diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 62b0004d7..69aa96e6c 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -552,7 +552,7 @@ def checkSqlInjection(place, parameter, value): # Perform the test's request and grep the response # body for the test's regular expression try: - page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False) + page, headers, _ = Request.queryPage(reqPayload, place, content=True, raise404=False) output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \ or extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None, re.DOTALL | re.IGNORECASE) \ or extractRegexResult(check, listToStrValue([headers[key] for key in headers.keys() if key.lower() != URI_HTTP_HEADER.lower()] if headers else None), re.DOTALL | re.IGNORECASE) \ @@ -959,7 +959,7 @@ def heuristicCheckSqlInjection(place, parameter): payload = "%s%s%s" % (prefix, randStr, suffix) payload = agent.payload(place, parameter, newValue=payload) - page, _ = Request.queryPage(payload, place, content=True, raise404=False) + page, _, _ = Request.queryPage(payload, place, content=True, raise404=False) kb.heuristicPage = page kb.heuristicMode = False @@ -1015,7 +1015,7 @@ def heuristicCheckSqlInjection(place, parameter): value = "%s%s%s" % (randStr1, DUMMY_NON_SQLI_CHECK_APPENDIX, randStr2) payload = "%s%s%s" % (prefix, "'%s" % value, suffix) payload = agent.payload(place, parameter, newValue=payload) - page, _ = Request.queryPage(payload, place, content=True, raise404=False) + page, _, _ = Request.queryPage(payload, place, content=True, raise404=False) paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place @@ -1124,7 +1124,7 @@ def checkDynamicContent(firstPage, secondPage): warnMsg += ". sqlmap is going to retry the request" logger.critical(warnMsg) - secondPage, _ = Request.queryPage(content=True) + secondPage, _, _ = Request.queryPage(content=True) findDynamicContent(firstPage, secondPage) def checkStability(): @@ -1147,7 +1147,7 @@ def checkStability(): delay = max(0, min(1, delay)) time.sleep(delay) - secondPage, _ = Request.queryPage(content=True, noteResponseTime=False, raise404=False) + secondPage, _, _ = Request.queryPage(content=True, noteResponseTime=False, raise404=False) if kb.redirectChoice: return None @@ -1229,7 +1229,7 @@ def checkString(): infoMsg += "target URL page content" logger.info(infoMsg) - page, headers = Request.queryPage(content=True) + page, headers, _ = Request.queryPage(content=True) rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) if conf.string not in rawResponse: @@ -1248,7 +1248,7 @@ def checkRegexp(): infoMsg += "the target URL page content" logger.info(infoMsg) - page, headers = Request.queryPage(content=True) + page, headers, _ = Request.queryPage(content=True) rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) if not re.search(conf.regexp, rawResponse, re.I | re.M): @@ -1455,7 +1455,7 @@ def checkConnection(suppressOutput=False): try: kb.originalPageTime = time.time() - page, headers = Request.queryPage(content=True, noteResponseTime=False) + page, headers, _ = Request.queryPage(content=True, noteResponseTime=False) kb.originalPage = kb.pageTemplate = page kb.errorIsNone = False diff --git a/lib/core/option.py b/lib/core/option.py index b5afa448e..6edf99628 100755 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -628,7 +628,7 @@ def _findPageForms(): logger.info(infoMsg) if not any((conf.bulkFile, conf.googleDork, conf.sitemapUrl)): - page, _ = Request.queryPage(content=True) + page, _, _ = Request.queryPage(content=True) findPageForms(page, conf.url, True, True) else: if conf.bulkFile: diff --git a/lib/core/settings.py b/lib/core/settings.py index 8802eed04..bb31b7ff4 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.1.6.2" +VERSION = "1.1.6.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index bfc82ce74..60204c856 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1227,7 +1227,7 @@ class Connect(object): kb.permissionFlag = re.search(PERMISSION_DENIED_REGEX, page or "", re.I) is not None if content or response: - return page, headers + return page, headers, code if getRatioValue: return comparison(page, headers, code, getRatioValue=False, pageLength=pageLength), comparison(page, headers, code, getRatioValue=True, pageLength=pageLength) diff --git a/lib/request/templates.py b/lib/request/templates.py index 36c17e60c..0fb74f966 100644 --- a/lib/request/templates.py +++ b/lib/request/templates.py @@ -13,7 +13,7 @@ def getPageTemplate(payload, place): if payload and place: if (payload, place) not in kb.pageTemplates: - page, _ = Request.queryPage(payload, place, content=True, raise404=False) + page, _, _ = Request.queryPage(payload, place, content=True, raise404=False) kb.pageTemplates[(payload, place)] = (page, kb.lastParserStatus is None) retVal = kb.pageTemplates[(payload, place)] diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 3d2f8389d..73b9fe707 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -232,7 +232,7 @@ class Web: if place in conf.parameters: value = re.sub(r"(\A|&)(\w+)=", "\g<2>[]=", conf.parameters[place]) if "[]" in value: - page, headers = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False) + page, headers, _ = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False) parseFilePaths(page) cookie = None @@ -244,12 +244,12 @@ class Web: if cookie: value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cookie) if value != cookie: - page, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False) + page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False) parseFilePaths(page) value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=", cookie) if value != cookie: - page, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False) + page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False) parseFilePaths(page) directories = list(arrayizeValue(getManualDirectories())) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 3b41a8bff..142bd2e39 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -121,7 +121,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): payload = agent.payload(newValue=injExpression) # Perform the request - page, headers = Request.queryPage(payload, content=True, raise404=False) + page, headers, _ = Request.queryPage(payload, content=True, raise404=False) incrementCounter(kb.technique) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 19c41801a..ac0472155 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -53,8 +53,8 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where= query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix) query = agent.suffixQuery(query, suffix=suffix, comment=comment) payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where) - page, headers = Request.queryPage(payload, place=place, content=True, raise404=False) - return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers) or re.search(r"data types cannot be compared or sorted", page or "", re.I) + page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) + return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) if _orderByTest(1) and not _orderByTest(randomInt()): infoMsg = "'ORDER BY' technique appears to be usable. " @@ -105,10 +105,10 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where= for count in xrange(lowerCount, upperCount + 1): query = agent.forgeUnionQuery('', -1, count, comment, prefix, suffix, kb.uChar, where) payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) - page, headers = Request.queryPage(payload, place=place, content=True, raise404=False) + page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) if not isNullValue(kb.uChar): pages[count] = page - ratio = comparison(page, headers, getRatioValue=True) or MIN_RATIO + ratio = comparison(page, headers, code, getRatioValue=True) or MIN_RATIO ratios.append(ratio) min_, max_ = min(min_, ratio), max(max_, ratio) items.append((count, ratio)) @@ -187,7 +187,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) # Perform the request - page, headers = Request.queryPage(payload, place=place, content=True, raise404=False) + page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False) content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \ removeReflectiveValues(listToStrValue(headers.headers if headers else None), \ payload, True) or "") @@ -209,7 +209,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) # Perform the request - page, headers = Request.queryPage(payload, place=place, content=True, raise404=False) + page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False) content = "%s%s".lower() % (page or "", listToStrValue(headers.headers if headers else None) or "") if not all(_ in content for _ in (phrase, phrase2)): @@ -222,7 +222,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where) # Perform the request - page, headers = Request.queryPage(payload, place=place, content=True, raise404=False) + page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False) content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \ removeReflectiveValues(listToStrValue(headers.headers if headers else None), \ payload, True) or "") diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 14f5d9c00..6e61d933f 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -81,7 +81,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): payload = agent.payload(newValue=query, where=where) # Perform the request - page, headers = Request.queryPage(payload, content=True, raise404=False) + page, headers, _ = Request.queryPage(payload, content=True, raise404=False) incrementCounter(PAYLOAD.TECHNIQUE.UNION) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 368d04507..21d108250 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32. 310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py 7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py 7afe836fd97271ccba67b4c0da2482ff lib/controller/action.py -fec857280fd553ee7e9b49fdfe104402 lib/controller/checks.py +cc6623fc0a9790818317653b9463a96d lib/controller/checks.py 130d1c16708668b8d89605b6b5b38bf5 lib/controller/controller.py 52a3969f57170e935e3fc0156335bf2c lib/controller/handler.py 310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py @@ -40,13 +40,13 @@ b9ff4e622c416116bee6024c0f050349 lib/core/enums.py 310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py 9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py edcfce0850771e6454acef244d5c5760 lib/core/optiondict.py -d85f2f63ffcb6135400339f9a7595a7b lib/core/option.py +9eb46811650036aac410b3dde20a86f4 lib/core/option.py 5f2f56e6c5f274408df61943f1e080c0 lib/core/profiling.py 40be71cd774662a7b420caeb7051e7d5 lib/core/readlineng.py d8e9250f3775119df07e9070eddccd16 lib/core/replication.py 785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py 40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py -c83fde3105ab7696692a704c34fc5504 lib/core/settings.py +7dae5446f2587e632536d540c3950848 lib/core/settings.py d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py 2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py 8136241fdbdb99a5dc0e51ba72918f6e lib/core/target.py @@ -68,7 +68,7 @@ ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py 403d873f1d2fd0c7f73d83f104e41850 lib/request/basicauthhandler.py 86cb5ce3fa5530c255f4599bfc0cc4e2 lib/request/basic.py ef48de622b0a6b4a71df64b0d2785ef8 lib/request/comparison.py -f5c245a0609065a91c79611ff1b66787 lib/request/connect.py +a912b5148a089ec333cc9210d53235ea lib/request/connect.py fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py 5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py @@ -78,14 +78,14 @@ dc1e0af84ee8eb421797d61c8cb8f172 lib/request/methodrequest.py bb9c165b050f7696b089b96b5947fac3 lib/request/pkihandler.py 602d4338a9fceaaee40c601410d8ac0b lib/request/rangehandler.py 111b3ee936f23167b5654a5f72e9731b lib/request/redirecthandler.py -20a0e6dac2edcf98fa8c47ee9a332c28 lib/request/templates.py +b373770137dc885889e495de95169b93 lib/request/templates.py 992a02767d12254784f15501a7ab8dd8 lib/takeover/abstraction.py c6bc7961a186baabe0a9f5b7e0d8974b lib/takeover/icmpsh.py 310efc965c862cfbd7b0da5150a5ad36 lib/takeover/__init__.py c90c993b020a6ae0f0e497fd84f37466 lib/takeover/metasploit.py ac541a0d38e4ecb4e41e97799a7235f4 lib/takeover/registry.py d466eab3ff82dbe29dc820e303eb4cff lib/takeover/udf.py -e7f3012f4f9e822d39eabd934d050b0e lib/takeover/web.py +b7dd3a2697a08108ddc9a4264922c2e8 lib/takeover/web.py 604b087dc52dbcb4c3938ad1bf63829c lib/takeover/xp_cmdshell.py 9f03972ea5ce2df74d43be5f30f068eb lib/techniques/blind/inference.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/blind/__init__.py @@ -93,11 +93,11 @@ e7f3012f4f9e822d39eabd934d050b0e lib/takeover/web.py ab1601a7f429b47637c4fb8af703d0f1 lib/techniques/dns/test.py d3da4c7ceaf57c4687a052d58722f6bb lib/techniques/dns/use.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/error/__init__.py -628f1fe86603512ae122f868cdabbfb9 lib/techniques/error/use.py +c7e6589ef171819c4630ca8434f0250b lib/techniques/error/use.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/__init__.py 310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py -211e6dc49af6ad6bd3590d16d41e86db lib/techniques/union/test.py -d17ca7177a29d7d07094fc7dd747d4c5 lib/techniques/union/use.py +d71e48e6fd08f75cc612bf8b260994ce lib/techniques/union/test.py +36194e6c0a8dd14139f57ebf87bb80f9 lib/techniques/union/use.py 67f0ad96ec2207d7e59c788b858afd6d lib/utils/api.py 7d10ba0851da8ee9cd3c140dcd18798e lib/utils/brute.py ed70f1ca9113664043ec9e6778e48078 lib/utils/crawler.py