mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-16 19:40:37 +03:00
some fixes
This commit is contained in:
parent
16a06117f7
commit
b313a20a3f
|
@ -422,7 +422,7 @@ def filePathToString(filePath):
|
||||||
|
|
||||||
def dataToStdout(data, forceOutput=False):
|
def dataToStdout(data, forceOutput=False):
|
||||||
if not ('threadException' in kb and kb.threadException):
|
if not ('threadException' in kb and kb.threadException):
|
||||||
if forceOutput or (conf.verbose > 0) and not ('disableStdOut' in kb and kb.disableStdOut):
|
if forceOutput or (conf.verbose > 0) and not getCurrentThreadData().disableStdOut:
|
||||||
try:
|
try:
|
||||||
sys.stdout.write(data)
|
sys.stdout.write(data)
|
||||||
sys.stdout.flush()
|
sys.stdout.flush()
|
||||||
|
|
|
@ -1140,7 +1140,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.commonOutputs = None
|
kb.commonOutputs = None
|
||||||
|
|
||||||
kb.data = advancedDict()
|
kb.data = advancedDict()
|
||||||
kb.disableStdOut = False
|
|
||||||
|
|
||||||
# Old style injection flag
|
# Old style injection flag
|
||||||
kb.unionTest = None
|
kb.unionTest = None
|
||||||
|
|
|
@ -17,6 +17,7 @@ class ThreadData():
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
|
self.disableStdOut = False
|
||||||
self.lastErrorPage = None
|
self.lastErrorPage = None
|
||||||
self.lastHTTPError = None
|
self.lastHTTPError = None
|
||||||
self.lastQueryDuration = 0
|
self.lastQueryDuration = 0
|
||||||
|
|
|
@ -14,7 +14,6 @@ from lib.core.agent import agent
|
||||||
from lib.core.common import calculateDeltaSeconds
|
from lib.core.common import calculateDeltaSeconds
|
||||||
from lib.core.common import cleanQuery
|
from lib.core.common import cleanQuery
|
||||||
from lib.core.common import dataToSessionFile
|
from lib.core.common import dataToSessionFile
|
||||||
from lib.core.common import dataToStdout
|
|
||||||
from lib.core.common import expandAsteriskForColumns
|
from lib.core.common import expandAsteriskForColumns
|
||||||
from lib.core.common import getPublicTypeMembers
|
from lib.core.common import getPublicTypeMembers
|
||||||
from lib.core.common import initTechnique
|
from lib.core.common import initTechnique
|
||||||
|
@ -36,6 +35,7 @@ from lib.core.enums import PAYLOAD
|
||||||
from lib.core.exception import sqlmapNotVulnerableException
|
from lib.core.exception import sqlmapNotVulnerableException
|
||||||
from lib.core.settings import MIN_TIME_RESPONSES
|
from lib.core.settings import MIN_TIME_RESPONSES
|
||||||
from lib.core.settings import MAX_TECHNIQUES_PER_VALUE
|
from lib.core.settings import MAX_TECHNIQUES_PER_VALUE
|
||||||
|
from lib.core.threads import getCurrentThreadData
|
||||||
from lib.core.unescaper import unescaper
|
from lib.core.unescaper import unescaper
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
from lib.request.direct import direct
|
from lib.request.direct import direct
|
||||||
|
@ -391,8 +391,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
|
||||||
(if selected).
|
(if selected).
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if suppressOutput:
|
getCurrentThreadData().disableStdOut = suppressOutput
|
||||||
kb.disableStdOut = True
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if conf.direct:
|
if conf.direct:
|
||||||
|
@ -472,8 +471,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
|
||||||
raise sqlmapNotVulnerableException, errMsg
|
raise sqlmapNotVulnerableException, errMsg
|
||||||
|
|
||||||
finally:
|
finally:
|
||||||
if suppressOutput:
|
getCurrentThreadData().disableStdOut = False
|
||||||
kb.disableStdOut = False
|
|
||||||
|
|
||||||
if value and expected == EXPECTED.BOOL:
|
if value and expected == EXPECTED.BOOL:
|
||||||
if isinstance(value, basestring):
|
if isinstance(value, basestring):
|
||||||
|
|
|
@ -12,6 +12,7 @@ import time
|
||||||
|
|
||||||
from lib.core.common import calculateDeltaSeconds
|
from lib.core.common import calculateDeltaSeconds
|
||||||
from lib.core.common import dataToSessionFile
|
from lib.core.common import dataToSessionFile
|
||||||
|
from lib.core.common import dataToStdout
|
||||||
from lib.core.common import safeStringFormat
|
from lib.core.common import safeStringFormat
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.common import replaceNewlineTabs
|
from lib.core.common import replaceNewlineTabs
|
||||||
|
@ -129,7 +130,7 @@ def resume(expression, payload):
|
||||||
else:
|
else:
|
||||||
infoMsg += logValue
|
infoMsg += logValue
|
||||||
|
|
||||||
logger.info(infoMsg)
|
dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg))
|
||||||
|
|
||||||
return resumedValue
|
return resumedValue
|
||||||
|
|
||||||
|
|
|
@ -46,6 +46,7 @@ from lib.core.session import setOs
|
||||||
from lib.core.settings import SQL_STATEMENTS
|
from lib.core.settings import SQL_STATEMENTS
|
||||||
from lib.core.shell import autoCompletion
|
from lib.core.shell import autoCompletion
|
||||||
from lib.core.unescaper import unescaper
|
from lib.core.unescaper import unescaper
|
||||||
|
from lib.core.threads import getCurrentThreadData
|
||||||
from lib.parse.banner import bannerParser
|
from lib.parse.banner import bannerParser
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
@ -309,7 +310,7 @@ class Enumeration:
|
||||||
break
|
break
|
||||||
else:
|
else:
|
||||||
query = rootQuery.blind.query % user
|
query = rootQuery.blind.query % user
|
||||||
kb.disableStdOut = True
|
getCurrentThreadData().disableStdOut = True
|
||||||
elif kb.dbms == DBMS.MSSQL:
|
elif kb.dbms == DBMS.MSSQL:
|
||||||
if kb.dbmsVersion[0] in ( "2005", "2008" ):
|
if kb.dbmsVersion[0] in ( "2005", "2008" ):
|
||||||
query = rootQuery.blind.query2 % (user, index, user)
|
query = rootQuery.blind.query2 % (user, index, user)
|
||||||
|
@ -319,7 +320,7 @@ class Enumeration:
|
||||||
query = rootQuery.blind.query % (user, index)
|
query = rootQuery.blind.query % (user, index)
|
||||||
password = inject.getValue(query, inband=False)
|
password = inject.getValue(query, inband=False)
|
||||||
if kb.dbms == DBMS.SYBASE:
|
if kb.dbms == DBMS.SYBASE:
|
||||||
kb.disableStdOut = False
|
getCurrentThreadData().disableStdOut = False
|
||||||
password = "0x%s" % strToHex(password)
|
password = "0x%s" % strToHex(password)
|
||||||
infoMsg = "retrieved: %s" % password
|
infoMsg = "retrieved: %s" % password
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user