sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-09 08:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Better naming

Browse Source
This commit is contained in:
Miroslav Stampar 2013-01-29 20:53:11 +01:00
parent 95b922309c
commit f41460f8d8
8 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/controller/checks.py
View File

@ -36,8 +36,8 @@ from lib.core.common import readInput
from lib.core.common import showStaticWords from lib.core.common import showStaticWords
from lib.core.common import singleTimeLogMessage from lib.core.common import singleTimeLogMessage
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastResponseDBMSError
from lib.core.common import wasLastRequestHTTPError from lib.core.common import wasLastResponseHTTPError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -695,7 +695,7 @@ def heuristicCheckSqlInjection(place, parameter):
logger.debug(debugMsg) logger.debug(debugMsg)
return None return None
if wasLastRequestDBMSError(): if wasLastResponseDBMSError():
debugMsg = "heuristic checking skipped " debugMsg = "heuristic checking skipped "
debugMsg += "because original page content " debugMsg += "because original page content "
debugMsg += "contains DBMS error" debugMsg += "contains DBMS error"
@ -723,7 +723,7 @@ def heuristicCheckSqlInjection(place, parameter):
page, _ = Request.queryPage(payload, place, content=True, raise404=False) page, _ = Request.queryPage(payload, place, content=True, raise404=False)
parseFilePaths(page) parseFilePaths(page)
result = wasLastRequestDBMSError() result = wasLastResponseDBMSError()
infoMsg = "heuristic test shows that %s " % place infoMsg = "heuristic test shows that %s " % place
infoMsg += "parameter '%s' might " % parameter infoMsg += "parameter '%s' might " % parameter
@ -1083,14 +1083,14 @@ def checkConnection(suppressOutput=False):
kb.errorIsNone = False kb.errorIsNone = False
if not kb.originalPage and wasLastRequestHTTPError(): if not kb.originalPage and wasLastResponseHTTPError():
errMsg = "unable to retrieve page content" errMsg = "unable to retrieve page content"
raise SqlmapConnectionException(errMsg) raise SqlmapConnectionException(errMsg)
elif wasLastRequestDBMSError(): elif wasLastResponseDBMSError():
warnMsg = "there is a DBMS error found in the HTTP response body " warnMsg = "there is a DBMS error found in the HTTP response body "
warnMsg += "which could interfere with the results of the tests" warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg) logger.warn(warnMsg)
elif wasLastRequestHTTPError(): elif wasLastResponseHTTPError():
warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError() warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError()
warnMsg += "which could interfere with the results of the tests" warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg) logger.warn(warnMsg)

6
lib/core/common.py
View File

@ -1878,7 +1878,7 @@ def popValue():
return getCurrentThreadData().valueStack.pop() return getCurrentThreadData().valueStack.pop()
def wasLastRequestDBMSError(): def wasLastResponseDBMSError():
""" """
Returns True if the last web request resulted in a (recognized) DBMS error page Returns True if the last web request resulted in a (recognized) DBMS error page
""" """
@ -1886,7 +1886,7 @@ def wasLastRequestDBMSError():
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
return threadData.lastErrorPage and threadData.lastErrorPage[0] == threadData.lastRequestUID return threadData.lastErrorPage and threadData.lastErrorPage[0] == threadData.lastRequestUID
def wasLastRequestHTTPError(): def wasLastResponseHTTPError():
""" """
Returns True if the last web request resulted in an errornous HTTP code (like 500) Returns True if the last web request resulted in an errornous HTTP code (like 500)
""" """
@ -1894,7 +1894,7 @@ def wasLastRequestHTTPError():
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
return threadData.lastHTTPError and threadData.lastHTTPError[0] == threadData.lastRequestUID return threadData.lastHTTPError and threadData.lastHTTPError[0] == threadData.lastRequestUID
def wasLastRequestDelayed(): def wasLastResponseDelayed():
""" """
Returns True if the last web request resulted in a time-delay Returns True if the last web request resulted in a time-delay
""" """

6
lib/request/comparison.py
View File

@ -11,8 +11,8 @@ from lib.core.common import extractRegexResult
from lib.core.common import getFilteredPageContent from lib.core.common import getFilteredPageContent
from lib.core.common import listToStrValue from lib.core.common import listToStrValue
from lib.core.common import removeDynamicContent from lib.core.common import removeDynamicContent
from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastResponseDBMSError
from lib.core.common import wasLastRequestHTTPError from lib.core.common import wasLastResponseHTTPError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -77,7 +77,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
if page: if page:
# In case of an DBMS error page return None # In case of an DBMS error page return None
if kb.errorIsNone and (wasLastRequestDBMSError() or wasLastRequestHTTPError()): if kb.errorIsNone and (wasLastResponseDBMSError() or wasLastResponseHTTPError()):
return None return None
# Dynamic content lines to be excluded before comparison # Dynamic content lines to be excluded before comparison

4
lib/request/connect.py
View File

@ -34,7 +34,7 @@ from lib.core.common import readInput
from lib.core.common import removeReflectiveValues from lib.core.common import removeReflectiveValues
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
from lib.core.common import stdev from lib.core.common import stdev
from lib.core.common import wasLastRequestDelayed from lib.core.common import wasLastResponseDelayed
from lib.core.common import unicodeencode from lib.core.common import unicodeencode
from lib.core.common import urlencode from lib.core.common import urlencode
from lib.core.data import conf from lib.core.data import conf
@ -827,7 +827,7 @@ class Connect(object):
kb.testQueryCount += 1 kb.testQueryCount += 1
if timeBasedCompare: if timeBasedCompare:
return wasLastRequestDelayed() return wasLastResponseDelayed()
elif noteResponseTime: elif noteResponseTime:
kb.responseTimes.append(threadData.lastQueryDuration) kb.responseTimes.append(threadData.lastQueryDuration)

4
lib/takeover/xp_cmdshell.py
View File

@ -18,7 +18,7 @@ from lib.core.common import pushValue
from lib.core.common import popValue from lib.core.common import popValue
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import wasLastRequestDelayed from lib.core.common import wasLastResponseDelayed
from lib.core.convert import hexencode from lib.core.convert import hexencode
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -94,7 +94,7 @@ class Xp_cmdshell:
cmd = "ping -n %d 127.0.0.1" % (conf.timeSec * 2) cmd = "ping -n %d 127.0.0.1" % (conf.timeSec * 2)
self.xpCmdshellExecCmd(cmd) self.xpCmdshellExecCmd(cmd)
return wasLastRequestDelayed() return wasLastResponseDelayed()
def _xpCmdshellTest(self): def _xpCmdshellTest(self):
threadData = getCurrentThreadData() threadData = getCurrentThreadData()

4
lib/techniques/union/test.py
View File

@ -22,7 +22,7 @@ from lib.core.common import removeReflectiveValues
from lib.core.common import singleTimeLogMessage from lib.core.common import singleTimeLogMessage
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
from lib.core.common import stdev from lib.core.common import stdev
from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastResponseDBMSError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -223,7 +223,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
logger.warn(warnMsg) logger.warn(warnMsg)
vector = (position, count, comment, prefix, suffix, kb.uChar, PAYLOAD.WHERE.NEGATIVE, kb.unionDuplicates) vector = (position, count, comment, prefix, suffix, kb.uChar, PAYLOAD.WHERE.NEGATIVE, kb.unionDuplicates)
unionErrorCase = kb.errorIsNone and wasLastRequestDBMSError() unionErrorCase = kb.errorIsNone and wasLastResponseDBMSError()
if unionErrorCase and count > 1: if unionErrorCase and count > 1:
warnMsg = "combined UNION/error-based SQL injection case found on " warnMsg = "combined UNION/error-based SQL injection case found on "

4
lib/techniques/union/use.py
View File

@ -33,7 +33,7 @@ from lib.core.common import removeReflectiveValues
from lib.core.common import singleTimeDebugMessage from lib.core.common import singleTimeDebugMessage
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
from lib.core.common import unArrayizeValue from lib.core.common import unArrayizeValue
from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastResponseDBMSError
from lib.core.convert import htmlunescape from lib.core.convert import htmlunescape
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -94,7 +94,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
retVal = getUnicode(retVal, kb.pageEncoding) retVal = getUnicode(retVal, kb.pageEncoding)
# Special case when DBMS is Microsoft SQL Server and error message is used as a result of union injection # Special case when DBMS is Microsoft SQL Server and error message is used as a result of union injection
if Backend.isDbms(DBMS.MSSQL) and wasLastRequestDBMSError(): if Backend.isDbms(DBMS.MSSQL) and wasLastResponseDBMSError():
retVal = htmlunescape(retVal).replace("<br>", "\n") retVal = htmlunescape(retVal).replace("<br>", "\n")
hashDBWrite("%s%s" % (conf.hexConvert, expression), retVal) hashDBWrite("%s%s" % (conf.hexConvert, expression), retVal)

4
plugins/dbms/access/fingerprint.py
View File

@ -12,7 +12,7 @@ from lib.core.common import Format
from lib.core.common import getCurrentThreadData from lib.core.common import getCurrentThreadData
from lib.core.common import randomInt from lib.core.common import randomInt
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastResponseDBMSError
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -95,7 +95,7 @@ class Fingerprint(GenericFingerprint):
randStr = randomStr() randStr = randomStr()
inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt)) inject.checkBooleanExpression("EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt))
if wasLastRequestDBMSError(): if wasLastResponseDBMSError():
threadData = getCurrentThreadData() threadData = getCurrentThreadData()
match = re.search("Could not find file\s+'([^']+?)'", threadData.lastErrorPage[1]) match = re.search("Could not find file\s+'([^']+?)'", threadData.lastErrorPage[1])