sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-07 21:33:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Store and resume also UNION char to session file (--union-char)

Browse Source
This commit is contained in:
Bernardo Damele 2010-12-01 10:59:58 +00:00
parent 025361c970
commit c00ea7f5e5
2 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/core/session.py
View File

@ -215,7 +215,7 @@ def setTimeBased(place, parameter, payload):
if condition: if condition:
dataToSessionFile("[%s][%s][%s][Time-based blind injection][%s]\n" % (conf.url, place, safeFormatString(conf.parameters[place]), payload)) dataToSessionFile("[%s][%s][%s][Time-based blind injection][%s]\n" % (conf.url, place, safeFormatString(conf.parameters[place]), payload))
def setUnion(comment=None, count=None, position=None, negative=False, falseCond=False, payload=None): def setUnion(comment=None, count=None, position=None, negative=False, falseCond=False, char=None, payload=None):
""" """
@param comment: union comment to save in session file @param comment: union comment to save in session file
@type comment: C{str} @type comment: C{str}
@ -284,6 +284,16 @@ def setUnion(comment=None, count=None, position=None, negative=False, falseCond=
kb.unionFalseCond = True kb.unionFalseCond = True
if char:
condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
( not kb.resumedQueries[conf.url].has_key("Union char")
) )
)
if condition:
dataToSessionFile("[%s][%s][%s][Union char][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), char))
if payload: if payload:
condition = ( condition = (
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
@ -568,6 +578,12 @@ def resumeConfKb(expression, url, value):
logMsg = "resuming union false condition from session file" logMsg = "resuming union false condition from session file"
logger.info(logMsg) logger.info(logMsg)
elif expression == "Union char" and url == conf.url:
conf.uChar = value[:-1]
logMsg = "resuming union char %s from session file" % conf.uChar
logger.info(logMsg)
elif expression == "Union payload" and url == conf.url: elif expression == "Union payload" and url == conf.url:
kb.unionTest = value[:-1] kb.unionTest = value[:-1]

10
lib/techniques/inband/union/test.py
View File

@ -138,15 +138,16 @@ def unionTest():
infoMsg += "'%s' with %s technique" % (kb.injection.parameter, technique) infoMsg += "'%s' with %s technique" % (kb.injection.parameter, technique)
logger.info(infoMsg) logger.info(infoMsg)
validPayload = None
comment = queries[kb.dbms].comment.query comment = queries[kb.dbms].comment.query
validPayload = __unionTestByCharBruteforce(comment) validPayload = __unionTestByCharBruteforce(comment)
if validPayload: if validPayload:
validPayload = agent.removePayloadDelimiters(validPayload, False)
setUnion(char=conf.uChar)
setUnion(comment=comment) setUnion(comment=comment)
setUnion(payload=validPayload)
if isinstance(kb.unionPosition, int): if kb.unionTest is not None:
infoMsg = "the target url is affected by an exploitable " infoMsg = "the target url is affected by an exploitable "
infoMsg += "inband sql injection vulnerability " infoMsg += "inband sql injection vulnerability "
infoMsg += "on parameter '%s' with %d columns" % (kb.injection.parameter, kb.unionCount) infoMsg += "on parameter '%s' with %d columns" % (kb.injection.parameter, kb.unionCount)
@ -157,7 +158,4 @@ def unionTest():
infoMsg += "on parameter '%s'" % kb.injection.parameter infoMsg += "on parameter '%s'" % kb.injection.parameter
logger.info(infoMsg) logger.info(infoMsg)
validPayload = agent.removePayloadDelimiters(validPayload, False)
setUnion(payload=validPayload)
return kb.unionTest return kb.unionTest