PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-01 04:19:02 +00:00
Code Issues Projects Releases Wiki Activity

Minor layout adjustments, minor fixes and updated changelog

Browse Source
This commit is contained in:
Bernardo Damele
2008-11-17 00:00:54 +00:00
parent fa0507ab39
commit 654aecedfe
13 changed files with 133 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/action.py
View File

@@ -67,7 +67,7 @@ def action():
raise sqlmapUnsupportedDBMSException, errMsg
print "back-end DBMS:\t%s\n" % conf.dbmsHandler.getFingerprint()
print "%s\n" % conf.dbmsHandler.getFingerprint()
# Techniques options
if conf.timeTest:

2
lib/core/common.py
View File

@@ -190,7 +190,7 @@ def getHtmlErrorFp():
htmlVer = kb.htmlFp[0]
htmlParsed = htmlVer
elif len(kb.htmlFp) > 1:
htmlParsed = "or ".join([htmlFp for htmlFp in kb.htmlFp])
htmlParsed = " or ".join([htmlFp for htmlFp in kb.htmlFp])
return htmlParsed

1
lib/core/option.py
View File

@@ -453,6 +453,7 @@ def __setKnowledgeBaseAttributes():
kb.dbms = None
kb.dbmsDetected = False
kb.dbmsVersion = None
kb.headersFp = {}
kb.htmlFp = []
kb.injParameter = None
kb.injPlace = None

57
lib/parse/headers.py Normal file
View File

@@ -0,0 +1,57 @@
#!/usr/bin/env python
"""
$Id$
This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
Copyright (c) 2006-2008 Bernardo Damele A. G. <bernardo.damele@gmail.com>
and Daniele Bellucci <daniele.bellucci@gmail.com>
sqlmap is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation version 2 of the License.
sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
You should have received a copy of the GNU General Public License along
with sqlmap; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
import re
from xml.sax import parse
from xml.sax.handler import ContentHandler
from lib.core.common import checkFile
from lib.core.common import sanitizeStr
from lib.core.data import kb
from lib.core.data import paths
from lib.parse.banner import BannerHandler
def headersParser(headers):
"""
This function calls a class that parses the input HTTP headers to
fingerprint the back-end database management system operating system
and web application technology
"""
topHeaders = {
"cookie",
"microsoftsharepointteamservices",
"server",
"servlet-engine",
"www-authenticate",
"x-aspnet-version",
"x-powered-by",
}
for header in headers:
if header in topHeaders:
pass

18
lib/parse/html.py
View File

@@ -31,6 +31,8 @@ from xml.sax.handler import ContentHandler
from lib.core.common import checkFile
from lib.core.common import sanitizeStr
from lib.core.data import kb
from lib.core.data import paths
class htmlHandler(ContentHandler):
@@ -40,12 +42,12 @@ class htmlHandler(ContentHandler):
"""
def __init__(self, page):
self.__dbms = None
self.__page = page
self.__dbms = None
self.__page = page
self.__regexp = None
self.__match = None
self.__match = None
self.dbms = None
self.dbms = None
def startElement(self, name, attrs):
@@ -61,15 +63,21 @@ class htmlHandler(ContentHandler):
self.__match = None
def htmlParser(page, xmlfile):
def htmlParser(page, xmlfile=None):
"""
This function calls a class that parses the input HTML page to
fingerprint the back-end database management system
"""
if not xmlfile:
xmlfile = paths.ERRORS_XML
checkFile(xmlfile)
page = sanitizeStr(page)
handler = htmlHandler(page)
parse(xmlfile, handler)
if handler.dbms and handler.dbms not in kb.htmlFp:
kb.htmlFp.append(handler.dbms)
return handler.dbms

27
lib/request/basic.py
View File

@@ -29,6 +29,7 @@ import re
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import paths
from lib.parse.headers import headersParser
from lib.parse.html import htmlParser
@@ -51,7 +52,7 @@ def forgeHeaders(cookie, ua):
return headers
def parsePage(page):
def parseResponse(page, headers):
"""
@param page: the page to parse to feed the knowledge base htmlFp
(back-end DBMS fingerprint based upon DBMS error messages return
@@ -63,19 +64,17 @@ def parsePage(page):
like for DBMS error messages (ERRORS_XML), see above.
"""
if not page:
return
if headers:
headersParser(headers)
htmlParsed = htmlParser(page, paths.ERRORS_XML)
if page:
htmlParser(page)
if htmlParsed and htmlParsed not in kb.htmlFp:
kb.htmlFp.append(htmlParsed)
# Detect injectable page absolute system path
# NOTE: this regular expression works if the remote web application
# is written in PHP and debug/error messages are enabled.
absFilePaths = re.findall(" in <b>(.*?)</b> on line", page, re.I)
# Detect injectable page absolute system path
# NOTE: this regular expression works if the remote web application
# is written in PHP and debug/error messages are enabled.
absFilePaths = re.findall(" in <b>(.*?)</b> on line", page, re.I)
for absFilePath in absFilePaths:
if absFilePath not in kb.absFilePaths:
kb.absFilePaths.add(absFilePath)
for absFilePath in absFilePaths:
if absFilePath not in kb.absFilePaths:
kb.absFilePaths.add(absFilePath)

4
lib/request/connect.py
View File

@@ -39,7 +39,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException
from lib.request.basic import forgeHeaders
from lib.request.basic import parsePage
from lib.request.basic import parseResponse
@@ -196,7 +196,7 @@ class Connect:
else:
raise sqlmapConnectionException, warnMsg
parsePage(page)
parseResponse(page, responseHeaders)
responseMsg += "(%s - %d):\n" % (status, code)
if conf.verbose <= 4: