diff --git a/lib/core/option.py b/lib/core/option.py index 8de084113..9e37d3cc4 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1833,6 +1833,8 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.cache.regex = {} kb.cache.stdev = {} + kb.captchaDetected = None + kb.chars = AttribDict() kb.chars.delimiter = randomStr(length=6, lowercase=True) kb.chars.start = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, alphabet=KB_CHARS_LOW_FREQUENCY_ALPHABET), KB_CHARS_BOUNDARY_CHAR) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3dbcbc8f1..66a1a26b4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.6.7" +VERSION = "1.0.6.8" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") diff --git a/lib/request/basic.py b/lib/request/basic.py index bdc7bf0b6..9c2352087 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -354,6 +354,15 @@ def processResponse(page, responseHeaders): conf.paramDict[PLACE.POST][name] = value conf.parameters[PLACE.POST] = re.sub("(?i)(%s=)[^&]+" % name, r"\g<1>%s" % value, conf.parameters[PLACE.POST]) + page += "
\n
\ncaptcha
" + if not kb.captchaDetected and re.search(r"(?i)captcha", page or ""): + for match in re.finditer(r"(?si)", page): + if re.search(r"(?i)captcha", match.group(0)): + kb.captchaDetected = True + errMsg = "potential CAPTCHA protection mechanism detected" + singleTimeLogMessage(errMsg, logging.ERROR) + break + if re.search(BLOCKED_IP_REGEX, page): errMsg = "it appears that you have been blocked by the target server" singleTimeLogMessage(errMsg, logging.ERROR)