PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-02-09 06:56:36 +00:00
Code Issues Projects Releases Wiki Activity

Minor refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2016-10-22 21:52:18 +02:00
parent e0149e1c5f
commit 0398cbdc76
10 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/common.py
View File

@@ -3228,7 +3228,7 @@ def maskSensitiveData(msg):
retVal = getUnicode(msg)
for item in filter(None, map(lambda x: conf.get(x), ("hostname", "data", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile"))):
for item in filter(None, map(lambda x: conf.get(x), ("hostname", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile"))):
regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", getUnicode(item))
while extractRegexResult(regex, retVal):
value = extractRegexResult(regex, retVal)

2
lib/core/option.py
View File

@@ -2277,7 +2277,7 @@ def _setTrafficOutputFP():
conf.trafficFP = openFile(conf.trafficFile, "w+")
def _setDNSServer():
if not conf.dnsName:
if not conf.dnsDomain:
return
infoMsg = "setting up DNS server instance"

2
lib/core/optiondict.py
View File

@@ -106,7 +106,7 @@ optDict = {
"uCols": "string",
"uChar": "string",
"uFrom": "string",
"dnsName": "string",
"dnsDomain": "string",
"secondOrder": "string",
},

4
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.10.52"
VERSION = "1.0.10.53"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -398,7 +398,7 @@ HASH_MOD_ITEM_DISPLAY = 11
MAX_INT = sys.maxint
# Options that need to be restored in multiple targets run mode
RESTORE_MERGED_OPTIONS = ("col", "db", "dnsName", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")
RESTORE_MERGED_OPTIONS = ("col", "db", "dnsDomain", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")
# Parameters to be ignored in detection phase (upper case)
IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__VIEWSTATEGENERATOR", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")

2
lib/parse/cmdline.py
View File

@@ -364,7 +364,7 @@ def cmdLineParser(argv=None):
techniques.add_option("--union-from", dest="uFrom",
help="Table to use in FROM part of UNION query SQL injection")
techniques.add_option("--dns-domain", dest="dnsName",
techniques.add_option("--dns-domain", dest="dnsDomain",
help="Domain name used for DNS exfiltration attack")
techniques.add_option("--second-order", dest="secondOrder",

6
lib/request/inject.py
View File

@@ -57,7 +57,7 @@ from lib.techniques.union.use import unionUse
def _goDns(payload, expression):
value = None
if conf.dnsName and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None:
if conf.dnsDomain and kb.dnsTest is not False and not kb.testMode and Backend.getDbms() is not None:
if kb.dnsTest is None:
dnsTest(payload)
@@ -293,7 +293,7 @@ def _goBooleanProxy(expression):
initTechnique(kb.technique)
if conf.dnsName:
if conf.dnsDomain:
query = agent.prefixQuery(kb.injection.data[kb.technique].vector)
query = agent.suffixQuery(query)
payload = agent.payload(newValue=query)
@@ -413,7 +413,7 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
if found and conf.dnsName:
if found and conf.dnsDomain:
_ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E": PAYLOAD.TECHNIQUE.ERROR, "Q": PAYLOAD.TECHNIQUE.QUERY, "U": PAYLOAD.TECHNIQUE.UNION}.items())))
warnMsg = "option '--dns-domain' will be ignored "
warnMsg += "as faster techniques are usable "

2
lib/techniques/dns/test.py
View File

@@ -24,7 +24,7 @@ def dnsTest(payload):
if not kb.dnsTest:
errMsg = "data retrieval through DNS channel failed"
if not conf.forceDns:
conf.dnsName = None
conf.dnsDomain = None
errMsg += ". Turning off DNS exfiltration support"
logger.error(errMsg)
else:

6
lib/techniques/dns/use.py
View File

@@ -46,7 +46,7 @@ def dnsUse(payload, expression):
count = 0
offset = 1
if conf.dnsName and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL):
if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL, DBMS.PGSQL):
output = hashDBRetrieve(expression, checkConf=True)
if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None:
@@ -69,7 +69,7 @@ def dnsUse(payload, expression):
nulledCastedField = agent.hexConvertField(nulledCastedField)
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsName)
expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsDomain)
expressionUnescaped = unescaper.escape(expressionRequest)
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
@@ -111,7 +111,7 @@ def dnsUse(payload, expression):
debugMsg = "performed %d queries in %.2f seconds" % (count, calculateDeltaSeconds(start))
logger.debug(debugMsg)
elif conf.dnsName:
elif conf.dnsDomain:
warnMsg = "DNS data exfiltration method through SQL injection "
warnMsg += "is currently not available for DBMS %s" % Backend.getIdentifiedDbms()
singleTimeWarnMessage(warnMsg)