PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-22 22:29:05 +00:00
Code Issues Projects Releases Wiki Activity

Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.

Browse Source
This commit is contained in:
Miroslav Stampar
2012-09-26 11:27:43 +02:00
parent 6bc5f44b20
commit 687f3991de
6 changed files with 47 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@@ -500,7 +500,7 @@ def checkSqlInjection(place, parameter, value):
injection.os = Backend.setOs(dValue)
if vector is None and "vector" in test and test.vector is not None:
vector = "%s%s" % (test.vector, comment or "")
vector = test.vector
injection.data[stype] = AttribDict()
injection.data[stype].title = title

3
lib/controller/controller.py
View File

@@ -128,12 +128,15 @@ def __formatInjection(inj):
for stype, sdata in inj.data.items():
title = sdata.title
vector = sdata.vector
comment = sdata.comment
if stype == PAYLOAD.TECHNIQUE.UNION:
count = re.sub(r"(?i)(\(.+\))|(\blimit[^A-Za-z]+)", "", sdata.payload).count(',') + 1
title = re.sub(r"\d+ to \d+", str(count), title)
vector = agent.forgeInbandQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])
if count == 1:
title = title.replace("columns", "column")
elif comment:
vector = "%s%s" % (vector, comment)
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
data += " Title: %s\n" % title
data += " Payload: %s\n" % agent.adjustLateValues(sdata.payload)

15
lib/core/agent.py
View File

@@ -189,8 +189,12 @@ class Agent:
expression = self.cleanupPayload(expression)
# User supplied --suffix nullifies any eventual payload comments
comment = None if conf.suffix is not None and suffix == conf.suffix else comment
# Take default values if None
suffix = kb.injection.suffix if kb.injection and suffix is None else suffix
if kb.technique and kb.technique in kb.injection.data:
where = kb.injection.data[kb.technique].where if where is None else where
comment = kb.injection.data[kb.technique].comment if comment is None else comment
if Backend.getIdentifiedDbms() == DBMS.ACCESS and comment == GENERIC_SQL_COMMENT:
comment = "%00"
@@ -198,16 +202,13 @@ class Agent:
if comment is not None:
expression += comment
if where is None and kb.technique and kb.technique in kb.injection.data:
where = kb.injection.data[kb.technique].where
# If we are replacing (<where>) the parameter original value with
# our payload do not append the suffix
if where == PAYLOAD.WHERE.REPLACE:
pass
elif any([kb.injection.suffix, suffix]) and not (comment and not conf.suffix):
expression += " %s" % (kb.injection.suffix or suffix)
elif suffix and not comment:
expression += " %s" % suffix
return re.sub(r"(?s);\W*;", ";", expression)

3
lib/request/inject.py
View File

@@ -466,9 +466,8 @@ def goStacked(expression, silent=False):
if conf.direct:
return direct(expression)
comment = queries[Backend.getIdentifiedDbms()].comment.query
query = agent.prefixQuery(";%s" % expression)
query = agent.suffixQuery(query, comment)
query = agent.suffixQuery(query)
payload = agent.payload(newValue=query)
Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True)

3
lib/techniques/dns/use.py
View File

@@ -71,9 +71,8 @@ def dnsUse(payload, expression):
expressionUnescaped = unescaper.unescape(expressionRequest)
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
comment = queries[Backend.getIdentifiedDbms()].comment.query
query = agent.prefixQuery("; %s" % expressionUnescaped)
query = agent.suffixQuery(query, comment)
query = agent.suffixQuery(query)
forgedPayload = agent.payload(newValue=query)
else:
forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))