mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-30 03:19:04 +00:00
Minor patches
This commit is contained in:
Miroslav Stampar
@@ -1676,32 +1676,32 @@ def getCharset(charsetType=None):
|
||||
|
||||
# Binary
|
||||
elif charsetType == CHARSET_TYPE.BINARY:
|
||||
asciiTbl.extend([0, 1])
|
||||
asciiTbl.extend((0, 1))
|
||||
asciiTbl.extend(xrange(47, 50))
|
||||
|
||||
# Digits
|
||||
elif charsetType == CHARSET_TYPE.DIGITS:
|
||||
asciiTbl.extend([0, 9])
|
||||
asciiTbl.extend((0, 9))
|
||||
asciiTbl.extend(xrange(47, 58))
|
||||
|
||||
# Hexadecimal
|
||||
elif charsetType == CHARSET_TYPE.HEXADECIMAL:
|
||||
asciiTbl.extend([0, 1])
|
||||
asciiTbl.extend((0, 1))
|
||||
asciiTbl.extend(xrange(47, 58))
|
||||
asciiTbl.extend(xrange(64, 71))
|
||||
asciiTbl.extend([87, 88]) # X
|
||||
asciiTbl.extend((87, 88)) # X
|
||||
asciiTbl.extend(xrange(96, 103))
|
||||
asciiTbl.extend([119, 120]) # x
|
||||
asciiTbl.extend((119, 120)) # x
|
||||
|
||||
# Characters
|
||||
elif charsetType == CHARSET_TYPE.ALPHA:
|
||||
asciiTbl.extend([0, 1])
|
||||
asciiTbl.extend((0, 1))
|
||||
asciiTbl.extend(xrange(64, 91))
|
||||
asciiTbl.extend(xrange(96, 123))
|
||||
|
||||
# Characters and digits
|
||||
elif charsetType == CHARSET_TYPE.ALPHANUM:
|
||||
asciiTbl.extend([0, 1])
|
||||
asciiTbl.extend((0, 1))
|
||||
asciiTbl.extend(xrange(47, 58))
|
||||
asciiTbl.extend(xrange(64, 91))
|
||||
asciiTbl.extend(xrange(96, 123))
|
||||
@@ -3455,7 +3455,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
|
||||
retVal = content
|
||||
|
||||
try:
|
||||
if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
|
||||
if all((content, payload)) and isinstance(content, unicode) and kb.reflectiveMechanism and not kb.heuristicMode:
|
||||
def _(value):
|
||||
while 2 * REFLECTED_REPLACEMENT_REGEX in value:
|
||||
value = value.replace(2 * REFLECTED_REPLACEMENT_REGEX, REFLECTED_REPLACEMENT_REGEX)
|
||||
@@ -3880,6 +3880,8 @@ def isAdminFromPrivileges(privileges):
|
||||
Inspects privileges to see if those are coming from an admin user
|
||||
"""
|
||||
|
||||
privileges = privileges or []
|
||||
|
||||
# In PostgreSQL the usesuper privilege means that the
|
||||
# user is DBA
|
||||
retVal = (Backend.isDbms(DBMS.PGSQL) and "super" in privileges)
|
||||
@@ -3930,18 +3932,20 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
|
||||
except (UnicodeError, ValueError):
|
||||
pass
|
||||
except ParseError:
|
||||
if "<html" in (content or ""):
|
||||
if re.search(r"(?i)<!DOCTYPE html|<html", content or ""):
|
||||
warnMsg = "badly formed HTML at the given URL ('%s'). Going to filter it" % url
|
||||
logger.warning(warnMsg)
|
||||
filtered = _("".join(re.findall(FORM_SEARCH_REGEX, content)), url)
|
||||
try:
|
||||
forms = ParseResponse(filtered, backwards_compat=False)
|
||||
except ParseError:
|
||||
errMsg = "no success"
|
||||
if raise_:
|
||||
raise SqlmapGenericException(errMsg)
|
||||
else:
|
||||
logger.debug(errMsg)
|
||||
|
||||
if filtered and filtered != content:
|
||||
try:
|
||||
forms = ParseResponse(filtered, backwards_compat=False)
|
||||
except ParseError:
|
||||
errMsg = "no success"
|
||||
if raise_:
|
||||
raise SqlmapGenericException(errMsg)
|
||||
else:
|
||||
logger.debug(errMsg)
|
||||
|
||||
if forms:
|
||||
for form in forms:
|
||||
@@ -4337,7 +4341,7 @@ def getRequestHeader(request, name):
|
||||
|
||||
if request and name:
|
||||
_ = name.upper()
|
||||
retVal = max([value if _ == key.upper() else None for key, value in request.header_items()])
|
||||
retVal = max(value if _ == key.upper() else None for key, value in request.header_items())
|
||||
|
||||
return retVal
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
||||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.1.12.0"
|
||||
VERSION = "1.1.12.1"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
@@ -85,7 +85,7 @@ TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|jso
|
||||
PERMISSION_DENIED_REGEX = r"(command|permission|access)\s*(was|is)?\s*denied"
|
||||
|
||||
# Regular expression used for recognition of generic maximum connection messages
|
||||
MAX_CONNECTIONS_REGEX = r"max.+connections"
|
||||
MAX_CONNECTIONS_REGEX = r"\bmax.+?\bconnection"
|
||||
|
||||
# Maximum consecutive connection errors before asking the user if he wants to continue
|
||||
MAX_CONSECUTIVE_CONNECTION_ERRORS = 15
|
||||
|
||||
@@ -115,7 +115,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=
|
||||
|
||||
if not isNullValue(kb.uChar):
|
||||
for regex in (kb.uChar, r'>\s*%s\s*<' % kb.uChar):
|
||||
contains = [(count, re.search(regex, _ or "", re.IGNORECASE) is not None) for count, _ in pages.items()]
|
||||
contains = ((count, re.search(regex, _ or "", re.IGNORECASE) is not None) for count, _ in pages.items())
|
||||
if len(filter(lambda _: _[1], contains)) == 1:
|
||||
retVal = filter(lambda _: _[1], contains)[0][0]
|
||||
break
|
||||
@@ -178,7 +178,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
||||
for position in positions:
|
||||
# Prepare expression with delimiters
|
||||
randQuery = randomStr(charCount)
|
||||
phrase = "%s%s%s".lower() % (kb.chars.start, randQuery, kb.chars.stop)
|
||||
phrase = ("%s%s%s" % (kb.chars.start, randQuery, kb.chars.stop)).lower()
|
||||
randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
|
||||
randQueryUnescaped = unescaper.escape(randQueryProcessed)
|
||||
|
||||
@@ -188,9 +188,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
||||
|
||||
# Perform the request
|
||||
page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
|
||||
removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
|
||||
payload, True) or "")
|
||||
content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower()
|
||||
|
||||
if content and phrase in content:
|
||||
validPayload = payload
|
||||
@@ -200,7 +198,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
||||
if where == PAYLOAD.WHERE.ORIGINAL:
|
||||
# Prepare expression with delimiters
|
||||
randQuery2 = randomStr(charCount)
|
||||
phrase2 = "%s%s%s".lower() % (kb.chars.start, randQuery2, kb.chars.stop)
|
||||
phrase2 = ("%s%s%s" % (kb.chars.start, randQuery2, kb.chars.stop)).lower()
|
||||
randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
|
||||
randQueryUnescaped2 = unescaper.escape(randQueryProcessed2)
|
||||
|
||||
@@ -210,7 +208,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
||||
|
||||
# Perform the request
|
||||
page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
content = "%s%s".lower() % (page or "", listToStrValue(headers.headers if headers else None) or "")
|
||||
content = ("%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")).lower()
|
||||
|
||||
if not all(_ in content for _ in (phrase, phrase2)):
|
||||
vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True)
|
||||
@@ -223,9 +221,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
||||
|
||||
# Perform the request
|
||||
page, headers, _ = Request.queryPage(payload, place=place, content=True, raise404=False)
|
||||
content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
|
||||
removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
|
||||
payload, True) or "")
|
||||
content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower()
|
||||
if content.count(phrase) > 0 and content.count(phrase) < LIMITED_ROWS_TEST_NUMBER:
|
||||
warnMsg = "output with limited number of rows detected. Switching to partial mode"
|
||||
logger.warn(warnMsg)
|
||||
@@ -277,7 +273,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
|
||||
if count:
|
||||
validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)
|
||||
|
||||
if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]):
|
||||
if not all((validPayload, vector)) and not all((conf.uChar, conf.dbms)):
|
||||
warnMsg = "if UNION based SQL injection is not detected, "
|
||||
warnMsg += "please consider "
|
||||
|
||||
@@ -298,7 +294,7 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
|
||||
warnMsg += "forcing the "
|
||||
warnMsg += "back-end DBMS (e.g. '--dbms=mysql') "
|
||||
|
||||
if not all([validPayload, vector]) and not warnMsg.endswith("consider "):
|
||||
if not all((validPayload, vector)) and not warnMsg.endswith("consider "):
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
return validPayload, vector
|
||||
|
||||
@@ -31,8 +31,8 @@ def purge(directory):
|
||||
dirpaths = []
|
||||
|
||||
for rootpath, directories, filenames in os.walk(directory):
|
||||
dirpaths.extend([os.path.abspath(os.path.join(rootpath, _)) for _ in directories])
|
||||
filepaths.extend([os.path.abspath(os.path.join(rootpath, _)) for _ in filenames])
|
||||
dirpaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in directories)
|
||||
filepaths.extend(os.path.abspath(os.path.join(rootpath, _)) for _ in filenames)
|
||||
|
||||
logger.debug("changing file attributes")
|
||||
for filepath in filepaths:
|
||||
|
||||
Reference in New Issue
Block a user