sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor cleanup

Browse Source
This commit is contained in:
Miroslav Stampar 2012-08-20 11:40:49 +02:00
parent 2b6123c4f8
commit 823dde73ab
5 changed files with 12 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
lib/controller/checks.py
View File

@ -190,7 +190,7 @@ def checkSqlInjection(place, parameter, value):
msg += "back-end DBMS could be %s. " % Format.getErrorParsedDBMSes() msg += "back-end DBMS could be %s. " % Format.getErrorParsedDBMSes()
msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]" msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
if conf.realTest or readInput(msg, default="Y") in ("y", "Y"): if readInput(msg, default="Y") in ("y", "Y"):
kb.skipOthersDbms = Backend.getErrorParsedDBMSes() kb.skipOthersDbms = Backend.getErrorParsedDBMSes()
else: else:
kb.skipOthersDbms = [] kb.skipOthersDbms = []
@ -503,7 +503,7 @@ def checkSqlInjection(place, parameter, value):
injection.conf.regexp = conf.regexp injection.conf.regexp = conf.regexp
injection.conf.optimize = conf.optimize injection.conf.optimize = conf.optimize
if conf.beep or conf.realTest: if conf.beep:
beep() beep()
# There is no need to perform this test for other # There is no need to perform this test for other
@ -644,44 +644,6 @@ def heuristicCheckSqlInjection(place, parameter):
return result return result
def simpletonCheckSqlInjection(place, parameter, value):
"""
This is a function for the quickest and simplest
SQL injection check (e.g. AND 1=1) - only works
with integer parameters
"""
result = False
randInt = randomInt()
if value.isdigit():
payload = "%s AND %d=%d" % (value, randInt, randInt)
else:
return False
payload = agent.payload(place, parameter, value, payload)
firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
payload = "%s AND %d=%d" % (value, randInt, randInt + 1)
payload = agent.payload(place, parameter, value, payload)
secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
result = getComparePageRatio(firstPage, secondPage, filtered=True) <= CONSTANT_RATIO
infoMsg = "simpleton test shows that %s " % place
infoMsg += "parameter '%s' might " % parameter
if result:
infoMsg += "be injectable"
logger.info(infoMsg)
else:
infoMsg += "not be injectable"
logger.warn(infoMsg)
return result
def checkDynParam(place, parameter, value): def checkDynParam(place, parameter, value):
""" """
This function checks if the url parameter is dynamic. If it is This function checks if the url parameter is dynamic. If it is
@ -806,10 +768,7 @@ def checkStability():
logger.warn(warnMsg) logger.warn(warnMsg)
message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] " message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] "
if not conf.realTest: test = readInput(message, default="C")
test = readInput(message, default="C")
else:
test = None
if test and test[0] in ("q", "Q"): if test and test[0] in ("q", "Q"):
raise sqlmapUserQuitException raise sqlmapUserQuitException

20
lib/controller/controller.py
View File

@ -18,7 +18,6 @@ from lib.controller.checks import checkConnection
from lib.controller.checks import checkNullConnection from lib.controller.checks import checkNullConnection
from lib.controller.checks import checkWaf from lib.controller.checks import checkWaf
from lib.controller.checks import heuristicCheckSqlInjection from lib.controller.checks import heuristicCheckSqlInjection
from lib.controller.checks import simpletonCheckSqlInjection
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
from lib.core.common import getFilteredPageContent from lib.core.common import getFilteredPageContent
@ -327,8 +326,6 @@ def start():
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
break break
elif conf.realTest:
logger.info(message)
else: else:
message += "\ndo you want to test this url? [Y/n/q]" message += "\ndo you want to test this url? [Y/n/q]"
test = readInput(message, default="Y") test = readInput(message, default="Y")
@ -440,11 +437,9 @@ def start():
infoMsg = "ignoring %s parameter '%s'" % (place, parameter) infoMsg = "ignoring %s parameter '%s'" % (place, parameter)
logger.info(infoMsg) logger.info(infoMsg)
elif conf.realTest:
pass
elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech: elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
if not checkDynParam(place, parameter, value): kb.dynamicParameter = checkDynParam(place, parameter, value)
if not kb.dynamicParameter:
warnMsg = "%s parameter '%s' appears to be not dynamic" % (place, parameter) warnMsg = "%s parameter '%s' appears to be not dynamic" % (place, parameter)
logger.warn(warnMsg) logger.warn(warnMsg)
@ -458,7 +453,7 @@ def start():
check = heuristicCheckSqlInjection(place, parameter) check = heuristicCheckSqlInjection(place, parameter)
if not check: if not check:
if conf.smart or conf.realTest and not simpletonCheckSqlInjection(place, parameter, value): if conf.smart:
infoMsg = "skipping %s parameter '%s'" % (place, parameter) infoMsg = "skipping %s parameter '%s'" % (place, parameter)
logger.info(infoMsg) logger.info(infoMsg)
continue continue
@ -495,7 +490,7 @@ def start():
errMsg = "no parameter(s) found for testing in the provided data " errMsg = "no parameter(s) found for testing in the provided data "
errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')" errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
raise sqlmapNoneDataException, errMsg raise sqlmapNoneDataException, errMsg
elif not conf.realTest: else:
errMsg = "all parameters appear to be not injectable." errMsg = "all parameters appear to be not injectable."
if conf.level < 5 or conf.risk < 3: if conf.level < 5 or conf.risk < 3:
@ -542,9 +537,6 @@ def start():
errMsg += "expression that you have choosen " errMsg += "expression that you have choosen "
errMsg += "does not match exclusively True responses" errMsg += "does not match exclusively True responses"
raise sqlmapNotVulnerableException, errMsg
else:
errMsg = "it seems that all parameters are not injectable"
raise sqlmapNotVulnerableException, errMsg raise sqlmapNotVulnerableException, errMsg
else: else:
# Flush the flag # Flush the flag
@ -556,9 +548,7 @@ def start():
__selectInjection() __selectInjection()
if kb.injection.place is not None and kb.injection.parameter is not None: if kb.injection.place is not None and kb.injection.parameter is not None:
if kb.testQueryCount == 0 and conf.realTest: if conf.multipleTargets:
condition = False
elif conf.multipleTargets:
message = "do you want to exploit this SQL injection? [Y/n] " message = "do you want to exploit this SQL injection? [Y/n] "
exploit = readInput(message, default="Y") exploit = readInput(message, default="Y")

1
lib/core/option.py
View File

@ -1484,6 +1484,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.docRoot = None kb.docRoot = None
kb.dumpTable = None kb.dumpTable = None
kb.dynamicMarkings = [] kb.dynamicMarkings = []
kb.dynamicParameter = False
kb.endDetection = False kb.endDetection = False
kb.explicitSettings = set() kb.explicitSettings = set()
kb.errorIsNone = True kb.errorIsNone = True

5
lib/parse/cmdline.py
View File

@ -668,9 +668,6 @@ def cmdLineParser():
parser.add_option("--live-test", dest="liveTest", action="store_true", parser.add_option("--live-test", dest="liveTest", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
parser.add_option("--real-test", dest="realTest", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--run-case", dest="runCase", type="int", parser.add_option("--run-case", dest="runCase", type="int",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
@ -744,7 +741,7 @@ def cmdLineParser():
expandMnemonics(sys.argv[i+1], parser, args) expandMnemonics(sys.argv[i+1], parser, args)
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \ if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard, args.dependencies, args.purgeOutput)): args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purgeOutput)):
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), " errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
errMsg += "use -h for basic or -hh for advanced help" errMsg += "use -h for basic or -hh for advanced help"
parser.error(errMsg) parser.error(errMsg)

7
lib/request/connect.py
View File

@ -268,9 +268,6 @@ class Connect:
# Prepare HTTP headers # Prepare HTTP headers
headers = forgeHeaders({HTTPHEADER.COOKIE: cookie, HTTPHEADER.USER_AGENT: ua, HTTPHEADER.REFERER: referer}) headers = forgeHeaders({HTTPHEADER.COOKIE: cookie, HTTPHEADER.USER_AGENT: ua, HTTPHEADER.REFERER: referer})
if conf.realTest:
headers[HTTPHEADER.REFERER] = "%s://%s" % (conf.scheme, conf.hostname)
if kb.authHeader: if kb.authHeader:
headers[HTTPHEADER.AUTHORIZATION] = kb.authHeader headers[HTTPHEADER.AUTHORIZATION] = kb.authHeader
@ -447,7 +444,7 @@ class Connect:
return None, None, None return None, None, None
else: else:
warnMsg = "unable to connect to the target url (%d - %s)" % (e.code, httplib.responses[e.code]) warnMsg = "unable to connect to the target url (%d - %s)" % (e.code, httplib.responses[e.code])
if threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest: if threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ", sqlmap is going to retry the request" warnMsg += ", sqlmap is going to retry the request"
logger.critical(warnMsg) logger.critical(warnMsg)
return Connect.__retryProxy(**kwargs) return Connect.__retryProxy(**kwargs)
@ -490,7 +487,7 @@ class Connect:
return None, None, None return None, None, None
elif silent or (ignoreTimeout and any(_ in tbMsg for _ in ("timed out", "IncompleteRead"))): elif silent or (ignoreTimeout and any(_ in tbMsg for _ in ("timed out", "IncompleteRead"))):
return None, None, None return None, None, None
elif threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest: elif threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ", sqlmap is going to retry the request" warnMsg += ", sqlmap is going to retry the request"
logger.critical(warnMsg) logger.critical(warnMsg)
return Connect.__retryProxy(**kwargs) return Connect.__retryProxy(**kwargs)