sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2011-03-29 06:25:17 +00:00
parent a2d5358b08
commit 86f93713d3
3 changed files with 17 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/controller/controller.py
View File

@ -314,10 +314,7 @@ def start():
parameters = conf.parameters.keys() parameters = conf.parameters.keys()
# Order of testing list (last to first) # Order of testing list (last to first)
if conf.forms or conf.data: orderList = (PLACE.URI, PLACE.GET, PLACE.POST)
orderList = (PLACE.URI, PLACE.GET, PLACE.POST)
else:
orderList = (PLACE.URI, PLACE.POST, PLACE.GET)
for place in orderList: for place in orderList:
if place in parameters: if place in parameters:
@ -334,8 +331,8 @@ def start():
# Test Cookie header only if --level >= 2 # Test Cookie header only if --level >= 2
condition |= (place == PLACE.COOKIE and conf.level < 2) condition |= (place == PLACE.COOKIE and conf.level < 2)
# Test GET parameter in case --data and/or --forms used only if --level >= 3 # Test GET parameter in case --data only if --level >= 3
condition |= (place == PLACE.GET and (conf.data or conf.forms) and conf.level < 3) condition |= (place == PLACE.GET and conf.data and conf.level < 3)
condition &= not (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.testParameter)) condition &= not (place == PLACE.UA and intersect(USER_AGENT_ALIASES, conf.testParameter))
condition &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter)) condition &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter))

4
lib/core/dump.py
View File

@ -166,7 +166,7 @@ class Dump:
if isinstance(table, (list, tuple, set)): if isinstance(table, (list, tuple, set)):
table = table[0] table = table[0]
maxlength = max(maxlength, len(normalizeUnicode(table))) maxlength = max(maxlength, len(normalizeUnicode(table) or str(table)))
lines = "-" * (int(maxlength) + 2) lines = "-" * (int(maxlength) + 2)
@ -186,7 +186,7 @@ class Dump:
if isinstance(table, (list, tuple, set)): if isinstance(table, (list, tuple, set)):
table = table[0] table = table[0]
blank = " " * (maxlength - len(normalizeUnicode(table))) blank = " " * (maxlength - len(normalizeUnicode(table) or str(table)))
self.__write("| %s%s |" % (table, blank)) self.__write("| %s%s |" % (table, blank))
self.__write("+%s+\n" % lines) self.__write("+%s+\n" % lines)

24
xml/livetests.xml
View File

@ -8,7 +8,7 @@
</global> </global>
<case name="MySQL (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)"> <case name="MySQL (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
<switches> <switches>
<url value="http://debianenv/sqlmap/mysql/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="1"/> <technique value="1"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -35,7 +35,7 @@
</case> </case>
<case name="MySQL (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)"> <case name="MySQL (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
<switches> <switches>
<url value="http://debianenv/sqlmap/mysql/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="2"/> <technique value="2"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -61,7 +61,7 @@
</case> </case>
<case name="MySQL (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)"> <case name="MySQL (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
<switches> <switches>
<url value="http://debianenv/sqlmap/mysql/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="3"/> <technique value="3"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -87,7 +87,7 @@
</case> </case>
<case name="MySQL partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)"> <case name="MySQL partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
<switches> <switches>
<url value="http://debianenv/sqlmap/mysql/get_int_partialunion.php?id=1"/> <url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="3"/> <technique value="3"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -113,7 +113,7 @@
</case> </case>
<case name="Postgres (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)"> <case name="Postgres (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
<switches> <switches>
<url value="http://debianenv/sqlmap/pgsql/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="1"/> <technique value="1"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -140,7 +140,7 @@
</case> </case>
<case name="Postgres (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)"> <case name="Postgres (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
<switches> <switches>
<url value="http://debianenv/sqlmap/pgsql/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="2"/> <technique value="2"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -166,7 +166,7 @@
</case> </case>
<case name="Postgres (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)"> <case name="Postgres (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
<switches> <switches>
<url value="http://debianenv/sqlmap/pgsql/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="3"/> <technique value="3"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -192,7 +192,7 @@
</case> </case>
<case name="Postgres partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)"> <case name="Postgres partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
<switches> <switches>
<url value="http://debianenv/sqlmap/pgsql/get_int_partialunion.php?id=1"/> <url value="http://debiandev/sqlmap/pgsql/get_int_partialunion.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="3"/> <technique value="3"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -218,7 +218,7 @@
</case> </case>
<case name="Oracle (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump --threads=4)"> <case name="Oracle (--technique=1 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump --threads=4)">
<switches> <switches>
<url value="http://debianenv/sqlmap/oracle/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="1"/> <technique value="1"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -245,7 +245,7 @@
</case> </case>
<case name="Oracle (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)"> <case name="Oracle (--technique=2 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
<switches> <switches>
<url value="http://debianenv/sqlmap/oracle/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="2"/> <technique value="2"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -271,7 +271,7 @@
</case> </case>
<case name="Oracle (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)"> <case name="Oracle (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
<switches> <switches>
<url value="http://debianenv/sqlmap/oracle/get_int.php?id=1"/> <url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="3"/> <technique value="3"/>
<getBanner value="True"/> <getBanner value="True"/>
@ -297,7 +297,7 @@
</case> </case>
<case name="Oracle partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)"> <case name="Oracle partial union (--technique=3 --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
<switches> <switches>
<url value="http://debianenv/sqlmap/oracle/get_int_partialunion.php?id=1"/> <url value="http://debiandev/sqlmap/oracle/get_int_partialunion.php?id=1"/>
<isDba value="True"/> <isDba value="True"/>
<technique value="3"/> <technique value="3"/>
<getBanner value="True"/> <getBanner value="True"/>