sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 03:23:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)

Browse Source
This commit is contained in:
Miroslav Stampar 2012-05-28 14:51:23 +00:00
parent b1d82422a0
commit a70a647aeb
2 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
lib/request/inject.py
View File

@ -21,6 +21,7 @@ from lib.core.common import getPublicTypeMembers
from lib.core.common import hashDBRetrieve from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite from lib.core.common import hashDBWrite
from lib.core.common import initTechnique from lib.core.common import initTechnique
from lib.core.common import isNoneValue
from lib.core.common import isNumPosStrValue from lib.core.common import isNumPosStrValue
from lib.core.common import isTechniqueAvailable from lib.core.common import isTechniqueAvailable
from lib.core.common import parseUnionPage from lib.core.common import parseUnionPage
@ -66,18 +67,19 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
if value is None: if value is None:
timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not timeBasedCompare: if not (timeBasedCompare and kb.dnsTest):
_, length, _ = queryOutputLength(expression, payload) if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not timeBasedCompare:
else: _, length, _ = queryOutputLength(expression, payload)
length = None else:
length = None
kb.inferenceMode = True kb.inferenceMode = True
count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump) count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)
kb.inferenceMode = False kb.inferenceMode = False
if not kb.bruteMode: if not kb.bruteMode:
debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start)) debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
logger.debug(debugMsg) logger.debug(debugMsg)
return value return value
@ -317,9 +319,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, u
expression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()] expression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]
outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump) outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
returnValue = ", ".join(output for output in outputs)
return returnValue return ", ".join(output for output in outputs) if not isNoneValue(outputs) else None
def __goBooleanProxy(expression): def __goBooleanProxy(expression):
""" """

6
lib/techniques/dns/use.py
View File

@ -20,6 +20,8 @@ from lib.core.common import extractRegexResult
from lib.core.common import getSPQLSnippet from lib.core.common import getSPQLSnippet
from lib.core.common import hashDBRetrieve from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite from lib.core.common import hashDBWrite
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import safecharencode from lib.core.common import safecharencode
@ -70,6 +72,9 @@ def dnsUse(payload, expression):
expressionRequest = getSPQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dName) expressionRequest = getSPQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dName)
expressionUnescaped = unescaper.unescape(expressionRequest) expressionUnescaped = unescaper.unescape(expressionRequest)
pushValue(conf.timeSec)
conf.timeSec = 0
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL): if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
comment = queries[Backend.getIdentifiedDbms()].comment.query comment = queries[Backend.getIdentifiedDbms()].comment.query
query = agent.prefixQuery("; %s" % expressionUnescaped) query = agent.prefixQuery("; %s" % expressionUnescaped)
@ -79,6 +84,7 @@ def dnsUse(payload, expression):
forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3))) forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))
Request.queryPage(forgedPayload, content=False, noteResponseTime=False, raise404=False) Request.queryPage(forgedPayload, content=False, noteResponseTime=False, raise404=False)
conf.timeSec = popValue()
_ = conf.dnsServer.pop(prefix, suffix) _ = conf.dnsServer.pop(prefix, suffix)