From 90b145ee870535cc3d46e2dbb95de75dddb04e25 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 2 Dec 2021 17:01:02 +0100 Subject: [PATCH] Fixes #4895 --- lib/controller/checks.py | 64 ++++++++++++++---------------------- lib/controller/controller.py | 4 +-- lib/core/settings.py | 2 +- 3 files changed, 27 insertions(+), 43 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 18367575b..d62f0da66 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1340,44 +1340,6 @@ def checkStability(): return kb.pageStable -def checkString(): - if not conf.string: - return True - - infoMsg = "testing if the provided string is within the " - infoMsg += "target URL page content" - logger.info(infoMsg) - - page, headers, _ = Request.queryPage(content=True) - rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) - - if conf.string not in rawResponse: - warnMsg = "you provided '%s' as the string to " % conf.string - warnMsg += "match, but such a string is not within the target " - warnMsg += "URL raw response, sqlmap will carry on anyway" - logger.warn(warnMsg) - - return True - -def checkRegexp(): - if not conf.regexp: - return True - - infoMsg = "testing if the provided regular expression matches within " - infoMsg += "the target URL page content" - logger.info(infoMsg) - - page, headers, _ = Request.queryPage(content=True) - rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) - - if not re.search(conf.regexp, rawResponse, re.I | re.M): - warnMsg = "you provided '%s' as the regular expression " % conf.regexp - warnMsg += "which does not have any match within the target URL raw response. sqlmap " - warnMsg += "will carry on anyway" - logger.warn(warnMsg) - - return True - @stackedmethod def checkWaf(): """ @@ -1542,7 +1504,31 @@ def checkConnection(suppressOutput=False): try: kb.originalPageTime = time.time() - Request.queryPage(content=True, noteResponseTime=False) + page, headers, _ = Request.queryPage(content=True, noteResponseTime=False) + + rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) + + if conf.string: + infoMsg = "testing if the provided string is within the " + infoMsg += "target URL page content" + logger.info(infoMsg) + + if conf.string not in rawResponse: + warnMsg = "you provided '%s' as the string to " % conf.string + warnMsg += "match, but such a string is not within the target " + warnMsg += "URL raw response, sqlmap will carry on anyway" + logger.warn(warnMsg) + + if conf.regexp: + infoMsg = "testing if the provided regular expression matches within " + infoMsg += "the target URL page content" + logger.info(infoMsg) + + if not re.search(conf.regexp, rawResponse, re.I | re.M): + warnMsg = "you provided '%s' as the regular expression " % conf.regexp + warnMsg += "which does not have any match within the target URL raw response. sqlmap " + warnMsg += "will carry on anyway" + logger.warn(warnMsg) kb.errorIsNone = False diff --git a/lib/controller/controller.py b/lib/controller/controller.py index e17470839..f58fa294d 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -16,10 +16,8 @@ from lib.controller.checks import checkConnection from lib.controller.checks import checkDynParam from lib.controller.checks import checkInternet from lib.controller.checks import checkNullConnection -from lib.controller.checks import checkRegexp from lib.controller.checks import checkSqlInjection from lib.controller.checks import checkStability -from lib.controller.checks import checkString from lib.controller.checks import checkWaf from lib.controller.checks import heuristicCheckSqlInjection from lib.core.agent import agent @@ -434,7 +432,7 @@ def start(): setupTargetEnv() - if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp(): + if not checkConnection(suppressOutput=conf.forms): continue if conf.rParam and kb.originalPage: diff --git a/lib/core/settings.py b/lib/core/settings.py index e216f6f7e..f62e32d12 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.11.10" +VERSION = "1.5.12.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)