mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 21:21:03 +03:00 
			
		
		
		
	Minor update for vuln testing
This commit is contained in:
		
							parent
							
								
									bbf7472b42
								
							
						
					
					
						commit
						ba7ab21596
					
				|  | @ -16,6 +16,7 @@ import traceback | ||||||
| 
 | 
 | ||||||
| if sys.version_info >= (3, 0): | if sys.version_info >= (3, 0): | ||||||
|     from http.client import FOUND |     from http.client import FOUND | ||||||
|  |     from http.client import INTERNAL_SERVER_ERROR | ||||||
|     from http.client import NOT_FOUND |     from http.client import NOT_FOUND | ||||||
|     from http.client import OK |     from http.client import OK | ||||||
|     from http.server import BaseHTTPRequestHandler |     from http.server import BaseHTTPRequestHandler | ||||||
|  | @ -27,6 +28,7 @@ else: | ||||||
|     from BaseHTTPServer import BaseHTTPRequestHandler |     from BaseHTTPServer import BaseHTTPRequestHandler | ||||||
|     from BaseHTTPServer import HTTPServer |     from BaseHTTPServer import HTTPServer | ||||||
|     from httplib import FOUND |     from httplib import FOUND | ||||||
|  |     from httplib import INTERNAL_SERVER_ERROR | ||||||
|     from httplib import NOT_FOUND |     from httplib import NOT_FOUND | ||||||
|     from httplib import OK |     from httplib import OK | ||||||
|     from SocketServer import ThreadingMixIn |     from SocketServer import ThreadingMixIn | ||||||
|  | @ -85,6 +87,13 @@ class ReqHandler(BaseHTTPRequestHandler): | ||||||
|         if query: |         if query: | ||||||
|             params.update(parse_qs(query)) |             params.update(parse_qs(query)) | ||||||
| 
 | 
 | ||||||
|  |             if "<script>" in unquote_plus(query): | ||||||
|  |                 self.send_response(INTERNAL_SERVER_ERROR) | ||||||
|  |                 self.send_header("Connection", "close") | ||||||
|  |                 self.end_headers() | ||||||
|  |                 self.wfile.write("CLOUDFLARE_ERROR_500S_BOX".encode("utf8")) | ||||||
|  |                 return | ||||||
|  | 
 | ||||||
|         if hasattr(self, "data"): |         if hasattr(self, "data"): | ||||||
|             params.update(parse_qs(self.data)) |             params.update(parse_qs(self.data)) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -17,7 +17,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME | ||||||
| from lib.core.enums import OS | from lib.core.enums import OS | ||||||
| 
 | 
 | ||||||
| # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | # sqlmap version (<major>.<minor>.<month>.<monthly commit>) | ||||||
| VERSION = "1.3.4.36" | VERSION = "1.3.4.37" | ||||||
| TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" | ||||||
| TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} | ||||||
| VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) | ||||||
|  |  | ||||||
|  | @ -64,7 +64,7 @@ def vulnTest(): | ||||||
|     thread.start() |     thread.start() | ||||||
| 
 | 
 | ||||||
|     for options, checks in ( |     for options, checks in ( | ||||||
|         ("--version", ("1.", "#")), |         ("--identify-waf", ("CloudFlare",)), | ||||||
|         ("--flush-session", ("Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")), |         ("--flush-session", ("Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")), | ||||||
|         ("--banner --schema --dump -T users --binary-fields=surname --where 'id>3'", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")), |         ("--banner --schema --dump -T users --binary-fields=surname --where 'id>3'", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")), | ||||||
|         ("--all", ("5 entries", "luther", "blisset", "fluffy", "ming", "NULL", "nameisnull")), |         ("--all", ("5 entries", "luther", "blisset", "fluffy", "ming", "NULL", "nameisnull")), | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user