PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-23 22:59:22 +00:00
Code Issues Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Miroslav Stampar
2010-12-18 15:57:47 +00:00
parent 21d083272e
commit 36862e2efa
9 changed files with 35 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/option.py
View File

@@ -1119,7 +1119,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
logger.debug(debugMsg)
kb.absFilePaths = set()
kb.assumeEmpty = False
kb.authHeader = None
kb.bannerFp = advancedDict()

8
lib/takeover/abstraction.py
View File

@@ -8,11 +8,13 @@ See the file 'doc/COPYING' for copying permission
"""
from lib.core.common import dataToStdout
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapUnsupportedFeatureException
from lib.core.shell import autoCompletion
from lib.takeover.udf import UDF
@@ -35,7 +37,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
xp_cmdshell.__init__(self)
def execCmd(self, cmd, silent=False):
if self.webBackdoorUrl and not kb.stackedTest:
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
self.webBackdoorRunCmd(cmd)
elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
@@ -49,7 +51,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
raise sqlmapUnsupportedFeatureException, errMsg
def evalCmd(self, cmd, first=None, last=None):
if self.webBackdoorUrl and not kb.stackedTest:
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
return self.webBackdoorRunCmd(cmd)
elif kb.dbms in ( DBMS.MYSQL, DBMS.PGSQL ):
@@ -84,7 +86,7 @@ class Abstraction(Web, UDF, xp_cmdshell):
self.execCmd(cmd)
def shell(self):
if self.webBackdoorUrl and not kb.stackedTest:
if self.webBackdoorUrl and not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED):
infoMsg = "calling OS shell. To quit type "
infoMsg += "'x' or 'q' and press ENTER"
logger.info(infoMsg)

4
lib/takeover/udf.py
View File

@@ -11,12 +11,14 @@ import os
from lib.core.agent import agent
from lib.core.common import dataToStdout
from lib.core.common import isTechniqueAvailable
from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.data import queries
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapFilePathException
from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import sqlmapUnsupportedFeatureException
@@ -157,7 +159,7 @@ class UDF:
errMsg = "UDF injection feature is not yet implemented on %s" % kb.dbms
raise sqlmapUnsupportedFeatureException(errMsg)
if not kb.stackedTest and not conf.direct:
if not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
return
self.checkDbmsOs()

20
lib/techniques/blind/inference.py
View File

@@ -279,26 +279,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
if conf.threadContinue:
charStart = time.time()
val = getChar(curidx)
if val is None:
if not kb.assumeEmpty:
iolock.acquire()
warnMsg = "failed to get character at index %d (expected %d total)." % (curidx, length)
logger.warn(warnMsg)
message = "assume empty character? [Y/n/a]"
choice = readInput(message, default="Y")
iolock.release()
if choice in ("a", "A"):
kb.assumeEmpty = True
elif not choice or choice in ("y", "Y"):
pass # do nothing
else:
raise sqlmapValueException
val = ''
val = '?'
else:
break