mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-07 21:33:18 +03:00
Store and resume also UNION char to session file (--union-char)
This commit is contained in:
parent
025361c970
commit
c00ea7f5e5
|
@ -215,7 +215,7 @@ def setTimeBased(place, parameter, payload):
|
||||||
if condition:
|
if condition:
|
||||||
dataToSessionFile("[%s][%s][%s][Time-based blind injection][%s]\n" % (conf.url, place, safeFormatString(conf.parameters[place]), payload))
|
dataToSessionFile("[%s][%s][%s][Time-based blind injection][%s]\n" % (conf.url, place, safeFormatString(conf.parameters[place]), payload))
|
||||||
|
|
||||||
def setUnion(comment=None, count=None, position=None, negative=False, falseCond=False, payload=None):
|
def setUnion(comment=None, count=None, position=None, negative=False, falseCond=False, char=None, payload=None):
|
||||||
"""
|
"""
|
||||||
@param comment: union comment to save in session file
|
@param comment: union comment to save in session file
|
||||||
@type comment: C{str}
|
@type comment: C{str}
|
||||||
|
@ -284,6 +284,16 @@ def setUnion(comment=None, count=None, position=None, negative=False, falseCond=
|
||||||
|
|
||||||
kb.unionFalseCond = True
|
kb.unionFalseCond = True
|
||||||
|
|
||||||
|
if char:
|
||||||
|
condition = (
|
||||||
|
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
|
( not kb.resumedQueries[conf.url].has_key("Union char")
|
||||||
|
) )
|
||||||
|
)
|
||||||
|
|
||||||
|
if condition:
|
||||||
|
dataToSessionFile("[%s][%s][%s][Union char][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), char))
|
||||||
|
|
||||||
if payload:
|
if payload:
|
||||||
condition = (
|
condition = (
|
||||||
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
|
@ -568,6 +578,12 @@ def resumeConfKb(expression, url, value):
|
||||||
logMsg = "resuming union false condition from session file"
|
logMsg = "resuming union false condition from session file"
|
||||||
logger.info(logMsg)
|
logger.info(logMsg)
|
||||||
|
|
||||||
|
elif expression == "Union char" and url == conf.url:
|
||||||
|
conf.uChar = value[:-1]
|
||||||
|
|
||||||
|
logMsg = "resuming union char %s from session file" % conf.uChar
|
||||||
|
logger.info(logMsg)
|
||||||
|
|
||||||
elif expression == "Union payload" and url == conf.url:
|
elif expression == "Union payload" and url == conf.url:
|
||||||
kb.unionTest = value[:-1]
|
kb.unionTest = value[:-1]
|
||||||
|
|
||||||
|
|
|
@ -138,15 +138,16 @@ def unionTest():
|
||||||
infoMsg += "'%s' with %s technique" % (kb.injection.parameter, technique)
|
infoMsg += "'%s' with %s technique" % (kb.injection.parameter, technique)
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
validPayload = None
|
|
||||||
comment = queries[kb.dbms].comment.query
|
comment = queries[kb.dbms].comment.query
|
||||||
|
|
||||||
validPayload = __unionTestByCharBruteforce(comment)
|
validPayload = __unionTestByCharBruteforce(comment)
|
||||||
|
|
||||||
if validPayload:
|
if validPayload:
|
||||||
|
validPayload = agent.removePayloadDelimiters(validPayload, False)
|
||||||
|
setUnion(char=conf.uChar)
|
||||||
setUnion(comment=comment)
|
setUnion(comment=comment)
|
||||||
|
setUnion(payload=validPayload)
|
||||||
|
|
||||||
if isinstance(kb.unionPosition, int):
|
if kb.unionTest is not None:
|
||||||
infoMsg = "the target url is affected by an exploitable "
|
infoMsg = "the target url is affected by an exploitable "
|
||||||
infoMsg += "inband sql injection vulnerability "
|
infoMsg += "inband sql injection vulnerability "
|
||||||
infoMsg += "on parameter '%s' with %d columns" % (kb.injection.parameter, kb.unionCount)
|
infoMsg += "on parameter '%s' with %d columns" % (kb.injection.parameter, kb.unionCount)
|
||||||
|
@ -157,7 +158,4 @@ def unionTest():
|
||||||
infoMsg += "on parameter '%s'" % kb.injection.parameter
|
infoMsg += "on parameter '%s'" % kb.injection.parameter
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
validPayload = agent.removePayloadDelimiters(validPayload, False)
|
|
||||||
setUnion(payload=validPayload)
|
|
||||||
|
|
||||||
return kb.unionTest
|
return kb.unionTest
|
||||||
|
|
Loading…
Reference in New Issue
Block a user