PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-02-15 18:06:36 +00:00
Code Issues Projects Releases Wiki Activity

Minor code adjustments

Browse Source
This commit is contained in:
Bernardo Damele
2010-10-25 14:11:47 +00:00
parent 24c5d7b313
commit 215175e3b7
12 changed files with 28 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/techniques/blind/inference.py
View File

@@ -441,7 +441,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if commonValue is not None:
# One-shot query containing equals commonValue
testValue = unescaper.unescape("'%s'" % commonValue) if "'" not in commonValue else unescaper.unescape("%s" % commonValue, quote=False)
query = agent.prefixQuery(" %s" % safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
query = agent.postfixQuery(query)
queriesCount[0] += 1
result = Request.queryPage(urlencode(agent.payload(newValue=query)))
@@ -465,7 +465,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
# Substring-query containing equals commonPattern
subquery = queries[kb.dbms].substring.query % (expressionUnescaped, 1, len(commonPattern))
testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
query = agent.prefixQuery(" %s" % safeStringFormat("AND (%s) = %s", (subquery, testValue)))
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
query = agent.postfixQuery(query)
queriesCount[0] += 1
result = Request.queryPage(urlencode(agent.payload(newValue=query)))

2
lib/techniques/blind/timebased.py
View File

@@ -24,7 +24,7 @@ def timeTest():
logger.info(infoMsg)
timeQuery = getDelayQuery(andCond=True)
query = agent.prefixQuery(" AND %s" % timeQuery)
query = agent.prefixQuery("AND %s" % timeQuery)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
start = time.time()

12
lib/techniques/error/use.py
View File

@@ -35,12 +35,12 @@ def errorUse(expression):
Retrieve the output of a SQL query taking advantage of an error SQL
injection vulnerability on the affected parameter.
"""
output = None
logic = conf.logic
randInt = randomInt(1)
query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error.query)
query = agent.prefixQuery(queries[kb.misc.testedDbms].error.query)
query = agent.postfixQuery(query)
payload = agent.payload(newValue=query)
startLimiter = ""
endLimiter = ""
@@ -62,11 +62,13 @@ def errorUse(expression):
startLimiter = kb.misc.handler.unescape("'%s'" % ERROR_START_CHAR)
endLimiter = kb.misc.handler.unescape("'%s'" % ERROR_END_CHAR)
debugMsg = "query: %s" % expressionUnescaped
forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
debugMsg = "query: %s" % forgedQuery
logger.debug(debugMsg)
forgedPayload = safeStringFormat(payload, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
result = Request.queryPage(urlencode(forgedPayload), content=True)
payload = agent.payload(newValue=forgedQuery)
result = Request.queryPage(urlencode(payload), content=True)
match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
if match:

4
lib/techniques/inband/union/test.py
View File

@@ -136,7 +136,7 @@ def __unionTestByNULLBruteforce(comment):
"""
columns = None
query = agent.prefixQuery(" UNION ALL SELECT NULL")
query = agent.prefixQuery("UNION ALL SELECT NULL")
for count in range(0, 50):
if kb.dbms == "Oracle" and query.endswith(" FROM DUAL"):
@@ -164,7 +164,7 @@ def __unionTestByOrderBy(comment):
prevPayload = ""
for count in range(1, 51):
query = agent.prefixQuery(" ORDER BY %d" % count)
query = agent.prefixQuery("ORDER BY %d" % count)
orderByQuery = agent.postfixQuery(query, comment)
payload = agent.payload(newValue=orderByQuery)
seqMatcher = Request.queryPage(payload, getSeqMatcher=True)

2
lib/techniques/inband/union/use.py
View File

@@ -196,8 +196,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
query = agent.forgeInbandQuery(expression, nullChar=nullChar)
payload = agent.payload(newValue=query)
# NOTE: for debug purposes only
#debugMsg = "query: %s" % payload
debugMsg = "query: %s" % query
logger.debug(debugMsg)