sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-05-12 11:30:32 +00:00
parent 8b74c405f5
commit 893bc04fe4
4 changed files with 27 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/optiondict.py
View File

@ -67,6 +67,7 @@ optDict = {
"regexp": "string", "regexp": "string",
"eString": "string", "eString": "string",
"eRegexp": "string", "eRegexp": "string",
"useBetween": "boolean",
}, },
"Techniques": { "Techniques": {

4
lib/parse/cmdline.py
View File

@ -182,6 +182,10 @@ def cmdLineParser():
help="Matches to be excluded before " help="Matches to be excluded before "
"comparing page contents") "comparing page contents")
injection.add_option("--use-between", dest="useBetween",
action="store_true",
help="Use operator BETWEEN instead of default '>'")
# Techniques options # Techniques options
techniques = OptionGroup(parser, "Techniques", "These options can " techniques = OptionGroup(parser, "Techniques", "These options can "
"be used to test for specific SQL injection " "be used to test for specific SQL injection "

26
lib/techniques/blind/inference.py
View File

@ -158,18 +158,30 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
posValueOld = posValue posValueOld = posValue
posValue = chr(posValue) posValue = chr(posValue)
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue)) if not conf.useBetween:
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
else:
forgedPayload = safeStringFormat(payload.replace('%3E', 'BETWEEN 0 AND '), (expressionUnescaped, idx, posValue))
result = Request.queryPage(urlencode(forgedPayload)) result = Request.queryPage(urlencode(forgedPayload))
if kb.dbms == "SQLite": if kb.dbms == "SQLite":
posValue = posValueOld posValue = posValueOld
if result: if not conf.useBetween: #normal
minValue = posValue if result:
asciiTbl = asciiTbl[position:] minValue = posValue
else: asciiTbl = asciiTbl[position:]
maxValue = posValue else:
asciiTbl = asciiTbl[:position] maxValue = posValue
asciiTbl = asciiTbl[:position]
else: #reversed
if result:
maxValue = posValue
asciiTbl = asciiTbl[:position]
else:
minValue = posValue
asciiTbl = asciiTbl[position:]
if len(asciiTbl) == 1: if len(asciiTbl) == 1:
if maxValue == 1: if maxValue == 1:

3
sqlmap.conf
View File

@ -184,6 +184,9 @@ eString =
# (http://www.python.org/doc/2.5.2/lib/re-syntax.html) # (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
eRegexp = eRegexp =
# Use operator BETWEEN instead of default '>'
# Valid: True or False
useBetween = False
# These options can be used to test for specific SQL injection technique # These options can be used to test for specific SQL injection technique
# or to use one of them to exploit the affected parameter(s) rather than # or to use one of them to exploit the affected parameter(s) rather than