sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

few bug fixes

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-24 18:40:48 +00:00
parent 96a06351a1
commit edcf1a0872
3 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/handler.py
View File

@ -62,10 +62,7 @@ def setHandler():
( SYBASE_ALIASES, SybaseMap, SybaseConn ), ( SYBASE_ALIASES, SybaseMap, SybaseConn ),
] ]
if kb.htmlFp: inferencedDbms = (kb.htmlFp[-1] if kb.htmlFp else None) or kb.dbms
inferencedDbms = kb.htmlFp[-1]
else:
inferencedDbms = None
for injection in kb.injections: for injection in kb.injections:
if hasattr(injection, "dbms"): if hasattr(injection, "dbms"):

12
lib/techniques/blind/inference.py
View File

@ -127,7 +127,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, posValue)) forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, posValue))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
if result: if result:
return hintValue[idx-1] return hintValue[idx-1]
@ -161,7 +161,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if len(charTbl) == 1: if len(charTbl) == 1:
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0])) forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0]))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
if result: if result:
return chr(charTbl[0]) if charTbl[0] < 128 else unichr(charTbl[0]) return chr(charTbl[0]) if charTbl[0] < 128 else unichr(charTbl[0])
@ -181,7 +181,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else unichr(posValue)) forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else unichr(posValue))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
if result: if result:
minValue = posValue minValue = posValue
@ -233,7 +233,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]): for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]):
forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal)) forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal))
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
if result: if result:
return chr(retVal) if retVal < 128 else unichr(retVal) return chr(retVal) if retVal < 128 else unichr(retVal)
@ -433,7 +433,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue))) query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
query = agent.suffixQuery(query) query = agent.suffixQuery(query)
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare) result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
# Did we have luck? # Did we have luck?
if result: if result:
@ -457,7 +457,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue))) query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
query = agent.suffixQuery(query) query = agent.suffixQuery(query)
queriesCount[0] += 1 queriesCount[0] += 1
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare) result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
# Did we have luck? # Did we have luck?
if result: if result:

4
xml/queries.xml
View File

@ -335,7 +335,7 @@
<dbms value="Microsoft Access"> <dbms value="Microsoft Access">
<cast query="CVAR(%s)"/> <cast query="CVAR(%s)"/>
<length query="LEN(%s)"/> <length query="LEN(%s)"/>
<isnull query="IIF(ISNULL(%s), ' ', %s)"/> <isnull query="IIF(LEN(%s)=0, ' ', %s)"/>
<delimiter query=","/> <delimiter query=","/>
<limit query="TOP %d"/> <limit query="TOP %d"/>
<limitregexp query="\s+TOP\s+([\d]+)"/> <limitregexp query="\s+TOP\s+([\d]+)"/>
@ -352,7 +352,7 @@
<!--CURRENTUSER() is not available outside the MS Access query tool itself--> <!--CURRENTUSER() is not available outside the MS Access query tool itself-->
<current_user/> <current_user/>
<current_db/> <current_db/>
<inference query="MID((%s), %d, 1) > CHR(%d)"/> <inference query="ASC(MID((%s), %d, 1)) > %d"/>
<is_dba/> <is_dba/>
<dbs/> <dbs/>
<!--MSysObjects have no read permission by default--> <!--MSysObjects have no read permission by default-->