mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-09 14:11:29 +00:00
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
This commit is contained in:
Bernardo Damele
@@ -23,7 +23,7 @@ def timeTest():
|
||||
return kb.timeTest
|
||||
|
||||
infoMsg = "testing time-based blind sql injection on parameter "
|
||||
infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
|
||||
infoMsg += "'%s' with %s condition syntax" % (kb.injection.parameter, conf.logic)
|
||||
logger.info(infoMsg)
|
||||
|
||||
timeQuery = getDelayQuery(andCond=True)
|
||||
@@ -37,18 +37,18 @@ def timeTest():
|
||||
if duration >= conf.timeSec:
|
||||
infoMsg = "the target url is affected by a time-based blind "
|
||||
infoMsg += "sql injection with AND condition syntax on parameter "
|
||||
infoMsg += "'%s'" % kb.injParameter
|
||||
infoMsg += "'%s'" % kb.injection.parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.timeTest = agent.removePayloadDelimiters(payload, False)
|
||||
else:
|
||||
warnMsg = "the target url is not affected by a time-based blind "
|
||||
warnMsg += "sql injection with AND condition syntax on parameter "
|
||||
warnMsg += "'%s'" % kb.injParameter
|
||||
warnMsg += "'%s'" % kb.injection.parameter
|
||||
logger.warn(warnMsg)
|
||||
|
||||
infoMsg = "testing time-based blind sql injection on parameter "
|
||||
infoMsg += "'%s' with stacked queries syntax" % kb.injParameter
|
||||
infoMsg += "'%s' with stacked queries syntax" % kb.injection.parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
timeQuery = getDelayQuery(andCond=True)
|
||||
@@ -59,14 +59,14 @@ def timeTest():
|
||||
if duration >= conf.timeSec:
|
||||
infoMsg = "the target url is affected by a time-based blind sql "
|
||||
infoMsg += "injection with stacked queries syntax on parameter "
|
||||
infoMsg += "'%s'" % kb.injParameter
|
||||
infoMsg += "'%s'" % kb.injection.parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.timeTest = agent.removePayloadDelimiters(payload, False)
|
||||
else:
|
||||
warnMsg = "the target url is not affected by a time-based blind "
|
||||
warnMsg += "sql injection with stacked queries syntax on parameter "
|
||||
warnMsg += "'%s'" % kb.injParameter
|
||||
warnMsg += "'%s'" % kb.injection.parameter
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.timeTest = False
|
||||
|
||||
@@ -27,7 +27,7 @@ def errorTest():
|
||||
return kb.errorTest
|
||||
|
||||
infoMsg = "testing error-based sql injection on parameter "
|
||||
infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
|
||||
infoMsg += "'%s' with %s condition syntax" % (kb.injection.parameter, conf.logic)
|
||||
logger.info(infoMsg)
|
||||
|
||||
randInt = getUnicode(randomInt(1))
|
||||
@@ -36,13 +36,13 @@ def errorTest():
|
||||
|
||||
if result:
|
||||
infoMsg = "the target url is affected by an error-based sql "
|
||||
infoMsg += "injection on parameter '%s'" % kb.injParameter
|
||||
infoMsg += "injection on parameter '%s'" % kb.injection.parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.errorTest = agent.removePayloadDelimiters(usedPayload, False)
|
||||
else:
|
||||
warnMsg = "the target url is not affected by an error-based sql "
|
||||
warnMsg += "injection on parameter '%s'" % kb.injParameter
|
||||
warnMsg += "injection on parameter '%s'" % kb.injection.parameter
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.errorTest = False
|
||||
|
||||
@@ -157,7 +157,7 @@ def unionTest():
|
||||
technique = "char (%s) bruteforcing" % conf.uChar
|
||||
|
||||
infoMsg = "testing inband sql injection on parameter "
|
||||
infoMsg += "'%s' with %s technique" % (kb.injParameter, technique)
|
||||
infoMsg += "'%s' with %s technique" % (kb.injection.parameter, technique)
|
||||
logger.info(infoMsg)
|
||||
|
||||
validPayload = None
|
||||
@@ -174,12 +174,12 @@ def unionTest():
|
||||
if isinstance(kb.unionPosition, int):
|
||||
infoMsg = "the target url is affected by an exploitable "
|
||||
infoMsg += "inband sql injection vulnerability "
|
||||
infoMsg += "on parameter '%s' with %d columns" % (kb.injParameter, kb.unionCount)
|
||||
infoMsg += "on parameter '%s' with %d columns" % (kb.injection.parameter, kb.unionCount)
|
||||
logger.info(infoMsg)
|
||||
else:
|
||||
infoMsg = "the target url is not affected by an exploitable "
|
||||
infoMsg += "inband sql injection vulnerability "
|
||||
infoMsg += "on parameter '%s'" % kb.injParameter
|
||||
infoMsg += "on parameter '%s'" % kb.injection.parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
validPayload = agent.removePayloadDelimiters(validPayload, False)
|
||||
|
||||
@@ -26,7 +26,7 @@ def stackedTest():
|
||||
return kb.stackedTest
|
||||
|
||||
infoMsg = "testing stacked queries sql injection on parameter "
|
||||
infoMsg += "'%s'" % kb.injParameter
|
||||
infoMsg += "'%s'" % kb.injection.parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
query = getDelayQuery()
|
||||
@@ -36,13 +36,13 @@ def stackedTest():
|
||||
|
||||
if duration >= conf.timeSec:
|
||||
infoMsg = "the target url is affected by a stacked queries "
|
||||
infoMsg += "sql injection on parameter '%s'" % kb.injParameter
|
||||
infoMsg += "sql injection on parameter '%s'" % kb.injection.parameter
|
||||
logger.info(infoMsg)
|
||||
|
||||
kb.stackedTest = agent.removePayloadDelimiters(payload, False)
|
||||
else:
|
||||
warnMsg = "the target url is not affected by a stacked queries "
|
||||
warnMsg += "sql injection on parameter '%s'" % kb.injParameter
|
||||
warnMsg += "sql injection on parameter '%s'" % kb.injection.parameter
|
||||
logger.warn(warnMsg)
|
||||
|
||||
kb.stackedTest = False
|
||||
|
||||
Reference in New Issue
Block a user