diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 4aa005d10..e66a80a28 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -36,8 +36,8 @@ from lib.core.common import readInput from lib.core.common import showStaticWords from lib.core.common import singleTimeLogMessage from lib.core.common import singleTimeWarnMessage -from lib.core.common import wasLastRequestDBMSError -from lib.core.common import wasLastRequestHTTPError +from lib.core.common import wasLastResponseDBMSError +from lib.core.common import wasLastResponseHTTPError from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -695,7 +695,7 @@ def heuristicCheckSqlInjection(place, parameter): logger.debug(debugMsg) return None - if wasLastRequestDBMSError(): + if wasLastResponseDBMSError(): debugMsg = "heuristic checking skipped " debugMsg += "because original page content " debugMsg += "contains DBMS error" @@ -723,7 +723,7 @@ def heuristicCheckSqlInjection(place, parameter): page, _ = Request.queryPage(payload, place, content=True, raise404=False) parseFilePaths(page) - result = wasLastRequestDBMSError() + result = wasLastResponseDBMSError() infoMsg = "heuristic test shows that %s " % place infoMsg += "parameter '%s' might " % parameter @@ -1083,14 +1083,14 @@ def checkConnection(suppressOutput=False): kb.errorIsNone = False - if not kb.originalPage and wasLastRequestHTTPError(): + if not kb.originalPage and wasLastResponseHTTPError(): errMsg = "unable to retrieve page content" raise SqlmapConnectionException(errMsg) - elif wasLastRequestDBMSError(): + elif wasLastResponseDBMSError(): warnMsg = "there is a DBMS error found in the HTTP response body " warnMsg += "which could interfere with the results of the tests" logger.warn(warnMsg) - elif wasLastRequestHTTPError(): + elif wasLastResponseHTTPError(): warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError() warnMsg += "which could interfere with the results of the tests" logger.warn(warnMsg) diff --git a/lib/core/common.py b/lib/core/common.py index b0eeaddd8..d7b6c5953 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1878,7 +1878,7 @@ def popValue(): return getCurrentThreadData().valueStack.pop() -def wasLastRequestDBMSError(): +def wasLastResponseDBMSError(): """ Returns True if the last web request resulted in a (recognized) DBMS error page """ @@ -1886,7 +1886,7 @@ def wasLastRequestDBMSError(): threadData = getCurrentThreadData() return threadData.lastErrorPage and threadData.lastErrorPage[0] == threadData.lastRequestUID -def wasLastRequestHTTPError(): +def wasLastResponseHTTPError(): """ Returns True if the last web request resulted in an errornous HTTP code (like 500) """ @@ -1894,7 +1894,7 @@ def wasLastRequestHTTPError(): threadData = getCurrentThreadData() return threadData.lastHTTPError and threadData.lastHTTPError[0] == threadData.lastRequestUID -def wasLastRequestDelayed(): +def wasLastResponseDelayed(): """ Returns True if the last web request resulted in a time-delay """ diff --git a/lib/request/comparison.py b/lib/request/comparison.py index f5ac9f2d4..2db1e8975 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -11,8 +11,8 @@ from lib.core.common import extractRegexResult from lib.core.common import getFilteredPageContent from lib.core.common import listToStrValue from lib.core.common import removeDynamicContent -from lib.core.common import wasLastRequestDBMSError -from lib.core.common import wasLastRequestHTTPError +from lib.core.common import wasLastResponseDBMSError +from lib.core.common import wasLastResponseHTTPError from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -77,7 +77,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength): if page: # In case of an DBMS error page return None - if kb.errorIsNone and (wasLastRequestDBMSError() or wasLastRequestHTTPError()): + if kb.errorIsNone and (wasLastResponseDBMSError() or wasLastResponseHTTPError()): return None # Dynamic content lines to be excluded before comparison diff --git a/lib/request/connect.py b/lib/request/connect.py index ab559f36b..65a542b2d 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -34,7 +34,7 @@ from lib.core.common import readInput from lib.core.common import removeReflectiveValues from lib.core.common import singleTimeWarnMessage from lib.core.common import stdev -from lib.core.common import wasLastRequestDelayed +from lib.core.common import wasLastResponseDelayed from lib.core.common import unicodeencode from lib.core.common import urlencode from lib.core.data import conf @@ -827,7 +827,7 @@ class Connect(object): kb.testQueryCount += 1 if timeBasedCompare: - return wasLastRequestDelayed() + return wasLastResponseDelayed() elif noteResponseTime: kb.responseTimes.append(threadData.lastQueryDuration) diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index ffd6a6ce8..be840dd83 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -18,7 +18,7 @@ from lib.core.common import pushValue from lib.core.common import popValue from lib.core.common import randomStr from lib.core.common import readInput -from lib.core.common import wasLastRequestDelayed +from lib.core.common import wasLastResponseDelayed from lib.core.convert import hexencode from lib.core.data import conf from lib.core.data import kb @@ -94,7 +94,7 @@ class Xp_cmdshell: cmd = "ping -n %d 127.0.0.1" % (conf.timeSec * 2) self.xpCmdshellExecCmd(cmd) - return wasLastRequestDelayed() + return wasLastResponseDelayed() def _xpCmdshellTest(self): threadData = getCurrentThreadData() diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 76d0a1cae..835bf9925 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -22,7 +22,7 @@ from lib.core.common import removeReflectiveValues from lib.core.common import singleTimeLogMessage from lib.core.common import singleTimeWarnMessage from lib.core.common import stdev -from lib.core.common import wasLastRequestDBMSError +from lib.core.common import wasLastResponseDBMSError from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -223,7 +223,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO logger.warn(warnMsg) vector = (position, count, comment, prefix, suffix, kb.uChar, PAYLOAD.WHERE.NEGATIVE, kb.unionDuplicates) - unionErrorCase = kb.errorIsNone and wasLastRequestDBMSError() + unionErrorCase = kb.errorIsNone and wasLastResponseDBMSError() if unionErrorCase and count > 1: warnMsg = "combined UNION/error-based SQL injection case found on " diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index efe62cb0a..1132fc3ea 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -33,7 +33,7 @@ from lib.core.common import removeReflectiveValues from lib.core.common import singleTimeDebugMessage from lib.core.common import singleTimeWarnMessage from lib.core.common import unArrayizeValue -from lib.core.common import wasLastRequestDBMSError +from lib.core.common import wasLastResponseDBMSError from lib.core.convert import htmlunescape from lib.core.data import conf from lib.core.data import kb @@ -94,7 +94,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): retVal = getUnicode(retVal, kb.pageEncoding) # Special case when DBMS is Microsoft SQL Server and error message is used as a result of union injection - if Backend.isDbms(DBMS.MSSQL) and wasLastRequestDBMSError(): + if Backend.isDbms(DBMS.MSSQL) and wasLastResponseDBMSError(): retVal = htmlunescape(retVal).replace("
", "\n") hashDBWrite("%s%s" % (conf.hexConvert, expression), retVal) diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py index bb07ea37b..3e5a784f7 100644 --- a/plugins/dbms/access/fingerprint.py +++ b/plugins/dbms/access/fingerprint.py @@ -12,7 +12,7 @@ from lib.core.common import Format from lib.core.common import getCurrentThreadData from lib.core.common import randomInt from lib.core.common import randomStr -from lib.core.common import wasLastRequestDBMSError +from lib.core.common import wasLastResponseDBMSError from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -95,7 +95,7 @@ class Fingerprint(GenericFingerprint): randStr = randomStr() inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt)) - if wasLastRequestDBMSError(): + if wasLastResponseDBMSError(): threadData = getCurrentThreadData() match = re.search("Could not find file\s+'([^']+?)'", threadData.lastErrorPage[1])