sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2011-12-21 11:50:49 +00:00
parent 0b54553a76
commit 81bd9a201b
8 changed files with 33 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/core/common.py
View File

@ -101,8 +101,6 @@ from lib.core.settings import DUMP_NEWLINE_MARKER
from lib.core.settings import DUMP_CR_MARKER
from lib.core.settings import DUMP_DEL_MARKER
from lib.core.settings import DUMP_TAB_MARKER
from lib.core.settings import DUMP_START_MARKER
from lib.core.settings import DUMP_STOP_MARKER
from lib.core.settings import ML
from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import PAYLOAD_DELIMITER
@ -1047,7 +1045,6 @@ def restoreDumpMarkedChars(inpStr, onlyNewlineTab=False):
replacedString = replacedString.replace(DUMP_NEWLINE_MARKER, "\n").replace(DUMP_CR_MARKER, "\r").replace(DUMP_TAB_MARKER, "\t")
if not onlyNewlineTab:
replacedString = replacedString.replace(DUMP_START_MARKER, "").replace(DUMP_STOP_MARKER, "")
replacedString = replacedString.replace(DUMP_DEL_MARKER, ", ")
return replacedString
@ -1351,14 +1348,8 @@ def parseUnionPage(output, expression, partial=False, sort=True):
data = BigArray()
outCond1 = ( output.startswith(kb.chars.start) and output.endswith(kb.chars.stop) )
outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) )
if outCond1 or outCond2:
if outCond1:
regExpr = '%s(.*?)%s' % (kb.chars.start, kb.chars.stop)
elif outCond2:
regExpr = '%s(.*?)%s' % (DUMP_START_MARKER, DUMP_STOP_MARKER)
if output.startswith(kb.chars.start) and output.endswith(kb.chars.stop):
regExpr = '%s(.*?)%s' % (kb.chars.start, kb.chars.stop)
output = re.findall(regExpr, output, re.DOTALL | re.IGNORECASE)
@ -2536,11 +2527,12 @@ def setOptimize():
def initTechnique(technique=None):
"""
Prepares proper page template and match ratio for technique specified
Prepares data for technique specified
"""
try:
data = getTechniqueData(technique)
resetCounter(technique)
if data:
kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)
@ -3172,3 +3164,11 @@ def unserializeObject(value):
if value:
retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode
return retVal
def resetCounter(counter):
kb.counters[counter] = 0
def incrementCounter(counter):
if counter not in kb.counters:
resetCounter(counter)
kb.counters[counter] += 1

1
lib/core/option.py
View File

@ -1402,6 +1402,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.cache.stdev = {}
kb.commonOutputs = None
kb.counters = {}
kb.data = AttribDict()
kb.dataOutputFlag = False

2
lib/core/settings.py
View File

@ -52,8 +52,6 @@ DUMP_NEWLINE_MARKER = "__NEWLINE__"
DUMP_CR_MARKER = "__CARRIAGE_RETURN__"
DUMP_DEL_MARKER = "__DEL__"
DUMP_TAB_MARKER = "__TAB__"
DUMP_START_MARKER = "__START__"
DUMP_STOP_MARKER = "__STOP__"
URI_QUESTION_MARKER = "__QUESTION_MARK__"

12
lib/techniques/error/use.py
View File

@ -19,6 +19,7 @@ from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout
from lib.core.common import extractRegexResult
from lib.core.common import getUnicode
from lib.core.common import incrementCounter
from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue
from lib.core.common import listToStrValue
@ -46,11 +47,7 @@ from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request
from lib.utils.resume import resume
reqCount = 0
def __oneShotErrorUse(expression, field):
global reqCount
retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None
threadData = getCurrentThreadData()
@ -85,7 +82,7 @@ def __oneShotErrorUse(expression, field):
# Perform the request
page, headers = Request.queryPage(payload, content=True)
reqCount += 1
incrementCounter(PAYLOAD.TECHNIQUE.ERROR)
# Parse the returned page to get the exact error-based
# sql injection output
@ -204,8 +201,6 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
initTechnique(PAYLOAD.TECHNIQUE.ERROR)
global reqCount
count = None
start = time.time()
startLimit = 0
@ -213,7 +208,6 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
outputs = []
untilLimitChar = None
untilOrderChar = None
reqCount = 0
if resumeValue:
output = resume(expression, None)
@ -392,7 +386,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
duration = calculateDeltaSeconds(start)
if not kb.bruteMode:
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.ERROR], duration)
logger.debug(debugMsg)
return outputs

24
lib/techniques/union/use.py
View File

@ -20,6 +20,7 @@ from lib.core.common import dataToStdout
from lib.core.common import extractRegexResult
from lib.core.common import getConsoleWidth
from lib.core.common import getUnicode
from lib.core.common import incrementCounter
from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue
from lib.core.common import listToStrValue
@ -44,11 +45,7 @@ from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request
from lib.utils.resume import resume
reqCount = 0
def __oneShotUnionUse(expression, unpack=True, limited=False):
global reqCount
retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None
threadData = getCurrentThreadData()
@ -59,13 +56,9 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
# Prepare expression with delimiters
injExpression = agent.concatQuery(expression, unpack)
injExpression = unescaper.unescape(injExpression)
injExpression = unescaper.unescape(agent.concatQuery(expression, unpack))
if conf.limitStart or conf.limitStop:
where = PAYLOAD.WHERE.NEGATIVE
else:
where = None
where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None
# Forge the inband SQL injection request
vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
@ -75,7 +68,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
# Perform the request
page, headers = Request.queryPage(payload, content=True, raise404=False)
reqCount += 1
incrementCounter(PAYLOAD.TECHNIQUE.UNION)
# Parse the returned page to get the exact union-based
# sql injection output
@ -129,8 +122,7 @@ def configUnion(char=None, columns=None):
if not colsStart.isdigit() or not colsStop.isdigit():
raise sqlmapSyntaxException, "--union-cols must be a range of integers"
conf.uColsStart = int(colsStart)
conf.uColsStop = int(colsStop)
conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
if conf.uColsStart > conf.uColsStop:
errMsg = "--union-cols range has to be from lower to "
@ -149,15 +141,13 @@ def unionUse(expression, unpack=True, dump=False):
initTechnique(PAYLOAD.TECHNIQUE.UNION)
global reqCount
count = None
origExpr = expression
startLimit = 0
stopLimit = None
test = True
value = ""
reqCount = 0
width = getConsoleWidth()
start = time.time()
@ -362,7 +352,7 @@ def unionUse(expression, unpack=True, dump=False):
duration = calculateDeltaSeconds(start)
if not kb.bruteMode:
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.UNION], duration)
logger.debug(debugMsg)
return value

8
lib/utils/hashdb.py
View File

@ -116,5 +116,9 @@ class HashDB(object):
def endTransaction(self):
threadData = getCurrentThreadData()
if threadData.inTransaction:
self.cursor.execute('END TRANSACTION')
threadData.inTransaction = False
try:
self.cursor.execute('END TRANSACTION')
except sqlite3.OperationalError, ex:
pass
finally:
threadData.inTransaction = False

17
lib/utils/resume.py
View File

@ -27,8 +27,6 @@ from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.unescaper import unescaper
from lib.techniques.blind.inference import bisection
from lib.core.settings import DUMP_START_MARKER
from lib.core.settings import DUMP_STOP_MARKER
from lib.core.settings import DUMP_DEL_MARKER
def queryOutputLength(expression, payload):
@ -120,20 +118,11 @@ def resume(expression, payload):
resumedValue = resumedValue[:-1]
infoMsg = "read from file '%s': " % conf.sessionFile
logValue = getCompiledRegex("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), re.S).findall(resumedValue)
if logValue:
if kb.technique == PAYLOAD.TECHNIQUE.UNION:
logValue = ", ".join(value.replace(DUMP_DEL_MARKER, ", ") for value in logValue)
else:
return None
if "\n" in resumedValue:
infoMsg += "%s..." % resumedValue.split("\n")[0]
else:
logValue = resumedValue
if "\n" in logValue:
infoMsg += "%s..." % logValue.split("\n")[0]
else:
infoMsg += logValue
infoMsg += resumedValue
if not kb.suppressResumeInfo:
dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg))

2
plugins/generic/enumeration.py
View File

@ -1444,7 +1444,7 @@ class Enumeration:
if not validPivotValue:
warnMsg = "no proper pivot column provided (with unique values)."
warnMsg += " all rows can't be retrieved."
warnMsg += " It's not possible to retrieve all rows."
logger.warn(warnMsg)
pivotValue = " "