprint())

10
lib/controller/checks.py
View File

@ -879,7 +879,7 @@ def checkStability():
kb.nullConnection = None kb.nullConnection = None
else: else:
errMsg = "Empty value supplied" errMsg = "Empty value supplied"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
elif test and test[0] in ("r", "R"): elif test and test[0] in ("r", "R"):
message = "please enter value for parameter 'regex': " message = "please enter value for parameter 'regex': "
@ -896,7 +896,7 @@ def checkStability():
kb.nullConnection = None kb.nullConnection = None
else: else:
errMsg = "Empty value supplied" errMsg = "Empty value supplied"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
else: else:
checkDynamicContent(firstPage, secondPage) checkDynamicContent(firstPage, secondPage)
@ -1027,7 +1027,7 @@ def checkNullConnection():
except SqlmapConnectionException, errMsg: except SqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg) errMsg = getUnicode(errMsg)
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)
return kb.nullConnection is not None return kb.nullConnection is not None
@ -1037,7 +1037,7 @@ def checkConnection(suppressOutput=False):
socket.getaddrinfo(conf.hostname, None) socket.getaddrinfo(conf.hostname, None)
except socket.gaierror: except socket.gaierror:
errMsg = "host '%s' does not exist" % conf.hostname errMsg = "host '%s' does not exist" % conf.hostname
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)
if not suppressOutput: if not suppressOutput:
infoMsg = "testing connection to the target url" infoMsg = "testing connection to the target url"
@ -1051,7 +1051,7 @@ def checkConnection(suppressOutput=False):
if not kb.originalPage and wasLastRequestHTTPError(): if not kb.originalPage and wasLastRequestHTTPError():
errMsg = "unable to retrieve page content" errMsg = "unable to retrieve page content"
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)
elif wasLastRequestDBMSError(): elif wasLastRequestDBMSError():
warnMsg = "there is a DBMS error found in the HTTP response body " warnMsg = "there is a DBMS error found in the HTTP response body "
warnMsg += "which could interfere with the results of the tests" warnMsg += "which could interfere with the results of the tests"

14
lib/controller/controller.py
View File

@ -117,7 +117,7 @@ def _selectInjection():
raise SqlmapUserQuitException raise SqlmapUserQuitException
else: else:
errMsg = "invalid choice" errMsg = "invalid choice"
raise SqlmapValueException, errMsg raise SqlmapValueException(errMsg)
kb.injection = kb.injections[index] kb.injection = kb.injections[index]
@ -365,13 +365,13 @@ def start():
# a warning message to the user in case the page is not stable # a warning message to the user in case the page is not stable
checkStability() checkStability()
# Do a little prioritization reorder of a testable parameter list # Do a little prioritization reorder of a testable parameter list
parameters = conf.parameters.keys() parameters = conf.parameters.keys()
# Order of testing list (last to first) # Order of testing list (first to last)
orderList = (PLACE.URI, PLACE.GET, PLACE.POST, PLACE.CUSTOM_POST) orderList = (PLACE.CUSTOM_POST, PLACE.URI, PLACE.POST, PLACE.GET)
for place in orderList: for place in orderList[::-1]:
if place in parameters: if place in parameters:
parameters.remove(place) parameters.remove(place)
parameters.insert(0, place) parameters.insert(0, place)
@ -496,7 +496,7 @@ def start():
if kb.vainRun and not conf.multipleTargets: if kb.vainRun and not conf.multipleTargets:
errMsg = "no parameter(s) found for testing in the provided data " errMsg = "no parameter(s) found for testing in the provided data "
errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')" errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
else: else:
errMsg = "all tested parameters appear to be not injectable." errMsg = "all tested parameters appear to be not injectable."
@ -544,7 +544,7 @@ def start():
errMsg += "expression that you have choosen " errMsg += "expression that you have choosen "
errMsg += "does not match exclusively True responses" errMsg += "does not match exclusively True responses"
raise SqlmapNotVulnerableException, errMsg raise SqlmapNotVulnerableException(errMsg)
else: else:
# Flush the flag # Flush the flag
kb.testMode = False kb.testMode = False

2
lib/core/agent.py
View File

@ -252,7 +252,7 @@ class Agent(object):
else: else:
errMsg = "invalid usage of inference payload without " errMsg = "invalid usage of inference payload without "
errMsg += "knowledge of underlying DBMS" errMsg += "knowledge of underlying DBMS"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
return payload return payload

42
lib/core/common.py
View File

@ -736,7 +736,7 @@ def dataToTrafficFile(data):
except IOError, ex: except IOError, ex:
errMsg = "something went wrong while trying " errMsg = "something went wrong while trying "
errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex) errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex)
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
def dataToDumpFile(dumpFile, data): def dataToDumpFile(dumpFile, data):
dumpFile.write(data) dumpFile.write(data)
@ -861,7 +861,7 @@ def checkFile(filename):
""" """
if not os.path.isfile(filename): if not os.path.isfile(filename):
raise SqlmapFilePathException, "unable to read file '%s'" % filename raise SqlmapFilePathException("unable to read file '%s'" % filename)
def banner(): def banner():
""" """
@ -997,7 +997,7 @@ def parseTargetDirect():
errMsg = "invalid target details, valid syntax is for instance " errMsg = "invalid target details, valid syntax is for instance "
errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' " errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' "
errMsg += "or 'access://DATABASE_FILEPATH'" errMsg += "or 'access://DATABASE_FILEPATH'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
for dbmsName, data in DBMS_DICT.items(): for dbmsName, data in DBMS_DICT.items():
if conf.dbms in data[0]: if conf.dbms in data[0]:
@ -1012,7 +1012,7 @@ def parseTargetDirect():
conf.port = 0 conf.port = 0
elif not remote: elif not remote:
errMsg = "missing remote connection details" errMsg = "missing remote connection details"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if dbmsName in (DBMS.MSSQL, DBMS.SYBASE): if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):
import _mssql import _mssql
@ -1022,7 +1022,7 @@ def parseTargetDirect():
errMsg = "'%s' third-party library must be " % data[1] errMsg = "'%s' third-party library must be " % data[1]
errMsg += "version >= 1.0.2 to work properly. " errMsg += "version >= 1.0.2 to work properly. "
errMsg += "Download from '%s'" % data[2] errMsg += "Download from '%s'" % data[2]
raise SqlmapMissingDependence, errMsg raise SqlmapMissingDependence(errMsg)
elif dbmsName == DBMS.MYSQL: elif dbmsName == DBMS.MYSQL:
import pymysql import pymysql
@ -1040,7 +1040,7 @@ def parseTargetDirect():
errMsg = "sqlmap requires '%s' third-party library " % data[1] errMsg = "sqlmap requires '%s' third-party library " % data[1]
errMsg += "in order to directly connect to the database " errMsg += "in order to directly connect to the database "
errMsg += "%s. Download from '%s'" % (dbmsName, data[2]) errMsg += "%s. Download from '%s'" % (dbmsName, data[2])
raise SqlmapMissingDependence, errMsg raise SqlmapMissingDependence(errMsg)
def parseTargetUrl(): def parseTargetUrl():
""" """
@ -1055,7 +1055,7 @@ def parseTargetUrl():
if re.search("\[.+\]", conf.url) and not socket.has_ipv6: if re.search("\[.+\]", conf.url) and not socket.has_ipv6:
errMsg = "IPv6 addressing is not supported " errMsg = "IPv6 addressing is not supported "
errMsg += "on this platform" errMsg += "on this platform"
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
if not re.search("^http[s]*://", conf.url, re.I): if not re.search("^http[s]*://", conf.url, re.I):
if ":443/" in conf.url: if ":443/" in conf.url:
@ -1083,14 +1083,14 @@ def parseTargetUrl():
if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))): if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))):
errMsg = "invalid target url" errMsg = "invalid target url"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if len(hostnamePort) == 2: if len(hostnamePort) == 2:
try: try:
conf.port = int(hostnamePort[1]) conf.port = int(hostnamePort[1])
except: except:
errMsg = "invalid target url" errMsg = "invalid target url"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
elif conf.scheme == "https": elif conf.scheme == "https":
conf.port = 443 conf.port = 443
else: else:
@ -1353,7 +1353,7 @@ def safeStringFormat(format_, params):
if count < len(params): if count < len(params):
retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:] retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:]
else: else:
raise SqlmapNoneDataException, "wrong number of parameters during string formatting" raise SqlmapNoneDataException("wrong number of parameters during string formatting")
count += 1 count += 1
return retVal return retVal
@ -2377,7 +2377,7 @@ def initTechnique(technique=None):
errMsg = "missing data in old session file(s). " errMsg = "missing data in old session file(s). "
errMsg += "Please use '--flush-session' to deal " errMsg += "Please use '--flush-session' to deal "
errMsg += "with this error" errMsg += "with this error"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
def arrayizeValue(value): def arrayizeValue(value):
""" """
@ -2496,7 +2496,7 @@ def openFile(filename, mode='r'):
errMsg += "Please check %s permissions on a file " % ("write" if \ errMsg += "Please check %s permissions on a file " % ("write" if \
mode and ('w' in mode or 'a' in mode or '+' in mode) else "read") mode and ('w' in mode or 'a' in mode or '+' in mode) else "read")
errMsg += "and that it's not locked by another process." errMsg += "and that it's not locked by another process."
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
def decodeIntToUnicode(value): def decodeIntToUnicode(value):
""" """
@ -2810,7 +2810,7 @@ def expandMnemonics(mnemonics, parser, args):
if pointer in (None, head): if pointer in (None, head):
errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
elif len(pointer.current) > 1: elif len(pointer.current) > 1:
options = {} options = {}
@ -2849,7 +2849,7 @@ def expandMnemonics(mnemonics, parser, args):
setattr(args, found.dest, True) setattr(args, found.dest, True)
else: else:
errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type) errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type)
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
def safeCSValue(value): def safeCSValue(value):
""" """
@ -2997,7 +2997,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
if not content: if not content:
errMsg = "can't parse forms as the page content appears to be blank" errMsg = "can't parse forms as the page content appears to be blank"
if raise_: if raise_:
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
else: else:
logger.debug(errMsg) logger.debug(errMsg)
@ -3017,7 +3017,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
except ParseError: except ParseError:
errMsg = "no success" errMsg = "no success"
if raise_: if raise_:
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
else: else:
logger.debug(errMsg) logger.debug(errMsg)
@ -3038,7 +3038,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
errMsg = "there has been a problem while " errMsg = "there has been a problem while "
errMsg += "processing page forms ('%s')" % ex errMsg += "processing page forms ('%s')" % ex
if raise_: if raise_:
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
else: else:
logger.debug(errMsg) logger.debug(errMsg)
else: else:
@ -3057,7 +3057,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
else: else:
errMsg = "there were no forms found at the given target url" errMsg = "there were no forms found at the given target url"
if raise_: if raise_:
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
else: else:
logger.debug(errMsg) logger.debug(errMsg)
@ -3105,7 +3105,7 @@ def checkDeprecatedOptions(args):
errMsg = "switch/option '%s' is deprecated" % _ errMsg = "switch/option '%s' is deprecated" % _
if _ in DEPRECATED_HINTS: if _ in DEPRECATED_HINTS:
errMsg += " (hint: %s)" % DEPRECATED_HINTS[_] errMsg += " (hint: %s)" % DEPRECATED_HINTS[_]
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
def evaluateCode(code, variables=None): def evaluateCode(code, variables=None):
""" """
@ -3118,7 +3118,7 @@ def evaluateCode(code, variables=None):
raise raise
except Exception, ex: except Exception, ex:
errMsg = "an error occured while evaluating provided code ('%s'). " % ex errMsg = "an error occured while evaluating provided code ('%s'). " % ex
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
def serializeObject(object_): def serializeObject(object_):
""" """
@ -3259,7 +3259,7 @@ def resetCookieJar(cookieJar):
except cookielib.LoadError, msg: except cookielib.LoadError, msg:
errMsg = "there was a problem loading " errMsg = "there was a problem loading "
errMsg += "cookies file ('%s')" % msg errMsg += "cookies file ('%s')" % msg
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
def prioritySortColumns(columns): def prioritySortColumns(columns):
""" """

4
lib/core/convert.py
View File

@ -47,7 +47,7 @@ def hexencode(value):
return utf8encode(value).encode("hex") return utf8encode(value).encode("hex")
def md5hash(value): def md5hash(value):
if sys.modules.has_key('hashlib'): if "hashlib" in sys.modules:
return hashlib.md5(value).hexdigest() return hashlib.md5(value).hexdigest()
else: else:
return md5.new(value).hexdigest() return md5.new(value).hexdigest()
@ -60,7 +60,7 @@ def ordencode(value):
return tuple(ord(char) for char in value) return tuple(ord(char) for char in value)
def sha1hash(value): def sha1hash(value):
if sys.modules.has_key('hashlib'): if "hashlib" in sys.modules:
return hashlib.sha1(value).hexdigest() return hashlib.sha1(value).hexdigest()
else: else:
return sha.new(value).hexdigest() return sha.new(value).hexdigest()

6
lib/core/datatype.py
View File

@ -38,7 +38,7 @@ class AttribDict(dict):
try: try:
return self.__getitem__(item) return self.__getitem__(item)
except KeyError: except KeyError:
raise SqlmapDataException, "unable to access item '%s'" % item raise SqlmapDataException("unable to access item '%s'" % item)
def __setattr__(self, item, value): def __setattr__(self, item, value):
""" """
@ -47,11 +47,11 @@ class AttribDict(dict):
""" """
# This test allows attributes to be set in the __init__ method # This test allows attributes to be set in the __init__ method
if not self.__dict__.has_key('_AttribDict__initialised'): if "_AttribDict__initialised" not in self.__dict__:
return dict.__setattr__(self, item, value) return dict.__setattr__(self, item, value)
# Any normal attributes are handled normally # Any normal attributes are handled normally
elif self.__dict__.has_key(item): elif item in self.__dict__:
dict.__setattr__(self, item, value) dict.__setattr__(self, item, value)
else: else:

84
lib/core/dicts.py
View File

@ -21,51 +21,51 @@ from lib.core.settings import SYBASE_ALIASES
from lib.core.settings import DB2_ALIASES from lib.core.settings import DB2_ALIASES
FIREBIRD_TYPES = { FIREBIRD_TYPES = {
"261":"BLOB", "261": "BLOB",
"14":"CHAR", "14": "CHAR",
"40":"CSTRING", "40": "CSTRING",
"11":"D_FLOAT", "11": "D_FLOAT",
"27":"DOUBLE", "27": "DOUBLE",
"10":"FLOAT", "10": "FLOAT",
"16":"INT64", "16": "INT64",
"8":"INTEGER", "8": "INTEGER",
"9":"QUAD", "9": "QUAD",
"7":"SMALLINT", "7": "SMALLINT",
"12":"DATE", "12": "DATE",
"13":"TIME", "13": "TIME",
"35":"TIMESTAMP", "35": "TIMESTAMP",
"37":"VARCHAR" "37": "VARCHAR"
} }
SYBASE_TYPES = { SYBASE_TYPES = {
"14":"floatn", "14": "floatn",
"8":"float", "8": "float",
"15":"datetimn", "15": "datetimn",
"12":"datetime", "12": "datetime",
"23":"real", "23": "real",
"28":"numericn", "28": "numericn",
"10":"numeric", "10": "numeric",
"27":"decimaln", "27": "decimaln",
"26":"decimal", "26": "decimal",
"17":"moneyn", "17": "moneyn",
"11":"money", "11": "money",
"21":"smallmoney", "21": "smallmoney",
"22":"smalldatetime", "22": "smalldatetime",
"13":"intn", "13": "intn",
"7":"int", "7": "int",
"6":"smallint", "6": "smallint",
"5":"tinyint", "5": "tinyint",
"16":"bit", "16": "bit",
"2":"varchar", "2": "varchar",
"18":"sysname", "18": "sysname",
"25":"nvarchar", "25": "nvarchar",
"1":"char", "1": "char",
"24":"nchar", "24": "nchar",
"4":"varbinary", "4": "varbinary",
"80":"timestamp", "80": "timestamp",
"3":"binary", "3": "binary",
"19":"text", "19": "text",
"20":"image", "20": "image",
} }
MYSQL_PRIVS = { MYSQL_PRIVS = {

2
lib/core/dump.py
View File

@ -70,7 +70,7 @@ class Dump(object):
self._outputFP = codecs.open(self._outputFile, "ab" if not conf.flushSession else "wb", UNICODE_ENCODING) self._outputFP = codecs.open(self._outputFile, "ab" if not conf.flushSession else "wb", UNICODE_ENCODING)
except IOError, ex: except IOError, ex:
errMsg = "error occurred while opening log file ('%s')" % ex errMsg = "error occurred while opening log file ('%s')" % ex
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
def getOutputFile(self): def getOutputFile(self):
return self._outputFile return self._outputFile

50
lib/core/enums.py
View File

@ -24,7 +24,7 @@ class SORT_ORDER:
class DBMS: class DBMS:
ACCESS = "Microsoft Access" ACCESS = "Microsoft Access"
DB2 = "IBM DB2" DB2 = "IBM DB2"
FIREBIRD = "Firebird" FIREBIRD = "Firebird"
MAXDB = "SAP MaxDB" MAXDB = "SAP MaxDB"
MSSQL = "Microsoft SQL Server" MSSQL = "Microsoft SQL Server"
@ -173,39 +173,39 @@ class REDIRECTION:
class PAYLOAD: class PAYLOAD:
SQLINJECTION = { SQLINJECTION = {
1: "boolean-based blind", 1: "boolean-based blind",
2: "error-based", 2: "error-based",
3: "UNION query", 3: "UNION query",
4: "stacked queries", 4: "stacked queries",
5: "AND/OR time-based blind", 5: "AND/OR time-based blind",
6: "inline query" 6: "inline query"
} }
PARAMETER = { PARAMETER = {
1: "Unescaped numeric", 1: "Unescaped numeric",
2: "Single quoted string", 2: "Single quoted string",
3: "LIKE single quoted string", 3: "LIKE single quoted string",
4: "Double quoted string", 4: "Double quoted string",
5: "LIKE double quoted string" 5: "LIKE double quoted string"
} }
RISK = { RISK = {
0: "No risk", 0: "No risk",
1: "Low risk", 1: "Low risk",
2: "Medium risk", 2: "Medium risk",
3: "High risk" 3: "High risk"
} }
CLAUSE = { CLAUSE = {
0: "Always", 0: "Always",
1: "WHERE", 1: "WHERE",
2: "GROUP BY", 2: "GROUP BY",
3: "ORDER BY", 3: "ORDER BY",
4: "LIMIT", 4: "LIMIT",
5: "OFFSET", 5: "OFFSET",
6: "TOP", 6: "TOP",
7: "Table name", 7: "Table name",
8: "Column name" 8: "Column name"
} }
class METHOD: class METHOD:

134
lib/core/option.py
View File

@ -388,7 +388,7 @@ def _setMultipleTargets():
if not os.path.exists(conf.logFile): if not os.path.exists(conf.logFile):
errMsg = "the specified list of targets does not exist" errMsg = "the specified list of targets does not exist"
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
if os.path.isfile(conf.logFile): if os.path.isfile(conf.logFile):
_feedTargetsDict(conf.logFile, addedTargetUrls) _feedTargetsDict(conf.logFile, addedTargetUrls)
@ -406,7 +406,7 @@ def _setMultipleTargets():
else: else:
errMsg = "the specified list of targets is not a file " errMsg = "the specified list of targets is not a file "
errMsg += "nor a directory" errMsg += "nor a directory"
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
updatedTargetsCount = len(kb.targets) updatedTargetsCount = len(kb.targets)
@ -453,7 +453,7 @@ def _setRequestFromFile():
if not os.path.isfile(conf.requestFile): if not os.path.isfile(conf.requestFile):
errMsg = "the specified HTTP request file " errMsg = "the specified HTTP request file "
errMsg += "does not exist" errMsg += "does not exist"
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
_feedTargetsDict(conf.requestFile, addedTargetUrls) _feedTargetsDict(conf.requestFile, addedTargetUrls)
@ -504,7 +504,7 @@ def _setGoogleDorking():
if not links: if not links:
errMsg = "unable to find results for your " errMsg = "unable to find results for your "
errMsg += "Google dork expression" errMsg += "Google dork expression"
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
for link in links: for link in links:
link = urldecode(link) link = urldecode(link)
@ -560,7 +560,7 @@ def _setBulkMultipleTargets():
if not os.path.isfile(conf.bulkFile): if not os.path.isfile(conf.bulkFile):
errMsg = "the specified bulk file " errMsg = "the specified bulk file "
errMsg += "does not exist" errMsg += "does not exist"
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
for line in getFileItems(conf.bulkFile): for line in getFileItems(conf.bulkFile):
if re.search(r"[^ ]+\?(.+)", line, re.I): if re.search(r"[^ ]+\?(.+)", line, re.I):
@ -597,7 +597,7 @@ def _setDBMSAuthentication():
if not match: if not match:
errMsg = "DBMS authentication credentials value must be in format " errMsg = "DBMS authentication credentials value must be in format "
errMsg += "username:password" errMsg += "username:password"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
conf.dbmsUsername = match.group(1) conf.dbmsUsername = match.group(1)
conf.dbmsPassword = match.group(2) conf.dbmsPassword = match.group(2)
@ -638,7 +638,7 @@ def _setMetasploit():
errMsg += "if you want to perform a SMB relay attack because " errMsg += "if you want to perform a SMB relay attack because "
errMsg += "it will need to listen on a user-specified SMB " errMsg += "it will need to listen on a user-specified SMB "
errMsg += "TCP port for incoming connection attempts" errMsg += "TCP port for incoming connection attempts"
raise SqlmapMissingPrivileges, errMsg raise SqlmapMissingPrivileges(errMsg)
if conf.msfPath: if conf.msfPath:
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")): for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
@ -687,7 +687,7 @@ def _setMetasploit():
if not msfEnvPathExists: if not msfEnvPathExists:
errMsg = "unable to locate Metasploit Framework installation. " errMsg = "unable to locate Metasploit Framework installation. "
errMsg += "You can get it at 'http://metasploit.com/framework/download/'" errMsg += "You can get it at 'http://metasploit.com/framework/download/'"
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
def _setWriteFile(): def _setWriteFile():
if not conf.wFile: if not conf.wFile:
@ -698,12 +698,12 @@ def _setWriteFile():
if not os.path.exists(conf.wFile): if not os.path.exists(conf.wFile):
errMsg = "the provided local file '%s' does not exist" % conf.wFile errMsg = "the provided local file '%s' does not exist" % conf.wFile
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
if not conf.dFile: if not conf.dFile:
errMsg = "you did not provide the back-end DBMS absolute path " errMsg = "you did not provide the back-end DBMS absolute path "
errMsg += "where you want to write the local file '%s'" % conf.wFile errMsg += "where you want to write the local file '%s'" % conf.wFile
raise SqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException(errMsg)
conf.wFileType = getFileType(conf.wFile) conf.wFileType = getFileType(conf.wFile)
@ -722,7 +722,7 @@ def _setOS():
errMsg += "If you do not know the back-end DBMS underlying OS, " errMsg += "If you do not know the back-end DBMS underlying OS, "
errMsg += "do not provide it and sqlmap will fingerprint it for " errMsg += "do not provide it and sqlmap will fingerprint it for "
errMsg += "you." errMsg += "you."
raise SqlmapUnsupportedDBMSException, errMsg raise SqlmapUnsupportedDBMSException(errMsg)
debugMsg = "forcing back-end DBMS operating system to user defined " debugMsg = "forcing back-end DBMS operating system to user defined "
debugMsg += "value '%s'" % conf.os debugMsg += "value '%s'" % conf.os
@ -742,7 +742,7 @@ def _setTechnique():
errMsg = "value for --technique must be a string composed " errMsg = "value for --technique must be a string composed "
errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters) errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters)
errMsg += "user's manual for details" errMsg += "user's manual for details"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
for validTech, validInt in validTechniques: for validTech, validInt in validTechniques:
if letter == validTech[0]: if letter == validTech[0]:
@ -774,7 +774,7 @@ def _setDBMS():
errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT]) errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT])
errMsg += "If you do not know the back-end DBMS, do not provide " errMsg += "If you do not know the back-end DBMS, do not provide "
errMsg += "it and sqlmap will fingerprint it for you." errMsg += "it and sqlmap will fingerprint it for you."
raise SqlmapUnsupportedDBMSException, errMsg raise SqlmapUnsupportedDBMSException(errMsg)
for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \ for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \
SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \ SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \
@ -808,11 +808,11 @@ def _setTamperingFunctions():
elif not os.path.exists(tfile): elif not os.path.exists(tfile):
errMsg = "tamper script '%s' does not exist" % tfile errMsg = "tamper script '%s' does not exist" % tfile
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
elif not tfile.endswith('.py'): elif not tfile.endswith('.py'):
errMsg = "tamper script '%s' should have an extension '.py'" % tfile errMsg = "tamper script '%s' should have an extension '.py'" % tfile
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
dirname, filename = os.path.split(tfile) dirname, filename = os.path.split(tfile)
dirname = os.path.abspath(dirname) dirname = os.path.abspath(dirname)
@ -823,7 +823,7 @@ def _setTamperingFunctions():
if not os.path.exists(os.path.join(dirname, '__init__.py')): if not os.path.exists(os.path.join(dirname, '__init__.py')):
errMsg = "make sure that there is an empty file '__init__.py' " errMsg = "make sure that there is an empty file '__init__.py' "
errMsg += "inside of tamper scripts directory '%s'" % dirname errMsg += "inside of tamper scripts directory '%s'" % dirname
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
if dirname not in sys.path: if dirname not in sys.path:
sys.path.insert(0, dirname) sys.path.insert(0, dirname)
@ -831,7 +831,7 @@ def _setTamperingFunctions():
try: try:
module = __import__(filename[:-3]) module = __import__(filename[:-3])
except ImportError, msg: except ImportError, msg:
raise SqlmapSyntaxException, "cannot import tamper script '%s' (%s)" % (filename[:-3], msg) raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], msg))
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__ priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
@ -866,7 +866,7 @@ def _setTamperingFunctions():
if not found: if not found:
errMsg = "missing function 'tamper(payload, headers)' " errMsg = "missing function 'tamper(payload, headers)' "
errMsg += "in tamper script '%s'" % tfile errMsg += "in tamper script '%s'" % tfile
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
if resolve_priorities and priorities: if resolve_priorities and priorities:
priorities.sort(reverse=True) priorities.sort(reverse=True)
@ -929,14 +929,14 @@ def _setHTTPProxy():
if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)): if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)):
errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE)) errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.pCred: if conf.pCred:
_ = re.search("^(.*?):(.*?)$", conf.pCred) _ = re.search("^(.*?):(.*?)$", conf.pCred)
if not _: if not _:
errMsg = "Proxy authentication credentials " errMsg = "Proxy authentication credentials "
errMsg += "value must be in format username:password" errMsg += "value must be in format username:password"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
else: else:
username = _.group(1) username = _.group(1)
password = _.group(2) password = _.group(2)
@ -979,7 +979,7 @@ def _setSafeUrl():
if conf.saFreq <= 0: if conf.saFreq <= 0:
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature" errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
def _setPrefixSuffix(): def _setPrefixSuffix():
if conf.prefix is not None and conf.suffix is not None: if conf.prefix is not None and conf.suffix is not None:
@ -1033,12 +1033,12 @@ def _setHTTPAuthentication():
elif conf.aType and not conf.aCred: elif conf.aType and not conf.aCred:
errMsg = "you specified the HTTP authentication type, but " errMsg = "you specified the HTTP authentication type, but "
errMsg += "did not provide the credentials" errMsg += "did not provide the credentials"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
elif not conf.aType and conf.aCred: elif not conf.aType and conf.aCred:
errMsg = "you specified the HTTP authentication credentials, " errMsg = "you specified the HTTP authentication credentials, "
errMsg += "but did not provide the type" errMsg += "but did not provide the type"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if not conf.aCert: if not conf.aCert:
debugMsg = "setting the HTTP authentication type and credentials" debugMsg = "setting the HTTP authentication type and credentials"
@ -1049,7 +1049,7 @@ def _setHTTPAuthentication():
if aTypeLower not in ( "basic", "digest", "ntlm" ): if aTypeLower not in ( "basic", "digest", "ntlm" ):
errMsg = "HTTP authentication type value must be " errMsg = "HTTP authentication type value must be "
errMsg += "Basic, Digest or NTLM" errMsg += "Basic, Digest or NTLM"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
elif aTypeLower in ( "basic", "digest" ): elif aTypeLower in ( "basic", "digest" ):
regExp = "^(.*?):(.*?)$" regExp = "^(.*?):(.*?)$"
errMsg = "HTTP %s authentication credentials " % aTypeLower errMsg = "HTTP %s authentication credentials " % aTypeLower
@ -1062,7 +1062,7 @@ def _setHTTPAuthentication():
aCredRegExp = re.search(regExp, conf.aCred) aCredRegExp = re.search(regExp, conf.aCred)
if not aCredRegExp: if not aCredRegExp:
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
conf.authUsername = aCredRegExp.group(1) conf.authUsername = aCredRegExp.group(1)
conf.authPassword = aCredRegExp.group(2) conf.authPassword = aCredRegExp.group(2)
@ -1084,7 +1084,7 @@ def _setHTTPAuthentication():
errMsg = "sqlmap requires Python NTLM third-party library " errMsg = "sqlmap requires Python NTLM third-party library "
errMsg += "in order to authenticate via NTLM, " errMsg += "in order to authenticate via NTLM, "
errMsg += "http://code.google.com/p/python-ntlm/" errMsg += "http://code.google.com/p/python-ntlm/"
raise SqlmapMissingDependence, errMsg raise SqlmapMissingDependence(errMsg)
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr) authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)
else: else:
@ -1096,7 +1096,7 @@ def _setHTTPAuthentication():
if not aCertRegExp: if not aCertRegExp:
errMsg = "HTTP authentication certificate option " errMsg = "HTTP authentication certificate option "
errMsg += "must be in format key_file,cert_file" errMsg += "must be in format key_file,cert_file"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
# os.path.expanduser for support of paths with ~ # os.path.expanduser for support of paths with ~
key_file = os.path.expanduser(aCertRegExp.group(1)) key_file = os.path.expanduser(aCertRegExp.group(1))
@ -1105,7 +1105,7 @@ def _setHTTPAuthentication():
for ifile in (key_file, cert_file): for ifile in (key_file, cert_file):
if not os.path.exists(ifile): if not os.path.exists(ifile):
errMsg = "File '%s' does not exist" % ifile errMsg = "File '%s' does not exist" % ifile
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
authHandler = HTTPSCertAuthHandler(key_file, cert_file) authHandler = HTTPSCertAuthHandler(key_file, cert_file)
@ -1134,7 +1134,7 @@ def _setHTTPExtraHeaders():
conf.httpHeaders.append((header, value)) conf.httpHeaders.append((header, value))
else: else:
errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u') errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u')
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
elif not conf.httpHeaders or len(conf.httpHeaders) == 1: elif not conf.httpHeaders or len(conf.httpHeaders) == 1:
conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5")) conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5"))
@ -1809,13 +1809,13 @@ def _setDNSServer():
except socket.error, msg: except socket.error, msg:
errMsg = "there was an error while setting up " errMsg = "there was an error while setting up "
errMsg += "DNS server instance ('%s')" % msg errMsg += "DNS server instance ('%s')" % msg
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
else: else:
errMsg = "you need to run sqlmap as an administrator " errMsg = "you need to run sqlmap as an administrator "
errMsg += "if you want to perform a DNS data exfiltration attack " errMsg += "if you want to perform a DNS data exfiltration attack "
errMsg += "as it will need to listen on privileged UDP port 53 " errMsg += "as it will need to listen on privileged UDP port 53 "
errMsg += "for incoming address resolution attempts" errMsg += "for incoming address resolution attempts"
raise SqlmapMissingPrivileges, errMsg raise SqlmapMissingPrivileges(errMsg)
def _setTorProxySettings(): def _setTorProxySettings():
if not conf.tor: if not conf.tor:
@ -1856,7 +1856,7 @@ def _setTorHttpProxySettings():
else: else:
errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)" errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)"
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)
if not conf.checkTor: if not conf.checkTor:
warnMsg = "use switch '--check-tor' at " warnMsg = "use switch '--check-tor' at "
@ -1885,7 +1885,7 @@ def _checkTor():
page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False) page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False)
if not page or 'Congratulations' not in page: if not page or 'Congratulations' not in page:
errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'" errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'"
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)
else: else:
infoMsg = "Tor is properly being used" infoMsg = "Tor is properly being used"
logger.info(infoMsg) logger.info(infoMsg)
@ -1893,135 +1893,135 @@ def _checkTor():
def _basicOptionValidation(): def _basicOptionValidation():
if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0): if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0):
errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)" errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0): if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0):
errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)" errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0): if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0):
errMsg = "value for option '--level' must be an integer value greater than zero (>0)" errMsg = "value for option '--level' must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0): if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0):
errMsg = "value for option '--risk' must be an integer value greater than zero (>0)" errMsg = "value for option '--risk' must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \ if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart: conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart:
errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option" errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \ if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \
conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar: conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar:
errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option" errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0): if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0):
errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]" errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.textOnly and conf.nullConnection: if conf.textOnly and conf.nullConnection:
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'" errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.titles and conf.nullConnection: if conf.titles and conf.nullConnection:
errMsg = "switch '--titles' is incompatible with switch '--null-connection'" errMsg = "switch '--titles' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.data and conf.nullConnection: if conf.data and conf.nullConnection:
errMsg = "option '--data' is incompatible with switch '--null-connection'" errMsg = "option '--data' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.string and conf.nullConnection: if conf.string and conf.nullConnection:
errMsg = "option '--string' is incompatible with switch '--null-connection'" errMsg = "option '--string' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.notString and conf.nullConnection: if conf.notString and conf.nullConnection:
errMsg = "option '--not-string' is incompatible with switch '--null-connection'" errMsg = "option '--not-string' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.string and conf.notString: if conf.string and conf.notString:
errMsg = "option '--string' is incompatible with switch '--not-string'" errMsg = "option '--string' is incompatible with switch '--not-string'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.regexp and conf.nullConnection: if conf.regexp and conf.nullConnection:
errMsg = "option '--regexp' is incompatible with switch '--null-connection'" errMsg = "option '--regexp' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.dumpTable and conf.dumpAll: if conf.dumpTable and conf.dumpAll:
errMsg = "switch '--dump' is incompatible with switch '--dump-all'" errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.predictOutput and (conf.threads > 1 or conf.optimize): if conf.predictOutput and (conf.threads > 1 or conf.optimize):
errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'" errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.threads > MAX_NUMBER_OF_THREADS: if conf.threads > MAX_NUMBER_OF_THREADS:
errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.forms and not conf.url: if conf.forms and not conf.url:
errMsg = "switch '--forms' requires usage of option '-u' (--url)" errMsg = "switch '--forms' requires usage of option '-u' (--url)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.requestFile and conf.url: if conf.requestFile and conf.url:
errMsg = "option '-r' is incompatible with option '-u' (--url)" errMsg = "option '-r' is incompatible with option '-u' (--url)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.tor and conf.ignoreProxy: if conf.tor and conf.ignoreProxy:
errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'" errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.tor and conf.proxy: if conf.tor and conf.proxy:
errMsg = "switch '--tor' is incompatible with option '--proxy'" errMsg = "switch '--tor' is incompatible with option '--proxy'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.checkTor and not any((conf.tor, conf.proxy)): if conf.checkTor and not any((conf.tor, conf.proxy)):
errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)" errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0): if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0):
errMsg = "value for option '--tor-port' must be a positive integer" errMsg = "value for option '--tor-port' must be a positive integer"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True): if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True):
errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True)) errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True))
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True): if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True):
errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True)) errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True))
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.skip and conf.testParameter: if conf.skip and conf.testParameter:
errMsg = "option '--skip' is incompatible with option '-p'" errMsg = "option '--skip' is incompatible with option '-p'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.mobile and conf.agent: if conf.mobile and conf.agent:
errMsg = "switch '--mobile' is incompatible with option '--user-agent'" errMsg = "switch '--mobile' is incompatible with option '--user-agent'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.proxy and conf.ignoreProxy: if conf.proxy and conf.ignoreProxy:
errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'" errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]): if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]):
errMsg = "switch '--forms' is compatible only with option '-u' (--url)" errMsg = "switch '--forms' is compatible only with option '-u' (--url)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.timeSec < 1: if conf.timeSec < 1:
errMsg = "value for option '--time-sec' must be a positive integer" errMsg = "value for option '--time-sec' must be a positive integer"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar): if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar):
errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)" errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if isinstance(conf.uCols, basestring): if isinstance(conf.uCols, basestring):
if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2): if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2):
errMsg = "value for option '--union-cols' must be a range with hyphon " errMsg = "value for option '--union-cols' must be a range with hyphon "
errMsg += "(e.g. 1-10) or integer value (e.g. 5)" errMsg += "(e.g. 1-10) or integer value (e.g. 5)"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.charset: if conf.charset:
_ = checkCharEncoding(conf.charset, False) _ = checkCharEncoding(conf.charset, False)
@ -2029,14 +2029,14 @@ def _basicOptionValidation():
errMsg = "unknown charset '%s'. Please visit " % conf.charset errMsg = "unknown charset '%s'. Please visit " % conf.charset
errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE
errMsg += "supported charsets" errMsg += "supported charsets"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
else: else:
conf.charset = _ conf.charset = _
if conf.loadCookies: if conf.loadCookies:
if not os.path.exists(conf.loadCookies): if not os.path.exists(conf.loadCookies):
errMsg = "cookies file '%s' does not exist" % conf.loadCookies errMsg = "cookies file '%s' does not exist" % conf.loadCookies
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
def _resolveCrossReferences(): def _resolveCrossReferences():
lib.core.threads.readInput = readInput lib.core.threads.readInput = readInput

4
lib/core/replication.py
View File

@ -64,7 +64,7 @@ class Replication(object):
self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values)) self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values))
else: else:
errMsg = "wrong number of columns used in replicating insert" errMsg = "wrong number of columns used in replicating insert"
raise SqlmapValueException, errMsg raise SqlmapValueException(errMsg)
def execute(self, sql, parameters=[]): def execute(self, sql, parameters=[]):
try: try:
@ -73,7 +73,7 @@ class Replication(object):
errMsg = "problem occurred ('%s') while accessing sqlite database " % ex errMsg = "problem occurred ('%s') while accessing sqlite database " % ex
errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
errMsg += "it's not used by some other program" errMsg += "it's not used by some other program"
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
def beginTransaction(self): def beginTransaction(self):
""" """

8
lib/core/subprocessng.py
View File

@ -34,13 +34,13 @@ def blockingReadFromFD(fd):
# Uncomment the following line if the process seems to # Uncomment the following line if the process seems to
# take a huge amount of cpu time # take a huge amount of cpu time
# time.sleep(0.01) # time.sleep(0.01)
continue continue
else: else:
raise raise
break break
if not output: if not output:
raise EOFError, "fd %s has been closed." % fd raise EOFError("fd %s has been closed." % fd )
return output return output
@ -52,9 +52,9 @@ def blockingWriteToFD(fd, data):
wrote_data = os.write(fd, data) wrote_data = os.write(fd, data)
except (OSError, IOError), io: except (OSError, IOError), io:
if io.errno in (errno.EAGAIN, errno.EINTR): if io.errno in (errno.EAGAIN, errno.EINTR):
continue continue
else: else:
raise raise
if wrote_data < data_length: if wrote_data < data_length:
blockingWriteToFD(fd, data[wrote_data:]) blockingWriteToFD(fd, data[wrote_data:])

10
lib/core/target.py
View File

@ -79,7 +79,7 @@ def _setRequestParams():
# Perform checks on POST parameters # Perform checks on POST parameters
if conf.method == HTTPMETHOD.POST and conf.data is None: if conf.method == HTTPMETHOD.POST and conf.data is None:
errMsg = "HTTP POST method depends on HTTP data value to be posted" errMsg = "HTTP POST method depends on HTTP data value to be posted"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if conf.data is not None: if conf.data is not None:
conf.method = HTTPMETHOD.POST conf.method = HTTPMETHOD.POST
@ -237,12 +237,12 @@ def _setRequestParams():
if not conf.parameters: if not conf.parameters:
errMsg = "you did not provide any GET, POST and Cookie " errMsg = "you did not provide any GET, POST and Cookie "
errMsg += "parameter, neither an User-Agent, Referer or Host header value" errMsg += "parameter, neither an User-Agent, Referer or Host header value"
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
elif not testableParameters: elif not testableParameters:
errMsg = "all testable parameters you provided are not present " errMsg = "all testable parameters you provided are not present "
errMsg += "within the GET, POST and Cookie parameters" errMsg += "within the GET, POST and Cookie parameters"
raise SqlmapGenericException, errMsg raise SqlmapGenericException(errMsg)
def _setHashDB(): def _setHashDB():
""" """
@ -259,7 +259,7 @@ def _setHashDB():
logger.info("flushing session file") logger.info("flushing session file")
except OSError, msg: except OSError, msg:
errMsg = "unable to flush the session file (%s)" % msg errMsg = "unable to flush the session file (%s)" % msg
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
conf.hashDB = HashDB(conf.hashDBFile) conf.hashDB = HashDB(conf.hashDBFile)
@ -460,7 +460,7 @@ def _createTargetDirs():
errMsg = "something went wrong while trying " errMsg = "something went wrong while trying "
errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, ex) errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, ex)
raise SqlmapMissingPrivileges, errMsg raise SqlmapMissingPrivileges(errMsg)
_createDumpDir() _createDumpDir()
_createFilesDir() _createFilesDir()

2
lib/core/threads.py
View File

@ -165,7 +165,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
pass pass
except KeyboardInterrupt: except KeyboardInterrupt:
raise SqlmapThreadException, "user aborted (Ctrl+C was pressed multiple times)" raise SqlmapThreadException("user aborted (Ctrl+C was pressed multiple times)")
if forwardException: if forwardException:
raise raise

2
lib/core/wordlist.py
View File

@ -42,7 +42,7 @@ class Wordlist(object):
_ = zipfile.ZipFile(current, 'r') _ = zipfile.ZipFile(current, 'r')
if len(_.namelist()) == 0: if len(_.namelist()) == 0:
errMsg = "no file(s) inside '%s'" % current errMsg = "no file(s) inside '%s'" % current
raise SqlmapDataException, errMsg raise SqlmapDataException(errMsg)
self.fp = _.open(_.namelist()[0]) self.fp = _.open(_.namelist()[0])
else: else:
self.fp = open(current, 'r') self.fp = open(current, 'r')

6
lib/parse/configfile.py
View File

@ -66,11 +66,11 @@ def configFileParser(configFile):
config.readfp(configFP) config.readfp(configFP)
except MissingSectionHeaderError: except MissingSectionHeaderError:
errMsg = "you have provided an invalid configuration file" errMsg = "you have provided an invalid configuration file"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
if not config.has_section("Target"): if not config.has_section("Target"):
errMsg = "missing a mandatory section 'Target' in the configuration file" errMsg = "missing a mandatory section 'Target' in the configuration file"
raise SqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException(errMsg)
condition = not config.has_option("Target", "url") condition = not config.has_option("Target", "url")
condition &= not config.has_option("Target", "logFile") condition &= not config.has_option("Target", "logFile")
@ -82,7 +82,7 @@ def configFileParser(configFile):
if condition: if condition:
errMsg = "missing a mandatory option in the configuration file " errMsg = "missing a mandatory option in the configuration file "
errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)" errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)"
raise SqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException(errMsg)
for family, optionData in optDict.items(): for family, optionData in optDict.items():
for option, datatype in optionData.items(): for option, datatype in optionData.items():

2
lib/request/basic.py
View File

@ -199,7 +199,7 @@ def decodePage(page, contentEncoding, contentType):
data = gzip.GzipFile("", "rb", 9, StringIO.StringIO(page)) data = gzip.GzipFile("", "rb", 9, StringIO.StringIO(page))
size = struct.unpack("<l", page[-4:])[0] # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py size = struct.unpack("<l", page[-4:])[0] # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py
if size > MAX_CONNECTION_TOTAL_SIZE: if size > MAX_CONNECTION_TOTAL_SIZE:
raise Exception, "size too large" raise Exception("size too large")
page = data.read() page = data.read()
except Exception, msg: except Exception, msg:

2
lib/request/comparison.py
View File

@ -92,7 +92,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
errMsg = "problem occured while retrieving original page content " errMsg = "problem occured while retrieving original page content "
errMsg += "which prevents sqlmap from continuation. Please rerun, " errMsg += "which prevents sqlmap from continuation. Please rerun, "
errMsg += "and if the problem persists turn off any optimization switches" errMsg += "and if the problem persists turn off any optimization switches"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
ratio = 1. * pageLength / len(seqMatcher.a) ratio = 1. * pageLength / len(seqMatcher.a)

12
lib/request/connect.py
View File

@ -466,11 +466,11 @@ class Connect(object):
if e.code == httplib.UNAUTHORIZED: if e.code == httplib.UNAUTHORIZED:
errMsg = "not authorized, try to provide right HTTP " errMsg = "not authorized, try to provide right HTTP "
errMsg += "authentication type and valid credentials (%d)" % code errMsg += "authentication type and valid credentials (%d)" % code
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)
elif e.code == httplib.NOT_FOUND: elif e.code == httplib.NOT_FOUND:
if raise404: if raise404:
errMsg = "page not found (%d)" % code errMsg = "page not found (%d)" % code
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)
else: else:
debugMsg = "page not found (%d)" % code debugMsg = "page not found (%d)" % code
logger.debug(debugMsg) logger.debug(debugMsg)
@ -488,7 +488,7 @@ class Connect(object):
logger.critical(warnMsg) logger.critical(warnMsg)
return None, None, None return None, None, None
else: else:
raise SqlmapConnectionException, warnMsg raise SqlmapConnectionException(warnMsg)
else: else:
debugMsg = "got HTTP error code: %d (%s)" % (code, status) debugMsg = "got HTTP error code: %d (%s)" % (code, status)
logger.debug(debugMsg) logger.debug(debugMsg)
@ -498,7 +498,7 @@ class Connect(object):
if "no host given" in tbMsg: if "no host given" in tbMsg:
warnMsg = "invalid url address used (%s)" % repr(url) warnMsg = "invalid url address used (%s)" % repr(url)
raise SqlmapSyntaxException, warnMsg raise SqlmapSyntaxException(warnMsg)
elif "forcibly closed" in tbMsg: elif "forcibly closed" in tbMsg:
warnMsg = "connection was forcibly closed by the target url" warnMsg = "connection was forcibly closed by the target url"
elif "timed out" in tbMsg: elif "timed out" in tbMsg:
@ -531,7 +531,7 @@ class Connect(object):
logger.critical(warnMsg) logger.critical(warnMsg)
return None, None, None return None, None, None
else: else:
raise SqlmapConnectionException, warnMsg raise SqlmapConnectionException(warnMsg)
finally: finally:
page = page if isinstance(page, unicode) else getUnicode(page) page = page if isinstance(page, unicode) else getUnicode(page)
@ -600,7 +600,7 @@ class Connect(object):
if not isinstance(payload, basestring): if not isinstance(payload, basestring):
errMsg = "tamper function '%s' returns " % function.func_name errMsg = "tamper function '%s' returns " % function.func_name
errMsg += "invalid payload type ('%s')" % type(payload) errMsg += "invalid payload type ('%s')" % type(payload)
raise SqlmapValueException, errMsg raise SqlmapValueException(errMsg)
value = agent.replacePayload(value, payload) value = agent.replacePayload(value, payload)

2
lib/request/httpshandler.py
View File

@ -57,7 +57,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
logger.debug("SSL connection error occured ('%s')" % errMsg) logger.debug("SSL connection error occured ('%s')" % errMsg)
if not success: if not success:
raise SqlmapConnectionException, "can't establish SSL connection" raise SqlmapConnectionException("can't establish SSL connection")
class HTTPSHandler(urllib2.HTTPSHandler): class HTTPSHandler(urllib2.HTTPSHandler):
def https_open(self, req): def https_open(self, req):

2
lib/request/inject.py
View File

@ -394,7 +394,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
else: else:
errMsg = "none of the injection types identified can be " errMsg = "none of the injection types identified can be "
errMsg += "leveraged to retrieve queries output" errMsg += "leveraged to retrieve queries output"
raise SqlmapNotVulnerableException, errMsg raise SqlmapNotVulnerableException(errMsg)
finally: finally:
kb.resumeValues = True kb.resumeValues = True

6
lib/request/proxy.py
View File

@ -25,7 +25,7 @@ class ProxyHTTPConnection(httplib.HTTPConnection):
proto, rest = urllib.splittype(url) proto, rest = urllib.splittype(url)
if proto is None: if proto is None:
raise ValueError, "unknown URL type: %s" % url raise ValueError("unknown URL type: %s" % url)
# Get host # Get host
host, rest = urllib.splithost(rest) host, rest = urllib.splithost(rest)
@ -38,7 +38,7 @@ class ProxyHTTPConnection(httplib.HTTPConnection):
try: try:
port = self._ports[proto] port = self._ports[proto]
except KeyError: except KeyError:
raise ValueError, "unknown protocol for: %s" % url raise ValueError("unknown protocol for: %s" % url)
self._real_host = host self._real_host = host
self._real_port = int(port) self._real_port = int(port)
@ -117,4 +117,4 @@ else:
class ProxyHTTPSHandler: class ProxyHTTPSHandler:
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
errMsg = "unsupported feature on versions of Python before 2.6" errMsg = "unsupported feature on versions of Python before 2.6"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

6
lib/request/rangehandler.py
View File

@ -17,8 +17,8 @@ class HTTPRangeHandler(urllib2.BaseHandler):
Reference: http://stackoverflow.com/questions/1971240/python-seek-on-remote-file Reference: http://stackoverflow.com/questions/1971240/python-seek-on-remote-file
This was extremely simple. The Range header is a HTTP feature to This was extremely simple. The Range header is a HTTP feature to
begin with so all this class does is tell urllib2 that the begin with so all this class does is tell urllib2 that the
"206 Partial Content" response from the HTTP server is what we "206 Partial Content" response from the HTTP server is what we
expected. expected.
Example: Example:
@ -47,4 +47,4 @@ class HTTPRangeHandler(urllib2.BaseHandler):
def http_error_416(self, req, fp, code, msg, hdrs): def http_error_416(self, req, fp, code, msg, hdrs):
# HTTP's Range Not Satisfiable error # HTTP's Range Not Satisfiable error
errMsg = "Invalid range" errMsg = "Invalid range"
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)

2
lib/request/redirecthandler.py
View File

@ -110,4 +110,4 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS): if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):
errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys()) errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())
errMsg += "please check all provided parameters and/or provide missing ones." errMsg += "please check all provided parameters and/or provide missing ones."
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)

6
lib/takeover/abstraction.py
View File

@ -49,7 +49,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
else: else:
errMsg = "Feature not yet implemented for the back-end DBMS" errMsg = "Feature not yet implemented for the back-end DBMS"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def evalCmd(self, cmd, first=None, last=None): def evalCmd(self, cmd, first=None, last=None):
retVal = None retVal = None
@ -65,7 +65,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
else: else:
errMsg = "Feature not yet implemented for the back-end DBMS" errMsg = "Feature not yet implemented for the back-end DBMS"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
return safechardecode(retVal) return safechardecode(retVal)
@ -110,7 +110,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
else: else:
errMsg = "feature not yet implemented for the back-end DBMS" errMsg = "feature not yet implemented for the back-end DBMS"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows") infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows")
infoMsg += "'x' or 'q' and press ENTER" infoMsg += "'x' or 'q' and press ENTER"

12
lib/takeover/metasploit.py
View File

@ -280,7 +280,7 @@ class Metasploit:
return None return None
else: else:
raise SqlmapDataException, "unexpected connection type" raise SqlmapDataException("unexpected connection type")
def _selectLhost(self): def _selectLhost(self):
if self.connectionStr.startswith("reverse"): if self.connectionStr.startswith("reverse"):
@ -296,7 +296,7 @@ class Metasploit:
return None return None
else: else:
raise SqlmapDataException, "unexpected connection type" raise SqlmapDataException("unexpected connection type")
def _selectConnection(self): def _selectConnection(self):
return self._skeletonSelection("connection type", self._msfConnectionsList) return self._skeletonSelection("connection type", self._msfConnectionsList)
@ -320,7 +320,7 @@ class Metasploit:
elif self.connectionStr.startswith("reverse"): elif self.connectionStr.startswith("reverse"):
self._cliCmd += " LHOST=%s" % self.lhostStr self._cliCmd += " LHOST=%s" % self.lhostStr
else: else:
raise SqlmapDataException, "unexpected connection type" raise SqlmapDataException("unexpected connection type")
if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject": if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject":
self._cliCmd += " DisableCourtesyShell=true" self._cliCmd += " DisableCourtesyShell=true"
@ -341,7 +341,7 @@ class Metasploit:
elif self.connectionStr.startswith("reverse"): elif self.connectionStr.startswith("reverse"):
self._cliCmd += " LHOST=%s" % self.lhostStr self._cliCmd += " LHOST=%s" % self.lhostStr
else: else:
raise SqlmapDataException, "unexpected connection type" raise SqlmapDataException("unexpected connection type")
self._cliCmd += " E" self._cliCmd += " E"
@ -353,7 +353,7 @@ class Metasploit:
if self.connectionStr.startswith("reverse"): if self.connectionStr.startswith("reverse"):
self._payloadCmd += " LHOST=%s" % self.lhostStr self._payloadCmd += " LHOST=%s" % self.lhostStr
elif not self.connectionStr.startswith("bind"): elif not self.connectionStr.startswith("bind"):
raise SqlmapDataException, "unexpected connection type" raise SqlmapDataException("unexpected connection type")
if Backend.isOs(OS.LINUX) and conf.privEsc: if Backend.isOs(OS.LINUX) and conf.privEsc:
self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true" self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
@ -525,7 +525,7 @@ class Metasploit:
logger.debug(debugMsg) logger.debug(debugMsg)
else: else:
errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "") errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "")
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
self._shellcodeFP = open(self._shellcodeFilePath, "rb") self._shellcodeFP = open(self._shellcodeFilePath, "rb")
self.shellcodeString = self._shellcodeFP.read() self.shellcodeString = self._shellcodeFP.read()

2
lib/takeover/xp_cmdshell.py
View File

@ -276,7 +276,7 @@ class Xp_cmdshell:
if not kb.xpCmdshellAvailable: if not kb.xpCmdshellAvailable:
errMsg = "unable to proceed without xp_cmdshell" errMsg = "unable to proceed without xp_cmdshell"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
debugMsg = "creating a support table to write commands standard " debugMsg = "creating a support table to write commands standard "
debugMsg += "output to" debugMsg += "output to"

2
lib/techniques/blind/inference.py
View File

@ -549,7 +549,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
logger.info(infoMsg) logger.info(infoMsg)
if kb.threadException: if kb.threadException:
raise SqlmapThreadException, "something unexpected happened inside the threads" raise SqlmapThreadException("something unexpected happened inside the threads")
if abortedFlag: if abortedFlag:
raise KeyboardInterrupt raise KeyboardInterrupt

6
lib/techniques/brute/use.py
View File

@ -53,7 +53,7 @@ def tableExists(tableFile, regex=None):
errMsg = "can't use table existence check because of detected invalid results " errMsg = "can't use table existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection " errMsg += "(most probably caused by inability of the used injection "
errMsg += "to distinguish errornous results)" errMsg += "to distinguish errornous results)"
raise SqlmapDataException, errMsg raise SqlmapDataException(errMsg)
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True) tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
@ -138,14 +138,14 @@ def tableExists(tableFile, regex=None):
def columnExists(columnFile, regex=None): def columnExists(columnFile, regex=None):
if not conf.tbl: if not conf.tbl:
errMsg = "missing table parameter" errMsg = "missing table parameter"
raise SqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException(errMsg)
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr()))) result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))
if result: if result:
errMsg = "can't use column existence check because of detected invalid results " errMsg = "can't use column existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection " errMsg += "(most probably caused by inability of the used injection "
errMsg += "to distinguish errornous results)" errMsg += "to distinguish errornous results)"
raise SqlmapDataException, errMsg raise SqlmapDataException(errMsg)
infoMsg = "checking column existence using items from '%s'" % columnFile infoMsg = "checking column existence using items from '%s'" % columnFile
logger.info(infoMsg) logger.info(infoMsg)

2
lib/techniques/dns/test.py
View File

@ -28,7 +28,7 @@ def dnsTest(payload):
errMsg += ". Turning off DNS exfiltration support" errMsg += ". Turning off DNS exfiltration support"
logger.error(errMsg) logger.error(errMsg)
else: else:
raise SqlmapNotVulnerableException, errMsg raise SqlmapNotVulnerableException(errMsg)
else: else:
infoMsg = "data retrieval through DNS channel was successful" infoMsg = "data retrieval through DNS channel was successful"
logger.info(infoMsg) logger.info(infoMsg)

7
lib/techniques/union/use.py
View File

@ -24,6 +24,7 @@ from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite from lib.core.common import hashDBWrite
from lib.core.common import incrementCounter from lib.core.common import incrementCounter
from lib.core.common import initTechnique from lib.core.common import initTechnique
from lib.core.common import isListLike
from lib.core.common import isNoneValue from lib.core.common import isNoneValue
from lib.core.common import isNumPosStrValue from lib.core.common import isNumPosStrValue
from lib.core.common import listToStrValue from lib.core.common import listToStrValue
@ -128,14 +129,14 @@ def configUnion(char=None, columns=None):
colsStart, colsStop = columns, columns colsStart, colsStop = columns, columns
if not colsStart.isdigit() or not colsStop.isdigit(): if not colsStart.isdigit() or not colsStop.isdigit():
raise SqlmapSyntaxException, "--union-cols must be a range of integers" raise SqlmapSyntaxException("--union-cols must be a range of integers")
conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop) conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
if conf.uColsStart > conf.uColsStop: if conf.uColsStart > conf.uColsStop:
errMsg = "--union-cols range has to be from lower to " errMsg = "--union-cols range has to be from lower to "
errMsg += "higher number of columns" errMsg += "higher number of columns"
raise SqlmapSyntaxException, errMsg raise SqlmapSyntaxException(errMsg)
_configUnionChar(char) _configUnionChar(char)
_configUnionCols(conf.uCols or columns) _configUnionCols(conf.uCols or columns)
@ -262,6 +263,8 @@ def unionUse(expression, unpack=True, dump=False):
items = parseUnionPage(output) items = parseUnionPage(output)
with kb.locks.value: with kb.locks.value:
if isListLike(items) and len(items) > 1 and len(expressionFieldsList) > 1:
items = [item for item in items if isListLike(item) and len(item) == len(expressionFieldsList)]
index = None index = None
for index in xrange(len(threadData.shared.buffered)): for index in xrange(len(threadData.shared.buffered)):
if threadData.shared.buffered[index][0] >= num: if threadData.shared.buffered[index][0] >= num:

6
lib/utils/google.py
View File

@ -44,7 +44,7 @@ class Google(object):
e.info() e.info()
except urllib2.URLError: except urllib2.URLError:
errMsg = "unable to connect to Google" errMsg = "unable to connect to Google"
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)
def search(self, dork): def search(self, dork):
""" """
@ -94,13 +94,13 @@ class Google(object):
return None return None
except (urllib2.URLError, socket.error, socket.timeout): except (urllib2.URLError, socket.error, socket.timeout):
errMsg = "unable to connect to Google" errMsg = "unable to connect to Google"
raise SqlmapConnectionException, errMsg raise SqlmapConnectionException(errMsg)
retVal = [urllib.unquote(match.group(1)) for match in re.finditer(GOOGLE_REGEX, page, re.I | re.S)] retVal = [urllib.unquote(match.group(1)) for match in re.finditer(GOOGLE_REGEX, page, re.I | re.S)]
if not retVal and "detected unusual traffic" in page: if not retVal and "detected unusual traffic" in page:
warnMsg = "Google has detected 'unusual' traffic from " warnMsg = "Google has detected 'unusual' traffic from "
warnMsg += "this computer disabling further searches" warnMsg += "this computer disabling further searches"
raise SqlmapGenericException, warnMsg raise SqlmapGenericException(warnMsg)
return retVal return retVal

2
lib/utils/hashdb.py
View File

@ -39,7 +39,7 @@ class HashDB(object):
except Exception, ex: except Exception, ex:
errMsg = "error occurred while opening a session " errMsg = "error occurred while opening a session "
errMsg += "file '%s' ('%s')" % (self.filepath, ex) errMsg += "file '%s' ('%s')" % (self.filepath, ex)
raise SqlmapDataException, errMsg raise SqlmapDataException(errMsg)
return threadData.hashDBCursor return threadData.hashDBCursor

2
lib/utils/pivotdumptable.py
View File

@ -83,7 +83,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
if not validColumnList: if not validColumnList:
errMsg = "all column name(s) provided are non-existent" errMsg = "all column name(s) provided are non-existent"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
if not validPivotValue: if not validPivotValue:
warnMsg = "no proper pivot column provided (with unique values)." warnMsg = "no proper pivot column provided (with unique values)."

6
plugins/dbms/access/connector.py
View File

@ -35,7 +35,7 @@ class Connector(GenericConnector):
if not IS_WIN: if not IS_WIN:
errMsg = "currently, direct connection to Microsoft Access database(s) " errMsg = "currently, direct connection to Microsoft Access database(s) "
errMsg += "is restricted to Windows platforms" errMsg += "is restricted to Windows platforms"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
self.initConnection() self.initConnection()
self.checkFileDb() self.checkFileDb()
@ -43,7 +43,7 @@ class Connector(GenericConnector):
try: try:
self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db) self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db)
except (pyodbc.Error, pyodbc.OperationalError), msg: except (pyodbc.Error, pyodbc.OperationalError), msg:
raise SqlmapConnectionException, msg[1] raise SqlmapConnectionException(msg[1])
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -61,7 +61,7 @@ class Connector(GenericConnector):
except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg: except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except pyodbc.Error, msg: except pyodbc.Error, msg:
raise SqlmapConnectionException, msg[1] raise SqlmapConnectionException(msg[1])
self.connector.commit() self.connector.commit()

4
plugins/dbms/access/filesystem.py
View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on Microsoft Access it is not possible to read files" errMsg = "on Microsoft Access it is not possible to read files"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Microsoft Access it is not possible to write files" errMsg = "on Microsoft Access it is not possible to write files"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/access/syntax.py
View File

@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -56,7 +56,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")") index = expression[firstIndex:].find(")")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

8
plugins/dbms/access/takeover.py
View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on Microsoft Access it is not possible to execute commands" errMsg = "on Microsoft Access it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self): def osShell(self):
errMsg = "on Microsoft Access it is not possible to execute commands" errMsg = "on Microsoft Access it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self): def osPwn(self):
errMsg = "on Microsoft Access it is not possible to establish an " errMsg = "on Microsoft Access it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self): def osSmb(self):
errMsg = "on Microsoft Access it is not possible to establish an " errMsg = "on Microsoft Access it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/db2/connector.py
View File

@ -35,7 +35,7 @@ class Connector(GenericConnector):
database = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port) database = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port)
self.connector = ibm_db_dbi.connect(database, self.user, self.password) self.connector = ibm_db_dbi.connect(database, self.user, self.password)
except ibm_db_dbi.OperationalError, msg: except ibm_db_dbi.OperationalError, msg:
raise SqlmapConnectionException, msg raise SqlmapConnectionException(msg)
self.setCursor() self.setCursor()
@ -54,7 +54,7 @@ class Connector(GenericConnector):
except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg: except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except ibm_db_dbi.InternalError, msg: except ibm_db_dbi.InternalError, msg:
raise SqlmapConnectionException, msg[1] raise SqlmapConnectionException(msg[1])
self.connector.commit() self.connector.commit()

2
plugins/dbms/db2/enumeration.py
View File

@ -11,7 +11,7 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
class Enumeration(GenericEnumeration): class Enumeration(GenericEnumeration):
def __init__(self): def __init__(self):
GenericEnumeration.__init__(self) GenericEnumeration.__init__(self)
def getPasswordHashes(self): def getPasswordHashes(self):
warnMsg = "on DB2 it is not possible to list password hashes" warnMsg = "on DB2 it is not possible to list password hashes"

4
plugins/dbms/db2/syntax.py
View File

@ -25,7 +25,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -55,7 +55,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")") index = expression[firstIndex:].find(")")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

4
plugins/dbms/firebird/connector.py
View File

@ -42,7 +42,7 @@ class Connector(GenericConnector):
self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \ self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \
user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html
except kinterbasdb.OperationalError, msg: except kinterbasdb.OperationalError, msg:
raise SqlmapConnectionException, msg[1] raise SqlmapConnectionException(msg[1])
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -59,7 +59,7 @@ class Connector(GenericConnector):
except kinterbasdb.OperationalError, msg: except kinterbasdb.OperationalError, msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except kinterbasdb.Error, msg: except kinterbasdb.Error, msg:
raise SqlmapConnectionException, msg[1] raise SqlmapConnectionException(msg[1])
self.connector.commit() self.connector.commit()

4
plugins/dbms/firebird/filesystem.py
View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on Firebird it is not possible to read files" errMsg = "on Firebird it is not possible to read files"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Firebird it is not possible to write files" errMsg = "on Firebird it is not possible to write files"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/firebird/syntax.py
View File

@ -26,7 +26,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -58,7 +58,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")") index = expression[firstIndex:].find(")")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

8
plugins/dbms/firebird/takeover.py
View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on Firebird it is not possible to execute commands" errMsg = "on Firebird it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self): def osShell(self):
errMsg = "on Firebird it is not possible to execute commands" errMsg = "on Firebird it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self): def osPwn(self):
errMsg = "on Firebird it is not possible to establish an " errMsg = "on Firebird it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self): def osSmb(self):
errMsg = "on Firebird it is not possible to establish an " errMsg = "on Firebird it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

2
plugins/dbms/maxdb/connector.py
View File

@ -15,4 +15,4 @@ class Connector(GenericConnector):
def connect(self): def connect(self):
errMsg = "on SAP MaxDB it is not possible to establish a " errMsg = "on SAP MaxDB it is not possible to establish a "
errMsg += "direct connection" errMsg += "direct connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

6
plugins/dbms/maxdb/enumeration.py
View File

@ -81,7 +81,7 @@ class Enumeration(GenericEnumeration):
if retVal: if retVal:
for table in retVal[0].values()[0]: for table in retVal[0].values()[0]:
if not kb.data.cachedTables.has_key(db): if db not in kb.data.cachedTables:
kb.data.cachedTables[db] = [table] kb.data.cachedTables[db] = [table]
else: else:
kb.data.cachedTables[db].append(table) kb.data.cachedTables[db].append(table)
@ -107,7 +107,7 @@ class Enumeration(GenericEnumeration):
if ',' in conf.db: if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating " errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns" errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException(errMsg)
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
@ -124,7 +124,7 @@ class Enumeration(GenericEnumeration):
else: else:
errMsg = "unable to retrieve the tables " errMsg = "unable to retrieve the tables "
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
for tbl in tblList: for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)

4
plugins/dbms/maxdb/filesystem.py
View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on SAP MaxDB reading of files is not supported" errMsg = "on SAP MaxDB reading of files is not supported"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on SAP MaxDB writing of files is not supported" errMsg = "on SAP MaxDB writing of files is not supported"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

8
plugins/dbms/maxdb/takeover.py
View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on SAP MaxDB it is not possible to execute commands" errMsg = "on SAP MaxDB it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self): def osShell(self):
errMsg = "on SAP MaxDB it is not possible to execute commands" errMsg = "on SAP MaxDB it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self): def osPwn(self):
errMsg = "on SAP MaxDB it is not possible to establish an " errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self): def osSmb(self):
errMsg = "on SAP MaxDB it is not possible to establish an " errMsg = "on SAP MaxDB it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/mssqlserver/connector.py
View File

@ -42,7 +42,7 @@ class Connector(GenericConnector):
try: try:
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
except pymssql.OperationalError, msg: except pymssql.OperationalError, msg:
raise SqlmapConnectionException, msg raise SqlmapConnectionException(msg)
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -63,7 +63,7 @@ class Connector(GenericConnector):
except (pymssql.OperationalError, pymssql.ProgrammingError), msg: except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " ")) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " "))
except pymssql.InternalError, msg: except pymssql.InternalError, msg:
raise SqlmapConnectionException, msg raise SqlmapConnectionException(msg)
return retVal return retVal

12
plugins/dbms/mssqlserver/filesystem.py
View File

@ -261,22 +261,22 @@ class Filesystem(GenericFilesystem):
Set file = fs.GetFile(inputFilePath) Set file = fs.GetFile(inputFilePath)
If file.Size Then If file.Size Then
Wscript.Echo "Loading from: " & inputFilePath Wscript.Echo "Loading from: " & inputFilePath
Wscript.Echo Wscript.Echo
Set fd = fs.OpenTextFile(inputFilePath, 1) Set fd = fs.OpenTextFile(inputFilePath, 1)
data = fd.ReadAll data = fd.ReadAll
fd.Close fd.Close
data = Replace(data, " ", "") data = Replace(data, " ", "")
data = Replace(data, vbCr, "") data = Replace(data, vbCr, "")
data = Replace(data, vbLf, "") data = Replace(data, vbLf, "")
Wscript.Echo "Fixed Input: " Wscript.Echo "Fixed Input: "
Wscript.Echo data Wscript.Echo data
Wscript.Echo Wscript.Echo
decodedData = base64_decode(data) decodedData = base64_decode(data)
Wscript.Echo "Output: " Wscript.Echo "Output: "
Wscript.Echo decodedData Wscript.Echo decodedData
Wscript.Echo Wscript.Echo
Wscript.Echo "Writing output in: " & outputFilePath Wscript.Echo "Writing output in: " & outputFilePath
Wscript.Echo Wscript.Echo
Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile(outputFilePath, 2, True) Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile(outputFilePath, 2, True)
ofs.Write decodedData ofs.Write decodedData
ofs.close ofs.close

4
plugins/dbms/mysql/connector.py
View File

@ -37,7 +37,7 @@ class Connector(GenericConnector):
try: try:
self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True) self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
except (pymysql.OperationalError, pymysql.InternalError), msg: except (pymysql.OperationalError, pymysql.InternalError), msg:
raise SqlmapConnectionException, msg[1] raise SqlmapConnectionException(msg[1])
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -58,7 +58,7 @@ class Connector(GenericConnector):
except (pymysql.OperationalError, pymysql.ProgrammingError), msg: except (pymysql.OperationalError, pymysql.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
except pymysql.InternalError, msg: except pymysql.InternalError, msg:
raise SqlmapConnectionException, msg[1] raise SqlmapConnectionException(msg[1])
self.connector.commit() self.connector.commit()

2
plugins/dbms/mysql/filesystem.py
View File

@ -63,7 +63,7 @@ class Filesystem(GenericFilesystem):
logger.warn(warnMsg) logger.warn(warnMsg)
result = self.nonStackedReadFile(rFile) result = self.nonStackedReadFile(rFile)
else: else:
raise SqlmapNoneDataException, warnMsg raise SqlmapNoneDataException(warnMsg)
else: else:
length = int(length) length = int(length)
sustrLen = 1024 sustrLen = 1024

2
plugins/dbms/mysql/syntax.py
View File

@ -41,7 +41,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find(")") index = expression[firstIndex:].find(")")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

4
plugins/dbms/oracle/connector.py
View File

@ -46,7 +46,7 @@ class Connector(GenericConnector):
try: try:
self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password) self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password)
except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg: except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg:
raise SqlmapConnectionException, msg raise SqlmapConnectionException(msg)
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -67,7 +67,7 @@ class Connector(GenericConnector):
except (cx_Oracle.DatabaseError), msg: except (cx_Oracle.DatabaseError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
except cx_Oracle.InternalError, msg: except cx_Oracle.InternalError, msg:
raise SqlmapConnectionException, msg raise SqlmapConnectionException(msg)
self.connector.commit() self.connector.commit()

2
plugins/dbms/oracle/enumeration.py
View File

@ -160,6 +160,6 @@ class Enumeration(GenericEnumeration):
if not kb.data.cachedUsersRoles: if not kb.data.cachedUsersRoles:
errMsg = "unable to retrieve the roles " errMsg = "unable to retrieve the roles "
errMsg += "for the database users" errMsg += "for the database users"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
return kb.data.cachedUsersRoles, areAdmins return kb.data.cachedUsersRoles, areAdmins

4
plugins/dbms/oracle/filesystem.py
View File

@ -15,9 +15,9 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "File system read access not yet implemented for " errMsg = "File system read access not yet implemented for "
errMsg += "Oracle" errMsg += "Oracle"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "File system write access not yet implemented for " errMsg = "File system write access not yet implemented for "
errMsg += "Oracle" errMsg += "Oracle"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/oracle/syntax.py
View File

@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -47,7 +47,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("))") index = expression[firstIndex:].find("))")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

8
plugins/dbms/oracle/takeover.py
View File

@ -15,19 +15,19 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "Operating system command execution functionality not " errMsg = "Operating system command execution functionality not "
errMsg += "yet implemented for Oracle" errMsg += "yet implemented for Oracle"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self): def osShell(self):
errMsg = "Operating system shell functionality not yet " errMsg = "Operating system shell functionality not yet "
errMsg += "implemented for Oracle" errMsg += "implemented for Oracle"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self): def osPwn(self):
errMsg = "Operating system out-of-band control functionality " errMsg = "Operating system out-of-band control functionality "
errMsg += "not yet implemented for Oracle" errMsg += "not yet implemented for Oracle"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self): def osSmb(self):
errMsg = "One click operating system out-of-band control " errMsg = "One click operating system out-of-band control "
errMsg += "functionality not yet implemented for Oracle" errMsg += "functionality not yet implemented for Oracle"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/postgresql/connector.py
View File

@ -37,7 +37,7 @@ class Connector(GenericConnector):
try: try:
self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port) self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port)
except psycopg2.OperationalError, msg: except psycopg2.OperationalError, msg:
raise SqlmapConnectionException, msg raise SqlmapConnectionException(msg)
self.connector.set_client_encoding('UNICODE') self.connector.set_client_encoding('UNICODE')
@ -60,7 +60,7 @@ class Connector(GenericConnector):
except (psycopg2.OperationalError, psycopg2.ProgrammingError), msg: except (psycopg2.OperationalError, psycopg2.ProgrammingError), msg:
logger.warn(("(remote) %s" % msg).strip()) logger.warn(("(remote) %s" % msg).strip())
except psycopg2.InternalError, msg: except psycopg2.InternalError, msg:
raise SqlmapConnectionException, msg raise SqlmapConnectionException(msg)
self.connector.commit() self.connector.commit()

4
plugins/dbms/postgresql/filesystem.py
View File

@ -31,7 +31,7 @@ class Filesystem(GenericFilesystem):
def unionWriteFile(self, wFile, dFile, fileType): def unionWriteFile(self, wFile, dFile, fileType):
errMsg = "PostgreSQL does not support file upload with UNION " errMsg = "PostgreSQL does not support file upload with UNION "
errMsg += "query SQL injection technique" errMsg += "query SQL injection technique"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def stackedWriteFile(self, wFile, dFile, fileType): def stackedWriteFile(self, wFile, dFile, fileType):
wFileSize = os.path.getsize(wFile) wFileSize = os.path.getsize(wFile)
@ -39,7 +39,7 @@ class Filesystem(GenericFilesystem):
if wFileSize > 8192: if wFileSize > 8192:
errMsg = "on PostgreSQL it is not possible to write files " errMsg = "on PostgreSQL it is not possible to write files "
errMsg += "bigger than 8192 bytes at the moment" errMsg += "bigger than 8192 bytes at the moment"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
self.oid = randomInt() self.oid = randomInt()

4
plugins/dbms/postgresql/syntax.py
View File

@ -29,7 +29,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("'") index = expression[firstIndex:].find("'")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex] old = "'%s'" % expression[firstIndex:lastIndex]
@ -52,7 +52,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex:].find("))") index = expression[firstIndex:].find("))")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
lastIndex = firstIndex + index + 1 lastIndex = firstIndex + index + 1
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

2
plugins/dbms/postgresql/takeover.py
View File

@ -53,7 +53,7 @@ class Takeover(GenericTakeover):
majorVer = "8.2" majorVer = "8.2"
else: else:
errMsg = "unsupported feature on versions of PostgreSQL before 8.2" errMsg = "unsupported feature on versions of PostgreSQL before 8.2"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
if Backend.isOs(OS.WINDOWS): if Backend.isOs(OS.WINDOWS):
self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer) self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer)

6
plugins/dbms/sqlite/connector.py
View File

@ -56,12 +56,12 @@ class Connector(GenericConnector):
except ImportError: except ImportError:
errMsg = "sqlmap requires 'python-sqlite2' third-party library " errMsg = "sqlmap requires 'python-sqlite2' third-party library "
errMsg += "in order to directly connect to the database '%s'" % self.db errMsg += "in order to directly connect to the database '%s'" % self.db
raise SqlmapMissingDependence, errMsg raise SqlmapMissingDependence(errMsg)
self.__sqlite = sqlite self.__sqlite = sqlite
self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout) self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout)
except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg: except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg:
raise SqlmapConnectionException, msg[0] raise SqlmapConnectionException(msg[0])
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -79,7 +79,7 @@ class Connector(GenericConnector):
except self.__sqlite.OperationalError, msg: except self.__sqlite.OperationalError, msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[0]) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[0])
except self.__sqlite.DatabaseError, msg: except self.__sqlite.DatabaseError, msg:
raise SqlmapConnectionException, msg[0] raise SqlmapConnectionException(msg[0])
self.connector.commit() self.connector.commit()

2
plugins/dbms/sqlite/enumeration.py
View File

@ -57,7 +57,7 @@ class Enumeration(GenericEnumeration):
def searchColumn(self): def searchColumn(self):
errMsg = "on SQLite you must specify the table and columns to dump" errMsg = "on SQLite you must specify the table and columns to dump"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def getHostname(self): def getHostname(self):
warnMsg = "on SQLite it is not possible to enumerate the hostname" warnMsg = "on SQLite it is not possible to enumerate the hostname"

4
plugins/dbms/sqlite/filesystem.py
View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on SQLite it is not possible to read files" errMsg = "on SQLite it is not possible to read files"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on SQLite it is not possible to write files" errMsg = "on SQLite it is not possible to write files"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

2
plugins/dbms/sqlite/syntax.py
View File

@ -42,7 +42,7 @@ class Syntax(GenericSyntax):
index = expression[firstIndex+2:].find("'") index = expression[firstIndex+2:].find("'")
if index == -1: if index == -1:
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
lastIndex = firstIndex + index + 3 lastIndex = firstIndex + index + 3
old = expression[firstIndex:lastIndex] old = expression[firstIndex:lastIndex]

8
plugins/dbms/sqlite/takeover.py
View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on SQLite it is not possible to execute commands" errMsg = "on SQLite it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self): def osShell(self):
errMsg = "on SQLite it is not possible to execute commands" errMsg = "on SQLite it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self): def osPwn(self):
errMsg = "on SQLite it is not possible to establish an " errMsg = "on SQLite it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self): def osSmb(self):
errMsg = "on SQLite it is not possible to establish an " errMsg = "on SQLite it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

4
plugins/dbms/sybase/connector.py
View File

@ -42,7 +42,7 @@ class Connector(GenericConnector):
try: try:
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
except pymssql.OperationalError, msg: except pymssql.OperationalError, msg:
raise SqlmapConnectionException, msg raise SqlmapConnectionException(msg)
self.setCursor() self.setCursor()
self.connected() self.connected()
@ -60,7 +60,7 @@ class Connector(GenericConnector):
except (pymssql.OperationalError, pymssql.ProgrammingError), msg: except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg) logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
except pymssql.InternalError, msg: except pymssql.InternalError, msg:
raise SqlmapConnectionException, msg raise SqlmapConnectionException(msg)
def select(self, query): def select(self, query):
self.execute(query) self.execute(query)

6
plugins/dbms/sybase/enumeration.py
View File

@ -145,7 +145,7 @@ class Enumeration(GenericEnumeration):
if retVal: if retVal:
for table in retVal[0].values()[0]: for table in retVal[0].values()[0]:
if not kb.data.cachedTables.has_key(db): if db not in kb.data.cachedTables:
kb.data.cachedTables[db] = [table] kb.data.cachedTables[db] = [table]
else: else:
kb.data.cachedTables[db].append(table) kb.data.cachedTables[db].append(table)
@ -172,7 +172,7 @@ class Enumeration(GenericEnumeration):
if ',' in conf.db: if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating " errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns" errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException(errMsg)
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
@ -197,7 +197,7 @@ class Enumeration(GenericEnumeration):
else: else:
errMsg = "unable to retrieve the tables " errMsg = "unable to retrieve the tables "
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
for tbl in tblList: for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl) tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl)

4
plugins/dbms/sybase/filesystem.py
View File

@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
def readFile(self, rFile): def readFile(self, rFile):
errMsg = "on Sybase it is not possible to read files" errMsg = "on Sybase it is not possible to read files"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def writeFile(self, wFile, dFile, fileType=None): def writeFile(self, wFile, dFile, fileType=None):
errMsg = "on Sybase it is not possible to write files" errMsg = "on Sybase it is not possible to write files"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

8
plugins/dbms/sybase/takeover.py
View File

@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
def osCmd(self): def osCmd(self):
errMsg = "on Sybase it is not possible to execute commands" errMsg = "on Sybase it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osShell(self): def osShell(self):
errMsg = "on Sybase it is not possible to execute commands" errMsg = "on Sybase it is not possible to execute commands"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osPwn(self): def osPwn(self):
errMsg = "on Sybase it is not possible to establish an " errMsg = "on Sybase it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
def osSmb(self): def osSmb(self):
errMsg = "on Sybase it is not possible to establish an " errMsg = "on Sybase it is not possible to establish an "
errMsg += "out-of-band connection" errMsg += "out-of-band connection"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)

10
plugins/generic/connector.py
View File

@ -59,24 +59,24 @@ class Connector:
def checkFileDb(self): def checkFileDb(self):
if not os.path.exists(self.db): if not os.path.exists(self.db):
errMsg = "the provided database file '%s' does not exist" % self.db errMsg = "the provided database file '%s' does not exist" % self.db
raise SqlmapFilePathException, errMsg raise SqlmapFilePathException(errMsg)
def connect(self): def connect(self):
errMsg = "'connect' method must be defined " errMsg = "'connect' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def fetchall(self): def fetchall(self):
errMsg = "'fetchall' method must be defined " errMsg = "'fetchall' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def execute(self, query): def execute(self, query):
errMsg = "'execute' method must be defined " errMsg = "'execute' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def select(self, query): def select(self, query):
errMsg = "'select' method must be defined " errMsg = "'select' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)

8
plugins/generic/databases.py
View File

@ -166,7 +166,7 @@ class Databases:
kb.data.cachedDbs = [kb.data.currentDb] kb.data.cachedDbs = [kb.data.currentDb]
else: else:
errMsg = "unable to retrieve the database names" errMsg = "unable to retrieve the database names"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
else: else:
kb.data.cachedDbs.sort() kb.data.cachedDbs.sort()
@ -354,7 +354,7 @@ class Databases:
logger.error(errMsg) logger.error(errMsg)
return self.getTables(bruteForce=True) return self.getTables(bruteForce=True)
else: else:
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
else: else:
for db, tables in kb.data.cachedTables.items(): for db, tables in kb.data.cachedTables.items():
kb.data.cachedTables[db] = sorted(tables) if tables else tables kb.data.cachedTables[db] = sorted(tables) if tables else tables
@ -384,7 +384,7 @@ class Databases:
if ',' in conf.db: if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating " errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns" errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException(errMsg)
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
@ -422,7 +422,7 @@ class Databases:
else: else:
errMsg = "unable to retrieve the tables " errMsg = "unable to retrieve the tables "
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
for tbl in tblList: for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)

6
plugins/generic/entries.py
View File

@ -67,7 +67,7 @@ class Entries:
if ',' in conf.db: if ',' in conf.db:
errMsg = "only one database name is allowed when enumerating " errMsg = "only one database name is allowed when enumerating "
errMsg += "the tables' columns" errMsg += "the tables' columns"
raise SqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException(errMsg)
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
@ -87,7 +87,7 @@ class Entries:
else: else:
errMsg = "unable to retrieve the tables " errMsg = "unable to retrieve the tables "
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db) errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
for tbl in tblList: for tbl in tblList:
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
@ -329,7 +329,7 @@ class Entries:
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema: if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
errMsg = "information_schema not available, " errMsg = "information_schema not available, "
errMsg += "back-end DBMS is MySQL < 5.0" errMsg += "back-end DBMS is MySQL < 5.0"
raise SqlmapUnsupportedFeatureException, errMsg raise SqlmapUnsupportedFeatureException(errMsg)
infoMsg = "sqlmap will dump entries of all tables from all databases now" infoMsg = "sqlmap will dump entries of all tables from all databases now"
logger.info(infoMsg) logger.info(infoMsg)

8
plugins/generic/filesystem.py
View File

@ -161,22 +161,22 @@ class Filesystem:
def nonStackedReadFile(self, remoteFile): def nonStackedReadFile(self, remoteFile):
errMsg = "'nonStackedReadFile' method must be defined " errMsg = "'nonStackedReadFile' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def stackedReadFile(self, remoteFile): def stackedReadFile(self, remoteFile):
errMsg = "'stackedReadFile' method must be defined " errMsg = "'stackedReadFile' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def unionWriteFile(self, localFile, remoteFile, fileType): def unionWriteFile(self, localFile, remoteFile, fileType):
errMsg = "'unionWriteFile' method must be defined " errMsg = "'unionWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def stackedWriteFile(self, localFile, remoteFile, fileType): def stackedWriteFile(self, localFile, remoteFile, fileType):
errMsg = "'stackedWriteFile' method must be defined " errMsg = "'stackedWriteFile' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def readFile(self, remoteFiles): def readFile(self, remoteFiles):
localFilePaths = [] localFilePaths = []

6
plugins/generic/fingerprint.py
View File

@ -22,17 +22,17 @@ class Fingerprint:
def getFingerprint(self): def getFingerprint(self):
errMsg = "'getFingerprint' method must be defined " errMsg = "'getFingerprint' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def checkDbms(self): def checkDbms(self):
errMsg = "'checkDbms' method must be defined " errMsg = "'checkDbms' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def checkDbmsOs(self, detailed=False): def checkDbmsOs(self, detailed=False):
errMsg = "'checkDbmsOs' method must be defined " errMsg = "'checkDbmsOs' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def forceDbmsEnum(self): def forceDbmsEnum(self):
pass pass

4
plugins/generic/misc.py
View File

@ -79,7 +79,7 @@ class Miscellaneous:
first, last = 29, 9 first, last = 29, 9
else: else:
raise SqlmapUnsupportedFeatureException, "unsupported DBMS" raise SqlmapUnsupportedFeatureException("unsupported DBMS")
query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last) query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last)
@ -189,6 +189,6 @@ class Miscellaneous:
condParam = "='%s'" condParam = "='%s'"
else: else:
errMsg = "invalid value" errMsg = "invalid value"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
return choice, condParam return choice, condParam

2
plugins/generic/search.py
View File

@ -558,4 +558,4 @@ class Search:
else: else:
errMsg = "missing parameter, provide -D, -T or -C along " errMsg = "missing parameter, provide -D, -T or -C along "
errMsg += "with --search" errMsg += "with --search"
raise SqlmapMissingMandatoryOptionException, errMsg raise SqlmapMissingMandatoryOptionException(errMsg)

4
plugins/generic/syntax.py
View File

@ -19,10 +19,10 @@ class Syntax:
def unescape(expression, quote=True): def unescape(expression, quote=True):
errMsg = "'unescape' method must be defined " errMsg = "'unescape' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
@staticmethod @staticmethod
def escape(expression): def escape(expression):
errMsg = "'escape' method must be defined " errMsg = "'escape' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)

6
plugins/generic/takeover.py
View File

@ -124,7 +124,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg += "if you want to establish an out-of-band ICMP " errMsg += "if you want to establish an out-of-band ICMP "
errMsg += "tunnel because icmpsh uses raw sockets to " errMsg += "tunnel because icmpsh uses raw sockets to "
errMsg += "sniff and craft ICMP packets" errMsg += "sniff and craft ICMP packets"
raise SqlmapMissingPrivileges, errMsg raise SqlmapMissingPrivileges(errMsg)
try: try:
from impacket import ImpactDecoder from impacket import ImpactDecoder
@ -133,7 +133,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
errMsg = "sqlmap requires 'impacket' third-party library " errMsg = "sqlmap requires 'impacket' third-party library "
errMsg += "in order to run icmpsh master. Download from " errMsg += "in order to run icmpsh master. Download from "
errMsg += "http://oss.coresecurity.com/projects/impacket.html" errMsg += "http://oss.coresecurity.com/projects/impacket.html"
raise SqlmapMissingDependence, errMsg raise SqlmapMissingDependence(errMsg)
sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all" sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all"
@ -325,7 +325,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
def uncPathRequest(self): def uncPathRequest(self):
errMsg = "'uncPathRequest' method must be defined " errMsg = "'uncPathRequest' method must be defined "
errMsg += "into the specific DBMS plugin" errMsg += "into the specific DBMS plugin"
raise SqlmapUndefinedMethod, errMsg raise SqlmapUndefinedMethod(errMsg)
def _regInit(self): def _regInit(self):
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct: if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:

8
plugins/generic/users.py
View File

@ -116,7 +116,7 @@ class Users:
if not isNumPosStrValue(count): if not isNumPosStrValue(count):
errMsg = "unable to retrieve the number of database users" errMsg = "unable to retrieve the number of database users"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2) plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2)
indexRange = getLimitRange(count, plusOne=plusOne) indexRange = getLimitRange(count, plusOne=plusOne)
@ -135,7 +135,7 @@ class Users:
if not kb.data.cachedUsers: if not kb.data.cachedUsers:
errMsg = "unable to retrieve the database users" errMsg = "unable to retrieve the database users"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
return kb.data.cachedUsers return kb.data.cachedUsers
@ -296,7 +296,7 @@ class Users:
errMsg += "database users (most probably because the session " errMsg += "database users (most probably because the session "
errMsg += "user has no read privileges over the relevant " errMsg += "user has no read privileges over the relevant "
errMsg += "system database table)" errMsg += "system database table)"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
else: else:
for user in kb.data.cachedUsersPasswords: for user in kb.data.cachedUsersPasswords:
kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user])) kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user]))
@ -585,7 +585,7 @@ class Users:
if not kb.data.cachedUsersPrivileges: if not kb.data.cachedUsersPrivileges:
errMsg = "unable to retrieve the privileges " errMsg = "unable to retrieve the privileges "
errMsg += "for the database users" errMsg += "for the database users"
raise SqlmapNoneDataException, errMsg raise SqlmapNoneDataException(errMsg)
return (kb.data.cachedUsersPrivileges, areAdmins) return (kb.data.cachedUsersPrivileges, areAdmins)

2
tamper/multiplespaces.py
View File

@ -22,7 +22,7 @@ def tamper(payload, **kwargs):
Example: Example:
* Input: UNION SELECT * Input: UNION SELECT
* Output: UNION SELECT * Output: UNION SELECT
Notes: Notes:
* Useful to bypass very weak and bespoke web application firewalls * Useful to bypass very weak and bespoke web application firewalls

2
tamper/space2morehash.py
View File

@ -51,7 +51,7 @@ def tamper(payload, **kwargs):
else: else:
return match.group() return match.group()
retVal = "" retVal = ""
if payload: if payload:
payload = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), payload) payload = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), payload)

14
tamper/space2mssqlblank.py
View File

@ -42,16 +42,16 @@ def tamper(payload, **kwargs):
# STX 02 start of text # STX 02 start of text
# ETX 03 end of text # ETX 03 end of text
# EOT 04 end of transmission # EOT 04 end of transmission
# ENQ 05 enquiry # ENQ 05 enquiry
# ACK 06 acknowledge # ACK 06 acknowledge
# BEL 07 bell # BEL 07 bell
# BS 08 backspace # BS 08 backspace
# TAB 09 horizontal tab # TAB 09 horizontal tab
# LF 0A new line # LF 0A new line
# VT 0B vertical TAB # VT 0B vertical TAB
# FF 0C new page # FF 0C new page
# CR 0D carriage return # CR 0D carriage return
# SO 0E shift out # SO 0E shift out
# SI 0F shift in # SI 0F shift in
blanks = ('%01', '%02', '%03', '%04', '%05', '%06', '%07', '%08', '%09', '%0B', '%0C', '%0D', '%0E', '%0F', '%0A') blanks = ('%01', '%02', '%03', '%04', '%05', '%06', '%07', '%08', '%09', '%0B', '%0C', '%0D', '%0E', '%0F', '%0A')
retVal = payload retVal = payload
@ -82,7 +82,7 @@ def tamper(payload, **kwargs):
else: else:
retVal += random.choice(blanks) retVal += random.choice(blanks)
continue continue
retVal += payload[i] retVal += payload[i]