sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor patches

Browse Source
This commit is contained in:
Miroslav Stampar 2020-11-30 23:33:08 +01:00
parent fa17cfb606
commit c6557e2b45
6 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.4.11.16" VERSION = "1.4.11.17"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

16
lib/request/chunkedhandler.py
View File

@ -6,6 +6,7 @@ See the file 'LICENSE' for copying permission
""" """
from lib.core.data import conf from lib.core.data import conf
from lib.core.enums import HTTP_HEADER
from thirdparty.six.moves import urllib as _urllib from thirdparty.six.moves import urllib as _urllib
class ChunkedHandler(_urllib.request.HTTPHandler): class ChunkedHandler(_urllib.request.HTTPHandler):
@ -20,20 +21,17 @@ class ChunkedHandler(_urllib.request.HTTPHandler):
if request.data is not None: # POST if request.data is not None: # POST
data = request.data data = request.data
if not request.has_header("Content-type"): if not request.has_header(HTTP_HEADER.CONTENT_TYPE):
request.add_unredirected_header( request.add_unredirected_header(HTTP_HEADER.CONTENT_TYPE, "application/x-www-form-urlencoded")
"Content-type", if not request.has_header(HTTP_HEADER.CONTENT_LENGTH) and not conf.chunked:
"application/x-www-form-urlencoded") request.add_unredirected_header(HTTP_HEADER.CONTENT_LENGTH, "%d" % len(data))
if not request.has_header("Content-length") and not conf.chunked:
request.add_unredirected_header(
"Content-length", "%d" % len(data))
sel_host = host sel_host = host
if request.has_proxy(): if request.has_proxy():
sel_host = _urllib.parse.urlsplit(request.get_selector()).netloc sel_host = _urllib.parse.urlsplit(request.get_selector()).netloc
if not request.has_header("Host"): if not request.has_header(HTTP_HEADER.HOST):
request.add_unredirected_header("Host", sel_host) request.add_unredirected_header(HTTP_HEADER.HOST, sel_host)
for name, value in self.parent.addheaders: for name, value in self.parent.addheaders:
name = name.capitalize() name = name.capitalize()
if not request.has_header(name): if not request.has_header(name):

2
lib/request/connect.py
View File

@ -222,7 +222,7 @@ class Connect(object):
try: try:
part = conn.read(MAX_CONNECTION_READ_SIZE) part = conn.read(MAX_CONNECTION_READ_SIZE)
except AssertionError: except AssertionError:
part = "" part = b""
if len(part) == MAX_CONNECTION_READ_SIZE: if len(part) == MAX_CONNECTION_READ_SIZE:
warnMsg = "large response detected. This could take a while" warnMsg = "large response detected. This could take a while"

5
lib/request/direct.py
View File

@ -45,8 +45,9 @@ def direct(query, content=True):
break break
if select: if select:
if not query.upper().startswith("SELECT "): if re.search(r"(?i)\ASELECT ", query) is None:
query = "SELECT %s" % query query = "SELECT %s" % query
if conf.binaryFields: if conf.binaryFields:
for field in conf.binaryFields: for field in conf.binaryFields:
field = field.strip() field = field.strip()
@ -58,7 +59,7 @@ def direct(query, content=True):
output = hashDBRetrieve(query, True, True) output = hashDBRetrieve(query, True, True)
start = time.time() start = time.time()
if not select and "EXEC " not in query.upper(): if not select and re.search(r"(?i)\bEXEC ", query) is None:
timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None) timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query): elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query):
output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None) output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)

7
lib/request/dns.py
View File

@ -76,17 +76,20 @@ class DNSServer(object):
self._check_localhost() self._check_localhost()
self._requests = [] self._requests = []
self._lock = threading.Lock() self._lock = threading.Lock()
try: try:
self._socket = socket._orig_socket(socket.AF_INET, socket.SOCK_DGRAM) self._socket = socket._orig_socket(socket.AF_INET, socket.SOCK_DGRAM)
except AttributeError: except AttributeError:
self._socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) self._socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self._socket.bind(("", 53)) self._socket.bind(("", 53))
self._running = False self._running = False
self._initialized = False self._initialized = False
def _check_localhost(self): def _check_localhost(self):
response = "" response = b""
try: try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("", 53)) s.connect(("", 53))
@ -96,7 +99,7 @@ class DNSServer(object):
pass pass
finally: finally:
if response and b"google" in response: if response and b"google" in response:
raise socket.error("another DNS service already running on *:53") raise socket.error("another DNS service already running on '0.0.0.0:53'")
def pop(self, prefix=None, suffix=None): def pop(self, prefix=None, suffix=None):
""" """

8
lib/request/redirecthandler.py
View File

@ -13,6 +13,7 @@ from lib.core.common import getHostHeader
from lib.core.common import getSafeExString from lib.core.common import getSafeExString
from lib.core.common import logHTTPTraffic from lib.core.common import logHTTPTraffic
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.convert import getBytes
from lib.core.convert import getUnicode from lib.core.convert import getUnicode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -64,8 +65,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
self.redirect_request = self._redirect_request self.redirect_request = self._redirect_request
def _redirect_request(self, req, fp, code, msg, headers, newurl): def _redirect_request(self, req, fp, code, msg, headers, newurl):
newurl = newurl.replace(' ', '%20') return _urllib.request.Request(newurl.replace(' ', '%20'), data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host())
return _urllib.request.Request(newurl, data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host())
def http_error_302(self, req, fp, code, msg, headers): def http_error_302(self, req, fp, code, msg, headers):
start = time.time() start = time.time()
@ -75,7 +75,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
try: try:
content = fp.read(MAX_CONNECTION_TOTAL_SIZE) content = fp.read(MAX_CONNECTION_TOTAL_SIZE)
except: # e.g. IncompleteRead except: # e.g. IncompleteRead
content = "" content = b""
finally: finally:
if content: if content:
try: # try to write it back to the read buffer so we could reuse it in further steps try: # try to write it back to the read buffer so we could reuse it in further steps
@ -163,7 +163,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
retVal = getSafeExString(ex) # Note: pyflakes mistakenly marks 'ex' as undefined (NOTE: tested in both Python2 and Python3) retVal = getSafeExString(ex) # Note: pyflakes mistakenly marks 'ex' as undefined (NOTE: tested in both Python2 and Python3)
except: except:
retVal = "" retVal = ""
return retVal return getBytes(retVal)
result.read = types.MethodType(_, result) result.read = types.MethodType(_, result)