sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar 2011-12-21 11:50:49 +00:00
parent 0b54553a76
commit 81bd9a201b
8 changed files with 33 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/core/common.py
View File

@ -101,8 +101,6 @@ from lib.core.settings import DUMP_NEWLINE_MARKER
from lib.core.settings import DUMP_CR_MARKER from lib.core.settings import DUMP_CR_MARKER
from lib.core.settings import DUMP_DEL_MARKER from lib.core.settings import DUMP_DEL_MARKER
from lib.core.settings import DUMP_TAB_MARKER from lib.core.settings import DUMP_TAB_MARKER
from lib.core.settings import DUMP_START_MARKER
from lib.core.settings import DUMP_STOP_MARKER
from lib.core.settings import ML from lib.core.settings import ML
from lib.core.settings import MIN_TIME_RESPONSES from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import PAYLOAD_DELIMITER
@ -1047,7 +1045,6 @@ def restoreDumpMarkedChars(inpStr, onlyNewlineTab=False):
replacedString = replacedString.replace(DUMP_NEWLINE_MARKER, "\n").replace(DUMP_CR_MARKER, "\r").replace(DUMP_TAB_MARKER, "\t") replacedString = replacedString.replace(DUMP_NEWLINE_MARKER, "\n").replace(DUMP_CR_MARKER, "\r").replace(DUMP_TAB_MARKER, "\t")
if not onlyNewlineTab: if not onlyNewlineTab:
replacedString = replacedString.replace(DUMP_START_MARKER, "").replace(DUMP_STOP_MARKER, "")
replacedString = replacedString.replace(DUMP_DEL_MARKER, ", ") replacedString = replacedString.replace(DUMP_DEL_MARKER, ", ")
return replacedString return replacedString
@ -1351,14 +1348,8 @@ def parseUnionPage(output, expression, partial=False, sort=True):
data = BigArray() data = BigArray()
outCond1 = ( output.startswith(kb.chars.start) and output.endswith(kb.chars.stop) ) if output.startswith(kb.chars.start) and output.endswith(kb.chars.stop):
outCond2 = ( output.startswith(DUMP_START_MARKER) and output.endswith(DUMP_STOP_MARKER) ) regExpr = '%s(.*?)%s' % (kb.chars.start, kb.chars.stop)
if outCond1 or outCond2:
if outCond1:
regExpr = '%s(.*?)%s' % (kb.chars.start, kb.chars.stop)
elif outCond2:
regExpr = '%s(.*?)%s' % (DUMP_START_MARKER, DUMP_STOP_MARKER)
output = re.findall(regExpr, output, re.DOTALL | re.IGNORECASE) output = re.findall(regExpr, output, re.DOTALL | re.IGNORECASE)
@ -2536,11 +2527,12 @@ def setOptimize():
def initTechnique(technique=None): def initTechnique(technique=None):
""" """
Prepares proper page template and match ratio for technique specified Prepares data for technique specified
""" """
try: try:
data = getTechniqueData(technique) data = getTechniqueData(technique)
resetCounter(technique)
if data: if data:
kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place) kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)
@ -3172,3 +3164,11 @@ def unserializeObject(value):
if value: if value:
retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode retVal = pickle.loads(value.encode(UNICODE_ENCODING)) # pickle has problems with Unicode
return retVal return retVal
def resetCounter(counter):
kb.counters[counter] = 0
def incrementCounter(counter):
if counter not in kb.counters:
resetCounter(counter)
kb.counters[counter] += 1

1
lib/core/option.py
View File

@ -1402,6 +1402,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.cache.stdev = {} kb.cache.stdev = {}
kb.commonOutputs = None kb.commonOutputs = None
kb.counters = {}
kb.data = AttribDict() kb.data = AttribDict()
kb.dataOutputFlag = False kb.dataOutputFlag = False

2
lib/core/settings.py
View File

@ -52,8 +52,6 @@ DUMP_NEWLINE_MARKER = "__NEWLINE__"
DUMP_CR_MARKER = "__CARRIAGE_RETURN__" DUMP_CR_MARKER = "__CARRIAGE_RETURN__"
DUMP_DEL_MARKER = "__DEL__" DUMP_DEL_MARKER = "__DEL__"
DUMP_TAB_MARKER = "__TAB__" DUMP_TAB_MARKER = "__TAB__"
DUMP_START_MARKER = "__START__"
DUMP_STOP_MARKER = "__STOP__"
URI_QUESTION_MARKER = "__QUESTION_MARK__" URI_QUESTION_MARKER = "__QUESTION_MARK__"

12
lib/techniques/error/use.py
View File

@ -19,6 +19,7 @@ from lib.core.common import dataToSessionFile
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import incrementCounter
from lib.core.common import initTechnique from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue from lib.core.common import isNumPosStrValue
from lib.core.common import listToStrValue from lib.core.common import listToStrValue
@ -46,11 +47,7 @@ from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.utils.resume import resume from lib.utils.resume import resume
reqCount = 0
def __oneShotErrorUse(expression, field): def __oneShotErrorUse(expression, field):
global reqCount
retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
@ -85,7 +82,7 @@ def __oneShotErrorUse(expression, field):
# Perform the request # Perform the request
page, headers = Request.queryPage(payload, content=True) page, headers = Request.queryPage(payload, content=True)
reqCount += 1 incrementCounter(PAYLOAD.TECHNIQUE.ERROR)
# Parse the returned page to get the exact error-based # Parse the returned page to get the exact error-based
# sql injection output # sql injection output
@ -204,8 +201,6 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
initTechnique(PAYLOAD.TECHNIQUE.ERROR) initTechnique(PAYLOAD.TECHNIQUE.ERROR)
global reqCount
count = None count = None
start = time.time() start = time.time()
startLimit = 0 startLimit = 0
@ -213,7 +208,6 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
outputs = [] outputs = []
untilLimitChar = None untilLimitChar = None
untilOrderChar = None untilOrderChar = None
reqCount = 0
if resumeValue: if resumeValue:
output = resume(expression, None) output = resume(expression, None)
@ -392,7 +386,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
duration = calculateDeltaSeconds(start) duration = calculateDeltaSeconds(start)
if not kb.bruteMode: if not kb.bruteMode:
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration) debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.ERROR], duration)
logger.debug(debugMsg) logger.debug(debugMsg)
return outputs return outputs

24
lib/techniques/union/use.py
View File

@ -20,6 +20,7 @@ from lib.core.common import dataToStdout
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import getConsoleWidth from lib.core.common import getConsoleWidth
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.common import incrementCounter
from lib.core.common import initTechnique from lib.core.common import initTechnique
from lib.core.common import isNumPosStrValue from lib.core.common import isNumPosStrValue
from lib.core.common import listToStrValue from lib.core.common import listToStrValue
@ -44,11 +45,7 @@ from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.utils.resume import resume from lib.utils.resume import resume
reqCount = 0
def __oneShotUnionUse(expression, unpack=True, limited=False): def __oneShotUnionUse(expression, unpack=True, limited=False):
global reqCount
retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None retVal = conf.hashDB.retrieve(expression) if not any([conf.flushSession, conf.freshQueries]) else None
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
@ -59,13 +56,9 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start) trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
# Prepare expression with delimiters # Prepare expression with delimiters
injExpression = agent.concatQuery(expression, unpack) injExpression = unescaper.unescape(agent.concatQuery(expression, unpack))
injExpression = unescaper.unescape(injExpression)
if conf.limitStart or conf.limitStop: where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None
where = PAYLOAD.WHERE.NEGATIVE
else:
where = None
# Forge the inband SQL injection request # Forge the inband SQL injection request
vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
@ -75,7 +68,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
# Perform the request # Perform the request
page, headers = Request.queryPage(payload, content=True, raise404=False) page, headers = Request.queryPage(payload, content=True, raise404=False)
reqCount += 1 incrementCounter(PAYLOAD.TECHNIQUE.UNION)
# Parse the returned page to get the exact union-based # Parse the returned page to get the exact union-based
# sql injection output # sql injection output
@ -129,8 +122,7 @@ def configUnion(char=None, columns=None):
if not colsStart.isdigit() or not colsStop.isdigit(): if not colsStart.isdigit() or not colsStop.isdigit():
raise sqlmapSyntaxException, "--union-cols must be a range of integers" raise sqlmapSyntaxException, "--union-cols must be a range of integers"
conf.uColsStart = int(colsStart) conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
conf.uColsStop = int(colsStop)
if conf.uColsStart > conf.uColsStop: if conf.uColsStart > conf.uColsStop:
errMsg = "--union-cols range has to be from lower to " errMsg = "--union-cols range has to be from lower to "
@ -149,15 +141,13 @@ def unionUse(expression, unpack=True, dump=False):
initTechnique(PAYLOAD.TECHNIQUE.UNION) initTechnique(PAYLOAD.TECHNIQUE.UNION)
global reqCount
count = None count = None
origExpr = expression origExpr = expression
startLimit = 0 startLimit = 0
stopLimit = None stopLimit = None
test = True test = True
value = "" value = ""
reqCount = 0
width = getConsoleWidth() width = getConsoleWidth()
start = time.time() start = time.time()
@ -362,7 +352,7 @@ def unionUse(expression, unpack=True, dump=False):
duration = calculateDeltaSeconds(start) duration = calculateDeltaSeconds(start)
if not kb.bruteMode: if not kb.bruteMode:
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration) debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.UNION], duration)
logger.debug(debugMsg) logger.debug(debugMsg)
return value return value

8
lib/utils/hashdb.py
View File

@ -116,5 +116,9 @@ class HashDB(object):
def endTransaction(self): def endTransaction(self):
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
if threadData.inTransaction: if threadData.inTransaction:
self.cursor.execute('END TRANSACTION') try:
threadData.inTransaction = False self.cursor.execute('END TRANSACTION')
except sqlite3.OperationalError, ex:
pass
finally:
threadData.inTransaction = False

17
lib/utils/resume.py
View File

@ -27,8 +27,6 @@ from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.techniques.blind.inference import bisection from lib.techniques.blind.inference import bisection
from lib.core.settings import DUMP_START_MARKER
from lib.core.settings import DUMP_STOP_MARKER
from lib.core.settings import DUMP_DEL_MARKER from lib.core.settings import DUMP_DEL_MARKER
def queryOutputLength(expression, payload): def queryOutputLength(expression, payload):
@ -120,20 +118,11 @@ def resume(expression, payload):
resumedValue = resumedValue[:-1] resumedValue = resumedValue[:-1]
infoMsg = "read from file '%s': " % conf.sessionFile infoMsg = "read from file '%s': " % conf.sessionFile
logValue = getCompiledRegex("%s(.*?)%s" % (DUMP_START_MARKER, DUMP_STOP_MARKER), re.S).findall(resumedValue)
if logValue: if "\n" in resumedValue:
if kb.technique == PAYLOAD.TECHNIQUE.UNION: infoMsg += "%s..." % resumedValue.split("\n")[0]
logValue = ", ".join(value.replace(DUMP_DEL_MARKER, ", ") for value in logValue)
else:
return None
else: else:
logValue = resumedValue infoMsg += resumedValue
if "\n" in logValue:
infoMsg += "%s..." % logValue.split("\n")[0]
else:
infoMsg += logValue
if not kb.suppressResumeInfo: if not kb.suppressResumeInfo:
dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg)) dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg))

2
plugins/generic/enumeration.py
View File

@ -1444,7 +1444,7 @@ class Enumeration:
if not validPivotValue: if not validPivotValue:
warnMsg = "no proper pivot column provided (with unique values)." warnMsg = "no proper pivot column provided (with unique values)."
warnMsg += " all rows can't be retrieved." warnMsg += " It's not possible to retrieve all rows."
logger.warn(warnMsg) logger.warn(warnMsg)
pivotValue = " " pivotValue = " "