mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Minor patch
This commit is contained in:
parent
6d48df2454
commit
996ad59126
|
@ -552,7 +552,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
# Perform the test's request and grep the response
|
||||
# body for the test's <grep> regular expression
|
||||
try:
|
||||
page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
|
||||
page, headers, _ = Request.queryPage(reqPayload, place, content=True, raise404=False)
|
||||
output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
|
||||
or extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None, re.DOTALL | re.IGNORECASE) \
|
||||
or extractRegexResult(check, listToStrValue([headers[key] for key in headers.keys() if key.lower() != URI_HTTP_HEADER.lower()] if headers else None), re.DOTALL | re.IGNORECASE) \
|
||||
|
@ -959,7 +959,7 @@ def heuristicCheckSqlInjection(place, parameter):
|
|||
|
||||
payload = "%s%s%s" % (prefix, randStr, suffix)
|
||||
payload = agent.payload(place, parameter, newValue=payload)
|
||||
page, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||
page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||
|
||||
kb.heuristicPage = page
|
||||
kb.heuristicMode = False
|
||||
|
@ -1015,7 +1015,7 @@ def heuristicCheckSqlInjection(place, parameter):
|
|||
value = "%s%s%s" % (randStr1, DUMMY_NON_SQLI_CHECK_APPENDIX, randStr2)
|
||||
payload = "%s%s%s" % (prefix, "'%s" % value, suffix)
|
||||
payload = agent.payload(place, parameter, newValue=payload)
|
||||
page, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||
page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||
|
||||
paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
|
||||
|
||||
|
@ -1124,7 +1124,7 @@ def checkDynamicContent(firstPage, secondPage):
|
|||
warnMsg += ". sqlmap is going to retry the request"
|
||||
logger.critical(warnMsg)
|
||||
|
||||
secondPage, _ = Request.queryPage(content=True)
|
||||
secondPage, _, _ = Request.queryPage(content=True)
|
||||
findDynamicContent(firstPage, secondPage)
|
||||
|
||||
def checkStability():
|
||||
|
@ -1147,7 +1147,7 @@ def checkStability():
|
|||
delay = max(0, min(1, delay))
|
||||
time.sleep(delay)
|
||||
|
||||
secondPage, _ = Request.queryPage(content=True, noteResponseTime=False, raise404=False)
|
||||
secondPage, _, _ = Request.queryPage(content=True, noteResponseTime=False, raise404=False)
|
||||
|
||||
if kb.redirectChoice:
|
||||
return None
|
||||
|
@ -1229,7 +1229,7 @@ def checkString():
|
|||
infoMsg += "target URL page content"
|
||||
logger.info(infoMsg)
|
||||
|
||||
page, headers = Request.queryPage(content=True)
|
||||
page, headers, _ = Request.queryPage(content=True)
|
||||
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
|
||||
|
||||
if conf.string not in rawResponse:
|
||||
|
@ -1248,7 +1248,7 @@ def checkRegexp():
|
|||
infoMsg += "the target URL page content"
|
||||
logger.info(infoMsg)
|
||||
|
||||
page, headers = Request.queryPage(content=True)
|
||||
page, headers, _ = Request.queryPage(content=True)
|
||||
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
|
||||
|
||||
if not re.search(conf.regexp, rawResponse, re.I | re.M):
|
||||
|
@ -1455,7 +1455,7 @@ def checkConnection(suppressOutput=False):
|
|||
|
||||
try:
|
||||
kb.originalPageTime = time.time()
|
||||
page, headers = Request.queryPage(content=True, noteResponseTime=False)
|
||||
page, headers, _ = Request.queryPage(content=True, noteResponseTime=False)
|
||||
kb.originalPage = kb.pageTemplate = page
|
||||
|
||||
kb.errorIsNone = False
|
||||
|
|
|
@ -628,7 +628,7 @@ def _findPageForms():
|
|||
logger.info(infoMsg)
|
||||
|
||||
if not any((conf.bulkFile, conf.googleDork, conf.sitemapUrl)):
|
||||
page, _ = Request.queryPage(content=True)
|
||||
page, _, _ = Request.queryPage(content=True)
|
||||
findPageForms(page, conf.url, True, True)
|
||||
else:
|
||||
if conf.bulkFile:
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.1.6.2"
|
||||
VERSION = "1.1.6.3"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -1227,7 +1227,7 @@ class Connect(object):
|
|||
kb.permissionFlag = re.search(PERMISSION_DENIED_REGEX, page or "", re.I) is not None
|
||||
|
||||
if content or response:
|
||||
return page, headers
|
||||
return page, headers, code
|
||||
|
||||
if getRatioValue:
|
||||
return comparison(page, headers, code, getRatioValue=False, pageLength=pageLength), comparison(page, headers, code, getRatioValue=True, pageLength=pageLength)
|
||||
|
|
|
@ -13,7 +13,7 @@ def getPageTemplate(payload, place):
|
|||
|
||||
if payload and place:
|
||||
if (payload, place) not in kb.pageTemplates:
|
||||
page, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||
page, _, _ = Request.queryPage(payload, place, content=True, raise404=False)
|
||||
kb.pageTemplates[(payload, place)] = (page, kb.lastParserStatus is None)
|
||||
|
||||
retVal = kb.pageTemplates[(payload, place)]
|
||||
|
|
|
@ -232,7 +232,7 @@ class Web:
|
|||
if place in conf.parameters:
|
||||
value = re.sub(r"(\A|&)(\w+)=", "\g<2>[]=", conf.parameters[place])
|
||||
if "[]" in value:
|
||||
page, headers = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False)
|
||||
page, headers, _ = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False)
|
||||
parseFilePaths(page)
|
||||
|
||||
cookie = None
|
||||
|
@ -244,12 +244,12 @@ class Web:
|
|||
if cookie:
|
||||
value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cookie)
|
||||
if value != cookie:
|
||||
page, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
|
||||
page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
|
||||
parseFilePaths(page)
|
||||
|
||||
value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=", cookie)
|
||||
if value != cookie:
|
||||
page, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
|
||||
page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False)
|
||||
parseFilePaths(page)
|
||||
|
||||
directories = list(arrayizeValue(getManualDirectories()))
|
||||
|
|
|
@ -121,7 +121,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False):
|
|||
payload = agent.payload(newValue=injExpression)
|
||||
|
||||
# Perform the request
|
||||
page, headers = Request.queryPage(payload, content=True, raise404=False)
|
||||
page, headers, _ = Request.queryPage(payload, content=True, raise404=False)
|
||||
|
||||
incrementCounter(kb.technique)
|
||||
|
||||
|
|
|
@ -53,8 +53,8 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
|
|||
query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix)
|
||||
query = agent.suffixQuery(query, suffix=suffix, comment=comment)
|
||||
payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where)
|
||||
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers) or re.search(r"data types cannot be compared or sorted", page or "", re.I)
|
||||
page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I)
|
||||
|
||||
if _orderByTest(1) and not _orderByTest(randomInt()):
|
||||
infoMsg = "'ORDER BY' technique appears to be usable. "
|
||||
|
@ -105,10 +105,10 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
|
|||
for count in xrange(lowerCount, upperCount + 1):
|
||||
query = agent.forgeUnionQuery('', -1, count, comment, prefix, suffix, kb.uChar, where)
|
||||
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
|
||||
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
if not isNullValue(kb.uChar):
|
||||
pages[count] = page
|
||||
ratio = comparison(page, headers, getRatioValue=True) or MIN_RATIO
|
||||
ratio = comparison(page, headers, code, getRatioValue=True) or MIN_RATIO
|
||||
ratios.append(ratio)
|
||||
min_, max_ = min(min_, ratio), max(max_, ratio)
|
||||
items.append((count, ratio))
|
||||
|
@ -187,7 +187,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
|||
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
|
||||
|
||||
# Perform the request
|
||||
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
|
||||
removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
|
||||
payload, True) or "")
|
||||
|
@ -209,7 +209,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
|||
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
|
||||
|
||||
# Perform the request
|
||||
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
content = "%s%s".lower() % (page or "", listToStrValue(headers.headers if headers else None) or "")
|
||||
|
||||
if not all(_ in content for _ in (phrase, phrase2)):
|
||||
|
@ -222,7 +222,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
|||
payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
|
||||
|
||||
# Perform the request
|
||||
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
|
||||
removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
|
||||
payload, True) or "")
|
||||
|
|
|
@ -81,7 +81,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
|
|||
payload = agent.payload(newValue=query, where=where)
|
||||
|
||||
# Perform the request
|
||||
page, headers = Request.queryPage(payload, content=True, raise404=False)
|
||||
page, headers, _ = Request.queryPage(payload, content=True, raise404=False)
|
||||
|
||||
incrementCounter(PAYLOAD.TECHNIQUE.UNION)
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.
|
|||
310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py
|
||||
7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py
|
||||
7afe836fd97271ccba67b4c0da2482ff lib/controller/action.py
|
||||
fec857280fd553ee7e9b49fdfe104402 lib/controller/checks.py
|
||||
cc6623fc0a9790818317653b9463a96d lib/controller/checks.py
|
||||
130d1c16708668b8d89605b6b5b38bf5 lib/controller/controller.py
|
||||
52a3969f57170e935e3fc0156335bf2c lib/controller/handler.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
|
||||
|
@ -40,13 +40,13 @@ b9ff4e622c416116bee6024c0f050349 lib/core/enums.py
|
|||
310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py
|
||||
9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py
|
||||
edcfce0850771e6454acef244d5c5760 lib/core/optiondict.py
|
||||
d85f2f63ffcb6135400339f9a7595a7b lib/core/option.py
|
||||
9eb46811650036aac410b3dde20a86f4 lib/core/option.py
|
||||
5f2f56e6c5f274408df61943f1e080c0 lib/core/profiling.py
|
||||
40be71cd774662a7b420caeb7051e7d5 lib/core/readlineng.py
|
||||
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
|
||||
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
|
||||
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
|
||||
c83fde3105ab7696692a704c34fc5504 lib/core/settings.py
|
||||
7dae5446f2587e632536d540c3950848 lib/core/settings.py
|
||||
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
|
||||
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
|
||||
8136241fdbdb99a5dc0e51ba72918f6e lib/core/target.py
|
||||
|
@ -68,7 +68,7 @@ ad74fc58fc7214802fd27067bce18dd2 lib/core/unescaper.py
|
|||
403d873f1d2fd0c7f73d83f104e41850 lib/request/basicauthhandler.py
|
||||
86cb5ce3fa5530c255f4599bfc0cc4e2 lib/request/basic.py
|
||||
ef48de622b0a6b4a71df64b0d2785ef8 lib/request/comparison.py
|
||||
f5c245a0609065a91c79611ff1b66787 lib/request/connect.py
|
||||
a912b5148a089ec333cc9210d53235ea lib/request/connect.py
|
||||
fb6b788d0016ab4ec5e5f661f0f702ad lib/request/direct.py
|
||||
cc1163d38e9b7ee5db2adac6784c02bb lib/request/dns.py
|
||||
5dcdb37823a0b5eff65cd1018bcf09e4 lib/request/httpshandler.py
|
||||
|
@ -78,14 +78,14 @@ dc1e0af84ee8eb421797d61c8cb8f172 lib/request/methodrequest.py
|
|||
bb9c165b050f7696b089b96b5947fac3 lib/request/pkihandler.py
|
||||
602d4338a9fceaaee40c601410d8ac0b lib/request/rangehandler.py
|
||||
111b3ee936f23167b5654a5f72e9731b lib/request/redirecthandler.py
|
||||
20a0e6dac2edcf98fa8c47ee9a332c28 lib/request/templates.py
|
||||
b373770137dc885889e495de95169b93 lib/request/templates.py
|
||||
992a02767d12254784f15501a7ab8dd8 lib/takeover/abstraction.py
|
||||
c6bc7961a186baabe0a9f5b7e0d8974b lib/takeover/icmpsh.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/takeover/__init__.py
|
||||
c90c993b020a6ae0f0e497fd84f37466 lib/takeover/metasploit.py
|
||||
ac541a0d38e4ecb4e41e97799a7235f4 lib/takeover/registry.py
|
||||
d466eab3ff82dbe29dc820e303eb4cff lib/takeover/udf.py
|
||||
e7f3012f4f9e822d39eabd934d050b0e lib/takeover/web.py
|
||||
b7dd3a2697a08108ddc9a4264922c2e8 lib/takeover/web.py
|
||||
604b087dc52dbcb4c3938ad1bf63829c lib/takeover/xp_cmdshell.py
|
||||
9f03972ea5ce2df74d43be5f30f068eb lib/techniques/blind/inference.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/blind/__init__.py
|
||||
|
@ -93,11 +93,11 @@ e7f3012f4f9e822d39eabd934d050b0e lib/takeover/web.py
|
|||
ab1601a7f429b47637c4fb8af703d0f1 lib/techniques/dns/test.py
|
||||
d3da4c7ceaf57c4687a052d58722f6bb lib/techniques/dns/use.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/error/__init__.py
|
||||
628f1fe86603512ae122f868cdabbfb9 lib/techniques/error/use.py
|
||||
c7e6589ef171819c4630ca8434f0250b lib/techniques/error/use.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/__init__.py
|
||||
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py
|
||||
211e6dc49af6ad6bd3590d16d41e86db lib/techniques/union/test.py
|
||||
d17ca7177a29d7d07094fc7dd747d4c5 lib/techniques/union/use.py
|
||||
d71e48e6fd08f75cc612bf8b260994ce lib/techniques/union/test.py
|
||||
36194e6c0a8dd14139f57ebf87bb80f9 lib/techniques/union/use.py
|
||||
67f0ad96ec2207d7e59c788b858afd6d lib/utils/api.py
|
||||
7d10ba0851da8ee9cd3c140dcd18798e lib/utils/brute.py
|
||||
ed70f1ca9113664043ec9e6778e48078 lib/utils/crawler.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user