sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-23 19:34:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix (causing search problems)

Browse Source
This commit is contained in:
Miroslav Stampar 2013-02-01 11:24:17 +01:00
parent 6d942f92b5
commit 993372aae4
1 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lib/controller/checks.py
View File

@ -444,10 +444,7 @@ def checkSqlInjection(place, parameter, value):
configUnion(test.request.char, test.request.columns) configUnion(test.request.char, test.request.columns)
if not Backend.getIdentifiedDbms(): if not Backend.getIdentifiedDbms():
if not kb.heuristicDbms: if kb.heuristicDbms in (None, UNKNOWN_DBMS):
kb.heuristicDbms = heuristicCheckDbms(injection) or UNKNOWN_DBMS
if kb.heuristicDbms == UNKNOWN_DBMS:
warnMsg = "using unescaped version of the test " warnMsg = "using unescaped version of the test "
warnMsg += "because of zero knowledge of the " warnMsg += "because of zero knowledge of the "
warnMsg += "back-end DBMS. You can try to " warnMsg += "back-end DBMS. You can try to "
@ -552,6 +549,14 @@ def checkSqlInjection(place, parameter, value):
# Reset forced back-end DBMS value # Reset forced back-end DBMS value
Backend.flushForcedDbms() Backend.flushForcedDbms()
if len(injection.data) == 1 and PAYLOAD.TECHNIQUE.BOOLEAN in injection.data:
if not Backend.getIdentifiedDbms() and kb.heuristicDbms in (None, UNKNOWN_DBMS):
kb.heuristicDbms = heuristicCheckDbms(injection) or UNKNOWN_DBMS
if Backend.getIdentifiedDbms() or kb.heuristicDbms not in (None, UNKNOWN_DBMS):
#do you want to extend <- one time question!!!!!!!!!! (mirek)
pass
except KeyboardInterrupt: except KeyboardInterrupt:
warnMsg = "user aborted during detection phase" warnMsg = "user aborted during detection phase"
logger.warn(warnMsg) logger.warn(warnMsg)
@ -594,21 +599,20 @@ def checkSqlInjection(place, parameter, value):
def heuristicCheckDbms(injection): def heuristicCheckDbms(injection):
retVal = None retVal = None
if not Backend.getIdentifiedDbms() and len(injection.data) == 1 and PAYLOAD.TECHNIQUE.BOOLEAN in injection.data: pushValue(kb.injection)
pushValue(kb.injection) kb.injection = injection
kb.injection = injection randStr1, randStr2 = randomStr(), randomStr()
randStr1, randStr2 = randomStr(), randomStr()
for dbms in getPublicTypeMembers(DBMS, True): for dbms in getPublicTypeMembers(DBMS, True):
Backend.forceDbms(dbms) Backend.forceDbms(dbms)
if checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr1)): if checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr1)):
if not checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr2)): if not checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr2)):
retVal = dbms retVal = dbms
break break
Backend.flushForcedDbms() Backend.flushForcedDbms()
kb.injection = popValue() kb.injection = popValue()
if retVal: if retVal:
infoMsg = "heuristic test showed that the back-end DBMS " infoMsg = "heuristic test showed that the back-end DBMS "