Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).

Minor common library code refactoring. Code cleanup. Set back the default User-Agent to sqlmap for comparison algorithm reasons. Updated THANKS.
2025-12-07 21:21:33 +00:00 · 2009-04-27 23:05:11 +00:00
parent 5121a4dcba
commit 16b4530bbe
35 changed files with 158 additions and 201 deletions
--- a/lib/request/basic.py
+++ b/lib/request/basic.py
@@ -28,7 +28,6 @@ import re

 from lib.core.data import conf
 from lib.core.data import kb
-from lib.core.data import paths
 from lib.parse.headers import headersParser
 from lib.parse.html import htmlParser

@@ -73,8 +72,11 @@ def parseResponse(page, headers):
        # Detect injectable page absolute system path
        # NOTE: this regular expression works if the remote web application
        # is written in PHP and debug/error messages are enabled.
-        absFilePaths = re.findall(" in <b>(.*?)</b> on line", page, re.I)
+        absFilePathsRegExp = ( " in <b>(.*?)</b> on line", "([\w]\:[\/\\\\]+)" )

-        for absFilePath in absFilePaths:
-            if absFilePath not in kb.absFilePaths:
-                kb.absFilePaths.add(absFilePath)
+        for absFilePathRegExp in absFilePathsRegExp:
+            absFilePaths = re.findall(absFilePathRegExp, page, re.I)
+
+            for absFilePath in absFilePaths:
+                if absFilePath not in kb.absFilePaths:
+                    kb.absFilePaths.add(absFilePath)
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -26,7 +26,6 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 import re

-from lib.core.convert import md5hash
 from lib.core.data import conf
 from lib.core.data import logger
 from lib.core.session import setMatchRatio
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -93,11 +93,11 @@ class Connect:
                requestMsg += "?%s" % params

        elif multipart:
-                multipartOpener = urllib2.build_opener(multipartpost.MultipartPostHandler)
-                conn = multipartOpener.open(url, multipart)
-                page = conn.read()
+            multipartOpener = urllib2.build_opener(multipartpost.MultipartPostHandler)
+            conn = multipartOpener.open(url, multipart)
+            page = conn.read()

-                return page
+            return page

        else:
            if conf.parameters.has_key("GET") and not get:
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -33,7 +33,6 @@ from lib.core.common import dataToSessionFile
 from lib.core.common import expandAsteriskForColumns
 from lib.core.common import parseUnionPage
 from lib.core.common import readInput
-from lib.core.common import replaceNewlineTabs
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger