commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)

lib/controller/checks.py

@@ -38,6 +38,7 @@ from lib.core.common import readInput
 from lib.core.common import showStaticWords
 from lib.core.common import DynamicContentItem
 from lib.core.convert import md5hash
+from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@@ -105,9 +106,6 @@ def heuristicCheckSqlInjection(place, parameter, value):
     prefix = ""
     postfix = ""
 
-    if place == "URI":
-        return
-
     if conf.prefix or conf.postfix:
         if conf.prefix:
             prefix = conf.prefix
@@ -116,9 +114,11 @@ def heuristicCheckSqlInjection(place, parameter, value):
             postfix = conf.postfix
 
     payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
+    if place == "URI":
+        payload = conf.paramDict[place][parameter].replace('*', payload)
     Request.queryPage(payload, place)
     result = kb.lastErrorPage and kb.lastErrorPage[0]==kb.lastRequestUID
-    infoMsg = "heuristics show that %s parameter '%s' is " % (place, parameter)
+    infoMsg = "(error based) heuristics show that %s parameter '%s' is " % (place, parameter)
     if result:
         infoMsg += "injectable"
         logger.info(infoMsg)

lib/core/common.py

@@ -663,6 +663,7 @@ def setPaths():
     paths.SQLMAP_CONFIG          = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
     paths.COMMON_OUTPUTS         = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
     paths.COMMON_TABLES          = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
+    paths.SQLKEYWORDS            = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt")
     paths.FUZZ_VECTORS           = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt")
     paths.DETECTION_RULES_XML    = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml")
     paths.ERRORS_XML             = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")

lib/core/option.py

@@ -36,6 +36,7 @@ import urlparse
 from extra.keepalive import keepalive
 from extra.xmlobject import xmlobject
 from lib.core.common import getConsoleWidth
+from lib.core.common import getFileItems
 from lib.core.common import getFileType
 from lib.core.common import normalizePath
 from lib.core.common import ntToPosixSlashes
@@ -1057,12 +1058,13 @@ def __setKnowledgeBaseAttributes():
     kb.lastErrorPage   = None
     kb.headersCount    = 0
     kb.headersFp       = {}
+    kb.hintValue       = None
     kb.htmlFp          = []
     kb.injParameter    = None
     kb.injPlace        = None
     kb.injType         = None
     kb.injections      = xmlobject.XMLFile(path=paths.INJECTIONS_XML)
-    kb.hintValue       = None
+    kb.keywords        = getFileItems(paths.SQLKEYWORDS)
     kb.nullConnection  = None
 
     # Back-end DBMS underlying operating system fingerprint via banner (-b)

lib/request/connect.py

@@ -307,13 +307,13 @@ class Connect:
 
         if not place:
             place = kb.injPlace
-        
+
         if kb.tamperFunctions:
             for function in kb.tamperFunctions:
                 value = function(place, value)
 
         if "GET" in conf.parameters:
-            get = conf.parameters["GET"] if place != "GET" or not value else value            
+            get = conf.parameters["GET"] if place != "GET" or not value else value
 
         if "POST" in conf.parameters:
             post = conf.parameters["POST"] if place != "POST" or not value else value