mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Update of vuln tests
This commit is contained in:
parent
732267876c
commit
c2b929301e
|
@ -102,6 +102,8 @@ class ReqHandler(BaseHTTPRequestHandler):
|
|||
if hasattr(self, "data"):
|
||||
if self.data.startswith('{') and self.data.endswith('}'):
|
||||
params.update(json.loads(self.data))
|
||||
elif self.data.startswith('<') and self.data.endswith('>'):
|
||||
params.update(dict(re.findall(r'name="([^"]+)" value="([^"]*)"', self.data)))
|
||||
else:
|
||||
params.update(parse_qs(self.data))
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
|||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.3.11.7"
|
||||
VERSION = "1.3.11.8"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -61,8 +61,19 @@ def vulnTest():
|
|||
Runs the testing against 'vulnserver'
|
||||
"""
|
||||
|
||||
TESTS = (
|
||||
("--flush-session", ("CloudFlare",)),
|
||||
("--flush-session --data='{\"id\": 1}' --banner", ("Payload: {\"id\"", "banner: '3")),
|
||||
("--flush-session --data='<root><param name=\"id\" value=\"1*\"/></root>' --banner", ("Payload: <root><param name=\"id\" value=\"1", "banner: '3")),
|
||||
("--flush-session --parse-errors --eval=\"id2=2\" --referer=\"localhost\" --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e\"", (": syntax error", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
|
||||
("--banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
|
||||
("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
|
||||
("-z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT 987654321\"", ("length of query output", ": '987654321'",)),
|
||||
("--technique=T --fresh-queries --sql-query=\"SELECT 1234\"", (": '1234'",)),
|
||||
)
|
||||
|
||||
retVal = True
|
||||
count, length = 0, 6
|
||||
count = 0
|
||||
address, port = "127.0.0.10", random.randint(1025, 65535)
|
||||
|
||||
def _thread():
|
||||
|
@ -73,15 +84,7 @@ def vulnTest():
|
|||
thread.daemon = True
|
||||
thread.start()
|
||||
|
||||
for options, checks in (
|
||||
("--flush-session", ("CloudFlare",)),
|
||||
("--flush-session --data='{\"id\": 1}' --banner", ("Payload: {\"id\"", "banner: '3")),
|
||||
("--flush-session --parse-errors --eval=\"id2=2\" --referer=\"localhost\" --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e\"", (": syntax error", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
|
||||
("--banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
|
||||
("--all --tamper=between,randomcase", ("5 entries", "luther", "blisset", "fluffy", "179ad45c6ce2cb97cf1029e212046e81", "NULL", "nameisnull", "testpass")),
|
||||
("-z \"tec=B\" --hex --fresh-queries --threads=4 --sql-query=\"SELECT 987654321\"", ("length of query output", ": '987654321'",)),
|
||||
("--technique=T --fresh-queries --sql-query=\"SELECT 1234\"", (": '1234'",)),
|
||||
):
|
||||
for options, checks in TESTS:
|
||||
cmd = "%s %s -u http://%s:%d/?id=1 --batch %s" % (sys.executable, os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "sqlmap.py")), address, port, options)
|
||||
output = shellExec(cmd)
|
||||
|
||||
|
@ -91,7 +94,7 @@ def vulnTest():
|
|||
retVal = False
|
||||
|
||||
count += 1
|
||||
status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length))
|
||||
status = '%d/%d (%d%%) ' % (count, len(TESTS), round(100.0 * count / len(TESTS)))
|
||||
dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status))
|
||||
|
||||
clearConsoleLine()
|
||||
|
|
Loading…
Reference in New Issue
Block a user