mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
This commit is contained in:
parent
620fa1c8fb
commit
d3e7e89e60
|
@ -36,8 +36,8 @@ class Agent:
|
|||
kb.misc.stop = randomStr(6)
|
||||
|
||||
def payloadDirect(self, query):
|
||||
if query.startswith(" AND "):
|
||||
query = query.replace(" AND ", "SELECT ", 1)
|
||||
if query.startswith("AND "):
|
||||
query = query.replace("AND ", "SELECT ", 1)
|
||||
elif query.startswith(" UNION ALL "):
|
||||
query = query.replace(" UNION ALL ", "", 1)
|
||||
elif query.startswith("; "):
|
||||
|
|
|
@ -318,6 +318,11 @@ class Connect:
|
|||
|
||||
value = agent.replacePayload(value, payload)
|
||||
|
||||
payload = agent.extractPayload(value)
|
||||
if payload:
|
||||
debugMsg = "payload: %s" % payload
|
||||
logger.debug(debugMsg)
|
||||
|
||||
if place == "Cookie" and conf.cookieUrlencode:
|
||||
value = agent.removePayloadDelimiters(value, False)
|
||||
value = urlEncodeCookieValues(value)
|
||||
|
|
|
@ -399,9 +399,6 @@ def goStacked(expression, silent=False):
|
|||
query = agent.prefixQuery("; %s" % expression)
|
||||
query = agent.postfixQuery("%s;%s" % (query, comment))
|
||||
|
||||
debugMsg = "query: %s" % query
|
||||
logger.debug(debugMsg)
|
||||
|
||||
payload = agent.payload(newValue=query)
|
||||
page, _ = Request.queryPage(payload, content=True, silent=silent)
|
||||
|
||||
|
|
|
@ -75,9 +75,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
else:
|
||||
expressionUnescaped = unescaper.unescape(expression)
|
||||
|
||||
debugMsg = "query: %s" % expressionUnescaped
|
||||
logger.debug(debugMsg)
|
||||
|
||||
if length and not isinstance(length, int) and length.isdigit():
|
||||
length = int(length)
|
||||
|
||||
|
|
|
@ -64,9 +64,6 @@ def errorUse(expression, returnPayload=False):
|
|||
|
||||
forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
|
||||
|
||||
debugMsg = "query: %s" % forgedQuery
|
||||
logger.debug(debugMsg)
|
||||
|
||||
payload = agent.payload(newValue=forgedQuery)
|
||||
result = Request.queryPage(payload, content=True)
|
||||
match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
|
||||
|
|
|
@ -197,9 +197,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
|
|||
query = agent.forgeInbandQuery(expression, nullChar=nullChar)
|
||||
payload = agent.payload(newValue=query)
|
||||
|
||||
debugMsg = "query: %s" % query
|
||||
logger.debug(debugMsg)
|
||||
|
||||
# Perform the request
|
||||
resultPage, _ = Request.queryPage(payload, content=True)
|
||||
reqCount += 1
|
||||
|
|
|
@ -45,8 +45,8 @@ def checkForParenthesis():
|
|||
randInt = randomInt()
|
||||
randStr = randomStr()
|
||||
|
||||
query = case.usage.prefix.format % eval(case.usage.prefix.params) +\
|
||||
case.usage.postfix.format % eval(case.usage.postfix.params)
|
||||
query = case.usage.prefix.format % eval(case.usage.prefix.params)
|
||||
query = query[:-1] + case.usage.postfix.format % eval(case.usage.postfix.params)
|
||||
|
||||
payload = agent.payload(newValue=query)
|
||||
result = Request.queryPage(payload)
|
||||
|
|
|
@ -161,14 +161,14 @@ class Fingerprint(GenericFingerprint):
|
|||
logMsg = "testing Microsoft Access"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND VAL(CVAR(1))=1")
|
||||
payload = agent.fullPayload("AND VAL(CVAR(1))=1")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
logMsg = "confirming Microsoft Access"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
|
||||
payload = agent.fullPayload("AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
|
|
|
@ -72,10 +72,10 @@ class Fingerprint(GenericFingerprint):
|
|||
def __sysTablesCheck(self):
|
||||
retVal = None
|
||||
table = (
|
||||
("1.0", [" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
|
||||
("1.5", [" AND NULLIF(%d,%d) IS NULL", " AND EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
|
||||
("2.0", [" AND EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", " AND BIT_LENGTH(%d)>0", " AND CHAR_LENGTH(%d)>0"]),
|
||||
("2.1", [" AND BIN_XOR(%d,%d)=0", " AND PI()>0.%d", " AND RAND()<1.%d", " AND FLOOR(1.%d)>=0"])
|
||||
("1.0", ["AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
|
||||
("1.5", ["AND NULLIF(%d,%d) IS NULL", "AND EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
|
||||
("2.0", ["AND EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "AND BIT_LENGTH(%d)>0", "AND CHAR_LENGTH(%d)>0"]),
|
||||
("2.1", ["AND BIN_XOR(%d,%d)=0", "AND PI()>0.%d", "AND RAND()<1.%d", "AND FLOOR(1.%d)>=0"])
|
||||
)
|
||||
|
||||
for i in xrange(len(table)):
|
||||
|
@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint):
|
|||
def __dialectCheck(self):
|
||||
retVal = None
|
||||
if kb.dbms:
|
||||
payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
|
||||
payload = agent.fullPayload("AND EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
|
||||
result = Request.queryPage(payload)
|
||||
retVal = "dialect 3" if result else "dialect 1"
|
||||
return retVal
|
||||
|
@ -116,14 +116,14 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
randInt = randomInt()
|
||||
|
||||
payload = agent.fullPayload(" AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
|
||||
payload = agent.fullPayload("AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
logMsg = "confirming Firebird"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
|
||||
payload = agent.fullPayload("AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
|
|
|
@ -118,14 +118,14 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
randInt = randomInt()
|
||||
|
||||
payload = agent.fullPayload(" AND NOROUND(%d)=%d" % (randInt, randInt))
|
||||
payload = agent.fullPayload("AND NOROUND(%d)=%d" % (randInt, randInt))
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
logMsg = "confirming SAP MaxDB"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
|
||||
payload = agent.fullPayload("AND MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
|
|
|
@ -90,7 +90,7 @@ class Fingerprint(GenericFingerprint):
|
|||
result = True
|
||||
else:
|
||||
randInt = randomInt()
|
||||
payload = agent.fullPayload(" AND BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt))
|
||||
payload = agent.fullPayload("AND BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt))
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
|
@ -99,10 +99,10 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
for version in (0, 5, 8):
|
||||
randInt = randomInt()
|
||||
query = " AND %d=(SELECT (CASE WHEN (( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d )) THEN %d ELSE %d END))" % (randInt, version, version, randInt, (randInt + 1))
|
||||
query = "AND %d=(SELECT (CASE WHEN (( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d )) THEN %d ELSE %d END))" % (randInt, version, version, randInt, (randInt + 1))
|
||||
|
||||
if conf.direct:
|
||||
query = query.replace(" AND ", "SELECT 1 WHERE ", 1)
|
||||
query = query.replace("AND ", "SELECT 1 WHERE ", 1)
|
||||
|
||||
payload = agent.fullPayload(query)
|
||||
result = Request.queryPage(payload)
|
||||
|
@ -124,7 +124,7 @@ class Fingerprint(GenericFingerprint):
|
|||
break
|
||||
|
||||
else:
|
||||
query = " AND %d=(SELECT (CASE WHEN (SUBSTRING((@@VERSION), 22, 1)=7) THEN %d ELSE %d END))" % (randInt, randInt, (randInt + 1))
|
||||
query = "AND %d=(SELECT (CASE WHEN (SUBSTRING((@@VERSION), 22, 1)=7) THEN %d ELSE %d END))" % (randInt, randInt, (randInt + 1))
|
||||
payload = agent.fullPayload(query)
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
|
|
|
@ -156,14 +156,14 @@ class Fingerprint(GenericFingerprint):
|
|||
logger.info(infoMsg)
|
||||
|
||||
randInt = getUnicode(randomInt(1))
|
||||
payload = agent.fullPayload(" AND CONNECTION_ID()=CONNECTION_ID()")
|
||||
payload = agent.fullPayload("AND CONNECTION_ID()=CONNECTION_ID()")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
infoMsg = "confirming MySQL"
|
||||
logger.info(infoMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND ISNULL(1/0)" if kb.injPlace != "URI" else " AND ISNULL(1 DIV 0)")
|
||||
payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != "URI" else "AND ISNULL(1 DIV 0)")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
|
|
|
@ -80,7 +80,7 @@ class Fingerprint(GenericFingerprint):
|
|||
if conf.direct:
|
||||
result = True
|
||||
else:
|
||||
payload = agent.fullPayload(" AND ROWNUM=ROWNUM")
|
||||
payload = agent.fullPayload("AND ROWNUM=ROWNUM")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
|
@ -92,7 +92,7 @@ class Fingerprint(GenericFingerprint):
|
|||
if conf.direct:
|
||||
result = True
|
||||
else:
|
||||
payload = agent.fullPayload(" AND LENGTH(SYSDATE)=LENGTH(SYSDATE)")
|
||||
payload = agent.fullPayload("AND LENGTH(SYSDATE)=LENGTH(SYSDATE)")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
|
|
|
@ -86,14 +86,14 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
randInt = getUnicode(randomInt(1))
|
||||
|
||||
payload = agent.fullPayload(" AND %s::int=%s" % (randInt, randInt))
|
||||
payload = agent.fullPayload("AND %s::int=%s" % (randInt, randInt))
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
infoMsg = "confirming PostgreSQL"
|
||||
logger.info(infoMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND COALESCE(%s, NULL)=%s" % (randInt, randInt))
|
||||
payload = agent.fullPayload("AND COALESCE(%s, NULL)=%s" % (randInt, randInt))
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
|
|
|
@ -80,14 +80,14 @@ class Fingerprint(GenericFingerprint):
|
|||
logMsg = "testing SQLite"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
|
||||
payload = agent.fullPayload("AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
logMsg = "confirming SQLite"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND SQLITE_VERSION()=SQLITE_VERSION()")
|
||||
payload = agent.fullPayload("AND SQLITE_VERSION()=SQLITE_VERSION()")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
|
|
|
@ -79,14 +79,14 @@ class Fingerprint(GenericFingerprint):
|
|||
if conf.direct:
|
||||
result = True
|
||||
else:
|
||||
payload = agent.fullPayload(" AND tempdb_id()=tempdb_id()")
|
||||
payload = agent.fullPayload("AND tempdb_id()=tempdb_id()")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if result:
|
||||
logMsg = "confirming Sybase"
|
||||
logger.info(logMsg)
|
||||
|
||||
payload = agent.fullPayload(" AND suser_id()=suser_id()")
|
||||
payload = agent.fullPayload("AND suser_id()=suser_id()")
|
||||
result = Request.queryPage(payload)
|
||||
|
||||
if not result:
|
||||
|
@ -104,7 +104,7 @@ class Fingerprint(GenericFingerprint):
|
|||
|
||||
for version in range(12, 16):
|
||||
randInt = randomInt()
|
||||
query = " AND @@VERSION_NUMBER/1000=%d" % version
|
||||
query = "AND @@VERSION_NUMBER/1000=%d" % version
|
||||
payload = agent.fullPayload(query)
|
||||
result = Request.queryPage(payload)
|
||||
if result:
|
||||
|
|
Loading…
Reference in New Issue
Block a user