mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-22 19:54:55 +03:00 
			
		
		
		
	Fixes #3948
This commit is contained in:
		
							parent
							
								
									9fd4a4f0d1
								
							
						
					
					
						commit
						aed137ad80
					
				|  | @ -31,6 +31,7 @@ from lib.core.common import getSafeExString | ||||||
| from lib.core.common import hashDBRetrieve | from lib.core.common import hashDBRetrieve | ||||||
| from lib.core.common import hashDBWrite | from lib.core.common import hashDBWrite | ||||||
| from lib.core.common import intersect | from lib.core.common import intersect | ||||||
|  | from lib.core.common import isDigit | ||||||
| from lib.core.common import isListLike | from lib.core.common import isListLike | ||||||
| from lib.core.common import parseTargetUrl | from lib.core.common import parseTargetUrl | ||||||
| from lib.core.common import popValue | from lib.core.common import popValue | ||||||
|  | @ -129,7 +130,7 @@ def _selectInjection(): | ||||||
|         message += "[q] Quit" |         message += "[q] Quit" | ||||||
|         choice = readInput(message, default='0').upper() |         choice = readInput(message, default='0').upper() | ||||||
| 
 | 
 | ||||||
|         if choice.isdigit() and int(choice) < len(kb.injections) and int(choice) >= 0: |         if isDigit(choice) and int(choice) < len(kb.injections) and int(choice) >= 0: | ||||||
|             index = int(choice) |             index = int(choice) | ||||||
|         elif choice == 'Q': |         elif choice == 'Q': | ||||||
|             raise SqlmapUserQuitException |             raise SqlmapUserQuitException | ||||||
|  |  | ||||||
|  | @ -1245,6 +1245,22 @@ def isZipFile(filename): | ||||||
| 
 | 
 | ||||||
|     return openFile(filename, "rb", encoding=None).read(len(ZIP_HEADER)) == ZIP_HEADER |     return openFile(filename, "rb", encoding=None).read(len(ZIP_HEADER)) == ZIP_HEADER | ||||||
| 
 | 
 | ||||||
|  | def isDigit(value): | ||||||
|  |     """ | ||||||
|  |     Checks if provided (string) value consists of digits (Note: Python's isdigit() is problematic) | ||||||
|  | 
 | ||||||
|  |     >>> u'\xb2'.isdigit() | ||||||
|  |     True | ||||||
|  |     >>> isDigit(u'\xb2') | ||||||
|  |     False | ||||||
|  |     >>> isDigit('123456') | ||||||
|  |     True | ||||||
|  |     >>> isDigit('3b3') | ||||||
|  |     False | ||||||
|  |     """ | ||||||
|  | 
 | ||||||
|  |     return re.search(r"\A[0-9]+\Z", value or "") is not None | ||||||
|  | 
 | ||||||
| def checkFile(filename, raiseOnError=True): | def checkFile(filename, raiseOnError=True): | ||||||
|     """ |     """ | ||||||
|     Checks for file existence and readability |     Checks for file existence and readability | ||||||
|  |  | ||||||
|  | @ -20,6 +20,7 @@ import thirdparty.chardet.universaldetector | ||||||
| 
 | 
 | ||||||
| from lib.core.common import filterNone | from lib.core.common import filterNone | ||||||
| from lib.core.common import getSafeExString | from lib.core.common import getSafeExString | ||||||
|  | from lib.core.common import isDigit | ||||||
| from lib.core.common import isListLike | from lib.core.common import isListLike | ||||||
| from lib.core.common import readInput | from lib.core.common import readInput | ||||||
| from lib.core.common import shellExec | from lib.core.common import shellExec | ||||||
|  | @ -62,6 +63,7 @@ def resolveCrossReferences(): | ||||||
|     Place for cross-reference resolution |     Place for cross-reference resolution | ||||||
|     """ |     """ | ||||||
| 
 | 
 | ||||||
|  |     lib.core.threads.isDigit = isDigit | ||||||
|     lib.core.threads.readInput = readInput |     lib.core.threads.readInput = readInput | ||||||
|     lib.core.common.getPageTemplate = getPageTemplate |     lib.core.common.getPageTemplate = getPageTemplate | ||||||
|     lib.core.convert.filterNone = filterNone |     lib.core.convert.filterNone = filterNone | ||||||
|  |  | ||||||
|  | @ -18,7 +18,7 @@ from lib.core.enums import OS | ||||||
| from thirdparty.six import unichr as _unichr | from thirdparty.six import unichr as _unichr | ||||||
| 
 | 
 | ||||||
| # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | ||||||
| VERSION = "1.3.10.6" | VERSION = "1.3.10.7" | ||||||
| TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | ||||||
| TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | ||||||
| VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | ||||||
|  |  | ||||||
|  | @ -73,6 +73,10 @@ def readInput(message, default=None, checkBatch=True, boolean=False): | ||||||
|     # It will be overwritten by original from lib.core.common |     # It will be overwritten by original from lib.core.common | ||||||
|     pass |     pass | ||||||
| 
 | 
 | ||||||
|  | def isDigit(value): | ||||||
|  |     # It will be overwritten by original from lib.core.common | ||||||
|  |     pass | ||||||
|  | 
 | ||||||
| def getCurrentThreadData(): | def getCurrentThreadData(): | ||||||
|     """ |     """ | ||||||
|     Returns current thread's local data |     Returns current thread's local data | ||||||
|  | @ -125,10 +129,12 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio | ||||||
|             choice = readInput(message, default=str(numThreads)) |             choice = readInput(message, default=str(numThreads)) | ||||||
|             if choice: |             if choice: | ||||||
|                 skipThreadCheck = False |                 skipThreadCheck = False | ||||||
|  | 
 | ||||||
|                 if choice.endswith('!'): |                 if choice.endswith('!'): | ||||||
|                     choice = choice[:-1] |                     choice = choice[:-1] | ||||||
|                     skipThreadCheck = True |                     skipThreadCheck = True | ||||||
|                 if choice.isdigit(): | 
 | ||||||
|  |                 if isDigit(choice): | ||||||
|                     if int(choice) > MAX_NUMBER_OF_THREADS and not skipThreadCheck: |                     if int(choice) > MAX_NUMBER_OF_THREADS and not skipThreadCheck: | ||||||
|                         errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS |                         errMsg = "maximum number of used threads is %d avoiding potential connection issues" % MAX_NUMBER_OF_THREADS | ||||||
|                         logger.critical(errMsg) |                         logger.critical(errMsg) | ||||||
|  |  | ||||||
|  | @ -24,6 +24,7 @@ from lib.core.common import getTechniqueData | ||||||
| from lib.core.common import hashDBRetrieve | from lib.core.common import hashDBRetrieve | ||||||
| from lib.core.common import hashDBWrite | from lib.core.common import hashDBWrite | ||||||
| from lib.core.common import initTechnique | from lib.core.common import initTechnique | ||||||
|  | from lib.core.common import isDigit | ||||||
| from lib.core.common import isNoneValue | from lib.core.common import isNoneValue | ||||||
| from lib.core.common import isNumPosStrValue | from lib.core.common import isNumPosStrValue | ||||||
| from lib.core.common import isTechniqueAvailable | from lib.core.common import isTechniqueAvailable | ||||||
|  | @ -235,7 +236,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char | ||||||
|                             elif choice == 'Q': |                             elif choice == 'Q': | ||||||
|                                 raise SqlmapUserQuitException |                                 raise SqlmapUserQuitException | ||||||
| 
 | 
 | ||||||
|                             elif choice.isdigit() and int(choice) > 0 and int(choice) <= count: |                             elif isDigit(choice) and int(choice) > 0 and int(choice) <= count: | ||||||
|                                 stopLimit = int(choice) |                                 stopLimit = int(choice) | ||||||
| 
 | 
 | ||||||
|                                 infoMsg = "sqlmap is now going to retrieve the " |                                 infoMsg = "sqlmap is now going to retrieve the " | ||||||
|  | @ -246,7 +247,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char | ||||||
|                                 message = "how many? " |                                 message = "how many? " | ||||||
|                                 stopLimit = readInput(message, default="10") |                                 stopLimit = readInput(message, default="10") | ||||||
| 
 | 
 | ||||||
|                                 if not stopLimit.isdigit(): |                                 if not isDigit(stopLimit): | ||||||
|                                     errMsg = "invalid choice" |                                     errMsg = "invalid choice" | ||||||
|                                     logger.error(errMsg) |                                     logger.error(errMsg) | ||||||
| 
 | 
 | ||||||
|  | @ -261,7 +262,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char | ||||||
| 
 | 
 | ||||||
|                                 return None |                                 return None | ||||||
| 
 | 
 | ||||||
|                     elif count and not count.isdigit(): |                     elif count and not isDigit(count): | ||||||
|                         warnMsg = "it was not possible to count the number " |                         warnMsg = "it was not possible to count the number " | ||||||
|                         warnMsg += "of entries for the SQL query provided. " |                         warnMsg += "of entries for the SQL query provided. " | ||||||
|                         warnMsg += "sqlmap will assume that it returns only " |                         warnMsg += "sqlmap will assume that it returns only " | ||||||
|  |  | ||||||
|  | @ -23,6 +23,7 @@ from lib.core.common import dataToStdout | ||||||
| from lib.core.common import Backend | from lib.core.common import Backend | ||||||
| from lib.core.common import getLocalIP | from lib.core.common import getLocalIP | ||||||
| from lib.core.common import getRemoteIP | from lib.core.common import getRemoteIP | ||||||
|  | from lib.core.common import isDigit | ||||||
| from lib.core.common import normalizePath | from lib.core.common import normalizePath | ||||||
| from lib.core.common import ntToPosixSlashes | from lib.core.common import ntToPosixSlashes | ||||||
| from lib.core.common import pollProcess | from lib.core.common import pollProcess | ||||||
|  | @ -154,7 +155,7 @@ class Metasploit(object): | ||||||
| 
 | 
 | ||||||
|         choice = readInput(message, default="%d" % default) |         choice = readInput(message, default="%d" % default) | ||||||
| 
 | 
 | ||||||
|         if not choice or not choice.isdigit() or int(choice) > maxValue or int(choice) < 1: |         if not choice or not isDigit(choice) or int(choice) > maxValue or int(choice) < 1: | ||||||
|             choice = default |             choice = default | ||||||
| 
 | 
 | ||||||
|         choice = int(choice) |         choice = int(choice) | ||||||
|  | @ -241,7 +242,7 @@ class Metasploit(object): | ||||||
|                         elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): |                         elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")): | ||||||
|                             break |                             break | ||||||
| 
 | 
 | ||||||
|                     elif not choice.isdigit(): |                     elif not isDigit(choice): | ||||||
|                         logger.warn("invalid value, only digits are allowed") |                         logger.warn("invalid value, only digits are allowed") | ||||||
| 
 | 
 | ||||||
|                     elif int(choice) < 1 or int(choice) > 2: |                     elif int(choice) < 1 or int(choice) > 2: | ||||||
|  |  | ||||||
|  | @ -11,6 +11,7 @@ from lib.core.agent import agent | ||||||
| from lib.core.common import Backend | from lib.core.common import Backend | ||||||
| from lib.core.common import checkFile | from lib.core.common import checkFile | ||||||
| from lib.core.common import dataToStdout | from lib.core.common import dataToStdout | ||||||
|  | from lib.core.common import isDigit | ||||||
| from lib.core.common import isStackingAvailable | from lib.core.common import isStackingAvailable | ||||||
| from lib.core.common import readInput | from lib.core.common import readInput | ||||||
| from lib.core.common import unArrayizeValue | from lib.core.common import unArrayizeValue | ||||||
|  | @ -339,11 +340,9 @@ class UDF(object): | ||||||
| 
 | 
 | ||||||
|                 if choice == 'Q': |                 if choice == 'Q': | ||||||
|                     break |                     break | ||||||
|                 elif hasattr(choice, "isdigit") and choice.isdigit() and int(choice) > 0 and int(choice) <= len(udfList): |                 elif isDigit(choice) and int(choice) > 0 and int(choice) <= len(udfList): | ||||||
|                     choice = int(choice) |                     choice = int(choice) | ||||||
|                     break |                     break | ||||||
|                 elif isinstance(choice, int) and choice > 0 and choice <= len(udfList): |  | ||||||
|                     break |  | ||||||
|                 else: |                 else: | ||||||
|                     warnMsg = "invalid value, only digits >= 1 and " |                     warnMsg = "invalid value, only digits >= 1 and " | ||||||
|                     warnMsg += "<= %d are allowed" % len(udfList) |                     warnMsg += "<= %d are allowed" % len(udfList) | ||||||
|  |  | ||||||
|  | @ -22,6 +22,7 @@ from lib.core.common import getPublicTypeMembers | ||||||
| from lib.core.common import getSQLSnippet | from lib.core.common import getSQLSnippet | ||||||
| from lib.core.common import getTechnique | from lib.core.common import getTechnique | ||||||
| from lib.core.common import getTechniqueData | from lib.core.common import getTechniqueData | ||||||
|  | from lib.core.common import isDigit | ||||||
| from lib.core.common import isTechniqueAvailable | from lib.core.common import isTechniqueAvailable | ||||||
| from lib.core.common import isWindowsDriveLetterPath | from lib.core.common import isWindowsDriveLetterPath | ||||||
| from lib.core.common import normalizePath | from lib.core.common import normalizePath | ||||||
|  | @ -200,7 +201,7 @@ class Web(object): | ||||||
|         while True: |         while True: | ||||||
|             choice = readInput(message, default=str(default)) |             choice = readInput(message, default=str(default)) | ||||||
| 
 | 
 | ||||||
|             if not choice.isdigit(): |             if not isDigit(choice): | ||||||
|                 logger.warn("invalid value, only digits are allowed") |                 logger.warn("invalid value, only digits are allowed") | ||||||
| 
 | 
 | ||||||
|             elif int(choice) < 1 or int(choice) > len(choices): |             elif int(choice) < 1 or int(choice) > len(choices): | ||||||
|  |  | ||||||
|  | @ -9,6 +9,7 @@ import os | ||||||
| 
 | 
 | ||||||
| from lib.core.common import Backend | from lib.core.common import Backend | ||||||
| from lib.core.common import getSafeExString | from lib.core.common import getSafeExString | ||||||
|  | from lib.core.common import isDigit | ||||||
| from lib.core.common import isStackingAvailable | from lib.core.common import isStackingAvailable | ||||||
| from lib.core.common import openFile | from lib.core.common import openFile | ||||||
| from lib.core.common import readInput | from lib.core.common import readInput | ||||||
|  | @ -101,7 +102,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry): | ||||||
|             while True: |             while True: | ||||||
|                 tunnel = readInput(msg, default='1') |                 tunnel = readInput(msg, default='1') | ||||||
| 
 | 
 | ||||||
|                 if tunnel.isdigit() and int(tunnel) in (1, 2): |                 if isDigit(tunnel) and int(tunnel) in (1, 2): | ||||||
|                     tunnel = int(tunnel) |                     tunnel = int(tunnel) | ||||||
|                     break |                     break | ||||||
| 
 | 
 | ||||||
|  | @ -172,7 +173,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry): | ||||||
|                     while True: |                     while True: | ||||||
|                         choice = readInput(msg, default='1') |                         choice = readInput(msg, default='1') | ||||||
| 
 | 
 | ||||||
|                         if choice.isdigit() and int(choice) in (1, 2): |                         if isDigit(choice) and int(choice) in (1, 2): | ||||||
|                             choice = int(choice) |                             choice = int(choice) | ||||||
|                             break |                             break | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user