From 8fda828bc909ca6d41225fb1080e3dce71114499 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 18 Jul 2019 11:27:00 +0200 Subject: [PATCH] Minor refactoring --- lib/core/agent.py | 9 +++++---- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- lib/request/inject.py | 6 +++--- lib/takeover/web.py | 3 ++- lib/techniques/blind/inference.py | 13 +++++++------ lib/techniques/error/use.py | 3 ++- 7 files changed, 21 insertions(+), 17 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 577e856ae..488ba7a8c 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -13,6 +13,7 @@ from lib.core.common import extractRegexResult from lib.core.common import filterNone from lib.core.common import getSQLSnippet from lib.core.common import getTechnique +from lib.core.common import getTechniqueData from lib.core.common import isDBMSVersionAtLeast from lib.core.common import isNumber from lib.core.common import isTechniqueAvailable @@ -91,7 +92,7 @@ class Agent(object): if kb.forceWhere: where = kb.forceWhere elif where is None and isTechniqueAvailable(getTechnique()): - where = kb.injection.data[getTechnique()].where + where = getTechniqueData().where if kb.injection.place is not None: place = kb.injection.place @@ -236,7 +237,7 @@ class Agent(object): query = None if where is None and getTechnique() is not None and getTechnique() in kb.injection.data: - where = kb.injection.data[getTechnique()].where + where = getTechniqueData().where # If we are replacing () the parameter original value with # our payload do not prepend with the prefix @@ -284,8 +285,8 @@ class Agent(object): suffix = kb.injection.suffix if kb.injection and suffix is None else suffix if getTechnique() is not None and getTechnique() in kb.injection.data: - where = kb.injection.data[getTechnique()].where if where is None else where - comment = kb.injection.data[getTechnique()].comment if comment is None else comment + where = getTechniqueData().where if where is None else where + comment = getTechniqueData().comment if comment is None else comment if Backend.getIdentifiedDbms() == DBMS.ACCESS and any((comment or "").startswith(_) for _ in ("--", "[GENERIC_SQL_COMMENT]")): comment = queries[DBMS.ACCESS].comment.query diff --git a/lib/core/common.py b/lib/core/common.py index ab08b5e9f..f4aa3d5ae 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3222,7 +3222,7 @@ def getTechniqueData(technique=None): Returns injection data for technique specified """ - return kb.injection.data.get(technique) + return kb.injection.data.get(technique if technique is not None else getTechnique()) def isTechniqueAvailable(technique): """ diff --git a/lib/core/settings.py b/lib/core/settings.py index b84ce06b9..155458b40 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.7.30" +VERSION = "1.3.7.31" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/inject.py b/lib/request/inject.py index 865d373e1..4d686c08b 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -164,7 +164,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char initTechnique(getTechnique()) - query = agent.prefixQuery(kb.injection.data[getTechnique()].vector) + query = agent.prefixQuery(getTechniqueData().vector) query = agent.suffixQuery(query) payload = agent.payload(newValue=query) count = None @@ -312,7 +312,7 @@ def _goBooleanProxy(expression): initTechnique(getTechnique()) if conf.dnsDomain: - query = agent.prefixQuery(kb.injection.data[getTechnique()].vector) + query = agent.prefixQuery(getTechniqueData().vector) query = agent.suffixQuery(query) payload = agent.payload(newValue=query) output = _goDns(payload, expression) @@ -320,7 +320,7 @@ def _goBooleanProxy(expression): if output is not None: return output - vector = kb.injection.data[getTechnique()].vector + vector = getTechniqueData().vector vector = vector.replace(INFERENCE_MARKER, expression) query = agent.prefixQuery(vector) query = agent.suffixQuery(query) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 1a12e3cb0..0a583b7f8 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -21,6 +21,7 @@ from lib.core.common import getManualDirectories from lib.core.common import getPublicTypeMembers from lib.core.common import getSQLSnippet from lib.core.common import getTechnique +from lib.core.common import getTechniqueData from lib.core.common import isTechniqueAvailable from lib.core.common import isWindowsDriveLetterPath from lib.core.common import normalizePath @@ -149,7 +150,7 @@ class Web(object): query = "" if isTechniqueAvailable(getTechnique()): - where = kb.injection.data[getTechnique()].where + where = getTechniqueData().where if where == PAYLOAD.WHERE.NEGATIVE: randInt = randomInt() diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index d827f939d..c52adc224 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -23,6 +23,7 @@ from lib.core.common import getCharset from lib.core.common import getCounter from lib.core.common import getPartRun from lib.core.common import getTechnique +from lib.core.common import getTechniqueData from lib.core.common import goGoodSamaritan from lib.core.common import hashDBRetrieve from lib.core.common import hashDBWrite @@ -229,10 +230,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None result = not Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) - if result and timeBasedCompare and kb.injection.data[getTechnique()].trueCode: - result = threadData.lastCode == kb.injection.data[getTechnique()].trueCode + if result and timeBasedCompare and getTechniqueData().trueCode: + result = threadData.lastCode == getTechniqueData().trueCode if not result: - warnMsg = "detected HTTP code '%s' in validation phase is differing from expected '%s'" % (threadData.lastCode, kb.injection.data[getTechnique()].trueCode) + warnMsg = "detected HTTP code '%s' in validation phase is differing from expected '%s'" % (threadData.lastCode, getTechniqueData().trueCode) singleTimeWarnMessage(warnMsg) incrementCounter(getTechnique()) @@ -342,7 +343,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None incrementCounter(getTechnique()) if not timeBasedCompare: - unexpectedCode |= threadData.lastCode not in (kb.injection.data[getTechnique()].falseCode, kb.injection.data[getTechnique()].trueCode) + unexpectedCode |= threadData.lastCode not in (getTechniqueData().falseCode, getTechniqueData().trueCode) if unexpectedCode: warnMsg = "unexpected HTTP code '%s' detected. Will use (extra) validation step in similar cases" % threadData.lastCode singleTimeWarnMessage(warnMsg) @@ -570,7 +571,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None # One-shot query containing equals commonValue testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False) - query = kb.injection.data[getTechnique()].vector + query = getTechniqueData().vector query = agent.prefixQuery(query.replace(INFERENCE_MARKER, "(%s)%s%s" % (expressionUnescaped, INFERENCE_EQUALS_CHAR, testValue))) query = agent.suffixQuery(query) @@ -594,7 +595,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern)) testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False) - query = kb.injection.data[getTechnique()].vector + query = getTechniqueData().vector query = agent.prefixQuery(query.replace(INFERENCE_MARKER, "(%s)=%s" % (subquery, testValue))) query = agent.suffixQuery(query) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index e9939d7e4..16a19d721 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -22,6 +22,7 @@ from lib.core.common import firstNotNone from lib.core.common import getConsoleWidth from lib.core.common import getPartRun from lib.core.common import getTechnique +from lib.core.common import getTechniqueData from lib.core.common import hashDBRetrieve from lib.core.common import hashDBWrite from lib.core.common import incrementCounter @@ -124,7 +125,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, kb.errorChunkLength) # Forge the error-based SQL injection request - vector = kb.injection.data[getTechnique()].vector + vector = getTechniqueData().vector query = agent.prefixQuery(vector) query = agent.suffixQuery(query) injExpression = expression.replace(field, nulledCastedField, 1) if field else expression