mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 13:03:50 +03:00
further enum refactoring
This commit is contained in:
parent
862395ced1
commit
d551423379
|
@ -27,6 +27,8 @@ from lib.core.common import readInput
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
|
from lib.core.enums import HTTPMETHOD
|
||||||
|
from lib.core.enums import PLACE
|
||||||
from lib.core.exception import exceptionsTuple
|
from lib.core.exception import exceptionsTuple
|
||||||
from lib.core.exception import sqlmapNotVulnerableException
|
from lib.core.exception import sqlmapNotVulnerableException
|
||||||
from lib.core.exception import sqlmapSilentQuitException
|
from lib.core.exception import sqlmapSilentQuitException
|
||||||
|
@ -126,9 +128,9 @@ def start():
|
||||||
parseTargetUrl()
|
parseTargetUrl()
|
||||||
|
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
if "GET" in conf.parameters:
|
if PLACE.GET in conf.parameters:
|
||||||
for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters["GET"]):
|
for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters[PLACE.GET]):
|
||||||
paramKey = (conf.hostname, conf.path, "GET", parameter)
|
paramKey = (conf.hostname, conf.path, PLACE.GET, parameter)
|
||||||
if paramKey not in kb.testedParams:
|
if paramKey not in kb.testedParams:
|
||||||
testSqlInj = True
|
testSqlInj = True
|
||||||
break
|
break
|
||||||
|
@ -144,7 +146,7 @@ def start():
|
||||||
|
|
||||||
if conf.multipleTargets:
|
if conf.multipleTargets:
|
||||||
hostCount += 1
|
hostCount += 1
|
||||||
message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl)
|
message = "url %d:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
|
||||||
|
|
||||||
if conf.cookie:
|
if conf.cookie:
|
||||||
message += "\nCookie: %s" % conf.cookie
|
message += "\nCookie: %s" % conf.cookie
|
||||||
|
@ -183,7 +185,7 @@ def start():
|
||||||
if cookieStr:
|
if cookieStr:
|
||||||
cookieStr = cookieStr[:-1]
|
cookieStr = cookieStr[:-1]
|
||||||
|
|
||||||
if "Cookie" in conf.parameters:
|
if PLACE.COOKIE in conf.parameters:
|
||||||
message = "you provided an HTTP Cookie header value. "
|
message = "you provided an HTTP Cookie header value. "
|
||||||
message += "The target url provided its own Cookie within "
|
message += "The target url provided its own Cookie within "
|
||||||
message += "the HTTP Set-Cookie header. Do you want to "
|
message += "the HTTP Set-Cookie header. Do you want to "
|
||||||
|
@ -196,11 +198,11 @@ def start():
|
||||||
|
|
||||||
if setCookieAsInjectable:
|
if setCookieAsInjectable:
|
||||||
conf.httpHeaders.append(("Cookie", cookieStr))
|
conf.httpHeaders.append(("Cookie", cookieStr))
|
||||||
conf.parameters["Cookie"] = cookieStr
|
conf.parameters[PLACE.COOKIE] = cookieStr
|
||||||
__paramDict = paramToDict("Cookie", cookieStr)
|
__paramDict = paramToDict(PLACE.COOKIE, cookieStr)
|
||||||
|
|
||||||
if __paramDict:
|
if __paramDict:
|
||||||
conf.paramDict["Cookie"] = __paramDict
|
conf.paramDict[PLACE.COOKIE] = __paramDict
|
||||||
# TODO: consider the following line in __setRequestParams()
|
# TODO: consider the following line in __setRequestParams()
|
||||||
__testableParameters = True
|
__testableParameters = True
|
||||||
|
|
||||||
|
@ -212,7 +214,7 @@ def start():
|
||||||
|
|
||||||
# Do a little prioritization reorder of a testable parameter list
|
# Do a little prioritization reorder of a testable parameter list
|
||||||
parameters = conf.parameters.keys()
|
parameters = conf.parameters.keys()
|
||||||
for place in ('POST', 'GET'):
|
for place in (PLACE.URI, PLACE.POST, PLACE.GET):
|
||||||
if place in parameters:
|
if place in parameters:
|
||||||
parameters.remove(place)
|
parameters.remove(place)
|
||||||
parameters.insert(0, place)
|
parameters.insert(0, place)
|
||||||
|
|
|
@ -33,3 +33,8 @@ class PLACE:
|
||||||
URI = "URI"
|
URI = "URI"
|
||||||
COOKIE = "Cookie"
|
COOKIE = "Cookie"
|
||||||
UA = "User-Agent"
|
UA = "User-Agent"
|
||||||
|
|
||||||
|
class HTTPMETHOD:
|
||||||
|
GET = "GET"
|
||||||
|
POST = "POST"
|
||||||
|
HEAD = "HEAD"
|
|
@ -42,6 +42,7 @@ from lib.core.data import logger
|
||||||
from lib.core.data import paths
|
from lib.core.data import paths
|
||||||
from lib.core.data import queries
|
from lib.core.data import queries
|
||||||
from lib.core.datatype import advancedDict
|
from lib.core.datatype import advancedDict
|
||||||
|
from lib.core.enums import HTTPMETHOD
|
||||||
from lib.core.enums import PRIORITY
|
from lib.core.enums import PRIORITY
|
||||||
from lib.core.exception import sqlmapFilePathException
|
from lib.core.exception import sqlmapFilePathException
|
||||||
from lib.core.exception import sqlmapGenericException
|
from lib.core.exception import sqlmapGenericException
|
||||||
|
@ -780,15 +781,15 @@ def __setHTTPMethod():
|
||||||
if conf.method:
|
if conf.method:
|
||||||
conf.method = conf.method.upper()
|
conf.method = conf.method.upper()
|
||||||
|
|
||||||
if conf.method not in ("GET", "POST"):
|
if conf.method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
|
||||||
warnMsg = "'%s' " % conf.method
|
warnMsg = "'%s' " % conf.method
|
||||||
warnMsg += "is an unsupported HTTP method, "
|
warnMsg += "is an unsupported HTTP method, "
|
||||||
warnMsg += "setting to default method, GET"
|
warnMsg += "setting to default method, %s" % HTTPMETHOD.GET
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
conf.method = "GET"
|
conf.method = HTTPMETHOD.GET
|
||||||
else:
|
else:
|
||||||
conf.method = "GET"
|
conf.method = HTTPMETHOD.GET
|
||||||
|
|
||||||
debugMsg = "setting the HTTP method to %s" % conf.method
|
debugMsg = "setting the HTTP method to %s" % conf.method
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
|
@ -21,6 +21,8 @@ from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.data import paths
|
from lib.core.data import paths
|
||||||
from lib.core.dump import dumper
|
from lib.core.dump import dumper
|
||||||
|
from lib.core.enums import HTTPMETHOD
|
||||||
|
from lib.core.enums import PLACE
|
||||||
from lib.core.exception import sqlmapFilePathException
|
from lib.core.exception import sqlmapFilePathException
|
||||||
from lib.core.exception import sqlmapGenericException
|
from lib.core.exception import sqlmapGenericException
|
||||||
from lib.core.exception import sqlmapSyntaxException
|
from lib.core.exception import sqlmapSyntaxException
|
||||||
|
@ -41,39 +43,39 @@ def __setRequestParams():
|
||||||
__testableParameters = False
|
__testableParameters = False
|
||||||
|
|
||||||
# Perform checks on GET parameters
|
# Perform checks on GET parameters
|
||||||
if conf.parameters.has_key("GET") and conf.parameters["GET"]:
|
if conf.parameters.has_key(PLACE.GET) and conf.parameters[PLACE.GET]:
|
||||||
parameters = conf.parameters["GET"]
|
parameters = conf.parameters[PLACE.GET]
|
||||||
__paramDict = paramToDict("GET", parameters)
|
__paramDict = paramToDict(PLACE.GET, parameters)
|
||||||
|
|
||||||
if __paramDict:
|
if __paramDict:
|
||||||
conf.paramDict["GET"] = __paramDict
|
conf.paramDict[PLACE.GET] = __paramDict
|
||||||
__testableParameters = True
|
__testableParameters = True
|
||||||
|
|
||||||
# Perform checks on POST parameters
|
# Perform checks on POST parameters
|
||||||
if conf.method == "POST" and not conf.data:
|
if conf.method == HTTPMETHOD.POST and not conf.data:
|
||||||
errMsg = "HTTP POST method depends on HTTP data value to be posted"
|
errMsg = "HTTP POST method depends on HTTP data value to be posted"
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
if conf.data:
|
if conf.data:
|
||||||
conf.data = conf.data.replace("\n", " ")
|
conf.data = conf.data.replace("\n", " ")
|
||||||
conf.parameters["POST"] = conf.data
|
conf.parameters[PLACE.POST] = conf.data
|
||||||
|
|
||||||
# Check if POST data is in xml syntax
|
# Check if POST data is in xml syntax
|
||||||
if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
|
if re.match("[\n]*<(\?xml |soap\:|ns).*>", conf.data):
|
||||||
conf.paramDict["POSTxml"] = True
|
conf.paramDict["POSTxml"] = True
|
||||||
__paramDict = paramToDict("POSTxml", conf.data)
|
__paramDict = paramToDict("POSTxml", conf.data)
|
||||||
else:
|
else:
|
||||||
__paramDict = paramToDict("POST", conf.data)
|
__paramDict = paramToDict(PLACE.POST, conf.data)
|
||||||
|
|
||||||
if __paramDict:
|
if __paramDict:
|
||||||
conf.paramDict["POST"] = __paramDict
|
conf.paramDict[PLACE.POST] = __paramDict
|
||||||
__testableParameters = True
|
__testableParameters = True
|
||||||
|
|
||||||
conf.method = "POST"
|
conf.method = HTTPMETHOD.POST
|
||||||
|
|
||||||
if "*" in conf.url:
|
if "*" in conf.url:
|
||||||
conf.parameters["URI"] = conf.url
|
conf.parameters[PLACE.URI] = conf.url
|
||||||
conf.paramDict["URI"] = {}
|
conf.paramDict[PLACE.URI] = {}
|
||||||
parts = conf.url.split("*")
|
parts = conf.url.split("*")
|
||||||
for i in range(len(parts)-1):
|
for i in range(len(parts)-1):
|
||||||
result = str()
|
result = str()
|
||||||
|
@ -81,17 +83,17 @@ def __setRequestParams():
|
||||||
result += parts[j]
|
result += parts[j]
|
||||||
if i == j:
|
if i == j:
|
||||||
result += "*"
|
result += "*"
|
||||||
conf.paramDict["URI"]["#%d*" % (i+1)] = result
|
conf.paramDict[PLACE.URI]["#%d*" % (i+1)] = result
|
||||||
conf.url = conf.url.replace("*", str())
|
conf.url = conf.url.replace("*", str())
|
||||||
__testableParameters = True
|
__testableParameters = True
|
||||||
|
|
||||||
# Perform checks on Cookie parameters
|
# Perform checks on Cookie parameters
|
||||||
if conf.cookie:
|
if conf.cookie:
|
||||||
conf.parameters["Cookie"] = conf.cookie
|
conf.parameters[PLACE.COOKIE] = conf.cookie
|
||||||
__paramDict = paramToDict("Cookie", conf.cookie)
|
__paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
|
||||||
|
|
||||||
if __paramDict:
|
if __paramDict:
|
||||||
conf.paramDict["Cookie"] = __paramDict
|
conf.paramDict[PLACE.COOKIE] = __paramDict
|
||||||
__testableParameters = True
|
__testableParameters = True
|
||||||
|
|
||||||
# Perform checks on User-Agent header value
|
# Perform checks on User-Agent header value
|
||||||
|
@ -99,7 +101,7 @@ def __setRequestParams():
|
||||||
for httpHeader, headerValue in conf.httpHeaders:
|
for httpHeader, headerValue in conf.httpHeaders:
|
||||||
if httpHeader == "User-Agent":
|
if httpHeader == "User-Agent":
|
||||||
# No need for url encoding/decoding the user agent
|
# No need for url encoding/decoding the user agent
|
||||||
conf.parameters["User-Agent"] = headerValue
|
conf.parameters[PLACE.UA] = headerValue
|
||||||
|
|
||||||
condition = not conf.testParameter
|
condition = not conf.testParameter
|
||||||
condition |= "User-Agent" in conf.testParameter
|
condition |= "User-Agent" in conf.testParameter
|
||||||
|
@ -108,7 +110,7 @@ def __setRequestParams():
|
||||||
condition |= "ua" in conf.testParameter
|
condition |= "ua" in conf.testParameter
|
||||||
|
|
||||||
if condition:
|
if condition:
|
||||||
conf.paramDict["User-Agent"] = { "User-Agent": headerValue }
|
conf.paramDict[PLACE.UA] = { PLACE.UA: headerValue }
|
||||||
__testableParameters = True
|
__testableParameters = True
|
||||||
|
|
||||||
if not conf.parameters:
|
if not conf.parameters:
|
||||||
|
@ -140,11 +142,11 @@ def findPageForms():
|
||||||
test = readInput(message, default="Y")
|
test = readInput(message, default="Y")
|
||||||
|
|
||||||
if not test or test[0] in ("y", "Y"):
|
if not test or test[0] in ("y", "Y"):
|
||||||
if method == "POST":
|
if method == HTTPMETHOD.POST:
|
||||||
message = " Edit POST data [default: %s]: " % (data if data else "")
|
message = " Edit POST data [default: %s]: " % (data if data else "")
|
||||||
test = readInput(message, default=data)
|
test = readInput(message, default=data)
|
||||||
|
|
||||||
elif method == "GET":
|
elif method == HTTPMETHOD.GET:
|
||||||
if url.find("?") > -1:
|
if url.find("?") > -1:
|
||||||
firstPart = url[:url.find("?")]
|
firstPart = url[:url.find("?")]
|
||||||
secondPart = url[url.find("?")+1:]
|
secondPart = url[url.find("?")+1:]
|
||||||
|
|
|
@ -26,6 +26,7 @@ from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.common import sanitizeAsciiString
|
from lib.core.common import sanitizeAsciiString
|
||||||
|
from lib.core.enums import HTTPMETHOD
|
||||||
from lib.core.enums import PLACE
|
from lib.core.enums import PLACE
|
||||||
from lib.core.exception import sqlmapConnectionException
|
from lib.core.exception import sqlmapConnectionException
|
||||||
from lib.request.basic import decodePage
|
from lib.request.basic import decodePage
|
||||||
|
@ -114,7 +115,7 @@ class Connect:
|
||||||
url = "%s?%s" % (url, get)
|
url = "%s?%s" % (url, get)
|
||||||
requestMsg += "?%s" % get
|
requestMsg += "?%s" % get
|
||||||
|
|
||||||
if conf.method == "POST":
|
if conf.method == HTTPMETHOD.POST:
|
||||||
if conf.parameters.has_key(PLACE.POST) and not post:
|
if conf.parameters.has_key(PLACE.POST) and not post:
|
||||||
post = conf.parameters[PLACE.POST]
|
post = conf.parameters[PLACE.POST]
|
||||||
|
|
||||||
|
@ -354,7 +355,7 @@ class Connect:
|
||||||
|
|
||||||
if not content and not response and kb.nullConnection:
|
if not content and not response and kb.nullConnection:
|
||||||
if kb.nullConnection == "HEAD":
|
if kb.nullConnection == "HEAD":
|
||||||
method = "HEAD"
|
method = HTTPMETHOD.HEAD
|
||||||
elif kb.nullConnection == "Range":
|
elif kb.nullConnection == "Range":
|
||||||
if not auxHeaders:
|
if not auxHeaders:
|
||||||
auxHeaders = {}
|
auxHeaders = {}
|
||||||
|
|
|
@ -19,6 +19,7 @@ from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
|
from lib.core.enums import PLACE
|
||||||
from lib.core.session import setDbms
|
from lib.core.session import setDbms
|
||||||
from lib.core.settings import MYSQL_ALIASES
|
from lib.core.settings import MYSQL_ALIASES
|
||||||
from lib.request import inject
|
from lib.request import inject
|
||||||
|
@ -163,7 +164,7 @@ class Fingerprint(GenericFingerprint):
|
||||||
infoMsg = "confirming MySQL"
|
infoMsg = "confirming MySQL"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != "URI" else "AND ISNULL(1 DIV 0)")
|
payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != PLACE.URI else "AND ISNULL(1 DIV 0)")
|
||||||
result = Request.queryPage(payload)
|
result = Request.queryPage(payload)
|
||||||
|
|
||||||
if not result:
|
if not result:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user