sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor cleanup

Browse Source
This commit is contained in:
Miroslav Stampar 2012-08-20 11:40:49 +02:00
parent 2b6123c4f8
commit 823dde73ab
5 changed files with 12 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
lib/controller/checks.py
View File

@ -190,7 +190,7 @@ def checkSqlInjection(place, parameter, value):
msg += "back-end DBMS could be %s. " % Format.getErrorParsedDBMSes()
msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
if conf.realTest or readInput(msg, default="Y") in ("y", "Y"):
if readInput(msg, default="Y") in ("y", "Y"):
kb.skipOthersDbms = Backend.getErrorParsedDBMSes()
else:
kb.skipOthersDbms = []
@ -503,7 +503,7 @@ def checkSqlInjection(place, parameter, value):
injection.conf.regexp = conf.regexp
injection.conf.optimize = conf.optimize
if conf.beep or conf.realTest:
if conf.beep:
beep()
# There is no need to perform this test for other
@ -644,44 +644,6 @@ def heuristicCheckSqlInjection(place, parameter):
return result
def simpletonCheckSqlInjection(place, parameter, value):
"""
This is a function for the quickest and simplest
SQL injection check (e.g. AND 1=1) - only works
with integer parameters
"""
result = False
randInt = randomInt()
if value.isdigit():
payload = "%s AND %d=%d" % (value, randInt, randInt)
else:
return False
payload = agent.payload(place, parameter, value, payload)
firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
payload = "%s AND %d=%d" % (value, randInt, randInt + 1)
payload = agent.payload(place, parameter, value, payload)
secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
result = getComparePageRatio(firstPage, secondPage, filtered=True) <= CONSTANT_RATIO
infoMsg = "simpleton test shows that %s " % place
infoMsg += "parameter '%s' might " % parameter
if result:
infoMsg += "be injectable"
logger.info(infoMsg)
else:
infoMsg += "not be injectable"
logger.warn(infoMsg)
return result
def checkDynParam(place, parameter, value):
"""
This function checks if the url parameter is dynamic. If it is
@ -806,10 +768,7 @@ def checkStability():
logger.warn(warnMsg)
message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] "
if not conf.realTest:
test = readInput(message, default="C")
else:
test = None
test = readInput(message, default="C")
if test and test[0] in ("q", "Q"):
raise sqlmapUserQuitException

20
lib/controller/controller.py
View File

@ -18,7 +18,6 @@ from lib.controller.checks import checkConnection
from lib.controller.checks import checkNullConnection
from lib.controller.checks import checkWaf
from lib.controller.checks import heuristicCheckSqlInjection
from lib.controller.checks import simpletonCheckSqlInjection
from lib.core.agent import agent
from lib.core.common import extractRegexResult
from lib.core.common import getFilteredPageContent
@ -327,8 +326,6 @@ def start():
elif test[0] in ("q", "Q"):
break
elif conf.realTest:
logger.info(message)
else:
message += "\ndo you want to test this url? [Y/n/q]"
test = readInput(message, default="Y")
@ -440,11 +437,9 @@ def start():
infoMsg = "ignoring %s parameter '%s'" % (place, parameter)
logger.info(infoMsg)
elif conf.realTest:
pass
elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
if not checkDynParam(place, parameter, value):
kb.dynamicParameter = checkDynParam(place, parameter, value)
if not kb.dynamicParameter:
warnMsg = "%s parameter '%s' appears to be not dynamic" % (place, parameter)
logger.warn(warnMsg)
@ -458,7 +453,7 @@ def start():
check = heuristicCheckSqlInjection(place, parameter)
if not check:
if conf.smart or conf.realTest and not simpletonCheckSqlInjection(place, parameter, value):
if conf.smart:
infoMsg = "skipping %s parameter '%s'" % (place, parameter)
logger.info(infoMsg)
continue
@ -495,7 +490,7 @@ def start():
errMsg = "no parameter(s) found for testing in the provided data "
errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
raise sqlmapNoneDataException, errMsg
elif not conf.realTest:
else:
errMsg = "all parameters appear to be not injectable."
if conf.level < 5 or conf.risk < 3:
@ -542,9 +537,6 @@ def start():
errMsg += "expression that you have choosen "
errMsg += "does not match exclusively True responses"
raise sqlmapNotVulnerableException, errMsg
else:
errMsg = "it seems that all parameters are not injectable"
raise sqlmapNotVulnerableException, errMsg
else:
# Flush the flag
@ -556,9 +548,7 @@ def start():
__selectInjection()
if kb.injection.place is not None and kb.injection.parameter is not None:
if kb.testQueryCount == 0 and conf.realTest:
condition = False
elif conf.multipleTargets:
if conf.multipleTargets:
message = "do you want to exploit this SQL injection? [Y/n] "
exploit = readInput(message, default="Y")

1
lib/core/option.py
View File

@ -1484,6 +1484,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.docRoot = None
kb.dumpTable = None
kb.dynamicMarkings = []
kb.dynamicParameter = False
kb.endDetection = False
kb.explicitSettings = set()
kb.errorIsNone = True

5
lib/parse/cmdline.py
View File

@ -668,9 +668,6 @@ def cmdLineParser():
parser.add_option("--live-test", dest="liveTest", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--real-test", dest="realTest", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--run-case", dest="runCase", type="int",
help=SUPPRESS_HELP)
@ -744,7 +741,7 @@ def cmdLineParser():
expandMnemonics(sys.argv[i+1], parser, args)
if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.realTest, args.wizard, args.dependencies, args.purgeOutput)):
args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purgeOutput)):
errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --update, --purge-output or --dependencies), "
errMsg += "use -h for basic or -hh for advanced help"
parser.error(errMsg)

7
lib/request/connect.py
View File

@ -268,9 +268,6 @@ class Connect:
# Prepare HTTP headers
headers = forgeHeaders({HTTPHEADER.COOKIE: cookie, HTTPHEADER.USER_AGENT: ua, HTTPHEADER.REFERER: referer})
if conf.realTest:
headers[HTTPHEADER.REFERER] = "%s://%s" % (conf.scheme, conf.hostname)
if kb.authHeader:
headers[HTTPHEADER.AUTHORIZATION] = kb.authHeader
@ -447,7 +444,7 @@ class Connect:
return None, None, None
else:
warnMsg = "unable to connect to the target url (%d - %s)" % (e.code, httplib.responses[e.code])
if threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest:
if threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ", sqlmap is going to retry the request"
logger.critical(warnMsg)
return Connect.__retryProxy(**kwargs)
@ -490,7 +487,7 @@ class Connect:
return None, None, None
elif silent or (ignoreTimeout and any(_ in tbMsg for _ in ("timed out", "IncompleteRead"))):
return None, None, None
elif threadData.retriesCount < conf.retries and not kb.threadException and not conf.realTest:
elif threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ", sqlmap is going to retry the request"
logger.critical(warnMsg)
return Connect.__retryProxy(**kwargs)