From debaf2215fbe261565647969a2e493b7eaa9aecc Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 25 Oct 2010 15:54:45 +0000 Subject: [PATCH] Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch --- lib/controller/action.py | 2 +- lib/parse/cmdline.py | 20 +++++++------------- plugins/generic/enumeration.py | 2 +- sqlmap.conf | 13 ++++++------- 4 files changed, 15 insertions(+), 22 deletions(-) diff --git a/lib/controller/action.py b/lib/controller/action.py index 014d3aa09..0d0eec076 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -64,7 +64,7 @@ def action(): if conf.timeTest: conf.dumper.technic("time based blind sql injection payload", timeTest()) - if ( conf.unionUse or conf.unionTest ) and not kb.unionPosition: + if conf.unionTest and not kb.unionPosition: conf.dumper.technic("valid union", unionTest()) # Enumeration options diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index cde04eecd..8697621be 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -207,14 +207,14 @@ def cmdLineParser(): "the affected parameter(s) rather than using " "the default blind SQL injection technique.") - techniques.add_option("--stacked-test", dest="stackedTest", - action="store_true", default=False, - help="Test for stacked queries (multiple " - "statements) support") - techniques.add_option("--error-test", dest="errorTest", action="store_true", default=False, - help="Test for error based SQL injection support (beta)") + help="Test for and use error based SQL injection") + + techniques.add_option("--stacked-test", dest="stackedTest", + action="store_true", default=False, + help="Test for and use stacked queries (multiple " + "statements)") techniques.add_option("--time-test", dest="timeTest", action="store_true", default=False, @@ -227,17 +227,11 @@ def cmdLineParser(): techniques.add_option("--union-test", dest="unionTest", action="store_true", default=False, - help="Test for UNION query (inband) SQL injection") + help="Test for and use UNION query (inband) SQL injection") techniques.add_option("--union-tech", dest="uTech", help="Technique to test for UNION query SQL injection") - techniques.add_option("--union-use", dest="unionUse", - action="store_true", default=False, - help="Use the UNION query (inband) SQL injection " - "to retrieve the queries output. No " - "need to go blind") - # Fingerprint options fingerprint = OptionGroup(parser, "Fingerprint") diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 3fa56e62a..3a5bc039c 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -73,7 +73,7 @@ class Enumeration: logger.info(infoMsg) if not kb.data.banner: - if conf.unionUse or conf.unionTest: + if conf.unionTest: conf.dumper.technic("valid union", unionTest()) query = queries[kb.dbms].banner.query diff --git a/sqlmap.conf b/sqlmap.conf index da68ded3b..84f06fe8b 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -226,7 +226,11 @@ tamper = # using the default blind SQL injection technique. [Techniques] -# Test for stacked queries (multiple statements) support. +# Test for and use error based SQL injection. +# Valid: True or False +errorTest = False + +# Test for and use stacked queries (multiple statements). # Valid: True or False stackedTest = False @@ -239,7 +243,7 @@ timeTest = False # Default: 5 timeSec = 5 -# Test for UNION query (inband) SQL injection. +# Test for and use UNION query (inband) SQL injection. # Valid: True or False unionTest = False @@ -250,11 +254,6 @@ unionTest = False # Default: NULL uTech = NULL -# Use the UNION query (inband) SQL injection to retrieve the queries -# output. No need to go blind. -# Valid: True or False -unionUse = False - [Fingerprint]