sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-24 10:33:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #2471

Browse Source
This commit is contained in:
Miroslav Stampar 2017-04-10 19:21:22 +02:00
parent c74756c3bc
commit 9b3d229294
16 changed files with 90 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@ -161,7 +161,7 @@ def _showInjections():
else:
header = "sqlmap resumed the following injection point(s) from stored session"
if hasattr(conf, "api"):
if conf.api:
conf.dumper.string("", {"url": conf.url, "query": conf.parameters.get(PLACE.GET), "data": conf.parameters.get(PLACE.POST)}, content_type=CONTENT_TYPE.TARGET)
conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)
else:

8
lib/core/common.py
View File

@ -270,7 +270,7 @@ class Format(object):
infoApi = {}
if info and "type" in info:
if hasattr(conf, "api"):
if conf.api:
infoApi["%s operating system" % target] = info
else:
infoStr += "%s operating system: %s" % (target, Format.humanize(info["type"]))
@ -288,12 +288,12 @@ class Format(object):
infoStr += " (%s)" % Format.humanize(info["codename"])
if "technology" in info:
if hasattr(conf, "api"):
if conf.api:
infoApi["web application technology"] = Format.humanize(info["technology"], ", ")
else:
infoStr += "\nweb application technology: %s" % Format.humanize(info["technology"], ", ")
if hasattr(conf, "api"):
if conf.api:
return infoApi
else:
return infoStr.lstrip()
@ -896,7 +896,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=
message = data
try:
if hasattr(conf, "api"):
if conf.get("api"):
sys.stdout.write(message, status, content_type)
else:
sys.stdout.write(setColor(message, bold))

18
lib/core/dump.py
View File

@ -63,7 +63,7 @@ class Dump(object):
self._lock = threading.Lock()
def _write(self, data, newline=True, console=True, content_type=None):
if hasattr(conf, "api"):
if conf.api:
dataToStdout(data, content_type=content_type, status=CONTENT_STATUS.COMPLETE)
return
@ -110,7 +110,7 @@ class Dump(object):
def string(self, header, data, content_type=None, sort=True):
kb.stickyLevel = None
if hasattr(conf, "api"):
if conf.api:
self._write(data, content_type=content_type)
return
@ -144,7 +144,7 @@ class Dump(object):
except:
pass
if hasattr(conf, "api"):
if conf.api:
self._write(elements, content_type=content_type)
return
@ -193,7 +193,7 @@ class Dump(object):
users = userSettings.keys()
users.sort(key=lambda x: x.lower() if isinstance(x, basestring) else x)
if hasattr(conf, "api"):
if conf.api:
self._write(userSettings, content_type=content_type)
return
@ -227,7 +227,7 @@ class Dump(object):
def dbTables(self, dbTables):
if isinstance(dbTables, dict) and len(dbTables) > 0:
if hasattr(conf, "api"):
if conf.api:
self._write(dbTables, content_type=CONTENT_TYPE.TABLES)
return
@ -270,7 +270,7 @@ class Dump(object):
def dbTableColumns(self, tableColumns, content_type=None):
if isinstance(tableColumns, dict) and len(tableColumns) > 0:
if hasattr(conf, "api"):
if conf.api:
self._write(tableColumns, content_type=content_type)
return
@ -344,7 +344,7 @@ class Dump(object):
def dbTablesCount(self, dbTables):
if isinstance(dbTables, dict) and len(dbTables) > 0:
if hasattr(conf, "api"):
if conf.api:
self._write(dbTables, content_type=CONTENT_TYPE.COUNT)
return
@ -403,7 +403,7 @@ class Dump(object):
db = "All"
table = tableValues["__infos__"]["table"]
if hasattr(conf, "api"):
if conf.api:
self._write(tableValues, content_type=CONTENT_TYPE.DUMP_TABLE)
return
@ -666,7 +666,7 @@ class Dump(object):
logger.warn(msg)
def dbColumns(self, dbColumnsDict, colConsider, dbs):
if hasattr(conf, "api"):
if conf.api:
self._write(dbColumnsDict, content_type=CONTENT_TYPE.COLUMNS)
return

2
lib/core/option.py
View File

@ -2192,7 +2192,7 @@ def _mergeOptions(inputOptions, overrideOptions):
if key not in conf or value not in (None, False) or overrideOptions:
conf[key] = value
if not hasattr(conf, "api"):
if not conf.api:
for key, value in conf.items():
if value is not None:
kb.explicitSettings.add(key)

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.1.4.13"
VERSION = "1.1.4.14"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

16
lib/techniques/blind/inference.py
View File

@ -97,7 +97,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# Set kb.partRun in case "common prediction" feature (a.k.a. "good samaritan") is used or the engine is called from the API
if conf.predictOutput:
kb.partRun = getPartRun()
elif hasattr(conf, "api"):
elif conf.api:
kb.partRun = getPartRun(alias=False)
else:
kb.partRun = None
@ -168,7 +168,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
warnMsg += "usage of option '--threads' for faster data retrieval"
singleTimeWarnMessage(warnMsg)
if conf.verbose in (1, 2) and not showEta and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not showEta and not conf.api:
if isinstance(length, int) and conf.threads > 1:
dataToStdout("[%s] [INFO] retrieved: %s" % (time.strftime("%X"), "_" * min(length, conf.progressWidth)))
dataToStdout("\r[%s] [INFO] retrieved: " % time.strftime("%X"))
@ -492,7 +492,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if (endCharIndex - startCharIndex == conf.progressWidth) and (endCharIndex < length - 1):
output = output[:-2] + '..'
if conf.verbose in (1, 2) and not showEta and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not showEta and not conf.api:
_ = count - firstChar
output += '_' * (min(length, conf.progressWidth) - len(output))
status = ' %d/%d (%d%%)' % (_, length, round(100.0 * _ / length))
@ -522,7 +522,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
finalValue = "".join(value)
infoMsg = "\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), filterControlChars(finalValue))
if conf.verbose in (1, 2) and not showEta and infoMsg and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not showEta and infoMsg and not conf.api:
dataToStdout(infoMsg)
# No multi-threading (--threads = 1)
@ -558,7 +558,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if result:
if showEta:
progress.progress(time.time() - charStart, len(commonValue))
elif conf.verbose in (1, 2) or hasattr(conf, "api"):
elif conf.verbose in (1, 2) or conf.api:
dataToStdout(filterControlChars(commonValue[index - 1:]))
finalValue = commonValue
@ -608,7 +608,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if showEta:
progress.progress(time.time() - charStart, index)
elif conf.verbose in (1, 2) or hasattr(conf, "api"):
elif conf.verbose in (1, 2) or conf.api:
dataToStdout(filterControlChars(val))
# some DBMSes (e.g. Firebird, DB2, etc.) have issues with trailing spaces
@ -635,11 +635,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
elif partialValue:
hashDBWrite(expression, "%s%s" % (PARTIAL_VALUE_MARKER if not conf.hexConvert else PARTIAL_HEX_VALUE_MARKER, partialValue))
if conf.hexConvert and not abortedFlag and not hasattr(conf, "api"):
if conf.hexConvert and not abortedFlag and not conf.api:
infoMsg = "\r[%s] [INFO] retrieved: %s %s\n" % (time.strftime("%X"), filterControlChars(finalValue), " " * retrievedLength)
dataToStdout(infoMsg)
else:
if conf.verbose in (1, 2) and not showEta and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not showEta and not conf.api:
dataToStdout("\n")
if (conf.verbose in (1, 2) and showEta) or conf.verbose >= 3:

4
lib/techniques/brute/use.py
View File

@ -114,7 +114,7 @@ def tableExists(tableFile, regex=None):
threadData.shared.value.append(table)
threadData.shared.unique.add(table.lower())
if conf.verbose in (1, 2) and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not conf.api:
clearConsoleLine(True)
infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(table))
dataToStdout(infoMsg, True)
@ -222,7 +222,7 @@ def columnExists(columnFile, regex=None):
if result:
threadData.shared.value.append(column)
if conf.verbose in (1, 2) and not hasattr(conf, "api"):
if conf.verbose in (1, 2) and not conf.api:
clearConsoleLine(True)
infoMsg = "[%s] [INFO] retrieved: %s\n" % (time.strftime("%X"), unsafeSQLIdentificatorNaming(column))
dataToStdout(infoMsg, True)

2
lib/techniques/error/use.py
View File

@ -301,7 +301,7 @@ def errorUse(expression, dump=False):
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(expression)
# Set kb.partRun in case the engine is called from the API
kb.partRun = getPartRun(alias=False) if hasattr(conf, "api") else None
kb.partRun = getPartRun(alias=False) if conf.api else None
# We have to check if the SQL query might return multiple entries
# and in such case forge the SQL limiting the query output one

2
lib/techniques/union/use.py
View File

@ -215,7 +215,7 @@ def unionUse(expression, unpack=True, dump=False):
_, _, _, _, _, expressionFieldsList, expressionFields, _ = agent.getFields(origExpr)
# Set kb.partRun in case the engine is called from the API
kb.partRun = getPartRun(alias=False) if hasattr(conf, "api") else None
kb.partRun = getPartRun(alias=False) if conf.api else None
if Backend.isDbms(DBMS.MSSQL) and kb.dumpColumns:
kb.rowXmlMode = True

2
lib/utils/api.py
View File

@ -282,7 +282,7 @@ class LogRecorder(logging.StreamHandler):
def setRestAPILog():
if hasattr(conf, "api"):
if conf.api:
try:
conf.databaseCursor = Database(conf.database)
conf.databaseCursor.connect("client")

4
lib/utils/hash.py
View File

@ -583,7 +583,7 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc
status = 'current status: %s... %s' % (word.ljust(5)[:5], ROTATING_CHARS[rotator])
if not hasattr(conf, "api"):
if not conf.api:
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:
@ -657,7 +657,7 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found
if user and not user.startswith(DUMMY_USER_PREFIX):
status += ' (user: %s)' % user
if not hasattr(conf, "api"):
if not conf.api:
dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status))
except KeyboardInterrupt:

4
plugins/dbms/hsqldb/fingerprint.py
View File

@ -28,13 +28,13 @@ class Fingerprint(GenericFingerprint):
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp and not hasattr(conf, "api"):
if wsOsFp and not conf.api:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp and not hasattr(conf, "api"):
if dbmsOsFp and not conf.api:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "

4
plugins/dbms/mysql/fingerprint.py
View File

@ -95,13 +95,13 @@ class Fingerprint(GenericFingerprint):
value = ""
wsOsFp = Format.getOs("web server", kb.headersFp)
if wsOsFp and not hasattr(conf, "api"):
if wsOsFp and not conf.api:
value += "%s\n" % wsOsFp
if kb.data.banner:
dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp)
if dbmsOsFp and not hasattr(conf, "api"):
if dbmsOsFp and not conf.api:
value += "%s\n" % dbmsOsFp
value += "back-end DBMS: "

6
sqlmap.py
View File

@ -123,7 +123,7 @@ def main():
cmdLineOptions.update(cmdLineParser().__dict__)
initOptions(cmdLineOptions)
if hasattr(conf, "api"):
if conf.get("api"):
# heavy imports
from lib.utils.api import StdDbOut
from lib.utils.api import setRestAPILog
@ -285,7 +285,7 @@ def main():
errMsg = maskSensitiveData(errMsg)
excMsg = maskSensitiveData(excMsg)
if hasattr(conf, "api"):
if conf.get("api"):
logger.critical("%s\n%s" % (errMsg, excMsg))
else:
logger.critical(errMsg)
@ -326,7 +326,7 @@ def main():
kb.clear()
main()
if hasattr(conf, "api"):
if conf.get("api"):
try:
conf.databaseCursor.disconnect()
except KeyboardInterrupt:

28
txt/checksum.md5
View File

@ -21,31 +21,31 @@ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.
7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py
5df358defc488bee9b40084892e3d1cb lib/controller/action.py
9cb94acd4c59822a5e1a258c4d1a4860 lib/controller/checks.py
dc386321e8813788f155dc557a78be8d lib/controller/controller.py
20fbacfdcef41214dc2e9ad31fbc28ad lib/controller/controller.py
d79481ab99acd739615e747d4a79d9d0 lib/controller/handler.py
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
19905ecb4437b94512cf21d5f1720091 lib/core/agent.py
6cc95a117fbd34ef31b9aa25520f0e31 lib/core/bigarray.py
652266ff49168dd88a9d5649003a3951 lib/core/common.py
95e165749bdb830e51be2159bc2c021e lib/core/common.py
5065a4242a8cccf72f91e22e1007ae63 lib/core/convert.py
a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py
7936d78b1a7f1f008ff92bf2f88574ba lib/core/datatype.py
36c85e9ef109c5b4af3ca9bb1065ef1f lib/core/decorators.py
47eecd5499eaa15e931793e1d1ac3566 lib/core/defaults.py
7309cf449b009723d1a4655fcf1a96d7 lib/core/dicts.py
77edcfd3d7c5522bb64baf59ac23a047 lib/core/dump.py
65b9187de3d8c9c28ddab53ef2b399bc lib/core/dump.py
b9ff4e622c416116bee6024c0f050349 lib/core/enums.py
9381a0c7e8bc19986299e84f4edda1a0 lib/core/exception.py
310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py
9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py
ebb778c2d26eba8b34d7d8658e4105a6 lib/core/optiondict.py
bffd3f1bffa71a3c0ffc14768631f8ed lib/core/option.py
69e879487399f3028fe0291817f2f998 lib/core/option.py
5f2f56e6c5f274408df61943f1e080c0 lib/core/profiling.py
40be71cd774662a7b420caeb7051e7d5 lib/core/readlineng.py
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
89f327b249b0c1267c92889ceca475a9 lib/core/settings.py
eb44bcdbc0438b1ac1772b05f0e89b08 lib/core/settings.py
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
afd0636d2e93c23f4f0a5c9b6023ea17 lib/core/target.py
@ -86,25 +86,25 @@ ac541a0d38e4ecb4e41e97799a7235f4 lib/takeover/registry.py
4cd0322f22fbc26284cffa9f8f7545ef lib/takeover/udf.py
c131528696edb96695aa1b58803bd6ae lib/takeover/web.py
e5a82481947e798d0c11f3acf3e9db60 lib/takeover/xp_cmdshell.py
cae752650755c706272a45ae84519a4b lib/techniques/blind/inference.py
9f03972ea5ce2df74d43be5f30f068eb lib/techniques/blind/inference.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/blind/__init__.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/brute/__init__.py
a693c023a9fed1eebb9ca9ef51e0aeb8 lib/techniques/brute/use.py
ac3a32b7a84517730fa2885f4e8721ba lib/techniques/brute/use.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/dns/__init__.py
ab1601a7f429b47637c4fb8af703d0f1 lib/techniques/dns/test.py
d3da4c7ceaf57c4687a052d58722f6bb lib/techniques/dns/use.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/error/__init__.py
2fb0eb698fc9d6e19960d2136bce787d lib/techniques/error/use.py
be752c8075641bc390368c9955f34c91 lib/techniques/error/use.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/__init__.py
310efc965c862cfbd7b0da5150a5ad36 lib/techniques/union/__init__.py
19fd73af7a278fd72b46a5a60f5bdd09 lib/techniques/union/test.py
8cd5655c60a638caa30ca1220896aeda lib/techniques/union/use.py
9fca8077f1ee6f701ce7b7972e05ee53 lib/utils/api.py
09b23d3ecb6c0e6e276822a3f2f3bf7b lib/techniques/union/use.py
981318873e2df1cc55173e8b8a4a7637 lib/utils/api.py
29e32d59fcdd63c5a13498af1f367c8c lib/utils/crawler.py
ba12c69a90061aa14d848b8396e79191 lib/utils/deps.py
3b9fd519164e0bf275d5fd361c3f11ff lib/utils/getch.py
ccfdad414ce2ec0c394c3deaa39a82bf lib/utils/hashdb.py
aff7355d582fc6c00a675eeee2a5217a lib/utils/hash.py
712ef6a703c9101690b9177b09a31b4c lib/utils/hash.py
e76a08237ee6a4cd6855af79610ea8a5 lib/utils/htmlentities.py
310efc965c862cfbd7b0da5150a5ad36 lib/utils/__init__.py
9d8c858417d356e49e1959ba253aede4 lib/utils/pivotdumptable.py
@ -139,7 +139,7 @@ f86ace7fcaea5ff3f9e86ab2dce052c5 plugins/dbms/firebird/__init__.py
3a97bd07cce66bc812309341e7b54697 plugins/dbms/hsqldb/connector.py
015281fb8f96dbade0d2e30fc8da9c4c plugins/dbms/hsqldb/enumeration.py
c0b14e62e1ecbb679569a1abb9cf1913 plugins/dbms/hsqldb/filesystem.py
82304c5d7b06bb564dcdd8cda84dbeae plugins/dbms/hsqldb/fingerprint.py
ad3090f3212a007274e016c3af90dddf plugins/dbms/hsqldb/fingerprint.py
0b18e3cf582b128cf9f16ee34ef85727 plugins/dbms/hsqldb/__init__.py
65e8f8edc9d18fe482deb474a29f83ff plugins/dbms/hsqldb/syntax.py
0a1584e2b01f33abe3ef91d99bafbd3f plugins/dbms/hsqldb/takeover.py
@ -168,7 +168,7 @@ a7ed0510e47384eaf93164d53e2b6b36 plugins/dbms/mssqlserver/enumeration.py
48fb283a0dbf980495ca054f7b55783f plugins/dbms/mysql/connector.py
7fe94b803fa273baf479b76ce7a3fb51 plugins/dbms/mysql/enumeration.py
1bd5e659962e814b66a451b807de9110 plugins/dbms/mysql/filesystem.py
1a17c2dea2cd7554cf9082fdf96f8360 plugins/dbms/mysql/fingerprint.py
5947eb45c33e183c61efc3e41a232c00 plugins/dbms/mysql/fingerprint.py
42568a66a13a43ed46748290c503a652 plugins/dbms/mysql/__init__.py
96dfafcc4aecc1c574148ac05dbdb6da plugins/dbms/mysql/syntax.py
33b2dc28075ab560fd8a4dc898682a0d plugins/dbms/mysql/takeover.py
@ -224,7 +224,7 @@ c3cc8b7727161e64ab59f312c33b541a shell/stager.aspx_
1f7f125f30e0e800beb21e2ebbab18e1 shell/stager.jsp_
01e3505e796edf19aad6a996101c81c9 shell/stager.php_
0751a45ac4c130131f2cdb74d866b664 sqlmapapi.py
dee6a537359c049dabe4ffe3de881359 sqlmap.py
e6e6fbed25e09f29ce62a2d55932e331 sqlmap.py
08c711a470d7e0bf705320ba3c48b886 tamper/apostrophemask.py
e8509df10d3f1c28014d7825562d32dd tamper/apostrophenullencode.py
bb27f7dc980ea07fcfedbd7da5e5e029 tamper/appendnullbyte.py