sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Revert of previous commit (more care has to be done regarding headers dynamicity)

Browse Source
This commit is contained in:
Miroslav Stampar 2013-01-18 16:49:35 +01:00
parent 33094a118c
commit 8141d17985
3 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/controller/checks.py
View File

@ -360,11 +360,11 @@ def checkSqlInjection(place, parameter, value):
kb.matchRatio = None kb.matchRatio = None
kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE) kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE)
Request.queryPage(genCmpPayload(), place, raise404=False) Request.queryPage(genCmpPayload(), place, raise404=False)
falseContent = threadData.lastComparisonContent falsePage = threadData.lastComparisonPage or ""
# Perform the test's True request # Perform the test's True request
trueResult = Request.queryPage(reqPayload, place, raise404=False) trueResult = Request.queryPage(reqPayload, place, raise404=False)
trueContent = threadData.lastComparisonContent truePage = threadData.lastComparisonPage or ""
if trueResult: if trueResult:
falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) falseResult = Request.queryPage(genCmpPayload(), place, raise404=False)
@ -377,9 +377,9 @@ def checkSqlInjection(place, parameter, value):
injectable = True injectable = True
if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable: if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable:
trueSet = set(extractTextTagContent(trueContent)) trueSet = set(extractTextTagContent(truePage))
falseSet = set(extractTextTagContent(falseContent)) falseSet = set(extractTextTagContent(falsePage))
candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falseContent else None for _ in (trueSet - falseSet))) candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet)))
if candidates: if candidates:
conf.string = candidates[0] conf.string = candidates[0]
infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'")) infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'"))

2
lib/core/threads.py
View File

@ -41,7 +41,7 @@ class _ThreadData(threading.local):
self.disableStdOut = False self.disableStdOut = False
self.hashDBCursor = None self.hashDBCursor = None
self.inTransaction = False self.inTransaction = False
self.lastComparisonContent = None self.lastComparisonPage = None
self.lastErrorPage = None self.lastErrorPage = None
self.lastHTTPError = None self.lastHTTPError = None
self.lastRedirectMsg = None self.lastRedirectMsg = None

13
lib/request/comparison.py
View File

@ -46,8 +46,8 @@ def _adjust(condition, getRatioValue):
def _comparison(page, headers, code, getRatioValue, pageLength): def _comparison(page, headers, code, getRatioValue, pageLength):
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
if kb.testMode or any((conf.string, conf.notString, conf.regexp)): if kb.testMode:
threadData.lastComparisonContent = "%s%s" % (listToStrValue(headers.headers if headers else ""), page or "") threadData.lastComparisonPage = page
if page is None and pageLength is None: if page is None and pageLength is None:
return None return None
@ -55,17 +55,20 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
seqMatcher = threadData.seqMatcher seqMatcher = threadData.seqMatcher
seqMatcher.set_seq1(kb.pageTemplate) seqMatcher.set_seq1(kb.pageTemplate)
if any((conf.string, conf.notString, conf.regexp)):
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
# String to match in page when the query is True and/or valid # String to match in page when the query is True and/or valid
if conf.string: if conf.string:
return conf.string in threadData.lastComparisonContent return conf.string in rawResponse
# String to match in page when the query is False and/or invalid # String to match in page when the query is False and/or invalid
if conf.notString: if conf.notString:
return conf.notString not in threadData.lastComparisonContent return conf.notString not in rawResponse
# Regular expression to match in page when the query is True and/or valid # Regular expression to match in page when the query is True and/or valid
if conf.regexp: if conf.regexp:
return re.search(conf.regexp, threadData.lastComparisonContent, re.I | re.M) is not None return re.search(conf.regexp, rawResponse, re.I | re.M) is not None
# HTTP code to match when the query is valid # HTTP code to match when the query is valid
if conf.code: if conf.code: