commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)

2025-12-08 13:41:29 +00:00 · 2010-10-14 11:06:28 +00:00
parent cf73d9c799
commit 162d01abed
8 changed files with 328 additions and 23 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -663,6 +663,7 @@ def setPaths():
    paths.SQLMAP_CONFIG          = os.path.join(paths.SQLMAP_ROOT_PATH, "sqlmap-%s.conf" % randomStr())
    paths.COMMON_OUTPUTS         = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
    paths.COMMON_TABLES          = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
+    paths.SQLKEYWORDS            = os.path.join(paths.SQLMAP_TXT_PATH, "keywords.txt")
    paths.FUZZ_VECTORS           = os.path.join(paths.SQLMAP_TXT_PATH, "fuzz_vectors.txt")
    paths.DETECTION_RULES_XML    = os.path.join(paths.SQLMAP_XML_PATH, "detection.xml")
    paths.ERRORS_XML             = os.path.join(paths.SQLMAP_XML_PATH, "errors.xml")
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -36,6 +36,7 @@ import urlparse
 from extra.keepalive import keepalive
 from extra.xmlobject import xmlobject
 from lib.core.common import getConsoleWidth
+from lib.core.common import getFileItems
 from lib.core.common import getFileType
 from lib.core.common import normalizePath
 from lib.core.common import ntToPosixSlashes
@@ -1057,12 +1058,13 @@ def __setKnowledgeBaseAttributes():
    kb.lastErrorPage   = None
    kb.headersCount    = 0
    kb.headersFp       = {}
+    kb.hintValue       = None
    kb.htmlFp          = []
    kb.injParameter    = None
    kb.injPlace        = None
    kb.injType         = None
    kb.injections      = xmlobject.XMLFile(path=paths.INJECTIONS_XML)
-    kb.hintValue       = None
+    kb.keywords        = getFileItems(paths.SQLKEYWORDS)
    kb.nullConnection  = None

    # Back-end DBMS underlying operating system fingerprint via banner (-b)