mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 05:04:11 +03:00
coollyy little commits
This commit is contained in:
parent
d71e51e765
commit
fe2039f5ba
|
@ -12,6 +12,7 @@ import re
|
|||
from xml.etree import ElementTree as ET
|
||||
|
||||
from lib.core.common import getCompiledRegex
|
||||
from lib.core.common import isDBMSVersionAtLeast
|
||||
from lib.core.common import randomInt
|
||||
from lib.core.common import randomStr
|
||||
from lib.core.convert import urlencode
|
||||
|
@ -214,7 +215,14 @@ class Agent:
|
|||
|
||||
if "[INFERENCE]" in payload:
|
||||
if kb.dbms is not None:
|
||||
inferenceQuery = queries[kb.dbms].inference.query
|
||||
inference = queries[kb.dbms].inference
|
||||
if "dbms_version" in inference:
|
||||
if isDBMSVersionAtLeast(inference.dbms_version):
|
||||
inferenceQuery = inference.query
|
||||
else:
|
||||
inferenceQuery = inference.query2
|
||||
else:
|
||||
inferenceQuery = inference.query
|
||||
payload = payload.replace("[INFERENCE]", inferenceQuery)
|
||||
elif kb.misc.testedDbms is not None:
|
||||
inferenceQuery = queries[kb.misc.testedDbms].inference.query
|
||||
|
|
|
@ -46,9 +46,9 @@ DUMP_TAB_MARKER = "__TAB__"
|
|||
DUMP_START_MARKER = "__START__"
|
||||
DUMP_STOP_MARKER = "__STOP__"
|
||||
|
||||
PAYLOAD_DELIMITER = "\x00"
|
||||
|
||||
MIN_TIME_RESPONSES = 10
|
||||
PAYLOAD_DELIMITER = "\x00"
|
||||
CHAR_INFERENCE_MARK = "%c"
|
||||
MIN_TIME_RESPONSES = 10
|
||||
|
||||
# System variables
|
||||
IS_WIN = subprocess.mswindows
|
||||
|
|
|
@ -33,6 +33,7 @@ from lib.core.exception import sqlmapValueException
|
|||
from lib.core.exception import sqlmapThreadException
|
||||
from lib.core.exception import unhandledException
|
||||
from lib.core.progress import ProgressBar
|
||||
from lib.core.settings import CHAR_INFERENCE_MARK
|
||||
from lib.core.unescaper import unescaper
|
||||
from lib.request.connect import Connect as Request
|
||||
|
||||
|
@ -141,7 +142,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
continuousOrder means that distance between each two neighbour's
|
||||
numerical values is exactly 1
|
||||
"""
|
||||
|
||||
|
||||
result = tryHint(idx)
|
||||
|
||||
if result:
|
||||
|
@ -170,18 +171,14 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
position = (len(charTbl) >> 1)
|
||||
posValue = charTbl[position]
|
||||
|
||||
if dbms in (DBMS.SQLITE, DBMS.MAXDB):
|
||||
pushValue(posValue)
|
||||
posValue = chr(posValue) if posValue < 128 else unichr(posValue)
|
||||
|
||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||
if CHAR_INFERENCE_MARK not in payload:
|
||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||
else:
|
||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else unichr(posValue))
|
||||
|
||||
queriesCount[0] += 1
|
||||
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)
|
||||
|
||||
if dbms in (DBMS.SQLITE, DBMS.MAXDB):
|
||||
posValue = popValue()
|
||||
|
||||
if result:
|
||||
minValue = posValue
|
||||
|
||||
|
|
|
@ -303,7 +303,7 @@
|
|||
<timedelay query="SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(1000000%d))))" dbms_version=">=3.0"/>
|
||||
<substring query="SUBSTR((%s), %d, %d)"/>
|
||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
||||
<inference query="SUBSTR((%s), %d, 1) > '%s'"/>
|
||||
<inference query="SUBSTR((%s), %d, 1) > '%c'"/>
|
||||
<banner query="SELECT SQLITE_VERSION()"/>
|
||||
<current_user/>
|
||||
<current_db/>
|
||||
|
@ -386,7 +386,7 @@
|
|||
<inband query="SELECT DISTINCT RDB$USER FROM RDB$USER_PRIVILEGES"/>
|
||||
<blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/>
|
||||
</users>
|
||||
<inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version=">=2.1"/>
|
||||
<inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version=">=2.1" query2="SUBSTRING((%s) FROM %d FOR 1) > '%c'"/>
|
||||
<is_dba query="CURRENT_USER='SYSDBA'"/>
|
||||
<tables>
|
||||
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
|
||||
|
@ -429,7 +429,7 @@
|
|||
<current_db query="SELECT DATABASE() FROM DUAL"/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
||||
<inference query="SUBSTR((%s), %d, 1) > '%s'"/>
|
||||
<inference query="SUBSTR((%s), %d, 1) > '%c'"/>
|
||||
<delimiter query=","/>
|
||||
<substring query="SUBSTR((%s), %d, %d)"/>
|
||||
<users>
|
||||
|
|
Loading…
Reference in New Issue
Block a user