mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).
This commit is contained in:
parent
e8c6c01e27
commit
c22338ce90
|
@ -15,12 +15,9 @@ from lib.core.data import kb
|
||||||
from lib.core.data import paths
|
from lib.core.data import paths
|
||||||
from lib.core.exception import sqlmapUnsupportedDBMSException
|
from lib.core.exception import sqlmapUnsupportedDBMSException
|
||||||
from lib.core.settings import SUPPORTED_DBMS
|
from lib.core.settings import SUPPORTED_DBMS
|
||||||
from lib.techniques.blind.timebased import timeTest
|
|
||||||
from lib.techniques.brute.use import columnExists
|
from lib.techniques.brute.use import columnExists
|
||||||
from lib.techniques.brute.use import tableExists
|
from lib.techniques.brute.use import tableExists
|
||||||
from lib.techniques.error.test import errorTest
|
|
||||||
from lib.techniques.inband.union.test import unionTest
|
from lib.techniques.inband.union.test import unionTest
|
||||||
from lib.techniques.outband.stacked import stackedTest
|
|
||||||
|
|
||||||
def action():
|
def action():
|
||||||
"""
|
"""
|
||||||
|
@ -60,15 +57,6 @@ def action():
|
||||||
dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint())
|
dataToStdout("%s\n" % conf.dbmsHandler.getFingerprint())
|
||||||
|
|
||||||
# Techniques options
|
# Techniques options
|
||||||
if conf.stackedTest:
|
|
||||||
conf.dumper.technic("stacked queries injection payload", stackedTest())
|
|
||||||
|
|
||||||
if conf.errorTest:
|
|
||||||
conf.dumper.technic("error-based injection payload", errorTest())
|
|
||||||
|
|
||||||
if conf.timeTest:
|
|
||||||
conf.dumper.technic("time-based blind injection payload", timeTest())
|
|
||||||
|
|
||||||
if conf.unionTest and kb.unionPosition is None:
|
if conf.unionTest and kb.unionPosition is None:
|
||||||
conf.dumper.technic("inband injection payload", unionTest())
|
conf.dumper.technic("inband injection payload", unionTest())
|
||||||
|
|
||||||
|
|
|
@ -75,9 +75,6 @@ optDict = {
|
||||||
},
|
},
|
||||||
|
|
||||||
"Techniques": {
|
"Techniques": {
|
||||||
"errorTest": "boolean",
|
|
||||||
"stackedTest": "boolean",
|
|
||||||
"timeTest": "boolean",
|
|
||||||
"timeSec": "integer",
|
"timeSec": "integer",
|
||||||
"unionTest": "boolean",
|
"unionTest": "boolean",
|
||||||
"uTech": "string",
|
"uTech": "string",
|
||||||
|
|
|
@ -226,19 +226,6 @@ def cmdLineParser():
|
||||||
"the affected parameter(s) rather than using "
|
"the affected parameter(s) rather than using "
|
||||||
"the default blind SQL injection technique.")
|
"the default blind SQL injection technique.")
|
||||||
|
|
||||||
techniques.add_option("--error-test", dest="errorTest",
|
|
||||||
action="store_true", default=False,
|
|
||||||
help="Test for and use error based SQL injection")
|
|
||||||
|
|
||||||
techniques.add_option("--stacked-test", dest="stackedTest",
|
|
||||||
action="store_true", default=False,
|
|
||||||
help="Test for and use stacked queries (multiple "
|
|
||||||
"statements)")
|
|
||||||
|
|
||||||
techniques.add_option("--time-test", dest="timeTest",
|
|
||||||
action="store_true", default=False,
|
|
||||||
help="Test for time based blind SQL injection")
|
|
||||||
|
|
||||||
techniques.add_option("--time-sec", dest="timeSec",
|
techniques.add_option("--time-sec", dest="timeSec",
|
||||||
type="int", default=5,
|
type="int", default=5,
|
||||||
help="Seconds to delay the DBMS response "
|
help="Seconds to delay the DBMS response "
|
||||||
|
|
|
@ -23,8 +23,6 @@ from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||||
from lib.core.exception import sqlmapUserQuitException
|
from lib.core.exception import sqlmapUserQuitException
|
||||||
from lib.core.unescaper import unescaper
|
from lib.core.unescaper import unescaper
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
from lib.techniques.outband.stacked import stackedTest
|
|
||||||
|
|
||||||
|
|
||||||
class UDF:
|
class UDF:
|
||||||
"""
|
"""
|
||||||
|
@ -159,8 +157,6 @@ class UDF:
|
||||||
errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms
|
errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms
|
||||||
raise sqlmapUnsupportedFeatureException(errMsg)
|
raise sqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
if not kb.stackedTest and not conf.direct:
|
if not kb.stackedTest and not conf.direct:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
|
@ -18,61 +18,6 @@ from lib.core.data import logger
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
|
||||||
def timeTest():
|
|
||||||
if kb.timeTest is not None:
|
|
||||||
return kb.timeTest
|
|
||||||
|
|
||||||
infoMsg = "testing time-based blind sql injection on parameter "
|
|
||||||
infoMsg += "'%s' with %s condition syntax" % (kb.injection.parameter, conf.logic)
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
timeQuery = getDelayQuery(andCond=True)
|
|
||||||
query = agent.prefixQuery("AND %s" % timeQuery)
|
|
||||||
query = agent.suffixQuery(query)
|
|
||||||
payload = agent.payload(newValue=query)
|
|
||||||
start = time.time()
|
|
||||||
_ = Request.queryPage(payload)
|
|
||||||
duration = calculateDeltaSeconds(start)
|
|
||||||
|
|
||||||
if duration >= conf.timeSec:
|
|
||||||
infoMsg = "the target url is affected by a time-based blind "
|
|
||||||
infoMsg += "sql injection with AND condition syntax on parameter "
|
|
||||||
infoMsg += "'%s'" % kb.injection.parameter
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
kb.timeTest = agent.removePayloadDelimiters(payload, False)
|
|
||||||
else:
|
|
||||||
warnMsg = "the target url is not affected by a time-based blind "
|
|
||||||
warnMsg += "sql injection with AND condition syntax on parameter "
|
|
||||||
warnMsg += "'%s'" % kb.injection.parameter
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
|
|
||||||
infoMsg = "testing time-based blind sql injection on parameter "
|
|
||||||
infoMsg += "'%s' with stacked queries syntax" % kb.injection.parameter
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
timeQuery = getDelayQuery(andCond=True)
|
|
||||||
start = time.time()
|
|
||||||
payload, _ = inject.goStacked(timeQuery)
|
|
||||||
duration = calculateDeltaSeconds(start)
|
|
||||||
|
|
||||||
if duration >= conf.timeSec:
|
|
||||||
infoMsg = "the target url is affected by a time-based blind sql "
|
|
||||||
infoMsg += "injection with stacked queries syntax on parameter "
|
|
||||||
infoMsg += "'%s'" % kb.injection.parameter
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
kb.timeTest = agent.removePayloadDelimiters(payload, False)
|
|
||||||
else:
|
|
||||||
warnMsg = "the target url is not affected by a time-based blind "
|
|
||||||
warnMsg += "sql injection with stacked queries syntax on parameter "
|
|
||||||
warnMsg += "'%s'" % kb.injection.parameter
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
|
|
||||||
kb.timeTest = False
|
|
||||||
|
|
||||||
return kb.timeTest
|
|
||||||
|
|
||||||
def timeUse(query):
|
def timeUse(query):
|
||||||
start = time.time()
|
start = time.time()
|
||||||
_, _ = inject.goStacked(query)
|
_, _ = inject.goStacked(query)
|
||||||
|
|
|
@ -1,52 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
|
|
||||||
"""
|
|
||||||
$Id$
|
|
||||||
|
|
||||||
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|
||||||
See the file 'doc/COPYING' for copying permission
|
|
||||||
"""
|
|
||||||
|
|
||||||
import time
|
|
||||||
|
|
||||||
from lib.core.agent import agent
|
|
||||||
from lib.core.common import getUnicode
|
|
||||||
from lib.core.common import randomInt
|
|
||||||
from lib.core.data import conf
|
|
||||||
from lib.core.data import kb
|
|
||||||
from lib.core.data import logger
|
|
||||||
from lib.core.data import queries
|
|
||||||
from lib.core.session import setError
|
|
||||||
from lib.request import inject
|
|
||||||
|
|
||||||
def errorTest():
|
|
||||||
if conf.direct:
|
|
||||||
return
|
|
||||||
|
|
||||||
if kb.errorTest is not None:
|
|
||||||
return kb.errorTest
|
|
||||||
|
|
||||||
infoMsg = "testing error-based sql injection on parameter "
|
|
||||||
infoMsg += "'%s' with %s condition syntax" % (kb.injection.parameter, conf.logic)
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
randInt = getUnicode(randomInt(1))
|
|
||||||
query = queries[kb.dbms].case.query % ("%s=%s" % (randInt, randInt))
|
|
||||||
result, usedPayload = inject.goError(query, suppressOutput=True, returnPayload=True)
|
|
||||||
|
|
||||||
if result:
|
|
||||||
infoMsg = "the target url is affected by an error-based sql "
|
|
||||||
infoMsg += "injection on parameter '%s'" % kb.injection.parameter
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
kb.errorTest = agent.removePayloadDelimiters(usedPayload, False)
|
|
||||||
else:
|
|
||||||
warnMsg = "the target url is not affected by an error-based sql "
|
|
||||||
warnMsg += "injection on parameter '%s'" % kb.injection.parameter
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
|
|
||||||
kb.errorTest = False
|
|
||||||
|
|
||||||
setError()
|
|
||||||
|
|
||||||
return kb.errorTest
|
|
|
@ -1,53 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
|
|
||||||
"""
|
|
||||||
$Id$
|
|
||||||
|
|
||||||
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
|
||||||
See the file 'doc/COPYING' for copying permission
|
|
||||||
"""
|
|
||||||
|
|
||||||
import time
|
|
||||||
|
|
||||||
from lib.core.agent import agent
|
|
||||||
from lib.core.common import calculateDeltaSeconds
|
|
||||||
from lib.core.common import getDelayQuery
|
|
||||||
from lib.core.data import conf
|
|
||||||
from lib.core.data import kb
|
|
||||||
from lib.core.data import logger
|
|
||||||
from lib.core.session import setStacked
|
|
||||||
from lib.request import inject
|
|
||||||
|
|
||||||
def stackedTest():
|
|
||||||
if conf.direct:
|
|
||||||
return
|
|
||||||
|
|
||||||
if kb.stackedTest is not None:
|
|
||||||
return kb.stackedTest
|
|
||||||
|
|
||||||
infoMsg = "testing stacked queries sql injection on parameter "
|
|
||||||
infoMsg += "'%s'" % kb.injection.parameter
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
query = getDelayQuery()
|
|
||||||
start = time.time()
|
|
||||||
payload, _ = inject.goStacked(query)
|
|
||||||
duration = calculateDeltaSeconds(start)
|
|
||||||
|
|
||||||
if duration >= conf.timeSec:
|
|
||||||
infoMsg = "the target url is affected by a stacked queries "
|
|
||||||
infoMsg += "sql injection on parameter '%s'" % kb.injection.parameter
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
kb.stackedTest = agent.removePayloadDelimiters(payload, False)
|
|
||||||
else:
|
|
||||||
warnMsg = "the target url is not affected by a stacked queries "
|
|
||||||
warnMsg += "sql injection on parameter '%s'" % kb.injection.parameter
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
|
|
||||||
kb.stackedTest = False
|
|
||||||
|
|
||||||
if kb.stackedTest:
|
|
||||||
setStacked(kb.injection.place, kb.injection.parameter, payload)
|
|
||||||
|
|
||||||
return kb.stackedTest
|
|
|
@ -44,9 +44,7 @@ from lib.request import inject
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
from lib.techniques.brute.use import columnExists
|
from lib.techniques.brute.use import columnExists
|
||||||
from lib.techniques.brute.use import tableExists
|
from lib.techniques.brute.use import tableExists
|
||||||
from lib.techniques.error.test import errorTest
|
|
||||||
from lib.techniques.inband.union.test import unionTest
|
from lib.techniques.inband.union.test import unionTest
|
||||||
from lib.techniques.outband.stacked import stackedTest
|
|
||||||
from lib.utils.hash import dictionaryAttack
|
from lib.utils.hash import dictionaryAttack
|
||||||
|
|
||||||
class Enumeration:
|
class Enumeration:
|
||||||
|
@ -80,9 +78,7 @@ class Enumeration:
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if not kb.data.banner:
|
if not kb.data.banner:
|
||||||
if conf.errorTest:
|
if conf.unionTest:
|
||||||
conf.dumper.technic("error-based injection payload", errorTest())
|
|
||||||
elif conf.unionTest:
|
|
||||||
conf.dumper.technic("inband injection payload", unionTest())
|
conf.dumper.technic("inband injection payload", unionTest())
|
||||||
|
|
||||||
query = queries[kb.dbms].banner.query
|
query = queries[kb.dbms].banner.query
|
||||||
|
@ -1745,9 +1741,6 @@ class Enumeration:
|
||||||
|
|
||||||
return output
|
return output
|
||||||
else:
|
else:
|
||||||
if kb.stackedTest is None:
|
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
if not kb.stackedTest and not conf.direct:
|
if not kb.stackedTest and not conf.direct:
|
||||||
warnMsg = "execution of custom SQL queries is only "
|
warnMsg = "execution of custom SQL queries is only "
|
||||||
warnMsg += "available when stacked queries are supported"
|
warnMsg += "available when stacked queries are supported"
|
||||||
|
|
|
@ -21,7 +21,6 @@ from lib.core.data import logger
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
from lib.core.exception import sqlmapUndefinedMethod
|
from lib.core.exception import sqlmapUndefinedMethod
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
from lib.techniques.outband.stacked import stackedTest
|
|
||||||
|
|
||||||
class Filesystem:
|
class Filesystem:
|
||||||
"""
|
"""
|
||||||
|
@ -253,8 +252,6 @@ class Filesystem:
|
||||||
def readFile(self, rFile):
|
def readFile(self, rFile):
|
||||||
fileContent = None
|
fileContent = None
|
||||||
|
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
self.checkDbmsOs()
|
self.checkDbmsOs()
|
||||||
|
|
||||||
if conf.direct or kb.stackedTest:
|
if conf.direct or kb.stackedTest:
|
||||||
|
@ -295,8 +292,6 @@ class Filesystem:
|
||||||
return rFilePath
|
return rFilePath
|
||||||
|
|
||||||
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
def writeFile(self, wFile, dFile, fileType=None, confirm=True):
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
self.checkDbmsOs()
|
self.checkDbmsOs()
|
||||||
|
|
||||||
if conf.direct or kb.stackedTest:
|
if conf.direct or kb.stackedTest:
|
||||||
|
|
|
@ -23,8 +23,6 @@ from lib.core.exception import sqlmapNoneDataException
|
||||||
from lib.core.exception import sqlmapUnsupportedFeatureException
|
from lib.core.exception import sqlmapUnsupportedFeatureException
|
||||||
from lib.core.session import setRemoteTempPath
|
from lib.core.session import setRemoteTempPath
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
from lib.techniques.outband.stacked import stackedTest
|
|
||||||
|
|
||||||
|
|
||||||
class Miscellaneous:
|
class Miscellaneous:
|
||||||
"""
|
"""
|
||||||
|
@ -96,8 +94,6 @@ class Miscellaneous:
|
||||||
Cleanup database from sqlmap create tables and functions
|
Cleanup database from sqlmap create tables and functions
|
||||||
"""
|
"""
|
||||||
|
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
if not kb.stackedTest and not conf.direct:
|
if not kb.stackedTest and not conf.direct:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,6 @@ from lib.takeover.abstraction import Abstraction
|
||||||
from lib.takeover.icmpsh import ICMPsh
|
from lib.takeover.icmpsh import ICMPsh
|
||||||
from lib.takeover.metasploit import Metasploit
|
from lib.takeover.metasploit import Metasploit
|
||||||
from lib.takeover.registry import Registry
|
from lib.takeover.registry import Registry
|
||||||
from lib.techniques.outband.stacked import stackedTest
|
|
||||||
|
|
||||||
from plugins.generic.misc import Miscellaneous
|
from plugins.generic.misc import Miscellaneous
|
||||||
|
|
||||||
|
@ -41,8 +40,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
||||||
Abstraction.__init__(self)
|
Abstraction.__init__(self)
|
||||||
|
|
||||||
def osCmd(self):
|
def osCmd(self):
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
if kb.stackedTest or conf.direct:
|
if kb.stackedTest or conf.direct:
|
||||||
web = False
|
web = False
|
||||||
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
|
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
|
||||||
|
@ -64,8 +61,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
||||||
self.cleanup()
|
self.cleanup()
|
||||||
|
|
||||||
def osShell(self):
|
def osShell(self):
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
if kb.stackedTest or conf.direct:
|
if kb.stackedTest or conf.direct:
|
||||||
web = False
|
web = False
|
||||||
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
|
elif not kb.stackedTest and kb.dbms == DBMS.MYSQL:
|
||||||
|
@ -89,8 +84,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
||||||
def osPwn(self):
|
def osPwn(self):
|
||||||
goUdf = False
|
goUdf = False
|
||||||
|
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
self.checkDbmsOs()
|
self.checkDbmsOs()
|
||||||
|
|
||||||
msg = "how do you want to establish the tunnel?"
|
msg = "how do you want to establish the tunnel?"
|
||||||
|
@ -251,8 +244,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
||||||
self.cleanup()
|
self.cleanup()
|
||||||
|
|
||||||
def osSmb(self):
|
def osSmb(self):
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
self.checkDbmsOs()
|
self.checkDbmsOs()
|
||||||
|
|
||||||
if kb.os != "Windows":
|
if kb.os != "Windows":
|
||||||
|
@ -303,8 +294,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
||||||
self.smb()
|
self.smb()
|
||||||
|
|
||||||
def osBof(self):
|
def osBof(self):
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
if not kb.stackedTest and not conf.direct:
|
if not kb.stackedTest and not conf.direct:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
@ -331,8 +320,6 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
||||||
raise sqlmapUndefinedMethod, errMsg
|
raise sqlmapUndefinedMethod, errMsg
|
||||||
|
|
||||||
def __regInit(self):
|
def __regInit(self):
|
||||||
stackedTest()
|
|
||||||
|
|
||||||
if not kb.stackedTest and not conf.direct:
|
if not kb.stackedTest and not conf.direct:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
12
sqlmap.conf
12
sqlmap.conf
|
@ -246,18 +246,6 @@ longestCommon = False
|
||||||
# using the default blind SQL injection technique.
|
# using the default blind SQL injection technique.
|
||||||
[Techniques]
|
[Techniques]
|
||||||
|
|
||||||
# Test for and use error based SQL injection.
|
|
||||||
# Valid: True or False
|
|
||||||
errorTest = False
|
|
||||||
|
|
||||||
# Test for and use stacked queries (multiple statements).
|
|
||||||
# Valid: True or False
|
|
||||||
stackedTest = False
|
|
||||||
|
|
||||||
# Test for time based blind SQL injection.
|
|
||||||
# Valid: True or False
|
|
||||||
timeTest = False
|
|
||||||
|
|
||||||
# Seconds to delay the response from the DBMS.
|
# Seconds to delay the response from the DBMS.
|
||||||
# Valid: integer
|
# Valid: integer
|
||||||
# Default: 5
|
# Default: 5
|
||||||
|
|
Loading…
Reference in New Issue
Block a user