mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
This commit is contained in:
parent
8d0c2efbe2
commit
e1db2700f0
|
@ -189,32 +189,6 @@ def checkSqlInjection(place, parameter, value):
|
|||
fstPayload = agent.cleanupPayload(test.request.payload, value)
|
||||
fstPayload = unescaper.unescape(fstPayload, dbms=dbms)
|
||||
|
||||
if conf.prefix is not None and conf.suffix is not None:
|
||||
# Create a custom boundary object for user's supplied prefix
|
||||
# and suffix
|
||||
boundary = advancedDict()
|
||||
|
||||
boundary.level = 1
|
||||
boundary.clause = [ 0 ]
|
||||
boundary.where = [ 1, 2, 3 ]
|
||||
boundary.prefix = conf.prefix
|
||||
boundary.suffix = conf.suffix
|
||||
|
||||
if " like" in boundary.suffix.lower():
|
||||
if "'" in boundary.suffix.lower():
|
||||
boundary.ptype = 3
|
||||
elif '"' in boundary.suffix.lower():
|
||||
boundary.ptype = 5
|
||||
elif "'" in boundary.suffix:
|
||||
boundary.ptype = 2
|
||||
elif '"' in boundary.suffix:
|
||||
boundary.ptype = 4
|
||||
else:
|
||||
boundary.ptype = 1
|
||||
|
||||
# Prepend user's provided boundaries to all others boundaries
|
||||
conf.boundaries.insert(0, boundary)
|
||||
|
||||
for boundary in conf.boundaries:
|
||||
injectable = False
|
||||
|
||||
|
@ -287,7 +261,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
# prefix and appending the boundary's suffix to the
|
||||
# test's ' <payload><comment> ' string
|
||||
boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
|
||||
boundPayload = agent.suffixQuery(boundPayload, comment, suffix)
|
||||
boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
|
||||
boundPayload = agent.cleanupPayload(boundPayload, value)
|
||||
reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
|
||||
|
||||
|
@ -307,7 +281,7 @@ def checkSqlInjection(place, parameter, value):
|
|||
# suffix to the test's ' <payload><comment> '
|
||||
# string
|
||||
boundPayload = agent.prefixQuery(sndPayload, prefix, where, clause)
|
||||
boundPayload = agent.suffixQuery(boundPayload, comment, suffix)
|
||||
boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
|
||||
boundPayload = agent.cleanupPayload(boundPayload, value)
|
||||
cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
|
||||
|
||||
|
|
|
@ -139,25 +139,28 @@ class Agent:
|
|||
|
||||
query = None
|
||||
|
||||
# Either if the technique is stacked queries (<stype>) or we are
|
||||
# replacing (<where>) the parameter original value with our
|
||||
# payload, do not put a space after the prefix
|
||||
if kb.technique == PAYLOAD.TECHNIQUE.STACKED:
|
||||
query = kb.injection.prefix
|
||||
elif where == 3 or clause == [2, 3] or clause == [ 2 ] or clause == [ 3 ]:
|
||||
query = prefix
|
||||
elif kb.injection.clause == [2, 3] or kb.injection.clause == [ 2 ] or kb.injection.clause == [ 3 ]:
|
||||
query = kb.injection.prefix
|
||||
elif kb.technique and kb.technique in kb.injection.data:
|
||||
if where is None and kb.technique and kb.technique in kb.injection.data:
|
||||
where = kb.injection.data[kb.technique].where
|
||||
|
||||
if where == 3:
|
||||
query = kb.injection.prefix
|
||||
# If we are replacing (<where>) the parameter original value with
|
||||
# our payload do not prepend with the prefix
|
||||
if where == 3:
|
||||
query = ""
|
||||
|
||||
if query is None:
|
||||
query = kb.injection.prefix or prefix or ''
|
||||
# If the technique is stacked queries (<stype>) do not put a space
|
||||
# after the prefix or it is in GROUP BY / ORDER BY (<clause>)
|
||||
elif kb.technique == PAYLOAD.TECHNIQUE.STACKED:
|
||||
query = kb.injection.prefix
|
||||
elif kb.injection.clause == [2, 3] or kb.injection.clause == [ 2 ] or kb.injection.clause == [ 3 ]:
|
||||
query = kb.injection.prefix
|
||||
elif clause == [2, 3] or clause == [ 2 ] or clause == [ 3 ]:
|
||||
query = prefix
|
||||
|
||||
if not (string and string[0] == ';'):
|
||||
# In any other case prepend with the full prefix
|
||||
else:
|
||||
query = kb.injection.prefix or prefix or ""
|
||||
|
||||
if not (string and string[0] == ";"):
|
||||
query += " "
|
||||
|
||||
query = "%s%s" % (query, string)
|
||||
|
@ -165,7 +168,7 @@ class Agent:
|
|||
|
||||
return query
|
||||
|
||||
def suffixQuery(self, string, comment=None, suffix=None):
|
||||
def suffixQuery(self, string, comment=None, suffix=None, where=None):
|
||||
"""
|
||||
This method appends the DBMS comment to the
|
||||
SQL injection request
|
||||
|
@ -177,10 +180,18 @@ class Agent:
|
|||
if comment is not None:
|
||||
string += comment
|
||||
|
||||
if kb.injection.suffix is None and suffix is not None:
|
||||
string += " %s" % suffix
|
||||
else:
|
||||
if where is None and kb.technique and kb.technique in kb.injection.data:
|
||||
where = kb.injection.data[kb.technique].where
|
||||
|
||||
# If we are replacing (<where>) the parameter original value with
|
||||
# our payload do not append the suffix
|
||||
if where == 3:
|
||||
pass
|
||||
|
||||
elif kb.injection.suffix is not None:
|
||||
string += " %s" % kb.injection.suffix
|
||||
elif suffix is not None:
|
||||
string += " %s" % suffix
|
||||
|
||||
string = self.cleanupPayload(string)
|
||||
|
||||
|
|
|
@ -785,6 +785,32 @@ def __setPrefixSuffix():
|
|||
errMsg += "the payload prefix"
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
|
||||
if conf.prefix is not None and conf.suffix is not None:
|
||||
# Create a custom boundary object for user's supplied prefix
|
||||
# and suffix
|
||||
boundary = advancedDict()
|
||||
|
||||
boundary.level = 1
|
||||
boundary.clause = [ 0 ]
|
||||
boundary.where = [ 1, 2, 3 ]
|
||||
boundary.prefix = conf.prefix
|
||||
boundary.suffix = conf.suffix
|
||||
|
||||
if " like" in boundary.suffix.lower():
|
||||
if "'" in boundary.suffix.lower():
|
||||
boundary.ptype = 3
|
||||
elif '"' in boundary.suffix.lower():
|
||||
boundary.ptype = 5
|
||||
elif "'" in boundary.suffix:
|
||||
boundary.ptype = 2
|
||||
elif '"' in boundary.suffix:
|
||||
boundary.ptype = 4
|
||||
else:
|
||||
boundary.ptype = 1
|
||||
|
||||
# Prepend user's provided boundaries to all others boundaries
|
||||
conf.boundaries.insert(0, boundary)
|
||||
|
||||
def __setHTTPAuthentication():
|
||||
"""
|
||||
Check and set the HTTP(s) authentication method (Basic, Digest, NTLM or Certificate),
|
||||
|
@ -1415,7 +1441,6 @@ def init(inputOptions=advancedDict()):
|
|||
__setHTTPAuthentication()
|
||||
__setHTTPProxy()
|
||||
__setSafeUrl()
|
||||
__setPrefixSuffix()
|
||||
__setGoogleDorking()
|
||||
__urllib2Opener()
|
||||
__findPageForms()
|
||||
|
@ -1428,5 +1453,6 @@ def init(inputOptions=advancedDict()):
|
|||
__setMetasploit()
|
||||
|
||||
loadPayloads()
|
||||
__setPrefixSuffix()
|
||||
update()
|
||||
__loadQueries()
|
||||
|
|
Loading…
Reference in New Issue
Block a user