sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-04-27 12:23:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor update for vuln testing

Browse Source
This commit is contained in:
Miroslav Stampar 2019-04-29 11:32:01 +02:00
parent bbf7472b42
commit ba7ab21596
3 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
extra/vulnserver/vulnserver.py
View File

@ -16,6 +16,7 @@ import traceback
if sys.version_info >= (3, 0): if sys.version_info >= (3, 0):
from http.client import FOUND from http.client import FOUND
from http.client import INTERNAL_SERVER_ERROR
from http.client import NOT_FOUND from http.client import NOT_FOUND
from http.client import OK from http.client import OK
from http.server import BaseHTTPRequestHandler from http.server import BaseHTTPRequestHandler
@ -27,6 +28,7 @@ else:
from BaseHTTPServer import BaseHTTPRequestHandler from BaseHTTPServer import BaseHTTPRequestHandler
from BaseHTTPServer import HTTPServer from BaseHTTPServer import HTTPServer
from httplib import FOUND from httplib import FOUND
from httplib import INTERNAL_SERVER_ERROR
from httplib import NOT_FOUND from httplib import NOT_FOUND
from httplib import OK from httplib import OK
from SocketServer import ThreadingMixIn from SocketServer import ThreadingMixIn
@ -85,6 +87,13 @@ class ReqHandler(BaseHTTPRequestHandler):
if query: if query:
params.update(parse_qs(query)) params.update(parse_qs(query))
if "<script>" in unquote_plus(query):
self.send_response(INTERNAL_SERVER_ERROR)
self.send_header("Connection", "close")
self.end_headers()
self.wfile.write("CLOUDFLARE_ERROR_500S_BOX".encode("utf8"))
return
if hasattr(self, "data"): if hasattr(self, "data"):
params.update(parse_qs(self.data)) params.update(parse_qs(self.data))

2
lib/core/settings.py
View File

@ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.4.36" VERSION = "1.3.4.37"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

2
lib/core/testing.py
View File

@ -64,7 +64,7 @@ def vulnTest():
thread.start() thread.start()
for options, checks in ( for options, checks in (
("--version", ("1.", "#")), ("--identify-waf", ("CloudFlare",)),
("--flush-session", ("Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")), ("--flush-session", ("Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
("--banner --schema --dump -T users --binary-fields=surname --where 'id>3'", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")), ("--banner --schema --dump -T users --binary-fields=surname --where 'id>3'", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
("--all", ("5 entries", "luther", "blisset", "fluffy", "ming", "NULL", "nameisnull")), ("--all", ("5 entries", "luther", "blisset", "fluffy", "ming", "NULL", "nameisnull")),