From dfc5bc5d874286e19b04ad3d8145ab8d7436b91f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 1 Feb 2021 21:58:36 +0100 Subject: [PATCH] Minor update of testing cases --- extra/vulnserver/vulnserver.py | 4 +++- lib/core/settings.py | 2 +- lib/core/testing.py | 6 +++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py index 458e90bc3..be07f4e7b 100644 --- a/extra/vulnserver/vulnserver.py +++ b/extra/vulnserver/vulnserver.py @@ -140,10 +140,12 @@ class ReqHandler(BaseHTTPRequestHandler): code, output = OK, "" try: - if self.params.get("echo", ""): output += "%s
" % self.params["echo"] + if self.params.get("reflect", ""): + output += "%s
" % self.params.get("id") + with _lock: if "query" in self.params: _cursor.execute(self.params["query"]) diff --git a/lib/core/settings.py b/lib/core/settings.py index ebf0a9440..b630adba3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.2.0" +VERSION = "1.5.2.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 95ce15940..b38160605 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -40,11 +40,11 @@ def vulnTest(): TESTS = ( ("-h", ("to see full list of options run with '-hh'",)), ("--dependencies --deprecations", ("sqlmap requires", "third-party library", "~DeprecationWarning:")), - ("-u --flush-session --wizard", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")), - (u"-c --flush-session --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible")), + ("-u --data='reflect=1' --flush-session --wizard", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")), + (u"-c --flush-session --smart --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible")), (u"-u --flush-session --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=B --no-escape --string=luther --unstable", (u": '\u0161u\u0107uraj'",)), ("--dummy", ("all tested parameters do not appear to be injectable", "does not seem to be injectable", "there is not at least one", "~might be injectable")), - ("-u '&id2=1' -p id2 -v 5 --flush-session --level=5 --test-filter='AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'", ("~1AND",)), + ("-u '&id2=1' -p id2 -v 5 --flush-session --level=5 --text-only --test-filter='AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'", ("~1AND",)), ("--list-tampers", ("between", "MySQL", "xforwardedfor")), ("-r --flush-session -v 5 --test-skip='heavy' --save=", ("CloudFlare", "web application technology: Express", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind", "saved command line options to the configuration file")), ("-c ", ("CloudFlare", "possible DBMS: 'SQLite'", "User-agent: foobar", "~Type: time-based blind")),