sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-30 01:50:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge c665adb9c4 into 7960045cf9

Browse Source
This commit is contained in:
Thomas Perkins 2017-02-27 18:00:06 +00:00 committed by GitHub
commit 8f1295c3e4
5 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -2,4 +2,5 @@
output/ output/
.sqlmap_history .sqlmap_history
traffic.txt traffic.txt
*~ *~
.idea/

6
lib/core/common.py
View File

@ -591,10 +591,10 @@ def paramToDict(place, parameters=None):
or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _))\ or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _))\
and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX): and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):
warnMsg = "it appears that you have provided tainted parameter values " warnMsg = "it appears that you have provided tainted parameter values "
warnMsg += "('%s') with most probably leftover " % element warnMsg += "('%s') probably with leftover " % element
warnMsg += "chars/statements from manual SQL injection test(s). " warnMsg += "chars/statements from manual SQL injection test(s). "
warnMsg += "Please, always use only valid parameter values " warnMsg += "Please, always use only valid parameter values "
warnMsg += "so sqlmap could be able to run properly" warnMsg += "so sqlmap will be able to run properly"
logger.warn(warnMsg) logger.warn(warnMsg)
message = "are you really sure that you want to continue (sqlmap could have problems)? [y/N] " message = "are you really sure that you want to continue (sqlmap could have problems)? [y/N] "
@ -604,7 +604,7 @@ def paramToDict(place, parameters=None):
elif not _: elif not _:
warnMsg = "provided value for parameter '%s' is empty. " % parameter warnMsg = "provided value for parameter '%s' is empty. " % parameter
warnMsg += "Please, always use only valid parameter values " warnMsg += "Please, always use only valid parameter values "
warnMsg += "so sqlmap could be able to run properly" warnMsg += "so sqlmap will be able to run properly"
logger.warn(warnMsg) logger.warn(warnMsg)
if place in (PLACE.POST, PLACE.GET): if place in (PLACE.POST, PLACE.GET):

2
lib/core/target.py
View File

@ -249,7 +249,7 @@ def _setRequestParams():
if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _: if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
warnMsg = "it seems that you've provided empty parameter value(s) " warnMsg = "it seems that you've provided empty parameter value(s) "
warnMsg += "for testing. Please, always use only valid parameter values " warnMsg += "for testing. Please, always use only valid parameter values "
warnMsg += "so sqlmap could be able to run properly" warnMsg += "so sqlmap will be able to run properly"
logger.warn(warnMsg) logger.warn(warnMsg)
if not kb.processUserMarks: if not kb.processUserMarks:

6
lib/request/connect.py
View File

@ -146,9 +146,9 @@ class Connect(object):
if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME: if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME:
# timed based payloads can cause web server unresponsiveness # timed based payloads can cause web server unresponsiveness
# if the injectable piece of code is some kind of JOIN-like query # if the injectable piece of code is some kind of JOIN-like query
warnMsg = "most probably web server instance hasn't recovered yet " warnMsg = "most probable cause is that, the web server instance hasn't "
warnMsg += "from previous timed based payload. If the problem " warnMsg += "recovered yet from previous timed based payload. If the problem "
warnMsg += "persists please wait for few minutes and rerun " warnMsg += "persists please wait for a few minutes and rerun "
warnMsg += "without flag 'T' in option '--technique' " warnMsg += "without flag 'T' in option '--technique' "
warnMsg += "(e.g. '--flush-session --technique=BEUS') or try to " warnMsg += "(e.g. '--flush-session --technique=BEUS') or try to "
warnMsg += "lower the value of option '--time-sec' (e.g. '--time-sec=2')" warnMsg += "lower the value of option '--time-sec' (e.g. '--time-sec=2')"

8
lib/techniques/brute/use.py
View File

@ -70,8 +70,8 @@ def tableExists(tableFile, regex=None):
if result: if result:
errMsg = "can't use table existence check because of detected invalid results " errMsg = "can't use table existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection " errMsg += "(most probable cause is by inability of the used injection "
errMsg += "to distinguish errornous results)" errMsg += "to distinguish erroneous results)"
raise SqlmapDataException(errMsg) raise SqlmapDataException(errMsg)
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True) tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
@ -178,8 +178,8 @@ def columnExists(columnFile, regex=None):
if result: if result:
errMsg = "can't use column existence check because of detected invalid results " errMsg = "can't use column existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection " errMsg += "(most probable cause is by inability of the used injection "
errMsg += "to distinguish errornous results)" errMsg += "to distinguish erroneous results)"
raise SqlmapDataException(errMsg) raise SqlmapDataException(errMsg)
infoMsg = "checking column existence using items from '%s'" % columnFile infoMsg = "checking column existence using items from '%s'" % columnFile