mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Refactoring regarding casting warnings
This commit is contained in:
parent
5e099144d3
commit
9564c8e8b1
|
@ -69,6 +69,7 @@ from lib.core.enums import NULLCONNECTION
|
|||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.enums import PLACE
|
||||
from lib.core.enums import REDIRECTION
|
||||
from lib.core.enums import WEB_PLATFORM
|
||||
from lib.core.exception import SqlmapConnectionException
|
||||
from lib.core.exception import SqlmapDataException
|
||||
from lib.core.exception import SqlmapNoneDataException
|
||||
|
@ -1052,9 +1053,19 @@ def heuristicCheckSqlInjection(place, parameter):
|
|||
kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE
|
||||
|
||||
if casting:
|
||||
errMsg = "possible %s casting " % ("integer" if origValue.isdigit() else "type")
|
||||
errMsg += "detected (e.g. \"$%s=intval($_REQUEST['%s'])\") " % (parameter, parameter)
|
||||
errMsg += "at the back-end web application"
|
||||
errMsg = "possible %s casting detected (e.g. '" % ("integer" if origValue.isdigit() else "type")
|
||||
|
||||
platform = conf.url.split('.')[-1].lower()
|
||||
if platform == WEB_PLATFORM.ASP:
|
||||
errMsg += "%s=CInt(request.querystring(\"%s\"))" % (parameter, parameter)
|
||||
elif platform == WEB_PLATFORM.ASPX:
|
||||
errMsg += "int.TryParse(Request.QueryString[\"%s\"], out %s)" % (parameter, parameter)
|
||||
elif platform == WEB_PLATFORM.JSP:
|
||||
errMsg += "%s=Integer.parseInt(request.getParameter(\"%s\"))" % (parameter, parameter)
|
||||
else:
|
||||
errMsg += "$%s=intval($_REQUEST[\"%s\"])" % (parameter, parameter)
|
||||
|
||||
errMsg += "') at the back-end web application"
|
||||
logger.error(errMsg)
|
||||
|
||||
if kb.ignoreCasted is None:
|
||||
|
|
|
@ -310,7 +310,7 @@ class ADJUST_TIME_DELAY:
|
|||
NO = 0
|
||||
YES = 1
|
||||
|
||||
class WEB_API:
|
||||
class WEB_PLATFORM:
|
||||
PHP = "php"
|
||||
ASP = "asp"
|
||||
ASPX = "aspx"
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.2.12.35"
|
||||
VERSION = "1.2.12.36"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
@ -687,7 +687,7 @@ MAX_HELP_OPTION_LENGTH = 18
|
|||
MAX_CONNECT_RETRIES = 100
|
||||
|
||||
# Strings for detecting formatting errors
|
||||
FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "is not of type numeric", "<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type", "invalid number", "character to number conversion error", "unable to interpret text value", "String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ", "InvalidDataException")
|
||||
FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Please enter a", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "is not of type numeric", "<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type", "invalid number", "character to number conversion error", "unable to interpret text value", "String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ", "InvalidDataException")
|
||||
|
||||
# Regular expression used for extracting ASP.NET view state values
|
||||
VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'
|
||||
|
|
|
@ -78,7 +78,7 @@ from lib.core.enums import PAYLOAD
|
|||
from lib.core.enums import PLACE
|
||||
from lib.core.enums import POST_HINT
|
||||
from lib.core.enums import REDIRECTION
|
||||
from lib.core.enums import WEB_API
|
||||
from lib.core.enums import WEB_PLATFORM
|
||||
from lib.core.exception import SqlmapCompressionException
|
||||
from lib.core.exception import SqlmapConnectionException
|
||||
from lib.core.exception import SqlmapGenericException
|
||||
|
@ -889,7 +889,7 @@ class Connect(object):
|
|||
postUrlEncode = False
|
||||
|
||||
if conf.hpp:
|
||||
if not any(conf.url.lower().endswith(_.lower()) for _ in (WEB_API.ASP, WEB_API.ASPX)):
|
||||
if not any(conf.url.lower().endswith(_.lower()) for _ in (WEB_PLATFORM.ASP, WEB_PLATFORM.ASPX)):
|
||||
warnMsg = "HTTP parameter pollution should work only against "
|
||||
warnMsg += "ASP(.NET) targets"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
|
|
@ -43,7 +43,7 @@ from lib.core.enums import HTTP_HEADER
|
|||
from lib.core.enums import OS
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.enums import PLACE
|
||||
from lib.core.enums import WEB_API
|
||||
from lib.core.enums import WEB_PLATFORM
|
||||
from lib.core.exception import SqlmapNoneDataException
|
||||
from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT
|
||||
from lib.core.settings import EVENTVALIDATION_REGEX
|
||||
|
@ -60,7 +60,7 @@ class Web:
|
|||
"""
|
||||
|
||||
def __init__(self):
|
||||
self.webApi = None
|
||||
self.webPlatform = None
|
||||
self.webBaseUrl = None
|
||||
self.webBackdoorUrl = None
|
||||
self.webBackdoorFilePath = None
|
||||
|
@ -109,14 +109,14 @@ class Web:
|
|||
except TypeError:
|
||||
pass
|
||||
|
||||
if self.webApi in getPublicTypeMembers(WEB_API, True):
|
||||
if self.webPlatform in getPublicTypeMembers(WEB_PLATFORM, True):
|
||||
multipartParams = {
|
||||
"upload": "1",
|
||||
"file": stream,
|
||||
"uploadDir": directory,
|
||||
}
|
||||
|
||||
if self.webApi == WEB_API.ASPX:
|
||||
if self.webPlatform == WEB_PLATFORM.ASPX:
|
||||
multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION
|
||||
multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE
|
||||
|
||||
|
@ -130,7 +130,7 @@ class Web:
|
|||
else:
|
||||
return True
|
||||
else:
|
||||
logger.error("sqlmap hasn't got a web backdoor nor a web file stager for %s" % self.webApi)
|
||||
logger.error("sqlmap hasn't got a web backdoor nor a web file stager for %s" % self.webPlatform)
|
||||
return False
|
||||
|
||||
def _webFileInject(self, fileContent, fileName, directory):
|
||||
|
@ -158,13 +158,13 @@ class Web:
|
|||
remote directory within the web server document root.
|
||||
"""
|
||||
|
||||
if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webApi is not None:
|
||||
if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webPlatform is not None:
|
||||
return
|
||||
|
||||
self.checkDbmsOs()
|
||||
|
||||
default = None
|
||||
choices = list(getPublicTypeMembers(WEB_API, True))
|
||||
choices = list(getPublicTypeMembers(WEB_PLATFORM, True))
|
||||
|
||||
for ext in choices:
|
||||
if conf.url.endswith(ext):
|
||||
|
@ -172,7 +172,7 @@ class Web:
|
|||
break
|
||||
|
||||
if not default:
|
||||
default = WEB_API.ASP if Backend.isOs(OS.WINDOWS) else WEB_API.PHP
|
||||
default = WEB_PLATFORM.ASP if Backend.isOs(OS.WINDOWS) else WEB_PLATFORM.PHP
|
||||
|
||||
message = "which web application language does the web server "
|
||||
message += "support?\n"
|
||||
|
@ -196,7 +196,7 @@ class Web:
|
|||
logger.warn("invalid value, it must be between 1 and %d" % len(choices))
|
||||
|
||||
else:
|
||||
self.webApi = choices[int(choice) - 1]
|
||||
self.webPlatform = choices[int(choice) - 1]
|
||||
break
|
||||
|
||||
if not kb.absFilePaths:
|
||||
|
@ -266,16 +266,16 @@ class Web:
|
|||
_.append("%s/%s" % (directory.rstrip('/'), path.strip('/')))
|
||||
directories = _
|
||||
|
||||
backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
|
||||
backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.%s_" % self.webApi))
|
||||
backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webPlatform)
|
||||
backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.%s_" % self.webPlatform))
|
||||
|
||||
stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi))
|
||||
stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform))
|
||||
|
||||
for directory in directories:
|
||||
if not directory:
|
||||
continue
|
||||
|
||||
stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
|
||||
stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform)
|
||||
self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)
|
||||
|
||||
uploaded = False
|
||||
|
@ -317,14 +317,14 @@ class Web:
|
|||
infoMsg += "via UNION method"
|
||||
logger.info(infoMsg)
|
||||
|
||||
stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
|
||||
stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform)
|
||||
self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)
|
||||
|
||||
handle, filename = tempfile.mkstemp()
|
||||
os.close(handle)
|
||||
|
||||
with open(filename, "w+b") as f:
|
||||
_ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi))
|
||||
_ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform))
|
||||
_ = _.replace(SHELL_WRITABLE_DIR_TAG, utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory))
|
||||
f.write(_)
|
||||
|
||||
|
@ -353,7 +353,7 @@ class Web:
|
|||
logger.warn(warnMsg)
|
||||
continue
|
||||
|
||||
elif self.webApi == WEB_API.ASPX:
|
||||
elif self.webPlatform == WEB_PLATFORM.ASPX:
|
||||
kb.data.__EVENTVALIDATION = extractRegexResult(EVENTVALIDATION_REGEX, uplPage)
|
||||
kb.data.__VIEWSTATE = extractRegexResult(VIEWSTATE_REGEX, uplPage)
|
||||
|
||||
|
@ -361,7 +361,7 @@ class Web:
|
|||
infoMsg += "on '%s' - %s" % (directory, self.webStagerUrl)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if self.webApi == WEB_API.ASP:
|
||||
if self.webPlatform == WEB_PLATFORM.ASP:
|
||||
match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
|
||||
|
||||
if match:
|
||||
|
|
|
@ -23,7 +23,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py
|
|||
1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py
|
||||
c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py
|
||||
3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py
|
||||
0f0feede9750be810d2b8a7ab159b7b0 lib/controller/checks.py
|
||||
d4582467b0735525d8d8bdc0396ec87f lib/controller/checks.py
|
||||
197bdf07f8ea15ecc7e0dafea4f9ae2f lib/controller/controller.py
|
||||
988b548f6578adf9cec17afdeee8291c lib/controller/handler.py
|
||||
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
|
||||
|
@ -37,7 +37,7 @@ c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py
|
|||
fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py
|
||||
ac7c070b2726d39fbac1916b1a5f92b2 lib/core/dicts.py
|
||||
760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py
|
||||
0cf974cf4ff3b96e1a349a12e39f4693 lib/core/enums.py
|
||||
5b6999c4b78180961e9f33e172d4dd66 lib/core/enums.py
|
||||
cada93357a7321655927fc9625b3bfec lib/core/exception.py
|
||||
1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py
|
||||
458a194764805cd8312c14ecd4be4d1e lib/core/log.py
|
||||
|
@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
|
|||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||
08295f121daafa4c20282201861422cb lib/core/settings.py
|
||||
3afa2b42741332ce14a8c98befcfdff7 lib/core/settings.py
|
||||
a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py
|
||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||
1581be48127a3a7a9fd703359b6e7567 lib/core/target.py
|
||||
|
@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py
|
|||
30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py
|
||||
2b81435f5a7519298c15c724e3194a0d lib/request/basic.py
|
||||
859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py
|
||||
40c4cc791ec657b612ccecf5b3241651 lib/request/connect.py
|
||||
7ec820ec27161208a8411d81ec48161a lib/request/connect.py
|
||||
dd4598675027fae99f2e2475b05986da lib/request/direct.py
|
||||
2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py
|
||||
98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py
|
||||
|
@ -88,7 +88,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py
|
|||
4bf186a747e1a0c4ed5127ef064c3920 lib/takeover/metasploit.py
|
||||
fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py
|
||||
6a49f359b922df0247eb236126596336 lib/takeover/udf.py
|
||||
a3d07df8a780c668a11f06be42014cdc lib/takeover/web.py
|
||||
ce8524022df29602f3d6c3c41f938ad4 lib/takeover/web.py
|
||||
debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py
|
||||
db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py
|
||||
1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user