diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 18f46deb6..29a0f312d 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -45,29 +45,6 @@ from lib.core.session import setTimeBased from lib.core.target import initTargetEnv from lib.core.target import setupTargetEnv -def __saveToSessionFile(): - for inj in kb.injections: - setInjection(inj) - - place = inj.place - parameter = inj.parameter - - for stype, sdata in inj.data.items(): - payload = sdata[0] - - if stype == 1: - kb.booleanTest = payload - setBooleanBased(place, parameter, payload) - elif stype == 2: - kb.errorTest = payload - setError(place, parameter, payload) - elif stype == 4: - kb.stackedTest = payload - setStacked(place, parameter, payload) - elif stype == 5: - kb.timeTest = payload - setTimeBased(place, parameter, payload) - def __selectInjection(): """ Selection function for injection place, parameters and type. @@ -144,6 +121,29 @@ def __showInjections(): dumper.technic(header, data) +def __saveToSessionFile(): + for inj in kb.injections: + setInjection(inj) + + place = inj.place + parameter = inj.parameter + + for stype, sdata in inj.data.items(): + payload = sdata[0] + + if stype == 1: + kb.booleanTest = payload + setBooleanBased(place, parameter, payload) + elif stype == 2: + kb.errorTest = payload + setError(place, parameter, payload) + elif stype == 4: + kb.stackedTest = payload + setStacked(place, parameter, payload) + elif stype == 5: + kb.timeTest = payload + setTimeBased(place, parameter, payload) + def start(): """ This function calls a function that performs checks on both URL diff --git a/lib/core/option.py b/lib/core/option.py index dc23269f9..c0ccd9c6d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -499,24 +499,6 @@ def __setWriteFile(): conf.wFileType = getFileType(conf.wFile) def __setUnion(): - if isinstance(conf.uTech, basestring): - debugMsg = "setting the UNION query SQL injection detection technique" - logger.debug(debugMsg) - - uTechOriginal = conf.uTech - conf.uTech = conf.uTech.lower() - - if conf.uTech and conf.uTech not in ( "char", "orderby" ): - infoMsg = "resetting the UNION query detection technique to " - infoMsg += "'char', '%s' is not a valid technique" % uTechOriginal - logger.info(infoMsg) - - conf.uTech = "char" - else: - debugMsg = "setting UNION query detection technique to " - debugMsg += "'%s'" % uTechOriginal - logger.debug(debugMsg) - if isinstance(conf.uCols, basestring) and conf.uChar != "1-20": debugMsg = "setting the UNION query SQL injection range of columns" logger.debug(debugMsg) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index a7547ccc5..bb308dbee 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -77,7 +77,6 @@ optDict = { "Techniques": { "timeSec": "integer", "unionTest": "boolean", - "uTech": "string", "uCols": "integer", "uChar": "string" }, diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index bc9d9d898..42db40e5f 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -235,9 +235,6 @@ def cmdLineParser(): action="store_true", default=False, help="Test for and use UNION query (inband) SQL injection") - techniques.add_option("--union-tech", dest="uTech", default="char", - help="Technique to test for UNION query SQL injection") - techniques.add_option("--union-cols", dest="uCols", default="1-20", help="Range of columns to test for UNION query SQL injection") diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py index 166f5ed38..af6b0e29f 100644 --- a/lib/techniques/inband/union/test.py +++ b/lib/techniques/inband/union/test.py @@ -117,26 +117,6 @@ def __unionTestByCharBruteforce(comment): return validPayload -def __unionTestByOrderBy(comment): - columns = None - prevPayload = "" - - for count in range(conf.uColsStart, conf.uColsStop+1): - query = agent.prefixQuery("ORDER BY %d" % count) - orderByQuery = agent.suffixQuery(query, comment) - payload = agent.payload(newValue=orderByQuery, negative=negative, falseCond=falseCond) - _, seqMatcher = Request.queryPage(payload, getSeqMatcher=True) - - if seqMatcher >= 0.6: - columns = count - setUnion(count=count) - elif columns: - break - - prevPayload = payload - - return columns - def unionTest(): """ This method tests if the target url is affected by an inband @@ -149,9 +129,7 @@ def unionTest(): if kb.unionTest is not None: return kb.unionTest - if conf.uTech == "orderby": - technique = "ORDER BY clause bruteforcing" - elif conf.uChar == "NULL": + if conf.uChar == "NULL": technique = "NULL bruteforcing" else: technique = "char (%s) bruteforcing" % conf.uChar @@ -163,10 +141,7 @@ def unionTest(): validPayload = None comment = queries[kb.dbms].comment.query - if conf.uTech == "orderby": - validPayload = __unionTestByOrderBy(comment) - else: - validPayload = __unionTestByCharBruteforce(comment) + validPayload = __unionTestByCharBruteforce(comment) if validPayload: setUnion(comment=comment) diff --git a/sqlmap.conf b/sqlmap.conf index a57062a25..36ef110e9 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -255,13 +255,6 @@ timeSec = 5 # Valid: True or False unionTest = False -# Technique to test for UNION query SQL injection -# The possible techniques are by NULL bruteforcing (bf) or by ORDER BY -# clause (ob) -# Valid: char, OrderBy -# Default: char -uTech = char - # Range of columns to test for # Valid: range of integers # Default: 1-20