mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-28 20:43:49 +03:00
added some user interaction when page is dynamic
This commit is contained in:
parent
b748e6ea44
commit
9ffa928783
|
@ -26,12 +26,15 @@ import re
|
||||||
import socket
|
import socket
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
from difflib import SequenceMatcher
|
||||||
|
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import getUnicode
|
from lib.core.common import getUnicode
|
||||||
from lib.core.common import preparePageForLineComparison
|
from lib.core.common import preparePageForLineComparison
|
||||||
from lib.core.common import randomInt
|
from lib.core.common import randomInt
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.common import readInput
|
from lib.core.common import readInput
|
||||||
|
from lib.core.common import showStaticWords
|
||||||
from lib.core.common import DynamicContentItem
|
from lib.core.common import DynamicContentItem
|
||||||
from lib.core.convert import md5hash
|
from lib.core.convert import md5hash
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
@ -41,6 +44,7 @@ from lib.core.data import paths
|
||||||
from lib.core.exception import sqlmapConnectionException
|
from lib.core.exception import sqlmapConnectionException
|
||||||
from lib.core.exception import sqlmapNoneDataException
|
from lib.core.exception import sqlmapNoneDataException
|
||||||
from lib.core.exception import sqlmapUserQuitException
|
from lib.core.exception import sqlmapUserQuitException
|
||||||
|
from lib.core.exception import sqlmapSilentQuitException
|
||||||
from lib.core.session import setString
|
from lib.core.session import setString
|
||||||
from lib.core.session import setRegexp
|
from lib.core.session import setRegexp
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
@ -252,11 +256,26 @@ def checkStability():
|
||||||
warnMsg += "string or regular expression to match on"
|
warnMsg += "string or regular expression to match on"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
message = "do you still want to continue (possible BAD results)? [Y/n] "
|
message = "how do you want to proceed? [C(ontinue)/s(tring)/r(egex)/q(uit)] "
|
||||||
test = readInput(message, default="Y")
|
test = readInput(message, default="C")
|
||||||
if test and test[0] not in ("y", "Y"):
|
if test and test[0] in ("q", "Q"):
|
||||||
raise sqlmapUserQuitException
|
raise sqlmapUserQuitException
|
||||||
|
elif test and test[0] in ("s", "S"):
|
||||||
|
showStaticWords(firstPage, secondPage)
|
||||||
|
message = "please enter value for parameter 'string': "
|
||||||
|
test = readInput(message)
|
||||||
|
if test:
|
||||||
|
conf.string = test
|
||||||
|
else:
|
||||||
|
raise sqlmapSilentQuitException
|
||||||
|
elif test and test[0] in ("r", "R"):
|
||||||
|
message = "please enter value for parameter 'regex': "
|
||||||
|
test = readInput(message)
|
||||||
|
if test:
|
||||||
|
conf.regex = test
|
||||||
|
else:
|
||||||
|
raise sqlmapSilentQuitException
|
||||||
|
else:
|
||||||
checkDynamicContent(firstPage, secondPage)
|
checkDynamicContent(firstPage, secondPage)
|
||||||
|
|
||||||
return condition
|
return condition
|
||||||
|
|
|
@ -40,6 +40,7 @@ from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.exception import exceptionsTuple
|
from lib.core.exception import exceptionsTuple
|
||||||
from lib.core.exception import sqlmapNotVulnerableException
|
from lib.core.exception import sqlmapNotVulnerableException
|
||||||
|
from lib.core.exception import sqlmapSilentQuitException
|
||||||
from lib.core.exception import sqlmapUserQuitException
|
from lib.core.exception import sqlmapUserQuitException
|
||||||
from lib.core.session import setInjection
|
from lib.core.session import setInjection
|
||||||
from lib.core.target import initTargetEnv
|
from lib.core.target import initTargetEnv
|
||||||
|
@ -286,6 +287,9 @@ def start():
|
||||||
checkForParenthesis()
|
checkForParenthesis()
|
||||||
action()
|
action()
|
||||||
|
|
||||||
|
except sqlmapSilentQuitException:
|
||||||
|
raise
|
||||||
|
|
||||||
except sqlmapUserQuitException:
|
except sqlmapUserQuitException:
|
||||||
raise
|
raise
|
||||||
|
|
||||||
|
|
|
@ -39,6 +39,7 @@ import subprocess
|
||||||
from ConfigParser import DEFAULTSECT
|
from ConfigParser import DEFAULTSECT
|
||||||
from ConfigParser import RawConfigParser
|
from ConfigParser import RawConfigParser
|
||||||
from StringIO import StringIO
|
from StringIO import StringIO
|
||||||
|
from difflib import SequenceMatcher
|
||||||
from subprocess import PIPE
|
from subprocess import PIPE
|
||||||
from subprocess import Popen as execute
|
from subprocess import Popen as execute
|
||||||
from tempfile import NamedTemporaryFile
|
from tempfile import NamedTemporaryFile
|
||||||
|
@ -1124,6 +1125,33 @@ def preparePageForLineComparison(page):
|
||||||
return page.replace("><", ">\n<").replace("<br>", "\n").splitlines()
|
return page.replace("><", ">\n<").replace("<br>", "\n").splitlines()
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
def getFilteredPageContent(page):
|
||||||
|
retVal = page
|
||||||
|
if isinstance(page, basestring):
|
||||||
|
retVal = re.sub(r"(?s)<script.+?</script>|<style.+?</style>|<[^>]+>|\t|\n|\r", "", page)
|
||||||
|
return retVal
|
||||||
|
|
||||||
|
def getPageTextWordsSet(page):
|
||||||
|
retVal = None
|
||||||
|
if isinstance(page, basestring):
|
||||||
|
page = getFilteredPageContent(page)
|
||||||
|
retVal = set(re.findall(r"\w+", page))
|
||||||
|
return retVal
|
||||||
|
|
||||||
|
def showStaticWords(firstPage, secondPage):
|
||||||
|
infoMsg = "finding static words in longest matching part of dynamic page content"
|
||||||
|
logger.info(infoMsg)
|
||||||
|
firstPage = getFilteredPageContent(firstPage)
|
||||||
|
secondPage = getFilteredPageContent(secondPage)
|
||||||
|
match = SequenceMatcher(None, firstPage, secondPage).find_longest_match(0, len(firstPage), 0, len(secondPage))
|
||||||
|
commonText = firstPage[match[0]:match[0]+match[2]]
|
||||||
|
commonWords = getPageTextWordsSet(commonText)
|
||||||
|
infoMsg = "static words: "
|
||||||
|
for word in commonWords:
|
||||||
|
if len(word) > 2:
|
||||||
|
infoMsg += "'%s', " % word
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
def decloakToNamedTemporaryFile(filepath, name=None):
|
def decloakToNamedTemporaryFile(filepath, name=None):
|
||||||
retVal = NamedTemporaryFile()
|
retVal = NamedTemporaryFile()
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,9 @@ class sqlmapNoneDataException(Exception):
|
||||||
class sqlmapNotVulnerableException(Exception):
|
class sqlmapNotVulnerableException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
class sqlmapSilentQuitException(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
class sqlmapUserQuitException(Exception):
|
class sqlmapUserQuitException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
@ -96,6 +99,7 @@ exceptionsTuple = (
|
||||||
sqlmapMissingDependence,
|
sqlmapMissingDependence,
|
||||||
sqlmapMissingMandatoryOptionException,
|
sqlmapMissingMandatoryOptionException,
|
||||||
sqlmapNoneDataException,
|
sqlmapNoneDataException,
|
||||||
|
sqlmapSilentQuitException,
|
||||||
sqlmapUserQuitException,
|
sqlmapUserQuitException,
|
||||||
sqlmapRegExprException,
|
sqlmapRegExprException,
|
||||||
sqlmapSyntaxException,
|
sqlmapSyntaxException,
|
||||||
|
|
|
@ -51,6 +51,7 @@ from lib.core.data import conf
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.data import paths
|
from lib.core.data import paths
|
||||||
from lib.core.exception import exceptionsTuple
|
from lib.core.exception import exceptionsTuple
|
||||||
|
from lib.core.exception import sqlmapSilentQuitException
|
||||||
from lib.core.exception import sqlmapUserQuitException
|
from lib.core.exception import sqlmapUserQuitException
|
||||||
from lib.core.exception import unhandledException
|
from lib.core.exception import unhandledException
|
||||||
from lib.core.option import init
|
from lib.core.option import init
|
||||||
|
@ -100,6 +101,9 @@ def main():
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
closeDumper(False, errMsg)
|
closeDumper(False, errMsg)
|
||||||
|
|
||||||
|
except sqlmapSilentQuitException:
|
||||||
|
closeDumper(False)
|
||||||
|
|
||||||
except exceptionsTuple, e:
|
except exceptionsTuple, e:
|
||||||
e = getUnicode(e)
|
e = getUnicode(e)
|
||||||
logger.critical(e)
|
logger.critical(e)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user