mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-05-14 20:53:44 +03:00
coollyy little commits
This commit is contained in:
Miroslav Stampar
parent
d71e51e765
commit
fe2039f5ba
|
|
@ -12,6 +12,7 @@ import re
|
||||||
from xml.etree import ElementTree as ET
|
from xml.etree import ElementTree as ET
|
||||||
|
|
||||||
from lib.core.common import getCompiledRegex
|
from lib.core.common import getCompiledRegex
|
||||||
|
from lib.core.common import isDBMSVersionAtLeast
|
||||||
from lib.core.common import randomInt
|
from lib.core.common import randomInt
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
from lib.core.convert import urlencode
|
from lib.core.convert import urlencode
|
||||||
|
|
@ -214,7 +215,14 @@ class Agent:
|
||||||
|
|
||||||
if "[INFERENCE]" in payload:
|
if "[INFERENCE]" in payload:
|
||||||
if kb.dbms is not None:
|
if kb.dbms is not None:
|
||||||
inferenceQuery = queries[kb.dbms].inference.query
|
inference = queries[kb.dbms].inference
|
||||||
|
if "dbms_version" in inference:
|
||||||
|
if isDBMSVersionAtLeast(inference.dbms_version):
|
||||||
|
inferenceQuery = inference.query
|
||||||
|
else:
|
||||||
|
inferenceQuery = inference.query2
|
||||||
|
else:
|
||||||
|
inferenceQuery = inference.query
|
||||||
payload = payload.replace("[INFERENCE]", inferenceQuery)
|
payload = payload.replace("[INFERENCE]", inferenceQuery)
|
||||||
elif kb.misc.testedDbms is not None:
|
elif kb.misc.testedDbms is not None:
|
||||||
inferenceQuery = queries[kb.misc.testedDbms].inference.query
|
inferenceQuery = queries[kb.misc.testedDbms].inference.query
|
||||||
|
|
|
||||||
|
|
@ -46,9 +46,9 @@ DUMP_TAB_MARKER = "__TAB__"
|
||||||
DUMP_START_MARKER = "__START__"
|
DUMP_START_MARKER = "__START__"
|
||||||
DUMP_STOP_MARKER = "__STOP__"
|
DUMP_STOP_MARKER = "__STOP__"
|
||||||
|
|
||||||
PAYLOAD_DELIMITER = "\x00"
|
PAYLOAD_DELIMITER = "\x00"
|
||||||
|
CHAR_INFERENCE_MARK = "%c"
|
||||||
MIN_TIME_RESPONSES = 10
|
MIN_TIME_RESPONSES = 10
|
||||||
|
|
||||||
# System variables
|
# System variables
|
||||||
IS_WIN = subprocess.mswindows
|
IS_WIN = subprocess.mswindows
|
||||||
|
|
|
||||||
|
|
@ -33,6 +33,7 @@ from lib.core.exception import sqlmapValueException
|
||||||
from lib.core.exception import sqlmapThreadException
|
from lib.core.exception import sqlmapThreadException
|
||||||
from lib.core.exception import unhandledException
|
from lib.core.exception import unhandledException
|
||||||
from lib.core.progress import ProgressBar
|
from lib.core.progress import ProgressBar
|
||||||
|
from lib.core.settings import CHAR_INFERENCE_MARK
|
||||||
from lib.core.unescaper import unescaper
|
from lib.core.unescaper import unescaper
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
|
||||||
|
|
@ -141,7 +142,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
continuousOrder means that distance between each two neighbour's
|
continuousOrder means that distance between each two neighbour's
|
||||||
numerical values is exactly 1
|
numerical values is exactly 1
|
||||||
"""
|
"""
|
||||||
|
|
||||||
result = tryHint(idx)
|
result = tryHint(idx)
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
|
|
@ -170,18 +171,14 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
position = (len(charTbl) >> 1)
|
position = (len(charTbl) >> 1)
|
||||||
posValue = charTbl[position]
|
posValue = charTbl[position]
|
||||||
|
|
||||||
if dbms in (DBMS.SQLITE, DBMS.MAXDB):
|
if CHAR_INFERENCE_MARK not in payload:
|
||||||
pushValue(posValue)
|
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
||||||
posValue = chr(posValue) if posValue < 128 else unichr(posValue)
|
else:
|
||||||
|
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else unichr(posValue))
|
||||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
|
|
||||||
|
|
||||||
queriesCount[0] += 1
|
queriesCount[0] += 1
|
||||||
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)
|
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)
|
||||||
|
|
||||||
if dbms in (DBMS.SQLITE, DBMS.MAXDB):
|
|
||||||
posValue = popValue()
|
|
||||||
|
|
||||||
if result:
|
if result:
|
||||||
minValue = posValue
|
minValue = posValue
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -303,7 +303,7 @@
|
||||||
<timedelay query="SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(1000000%d))))" dbms_version=">=3.0"/>
|
<timedelay query="SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(1000000%d))))" dbms_version=">=3.0"/>
|
||||||
<substring query="SUBSTR((%s), %d, %d)"/>
|
<substring query="SUBSTR((%s), %d, %d)"/>
|
||||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
||||||
<inference query="SUBSTR((%s), %d, 1) > '%s'"/>
|
<inference query="SUBSTR((%s), %d, 1) > '%c'"/>
|
||||||
<banner query="SELECT SQLITE_VERSION()"/>
|
<banner query="SELECT SQLITE_VERSION()"/>
|
||||||
<current_user/>
|
<current_user/>
|
||||||
<current_db/>
|
<current_db/>
|
||||||
|
|
@ -386,7 +386,7 @@
|
||||||
<inband query="SELECT DISTINCT RDB$USER FROM RDB$USER_PRIVILEGES"/>
|
<inband query="SELECT DISTINCT RDB$USER FROM RDB$USER_PRIVILEGES"/>
|
||||||
<blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/>
|
<blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$USER) FROM RDB$USER_PRIVILEGES" count="SELECT COUNT(DISTINCT(RDB$USER)) FROM RDB$USER_PRIVILEGES"/>
|
||||||
</users>
|
</users>
|
||||||
<inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version=">=2.1"/>
|
<inference query="ASCII_VAL(SUBSTRING((%s) FROM %d FOR 1)) > %d" dbms_version=">=2.1" query2="SUBSTRING((%s) FROM %d FOR 1) > '%c'"/>
|
||||||
<is_dba query="CURRENT_USER='SYSDBA'"/>
|
<is_dba query="CURRENT_USER='SYSDBA'"/>
|
||||||
<tables>
|
<tables>
|
||||||
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
|
<inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG = 0)"/>
|
||||||
|
|
@ -429,7 +429,7 @@
|
||||||
<current_db query="SELECT DATABASE() FROM DUAL"/>
|
<current_db query="SELECT DATABASE() FROM DUAL"/>
|
||||||
<order query="ORDER BY %s ASC"/>
|
<order query="ORDER BY %s ASC"/>
|
||||||
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
|
||||||
<inference query="SUBSTR((%s), %d, 1) > '%s'"/>
|
<inference query="SUBSTR((%s), %d, 1) > '%c'"/>
|
||||||
<delimiter query=","/>
|
<delimiter query=","/>
|
||||||
<substring query="SUBSTR((%s), %d, %d)"/>
|
<substring query="SUBSTR((%s), %d, %d)"/>
|
||||||
<users>
|
<users>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user