Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.

Removed some useless tests. Moved <error> from queries.xml to payloads.xml as it makes more sense. Beeps at sql inj found only if --beep is provided. Minor fix in order to be able to pickle advancedDict() objects. Minor code refactoring. Removed useless folders.
2025-12-07 13:11:29 +00:00 · 2010-12-01 17:09:52 +00:00
parent c00ea7f5e5
commit 089c16a1b8
11 changed files with 187 additions and 288 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -33,6 +33,7 @@ from lib.core.datatype import injectionDict
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import NULLCONNECTION
 from lib.core.enums import PAYLOAD
+from lib.core.enums import PLACE
 from lib.core.exception import sqlmapConnectionException
 from lib.core.exception import sqlmapGenericException
 from lib.core.exception import sqlmapNoneDataException
@@ -331,14 +332,28 @@ def checkSqlInjection(place, parameter, value):
                    # Feed with the boundaries details only the first time a
                    # test has been successful
                    if injection.place is None or injection.parameter is None:
+                        if place == PLACE.UA:
+                            injection.parameter = conf.agent
+                        else:
+                            injection.parameter = parameter
+
                        injection.place = place
-                        injection.parameter = parameter
                        injection.ptype = ptype
                        injection.prefix = prefix
                        injection.suffix = suffix

+                    if "epayload" in test:
+                        epayload = "%s%s" % (test.epayload, comment)
+                    else:
+                        epayload = None
+
                    # Feed with test details every time a test is successful
-                    injection.data[stype] = (title, agent.removePayloadDelimiters(reqPayload, False), where, comment)
+                    injection.data[stype] = advancedDict()
+                    injection.data[stype].title = title
+                    injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload, False)
+                    injection.data[stype].where = where
+                    injection.data[stype].epayload = epayload
+                    injection.data[stype].comment = comment

                    if "details" in test:
                        for detailKey, detailValue in test.details.items():
@@ -351,7 +366,8 @@ def checkSqlInjection(place, parameter, value):
                            elif detailKey == "os" and injection.os is None:
                                injection.os = detailValue

-                    beep()
+                    if conf.beep:
+                        beep()

                    # There is no need to perform this test for other
                    # <where> tags
@@ -703,7 +719,6 @@ def checkConnection(suppressOutput=False):
    try:
        page, _ = Request.queryPage(content=True)
        conf.seqMatcher.set_seq1(page)
-
    except sqlmapConnectionException, errMsg:
        errMsg = getUnicode(errMsg)
        raise sqlmapConnectionException, errMsg
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -107,10 +107,9 @@ def __formatInjection(inj):
    data += "Parameter: %s\n" % inj.parameter

    for stype, sdata in inj.data.items():
-        stype = PAYLOAD.SQLINJECTION[stype] if isinstance(stype, int) else stype
        data += "    Type: %s\n" % stype
-        data += "    Title: %s\n" % sdata[0]
-        data += "    Payload: %s\n\n" % sdata[1]
+        data += "    Title: %s\n" % sdata.title
+        data += "    Payload: %s\n\n" % sdata.payload

    return data

@@ -136,7 +135,7 @@ def __saveToSessionFile():
        parameter = inj.parameter

        for stype, sdata in inj.data.items():
-            payload = sdata[1]
+            payload = sdata.payload

            if stype == 1:
                kb.booleanTest = payload
@@ -303,7 +302,8 @@ def start():
                            # TODO: consider the following line in __setRequestParams()
                            __testableParameters = True

-            if not kb.injection.place or not kb.injection.parameter:
+            if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \
+                and (kb.injection.place is None or kb.injection.parameter is None):
                if not conf.string and not conf.regexp and not conf.eRegexp:
                    # NOTE: this is not needed anymore, leaving only to display
                    # a warning message to the user in case the page is not stable
@@ -394,7 +394,7 @@ def start():
                __showInjections()
                __selectInjection()

-            if kb.injection.place and kb.injection.parameter:
+            if kb.injection.place is not None and kb.injection.parameter is not None:
                if conf.multipleTargets:
                    message = "do you want to exploit this SQL injection? [Y/n] "
                    exploit = readInput(message, default="Y")