From c2b929301e4c5019cf8a4745c9db9a5567c9e632 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 6 Nov 2019 11:52:50 +0100 Subject: [PATCH] Update of vuln tests --- extra/vulnserver/vulnserver.py | 2 ++ lib/core/settings.py | 2 +- lib/core/testing.py | 25 ++++++++++++++----------- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py index accdaaa84..9f35a8bf2 100644 --- a/extra/vulnserver/vulnserver.py +++ b/extra/vulnserver/vulnserver.py @@ -102,6 +102,8 @@ class ReqHandler(BaseHTTPRequestHandler): if hasattr(self, "data"): if self.data.startswith('{') and self.data.endswith('}'): params.update(json.loads(self.data)) + elif self.data.startswith('<') and self.data.endswith('>'): + params.update(dict(re.findall(r'name="([^"]+)" value="([^"]*)"', self.data))) else: params.update(parse_qs(self.data)) diff --git a/lib/core/settings.py b/lib/core/settings.py index 694e3de1a..756d556b0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.11.7" +VERSION = "1.3.11.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 0f3a6c88e..b5d7d3d8f 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -61,8 +61,19 @@ def vulnTest(): Runs the testing against 'vulnserver' """ + TESTS = ( + ("--flush-session", ("CloudFlare",)), + ("--flush-session --data='{\"id\": 1}' --banner", ("Payload: {\"id\"", "banner: '3")), + ("--flush-session --data='' --banner", ("Payload: 3\"", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")), + ("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")), + ("-z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT 987654321\"", ("length of query output", ": '987654321'",)), + ("--technique=T --fresh-queries --sql-query=\"SELECT 1234\"", (": '1234'",)), + ) + retVal = True - count, length = 0, 6 + count = 0 address, port = "127.0.0.10", random.randint(1025, 65535) def _thread(): @@ -73,15 +84,7 @@ def vulnTest(): thread.daemon = True thread.start() - for options, checks in ( - ("--flush-session", ("CloudFlare",)), - ("--flush-session --data='{\"id\": 1}' --banner", ("Payload: {\"id\"", "banner: '3")), - ("--flush-session --parse-errors --eval=\"id2=2\" --referer=\"localhost\" --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e\"", (": syntax error", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")), - ("--banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")), - ("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")), - ("-z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT 987654321\"", ("length of query output", ": '987654321'",)), - ("--technique=T --fresh-queries --sql-query=\"SELECT 1234\"", (": '1234'",)), - ): + for options, checks in TESTS: cmd = "%s %s -u http://%s:%d/?id=1 --batch %s" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), address, port, options) output = shellExec(cmd) @@ -91,7 +94,7 @@ def vulnTest(): retVal = False count += 1 - status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length)) + status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS))) dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) clearConsoleLine()