mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 13:14:13 +03:00
fix for that duplicates
This commit is contained in:
Miroslav Stampar
parent
4f7f20b94f
commit
d0df8cdac9
|
|
@ -7,6 +7,8 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
||||||
See the file 'doc/COPYING' for copying permission
|
See the file 'doc/COPYING' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import re
|
||||||
|
|
||||||
from lib.controller.action import action
|
from lib.controller.action import action
|
||||||
from lib.controller.checks import checkSqlInjection
|
from lib.controller.checks import checkSqlInjection
|
||||||
from lib.controller.checks import heuristicCheckSqlInjection
|
from lib.controller.checks import heuristicCheckSqlInjection
|
||||||
|
|
@ -116,6 +118,21 @@ def start():
|
||||||
conf.data = targetData
|
conf.data = targetData
|
||||||
conf.cookie = targetCookie
|
conf.cookie = targetCookie
|
||||||
injData = []
|
injData = []
|
||||||
|
|
||||||
|
initTargetEnv()
|
||||||
|
parseTargetUrl()
|
||||||
|
|
||||||
|
testSqlInj = False
|
||||||
|
if "GET" in conf.parameters:
|
||||||
|
for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters["GET"]):
|
||||||
|
paramKey = (conf.hostname, conf.path, "GET", parameter)
|
||||||
|
if paramKey not in kb.testedParams:
|
||||||
|
testSqlInj = True
|
||||||
|
break
|
||||||
|
if not testSqlInj:
|
||||||
|
infoMsg = "skipping '%s'" % targetUrl
|
||||||
|
logger.info(infoMsg)
|
||||||
|
continue
|
||||||
|
|
||||||
if conf.multipleTargets:
|
if conf.multipleTargets:
|
||||||
hostCount += 1
|
hostCount += 1
|
||||||
|
|
@ -140,8 +157,6 @@ def start():
|
||||||
logMsg = "testing url %s" % targetUrl
|
logMsg = "testing url %s" % targetUrl
|
||||||
logger.info(logMsg)
|
logger.info(logMsg)
|
||||||
|
|
||||||
initTargetEnv()
|
|
||||||
parseTargetUrl()
|
|
||||||
setupTargetEnv()
|
setupTargetEnv()
|
||||||
|
|
||||||
if not checkConnection() or not checkString() or not checkRegexp():
|
if not checkConnection() or not checkString() or not checkRegexp():
|
||||||
|
|
@ -192,23 +207,26 @@ def start():
|
||||||
continue
|
continue
|
||||||
|
|
||||||
paramDict = conf.paramDict[place]
|
paramDict = conf.paramDict[place]
|
||||||
|
|
||||||
for parameter, value in paramDict.items():
|
for parameter, value in paramDict.items():
|
||||||
testSqlInj = True
|
testSqlInj = True
|
||||||
paramKey = (conf.hostname, place, parameter)
|
paramKey = (conf.hostname, conf.path, place, parameter)
|
||||||
|
|
||||||
if paramKey in kb.testedParams:
|
if paramKey in kb.testedParams:
|
||||||
warnMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
|
|
||||||
logger.warn(warnMsg)
|
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
|
|
||||||
|
infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
|
||||||
|
logger.info(infoMsg)
|
||||||
|
|
||||||
# Avoid dinamicity test if the user provided the
|
# Avoid dinamicity test if the user provided the
|
||||||
# parameter manually
|
# parameter manually
|
||||||
elif parameter in conf.testParameter:
|
elif parameter in conf.testParameter:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
elif not checkDynParam(place, parameter, value):
|
elif not checkDynParam(place, parameter, value):
|
||||||
warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
|
warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
|
|
||||||
else:
|
else:
|
||||||
logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
|
logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
|
||||||
logger.info(logMsg)
|
logger.info(logMsg)
|
||||||
|
|
@ -217,6 +235,7 @@ def start():
|
||||||
|
|
||||||
if testSqlInj:
|
if testSqlInj:
|
||||||
heuristicCheckSqlInjection(place, parameter, value)
|
heuristicCheckSqlInjection(place, parameter, value)
|
||||||
|
|
||||||
for parenthesis in range(0, 4):
|
for parenthesis in range(0, 4):
|
||||||
logMsg = "testing sql injection on %s " % place
|
logMsg = "testing sql injection on %s " % place
|
||||||
logMsg += "parameter '%s' with " % parameter
|
logMsg += "parameter '%s' with " % parameter
|
||||||
|
|
@ -227,8 +246,8 @@ def start():
|
||||||
|
|
||||||
if injType:
|
if injType:
|
||||||
injData.append((place, parameter, injType))
|
injData.append((place, parameter, injType))
|
||||||
|
|
||||||
break
|
break
|
||||||
|
|
||||||
else:
|
else:
|
||||||
infoMsg = "%s parameter '%s' is not " % (place, parameter)
|
infoMsg = "%s parameter '%s' is not " % (place, parameter)
|
||||||
infoMsg += "injectable with %d parenthesis" % parenthesis
|
infoMsg += "injectable with %d parenthesis" % parenthesis
|
||||||
|
|
|
||||||
|
|
@ -124,20 +124,26 @@ def __setRequestParams():
|
||||||
def __findPageForms():
|
def __findPageForms():
|
||||||
infoMsg = "searching for forms"
|
infoMsg = "searching for forms"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
response, _ = Request.queryPage(response=True)
|
response, _ = Request.queryPage(response=True)
|
||||||
forms = ParseResponse(response, backwards_compat=False)
|
forms = ParseResponse(response, backwards_compat=False)
|
||||||
|
|
||||||
count = 1
|
count = 1
|
||||||
for form in forms:
|
for form in forms:
|
||||||
request = form.click()
|
request = form.click()
|
||||||
|
|
||||||
url = request.get_full_url()
|
url = request.get_full_url()
|
||||||
method = request.get_method()
|
method = request.get_method()
|
||||||
data = request.get_data() if request.has_data() else None
|
data = request.get_data() if request.has_data() else None
|
||||||
|
|
||||||
message = "(#%d) Do you want to test form '%s' (%s, %s%s) [Y/n] " % (count, form.name, method, url, ", %s" % repr(data) if data else "")
|
message = "(#%d) Do you want to test form '%s' (%s, %s%s) [Y/n] " % (count, form.name, method, url, ", %s" % repr(data) if data else "")
|
||||||
test = readInput(message, default="Y")
|
test = readInput(message, default="Y")
|
||||||
|
|
||||||
if not test or test[0] in ("y", "Y"):
|
if not test or test[0] in ("y", "Y"):
|
||||||
if method == "POST":
|
if method == "POST":
|
||||||
message = " Edit POST data [default: %s]: " % (data if data else "")
|
message = " Edit POST data [default: %s]: " % (data if data else "")
|
||||||
test = readInput(message, default=data)
|
test = readInput(message, default=data)
|
||||||
|
|
||||||
elif method == "GET":
|
elif method == "GET":
|
||||||
if url.find("?") > -1:
|
if url.find("?") > -1:
|
||||||
firstPart = url[:url.find("?")]
|
firstPart = url[:url.find("?")]
|
||||||
|
|
@ -145,7 +151,9 @@ def __findPageForms():
|
||||||
message = " Edit GET data [default: %s]: " % secondPart
|
message = " Edit GET data [default: %s]: " % secondPart
|
||||||
test = readInput(message, default=secondPart)
|
test = readInput(message, default=secondPart)
|
||||||
url = "%s?%s" % (firstPart, test)
|
url = "%s?%s" % (firstPart, test)
|
||||||
|
|
||||||
kb.targetUrls.add((url, method, data, conf.cookie))
|
kb.targetUrls.add((url, method, data, conf.cookie))
|
||||||
|
|
||||||
count +=1
|
count +=1
|
||||||
|
|
||||||
def __setOutputResume():
|
def __setOutputResume():
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user