mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-01-10 00:29:02 +00:00
Miroslav Stampar
@@ -54,6 +54,7 @@ from lib.core.data import logger
|
||||
from lib.core.datatype import AttribDict
|
||||
from lib.core.datatype import InjectionDict
|
||||
from lib.core.decorators import cachedmethod
|
||||
from lib.core.decorators import stackedmethod
|
||||
from lib.core.dicts import FROM_DUMMY_TABLE
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import HASHDB_KEYS
|
||||
@@ -832,6 +833,7 @@ def checkSqlInjection(place, parameter, value):
|
||||
|
||||
return injection
|
||||
|
||||
@stackedmethod
|
||||
def heuristicCheckDbms(injection):
|
||||
"""
|
||||
This functions is called when boolean-based blind is identified with a
|
||||
@@ -868,6 +870,7 @@ def heuristicCheckDbms(injection):
|
||||
|
||||
return retVal
|
||||
|
||||
@stackedmethod
|
||||
def checkFalsePositives(injection):
|
||||
"""
|
||||
Checks for false positives (only in single special cases)
|
||||
@@ -929,6 +932,7 @@ def checkFalsePositives(injection):
|
||||
|
||||
return retVal
|
||||
|
||||
@stackedmethod
|
||||
def checkSuhosinPatch(injection):
|
||||
"""
|
||||
Checks for existence of Suhosin-patch (and alike) protection mechanism(s)
|
||||
@@ -952,6 +956,7 @@ def checkSuhosinPatch(injection):
|
||||
|
||||
kb.injection = popValue()
|
||||
|
||||
@stackedmethod
|
||||
def checkFilteredChars(injection):
|
||||
debugMsg = "checking for filtered characters"
|
||||
logger.debug(debugMsg)
|
||||
@@ -1314,6 +1319,7 @@ def checkRegexp():
|
||||
|
||||
return True
|
||||
|
||||
@stackedmethod
|
||||
def checkWaf():
|
||||
"""
|
||||
Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse
|
||||
@@ -1379,6 +1385,7 @@ def checkWaf():
|
||||
|
||||
return retVal
|
||||
|
||||
@stackedmethod
|
||||
def identifyWaf():
|
||||
if not conf.identifyWaf:
|
||||
return None
|
||||
@@ -1463,6 +1470,7 @@ def identifyWaf():
|
||||
|
||||
return retVal
|
||||
|
||||
@stackedmethod
|
||||
def checkNullConnection():
|
||||
"""
|
||||
Reference: http://www.wisec.it/sectou.php?id=472f952d79293
|
||||
|
||||
@@ -43,6 +43,7 @@ from lib.core.common import urldecode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.decorators import stackedmethod
|
||||
from lib.core.enums import CONTENT_TYPE
|
||||
from lib.core.enums import HASHDB_KEYS
|
||||
from lib.core.enums import HEURISTIC_TEST
|
||||
@@ -253,6 +254,7 @@ def _saveToResultsFile():
|
||||
|
||||
conf.resultsFP.flush()
|
||||
|
||||
@stackedmethod
|
||||
def start():
|
||||
"""
|
||||
This function calls a function that performs checks on both URL
|
||||
|
||||
@@ -7,6 +7,8 @@ See the file 'LICENSE' for copying permission
|
||||
|
||||
import hashlib
|
||||
|
||||
from lib.core.threads import getCurrentThreadData
|
||||
|
||||
def cachedmethod(f, cache={}):
|
||||
"""
|
||||
Method with a cached content
|
||||
@@ -22,3 +24,18 @@ def cachedmethod(f, cache={}):
|
||||
return cache[key]
|
||||
|
||||
return _
|
||||
|
||||
def stackedmethod(f):
|
||||
def _(*args, **kwargs):
|
||||
threadData = getCurrentThreadData()
|
||||
originalLevel = len(threadData.valueStack)
|
||||
|
||||
try:
|
||||
result = f(*args, **kwargs)
|
||||
finally:
|
||||
if len(threadData.valueStack) > originalLevel:
|
||||
threadData.valueStack = threadData.valueStack[:originalLevel]
|
||||
|
||||
return result
|
||||
|
||||
return _
|
||||
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.2.4.0"
|
||||
VERSION = "1.2.4.1"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
||||
@@ -63,6 +63,7 @@ from lib.core.common import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.decorators import stackedmethod
|
||||
from lib.core.dicts import POST_HINT_CONTENT_TYPES
|
||||
from lib.core.enums import ADJUST_TIME_DELAY
|
||||
from lib.core.enums import AUTH_TYPE
|
||||
@@ -768,6 +769,7 @@ class Connect(object):
|
||||
return page, responseHeaders, code
|
||||
|
||||
@staticmethod
|
||||
@stackedmethod
|
||||
def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True):
|
||||
"""
|
||||
This method calls a function to get the target URL page content
|
||||
|
||||
@@ -33,6 +33,7 @@ from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.data import queries
|
||||
from lib.core.decorators import stackedmethod
|
||||
from lib.core.dicts import FROM_DUMMY_TABLE
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import DBMS
|
||||
@@ -333,6 +334,7 @@ def _goUnion(expression, unpack=True, dump=False):
|
||||
|
||||
return output
|
||||
|
||||
@stackedmethod
|
||||
def getValue(expression, blind=True, union=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeCharEncode=True):
|
||||
"""
|
||||
Called each time sqlmap inject a SQL query on the SQL injection
|
||||
|
||||
@@ -24,6 +24,7 @@ from lib.core.convert import hexencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.decorators import stackedmethod
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import EXPECTED
|
||||
@@ -96,6 +97,7 @@ class XP_cmdshell:
|
||||
|
||||
return wasLastResponseDelayed()
|
||||
|
||||
@stackedmethod
|
||||
def _xpCmdshellTest(self):
|
||||
threadData = getCurrentThreadData()
|
||||
pushValue(threadData.disableStdOut)
|
||||
|
||||
@@ -27,6 +27,7 @@ from lib.core.common import wasLastResponseDBMSError
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.decorators import stackedmethod
|
||||
from lib.core.dicts import FROM_DUMMY_TABLE
|
||||
from lib.core.enums import PAYLOAD
|
||||
from lib.core.settings import LIMITED_ROWS_TEST_NUMBER
|
||||
@@ -48,6 +49,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
|
||||
"""
|
||||
retVal = None
|
||||
|
||||
@stackedmethod
|
||||
def _orderByTechnique(lowerCount, upperCount):
|
||||
def _orderByTest(cols):
|
||||
query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix)
|
||||
|
||||
@@ -20,6 +20,7 @@ from lib.core.common import urlencode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.decorators import stackedmethod
|
||||
from lib.core.enums import CUSTOM_LOGGING
|
||||
from lib.core.enums import HTTP_HEADER
|
||||
from lib.core.enums import REDIRECTION
|
||||
@@ -165,6 +166,7 @@ def _search(dork):
|
||||
|
||||
return retVal
|
||||
|
||||
@stackedmethod
|
||||
def search(dork):
|
||||
pushValue(kb.redirectChoice)
|
||||
kb.redirectChoice = REDIRECTION.YES
|
||||
|
||||
Reference in New Issue
Block a user