From f6ff1a115a8693dfce3ee2448b17949bcbee59fd Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 22 May 2016 21:29:08 +0200 Subject: [PATCH] Better (automatic) picking of a --string candidate (especially in case of international pages) --- lib/controller/checks.py | 11 ++++++++++- lib/core/settings.py | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 4184a423e..4ee3b55a1 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -471,11 +471,20 @@ def checkSqlInjection(place, parameter, value): if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable: trueSet = set(extractTextTagContent(truePage)) + trueSet = trueSet.union(__ for _ in trueSet for __ in _.split()) + falseSet = set(extractTextTagContent(falsePage)) + falseSet = falseSet.union(__ for _ in falseSet for __ in _.split()) + candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage and _.strip() not in threadData.lastComparisonHeaders else None for _ in (trueSet - falseSet))) if candidates: - conf.string = candidates[0] + candidates = sorted(candidates, key=lambda _: len(_)) + for candidate in candidates: + if re.match(r"\A\w+\Z", candidate): + break + conf.string = candidate + infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (paramType, parameter, title, repr(conf.string).lstrip('u').strip("'")) logger.info(infoMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0df337def..3d40e41e6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.5.45" +VERSION = "1.0.5.46" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")