sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 09:57:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

Cosmetics

Browse Source
This commit is contained in:
Bernardo Damele 2010-12-09 00:26:06 +00:00
parent b5c6527c72
commit 9c61adb21d
4 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/controller/checks.py
View File

@ -308,12 +308,13 @@ def checkSqlInjection(place, parameter, value):
conf.matchRatio = None conf.matchRatio = None
_ = Request.queryPage(cmpPayload, place) _ = Request.queryPage(cmpPayload, place)
# Compare True and False response contents # Perform the test's True request
trueResult = Request.queryPage(reqPayload, place) trueResult = Request.queryPage(reqPayload, place)
if trueResult: if trueResult:
falseResult = Request.queryPage(cmpPayload, place) falseResult = Request.queryPage(cmpPayload, place)
# Perform the test's False request
if not falseResult: if not falseResult:
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg) logger.info(infoMsg)

16
lib/core/common.py
View File

@ -1273,9 +1273,12 @@ def readCachedFileContent(filename, mode='rb'):
def readXmlFile(xmlFile): def readXmlFile(xmlFile):
checkFile(xmlFile) checkFile(xmlFile)
xfile = codecs.open(xmlFile, 'r', conf.dataEncoding) xfile = codecs.open(xmlFile, 'r', conf.dataEncoding)
retVal = minidom.parse(xfile).documentElement retVal = minidom.parse(xfile).documentElement
xfile.close() xfile.close()
return retVal return retVal
def stdev(values): def stdev(values):
@ -1283,16 +1286,17 @@ def stdev(values):
Computes standard deviation of a list of numbers. Computes standard deviation of a list of numbers.
Reference: http://www.goldb.org/corestats.html Reference: http://www.goldb.org/corestats.html
""" """
if not values or len(values) < 2: if not values or len(values) < 2:
return None return None
sum = 0.0 summa = 0.0
avg = average(values) avg = average(values)
for value in values: for value in values:
sum += pow(value - avg, 2) summa += pow(value - avg, 2)
return sqrt(sum/(len(values) - 1)) return sqrt(summa/(len(values) - 1))
def average(values): def average(values):
""" """
@ -1544,11 +1548,13 @@ def wasLastRequestDelayed():
# affected response times should be inside +-7*stdev([normal response times]) # affected response times should be inside +-7*stdev([normal response times])
# (Math reference: http://www.answers.com/topic/standard-deviation) # (Math reference: http://www.answers.com/topic/standard-deviation)
deviation = stdev(kb.responseTimes) deviation = stdev(kb.responseTimes)
if deviation: if deviation:
if len(kb.responseTimes) < MIN_TIME_RESPONSES: if len(kb.responseTimes) < MIN_TIME_RESPONSES:
warnMsg = "time based standard deviation method used " warnMsg = "time-based standard deviation method used on a model "
warnMsg += "on a model with less than %d response times" % MIN_TIME_RESPONSES warnMsg += "with less than %d response times" % MIN_TIME_RESPONSES
logger.warn(warnMsg) logger.warn(warnMsg)
return (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * deviation) return (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * deviation)
else: else:
return kb.lastQueryDuration - conf.timeSec return kb.lastQueryDuration - conf.timeSec

1
lib/techniques/brute/use.py
View File

@ -21,7 +21,6 @@ from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.request import inject from lib.request import inject
from lib.request.connect import Connect as Request
def tableExists(tableFile): def tableExists(tableFile):
tables = getFileItems(tableFile) tables = getFileItems(tableFile)