Patch related to the #3438

2026-01-24 07:09:02 +00:00 · 2019-01-17 15:06:00 +01:00
parent 669afdd81b
commit 7eb45b9d8f
3 changed files with 18 additions and 7 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.1.52"
+VERSION = "1.3.1.53"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -109,7 +109,7 @@ MAX_MURPHY_SLEEP_TIME = 3
 GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&amp;cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)"

 # Regular expression used for extracting results from DuckDuckGo search
-DUCKDUCKGO_REGEX = r'"u":"([^"]+)'
+DUCKDUCKGO_REGEX = r'<a class="result__url" href="(htt[^"]+)'

 # Regular expression used for extracting results from Bing search
 BING_REGEX = r'<h2><a href="([^"]+)" h='
--- a/lib/utils/search.py
+++ b/lib/utils/search.py
@@ -45,6 +45,7 @@ def _search(dork):
    if not dork:
        return None

+    data = None
    headers = {}

    headers[HTTP_HEADER.USER_AGENT] = dict(conf.httpHeaders).get(HTTP_HEADER.USER_AGENT, DUMMY_SEARCH_USER_AGENT)
@@ -123,12 +124,12 @@ def _search(dork):
            url = "https://www.bing.com/search?q=%s&first=%d" % (urlencode(dork, convall=True), (gpage - 1) * 10 + 1)
            regex = BING_REGEX
        else:
-            url = "https://duckduckgo.com/d.js?"
-            url += "q=%s&p=%d&s=100" % (urlencode(dork, convall=True), gpage)
+            url = "https://duckduckgo.com/html/"
+            data = "q=%s&s=%d" % (urlencode(dork, convall=True), (gpage - 1) * 30)
            regex = DUCKDUCKGO_REGEX

        try:
-            req = urllib2.Request(url, headers=headers)
+            req = urllib2.Request(url, data=data, headers=headers)
            conn = urllib2.urlopen(req)

            requestMsg = "HTTP request:\nGET %s" % url
@@ -152,6 +153,7 @@ def _search(dork):
        except urllib2.HTTPError, e:
            try:
                page = e.read()
+                page = decodePage(page, e.headers.get("Content-Encoding"), e.headers.get("Content-Type"))
            except socket.timeout:
                warnMsg = "connection timed out while trying "
                warnMsg += "to get error page information (%d)" % e.code
@@ -163,6 +165,15 @@ def _search(dork):

        retVal = [urllib.unquote(match.group(1)) for match in re.finditer(regex, page, re.I | re.S)]

+        if not retVal and "issue with the Tor Exit Node you are currently using" in page:
+            warnMsg = "DuckDuckGo has detected 'unusual' traffic from "
+            warnMsg += "used (Tor) IP address"
+
+            if conf.proxyList:
+                raise SqlmapBaseException(warnMsg)
+            else:
+                logger.critical(warnMsg)
+
    return retVal

@stackedmethod