From c8bac658f37486a364054bf5c7f561003ca839b5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 28 Jun 2012 18:47:55 +0200 Subject: [PATCH] Fix for Issue #43 --- lib/core/optiondict.py | 3 ++- lib/parse/cmdline.py | 8 ++++++-- lib/techniques/union/use.py | 2 +- plugins/generic/enumeration.py | 2 +- plugins/generic/misc.py | 2 +- sqlmap.conf | 8 ++++++-- 6 files changed, 17 insertions(+), 8 deletions(-) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index af358f06a..f46629e52 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -185,7 +185,8 @@ optDict = { "checkPayload": "boolean", "cleanup": "boolean", "dependencies": "boolean", - "exact": "boolean", + "disableCracking": "boolean", + "disableLike": "boolean", "googlePage": "integer", "mobile": "boolean", "pageRank": "boolean", diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 7c8f22753..6b3c6c657 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -590,9 +590,13 @@ def cmdLineParser(): action="store_true", help="Check for missing sqlmap dependencies") - miscellaneous.add_option("--exact", dest="exact", + miscellaneous.add_option("--disable-cracking", dest="disableCracking", action="store_true", - help="Prefer usage of exactly provided identificator names") + help="Disable password hash cracking mechanism") + + miscellaneous.add_option("--disable-like", dest="disableLike", + action="store_true", + help="Disable LIKE search of identificator names") miscellaneous.add_option("--gpage", dest="googlePage", type="int", help="Use Google dork results from specified page number") diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 539034a84..df26abe15 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -55,7 +55,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False): if retVal is None: check = "(?P%s.*%s)" % (kb.chars.start, kb.chars.stop) - trimcheck = "%s(?P.*?).*?)<" % (kb.chars.start) # Prepare expression with delimiters injExpression = unescaper.unescape(agent.concatQuery(expression, unpack)) diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index d32af5f46..d3b38d231 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -1033,7 +1033,7 @@ class Enumeration: logger.error(errMsg) bruteForce = True - if bruteForce or colList and conf.exact: + if bruteForce or colList and conf.disableLike: resumeAvailable = False for tbl in tblList: diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index d55e70867..4a8f3d6d7 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -169,7 +169,7 @@ class Miscellaneous: message += "[1] as LIKE %s names (default)\n" % what message += "[2] as exact %s names" % what - choice = readInput(message, default='1') if not conf.exact else '2' + choice = readInput(message, default='1') if not conf.disableLike else '2' if not choice or choice == '1': choice = '1' diff --git a/sqlmap.conf b/sqlmap.conf index 87eb8a62a..1fe8a211b 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -632,9 +632,13 @@ cleanup = False # Valid: True or False dependencies = False -# Prefer usage of exactly provided identificator names. +# Disable password hash cracking mechanism. # Valid: True or False -exact = False +disableCracking = False + +# Disable LIKE search of identificator names. +# Valid: True or False +disableLike = False # Use Google dork results from specified page number. # Valid: integer