sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-08-04 12:20:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge 7a05ac6e53 into 52a71546d0

Browse Source
This commit is contained in:
ampotos 2013-08-13 09:55:49 -07:00
commit d91f9c47ca
4 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/controller/checks.py
View File

@ -72,11 +72,12 @@ from lib.request.templates import getPageTemplate
from lib.techniques.union.test import unionTest from lib.techniques.union.test import unionTest
from lib.techniques.union.use import configUnion from lib.techniques.union.use import configUnion
def checkSqlInjection(place, parameter, value): def checkSqlInjection(place, parameter, value, targetUrl):
# Store here the details about boundaries and payload used to # Store here the details about boundaries and payload used to
# successfully inject # successfully inject
injection = InjectionDict() injection = InjectionDict()
injection.target = targetUrl
# Localized thread data needed for some methods # Localized thread data needed for some methods
threadData = getCurrentThreadData() threadData = getCurrentThreadData()

24
lib/controller/controller.py
View File

@ -124,7 +124,15 @@ def _selectInjection():
kb.injection = kb.injections[index] kb.injection = kb.injections[index]
def _formatInjection(inj): def _formatInjection(inj):
data = "Place: %s\n" % inj.place if conf.detectAll:
data = 'Url: ' + inj.target + '\n'
else:
data = ""
if conf.detectAll:
data += " "
data += "Place: %s\n" % inj.place
if conf.detectAll:
data += " "
data += "Parameter: %s\n" % inj.parameter data += "Parameter: %s\n" % inj.parameter
for stype, sdata in inj.data.items(): for stype, sdata in inj.data.items():
@ -142,9 +150,17 @@ def _formatInjection(inj):
title = title.replace("columns", "column") title = title.replace("columns", "column")
elif comment: elif comment:
vector = "%s%s" % (vector, comment) vector = "%s%s" % (vector, comment)
if conf.detectAll:
data += " "
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype] data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
if conf.detectAll:
data += " "
data += " Title: %s\n" % title data += " Title: %s\n" % title
if conf.detectAll:
data += " "
data += " Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place == PLACE.POST and kb.postSpaceToPlus)) data += " Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place == PLACE.POST and kb.postSpaceToPlus))
if conf.detectAll:
data += " "
data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n" data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"
return data return data
@ -295,7 +311,7 @@ def start():
kb.skipVulnHost = readInput(message, default="Y").upper() != 'N' kb.skipVulnHost = readInput(message, default="Y").upper() != 'N'
testSqlInj = not kb.skipVulnHost testSqlInj = not kb.skipVulnHost
if not testSqlInj: if not conf.detectAll and not testSqlInj:
infoMsg = "skipping '%s'" % targetUrl infoMsg = "skipping '%s'" % targetUrl
logger.info(infoMsg) logger.info(infoMsg)
continue continue
@ -430,7 +446,7 @@ def start():
testSqlInj = True testSqlInj = True
paramKey = (conf.hostname, conf.path, place, parameter) paramKey = (conf.hostname, conf.path, place, parameter)
if paramKey in kb.testedParams: if paramKey in kb.testedParams and not conf.detectAll:
testSqlInj = False testSqlInj = False
infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter) infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
@ -484,7 +500,7 @@ def start():
infoMsg += "parameter '%s'" % parameter infoMsg += "parameter '%s'" % parameter
logger.info(infoMsg) logger.info(infoMsg)
injection = checkSqlInjection(place, parameter, value) injection = checkSqlInjection(place, parameter, value, targetUrl)
proceed = not kb.endDetection proceed = not kb.endDetection
if injection is not None and injection.place is not None: if injection is not None and injection.place is not None:

1
lib/core/datatype.py
View File

@ -93,6 +93,7 @@ class InjectionDict(AttribDict):
self.prefix = None self.prefix = None
self.suffix = None self.suffix = None
self.clause = None self.clause = None
self.target = None
# data is a dict with various stype, each which is a dict with # data is a dict with various stype, each which is a dict with
# all the information specific for that stype # all the information specific for that stype

5
lib/parse/cmdline.py
View File

@ -287,6 +287,11 @@ def cmdLineParser():
action="store_true", action="store_true",
help="Compare pages based only on their titles") help="Compare pages based only on their titles")
detection.add_option("--detect-all", dest="detectAll",
action="store_true",
help="Test all targets and all parameters even if a SQL injection was discovered")
# Techniques options # Techniques options
techniques = OptionGroup(parser, "Techniques", "These options can be " techniques = OptionGroup(parser, "Techniques", "These options can be "
"used to tweak testing of specific SQL " "used to tweak testing of specific SQL "