sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 19:55:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Style and consistency update (url -> URL)

Browse Source
This commit is contained in:
stamparm 2013-04-09 11:48:42 +02:00
parent 3948b527dd
commit 8c9da95343
13 changed files with 53 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/action.py
View File

@ -22,7 +22,7 @@ from lib.techniques.brute.use import tableExists
def action(): def action():
""" """
This function exploit the SQL injection on the affected This function exploit the SQL injection on the affected
url parameter and extract requested data from the URL parameter and extract requested data from the
back-end database management system or operating system back-end database management system or operating system
if possible if possible
""" """

16
lib/controller/checks.py
View File

@ -791,7 +791,7 @@ def heuristicCheckSqlInjection(place, parameter):
def checkDynParam(place, parameter, value): def checkDynParam(place, parameter, value):
""" """
This function checks if the url parameter is dynamic. If it is This function checks if the URL parameter is dynamic. If it is
dynamic, the content of the page differs, otherwise the dynamic, the content of the page differs, otherwise the
dynamicity might depend on another parameter. dynamicity might depend on another parameter.
""" """
@ -855,14 +855,14 @@ def checkDynamicContent(firstPage, secondPage):
count += 1 count += 1
if count > conf.retries: if count > conf.retries:
warnMsg = "target url is too dynamic. " warnMsg = "target URL is too dynamic. "
warnMsg += "Switching to '--text-only' " warnMsg += "Switching to '--text-only' "
logger.warn(warnMsg) logger.warn(warnMsg)
conf.textOnly = True conf.textOnly = True
return return
warnMsg = "target url is heavily dynamic" warnMsg = "target URL is heavily dynamic"
warnMsg += ". sqlmap is going to retry the request" warnMsg += ". sqlmap is going to retry the request"
logger.critical(warnMsg) logger.critical(warnMsg)
@ -880,7 +880,7 @@ def checkStability():
like for instance string matching (--string). like for instance string matching (--string).
""" """
infoMsg = "testing if the url is stable. This can take a couple of seconds" infoMsg = "testing if the target URL is stable. This can take a couple of seconds"
logger.info(infoMsg) logger.info(infoMsg)
firstPage = kb.originalPage # set inside checkConnection() firstPage = kb.originalPage # set inside checkConnection()
@ -894,7 +894,7 @@ def checkStability():
if kb.pageStable: if kb.pageStable:
if firstPage: if firstPage:
infoMsg = "url is stable" infoMsg = "target URL is stable"
logger.info(infoMsg) logger.info(infoMsg)
else: else:
errMsg = "there was an error checking the stability of page " errMsg = "there was an error checking the stability of page "
@ -904,7 +904,7 @@ def checkStability():
logger.error(errMsg) logger.error(errMsg)
else: else:
warnMsg = "url is not stable, sqlmap will base the page " warnMsg = "target URL is not stable. sqlmap will base the page "
warnMsg += "comparison on a sequence matcher. If no dynamic nor " warnMsg += "comparison on a sequence matcher. If no dynamic nor "
warnMsg += "injectable parameters are detected, or in case of " warnMsg += "injectable parameters are detected, or in case of "
warnMsg += "junk results, refer to user's manual paragraph " warnMsg += "junk results, refer to user's manual paragraph "
@ -1112,7 +1112,7 @@ def checkNullConnection():
if conf.data: if conf.data:
return False return False
infoMsg = "testing NULL connection to the target url" infoMsg = "testing NULL connection to the target URL"
logger.info(infoMsg) logger.info(infoMsg)
try: try:
@ -1148,7 +1148,7 @@ def checkConnection(suppressOutput=False):
raise SqlmapConnectionException(errMsg) raise SqlmapConnectionException(errMsg)
if not suppressOutput and not conf.dummy: if not suppressOutput and not conf.dummy:
infoMsg = "testing connection to the target url" infoMsg = "testing connection to the target URL"
logger.info(infoMsg) logger.info(infoMsg)
try: try:

10
lib/controller/controller.py
View File

@ -253,7 +253,7 @@ def start():
if conf.configFile and not kb.targets: if conf.configFile and not kb.targets:
errMsg = "you did not edit the configuration file properly, set " errMsg = "you did not edit the configuration file properly, set "
errMsg += "the target url, list of targets or google dork" errMsg += "the target URL, list of targets or google dork"
logger.error(errMsg) logger.error(errMsg)
return False return False
@ -301,7 +301,7 @@ def start():
if conf.forms: if conf.forms:
message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl) message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
else: else:
message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "") message = "URL %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl, " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork and conf.pageRank else "")
if conf.cookie: if conf.cookie:
message += "\nCookie: %s" % conf.cookie message += "\nCookie: %s" % conf.cookie
@ -340,7 +340,7 @@ def start():
break break
else: else:
message += "\ndo you want to test this url? [Y/n/q]" message += "\ndo you want to test this URL? [Y/n/q]"
test = readInput(message, default="Y") test = readInput(message, default="Y")
if not test or test[0] in ("y", "Y"): if not test or test[0] in ("y", "Y"):
@ -350,7 +350,7 @@ def start():
elif test[0] in ("q", "Q"): elif test[0] in ("q", "Q"):
break break
infoMsg = "testing url '%s'" % targetUrl infoMsg = "testing URL '%s'" % targetUrl
logger.info(infoMsg) logger.info(infoMsg)
setupTargetEnv() setupTargetEnv()
@ -602,7 +602,7 @@ def start():
e = getUnicode(e) e = getUnicode(e)
if conf.multipleTargets: if conf.multipleTargets:
e += ", skipping to the next %s" % ("form" if conf.forms else "url") e += ", skipping to the next %s" % ("form" if conf.forms else "URL")
logger.error(e) logger.error(e)
else: else:
logger.critical(e) logger.critical(e)

20
lib/core/common.py
View File

@ -1127,7 +1127,7 @@ def parseTargetDirect():
def parseTargetUrl(): def parseTargetUrl():
""" """
Parse target url and set some attributes into the configuration singleton. Parse target URL and set some attributes into the configuration singleton.
""" """
if not conf.url: if not conf.url:
@ -1165,14 +1165,14 @@ def parseTargetUrl():
_ = None _ = None
if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))): if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))):
errMsg = "invalid target url" errMsg = "invalid target URL"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
if len(hostnamePort) == 2: if len(hostnamePort) == 2:
try: try:
conf.port = int(hostnamePort[1]) conf.port = int(hostnamePort[1])
except: except:
errMsg = "invalid target url" errMsg = "invalid target URL"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
elif conf.scheme == "https": elif conf.scheme == "https":
conf.port = 443 conf.port = 443
@ -1186,13 +1186,13 @@ def parseTargetUrl():
conf.url = conf.url.replace(URI_QUESTION_MARKER, '?') conf.url = conf.url.replace(URI_QUESTION_MARKER, '?')
if not conf.referer and intersect(REFERER_ALIASES, conf.testParameter, True): if not conf.referer and intersect(REFERER_ALIASES, conf.testParameter, True):
debugMsg = "setting the HTTP Referer header to the target url" debugMsg = "setting the HTTP Referer header to the target URL"
logger.debug(debugMsg) logger.debug(debugMsg)
conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.REFERER, conf.httpHeaders) conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.REFERER, conf.httpHeaders)
conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url)) conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url))
if not conf.host and intersect(HOST_ALIASES, conf.testParameter, True): if not conf.host and intersect(HOST_ALIASES, conf.testParameter, True):
debugMsg = "setting the HTTP Host header to the target url" debugMsg = "setting the HTTP Host header to the target URL"
logger.debug(debugMsg) logger.debug(debugMsg)
conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.HOST, conf.httpHeaders) conf.httpHeaders = filter(lambda (key, value): key != HTTP_HEADER.HOST, conf.httpHeaders)
conf.httpHeaders.append((HTTP_HEADER.HOST, getHostHeader(conf.url))) conf.httpHeaders.append((HTTP_HEADER.HOST, getHostHeader(conf.url)))
@ -2120,7 +2120,7 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
return char if char in charset else match.group(0) return char if char in charset else match.group(0)
result = value result = value
if plusspace: if plusspace:
result = result.replace("+", " ") # plus sign has a special meaning in url encoded data (hence the usage of urllib.unquote_plus in convall case) result = result.replace("+", " ") # plus sign has a special meaning in URL encoded data (hence the usage of urllib.unquote_plus in convall case)
result = re.sub("%([0-9a-fA-F]{2})", _, result) result = re.sub("%([0-9a-fA-F]{2})", _, result)
if isinstance(result, str): if isinstance(result, str):
@ -2147,7 +2147,7 @@ def urlencode(value, safe="%&=", convall=False, limit=False, spaceplus=False):
safe = "" safe = ""
# corner case when character % really needs to be # corner case when character % really needs to be
# encoded (when not representing url encoded char) # encoded (when not representing URL encoded char)
# except in cases when tampering scripts are used # except in cases when tampering scripts are used
if all(map(lambda x: '%' in x, [safe, value])) and not kb.tamperFunctions: if all(map(lambda x: '%' in x, [safe, value])) and not kb.tamperFunctions:
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value) value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value)
@ -3119,7 +3119,7 @@ def randomizeParameterValue(value):
def asciifyUrl(url, forceQuote=False): def asciifyUrl(url, forceQuote=False):
""" """
Attempts to make a unicode url usuable with ``urllib/urllib2``. Attempts to make a unicode URL usuable with ``urllib/urllib2``.
More specifically, it attempts to convert the unicode object ``url``, More specifically, it attempts to convert the unicode object ``url``,
which is meant to represent a IRI, to an unicode object that, which is meant to represent a IRI, to an unicode object that,
@ -3232,7 +3232,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
try: try:
forms = ParseResponse(response, backwards_compat=False) forms = ParseResponse(response, backwards_compat=False)
except ParseError: except ParseError:
warnMsg = "badly formed HTML at the given url ('%s'). Going to filter it" % url warnMsg = "badly formed HTML at the given URL ('%s'). Going to filter it" % url
logger.warning(warnMsg) logger.warning(warnMsg)
response.seek(0) response.seek(0)
filtered = _("".join(re.findall(FORM_SEARCH_REGEX, response.read())), response.geturl()) filtered = _("".join(re.findall(FORM_SEARCH_REGEX, response.read())), response.geturl())
@ -3279,7 +3279,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
target = (url, method, data, conf.cookie) target = (url, method, data, conf.cookie)
retVal.add(target) retVal.add(target)
else: else:
errMsg = "there were no forms found at the given target url" errMsg = "there were no forms found at the given target URL"
if raise_: if raise_:
raise SqlmapGenericException(errMsg) raise SqlmapGenericException(errMsg)
else: else:

4
lib/core/option.py
View File

@ -189,7 +189,7 @@ def _urllib2Opener():
def _feedTargetsDict(reqFile, addedTargetUrls): def _feedTargetsDict(reqFile, addedTargetUrls):
""" """
Parses web scarab and burp logs and adds results to the target url list Parses web scarab and burp logs and adds results to the target URL list
""" """
def _parseWebScarabLog(content): def _parseWebScarabLog(content):
@ -1045,7 +1045,7 @@ def _setSafeUrl():
conf.safUrl = "http://" + conf.safUrl conf.safUrl = "http://" + conf.safUrl
if conf.saFreq <= 0: if conf.saFreq <= 0:
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature" errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe URL feature"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
def _setPrefixSuffix(): def _setPrefixSuffix():

2
lib/core/settings.py
View File

@ -307,7 +307,7 @@ REFLECTED_MAX_REGEX_PARTS = 10
# Chars which can be used as a failsafe values in case of too long URL encoding value # Chars which can be used as a failsafe values in case of too long URL encoding value
URLENCODE_FAILSAFE_CHARS = "()|," URLENCODE_FAILSAFE_CHARS = "()|,"
# Maximum length of urlencoded value after which failsafe procedure takes away # Maximum length of URL encoded value after which failsafe procedure takes away
URLENCODE_CHAR_LIMIT = 2000 URLENCODE_CHAR_LIMIT = 2000
# Default schema for Microsoft SQL Server DBMS # Default schema for Microsoft SQL Server DBMS

6
lib/core/target.py
View File

@ -155,14 +155,14 @@ def _setRequestParams():
kb.processUserMarks = True if (kb.postHint and CUSTOM_INJECTION_MARK_CHAR in conf.data) else kb.processUserMarks kb.processUserMarks = True if (kb.postHint and CUSTOM_INJECTION_MARK_CHAR in conf.data) else kb.processUserMarks
if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint: if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint:
warnMsg = "you've provided target url without any GET " warnMsg = "you've provided target URL without any GET "
warnMsg += "parameters (e.g. www.site.com/article.php?id=1) " warnMsg += "parameters (e.g. www.site.com/article.php?id=1) "
warnMsg += "and without providing any POST parameters " warnMsg += "and without providing any POST parameters "
warnMsg += "through --data option" warnMsg += "through --data option"
logger.warn(warnMsg) logger.warn(warnMsg)
message = "do you want to try URI injections " message = "do you want to try URI injections "
message += "in the target url itself? [Y/n/q] " message += "in the target URL itself? [Y/n/q] "
test = readInput(message, default="Y") test = readInput(message, default="Y")
if not test or test[0] not in ("n", "N"): if not test or test[0] not in ("n", "N"):
@ -423,7 +423,7 @@ def _setResultsFile():
if not conf.resultsFP: if not conf.resultsFP:
conf.resultsFilename = "%s%s%s" % (paths.SQLMAP_OUTPUT_PATH, os.sep, time.strftime(RESULTS_FILE_FORMAT).lower()) conf.resultsFilename = "%s%s%s" % (paths.SQLMAP_OUTPUT_PATH, os.sep, time.strftime(RESULTS_FILE_FORMAT).lower())
conf.resultsFP = codecs.open(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0) conf.resultsFP = codecs.open(conf.resultsFilename, "w+", UNICODE_ENCODING, buffering=0)
conf.resultsFP.writelines("Target url,Place,Parameter,Techniques%s" % os.linesep) conf.resultsFP.writelines("Target URL,Place,Parameter,Techniques%s" % os.linesep)
logger.info("using '%s' as the CSV results file in multiple targets mode" % conf.resultsFilename) logger.info("using '%s' as the CSV results file in multiple targets mode" % conf.resultsFilename)

2
lib/request/basic.py
View File

@ -61,7 +61,7 @@ def forgeHeaders(items=None):
if ("%s=" % cookie.name) in headers[HTTP_HEADER.COOKIE]: if ("%s=" % cookie.name) in headers[HTTP_HEADER.COOKIE]:
if kb.mergeCookies is None: if kb.mergeCookies is None:
message = "you provided a HTTP %s header value. " % HTTP_HEADER.COOKIE message = "you provided a HTTP %s header value. " % HTTP_HEADER.COOKIE
message += "The target url provided its own cookies within " message += "The target URL provided its own cookies within "
message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE message += "the HTTP %s header which intersect with yours. " % HTTP_HEADER.SET_COOKIE
message += "Do you want to merge them in futher requests? [Y/n] " message += "Do you want to merge them in futher requests? [Y/n] "
_ = readInput(message, default="Y") _ = readInput(message, default="Y")

22
lib/request/connect.py
View File

@ -126,7 +126,7 @@ class Connect(object):
warnMsg += "(e.g. 'https://help.ubuntu.com/community/Tor')" warnMsg += "(e.g. 'https://help.ubuntu.com/community/Tor')"
else: else:
warnMsg = "if the problem persists please check that the provided " warnMsg = "if the problem persists please check that the provided "
warnMsg += "target url is valid. In case that it is, you can try to rerun " warnMsg += "target URL is valid. In case that it is, you can try to rerun "
warnMsg += "with the switch '--random-agent' turned on " warnMsg += "with the switch '--random-agent' turned on "
warnMsg += "and/or proxy switches ('--ignore-proxy', '--proxy',...)" warnMsg += "and/or proxy switches ('--ignore-proxy', '--proxy',...)"
singleTimeWarnMessage(warnMsg) singleTimeWarnMessage(warnMsg)
@ -175,8 +175,8 @@ class Connect(object):
@staticmethod @staticmethod
def getPage(**kwargs): def getPage(**kwargs):
""" """
This method connects to the target url or proxy and returns This method connects to the target URL or proxy and returns
the target url page content the target URL page content
""" """
if conf.delay is not None and isinstance(conf.delay, (int, float)) and conf.delay > 0: if conf.delay is not None and isinstance(conf.delay, (int, float)) and conf.delay > 0:
@ -488,7 +488,7 @@ class Connect(object):
if ignoreTimeout: if ignoreTimeout:
return None, None, None return None, None, None
else: else:
warnMsg = "unable to connect to the target url (%d - %s)" % (e.code, httplib.responses[e.code]) warnMsg = "unable to connect to the target URL (%d - %s)" % (e.code, httplib.responses[e.code])
if threadData.retriesCount < conf.retries and not kb.threadException: if threadData.retriesCount < conf.retries and not kb.threadException:
warnMsg += ". sqlmap is going to retry the request" warnMsg += ". sqlmap is going to retry the request"
logger.critical(warnMsg) logger.critical(warnMsg)
@ -506,23 +506,23 @@ class Connect(object):
tbMsg = traceback.format_exc() tbMsg = traceback.format_exc()
if "no host given" in tbMsg: if "no host given" in tbMsg:
warnMsg = "invalid url address used (%s)" % repr(url) warnMsg = "invalid URL address used (%s)" % repr(url)
raise SqlmapSyntaxException(warnMsg) raise SqlmapSyntaxException(warnMsg)
elif "forcibly closed" in tbMsg: elif "forcibly closed" in tbMsg:
warnMsg = "connection was forcibly closed by the target url" warnMsg = "connection was forcibly closed by the target URL"
elif "timed out" in tbMsg: elif "timed out" in tbMsg:
warnMsg = "connection timed out to the target url" warnMsg = "connection timed out to the target URL"
elif "URLError" in tbMsg or "error" in tbMsg: elif "URLError" in tbMsg or "error" in tbMsg:
warnMsg = "unable to connect to the target url" warnMsg = "unable to connect to the target URL"
elif "BadStatusLine" in tbMsg: elif "BadStatusLine" in tbMsg:
warnMsg = "connection dropped or unknown HTTP " warnMsg = "connection dropped or unknown HTTP "
warnMsg += "status code received. Try to force the HTTP User-Agent " warnMsg += "status code received. Try to force the HTTP User-Agent "
warnMsg += "header with option '--user-agent' or switch '--random-agent'" warnMsg += "header with option '--user-agent' or switch '--random-agent'"
elif "IncompleteRead" in tbMsg: elif "IncompleteRead" in tbMsg:
warnMsg = "there was an incomplete read error while retrieving data " warnMsg = "there was an incomplete read error while retrieving data "
warnMsg += "from the target url" warnMsg += "from the target URL"
else: else:
warnMsg = "unable to connect to the target url" warnMsg = "unable to connect to the target URL"
if "BadStatusLine" not in tbMsg: if "BadStatusLine" not in tbMsg:
warnMsg += " or proxy" warnMsg += " or proxy"
@ -569,7 +569,7 @@ class Connect(object):
@staticmethod @staticmethod
def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True): def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True):
""" """
This method calls a function to get the target url page content This method calls a function to get the target URL page content
and returns its page MD5 hash or a boolean value in case of and returns its page MD5 hash or a boolean value in case of
string match check ('--string' command line parameter) string match check ('--string' command line parameter)
""" """

2
lib/techniques/blind/inference.py
View File

@ -450,7 +450,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
infoMsg = None infoMsg = None
# If we have got one single character not correctly fetched it # If we have got one single character not correctly fetched it
# can mean that the connection to the target url was lost # can mean that the connection to the target URL was lost
if None in value: if None in value:
partialValue = "".join(value[:value.index(None)]) partialValue = "".join(value[:value.index(None)])

10
lib/techniques/union/test.py
View File

@ -90,7 +90,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
found = kb.orderByColumns or _orderByTechnique() found = kb.orderByColumns or _orderByTechnique()
if found: if found:
kb.orderByColumns = found kb.orderByColumns = found
infoMsg = "target url appears to have %d column%s in query" % (found, 's' if found > 1 else "") infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "")
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
return found return found
@ -150,7 +150,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
kb.errorIsNone = popValue() kb.errorIsNone = popValue()
if retVal: if retVal:
infoMsg = "target url appears to be UNION injectable with %d columns" % retVal infoMsg = "target URL appears to be UNION injectable with %d columns" % retVal
singleTimeLogMessage(infoMsg) singleTimeLogMessage(infoMsg)
return retVal return retVal
@ -165,7 +165,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
random.shuffle(positions) random.shuffle(positions)
# For each column of the table (# of NULL) perform a request using # For each column of the table (# of NULL) perform a request using
# the UNION ALL SELECT statement to test it the target url is # the UNION ALL SELECT statement to test it the target URL is
# affected by an exploitable union SQL injection vulnerability # affected by an exploitable union SQL injection vulnerability
for position in positions: for position in positions:
# Prepare expression with delimiters # Prepare expression with delimiters
@ -252,7 +252,7 @@ def _unionConfirm(comment, place, parameter, prefix, suffix, count):
def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix): def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix):
""" """
This method tests if the target url is affected by an union This method tests if the target URL is affected by an union
SQL injection vulnerability. The test is done up to 50 columns SQL injection vulnerability. The test is done up to 50 columns
on the target database table on the target database table
""" """
@ -297,7 +297,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
def unionTest(comment, place, parameter, value, prefix, suffix): def unionTest(comment, place, parameter, value, prefix, suffix):
""" """
This method tests if the target url is affected by an union This method tests if the target URL is affected by an union
SQL injection vulnerability. The test is done up to 3*50 times SQL injection vulnerability. The test is done up to 3*50 times
""" """

4
lib/techniques/union/use.py
View File

@ -146,8 +146,8 @@ def configUnion(char=None, columns=None):
def unionUse(expression, unpack=True, dump=False): def unionUse(expression, unpack=True, dump=False):
""" """
This function tests for an union SQL injection on the target This function tests for an union SQL injection on the target
url then call its subsidiary function to effectively perform an URL then call its subsidiary function to effectively perform an
union SQL injection on the affected url union SQL injection on the affected URL
""" """
initTechnique(PAYLOAD.TECHNIQUE.UNION) initTechnique(PAYLOAD.TECHNIQUE.UNION)

6
lib/utils/crawler.py
View File

@ -46,11 +46,11 @@ def crawl(target):
content = Request.getPage(url=current, crawling=True, raise404=False)[0] content = Request.getPage(url=current, crawling=True, raise404=False)[0]
except SqlmapConnectionException, e: except SqlmapConnectionException, e:
errMsg = "connection exception detected (%s). skipping " % e errMsg = "connection exception detected (%s). skipping " % e
errMsg += "url '%s'" % current errMsg += "URL '%s'" % current
logger.critical(errMsg) logger.critical(errMsg)
except httplib.InvalidURL, e: except httplib.InvalidURL, e:
errMsg = "invalid url detected (%s). skipping " % e errMsg = "invalid URL detected (%s). skipping " % e
errMsg += "url '%s'" % current errMsg += "URL '%s'" % current
logger.critical(errMsg) logger.critical(errMsg)
if not kb.threadContinue: if not kb.threadContinue: