This commit is contained in:
Miroslav Stampar 2021-12-02 17:01:02 +01:00
parent b185b5e989
commit 90b145ee87
3 changed files with 27 additions and 43 deletions

View File

@ -1340,44 +1340,6 @@ def checkStability():
return kb.pageStable return kb.pageStable
def checkString():
if not conf.string:
return True
infoMsg = "testing if the provided string is within the "
infoMsg += "target URL page content"
logger.info(infoMsg)
page, headers, _ = Request.queryPage(content=True)
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
if conf.string not in rawResponse:
warnMsg = "you provided '%s' as the string to " % conf.string
warnMsg += "match, but such a string is not within the target "
warnMsg += "URL raw response, sqlmap will carry on anyway"
logger.warn(warnMsg)
return True
def checkRegexp():
if not conf.regexp:
return True
infoMsg = "testing if the provided regular expression matches within "
infoMsg += "the target URL page content"
logger.info(infoMsg)
page, headers, _ = Request.queryPage(content=True)
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
if not re.search(conf.regexp, rawResponse, re.I | re.M):
warnMsg = "you provided '%s' as the regular expression " % conf.regexp
warnMsg += "which does not have any match within the target URL raw response. sqlmap "
warnMsg += "will carry on anyway"
logger.warn(warnMsg)
return True
@stackedmethod @stackedmethod
def checkWaf(): def checkWaf():
""" """
@ -1542,7 +1504,31 @@ def checkConnection(suppressOutput=False):
try: try:
kb.originalPageTime = time.time() kb.originalPageTime = time.time()
Request.queryPage(content=True, noteResponseTime=False) page, headers, _ = Request.queryPage(content=True, noteResponseTime=False)
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
if conf.string:
infoMsg = "testing if the provided string is within the "
infoMsg += "target URL page content"
logger.info(infoMsg)
if conf.string not in rawResponse:
warnMsg = "you provided '%s' as the string to " % conf.string
warnMsg += "match, but such a string is not within the target "
warnMsg += "URL raw response, sqlmap will carry on anyway"
logger.warn(warnMsg)
if conf.regexp:
infoMsg = "testing if the provided regular expression matches within "
infoMsg += "the target URL page content"
logger.info(infoMsg)
if not re.search(conf.regexp, rawResponse, re.I | re.M):
warnMsg = "you provided '%s' as the regular expression " % conf.regexp
warnMsg += "which does not have any match within the target URL raw response. sqlmap "
warnMsg += "will carry on anyway"
logger.warn(warnMsg)
kb.errorIsNone = False kb.errorIsNone = False

View File

@ -16,10 +16,8 @@ from lib.controller.checks import checkConnection
from lib.controller.checks import checkDynParam from lib.controller.checks import checkDynParam
from lib.controller.checks import checkInternet from lib.controller.checks import checkInternet
from lib.controller.checks import checkNullConnection from lib.controller.checks import checkNullConnection
from lib.controller.checks import checkRegexp
from lib.controller.checks import checkSqlInjection from lib.controller.checks import checkSqlInjection
from lib.controller.checks import checkStability from lib.controller.checks import checkStability
from lib.controller.checks import checkString
from lib.controller.checks import checkWaf from lib.controller.checks import checkWaf
from lib.controller.checks import heuristicCheckSqlInjection from lib.controller.checks import heuristicCheckSqlInjection
from lib.core.agent import agent from lib.core.agent import agent
@ -434,7 +432,7 @@ def start():
setupTargetEnv() setupTargetEnv()
if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp(): if not checkConnection(suppressOutput=conf.forms):
continue continue
if conf.rParam and kb.originalPage: if conf.rParam and kb.originalPage:

View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.5.11.10" VERSION = "1.5.12.0"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)