sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)

Browse Source
This commit is contained in:
Miroslav Stampar 2012-08-22 11:56:30 +02:00
parent 7d0662da23
commit 8a5042b6a4
4 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/controller/checks.py
View File

@ -41,6 +41,7 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.datatype import AttribDict from lib.core.datatype import AttribDict
from lib.core.datatype import InjectionDict from lib.core.datatype import InjectionDict
from lib.core.enums import HEURISTIC_TEST
from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD from lib.core.enums import HTTPMETHOD
from lib.core.enums import NULLCONNECTION from lib.core.enums import NULLCONNECTION
@ -648,8 +649,6 @@ def heuristicCheckSqlInjection(place, parameter):
payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE) payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
casting = Request.queryPage(payload, place, raise404=False) casting = Request.queryPage(payload, place, raise404=False)
kb.heuristicTest = result
if result: if result:
infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION) infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
logger.info(infoMsg) logger.info(infoMsg)
@ -666,7 +665,9 @@ def heuristicCheckSqlInjection(place, parameter):
message = "do you want to skip those kind of cases (and save scanning time)? [Y/n] " message = "do you want to skip those kind of cases (and save scanning time)? [Y/n] "
kb.ignoreCasted = readInput(message, default='Y').upper() != 'N' kb.ignoreCasted = readInput(message, default='Y').upper() != 'N'
return result kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE
return kb.heuristicTest
def checkDynParam(place, parameter, value): def checkDynParam(place, parameter, value):
""" """

7
lib/controller/controller.py
View File

@ -36,6 +36,7 @@ from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.enums import HASHDB_KEYS from lib.core.enums import HASHDB_KEYS
from lib.core.enums import HEURISTIC_TEST
from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD from lib.core.enums import HTTPMETHOD
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
@ -453,8 +454,8 @@ def start():
if testSqlInj: if testSqlInj:
check = heuristicCheckSqlInjection(place, parameter) check = heuristicCheckSqlInjection(place, parameter)
if not check: if check != HEURISTIC_TEST.POSITIVE:
if conf.smart or kb.ignoreCasted: if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):
infoMsg = "skipping %s parameter '%s'" % (place, parameter) infoMsg = "skipping %s parameter '%s'" % (place, parameter)
logger.info(infoMsg) logger.info(infoMsg)
continue continue
@ -517,7 +518,7 @@ def start():
errMsg += "of comparison engine to detect at least " errMsg += "of comparison engine to detect at least "
errMsg += "one dynamic parameter)." errMsg += "one dynamic parameter)."
if kb.heuristicTest: if kb.heuristicTest == HEURISTIC_TEST.POSITIVE:
errMsg += " As heuristic test turned out positive you are " errMsg += " As heuristic test turned out positive you are "
errMsg += "strongly advised to continue on with the tests. " errMsg += "strongly advised to continue on with the tests. "
errMsg += "Please, consider usage of tampering scripts as " errMsg += "Please, consider usage of tampering scripts as "

3
lib/core/common.py
View File

@ -61,6 +61,7 @@ from lib.core.dicts import SQL_STATEMENTS
from lib.core.enums import CHARSET_TYPE from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS from lib.core.enums import DBMS
from lib.core.enums import EXPECTED from lib.core.enums import EXPECTED
from lib.core.enums import HEURISTIC_TEST
from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPHEADER
from lib.core.enums import HTTPMETHOD from lib.core.enums import HTTPMETHOD
from lib.core.enums import OS from lib.core.enums import OS
@ -197,7 +198,7 @@ class Format:
htmlParsed = None htmlParsed = None
if len(kb.htmlFp) == 0 or kb.heuristicTest is None: if len(kb.htmlFp) == 0 or kb.heuristicTest != HEURISTIC_TEST.POSITIVE:
pass pass
elif len(kb.htmlFp) == 1: elif len(kb.htmlFp) == 1:
htmlParsed = kb.htmlFp[0] htmlParsed = kb.htmlFp[0]

5
lib/core/enums.py
View File

@ -86,6 +86,11 @@ class CHARSET_TYPE:
ALPHA = 4, ALPHA = 4,
ALPHANUM = 5 ALPHANUM = 5
class HEURISTIC_TEST:
CASTED = 1,
NEGATIVE = 2,
POSITIVE = 3
class HASH: class HASH:
MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z' MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'
MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z' MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z'