PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-15 20:29:04 +00:00
Code Issues Projects Releases Wiki Activity

major refactoring

Browse Source
This commit is contained in:
Miroslav Stampar
2010-10-07 12:12:26 +00:00
parent 1bf8939e2f
commit 1e9ae40397
7 changed files with 646 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
lib/controller/checks.py
View File

@@ -31,7 +31,6 @@ from lib.core.common import getUnicode
from lib.core.common import preparePageForLineComparison
from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import readXmlFile
from lib.core.common import DynamicContentItem
from lib.core.convert import md5hash
from lib.core.data import conf
@@ -67,41 +66,30 @@ def checkSqlInjection(place, parameter, value, parenthesis):
if conf.postfix:
postfix = conf.postfix
injections = readXmlFile(paths.INJECTIONS_XML)
for case in kb.injections.root.case:
positive = case.test.positive
negative = case.test.negative
for case in injections.getElementsByTagName("case"):
tag = case.getAttribute("tag")
desc = case.getAttribute("desc")
positive = case.getElementsByTagName("positive")[0]
negative = case.getElementsByTagName("negative")[0]
params = positive.getAttribute("params")
format = positive.getAttribute("format")
if not prefix and not postfix and tag == "custom":
if not prefix and not postfix and case.name == "custom":
continue
infoMsg = "testing %s injection " % desc
infoMsg = "testing %s injection " % case.desc
infoMsg += "on %s parameter '%s'" % (place, parameter)
logger.info(infoMsg)
payload = agent.payload(place, parameter, value, format % eval(params))
payload = agent.payload(place, parameter, value, positive.format % eval(positive.params))
trueResult = Request.queryPage(payload, place)
if trueResult:
params = negative.getAttribute("params")
format = negative.getAttribute("format")
payload = agent.payload(place, parameter, value, format % eval(params))
payload = agent.payload(place, parameter, value, negative.format % eval(negative.params))
falseResult = Request.queryPage(payload, place)
if not falseResult:
infoMsg = "%s parameter '%s' is %s injectable " % (place, parameter, desc)
infoMsg = "%s parameter '%s' is %s injectable " % (place, parameter, case.desc)
infoMsg += "with %d parenthesis" % parenthesis
logger.info(infoMsg)
return tag
return case.name
return None
@@ -187,7 +175,7 @@ def checkDynamicContent(*pages):
break
found = False
if not found:
kb.dynamicContent.append(item)

40
lib/core/agent.py
View File

@@ -26,6 +26,7 @@ import re
from xml.etree import ElementTree as ET
from lib.core.common import getInjectionCase
from lib.core.common import randomInt
from lib.core.common import randomStr
from lib.core.common import replaceSpaces
@@ -142,19 +143,19 @@ class Agent:
if conf.direct:
return self.payloadDirect(string)
query = ""
query = str()
case = getInjectionCase(kb.injType)
if case is None:
raise sqlmapNoneDataException, "unsupported injection type"
if conf.prefix:
query = conf.prefix
else:
if kb.injType == "numeric" or conf.postfix:
pass
elif kb.injType in ( "stringsingle", "likesingle" ):
query = "'"
elif kb.injType in ( "stringdouble", "likedouble" ):
query = "\""
else:
raise sqlmapNoneDataException, "unsupported injection type"
if case.usage.prefix._has_key('value'):
query = case.usage.prefix.value
elif case.usage.prefix._has_key('format'):
query = case.usage.prefix.format % eval(case.usage.prefix.params)
if kb.parenthesis not in ( None, 0 ):
query += "%s " % (")" * kb.parenthesis)
@@ -172,6 +173,11 @@ class Agent:
if conf.direct:
return self.payloadDirect(string)
case = getInjectionCase(kb.injType)
if case is None:
raise sqlmapNoneDataException, "unsupported injection type"
randInt = randomInt()
randStr = randomStr()
@@ -186,18 +192,10 @@ class Agent:
else:
raise sqlmapNoneDataException, "unable to get the number of parenthesis"
if kb.injType == "numeric":
string += "%d=%d" % (randInt, randInt)
elif kb.injType == "stringsingle":
string += "'%s'='%s" % (randStr, randStr)
elif kb.injType == "likesingle":
string += "'%s' LIKE '%s" % (randStr, randStr)
elif kb.injType == "stringdouble":
string += "\"%s\"=\"%s" % (randStr, randStr)
elif kb.injType == "likedouble":
string += "\"%s\" LIKE \"%s" % (randStr, randStr)
else:
raise sqlmapNoneDataException, "unsupported injection type"
if case.usage.postfix._has_key('value'):
string += case.usage.postfix.value
elif case.usage.postfix._has_key('format'):
string += case.usage.postfix.format % eval(case.usage.postfix.params)
return replaceSpaces(string)

8
lib/core/common.py
View File

@@ -1241,6 +1241,14 @@ def calculateDeltaSeconds(start, epsilon=0.05):
"""
return int(time.time() - start + epsilon)
def getInjectionCase(name):
retVal = None
for case in kb.injections.root.case:
if case.name == name:
retVal = case
break
return retVal
def initCommonOutputs():
kb.commonOutputs = {}
key = None

2
lib/core/option.py
View File

@@ -34,6 +34,7 @@ import urllib2
import urlparse
from extra.keepalive import keepalive
from extra.xmlobject import xmlobject
from lib.core.common import getConsoleWidth
from lib.core.common import getFileType
from lib.core.common import normalizePath
@@ -1010,6 +1011,7 @@ def __setKnowledgeBaseAttributes():
kb.injParameter = None
kb.injPlace = None
kb.injType = None
kb.injections = xmlobject.XMLFile(path=paths.INJECTIONS_XML)
kb.hintValue = None
kb.nullConnection = None