mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Fixes #4895
This commit is contained in:
parent
b185b5e989
commit
90b145ee87
|
@ -1340,44 +1340,6 @@ def checkStability():
|
||||||
|
|
||||||
return kb.pageStable
|
return kb.pageStable
|
||||||
|
|
||||||
def checkString():
|
|
||||||
if not conf.string:
|
|
||||||
return True
|
|
||||||
|
|
||||||
infoMsg = "testing if the provided string is within the "
|
|
||||||
infoMsg += "target URL page content"
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
page, headers, _ = Request.queryPage(content=True)
|
|
||||||
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
|
|
||||||
|
|
||||||
if conf.string not in rawResponse:
|
|
||||||
warnMsg = "you provided '%s' as the string to " % conf.string
|
|
||||||
warnMsg += "match, but such a string is not within the target "
|
|
||||||
warnMsg += "URL raw response, sqlmap will carry on anyway"
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
|
|
||||||
return True
|
|
||||||
|
|
||||||
def checkRegexp():
|
|
||||||
if not conf.regexp:
|
|
||||||
return True
|
|
||||||
|
|
||||||
infoMsg = "testing if the provided regular expression matches within "
|
|
||||||
infoMsg += "the target URL page content"
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
page, headers, _ = Request.queryPage(content=True)
|
|
||||||
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
|
|
||||||
|
|
||||||
if not re.search(conf.regexp, rawResponse, re.I | re.M):
|
|
||||||
warnMsg = "you provided '%s' as the regular expression " % conf.regexp
|
|
||||||
warnMsg += "which does not have any match within the target URL raw response. sqlmap "
|
|
||||||
warnMsg += "will carry on anyway"
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
|
|
||||||
return True
|
|
||||||
|
|
||||||
@stackedmethod
|
@stackedmethod
|
||||||
def checkWaf():
|
def checkWaf():
|
||||||
"""
|
"""
|
||||||
|
@ -1542,7 +1504,31 @@ def checkConnection(suppressOutput=False):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
kb.originalPageTime = time.time()
|
kb.originalPageTime = time.time()
|
||||||
Request.queryPage(content=True, noteResponseTime=False)
|
page, headers, _ = Request.queryPage(content=True, noteResponseTime=False)
|
||||||
|
|
||||||
|
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
|
||||||
|
|
||||||
|
if conf.string:
|
||||||
|
infoMsg = "testing if the provided string is within the "
|
||||||
|
infoMsg += "target URL page content"
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
if conf.string not in rawResponse:
|
||||||
|
warnMsg = "you provided '%s' as the string to " % conf.string
|
||||||
|
warnMsg += "match, but such a string is not within the target "
|
||||||
|
warnMsg += "URL raw response, sqlmap will carry on anyway"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
|
if conf.regexp:
|
||||||
|
infoMsg = "testing if the provided regular expression matches within "
|
||||||
|
infoMsg += "the target URL page content"
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
if not re.search(conf.regexp, rawResponse, re.I | re.M):
|
||||||
|
warnMsg = "you provided '%s' as the regular expression " % conf.regexp
|
||||||
|
warnMsg += "which does not have any match within the target URL raw response. sqlmap "
|
||||||
|
warnMsg += "will carry on anyway"
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
kb.errorIsNone = False
|
kb.errorIsNone = False
|
||||||
|
|
||||||
|
|
|
@ -16,10 +16,8 @@ from lib.controller.checks import checkConnection
|
||||||
from lib.controller.checks import checkDynParam
|
from lib.controller.checks import checkDynParam
|
||||||
from lib.controller.checks import checkInternet
|
from lib.controller.checks import checkInternet
|
||||||
from lib.controller.checks import checkNullConnection
|
from lib.controller.checks import checkNullConnection
|
||||||
from lib.controller.checks import checkRegexp
|
|
||||||
from lib.controller.checks import checkSqlInjection
|
from lib.controller.checks import checkSqlInjection
|
||||||
from lib.controller.checks import checkStability
|
from lib.controller.checks import checkStability
|
||||||
from lib.controller.checks import checkString
|
|
||||||
from lib.controller.checks import checkWaf
|
from lib.controller.checks import checkWaf
|
||||||
from lib.controller.checks import heuristicCheckSqlInjection
|
from lib.controller.checks import heuristicCheckSqlInjection
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
|
@ -434,7 +432,7 @@ def start():
|
||||||
|
|
||||||
setupTargetEnv()
|
setupTargetEnv()
|
||||||
|
|
||||||
if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp():
|
if not checkConnection(suppressOutput=conf.forms):
|
||||||
continue
|
continue
|
||||||
|
|
||||||
if conf.rParam and kb.originalPage:
|
if conf.rParam and kb.originalPage:
|
||||||
|
|
|
@ -20,7 +20,7 @@ from thirdparty import six
|
||||||
from thirdparty.six import unichr as _unichr
|
from thirdparty.six import unichr as _unichr
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.5.11.10"
|
VERSION = "1.5.12.0"
|
||||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user