mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Replacing old and deprecated raise Exception style (PEP8)
This commit is contained in:
parent
3a11d36c66
commit
e4a3c015e5
|
@ -51,7 +51,7 @@ def action():
|
||||||
errMsg += ". Support for this DBMS will be implemented at "
|
errMsg += ". Support for this DBMS will be implemented at "
|
||||||
errMsg += "some point"
|
errMsg += "some point"
|
||||||
|
|
||||||
raise SqlmapUnsupportedDBMSException, errMsg
|
raise SqlmapUnsupportedDBMSException(errMsg)
|
||||||
|
|
||||||
conf.dumper.singleString(conf.dbmsHandler.getFingerprint())
|
conf.dumper.singleString(conf.dbmsHandler.getFingerprint())
|
||||||
|
|
||||||
|
|
|
@ -879,7 +879,7 @@ def checkStability():
|
||||||
kb.nullConnection = None
|
kb.nullConnection = None
|
||||||
else:
|
else:
|
||||||
errMsg = "Empty value supplied"
|
errMsg = "Empty value supplied"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
elif test and test[0] in ("r", "R"):
|
elif test and test[0] in ("r", "R"):
|
||||||
message = "please enter value for parameter 'regex': "
|
message = "please enter value for parameter 'regex': "
|
||||||
|
@ -896,7 +896,7 @@ def checkStability():
|
||||||
kb.nullConnection = None
|
kb.nullConnection = None
|
||||||
else:
|
else:
|
||||||
errMsg = "Empty value supplied"
|
errMsg = "Empty value supplied"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
checkDynamicContent(firstPage, secondPage)
|
checkDynamicContent(firstPage, secondPage)
|
||||||
|
@ -1027,7 +1027,7 @@ def checkNullConnection():
|
||||||
|
|
||||||
except SqlmapConnectionException, errMsg:
|
except SqlmapConnectionException, errMsg:
|
||||||
errMsg = getUnicode(errMsg)
|
errMsg = getUnicode(errMsg)
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
|
|
||||||
return kb.nullConnection is not None
|
return kb.nullConnection is not None
|
||||||
|
|
||||||
|
@ -1037,7 +1037,7 @@ def checkConnection(suppressOutput=False):
|
||||||
socket.getaddrinfo(conf.hostname, None)
|
socket.getaddrinfo(conf.hostname, None)
|
||||||
except socket.gaierror:
|
except socket.gaierror:
|
||||||
errMsg = "host '%s' does not exist" % conf.hostname
|
errMsg = "host '%s' does not exist" % conf.hostname
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
|
|
||||||
if not suppressOutput:
|
if not suppressOutput:
|
||||||
infoMsg = "testing connection to the target url"
|
infoMsg = "testing connection to the target url"
|
||||||
|
@ -1051,7 +1051,7 @@ def checkConnection(suppressOutput=False):
|
||||||
|
|
||||||
if not kb.originalPage and wasLastRequestHTTPError():
|
if not kb.originalPage and wasLastRequestHTTPError():
|
||||||
errMsg = "unable to retrieve page content"
|
errMsg = "unable to retrieve page content"
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
elif wasLastRequestDBMSError():
|
elif wasLastRequestDBMSError():
|
||||||
warnMsg = "there is a DBMS error found in the HTTP response body "
|
warnMsg = "there is a DBMS error found in the HTTP response body "
|
||||||
warnMsg += "which could interfere with the results of the tests"
|
warnMsg += "which could interfere with the results of the tests"
|
||||||
|
|
|
@ -117,7 +117,7 @@ def _selectInjection():
|
||||||
raise SqlmapUserQuitException
|
raise SqlmapUserQuitException
|
||||||
else:
|
else:
|
||||||
errMsg = "invalid choice"
|
errMsg = "invalid choice"
|
||||||
raise SqlmapValueException, errMsg
|
raise SqlmapValueException(errMsg)
|
||||||
|
|
||||||
kb.injection = kb.injections[index]
|
kb.injection = kb.injections[index]
|
||||||
|
|
||||||
|
@ -496,7 +496,7 @@ def start():
|
||||||
if kb.vainRun and not conf.multipleTargets:
|
if kb.vainRun and not conf.multipleTargets:
|
||||||
errMsg = "no parameter(s) found for testing in the provided data "
|
errMsg = "no parameter(s) found for testing in the provided data "
|
||||||
errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
|
errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
else:
|
else:
|
||||||
errMsg = "all tested parameters appear to be not injectable."
|
errMsg = "all tested parameters appear to be not injectable."
|
||||||
|
|
||||||
|
@ -544,7 +544,7 @@ def start():
|
||||||
errMsg += "expression that you have choosen "
|
errMsg += "expression that you have choosen "
|
||||||
errMsg += "does not match exclusively True responses"
|
errMsg += "does not match exclusively True responses"
|
||||||
|
|
||||||
raise SqlmapNotVulnerableException, errMsg
|
raise SqlmapNotVulnerableException(errMsg)
|
||||||
else:
|
else:
|
||||||
# Flush the flag
|
# Flush the flag
|
||||||
kb.testMode = False
|
kb.testMode = False
|
||||||
|
|
|
@ -252,7 +252,7 @@ class Agent(object):
|
||||||
else:
|
else:
|
||||||
errMsg = "invalid usage of inference payload without "
|
errMsg = "invalid usage of inference payload without "
|
||||||
errMsg += "knowledge of underlying DBMS"
|
errMsg += "knowledge of underlying DBMS"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
return payload
|
return payload
|
||||||
|
|
||||||
|
|
|
@ -736,7 +736,7 @@ def dataToTrafficFile(data):
|
||||||
except IOError, ex:
|
except IOError, ex:
|
||||||
errMsg = "something went wrong while trying "
|
errMsg = "something went wrong while trying "
|
||||||
errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex)
|
errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex)
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
def dataToDumpFile(dumpFile, data):
|
def dataToDumpFile(dumpFile, data):
|
||||||
dumpFile.write(data)
|
dumpFile.write(data)
|
||||||
|
@ -861,7 +861,7 @@ def checkFile(filename):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if not os.path.isfile(filename):
|
if not os.path.isfile(filename):
|
||||||
raise SqlmapFilePathException, "unable to read file '%s'" % filename
|
raise SqlmapFilePathException("unable to read file '%s'" % filename)
|
||||||
|
|
||||||
def banner():
|
def banner():
|
||||||
"""
|
"""
|
||||||
|
@ -997,7 +997,7 @@ def parseTargetDirect():
|
||||||
errMsg = "invalid target details, valid syntax is for instance "
|
errMsg = "invalid target details, valid syntax is for instance "
|
||||||
errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' "
|
errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' "
|
||||||
errMsg += "or 'access://DATABASE_FILEPATH'"
|
errMsg += "or 'access://DATABASE_FILEPATH'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
for dbmsName, data in DBMS_DICT.items():
|
for dbmsName, data in DBMS_DICT.items():
|
||||||
if conf.dbms in data[0]:
|
if conf.dbms in data[0]:
|
||||||
|
@ -1012,7 +1012,7 @@ def parseTargetDirect():
|
||||||
conf.port = 0
|
conf.port = 0
|
||||||
elif not remote:
|
elif not remote:
|
||||||
errMsg = "missing remote connection details"
|
errMsg = "missing remote connection details"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):
|
if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):
|
||||||
import _mssql
|
import _mssql
|
||||||
|
@ -1022,7 +1022,7 @@ def parseTargetDirect():
|
||||||
errMsg = "'%s' third-party library must be " % data[1]
|
errMsg = "'%s' third-party library must be " % data[1]
|
||||||
errMsg += "version >= 1.0.2 to work properly. "
|
errMsg += "version >= 1.0.2 to work properly. "
|
||||||
errMsg += "Download from '%s'" % data[2]
|
errMsg += "Download from '%s'" % data[2]
|
||||||
raise SqlmapMissingDependence, errMsg
|
raise SqlmapMissingDependence(errMsg)
|
||||||
|
|
||||||
elif dbmsName == DBMS.MYSQL:
|
elif dbmsName == DBMS.MYSQL:
|
||||||
import pymysql
|
import pymysql
|
||||||
|
@ -1040,7 +1040,7 @@ def parseTargetDirect():
|
||||||
errMsg = "sqlmap requires '%s' third-party library " % data[1]
|
errMsg = "sqlmap requires '%s' third-party library " % data[1]
|
||||||
errMsg += "in order to directly connect to the database "
|
errMsg += "in order to directly connect to the database "
|
||||||
errMsg += "%s. Download from '%s'" % (dbmsName, data[2])
|
errMsg += "%s. Download from '%s'" % (dbmsName, data[2])
|
||||||
raise SqlmapMissingDependence, errMsg
|
raise SqlmapMissingDependence(errMsg)
|
||||||
|
|
||||||
def parseTargetUrl():
|
def parseTargetUrl():
|
||||||
"""
|
"""
|
||||||
|
@ -1055,7 +1055,7 @@ def parseTargetUrl():
|
||||||
if re.search("\[.+\]", conf.url) and not socket.has_ipv6:
|
if re.search("\[.+\]", conf.url) and not socket.has_ipv6:
|
||||||
errMsg = "IPv6 addressing is not supported "
|
errMsg = "IPv6 addressing is not supported "
|
||||||
errMsg += "on this platform"
|
errMsg += "on this platform"
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
if not re.search("^http[s]*://", conf.url, re.I):
|
if not re.search("^http[s]*://", conf.url, re.I):
|
||||||
if ":443/" in conf.url:
|
if ":443/" in conf.url:
|
||||||
|
@ -1083,14 +1083,14 @@ def parseTargetUrl():
|
||||||
|
|
||||||
if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))):
|
if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))):
|
||||||
errMsg = "invalid target url"
|
errMsg = "invalid target url"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if len(hostnamePort) == 2:
|
if len(hostnamePort) == 2:
|
||||||
try:
|
try:
|
||||||
conf.port = int(hostnamePort[1])
|
conf.port = int(hostnamePort[1])
|
||||||
except:
|
except:
|
||||||
errMsg = "invalid target url"
|
errMsg = "invalid target url"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
elif conf.scheme == "https":
|
elif conf.scheme == "https":
|
||||||
conf.port = 443
|
conf.port = 443
|
||||||
else:
|
else:
|
||||||
|
@ -1353,7 +1353,7 @@ def safeStringFormat(format_, params):
|
||||||
if count < len(params):
|
if count < len(params):
|
||||||
retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:]
|
retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:]
|
||||||
else:
|
else:
|
||||||
raise SqlmapNoneDataException, "wrong number of parameters during string formatting"
|
raise SqlmapNoneDataException("wrong number of parameters during string formatting")
|
||||||
count += 1
|
count += 1
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
@ -2377,7 +2377,7 @@ def initTechnique(technique=None):
|
||||||
errMsg = "missing data in old session file(s). "
|
errMsg = "missing data in old session file(s). "
|
||||||
errMsg += "Please use '--flush-session' to deal "
|
errMsg += "Please use '--flush-session' to deal "
|
||||||
errMsg += "with this error"
|
errMsg += "with this error"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
def arrayizeValue(value):
|
def arrayizeValue(value):
|
||||||
"""
|
"""
|
||||||
|
@ -2496,7 +2496,7 @@ def openFile(filename, mode='r'):
|
||||||
errMsg += "Please check %s permissions on a file " % ("write" if \
|
errMsg += "Please check %s permissions on a file " % ("write" if \
|
||||||
mode and ('w' in mode or 'a' in mode or '+' in mode) else "read")
|
mode and ('w' in mode or 'a' in mode or '+' in mode) else "read")
|
||||||
errMsg += "and that it's not locked by another process."
|
errMsg += "and that it's not locked by another process."
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
def decodeIntToUnicode(value):
|
def decodeIntToUnicode(value):
|
||||||
"""
|
"""
|
||||||
|
@ -2810,7 +2810,7 @@ def expandMnemonics(mnemonics, parser, args):
|
||||||
|
|
||||||
if pointer in (None, head):
|
if pointer in (None, head):
|
||||||
errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name
|
errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
elif len(pointer.current) > 1:
|
elif len(pointer.current) > 1:
|
||||||
options = {}
|
options = {}
|
||||||
|
@ -2849,7 +2849,7 @@ def expandMnemonics(mnemonics, parser, args):
|
||||||
setattr(args, found.dest, True)
|
setattr(args, found.dest, True)
|
||||||
else:
|
else:
|
||||||
errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type)
|
errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type)
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
def safeCSValue(value):
|
def safeCSValue(value):
|
||||||
"""
|
"""
|
||||||
|
@ -2997,7 +2997,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
|
||||||
if not content:
|
if not content:
|
||||||
errMsg = "can't parse forms as the page content appears to be blank"
|
errMsg = "can't parse forms as the page content appears to be blank"
|
||||||
if raise_:
|
if raise_:
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
else:
|
else:
|
||||||
logger.debug(errMsg)
|
logger.debug(errMsg)
|
||||||
|
|
||||||
|
@ -3017,7 +3017,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
|
||||||
except ParseError:
|
except ParseError:
|
||||||
errMsg = "no success"
|
errMsg = "no success"
|
||||||
if raise_:
|
if raise_:
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
else:
|
else:
|
||||||
logger.debug(errMsg)
|
logger.debug(errMsg)
|
||||||
|
|
||||||
|
@ -3038,7 +3038,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
|
||||||
errMsg = "there has been a problem while "
|
errMsg = "there has been a problem while "
|
||||||
errMsg += "processing page forms ('%s')" % ex
|
errMsg += "processing page forms ('%s')" % ex
|
||||||
if raise_:
|
if raise_:
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
else:
|
else:
|
||||||
logger.debug(errMsg)
|
logger.debug(errMsg)
|
||||||
else:
|
else:
|
||||||
|
@ -3057,7 +3057,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
|
||||||
else:
|
else:
|
||||||
errMsg = "there were no forms found at the given target url"
|
errMsg = "there were no forms found at the given target url"
|
||||||
if raise_:
|
if raise_:
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
else:
|
else:
|
||||||
logger.debug(errMsg)
|
logger.debug(errMsg)
|
||||||
|
|
||||||
|
@ -3105,7 +3105,7 @@ def checkDeprecatedOptions(args):
|
||||||
errMsg = "switch/option '%s' is deprecated" % _
|
errMsg = "switch/option '%s' is deprecated" % _
|
||||||
if _ in DEPRECATED_HINTS:
|
if _ in DEPRECATED_HINTS:
|
||||||
errMsg += " (hint: %s)" % DEPRECATED_HINTS[_]
|
errMsg += " (hint: %s)" % DEPRECATED_HINTS[_]
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
def evaluateCode(code, variables=None):
|
def evaluateCode(code, variables=None):
|
||||||
"""
|
"""
|
||||||
|
@ -3118,7 +3118,7 @@ def evaluateCode(code, variables=None):
|
||||||
raise
|
raise
|
||||||
except Exception, ex:
|
except Exception, ex:
|
||||||
errMsg = "an error occured while evaluating provided code ('%s'). " % ex
|
errMsg = "an error occured while evaluating provided code ('%s'). " % ex
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
def serializeObject(object_):
|
def serializeObject(object_):
|
||||||
"""
|
"""
|
||||||
|
@ -3259,7 +3259,7 @@ def resetCookieJar(cookieJar):
|
||||||
except cookielib.LoadError, msg:
|
except cookielib.LoadError, msg:
|
||||||
errMsg = "there was a problem loading "
|
errMsg = "there was a problem loading "
|
||||||
errMsg += "cookies file ('%s')" % msg
|
errMsg += "cookies file ('%s')" % msg
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
def prioritySortColumns(columns):
|
def prioritySortColumns(columns):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -38,7 +38,7 @@ class AttribDict(dict):
|
||||||
try:
|
try:
|
||||||
return self.__getitem__(item)
|
return self.__getitem__(item)
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise SqlmapDataException, "unable to access item '%s'" % item
|
raise SqlmapDataException("unable to access item '%s'" % item)
|
||||||
|
|
||||||
def __setattr__(self, item, value):
|
def __setattr__(self, item, value):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -70,7 +70,7 @@ class Dump(object):
|
||||||
self._outputFP = codecs.open(self._outputFile, "ab" if not conf.flushSession else "wb", UNICODE_ENCODING)
|
self._outputFP = codecs.open(self._outputFile, "ab" if not conf.flushSession else "wb", UNICODE_ENCODING)
|
||||||
except IOError, ex:
|
except IOError, ex:
|
||||||
errMsg = "error occurred while opening log file ('%s')" % ex
|
errMsg = "error occurred while opening log file ('%s')" % ex
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
def getOutputFile(self):
|
def getOutputFile(self):
|
||||||
return self._outputFile
|
return self._outputFile
|
||||||
|
|
|
@ -388,7 +388,7 @@ def _setMultipleTargets():
|
||||||
|
|
||||||
if not os.path.exists(conf.logFile):
|
if not os.path.exists(conf.logFile):
|
||||||
errMsg = "the specified list of targets does not exist"
|
errMsg = "the specified list of targets does not exist"
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
if os.path.isfile(conf.logFile):
|
if os.path.isfile(conf.logFile):
|
||||||
_feedTargetsDict(conf.logFile, addedTargetUrls)
|
_feedTargetsDict(conf.logFile, addedTargetUrls)
|
||||||
|
@ -406,7 +406,7 @@ def _setMultipleTargets():
|
||||||
else:
|
else:
|
||||||
errMsg = "the specified list of targets is not a file "
|
errMsg = "the specified list of targets is not a file "
|
||||||
errMsg += "nor a directory"
|
errMsg += "nor a directory"
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
updatedTargetsCount = len(kb.targets)
|
updatedTargetsCount = len(kb.targets)
|
||||||
|
|
||||||
|
@ -453,7 +453,7 @@ def _setRequestFromFile():
|
||||||
if not os.path.isfile(conf.requestFile):
|
if not os.path.isfile(conf.requestFile):
|
||||||
errMsg = "the specified HTTP request file "
|
errMsg = "the specified HTTP request file "
|
||||||
errMsg += "does not exist"
|
errMsg += "does not exist"
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
_feedTargetsDict(conf.requestFile, addedTargetUrls)
|
_feedTargetsDict(conf.requestFile, addedTargetUrls)
|
||||||
|
|
||||||
|
@ -504,7 +504,7 @@ def _setGoogleDorking():
|
||||||
if not links:
|
if not links:
|
||||||
errMsg = "unable to find results for your "
|
errMsg = "unable to find results for your "
|
||||||
errMsg += "Google dork expression"
|
errMsg += "Google dork expression"
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
for link in links:
|
for link in links:
|
||||||
link = urldecode(link)
|
link = urldecode(link)
|
||||||
|
@ -560,7 +560,7 @@ def _setBulkMultipleTargets():
|
||||||
if not os.path.isfile(conf.bulkFile):
|
if not os.path.isfile(conf.bulkFile):
|
||||||
errMsg = "the specified bulk file "
|
errMsg = "the specified bulk file "
|
||||||
errMsg += "does not exist"
|
errMsg += "does not exist"
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
for line in getFileItems(conf.bulkFile):
|
for line in getFileItems(conf.bulkFile):
|
||||||
if re.search(r"[^ ]+\?(.+)", line, re.I):
|
if re.search(r"[^ ]+\?(.+)", line, re.I):
|
||||||
|
@ -597,7 +597,7 @@ def _setDBMSAuthentication():
|
||||||
if not match:
|
if not match:
|
||||||
errMsg = "DBMS authentication credentials value must be in format "
|
errMsg = "DBMS authentication credentials value must be in format "
|
||||||
errMsg += "username:password"
|
errMsg += "username:password"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
conf.dbmsUsername = match.group(1)
|
conf.dbmsUsername = match.group(1)
|
||||||
conf.dbmsPassword = match.group(2)
|
conf.dbmsPassword = match.group(2)
|
||||||
|
@ -638,7 +638,7 @@ def _setMetasploit():
|
||||||
errMsg += "if you want to perform a SMB relay attack because "
|
errMsg += "if you want to perform a SMB relay attack because "
|
||||||
errMsg += "it will need to listen on a user-specified SMB "
|
errMsg += "it will need to listen on a user-specified SMB "
|
||||||
errMsg += "TCP port for incoming connection attempts"
|
errMsg += "TCP port for incoming connection attempts"
|
||||||
raise SqlmapMissingPrivileges, errMsg
|
raise SqlmapMissingPrivileges(errMsg)
|
||||||
|
|
||||||
if conf.msfPath:
|
if conf.msfPath:
|
||||||
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
|
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
|
||||||
|
@ -687,7 +687,7 @@ def _setMetasploit():
|
||||||
if not msfEnvPathExists:
|
if not msfEnvPathExists:
|
||||||
errMsg = "unable to locate Metasploit Framework installation. "
|
errMsg = "unable to locate Metasploit Framework installation. "
|
||||||
errMsg += "You can get it at 'http://metasploit.com/framework/download/'"
|
errMsg += "You can get it at 'http://metasploit.com/framework/download/'"
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
def _setWriteFile():
|
def _setWriteFile():
|
||||||
if not conf.wFile:
|
if not conf.wFile:
|
||||||
|
@ -698,12 +698,12 @@ def _setWriteFile():
|
||||||
|
|
||||||
if not os.path.exists(conf.wFile):
|
if not os.path.exists(conf.wFile):
|
||||||
errMsg = "the provided local file '%s' does not exist" % conf.wFile
|
errMsg = "the provided local file '%s' does not exist" % conf.wFile
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
if not conf.dFile:
|
if not conf.dFile:
|
||||||
errMsg = "you did not provide the back-end DBMS absolute path "
|
errMsg = "you did not provide the back-end DBMS absolute path "
|
||||||
errMsg += "where you want to write the local file '%s'" % conf.wFile
|
errMsg += "where you want to write the local file '%s'" % conf.wFile
|
||||||
raise SqlmapMissingMandatoryOptionException, errMsg
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
conf.wFileType = getFileType(conf.wFile)
|
conf.wFileType = getFileType(conf.wFile)
|
||||||
|
|
||||||
|
@ -722,7 +722,7 @@ def _setOS():
|
||||||
errMsg += "If you do not know the back-end DBMS underlying OS, "
|
errMsg += "If you do not know the back-end DBMS underlying OS, "
|
||||||
errMsg += "do not provide it and sqlmap will fingerprint it for "
|
errMsg += "do not provide it and sqlmap will fingerprint it for "
|
||||||
errMsg += "you."
|
errMsg += "you."
|
||||||
raise SqlmapUnsupportedDBMSException, errMsg
|
raise SqlmapUnsupportedDBMSException(errMsg)
|
||||||
|
|
||||||
debugMsg = "forcing back-end DBMS operating system to user defined "
|
debugMsg = "forcing back-end DBMS operating system to user defined "
|
||||||
debugMsg += "value '%s'" % conf.os
|
debugMsg += "value '%s'" % conf.os
|
||||||
|
@ -742,7 +742,7 @@ def _setTechnique():
|
||||||
errMsg = "value for --technique must be a string composed "
|
errMsg = "value for --technique must be a string composed "
|
||||||
errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters)
|
errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters)
|
||||||
errMsg += "user's manual for details"
|
errMsg += "user's manual for details"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
for validTech, validInt in validTechniques:
|
for validTech, validInt in validTechniques:
|
||||||
if letter == validTech[0]:
|
if letter == validTech[0]:
|
||||||
|
@ -774,7 +774,7 @@ def _setDBMS():
|
||||||
errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT])
|
errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT])
|
||||||
errMsg += "If you do not know the back-end DBMS, do not provide "
|
errMsg += "If you do not know the back-end DBMS, do not provide "
|
||||||
errMsg += "it and sqlmap will fingerprint it for you."
|
errMsg += "it and sqlmap will fingerprint it for you."
|
||||||
raise SqlmapUnsupportedDBMSException, errMsg
|
raise SqlmapUnsupportedDBMSException(errMsg)
|
||||||
|
|
||||||
for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \
|
for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \
|
||||||
SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \
|
SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \
|
||||||
|
@ -808,11 +808,11 @@ def _setTamperingFunctions():
|
||||||
|
|
||||||
elif not os.path.exists(tfile):
|
elif not os.path.exists(tfile):
|
||||||
errMsg = "tamper script '%s' does not exist" % tfile
|
errMsg = "tamper script '%s' does not exist" % tfile
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
elif not tfile.endswith('.py'):
|
elif not tfile.endswith('.py'):
|
||||||
errMsg = "tamper script '%s' should have an extension '.py'" % tfile
|
errMsg = "tamper script '%s' should have an extension '.py'" % tfile
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
dirname, filename = os.path.split(tfile)
|
dirname, filename = os.path.split(tfile)
|
||||||
dirname = os.path.abspath(dirname)
|
dirname = os.path.abspath(dirname)
|
||||||
|
@ -823,7 +823,7 @@ def _setTamperingFunctions():
|
||||||
if not os.path.exists(os.path.join(dirname, '__init__.py')):
|
if not os.path.exists(os.path.join(dirname, '__init__.py')):
|
||||||
errMsg = "make sure that there is an empty file '__init__.py' "
|
errMsg = "make sure that there is an empty file '__init__.py' "
|
||||||
errMsg += "inside of tamper scripts directory '%s'" % dirname
|
errMsg += "inside of tamper scripts directory '%s'" % dirname
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
if dirname not in sys.path:
|
if dirname not in sys.path:
|
||||||
sys.path.insert(0, dirname)
|
sys.path.insert(0, dirname)
|
||||||
|
@ -831,7 +831,7 @@ def _setTamperingFunctions():
|
||||||
try:
|
try:
|
||||||
module = __import__(filename[:-3])
|
module = __import__(filename[:-3])
|
||||||
except ImportError, msg:
|
except ImportError, msg:
|
||||||
raise SqlmapSyntaxException, "cannot import tamper script '%s' (%s)" % (filename[:-3], msg)
|
raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], msg))
|
||||||
|
|
||||||
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
|
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
|
||||||
|
|
||||||
|
@ -866,7 +866,7 @@ def _setTamperingFunctions():
|
||||||
if not found:
|
if not found:
|
||||||
errMsg = "missing function 'tamper(payload, headers)' "
|
errMsg = "missing function 'tamper(payload, headers)' "
|
||||||
errMsg += "in tamper script '%s'" % tfile
|
errMsg += "in tamper script '%s'" % tfile
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
if resolve_priorities and priorities:
|
if resolve_priorities and priorities:
|
||||||
priorities.sort(reverse=True)
|
priorities.sort(reverse=True)
|
||||||
|
@ -929,14 +929,14 @@ def _setHTTPProxy():
|
||||||
|
|
||||||
if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)):
|
if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)):
|
||||||
errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
|
errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.pCred:
|
if conf.pCred:
|
||||||
_ = re.search("^(.*?):(.*?)$", conf.pCred)
|
_ = re.search("^(.*?):(.*?)$", conf.pCred)
|
||||||
if not _:
|
if not _:
|
||||||
errMsg = "Proxy authentication credentials "
|
errMsg = "Proxy authentication credentials "
|
||||||
errMsg += "value must be in format username:password"
|
errMsg += "value must be in format username:password"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
else:
|
else:
|
||||||
username = _.group(1)
|
username = _.group(1)
|
||||||
password = _.group(2)
|
password = _.group(2)
|
||||||
|
@ -979,7 +979,7 @@ def _setSafeUrl():
|
||||||
|
|
||||||
if conf.saFreq <= 0:
|
if conf.saFreq <= 0:
|
||||||
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature"
|
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
def _setPrefixSuffix():
|
def _setPrefixSuffix():
|
||||||
if conf.prefix is not None and conf.suffix is not None:
|
if conf.prefix is not None and conf.suffix is not None:
|
||||||
|
@ -1033,12 +1033,12 @@ def _setHTTPAuthentication():
|
||||||
elif conf.aType and not conf.aCred:
|
elif conf.aType and not conf.aCred:
|
||||||
errMsg = "you specified the HTTP authentication type, but "
|
errMsg = "you specified the HTTP authentication type, but "
|
||||||
errMsg += "did not provide the credentials"
|
errMsg += "did not provide the credentials"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
elif not conf.aType and conf.aCred:
|
elif not conf.aType and conf.aCred:
|
||||||
errMsg = "you specified the HTTP authentication credentials, "
|
errMsg = "you specified the HTTP authentication credentials, "
|
||||||
errMsg += "but did not provide the type"
|
errMsg += "but did not provide the type"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if not conf.aCert:
|
if not conf.aCert:
|
||||||
debugMsg = "setting the HTTP authentication type and credentials"
|
debugMsg = "setting the HTTP authentication type and credentials"
|
||||||
|
@ -1049,7 +1049,7 @@ def _setHTTPAuthentication():
|
||||||
if aTypeLower not in ( "basic", "digest", "ntlm" ):
|
if aTypeLower not in ( "basic", "digest", "ntlm" ):
|
||||||
errMsg = "HTTP authentication type value must be "
|
errMsg = "HTTP authentication type value must be "
|
||||||
errMsg += "Basic, Digest or NTLM"
|
errMsg += "Basic, Digest or NTLM"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
elif aTypeLower in ( "basic", "digest" ):
|
elif aTypeLower in ( "basic", "digest" ):
|
||||||
regExp = "^(.*?):(.*?)$"
|
regExp = "^(.*?):(.*?)$"
|
||||||
errMsg = "HTTP %s authentication credentials " % aTypeLower
|
errMsg = "HTTP %s authentication credentials " % aTypeLower
|
||||||
|
@ -1062,7 +1062,7 @@ def _setHTTPAuthentication():
|
||||||
aCredRegExp = re.search(regExp, conf.aCred)
|
aCredRegExp = re.search(regExp, conf.aCred)
|
||||||
|
|
||||||
if not aCredRegExp:
|
if not aCredRegExp:
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
conf.authUsername = aCredRegExp.group(1)
|
conf.authUsername = aCredRegExp.group(1)
|
||||||
conf.authPassword = aCredRegExp.group(2)
|
conf.authPassword = aCredRegExp.group(2)
|
||||||
|
@ -1084,7 +1084,7 @@ def _setHTTPAuthentication():
|
||||||
errMsg = "sqlmap requires Python NTLM third-party library "
|
errMsg = "sqlmap requires Python NTLM third-party library "
|
||||||
errMsg += "in order to authenticate via NTLM, "
|
errMsg += "in order to authenticate via NTLM, "
|
||||||
errMsg += "http://code.google.com/p/python-ntlm/"
|
errMsg += "http://code.google.com/p/python-ntlm/"
|
||||||
raise SqlmapMissingDependence, errMsg
|
raise SqlmapMissingDependence(errMsg)
|
||||||
|
|
||||||
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)
|
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)
|
||||||
else:
|
else:
|
||||||
|
@ -1096,7 +1096,7 @@ def _setHTTPAuthentication():
|
||||||
if not aCertRegExp:
|
if not aCertRegExp:
|
||||||
errMsg = "HTTP authentication certificate option "
|
errMsg = "HTTP authentication certificate option "
|
||||||
errMsg += "must be in format key_file,cert_file"
|
errMsg += "must be in format key_file,cert_file"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
# os.path.expanduser for support of paths with ~
|
# os.path.expanduser for support of paths with ~
|
||||||
key_file = os.path.expanduser(aCertRegExp.group(1))
|
key_file = os.path.expanduser(aCertRegExp.group(1))
|
||||||
|
@ -1105,7 +1105,7 @@ def _setHTTPAuthentication():
|
||||||
for ifile in (key_file, cert_file):
|
for ifile in (key_file, cert_file):
|
||||||
if not os.path.exists(ifile):
|
if not os.path.exists(ifile):
|
||||||
errMsg = "File '%s' does not exist" % ifile
|
errMsg = "File '%s' does not exist" % ifile
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
authHandler = HTTPSCertAuthHandler(key_file, cert_file)
|
authHandler = HTTPSCertAuthHandler(key_file, cert_file)
|
||||||
|
|
||||||
|
@ -1134,7 +1134,7 @@ def _setHTTPExtraHeaders():
|
||||||
conf.httpHeaders.append((header, value))
|
conf.httpHeaders.append((header, value))
|
||||||
else:
|
else:
|
||||||
errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u')
|
errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u')
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
elif not conf.httpHeaders or len(conf.httpHeaders) == 1:
|
elif not conf.httpHeaders or len(conf.httpHeaders) == 1:
|
||||||
conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5"))
|
conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5"))
|
||||||
|
@ -1810,13 +1810,13 @@ def _setDNSServer():
|
||||||
except socket.error, msg:
|
except socket.error, msg:
|
||||||
errMsg = "there was an error while setting up "
|
errMsg = "there was an error while setting up "
|
||||||
errMsg += "DNS server instance ('%s')" % msg
|
errMsg += "DNS server instance ('%s')" % msg
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
else:
|
else:
|
||||||
errMsg = "you need to run sqlmap as an administrator "
|
errMsg = "you need to run sqlmap as an administrator "
|
||||||
errMsg += "if you want to perform a DNS data exfiltration attack "
|
errMsg += "if you want to perform a DNS data exfiltration attack "
|
||||||
errMsg += "as it will need to listen on privileged UDP port 53 "
|
errMsg += "as it will need to listen on privileged UDP port 53 "
|
||||||
errMsg += "for incoming address resolution attempts"
|
errMsg += "for incoming address resolution attempts"
|
||||||
raise SqlmapMissingPrivileges, errMsg
|
raise SqlmapMissingPrivileges(errMsg)
|
||||||
|
|
||||||
def _setTorProxySettings():
|
def _setTorProxySettings():
|
||||||
if not conf.tor:
|
if not conf.tor:
|
||||||
|
@ -1857,7 +1857,7 @@ def _setTorHttpProxySettings():
|
||||||
else:
|
else:
|
||||||
errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)"
|
errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)"
|
||||||
|
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
|
|
||||||
if not conf.checkTor:
|
if not conf.checkTor:
|
||||||
warnMsg = "use switch '--check-tor' at "
|
warnMsg = "use switch '--check-tor' at "
|
||||||
|
@ -1886,7 +1886,7 @@ def _checkTor():
|
||||||
page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False)
|
page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False)
|
||||||
if not page or 'Congratulations' not in page:
|
if not page or 'Congratulations' not in page:
|
||||||
errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'"
|
errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'"
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
else:
|
else:
|
||||||
infoMsg = "Tor is properly being used"
|
infoMsg = "Tor is properly being used"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
@ -1894,135 +1894,135 @@ def _checkTor():
|
||||||
def _basicOptionValidation():
|
def _basicOptionValidation():
|
||||||
if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0):
|
if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0):
|
||||||
errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)"
|
errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0):
|
if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0):
|
||||||
errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)"
|
errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0):
|
if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0):
|
||||||
errMsg = "value for option '--level' must be an integer value greater than zero (>0)"
|
errMsg = "value for option '--level' must be an integer value greater than zero (>0)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0):
|
if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0):
|
||||||
errMsg = "value for option '--risk' must be an integer value greater than zero (>0)"
|
errMsg = "value for option '--risk' must be an integer value greater than zero (>0)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \
|
if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \
|
||||||
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart:
|
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart:
|
||||||
errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option"
|
errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \
|
if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \
|
||||||
conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar:
|
conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar:
|
||||||
errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option"
|
errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0):
|
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0):
|
||||||
errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]"
|
errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.textOnly and conf.nullConnection:
|
if conf.textOnly and conf.nullConnection:
|
||||||
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
|
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.titles and conf.nullConnection:
|
if conf.titles and conf.nullConnection:
|
||||||
errMsg = "switch '--titles' is incompatible with switch '--null-connection'"
|
errMsg = "switch '--titles' is incompatible with switch '--null-connection'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.data and conf.nullConnection:
|
if conf.data and conf.nullConnection:
|
||||||
errMsg = "option '--data' is incompatible with switch '--null-connection'"
|
errMsg = "option '--data' is incompatible with switch '--null-connection'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.string and conf.nullConnection:
|
if conf.string and conf.nullConnection:
|
||||||
errMsg = "option '--string' is incompatible with switch '--null-connection'"
|
errMsg = "option '--string' is incompatible with switch '--null-connection'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.notString and conf.nullConnection:
|
if conf.notString and conf.nullConnection:
|
||||||
errMsg = "option '--not-string' is incompatible with switch '--null-connection'"
|
errMsg = "option '--not-string' is incompatible with switch '--null-connection'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.string and conf.notString:
|
if conf.string and conf.notString:
|
||||||
errMsg = "option '--string' is incompatible with switch '--not-string'"
|
errMsg = "option '--string' is incompatible with switch '--not-string'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.regexp and conf.nullConnection:
|
if conf.regexp and conf.nullConnection:
|
||||||
errMsg = "option '--regexp' is incompatible with switch '--null-connection'"
|
errMsg = "option '--regexp' is incompatible with switch '--null-connection'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.dumpTable and conf.dumpAll:
|
if conf.dumpTable and conf.dumpAll:
|
||||||
errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
|
errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.predictOutput and (conf.threads > 1 or conf.optimize):
|
if conf.predictOutput and (conf.threads > 1 or conf.optimize):
|
||||||
errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'"
|
errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.threads > MAX_NUMBER_OF_THREADS:
|
if conf.threads > MAX_NUMBER_OF_THREADS:
|
||||||
errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS
|
errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.forms and not conf.url:
|
if conf.forms and not conf.url:
|
||||||
errMsg = "switch '--forms' requires usage of option '-u' (--url)"
|
errMsg = "switch '--forms' requires usage of option '-u' (--url)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.requestFile and conf.url:
|
if conf.requestFile and conf.url:
|
||||||
errMsg = "option '-r' is incompatible with option '-u' (--url)"
|
errMsg = "option '-r' is incompatible with option '-u' (--url)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.tor and conf.ignoreProxy:
|
if conf.tor and conf.ignoreProxy:
|
||||||
errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'"
|
errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.tor and conf.proxy:
|
if conf.tor and conf.proxy:
|
||||||
errMsg = "switch '--tor' is incompatible with option '--proxy'"
|
errMsg = "switch '--tor' is incompatible with option '--proxy'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.checkTor and not any((conf.tor, conf.proxy)):
|
if conf.checkTor and not any((conf.tor, conf.proxy)):
|
||||||
errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)"
|
errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0):
|
if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0):
|
||||||
errMsg = "value for option '--tor-port' must be a positive integer"
|
errMsg = "value for option '--tor-port' must be a positive integer"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True):
|
if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True):
|
||||||
errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True))
|
errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True))
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True):
|
if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True):
|
||||||
errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True))
|
errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True))
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.skip and conf.testParameter:
|
if conf.skip and conf.testParameter:
|
||||||
errMsg = "option '--skip' is incompatible with option '-p'"
|
errMsg = "option '--skip' is incompatible with option '-p'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.mobile and conf.agent:
|
if conf.mobile and conf.agent:
|
||||||
errMsg = "switch '--mobile' is incompatible with option '--user-agent'"
|
errMsg = "switch '--mobile' is incompatible with option '--user-agent'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.proxy and conf.ignoreProxy:
|
if conf.proxy and conf.ignoreProxy:
|
||||||
errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'"
|
errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]):
|
if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]):
|
||||||
errMsg = "switch '--forms' is compatible only with option '-u' (--url)"
|
errMsg = "switch '--forms' is compatible only with option '-u' (--url)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.timeSec < 1:
|
if conf.timeSec < 1:
|
||||||
errMsg = "value for option '--time-sec' must be a positive integer"
|
errMsg = "value for option '--time-sec' must be a positive integer"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar):
|
if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar):
|
||||||
errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)"
|
errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if isinstance(conf.uCols, basestring):
|
if isinstance(conf.uCols, basestring):
|
||||||
if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2):
|
if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2):
|
||||||
errMsg = "value for option '--union-cols' must be a range with hyphon "
|
errMsg = "value for option '--union-cols' must be a range with hyphon "
|
||||||
errMsg += "(e.g. 1-10) or integer value (e.g. 5)"
|
errMsg += "(e.g. 1-10) or integer value (e.g. 5)"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.charset:
|
if conf.charset:
|
||||||
_ = checkCharEncoding(conf.charset, False)
|
_ = checkCharEncoding(conf.charset, False)
|
||||||
|
@ -2030,14 +2030,14 @@ def _basicOptionValidation():
|
||||||
errMsg = "unknown charset '%s'. Please visit " % conf.charset
|
errMsg = "unknown charset '%s'. Please visit " % conf.charset
|
||||||
errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE
|
errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE
|
||||||
errMsg += "supported charsets"
|
errMsg += "supported charsets"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
else:
|
else:
|
||||||
conf.charset = _
|
conf.charset = _
|
||||||
|
|
||||||
if conf.loadCookies:
|
if conf.loadCookies:
|
||||||
if not os.path.exists(conf.loadCookies):
|
if not os.path.exists(conf.loadCookies):
|
||||||
errMsg = "cookies file '%s' does not exist" % conf.loadCookies
|
errMsg = "cookies file '%s' does not exist" % conf.loadCookies
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
def _resolveCrossReferences():
|
def _resolveCrossReferences():
|
||||||
lib.core.threads.readInput = readInput
|
lib.core.threads.readInput = readInput
|
||||||
|
|
|
@ -64,7 +64,7 @@ class Replication(object):
|
||||||
self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values))
|
self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values))
|
||||||
else:
|
else:
|
||||||
errMsg = "wrong number of columns used in replicating insert"
|
errMsg = "wrong number of columns used in replicating insert"
|
||||||
raise SqlmapValueException, errMsg
|
raise SqlmapValueException(errMsg)
|
||||||
|
|
||||||
def execute(self, sql, parameters=[]):
|
def execute(self, sql, parameters=[]):
|
||||||
try:
|
try:
|
||||||
|
@ -73,7 +73,7 @@ class Replication(object):
|
||||||
errMsg = "problem occurred ('%s') while accessing sqlite database " % ex
|
errMsg = "problem occurred ('%s') while accessing sqlite database " % ex
|
||||||
errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
|
errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
|
||||||
errMsg += "it's not used by some other program"
|
errMsg += "it's not used by some other program"
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
def beginTransaction(self):
|
def beginTransaction(self):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -40,7 +40,7 @@ def blockingReadFromFD(fd):
|
||||||
break
|
break
|
||||||
|
|
||||||
if not output:
|
if not output:
|
||||||
raise EOFError, "fd %s has been closed." % fd
|
raise EOFError("fd %s has been closed." % fd )
|
||||||
|
|
||||||
return output
|
return output
|
||||||
|
|
||||||
|
|
|
@ -79,7 +79,7 @@ def _setRequestParams():
|
||||||
# Perform checks on POST parameters
|
# Perform checks on POST parameters
|
||||||
if conf.method == HTTPMETHOD.POST and conf.data is None:
|
if conf.method == HTTPMETHOD.POST and conf.data is None:
|
||||||
errMsg = "HTTP POST method depends on HTTP data value to be posted"
|
errMsg = "HTTP POST method depends on HTTP data value to be posted"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if conf.data is not None:
|
if conf.data is not None:
|
||||||
conf.method = HTTPMETHOD.POST
|
conf.method = HTTPMETHOD.POST
|
||||||
|
@ -237,12 +237,12 @@ def _setRequestParams():
|
||||||
if not conf.parameters:
|
if not conf.parameters:
|
||||||
errMsg = "you did not provide any GET, POST and Cookie "
|
errMsg = "you did not provide any GET, POST and Cookie "
|
||||||
errMsg += "parameter, neither an User-Agent, Referer or Host header value"
|
errMsg += "parameter, neither an User-Agent, Referer or Host header value"
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
elif not testableParameters:
|
elif not testableParameters:
|
||||||
errMsg = "all testable parameters you provided are not present "
|
errMsg = "all testable parameters you provided are not present "
|
||||||
errMsg += "within the GET, POST and Cookie parameters"
|
errMsg += "within the GET, POST and Cookie parameters"
|
||||||
raise SqlmapGenericException, errMsg
|
raise SqlmapGenericException(errMsg)
|
||||||
|
|
||||||
def _setHashDB():
|
def _setHashDB():
|
||||||
"""
|
"""
|
||||||
|
@ -259,7 +259,7 @@ def _setHashDB():
|
||||||
logger.info("flushing session file")
|
logger.info("flushing session file")
|
||||||
except OSError, msg:
|
except OSError, msg:
|
||||||
errMsg = "unable to flush the session file (%s)" % msg
|
errMsg = "unable to flush the session file (%s)" % msg
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
conf.hashDB = HashDB(conf.hashDBFile)
|
conf.hashDB = HashDB(conf.hashDBFile)
|
||||||
|
|
||||||
|
@ -460,7 +460,7 @@ def _createTargetDirs():
|
||||||
errMsg = "something went wrong while trying "
|
errMsg = "something went wrong while trying "
|
||||||
errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, ex)
|
errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, ex)
|
||||||
|
|
||||||
raise SqlmapMissingPrivileges, errMsg
|
raise SqlmapMissingPrivileges(errMsg)
|
||||||
|
|
||||||
_createDumpDir()
|
_createDumpDir()
|
||||||
_createFilesDir()
|
_createFilesDir()
|
||||||
|
|
|
@ -165,7 +165,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
|
||||||
pass
|
pass
|
||||||
|
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
raise SqlmapThreadException, "user aborted (Ctrl+C was pressed multiple times)"
|
raise SqlmapThreadException("user aborted (Ctrl+C was pressed multiple times)")
|
||||||
|
|
||||||
if forwardException:
|
if forwardException:
|
||||||
raise
|
raise
|
||||||
|
|
|
@ -42,7 +42,7 @@ class Wordlist(object):
|
||||||
_ = zipfile.ZipFile(current, 'r')
|
_ = zipfile.ZipFile(current, 'r')
|
||||||
if len(_.namelist()) == 0:
|
if len(_.namelist()) == 0:
|
||||||
errMsg = "no file(s) inside '%s'" % current
|
errMsg = "no file(s) inside '%s'" % current
|
||||||
raise SqlmapDataException, errMsg
|
raise SqlmapDataException(errMsg)
|
||||||
self.fp = _.open(_.namelist()[0])
|
self.fp = _.open(_.namelist()[0])
|
||||||
else:
|
else:
|
||||||
self.fp = open(current, 'r')
|
self.fp = open(current, 'r')
|
||||||
|
|
|
@ -66,11 +66,11 @@ def configFileParser(configFile):
|
||||||
config.readfp(configFP)
|
config.readfp(configFP)
|
||||||
except MissingSectionHeaderError:
|
except MissingSectionHeaderError:
|
||||||
errMsg = "you have provided an invalid configuration file"
|
errMsg = "you have provided an invalid configuration file"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
if not config.has_section("Target"):
|
if not config.has_section("Target"):
|
||||||
errMsg = "missing a mandatory section 'Target' in the configuration file"
|
errMsg = "missing a mandatory section 'Target' in the configuration file"
|
||||||
raise SqlmapMissingMandatoryOptionException, errMsg
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
condition = not config.has_option("Target", "url")
|
condition = not config.has_option("Target", "url")
|
||||||
condition &= not config.has_option("Target", "logFile")
|
condition &= not config.has_option("Target", "logFile")
|
||||||
|
@ -82,7 +82,7 @@ def configFileParser(configFile):
|
||||||
if condition:
|
if condition:
|
||||||
errMsg = "missing a mandatory option in the configuration file "
|
errMsg = "missing a mandatory option in the configuration file "
|
||||||
errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)"
|
errMsg += "(url, logFile, bulkFile, googleDork, requestFile or wizard)"
|
||||||
raise SqlmapMissingMandatoryOptionException, errMsg
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
for family, optionData in optDict.items():
|
for family, optionData in optDict.items():
|
||||||
for option, datatype in optionData.items():
|
for option, datatype in optionData.items():
|
||||||
|
|
|
@ -199,7 +199,7 @@ def decodePage(page, contentEncoding, contentType):
|
||||||
data = gzip.GzipFile("", "rb", 9, StringIO.StringIO(page))
|
data = gzip.GzipFile("", "rb", 9, StringIO.StringIO(page))
|
||||||
size = struct.unpack("<l", page[-4:])[0] # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py
|
size = struct.unpack("<l", page[-4:])[0] # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py
|
||||||
if size > MAX_CONNECTION_TOTAL_SIZE:
|
if size > MAX_CONNECTION_TOTAL_SIZE:
|
||||||
raise Exception, "size too large"
|
raise Exception("size too large")
|
||||||
|
|
||||||
page = data.read()
|
page = data.read()
|
||||||
except Exception, msg:
|
except Exception, msg:
|
||||||
|
|
|
@ -92,7 +92,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
|
||||||
errMsg = "problem occured while retrieving original page content "
|
errMsg = "problem occured while retrieving original page content "
|
||||||
errMsg += "which prevents sqlmap from continuation. Please rerun, "
|
errMsg += "which prevents sqlmap from continuation. Please rerun, "
|
||||||
errMsg += "and if the problem persists turn off any optimization switches"
|
errMsg += "and if the problem persists turn off any optimization switches"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
ratio = 1. * pageLength / len(seqMatcher.a)
|
ratio = 1. * pageLength / len(seqMatcher.a)
|
||||||
|
|
||||||
|
|
|
@ -466,11 +466,11 @@ class Connect(object):
|
||||||
if e.code == httplib.UNAUTHORIZED:
|
if e.code == httplib.UNAUTHORIZED:
|
||||||
errMsg = "not authorized, try to provide right HTTP "
|
errMsg = "not authorized, try to provide right HTTP "
|
||||||
errMsg += "authentication type and valid credentials (%d)" % code
|
errMsg += "authentication type and valid credentials (%d)" % code
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
elif e.code == httplib.NOT_FOUND:
|
elif e.code == httplib.NOT_FOUND:
|
||||||
if raise404:
|
if raise404:
|
||||||
errMsg = "page not found (%d)" % code
|
errMsg = "page not found (%d)" % code
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
else:
|
else:
|
||||||
debugMsg = "page not found (%d)" % code
|
debugMsg = "page not found (%d)" % code
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
@ -488,7 +488,7 @@ class Connect(object):
|
||||||
logger.critical(warnMsg)
|
logger.critical(warnMsg)
|
||||||
return None, None, None
|
return None, None, None
|
||||||
else:
|
else:
|
||||||
raise SqlmapConnectionException, warnMsg
|
raise SqlmapConnectionException(warnMsg)
|
||||||
else:
|
else:
|
||||||
debugMsg = "got HTTP error code: %d (%s)" % (code, status)
|
debugMsg = "got HTTP error code: %d (%s)" % (code, status)
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
@ -498,7 +498,7 @@ class Connect(object):
|
||||||
|
|
||||||
if "no host given" in tbMsg:
|
if "no host given" in tbMsg:
|
||||||
warnMsg = "invalid url address used (%s)" % repr(url)
|
warnMsg = "invalid url address used (%s)" % repr(url)
|
||||||
raise SqlmapSyntaxException, warnMsg
|
raise SqlmapSyntaxException(warnMsg)
|
||||||
elif "forcibly closed" in tbMsg:
|
elif "forcibly closed" in tbMsg:
|
||||||
warnMsg = "connection was forcibly closed by the target url"
|
warnMsg = "connection was forcibly closed by the target url"
|
||||||
elif "timed out" in tbMsg:
|
elif "timed out" in tbMsg:
|
||||||
|
@ -531,7 +531,7 @@ class Connect(object):
|
||||||
logger.critical(warnMsg)
|
logger.critical(warnMsg)
|
||||||
return None, None, None
|
return None, None, None
|
||||||
else:
|
else:
|
||||||
raise SqlmapConnectionException, warnMsg
|
raise SqlmapConnectionException(warnMsg)
|
||||||
|
|
||||||
finally:
|
finally:
|
||||||
page = page if isinstance(page, unicode) else getUnicode(page)
|
page = page if isinstance(page, unicode) else getUnicode(page)
|
||||||
|
@ -600,7 +600,7 @@ class Connect(object):
|
||||||
if not isinstance(payload, basestring):
|
if not isinstance(payload, basestring):
|
||||||
errMsg = "tamper function '%s' returns " % function.func_name
|
errMsg = "tamper function '%s' returns " % function.func_name
|
||||||
errMsg += "invalid payload type ('%s')" % type(payload)
|
errMsg += "invalid payload type ('%s')" % type(payload)
|
||||||
raise SqlmapValueException, errMsg
|
raise SqlmapValueException(errMsg)
|
||||||
|
|
||||||
value = agent.replacePayload(value, payload)
|
value = agent.replacePayload(value, payload)
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
|
||||||
logger.debug("SSL connection error occured ('%s')" % errMsg)
|
logger.debug("SSL connection error occured ('%s')" % errMsg)
|
||||||
|
|
||||||
if not success:
|
if not success:
|
||||||
raise SqlmapConnectionException, "can't establish SSL connection"
|
raise SqlmapConnectionException("can't establish SSL connection")
|
||||||
|
|
||||||
class HTTPSHandler(urllib2.HTTPSHandler):
|
class HTTPSHandler(urllib2.HTTPSHandler):
|
||||||
def https_open(self, req):
|
def https_open(self, req):
|
||||||
|
|
|
@ -394,7 +394,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
|
||||||
else:
|
else:
|
||||||
errMsg = "none of the injection types identified can be "
|
errMsg = "none of the injection types identified can be "
|
||||||
errMsg += "leveraged to retrieve queries output"
|
errMsg += "leveraged to retrieve queries output"
|
||||||
raise SqlmapNotVulnerableException, errMsg
|
raise SqlmapNotVulnerableException(errMsg)
|
||||||
|
|
||||||
finally:
|
finally:
|
||||||
kb.resumeValues = True
|
kb.resumeValues = True
|
||||||
|
|
|
@ -25,7 +25,7 @@ class ProxyHTTPConnection(httplib.HTTPConnection):
|
||||||
proto, rest = urllib.splittype(url)
|
proto, rest = urllib.splittype(url)
|
||||||
|
|
||||||
if proto is None:
|
if proto is None:
|
||||||
raise ValueError, "unknown URL type: %s" % url
|
raise ValueError("unknown URL type: %s" % url)
|
||||||
|
|
||||||
# Get host
|
# Get host
|
||||||
host, rest = urllib.splithost(rest)
|
host, rest = urllib.splithost(rest)
|
||||||
|
@ -38,7 +38,7 @@ class ProxyHTTPConnection(httplib.HTTPConnection):
|
||||||
try:
|
try:
|
||||||
port = self._ports[proto]
|
port = self._ports[proto]
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise ValueError, "unknown protocol for: %s" % url
|
raise ValueError("unknown protocol for: %s" % url)
|
||||||
|
|
||||||
self._real_host = host
|
self._real_host = host
|
||||||
self._real_port = int(port)
|
self._real_port = int(port)
|
||||||
|
@ -117,4 +117,4 @@ else:
|
||||||
class ProxyHTTPSHandler:
|
class ProxyHTTPSHandler:
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
errMsg = "unsupported feature on versions of Python before 2.6"
|
errMsg = "unsupported feature on versions of Python before 2.6"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -47,4 +47,4 @@ class HTTPRangeHandler(urllib2.BaseHandler):
|
||||||
def http_error_416(self, req, fp, code, msg, hdrs):
|
def http_error_416(self, req, fp, code, msg, hdrs):
|
||||||
# HTTP's Range Not Satisfiable error
|
# HTTP's Range Not Satisfiable error
|
||||||
errMsg = "Invalid range"
|
errMsg = "Invalid range"
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
|
|
|
@ -110,4 +110,4 @@ class SmartRedirectHandler(urllib2.HTTPRedirectHandler):
|
||||||
if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):
|
if hasattr(req, 'redirect_dict') and (req.redirect_dict.get(req.get_full_url(), 0) >= MAX_SINGLE_URL_REDIRECTIONS or len(req.redirect_dict) >= MAX_TOTAL_REDIRECTIONS):
|
||||||
errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())
|
errMsg = "infinite redirect loop detected (%s). " % ", ".join(item for item in req.redirect_dict.keys())
|
||||||
errMsg += "please check all provided parameters and/or provide missing ones."
|
errMsg += "please check all provided parameters and/or provide missing ones."
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
|
|
|
@ -49,7 +49,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
|
||||||
|
|
||||||
else:
|
else:
|
||||||
errMsg = "Feature not yet implemented for the back-end DBMS"
|
errMsg = "Feature not yet implemented for the back-end DBMS"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def evalCmd(self, cmd, first=None, last=None):
|
def evalCmd(self, cmd, first=None, last=None):
|
||||||
retVal = None
|
retVal = None
|
||||||
|
@ -65,7 +65,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
|
||||||
|
|
||||||
else:
|
else:
|
||||||
errMsg = "Feature not yet implemented for the back-end DBMS"
|
errMsg = "Feature not yet implemented for the back-end DBMS"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
return safechardecode(retVal)
|
return safechardecode(retVal)
|
||||||
|
|
||||||
|
@ -110,7 +110,7 @@ class Abstraction(Web, UDF, Xp_cmdshell):
|
||||||
|
|
||||||
else:
|
else:
|
||||||
errMsg = "feature not yet implemented for the back-end DBMS"
|
errMsg = "feature not yet implemented for the back-end DBMS"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows")
|
infoMsg = "calling %s OS shell. To quit type " % (Backend.getOs() or "Windows")
|
||||||
infoMsg += "'x' or 'q' and press ENTER"
|
infoMsg += "'x' or 'q' and press ENTER"
|
||||||
|
|
|
@ -280,7 +280,7 @@ class Metasploit:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
else:
|
else:
|
||||||
raise SqlmapDataException, "unexpected connection type"
|
raise SqlmapDataException("unexpected connection type")
|
||||||
|
|
||||||
def _selectLhost(self):
|
def _selectLhost(self):
|
||||||
if self.connectionStr.startswith("reverse"):
|
if self.connectionStr.startswith("reverse"):
|
||||||
|
@ -296,7 +296,7 @@ class Metasploit:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
else:
|
else:
|
||||||
raise SqlmapDataException, "unexpected connection type"
|
raise SqlmapDataException("unexpected connection type")
|
||||||
|
|
||||||
def _selectConnection(self):
|
def _selectConnection(self):
|
||||||
return self._skeletonSelection("connection type", self._msfConnectionsList)
|
return self._skeletonSelection("connection type", self._msfConnectionsList)
|
||||||
|
@ -320,7 +320,7 @@ class Metasploit:
|
||||||
elif self.connectionStr.startswith("reverse"):
|
elif self.connectionStr.startswith("reverse"):
|
||||||
self._cliCmd += " LHOST=%s" % self.lhostStr
|
self._cliCmd += " LHOST=%s" % self.lhostStr
|
||||||
else:
|
else:
|
||||||
raise SqlmapDataException, "unexpected connection type"
|
raise SqlmapDataException("unexpected connection type")
|
||||||
|
|
||||||
if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject":
|
if Backend.isOs(OS.WINDOWS) and self.payloadStr == "windows/vncinject":
|
||||||
self._cliCmd += " DisableCourtesyShell=true"
|
self._cliCmd += " DisableCourtesyShell=true"
|
||||||
|
@ -341,7 +341,7 @@ class Metasploit:
|
||||||
elif self.connectionStr.startswith("reverse"):
|
elif self.connectionStr.startswith("reverse"):
|
||||||
self._cliCmd += " LHOST=%s" % self.lhostStr
|
self._cliCmd += " LHOST=%s" % self.lhostStr
|
||||||
else:
|
else:
|
||||||
raise SqlmapDataException, "unexpected connection type"
|
raise SqlmapDataException("unexpected connection type")
|
||||||
|
|
||||||
self._cliCmd += " E"
|
self._cliCmd += " E"
|
||||||
|
|
||||||
|
@ -353,7 +353,7 @@ class Metasploit:
|
||||||
if self.connectionStr.startswith("reverse"):
|
if self.connectionStr.startswith("reverse"):
|
||||||
self._payloadCmd += " LHOST=%s" % self.lhostStr
|
self._payloadCmd += " LHOST=%s" % self.lhostStr
|
||||||
elif not self.connectionStr.startswith("bind"):
|
elif not self.connectionStr.startswith("bind"):
|
||||||
raise SqlmapDataException, "unexpected connection type"
|
raise SqlmapDataException("unexpected connection type")
|
||||||
|
|
||||||
if Backend.isOs(OS.LINUX) and conf.privEsc:
|
if Backend.isOs(OS.LINUX) and conf.privEsc:
|
||||||
self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
|
self._payloadCmd += " PrependChrootBreak=true PrependSetuid=true"
|
||||||
|
@ -525,7 +525,7 @@ class Metasploit:
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
else:
|
else:
|
||||||
errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "")
|
errMsg = "failed to create the shellcode (%s)" % payloadStderr.replace("\n", " ").replace("\r", "")
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
self._shellcodeFP = open(self._shellcodeFilePath, "rb")
|
self._shellcodeFP = open(self._shellcodeFilePath, "rb")
|
||||||
self.shellcodeString = self._shellcodeFP.read()
|
self.shellcodeString = self._shellcodeFP.read()
|
||||||
|
|
|
@ -276,7 +276,7 @@ class Xp_cmdshell:
|
||||||
|
|
||||||
if not kb.xpCmdshellAvailable:
|
if not kb.xpCmdshellAvailable:
|
||||||
errMsg = "unable to proceed without xp_cmdshell"
|
errMsg = "unable to proceed without xp_cmdshell"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
debugMsg = "creating a support table to write commands standard "
|
debugMsg = "creating a support table to write commands standard "
|
||||||
debugMsg += "output to"
|
debugMsg += "output to"
|
||||||
|
|
|
@ -549,7 +549,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if kb.threadException:
|
if kb.threadException:
|
||||||
raise SqlmapThreadException, "something unexpected happened inside the threads"
|
raise SqlmapThreadException("something unexpected happened inside the threads")
|
||||||
|
|
||||||
if abortedFlag:
|
if abortedFlag:
|
||||||
raise KeyboardInterrupt
|
raise KeyboardInterrupt
|
||||||
|
|
|
@ -53,7 +53,7 @@ def tableExists(tableFile, regex=None):
|
||||||
errMsg = "can't use table existence check because of detected invalid results "
|
errMsg = "can't use table existence check because of detected invalid results "
|
||||||
errMsg += "(most probably caused by inability of the used injection "
|
errMsg += "(most probably caused by inability of the used injection "
|
||||||
errMsg += "to distinguish errornous results)"
|
errMsg += "to distinguish errornous results)"
|
||||||
raise SqlmapDataException, errMsg
|
raise SqlmapDataException(errMsg)
|
||||||
|
|
||||||
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
|
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
|
||||||
|
|
||||||
|
@ -138,14 +138,14 @@ def tableExists(tableFile, regex=None):
|
||||||
def columnExists(columnFile, regex=None):
|
def columnExists(columnFile, regex=None):
|
||||||
if not conf.tbl:
|
if not conf.tbl:
|
||||||
errMsg = "missing table parameter"
|
errMsg = "missing table parameter"
|
||||||
raise SqlmapMissingMandatoryOptionException, errMsg
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))
|
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))
|
||||||
if result:
|
if result:
|
||||||
errMsg = "can't use column existence check because of detected invalid results "
|
errMsg = "can't use column existence check because of detected invalid results "
|
||||||
errMsg += "(most probably caused by inability of the used injection "
|
errMsg += "(most probably caused by inability of the used injection "
|
||||||
errMsg += "to distinguish errornous results)"
|
errMsg += "to distinguish errornous results)"
|
||||||
raise SqlmapDataException, errMsg
|
raise SqlmapDataException(errMsg)
|
||||||
|
|
||||||
infoMsg = "checking column existence using items from '%s'" % columnFile
|
infoMsg = "checking column existence using items from '%s'" % columnFile
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
|
@ -28,7 +28,7 @@ def dnsTest(payload):
|
||||||
errMsg += ". Turning off DNS exfiltration support"
|
errMsg += ". Turning off DNS exfiltration support"
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
else:
|
else:
|
||||||
raise SqlmapNotVulnerableException, errMsg
|
raise SqlmapNotVulnerableException(errMsg)
|
||||||
else:
|
else:
|
||||||
infoMsg = "data retrieval through DNS channel was successful"
|
infoMsg = "data retrieval through DNS channel was successful"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
|
@ -128,14 +128,14 @@ def configUnion(char=None, columns=None):
|
||||||
colsStart, colsStop = columns, columns
|
colsStart, colsStop = columns, columns
|
||||||
|
|
||||||
if not colsStart.isdigit() or not colsStop.isdigit():
|
if not colsStart.isdigit() or not colsStop.isdigit():
|
||||||
raise SqlmapSyntaxException, "--union-cols must be a range of integers"
|
raise SqlmapSyntaxException("--union-cols must be a range of integers")
|
||||||
|
|
||||||
conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
|
conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
|
||||||
|
|
||||||
if conf.uColsStart > conf.uColsStop:
|
if conf.uColsStart > conf.uColsStop:
|
||||||
errMsg = "--union-cols range has to be from lower to "
|
errMsg = "--union-cols range has to be from lower to "
|
||||||
errMsg += "higher number of columns"
|
errMsg += "higher number of columns"
|
||||||
raise SqlmapSyntaxException, errMsg
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
_configUnionChar(char)
|
_configUnionChar(char)
|
||||||
_configUnionCols(conf.uCols or columns)
|
_configUnionCols(conf.uCols or columns)
|
||||||
|
|
|
@ -44,7 +44,7 @@ class Google(object):
|
||||||
e.info()
|
e.info()
|
||||||
except urllib2.URLError:
|
except urllib2.URLError:
|
||||||
errMsg = "unable to connect to Google"
|
errMsg = "unable to connect to Google"
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
|
|
||||||
def search(self, dork):
|
def search(self, dork):
|
||||||
"""
|
"""
|
||||||
|
@ -94,13 +94,13 @@ class Google(object):
|
||||||
return None
|
return None
|
||||||
except (urllib2.URLError, socket.error, socket.timeout):
|
except (urllib2.URLError, socket.error, socket.timeout):
|
||||||
errMsg = "unable to connect to Google"
|
errMsg = "unable to connect to Google"
|
||||||
raise SqlmapConnectionException, errMsg
|
raise SqlmapConnectionException(errMsg)
|
||||||
|
|
||||||
retVal = [urllib.unquote(match.group(1)) for match in re.finditer(GOOGLE_REGEX, page, re.I | re.S)]
|
retVal = [urllib.unquote(match.group(1)) for match in re.finditer(GOOGLE_REGEX, page, re.I | re.S)]
|
||||||
|
|
||||||
if not retVal and "detected unusual traffic" in page:
|
if not retVal and "detected unusual traffic" in page:
|
||||||
warnMsg = "Google has detected 'unusual' traffic from "
|
warnMsg = "Google has detected 'unusual' traffic from "
|
||||||
warnMsg += "this computer disabling further searches"
|
warnMsg += "this computer disabling further searches"
|
||||||
raise SqlmapGenericException, warnMsg
|
raise SqlmapGenericException(warnMsg)
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
|
@ -39,7 +39,7 @@ class HashDB(object):
|
||||||
except Exception, ex:
|
except Exception, ex:
|
||||||
errMsg = "error occurred while opening a session "
|
errMsg = "error occurred while opening a session "
|
||||||
errMsg += "file '%s' ('%s')" % (self.filepath, ex)
|
errMsg += "file '%s' ('%s')" % (self.filepath, ex)
|
||||||
raise SqlmapDataException, errMsg
|
raise SqlmapDataException(errMsg)
|
||||||
|
|
||||||
return threadData.hashDBCursor
|
return threadData.hashDBCursor
|
||||||
|
|
||||||
|
|
|
@ -83,7 +83,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
|
||||||
|
|
||||||
if not validColumnList:
|
if not validColumnList:
|
||||||
errMsg = "all column name(s) provided are non-existent"
|
errMsg = "all column name(s) provided are non-existent"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
if not validPivotValue:
|
if not validPivotValue:
|
||||||
warnMsg = "no proper pivot column provided (with unique values)."
|
warnMsg = "no proper pivot column provided (with unique values)."
|
||||||
|
|
|
@ -35,7 +35,7 @@ class Connector(GenericConnector):
|
||||||
if not IS_WIN:
|
if not IS_WIN:
|
||||||
errMsg = "currently, direct connection to Microsoft Access database(s) "
|
errMsg = "currently, direct connection to Microsoft Access database(s) "
|
||||||
errMsg += "is restricted to Windows platforms"
|
errMsg += "is restricted to Windows platforms"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
self.initConnection()
|
self.initConnection()
|
||||||
self.checkFileDb()
|
self.checkFileDb()
|
||||||
|
@ -43,7 +43,7 @@ class Connector(GenericConnector):
|
||||||
try:
|
try:
|
||||||
self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db)
|
self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db)
|
||||||
except (pyodbc.Error, pyodbc.OperationalError), msg:
|
except (pyodbc.Error, pyodbc.OperationalError), msg:
|
||||||
raise SqlmapConnectionException, msg[1]
|
raise SqlmapConnectionException(msg[1])
|
||||||
|
|
||||||
self.setCursor()
|
self.setCursor()
|
||||||
self.connected()
|
self.connected()
|
||||||
|
@ -61,7 +61,7 @@ class Connector(GenericConnector):
|
||||||
except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg:
|
except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg:
|
||||||
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
|
||||||
except pyodbc.Error, msg:
|
except pyodbc.Error, msg:
|
||||||
raise SqlmapConnectionException, msg[1]
|
raise SqlmapConnectionException(msg[1])
|
||||||
|
|
||||||
self.connector.commit()
|
self.connector.commit()
|
||||||
|
|
||||||
|
|
|
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
|
||||||
|
|
||||||
def readFile(self, rFile):
|
def readFile(self, rFile):
|
||||||
errMsg = "on Microsoft Access it is not possible to read files"
|
errMsg = "on Microsoft Access it is not possible to read files"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def writeFile(self, wFile, dFile, fileType=None):
|
def writeFile(self, wFile, dFile, fileType=None):
|
||||||
errMsg = "on Microsoft Access it is not possible to write files"
|
errMsg = "on Microsoft Access it is not possible to write files"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find("'")
|
index = expression[firstIndex:].find("'")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index
|
lastIndex = firstIndex + index
|
||||||
old = "'%s'" % expression[firstIndex:lastIndex]
|
old = "'%s'" % expression[firstIndex:lastIndex]
|
||||||
|
@ -56,7 +56,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find(")")
|
index = expression[firstIndex:].find(")")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
lastIndex = firstIndex + index + 1
|
||||||
old = expression[firstIndex:lastIndex]
|
old = expression[firstIndex:lastIndex]
|
||||||
|
|
|
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
|
||||||
|
|
||||||
def osCmd(self):
|
def osCmd(self):
|
||||||
errMsg = "on Microsoft Access it is not possible to execute commands"
|
errMsg = "on Microsoft Access it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osShell(self):
|
def osShell(self):
|
||||||
errMsg = "on Microsoft Access it is not possible to execute commands"
|
errMsg = "on Microsoft Access it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osPwn(self):
|
def osPwn(self):
|
||||||
errMsg = "on Microsoft Access it is not possible to establish an "
|
errMsg = "on Microsoft Access it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osSmb(self):
|
def osSmb(self):
|
||||||
errMsg = "on Microsoft Access it is not possible to establish an "
|
errMsg = "on Microsoft Access it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -35,7 +35,7 @@ class Connector(GenericConnector):
|
||||||
database = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port)
|
database = "DRIVER={IBM DB2 ODBC DRIVER};DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port)
|
||||||
self.connector = ibm_db_dbi.connect(database, self.user, self.password)
|
self.connector = ibm_db_dbi.connect(database, self.user, self.password)
|
||||||
except ibm_db_dbi.OperationalError, msg:
|
except ibm_db_dbi.OperationalError, msg:
|
||||||
raise SqlmapConnectionException, msg
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
|
|
||||||
self.setCursor()
|
self.setCursor()
|
||||||
|
@ -54,7 +54,7 @@ class Connector(GenericConnector):
|
||||||
except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg:
|
except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg:
|
||||||
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
|
||||||
except ibm_db_dbi.InternalError, msg:
|
except ibm_db_dbi.InternalError, msg:
|
||||||
raise SqlmapConnectionException, msg[1]
|
raise SqlmapConnectionException(msg[1])
|
||||||
|
|
||||||
self.connector.commit()
|
self.connector.commit()
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find("'")
|
index = expression[firstIndex:].find("'")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index
|
lastIndex = firstIndex + index
|
||||||
old = "'%s'" % expression[firstIndex:lastIndex]
|
old = "'%s'" % expression[firstIndex:lastIndex]
|
||||||
|
@ -55,7 +55,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find(")")
|
index = expression[firstIndex:].find(")")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
lastIndex = firstIndex + index + 1
|
||||||
old = expression[firstIndex:lastIndex]
|
old = expression[firstIndex:lastIndex]
|
||||||
|
|
|
@ -42,7 +42,7 @@ class Connector(GenericConnector):
|
||||||
self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \
|
self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \
|
||||||
user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html
|
user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") #http://www.daniweb.com/forums/thread248499.html
|
||||||
except kinterbasdb.OperationalError, msg:
|
except kinterbasdb.OperationalError, msg:
|
||||||
raise SqlmapConnectionException, msg[1]
|
raise SqlmapConnectionException(msg[1])
|
||||||
self.setCursor()
|
self.setCursor()
|
||||||
self.connected()
|
self.connected()
|
||||||
|
|
||||||
|
@ -59,7 +59,7 @@ class Connector(GenericConnector):
|
||||||
except kinterbasdb.OperationalError, msg:
|
except kinterbasdb.OperationalError, msg:
|
||||||
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
|
||||||
except kinterbasdb.Error, msg:
|
except kinterbasdb.Error, msg:
|
||||||
raise SqlmapConnectionException, msg[1]
|
raise SqlmapConnectionException(msg[1])
|
||||||
|
|
||||||
self.connector.commit()
|
self.connector.commit()
|
||||||
|
|
||||||
|
|
|
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
|
||||||
|
|
||||||
def readFile(self, rFile):
|
def readFile(self, rFile):
|
||||||
errMsg = "on Firebird it is not possible to read files"
|
errMsg = "on Firebird it is not possible to read files"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def writeFile(self, wFile, dFile, fileType=None):
|
def writeFile(self, wFile, dFile, fileType=None):
|
||||||
errMsg = "on Firebird it is not possible to write files"
|
errMsg = "on Firebird it is not possible to write files"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -26,7 +26,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find("'")
|
index = expression[firstIndex:].find("'")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index
|
lastIndex = firstIndex + index
|
||||||
old = "'%s'" % expression[firstIndex:lastIndex]
|
old = "'%s'" % expression[firstIndex:lastIndex]
|
||||||
|
@ -58,7 +58,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find(")")
|
index = expression[firstIndex:].find(")")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
lastIndex = firstIndex + index + 1
|
||||||
old = expression[firstIndex:lastIndex]
|
old = expression[firstIndex:lastIndex]
|
||||||
|
|
|
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
|
||||||
|
|
||||||
def osCmd(self):
|
def osCmd(self):
|
||||||
errMsg = "on Firebird it is not possible to execute commands"
|
errMsg = "on Firebird it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osShell(self):
|
def osShell(self):
|
||||||
errMsg = "on Firebird it is not possible to execute commands"
|
errMsg = "on Firebird it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osPwn(self):
|
def osPwn(self):
|
||||||
errMsg = "on Firebird it is not possible to establish an "
|
errMsg = "on Firebird it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osSmb(self):
|
def osSmb(self):
|
||||||
errMsg = "on Firebird it is not possible to establish an "
|
errMsg = "on Firebird it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -15,4 +15,4 @@ class Connector(GenericConnector):
|
||||||
def connect(self):
|
def connect(self):
|
||||||
errMsg = "on SAP MaxDB it is not possible to establish a "
|
errMsg = "on SAP MaxDB it is not possible to establish a "
|
||||||
errMsg += "direct connection"
|
errMsg += "direct connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -107,7 +107,7 @@ class Enumeration(GenericEnumeration):
|
||||||
if ',' in conf.db:
|
if ',' in conf.db:
|
||||||
errMsg = "only one database name is allowed when enumerating "
|
errMsg = "only one database name is allowed when enumerating "
|
||||||
errMsg += "the tables' columns"
|
errMsg += "the tables' columns"
|
||||||
raise SqlmapMissingMandatoryOptionException, errMsg
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
conf.db = safeSQLIdentificatorNaming(conf.db)
|
conf.db = safeSQLIdentificatorNaming(conf.db)
|
||||||
|
|
||||||
|
@ -124,7 +124,7 @@ class Enumeration(GenericEnumeration):
|
||||||
else:
|
else:
|
||||||
errMsg = "unable to retrieve the tables "
|
errMsg = "unable to retrieve the tables "
|
||||||
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
for tbl in tblList:
|
for tbl in tblList:
|
||||||
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
||||||
|
|
|
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
|
||||||
|
|
||||||
def readFile(self, rFile):
|
def readFile(self, rFile):
|
||||||
errMsg = "on SAP MaxDB reading of files is not supported"
|
errMsg = "on SAP MaxDB reading of files is not supported"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def writeFile(self, wFile, dFile, fileType=None):
|
def writeFile(self, wFile, dFile, fileType=None):
|
||||||
errMsg = "on SAP MaxDB writing of files is not supported"
|
errMsg = "on SAP MaxDB writing of files is not supported"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
|
||||||
|
|
||||||
def osCmd(self):
|
def osCmd(self):
|
||||||
errMsg = "on SAP MaxDB it is not possible to execute commands"
|
errMsg = "on SAP MaxDB it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osShell(self):
|
def osShell(self):
|
||||||
errMsg = "on SAP MaxDB it is not possible to execute commands"
|
errMsg = "on SAP MaxDB it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osPwn(self):
|
def osPwn(self):
|
||||||
errMsg = "on SAP MaxDB it is not possible to establish an "
|
errMsg = "on SAP MaxDB it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osSmb(self):
|
def osSmb(self):
|
||||||
errMsg = "on SAP MaxDB it is not possible to establish an "
|
errMsg = "on SAP MaxDB it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -42,7 +42,7 @@ class Connector(GenericConnector):
|
||||||
try:
|
try:
|
||||||
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
|
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
|
||||||
except pymssql.OperationalError, msg:
|
except pymssql.OperationalError, msg:
|
||||||
raise SqlmapConnectionException, msg
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
self.setCursor()
|
self.setCursor()
|
||||||
self.connected()
|
self.connected()
|
||||||
|
@ -63,7 +63,7 @@ class Connector(GenericConnector):
|
||||||
except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
|
except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
|
||||||
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " "))
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % str(msg).replace("\n", " "))
|
||||||
except pymssql.InternalError, msg:
|
except pymssql.InternalError, msg:
|
||||||
raise SqlmapConnectionException, msg
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,7 @@ class Connector(GenericConnector):
|
||||||
try:
|
try:
|
||||||
self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
|
self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True)
|
||||||
except (pymysql.OperationalError, pymysql.InternalError), msg:
|
except (pymysql.OperationalError, pymysql.InternalError), msg:
|
||||||
raise SqlmapConnectionException, msg[1]
|
raise SqlmapConnectionException(msg[1])
|
||||||
|
|
||||||
self.setCursor()
|
self.setCursor()
|
||||||
self.connected()
|
self.connected()
|
||||||
|
@ -58,7 +58,7 @@ class Connector(GenericConnector):
|
||||||
except (pymysql.OperationalError, pymysql.ProgrammingError), msg:
|
except (pymysql.OperationalError, pymysql.ProgrammingError), msg:
|
||||||
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1])
|
||||||
except pymysql.InternalError, msg:
|
except pymysql.InternalError, msg:
|
||||||
raise SqlmapConnectionException, msg[1]
|
raise SqlmapConnectionException(msg[1])
|
||||||
|
|
||||||
self.connector.commit()
|
self.connector.commit()
|
||||||
|
|
||||||
|
|
|
@ -63,7 +63,7 @@ class Filesystem(GenericFilesystem):
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
result = self.nonStackedReadFile(rFile)
|
result = self.nonStackedReadFile(rFile)
|
||||||
else:
|
else:
|
||||||
raise SqlmapNoneDataException, warnMsg
|
raise SqlmapNoneDataException(warnMsg)
|
||||||
else:
|
else:
|
||||||
length = int(length)
|
length = int(length)
|
||||||
sustrLen = 1024
|
sustrLen = 1024
|
||||||
|
|
|
@ -41,7 +41,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find(")")
|
index = expression[firstIndex:].find(")")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
lastIndex = firstIndex + index + 1
|
||||||
old = expression[firstIndex:lastIndex]
|
old = expression[firstIndex:lastIndex]
|
||||||
|
|
|
@ -46,7 +46,7 @@ class Connector(GenericConnector):
|
||||||
try:
|
try:
|
||||||
self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password)
|
self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password)
|
||||||
except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg:
|
except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError), msg:
|
||||||
raise SqlmapConnectionException, msg
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
self.setCursor()
|
self.setCursor()
|
||||||
self.connected()
|
self.connected()
|
||||||
|
@ -67,7 +67,7 @@ class Connector(GenericConnector):
|
||||||
except (cx_Oracle.DatabaseError), msg:
|
except (cx_Oracle.DatabaseError), msg:
|
||||||
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
|
||||||
except cx_Oracle.InternalError, msg:
|
except cx_Oracle.InternalError, msg:
|
||||||
raise SqlmapConnectionException, msg
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
self.connector.commit()
|
self.connector.commit()
|
||||||
|
|
||||||
|
|
|
@ -160,6 +160,6 @@ class Enumeration(GenericEnumeration):
|
||||||
if not kb.data.cachedUsersRoles:
|
if not kb.data.cachedUsersRoles:
|
||||||
errMsg = "unable to retrieve the roles "
|
errMsg = "unable to retrieve the roles "
|
||||||
errMsg += "for the database users"
|
errMsg += "for the database users"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
return kb.data.cachedUsersRoles, areAdmins
|
return kb.data.cachedUsersRoles, areAdmins
|
||||||
|
|
|
@ -15,9 +15,9 @@ class Filesystem(GenericFilesystem):
|
||||||
def readFile(self, rFile):
|
def readFile(self, rFile):
|
||||||
errMsg = "File system read access not yet implemented for "
|
errMsg = "File system read access not yet implemented for "
|
||||||
errMsg += "Oracle"
|
errMsg += "Oracle"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def writeFile(self, wFile, dFile, fileType=None):
|
def writeFile(self, wFile, dFile, fileType=None):
|
||||||
errMsg = "File system write access not yet implemented for "
|
errMsg = "File system write access not yet implemented for "
|
||||||
errMsg += "Oracle"
|
errMsg += "Oracle"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -24,7 +24,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find("'")
|
index = expression[firstIndex:].find("'")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index
|
lastIndex = firstIndex + index
|
||||||
old = "'%s'" % expression[firstIndex:lastIndex]
|
old = "'%s'" % expression[firstIndex:lastIndex]
|
||||||
|
@ -47,7 +47,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find("))")
|
index = expression[firstIndex:].find("))")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
lastIndex = firstIndex + index + 1
|
||||||
old = expression[firstIndex:lastIndex]
|
old = expression[firstIndex:lastIndex]
|
||||||
|
|
|
@ -15,19 +15,19 @@ class Takeover(GenericTakeover):
|
||||||
def osCmd(self):
|
def osCmd(self):
|
||||||
errMsg = "Operating system command execution functionality not "
|
errMsg = "Operating system command execution functionality not "
|
||||||
errMsg += "yet implemented for Oracle"
|
errMsg += "yet implemented for Oracle"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osShell(self):
|
def osShell(self):
|
||||||
errMsg = "Operating system shell functionality not yet "
|
errMsg = "Operating system shell functionality not yet "
|
||||||
errMsg += "implemented for Oracle"
|
errMsg += "implemented for Oracle"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osPwn(self):
|
def osPwn(self):
|
||||||
errMsg = "Operating system out-of-band control functionality "
|
errMsg = "Operating system out-of-band control functionality "
|
||||||
errMsg += "not yet implemented for Oracle"
|
errMsg += "not yet implemented for Oracle"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osSmb(self):
|
def osSmb(self):
|
||||||
errMsg = "One click operating system out-of-band control "
|
errMsg = "One click operating system out-of-band control "
|
||||||
errMsg += "functionality not yet implemented for Oracle"
|
errMsg += "functionality not yet implemented for Oracle"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -37,7 +37,7 @@ class Connector(GenericConnector):
|
||||||
try:
|
try:
|
||||||
self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port)
|
self.connector = psycopg2.connect(host=self.hostname, user=self.user, password=self.password, database=self.db, port=self.port)
|
||||||
except psycopg2.OperationalError, msg:
|
except psycopg2.OperationalError, msg:
|
||||||
raise SqlmapConnectionException, msg
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
self.connector.set_client_encoding('UNICODE')
|
self.connector.set_client_encoding('UNICODE')
|
||||||
|
|
||||||
|
@ -60,7 +60,7 @@ class Connector(GenericConnector):
|
||||||
except (psycopg2.OperationalError, psycopg2.ProgrammingError), msg:
|
except (psycopg2.OperationalError, psycopg2.ProgrammingError), msg:
|
||||||
logger.warn(("(remote) %s" % msg).strip())
|
logger.warn(("(remote) %s" % msg).strip())
|
||||||
except psycopg2.InternalError, msg:
|
except psycopg2.InternalError, msg:
|
||||||
raise SqlmapConnectionException, msg
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
self.connector.commit()
|
self.connector.commit()
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,7 @@ class Filesystem(GenericFilesystem):
|
||||||
def unionWriteFile(self, wFile, dFile, fileType):
|
def unionWriteFile(self, wFile, dFile, fileType):
|
||||||
errMsg = "PostgreSQL does not support file upload with UNION "
|
errMsg = "PostgreSQL does not support file upload with UNION "
|
||||||
errMsg += "query SQL injection technique"
|
errMsg += "query SQL injection technique"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def stackedWriteFile(self, wFile, dFile, fileType):
|
def stackedWriteFile(self, wFile, dFile, fileType):
|
||||||
wFileSize = os.path.getsize(wFile)
|
wFileSize = os.path.getsize(wFile)
|
||||||
|
@ -39,7 +39,7 @@ class Filesystem(GenericFilesystem):
|
||||||
if wFileSize > 8192:
|
if wFileSize > 8192:
|
||||||
errMsg = "on PostgreSQL it is not possible to write files "
|
errMsg = "on PostgreSQL it is not possible to write files "
|
||||||
errMsg += "bigger than 8192 bytes at the moment"
|
errMsg += "bigger than 8192 bytes at the moment"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
self.oid = randomInt()
|
self.oid = randomInt()
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find("'")
|
index = expression[firstIndex:].find("'")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index
|
lastIndex = firstIndex + index
|
||||||
old = "'%s'" % expression[firstIndex:lastIndex]
|
old = "'%s'" % expression[firstIndex:lastIndex]
|
||||||
|
@ -52,7 +52,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex:].find("))")
|
index = expression[firstIndex:].find("))")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ) in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
lastIndex = firstIndex + index + 1
|
||||||
old = expression[firstIndex:lastIndex]
|
old = expression[firstIndex:lastIndex]
|
||||||
|
|
|
@ -53,7 +53,7 @@ class Takeover(GenericTakeover):
|
||||||
majorVer = "8.2"
|
majorVer = "8.2"
|
||||||
else:
|
else:
|
||||||
errMsg = "unsupported feature on versions of PostgreSQL before 8.2"
|
errMsg = "unsupported feature on versions of PostgreSQL before 8.2"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
if Backend.isOs(OS.WINDOWS):
|
if Backend.isOs(OS.WINDOWS):
|
||||||
self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer)
|
self.udfLocalFile += "/postgresql/windows/%d/%s/lib_postgresqludf_sys.dll" % (Backend.getArch(), majorVer)
|
||||||
|
|
|
@ -56,12 +56,12 @@ class Connector(GenericConnector):
|
||||||
except ImportError:
|
except ImportError:
|
||||||
errMsg = "sqlmap requires 'python-sqlite2' third-party library "
|
errMsg = "sqlmap requires 'python-sqlite2' third-party library "
|
||||||
errMsg += "in order to directly connect to the database '%s'" % self.db
|
errMsg += "in order to directly connect to the database '%s'" % self.db
|
||||||
raise SqlmapMissingDependence, errMsg
|
raise SqlmapMissingDependence(errMsg)
|
||||||
|
|
||||||
self.__sqlite = sqlite
|
self.__sqlite = sqlite
|
||||||
self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout)
|
self.connector = self.__sqlite.connect(database=self.db, check_same_thread=False, timeout=conf.timeout)
|
||||||
except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg:
|
except (self.__sqlite.DatabaseError, self.__sqlite.OperationalError), msg:
|
||||||
raise SqlmapConnectionException, msg[0]
|
raise SqlmapConnectionException(msg[0])
|
||||||
|
|
||||||
self.setCursor()
|
self.setCursor()
|
||||||
self.connected()
|
self.connected()
|
||||||
|
@ -79,7 +79,7 @@ class Connector(GenericConnector):
|
||||||
except self.__sqlite.OperationalError, msg:
|
except self.__sqlite.OperationalError, msg:
|
||||||
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[0])
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[0])
|
||||||
except self.__sqlite.DatabaseError, msg:
|
except self.__sqlite.DatabaseError, msg:
|
||||||
raise SqlmapConnectionException, msg[0]
|
raise SqlmapConnectionException(msg[0])
|
||||||
|
|
||||||
self.connector.commit()
|
self.connector.commit()
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,7 @@ class Enumeration(GenericEnumeration):
|
||||||
|
|
||||||
def searchColumn(self):
|
def searchColumn(self):
|
||||||
errMsg = "on SQLite you must specify the table and columns to dump"
|
errMsg = "on SQLite you must specify the table and columns to dump"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def getHostname(self):
|
def getHostname(self):
|
||||||
warnMsg = "on SQLite it is not possible to enumerate the hostname"
|
warnMsg = "on SQLite it is not possible to enumerate the hostname"
|
||||||
|
|
|
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
|
||||||
|
|
||||||
def readFile(self, rFile):
|
def readFile(self, rFile):
|
||||||
errMsg = "on SQLite it is not possible to read files"
|
errMsg = "on SQLite it is not possible to read files"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def writeFile(self, wFile, dFile, fileType=None):
|
def writeFile(self, wFile, dFile, fileType=None):
|
||||||
errMsg = "on SQLite it is not possible to write files"
|
errMsg = "on SQLite it is not possible to write files"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -42,7 +42,7 @@ class Syntax(GenericSyntax):
|
||||||
index = expression[firstIndex+2:].find("'")
|
index = expression[firstIndex+2:].find("'")
|
||||||
|
|
||||||
if index == -1:
|
if index == -1:
|
||||||
raise SqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
|
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 3
|
lastIndex = firstIndex + index + 3
|
||||||
old = expression[firstIndex:lastIndex]
|
old = expression[firstIndex:lastIndex]
|
||||||
|
|
|
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
|
||||||
|
|
||||||
def osCmd(self):
|
def osCmd(self):
|
||||||
errMsg = "on SQLite it is not possible to execute commands"
|
errMsg = "on SQLite it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osShell(self):
|
def osShell(self):
|
||||||
errMsg = "on SQLite it is not possible to execute commands"
|
errMsg = "on SQLite it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osPwn(self):
|
def osPwn(self):
|
||||||
errMsg = "on SQLite it is not possible to establish an "
|
errMsg = "on SQLite it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osSmb(self):
|
def osSmb(self):
|
||||||
errMsg = "on SQLite it is not possible to establish an "
|
errMsg = "on SQLite it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -42,7 +42,7 @@ class Connector(GenericConnector):
|
||||||
try:
|
try:
|
||||||
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
|
self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout)
|
||||||
except pymssql.OperationalError, msg:
|
except pymssql.OperationalError, msg:
|
||||||
raise SqlmapConnectionException, msg
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
self.setCursor()
|
self.setCursor()
|
||||||
self.connected()
|
self.connected()
|
||||||
|
@ -60,7 +60,7 @@ class Connector(GenericConnector):
|
||||||
except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
|
except (pymssql.OperationalError, pymssql.ProgrammingError), msg:
|
||||||
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
|
logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg)
|
||||||
except pymssql.InternalError, msg:
|
except pymssql.InternalError, msg:
|
||||||
raise SqlmapConnectionException, msg
|
raise SqlmapConnectionException(msg)
|
||||||
|
|
||||||
def select(self, query):
|
def select(self, query):
|
||||||
self.execute(query)
|
self.execute(query)
|
||||||
|
|
|
@ -172,7 +172,7 @@ class Enumeration(GenericEnumeration):
|
||||||
if ',' in conf.db:
|
if ',' in conf.db:
|
||||||
errMsg = "only one database name is allowed when enumerating "
|
errMsg = "only one database name is allowed when enumerating "
|
||||||
errMsg += "the tables' columns"
|
errMsg += "the tables' columns"
|
||||||
raise SqlmapMissingMandatoryOptionException, errMsg
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
conf.db = safeSQLIdentificatorNaming(conf.db)
|
conf.db = safeSQLIdentificatorNaming(conf.db)
|
||||||
|
|
||||||
|
@ -197,7 +197,7 @@ class Enumeration(GenericEnumeration):
|
||||||
else:
|
else:
|
||||||
errMsg = "unable to retrieve the tables "
|
errMsg = "unable to retrieve the tables "
|
||||||
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
errMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
for tbl in tblList:
|
for tbl in tblList:
|
||||||
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl)
|
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl)
|
||||||
|
|
|
@ -14,8 +14,8 @@ class Filesystem(GenericFilesystem):
|
||||||
|
|
||||||
def readFile(self, rFile):
|
def readFile(self, rFile):
|
||||||
errMsg = "on Sybase it is not possible to read files"
|
errMsg = "on Sybase it is not possible to read files"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def writeFile(self, wFile, dFile, fileType=None):
|
def writeFile(self, wFile, dFile, fileType=None):
|
||||||
errMsg = "on Sybase it is not possible to write files"
|
errMsg = "on Sybase it is not possible to write files"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -14,18 +14,18 @@ class Takeover(GenericTakeover):
|
||||||
|
|
||||||
def osCmd(self):
|
def osCmd(self):
|
||||||
errMsg = "on Sybase it is not possible to execute commands"
|
errMsg = "on Sybase it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osShell(self):
|
def osShell(self):
|
||||||
errMsg = "on Sybase it is not possible to execute commands"
|
errMsg = "on Sybase it is not possible to execute commands"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osPwn(self):
|
def osPwn(self):
|
||||||
errMsg = "on Sybase it is not possible to establish an "
|
errMsg = "on Sybase it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
def osSmb(self):
|
def osSmb(self):
|
||||||
errMsg = "on Sybase it is not possible to establish an "
|
errMsg = "on Sybase it is not possible to establish an "
|
||||||
errMsg += "out-of-band connection"
|
errMsg += "out-of-band connection"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
|
@ -59,24 +59,24 @@ class Connector:
|
||||||
def checkFileDb(self):
|
def checkFileDb(self):
|
||||||
if not os.path.exists(self.db):
|
if not os.path.exists(self.db):
|
||||||
errMsg = "the provided database file '%s' does not exist" % self.db
|
errMsg = "the provided database file '%s' does not exist" % self.db
|
||||||
raise SqlmapFilePathException, errMsg
|
raise SqlmapFilePathException(errMsg)
|
||||||
|
|
||||||
def connect(self):
|
def connect(self):
|
||||||
errMsg = "'connect' method must be defined "
|
errMsg = "'connect' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def fetchall(self):
|
def fetchall(self):
|
||||||
errMsg = "'fetchall' method must be defined "
|
errMsg = "'fetchall' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def execute(self, query):
|
def execute(self, query):
|
||||||
errMsg = "'execute' method must be defined "
|
errMsg = "'execute' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def select(self, query):
|
def select(self, query):
|
||||||
errMsg = "'select' method must be defined "
|
errMsg = "'select' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
|
@ -166,7 +166,7 @@ class Databases:
|
||||||
kb.data.cachedDbs = [kb.data.currentDb]
|
kb.data.cachedDbs = [kb.data.currentDb]
|
||||||
else:
|
else:
|
||||||
errMsg = "unable to retrieve the database names"
|
errMsg = "unable to retrieve the database names"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
else:
|
else:
|
||||||
kb.data.cachedDbs.sort()
|
kb.data.cachedDbs.sort()
|
||||||
|
|
||||||
|
@ -354,7 +354,7 @@ class Databases:
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
return self.getTables(bruteForce=True)
|
return self.getTables(bruteForce=True)
|
||||||
else:
|
else:
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
else:
|
else:
|
||||||
for db, tables in kb.data.cachedTables.items():
|
for db, tables in kb.data.cachedTables.items():
|
||||||
kb.data.cachedTables[db] = sorted(tables) if tables else tables
|
kb.data.cachedTables[db] = sorted(tables) if tables else tables
|
||||||
|
@ -384,7 +384,7 @@ class Databases:
|
||||||
if ',' in conf.db:
|
if ',' in conf.db:
|
||||||
errMsg = "only one database name is allowed when enumerating "
|
errMsg = "only one database name is allowed when enumerating "
|
||||||
errMsg += "the tables' columns"
|
errMsg += "the tables' columns"
|
||||||
raise SqlmapMissingMandatoryOptionException, errMsg
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
conf.db = safeSQLIdentificatorNaming(conf.db)
|
conf.db = safeSQLIdentificatorNaming(conf.db)
|
||||||
|
|
||||||
|
@ -422,7 +422,7 @@ class Databases:
|
||||||
else:
|
else:
|
||||||
errMsg = "unable to retrieve the tables "
|
errMsg = "unable to retrieve the tables "
|
||||||
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
for tbl in tblList:
|
for tbl in tblList:
|
||||||
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
||||||
|
|
|
@ -67,7 +67,7 @@ class Entries:
|
||||||
if ',' in conf.db:
|
if ',' in conf.db:
|
||||||
errMsg = "only one database name is allowed when enumerating "
|
errMsg = "only one database name is allowed when enumerating "
|
||||||
errMsg += "the tables' columns"
|
errMsg += "the tables' columns"
|
||||||
raise SqlmapMissingMandatoryOptionException, errMsg
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
||||||
conf.db = safeSQLIdentificatorNaming(conf.db)
|
conf.db = safeSQLIdentificatorNaming(conf.db)
|
||||||
|
|
||||||
|
@ -87,7 +87,7 @@ class Entries:
|
||||||
else:
|
else:
|
||||||
errMsg = "unable to retrieve the tables "
|
errMsg = "unable to retrieve the tables "
|
||||||
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
errMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
for tbl in tblList:
|
for tbl in tblList:
|
||||||
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True)
|
||||||
|
@ -329,7 +329,7 @@ class Entries:
|
||||||
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
if Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema:
|
||||||
errMsg = "information_schema not available, "
|
errMsg = "information_schema not available, "
|
||||||
errMsg += "back-end DBMS is MySQL < 5.0"
|
errMsg += "back-end DBMS is MySQL < 5.0"
|
||||||
raise SqlmapUnsupportedFeatureException, errMsg
|
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||||
|
|
||||||
infoMsg = "sqlmap will dump entries of all tables from all databases now"
|
infoMsg = "sqlmap will dump entries of all tables from all databases now"
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
|
@ -161,22 +161,22 @@ class Filesystem:
|
||||||
def nonStackedReadFile(self, remoteFile):
|
def nonStackedReadFile(self, remoteFile):
|
||||||
errMsg = "'nonStackedReadFile' method must be defined "
|
errMsg = "'nonStackedReadFile' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def stackedReadFile(self, remoteFile):
|
def stackedReadFile(self, remoteFile):
|
||||||
errMsg = "'stackedReadFile' method must be defined "
|
errMsg = "'stackedReadFile' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def unionWriteFile(self, localFile, remoteFile, fileType):
|
def unionWriteFile(self, localFile, remoteFile, fileType):
|
||||||
errMsg = "'unionWriteFile' method must be defined "
|
errMsg = "'unionWriteFile' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def stackedWriteFile(self, localFile, remoteFile, fileType):
|
def stackedWriteFile(self, localFile, remoteFile, fileType):
|
||||||
errMsg = "'stackedWriteFile' method must be defined "
|
errMsg = "'stackedWriteFile' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def readFile(self, remoteFiles):
|
def readFile(self, remoteFiles):
|
||||||
localFilePaths = []
|
localFilePaths = []
|
||||||
|
|
|
@ -22,17 +22,17 @@ class Fingerprint:
|
||||||
def getFingerprint(self):
|
def getFingerprint(self):
|
||||||
errMsg = "'getFingerprint' method must be defined "
|
errMsg = "'getFingerprint' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def checkDbms(self):
|
def checkDbms(self):
|
||||||
errMsg = "'checkDbms' method must be defined "
|
errMsg = "'checkDbms' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def checkDbmsOs(self, detailed=False):
|
def checkDbmsOs(self, detailed=False):
|
||||||
errMsg = "'checkDbmsOs' method must be defined "
|
errMsg = "'checkDbmsOs' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def forceDbmsEnum(self):
|
def forceDbmsEnum(self):
|
||||||
pass
|
pass
|
||||||
|
|
|
@ -79,7 +79,7 @@ class Miscellaneous:
|
||||||
first, last = 29, 9
|
first, last = 29, 9
|
||||||
|
|
||||||
else:
|
else:
|
||||||
raise SqlmapUnsupportedFeatureException, "unsupported DBMS"
|
raise SqlmapUnsupportedFeatureException("unsupported DBMS")
|
||||||
|
|
||||||
query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last)
|
query = queries[Backend.getIdentifiedDbms()].substring.query % (queries[Backend.getIdentifiedDbms()].banner.query, first, last)
|
||||||
|
|
||||||
|
@ -189,6 +189,6 @@ class Miscellaneous:
|
||||||
condParam = "='%s'"
|
condParam = "='%s'"
|
||||||
else:
|
else:
|
||||||
errMsg = "invalid value"
|
errMsg = "invalid value"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
return choice, condParam
|
return choice, condParam
|
||||||
|
|
|
@ -558,4 +558,4 @@ class Search:
|
||||||
else:
|
else:
|
||||||
errMsg = "missing parameter, provide -D, -T or -C along "
|
errMsg = "missing parameter, provide -D, -T or -C along "
|
||||||
errMsg += "with --search"
|
errMsg += "with --search"
|
||||||
raise SqlmapMissingMandatoryOptionException, errMsg
|
raise SqlmapMissingMandatoryOptionException(errMsg)
|
||||||
|
|
|
@ -19,10 +19,10 @@ class Syntax:
|
||||||
def unescape(expression, quote=True):
|
def unescape(expression, quote=True):
|
||||||
errMsg = "'unescape' method must be defined "
|
errMsg = "'unescape' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def escape(expression):
|
def escape(expression):
|
||||||
errMsg = "'escape' method must be defined "
|
errMsg = "'escape' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
|
@ -124,7 +124,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
||||||
errMsg += "if you want to establish an out-of-band ICMP "
|
errMsg += "if you want to establish an out-of-band ICMP "
|
||||||
errMsg += "tunnel because icmpsh uses raw sockets to "
|
errMsg += "tunnel because icmpsh uses raw sockets to "
|
||||||
errMsg += "sniff and craft ICMP packets"
|
errMsg += "sniff and craft ICMP packets"
|
||||||
raise SqlmapMissingPrivileges, errMsg
|
raise SqlmapMissingPrivileges(errMsg)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from impacket import ImpactDecoder
|
from impacket import ImpactDecoder
|
||||||
|
@ -133,7 +133,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
||||||
errMsg = "sqlmap requires 'impacket' third-party library "
|
errMsg = "sqlmap requires 'impacket' third-party library "
|
||||||
errMsg += "in order to run icmpsh master. Download from "
|
errMsg += "in order to run icmpsh master. Download from "
|
||||||
errMsg += "http://oss.coresecurity.com/projects/impacket.html"
|
errMsg += "http://oss.coresecurity.com/projects/impacket.html"
|
||||||
raise SqlmapMissingDependence, errMsg
|
raise SqlmapMissingDependence(errMsg)
|
||||||
|
|
||||||
sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all"
|
sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all"
|
||||||
|
|
||||||
|
@ -325,7 +325,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
|
||||||
def uncPathRequest(self):
|
def uncPathRequest(self):
|
||||||
errMsg = "'uncPathRequest' method must be defined "
|
errMsg = "'uncPathRequest' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "into the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod, errMsg
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
||||||
def _regInit(self):
|
def _regInit(self):
|
||||||
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
|
||||||
|
|
|
@ -116,7 +116,7 @@ class Users:
|
||||||
|
|
||||||
if not isNumPosStrValue(count):
|
if not isNumPosStrValue(count):
|
||||||
errMsg = "unable to retrieve the number of database users"
|
errMsg = "unable to retrieve the number of database users"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2)
|
plusOne = Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2)
|
||||||
indexRange = getLimitRange(count, plusOne=plusOne)
|
indexRange = getLimitRange(count, plusOne=plusOne)
|
||||||
|
@ -135,7 +135,7 @@ class Users:
|
||||||
|
|
||||||
if not kb.data.cachedUsers:
|
if not kb.data.cachedUsers:
|
||||||
errMsg = "unable to retrieve the database users"
|
errMsg = "unable to retrieve the database users"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
return kb.data.cachedUsers
|
return kb.data.cachedUsers
|
||||||
|
|
||||||
|
@ -296,7 +296,7 @@ class Users:
|
||||||
errMsg += "database users (most probably because the session "
|
errMsg += "database users (most probably because the session "
|
||||||
errMsg += "user has no read privileges over the relevant "
|
errMsg += "user has no read privileges over the relevant "
|
||||||
errMsg += "system database table)"
|
errMsg += "system database table)"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
else:
|
else:
|
||||||
for user in kb.data.cachedUsersPasswords:
|
for user in kb.data.cachedUsersPasswords:
|
||||||
kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user]))
|
kb.data.cachedUsersPasswords[user] = list(set(kb.data.cachedUsersPasswords[user]))
|
||||||
|
@ -585,7 +585,7 @@ class Users:
|
||||||
if not kb.data.cachedUsersPrivileges:
|
if not kb.data.cachedUsersPrivileges:
|
||||||
errMsg = "unable to retrieve the privileges "
|
errMsg = "unable to retrieve the privileges "
|
||||||
errMsg += "for the database users"
|
errMsg += "for the database users"
|
||||||
raise SqlmapNoneDataException, errMsg
|
raise SqlmapNoneDataException(errMsg)
|
||||||
|
|
||||||
return (kb.data.cachedUsersPrivileges, areAdmins)
|
return (kb.data.cachedUsersPrivileges, areAdmins)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user