PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of github.com:sqlmapproject/sqlmap

Browse Source
This commit is contained in:
Bernardo Damele
2013-01-07 11:10:08 +00:00
parent a30d7014b9 87e923613f
commit 7fa75792dd
87 changed files with 362 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/agent.py
View File

@@ -252,7 +252,7 @@ class Agent(object):
else:
errMsg = "invalid usage of inference payload without "
errMsg += "knowledge of underlying DBMS"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
return payload

42
lib/core/common.py
View File

@@ -736,7 +736,7 @@ def dataToTrafficFile(data):
except IOError, ex:
errMsg = "something went wrong while trying "
errMsg += "to write to the traffic file '%s' ('%s')" % (conf.trafficFile, ex)
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def dataToDumpFile(dumpFile, data):
dumpFile.write(data)
@@ -861,7 +861,7 @@ def checkFile(filename):
"""
if not os.path.isfile(filename):
raise SqlmapFilePathException, "unable to read file '%s'" % filename
raise SqlmapFilePathException("unable to read file '%s'" % filename)
def banner():
"""
@@ -997,7 +997,7 @@ def parseTargetDirect():
errMsg = "invalid target details, valid syntax is for instance "
errMsg += "'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME' "
errMsg += "or 'access://DATABASE_FILEPATH'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
for dbmsName, data in DBMS_DICT.items():
if conf.dbms in data[0]:
@@ -1012,7 +1012,7 @@ def parseTargetDirect():
conf.port = 0
elif not remote:
errMsg = "missing remote connection details"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if dbmsName in (DBMS.MSSQL, DBMS.SYBASE):
import _mssql
@@ -1022,7 +1022,7 @@ def parseTargetDirect():
errMsg = "'%s' third-party library must be " % data[1]
errMsg += "version >= 1.0.2 to work properly. "
errMsg += "Download from '%s'" % data[2]
raise SqlmapMissingDependence, errMsg
raise SqlmapMissingDependence(errMsg)
elif dbmsName == DBMS.MYSQL:
import pymysql
@@ -1040,7 +1040,7 @@ def parseTargetDirect():
errMsg = "sqlmap requires '%s' third-party library " % data[1]
errMsg += "in order to directly connect to the database "
errMsg += "%s. Download from '%s'" % (dbmsName, data[2])
raise SqlmapMissingDependence, errMsg
raise SqlmapMissingDependence(errMsg)
def parseTargetUrl():
"""
@@ -1055,7 +1055,7 @@ def parseTargetUrl():
if re.search("\[.+\]", conf.url) and not socket.has_ipv6:
errMsg = "IPv6 addressing is not supported "
errMsg += "on this platform"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
if not re.search("^http[s]*://", conf.url, re.I):
if ":443/" in conf.url:
@@ -1083,14 +1083,14 @@ def parseTargetUrl():
if any((_ is None, re.search(r'\s', conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'))):
errMsg = "invalid target url"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if len(hostnamePort) == 2:
try:
conf.port = int(hostnamePort[1])
except:
errMsg = "invalid target url"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif conf.scheme == "https":
conf.port = 443
else:
@@ -1353,7 +1353,7 @@ def safeStringFormat(format_, params):
if count < len(params):
retVal = retVal[:index] + getUnicode(params[count]) + retVal[index + 2:]
else:
raise SqlmapNoneDataException, "wrong number of parameters during string formatting"
raise SqlmapNoneDataException("wrong number of parameters during string formatting")
count += 1
return retVal
@@ -2377,7 +2377,7 @@ def initTechnique(technique=None):
errMsg = "missing data in old session file(s). "
errMsg += "Please use '--flush-session' to deal "
errMsg += "with this error"
raise SqlmapNoneDataException, errMsg
raise SqlmapNoneDataException(errMsg)
def arrayizeValue(value):
"""
@@ -2496,7 +2496,7 @@ def openFile(filename, mode='r'):
errMsg += "Please check %s permissions on a file " % ("write" if \
mode and ('w' in mode or 'a' in mode or '+' in mode) else "read")
errMsg += "and that it's not locked by another process."
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
def decodeIntToUnicode(value):
"""
@@ -2810,7 +2810,7 @@ def expandMnemonics(mnemonics, parser, args):
if pointer in (None, head):
errMsg = "mnemonic '%s' can't be resolved to any parameter name" % name
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif len(pointer.current) > 1:
options = {}
@@ -2849,7 +2849,7 @@ def expandMnemonics(mnemonics, parser, args):
setattr(args, found.dest, True)
else:
errMsg = "mnemonic '%s' requires value of type '%s'" % (name, found.type)
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
def safeCSValue(value):
"""
@@ -2997,7 +2997,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
if not content:
errMsg = "can't parse forms as the page content appears to be blank"
if raise_:
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
logger.debug(errMsg)
@@ -3017,7 +3017,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
except ParseError:
errMsg = "no success"
if raise_:
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
logger.debug(errMsg)
@@ -3038,7 +3038,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
errMsg = "there has been a problem while "
errMsg += "processing page forms ('%s')" % ex
if raise_:
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
logger.debug(errMsg)
else:
@@ -3057,7 +3057,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
else:
errMsg = "there were no forms found at the given target url"
if raise_:
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
logger.debug(errMsg)
@@ -3105,7 +3105,7 @@ def checkDeprecatedOptions(args):
errMsg = "switch/option '%s' is deprecated" % _
if _ in DEPRECATED_HINTS:
errMsg += " (hint: %s)" % DEPRECATED_HINTS[_]
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
def evaluateCode(code, variables=None):
"""
@@ -3118,7 +3118,7 @@ def evaluateCode(code, variables=None):
raise
except Exception, ex:
errMsg = "an error occured while evaluating provided code ('%s'). " % ex
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def serializeObject(object_):
"""
@@ -3259,7 +3259,7 @@ def resetCookieJar(cookieJar):
except cookielib.LoadError, msg:
errMsg = "there was a problem loading "
errMsg += "cookies file ('%s')" % msg
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def prioritySortColumns(columns):
"""

4
lib/core/convert.py
View File

@@ -47,7 +47,7 @@ def hexencode(value):
return utf8encode(value).encode("hex")
def md5hash(value):
if sys.modules.has_key('hashlib'):
if "hashlib" in sys.modules:
return hashlib.md5(value).hexdigest()
else:
return md5.new(value).hexdigest()
@@ -60,7 +60,7 @@ def ordencode(value):
return tuple(ord(char) for char in value)
def sha1hash(value):
if sys.modules.has_key('hashlib'):
if "hashlib" in sys.modules:
return hashlib.sha1(value).hexdigest()
else:
return sha.new(value).hexdigest()

6
lib/core/datatype.py
View File

@@ -38,7 +38,7 @@ class AttribDict(dict):
try:
return self.__getitem__(item)
except KeyError:
raise SqlmapDataException, "unable to access item '%s'" % item
raise SqlmapDataException("unable to access item '%s'" % item)
def __setattr__(self, item, value):
"""
@@ -47,11 +47,11 @@ class AttribDict(dict):
"""
# This test allows attributes to be set in the __init__ method
if not self.__dict__.has_key('_AttribDict__initialised'):
if "_AttribDict__initialised" not in self.__dict__:
return dict.__setattr__(self, item, value)
# Any normal attributes are handled normally
elif self.__dict__.has_key(item):
elif item in self.__dict__:
dict.__setattr__(self, item, value)
else:

84
lib/core/dicts.py
View File

@@ -21,51 +21,51 @@ from lib.core.settings import SYBASE_ALIASES
from lib.core.settings import DB2_ALIASES
FIREBIRD_TYPES = {
"261":"BLOB",
"14":"CHAR",
"40":"CSTRING",
"11":"D_FLOAT",
"27":"DOUBLE",
"10":"FLOAT",
"16":"INT64",
"8":"INTEGER",
"9":"QUAD",
"7":"SMALLINT",
"12":"DATE",
"13":"TIME",
"35":"TIMESTAMP",
"37":"VARCHAR"
"261": "BLOB",
"14": "CHAR",
"40": "CSTRING",
"11": "D_FLOAT",
"27": "DOUBLE",
"10": "FLOAT",
"16": "INT64",
"8": "INTEGER",
"9": "QUAD",
"7": "SMALLINT",
"12": "DATE",
"13": "TIME",
"35": "TIMESTAMP",
"37": "VARCHAR"
}
SYBASE_TYPES = {
"14":"floatn",
"8":"float",
"15":"datetimn",
"12":"datetime",
"23":"real",
"28":"numericn",
"10":"numeric",
"27":"decimaln",
"26":"decimal",
"17":"moneyn",
"11":"money",
"21":"smallmoney",
"22":"smalldatetime",
"13":"intn",
"7":"int",
"6":"smallint",
"5":"tinyint",
"16":"bit",
"2":"varchar",
"18":"sysname",
"25":"nvarchar",
"1":"char",
"24":"nchar",
"4":"varbinary",
"80":"timestamp",
"3":"binary",
"19":"text",
"20":"image",
"14": "floatn",
"8": "float",
"15": "datetimn",
"12": "datetime",
"23": "real",
"28": "numericn",
"10": "numeric",
"27": "decimaln",
"26": "decimal",
"17": "moneyn",
"11": "money",
"21": "smallmoney",
"22": "smalldatetime",
"13": "intn",
"7": "int",
"6": "smallint",
"5": "tinyint",
"16": "bit",
"2": "varchar",
"18": "sysname",
"25": "nvarchar",
"1": "char",
"24": "nchar",
"4": "varbinary",
"80": "timestamp",
"3": "binary",
"19": "text",
"20": "image",
}
MYSQL_PRIVS = {

2
lib/core/dump.py
View File

@@ -70,7 +70,7 @@ class Dump(object):
self._outputFP = codecs.open(self._outputFile, "ab" if not conf.flushSession else "wb", UNICODE_ENCODING)
except IOError, ex:
errMsg = "error occurred while opening log file ('%s')" % ex
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def getOutputFile(self):
return self._outputFile

50
lib/core/enums.py
View File

@@ -24,7 +24,7 @@ class SORT_ORDER:
class DBMS:
ACCESS = "Microsoft Access"
DB2 = "IBM DB2"
DB2 = "IBM DB2"
FIREBIRD = "Firebird"
MAXDB = "SAP MaxDB"
MSSQL = "Microsoft SQL Server"
@@ -173,39 +173,39 @@ class REDIRECTION:
class PAYLOAD:
SQLINJECTION = {
1: "boolean-based blind",
2: "error-based",
3: "UNION query",
4: "stacked queries",
5: "AND/OR time-based blind",
6: "inline query"
1: "boolean-based blind",
2: "error-based",
3: "UNION query",
4: "stacked queries",
5: "AND/OR time-based blind",
6: "inline query"
}
PARAMETER = {
1: "Unescaped numeric",
2: "Single quoted string",
3: "LIKE single quoted string",
4: "Double quoted string",
5: "LIKE double quoted string"
1: "Unescaped numeric",
2: "Single quoted string",
3: "LIKE single quoted string",
4: "Double quoted string",
5: "LIKE double quoted string"
}
RISK = {
0: "No risk",
1: "Low risk",
2: "Medium risk",
3: "High risk"
0: "No risk",
1: "Low risk",
2: "Medium risk",
3: "High risk"
}
CLAUSE = {
0: "Always",
1: "WHERE",
2: "GROUP BY",
3: "ORDER BY",
4: "LIMIT",
5: "OFFSET",
6: "TOP",
7: "Table name",
8: "Column name"
0: "Always",
1: "WHERE",
2: "GROUP BY",
3: "ORDER BY",
4: "LIMIT",
5: "OFFSET",
6: "TOP",
7: "Table name",
8: "Column name"
}
class METHOD:

134
lib/core/option.py
View File

@@ -388,7 +388,7 @@ def _setMultipleTargets():
if not os.path.exists(conf.logFile):
errMsg = "the specified list of targets does not exist"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
if os.path.isfile(conf.logFile):
_feedTargetsDict(conf.logFile, addedTargetUrls)
@@ -406,7 +406,7 @@ def _setMultipleTargets():
else:
errMsg = "the specified list of targets is not a file "
errMsg += "nor a directory"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
updatedTargetsCount = len(kb.targets)
@@ -453,7 +453,7 @@ def _setRequestFromFile():
if not os.path.isfile(conf.requestFile):
errMsg = "the specified HTTP request file "
errMsg += "does not exist"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
_feedTargetsDict(conf.requestFile, addedTargetUrls)
@@ -504,7 +504,7 @@ def _setGoogleDorking():
if not links:
errMsg = "unable to find results for your "
errMsg += "Google dork expression"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
for link in links:
link = urldecode(link)
@@ -560,7 +560,7 @@ def _setBulkMultipleTargets():
if not os.path.isfile(conf.bulkFile):
errMsg = "the specified bulk file "
errMsg += "does not exist"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
for line in getFileItems(conf.bulkFile):
if re.search(r"[^ ]+\?(.+)", line, re.I):
@@ -597,7 +597,7 @@ def _setDBMSAuthentication():
if not match:
errMsg = "DBMS authentication credentials value must be in format "
errMsg += "username:password"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
conf.dbmsUsername = match.group(1)
conf.dbmsPassword = match.group(2)
@@ -638,7 +638,7 @@ def _setMetasploit():
errMsg += "if you want to perform a SMB relay attack because "
errMsg += "it will need to listen on a user-specified SMB "
errMsg += "TCP port for incoming connection attempts"
raise SqlmapMissingPrivileges, errMsg
raise SqlmapMissingPrivileges(errMsg)
if conf.msfPath:
for path in (conf.msfPath, os.path.join(conf.msfPath, "bin")):
@@ -687,7 +687,7 @@ def _setMetasploit():
if not msfEnvPathExists:
errMsg = "unable to locate Metasploit Framework installation. "
errMsg += "You can get it at 'http://metasploit.com/framework/download/'"
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
def _setWriteFile():
if not conf.wFile:
@@ -698,12 +698,12 @@ def _setWriteFile():
if not os.path.exists(conf.wFile):
errMsg = "the provided local file '%s' does not exist" % conf.wFile
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
if not conf.dFile:
errMsg = "you did not provide the back-end DBMS absolute path "
errMsg += "where you want to write the local file '%s'" % conf.wFile
raise SqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException(errMsg)
conf.wFileType = getFileType(conf.wFile)
@@ -722,7 +722,7 @@ def _setOS():
errMsg += "If you do not know the back-end DBMS underlying OS, "
errMsg += "do not provide it and sqlmap will fingerprint it for "
errMsg += "you."
raise SqlmapUnsupportedDBMSException, errMsg
raise SqlmapUnsupportedDBMSException(errMsg)
debugMsg = "forcing back-end DBMS operating system to user defined "
debugMsg += "value '%s'" % conf.os
@@ -742,7 +742,7 @@ def _setTechnique():
errMsg = "value for --technique must be a string composed "
errMsg += "by the letters %s. Refer to the " % ", ".join(validLetters)
errMsg += "user's manual for details"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
for validTech, validInt in validTechniques:
if letter == validTech[0]:
@@ -774,7 +774,7 @@ def _setDBMS():
errMsg += "system. The supported DBMS are %s. " % ', '.join([d for d in DBMS_DICT])
errMsg += "If you do not know the back-end DBMS, do not provide "
errMsg += "it and sqlmap will fingerprint it for you."
raise SqlmapUnsupportedDBMSException, errMsg
raise SqlmapUnsupportedDBMSException(errMsg)
for aliases in (MSSQL_ALIASES, MYSQL_ALIASES, PGSQL_ALIASES, ORACLE_ALIASES, \
SQLITE_ALIASES, ACCESS_ALIASES, FIREBIRD_ALIASES, \
@@ -808,11 +808,11 @@ def _setTamperingFunctions():
elif not os.path.exists(tfile):
errMsg = "tamper script '%s' does not exist" % tfile
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
elif not tfile.endswith('.py'):
errMsg = "tamper script '%s' should have an extension '.py'" % tfile
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
dirname, filename = os.path.split(tfile)
dirname = os.path.abspath(dirname)
@@ -823,7 +823,7 @@ def _setTamperingFunctions():
if not os.path.exists(os.path.join(dirname, '__init__.py')):
errMsg = "make sure that there is an empty file '__init__.py' "
errMsg += "inside of tamper scripts directory '%s'" % dirname
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
if dirname not in sys.path:
sys.path.insert(0, dirname)
@@ -831,7 +831,7 @@ def _setTamperingFunctions():
try:
module = __import__(filename[:-3])
except ImportError, msg:
raise SqlmapSyntaxException, "cannot import tamper script '%s' (%s)" % (filename[:-3], msg)
raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], msg))
priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
@@ -866,7 +866,7 @@ def _setTamperingFunctions():
if not found:
errMsg = "missing function 'tamper(payload, headers)' "
errMsg += "in tamper script '%s'" % tfile
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
if resolve_priorities and priorities:
priorities.sort(reverse=True)
@@ -929,14 +929,14 @@ def _setHTTPProxy():
if not all((scheme, hasattr(PROXY_TYPE, scheme), hostname, port)):
errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.pCred:
_ = re.search("^(.*?):(.*?)$", conf.pCred)
if not _:
errMsg = "Proxy authentication credentials "
errMsg += "value must be in format username:password"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
else:
username = _.group(1)
password = _.group(2)
@@ -979,7 +979,7 @@ def _setSafeUrl():
if conf.saFreq <= 0:
errMsg = "please provide a valid value (>0) for safe frequency (--safe-freq) while using safe url feature"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
def _setPrefixSuffix():
if conf.prefix is not None and conf.suffix is not None:
@@ -1033,12 +1033,12 @@ def _setHTTPAuthentication():
elif conf.aType and not conf.aCred:
errMsg = "you specified the HTTP authentication type, but "
errMsg += "did not provide the credentials"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif not conf.aType and conf.aCred:
errMsg = "you specified the HTTP authentication credentials, "
errMsg += "but did not provide the type"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if not conf.aCert:
debugMsg = "setting the HTTP authentication type and credentials"
@@ -1049,7 +1049,7 @@ def _setHTTPAuthentication():
if aTypeLower not in ( "basic", "digest", "ntlm" ):
errMsg = "HTTP authentication type value must be "
errMsg += "Basic, Digest or NTLM"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif aTypeLower in ( "basic", "digest" ):
regExp = "^(.*?):(.*?)$"
errMsg = "HTTP %s authentication credentials " % aTypeLower
@@ -1062,7 +1062,7 @@ def _setHTTPAuthentication():
aCredRegExp = re.search(regExp, conf.aCred)
if not aCredRegExp:
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
conf.authUsername = aCredRegExp.group(1)
conf.authPassword = aCredRegExp.group(2)
@@ -1084,7 +1084,7 @@ def _setHTTPAuthentication():
errMsg = "sqlmap requires Python NTLM third-party library "
errMsg += "in order to authenticate via NTLM, "
errMsg += "http://code.google.com/p/python-ntlm/"
raise SqlmapMissingDependence, errMsg
raise SqlmapMissingDependence(errMsg)
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(kb.passwordMgr)
else:
@@ -1096,7 +1096,7 @@ def _setHTTPAuthentication():
if not aCertRegExp:
errMsg = "HTTP authentication certificate option "
errMsg += "must be in format key_file,cert_file"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
# os.path.expanduser for support of paths with ~
key_file = os.path.expanduser(aCertRegExp.group(1))
@@ -1105,7 +1105,7 @@ def _setHTTPAuthentication():
for ifile in (key_file, cert_file):
if not os.path.exists(ifile):
errMsg = "File '%s' does not exist" % ifile
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
authHandler = HTTPSCertAuthHandler(key_file, cert_file)
@@ -1134,7 +1134,7 @@ def _setHTTPExtraHeaders():
conf.httpHeaders.append((header, value))
else:
errMsg = "invalid header value: %s. Valid header format is 'name:value'" % repr(headerValue).lstrip('u')
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
elif not conf.httpHeaders or len(conf.httpHeaders) == 1:
conf.httpHeaders.append((HTTPHEADER.ACCEPT_LANGUAGE, "en-us,en;q=0.5"))
@@ -1809,13 +1809,13 @@ def _setDNSServer():
except socket.error, msg:
errMsg = "there was an error while setting up "
errMsg += "DNS server instance ('%s')" % msg
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
else:
errMsg = "you need to run sqlmap as an administrator "
errMsg += "if you want to perform a DNS data exfiltration attack "
errMsg += "as it will need to listen on privileged UDP port 53 "
errMsg += "for incoming address resolution attempts"
raise SqlmapMissingPrivileges, errMsg
raise SqlmapMissingPrivileges(errMsg)
def _setTorProxySettings():
if not conf.tor:
@@ -1856,7 +1856,7 @@ def _setTorHttpProxySettings():
else:
errMsg += "(e.g. http://www.coresec.org/2011/04/24/sqlmap-with-tor/)"
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
if not conf.checkTor:
warnMsg = "use switch '--check-tor' at "
@@ -1885,7 +1885,7 @@ def _checkTor():
page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False)
if not page or 'Congratulations' not in page:
errMsg = "it seems that Tor is not properly set. Please try using options '--tor-type' and/or '--tor-port'"
raise SqlmapConnectionException, errMsg
raise SqlmapConnectionException(errMsg)
else:
infoMsg = "Tor is properly being used"
logger.info(infoMsg)
@@ -1893,135 +1893,135 @@ def _checkTor():
def _basicOptionValidation():
if conf.limitStart is not None and not (isinstance(conf.limitStart, int) and conf.limitStart > 0):
errMsg = "value for option '--start' (limitStart) must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.limitStop is not None and not (isinstance(conf.limitStop, int) and conf.limitStop > 0):
errMsg = "value for option '--stop' (limitStop) must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.level is not None and not (isinstance(conf.level, int) and conf.level > 0):
errMsg = "value for option '--level' must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.risk is not None and not (isinstance(conf.risk, int) and conf.risk > 0):
errMsg = "value for option '--risk' must be an integer value greater than zero (>0)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.limitStart is not None and isinstance(conf.limitStart, int) and conf.limitStart > 0 and \
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart:
errMsg = "value for option '--start' (limitStart) must be smaller or equal than value for --stop (limitStop) option"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.firstChar is not None and isinstance(conf.firstChar, int) and conf.firstChar > 0 and \
conf.lastChar is not None and isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar:
errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0):
errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.textOnly and conf.nullConnection:
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.titles and conf.nullConnection:
errMsg = "switch '--titles' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.data and conf.nullConnection:
errMsg = "option '--data' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.string and conf.nullConnection:
errMsg = "option '--string' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.notString and conf.nullConnection:
errMsg = "option '--not-string' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.string and conf.notString:
errMsg = "option '--string' is incompatible with switch '--not-string'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.regexp and conf.nullConnection:
errMsg = "option '--regexp' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.dumpTable and conf.dumpAll:
errMsg = "switch '--dump' is incompatible with switch '--dump-all'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.predictOutput and (conf.threads > 1 or conf.optimize):
errMsg = "switch '--predict-output' is incompatible with option '--threads' and switch '-o'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.threads > MAX_NUMBER_OF_THREADS:
errMsg = "maximum number of used threads is %d avoiding possible connection issues" % MAX_NUMBER_OF_THREADS
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.forms and not conf.url:
errMsg = "switch '--forms' requires usage of option '-u' (--url)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.requestFile and conf.url:
errMsg = "option '-r' is incompatible with option '-u' (--url)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.tor and conf.ignoreProxy:
errMsg = "switch '--tor' is incompatible with switch '--ignore-proxy'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.tor and conf.proxy:
errMsg = "switch '--tor' is incompatible with option '--proxy'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.checkTor and not any((conf.tor, conf.proxy)):
errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort > 0):
errMsg = "value for option '--tor-port' must be a positive integer"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True):
errMsg = "option '--tor-type' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(PROXY_TYPE, True))
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.dumpFormat not in getPublicTypeMembers(DUMP_FORMAT, True):
errMsg = "option '--dump-format' accepts one of following values: %s" % ", ".join(getPublicTypeMembers(DUMP_FORMAT, True))
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.skip and conf.testParameter:
errMsg = "option '--skip' is incompatible with option '-p'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.mobile and conf.agent:
errMsg = "switch '--mobile' is incompatible with option '--user-agent'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.proxy and conf.ignoreProxy:
errMsg = "option '--proxy' is incompatible with switch '--ignore-proxy'"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.forms and any([conf.logFile, conf.bulkFile, conf.direct, conf.requestFile, conf.googleDork]):
errMsg = "switch '--forms' is compatible only with option '-u' (--url)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.timeSec < 1:
errMsg = "value for option '--time-sec' must be a positive integer"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.uChar and not re.match(UNION_CHAR_REGEX, conf.uChar):
errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if isinstance(conf.uCols, basestring):
if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2):
errMsg = "value for option '--union-cols' must be a range with hyphon "
errMsg += "(e.g. 1-10) or integer value (e.g. 5)"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.charset:
_ = checkCharEncoding(conf.charset, False)
@@ -2029,14 +2029,14 @@ def _basicOptionValidation():
errMsg = "unknown charset '%s'. Please visit " % conf.charset
errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE
errMsg += "supported charsets"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
else:
conf.charset = _
if conf.loadCookies:
if not os.path.exists(conf.loadCookies):
errMsg = "cookies file '%s' does not exist" % conf.loadCookies
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
def _resolveCrossReferences():
lib.core.threads.readInput = readInput

4
lib/core/replication.py
View File

@@ -64,7 +64,7 @@ class Replication(object):
self.execute('INSERT INTO "%s" VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values))
else:
errMsg = "wrong number of columns used in replicating insert"
raise SqlmapValueException, errMsg
raise SqlmapValueException(errMsg)
def execute(self, sql, parameters=[]):
try:
@@ -73,7 +73,7 @@ class Replication(object):
errMsg = "problem occurred ('%s') while accessing sqlite database " % ex
errMsg += "located at '%s'. Please make sure that " % self.parent.dbpath
errMsg += "it's not used by some other program"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def beginTransaction(self):
"""

8
lib/core/subprocessng.py
View File

@@ -34,13 +34,13 @@ def blockingReadFromFD(fd):
# Uncomment the following line if the process seems to
# take a huge amount of cpu time
# time.sleep(0.01)
continue
continue
else:
raise
break
if not output:
raise EOFError, "fd %s has been closed." % fd
raise EOFError("fd %s has been closed." % fd )
return output
@@ -52,9 +52,9 @@ def blockingWriteToFD(fd, data):
wrote_data = os.write(fd, data)
except (OSError, IOError), io:
if io.errno in (errno.EAGAIN, errno.EINTR):
continue
continue
else:
raise
raise
if wrote_data < data_length:
blockingWriteToFD(fd, data[wrote_data:])

10
lib/core/target.py
View File

@@ -79,7 +79,7 @@ def _setRequestParams():
# Perform checks on POST parameters
if conf.method == HTTPMETHOD.POST and conf.data is None:
errMsg = "HTTP POST method depends on HTTP data value to be posted"
raise SqlmapSyntaxException, errMsg
raise SqlmapSyntaxException(errMsg)
if conf.data is not None:
conf.method = HTTPMETHOD.POST
@@ -237,12 +237,12 @@ def _setRequestParams():
if not conf.parameters:
errMsg = "you did not provide any GET, POST and Cookie "
errMsg += "parameter, neither an User-Agent, Referer or Host header value"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
elif not testableParameters:
errMsg = "all testable parameters you provided are not present "
errMsg += "within the GET, POST and Cookie parameters"
raise SqlmapGenericException, errMsg
raise SqlmapGenericException(errMsg)
def _setHashDB():
"""
@@ -259,7 +259,7 @@ def _setHashDB():
logger.info("flushing session file")
except OSError, msg:
errMsg = "unable to flush the session file (%s)" % msg
raise SqlmapFilePathException, errMsg
raise SqlmapFilePathException(errMsg)
conf.hashDB = HashDB(conf.hashDBFile)
@@ -460,7 +460,7 @@ def _createTargetDirs():
errMsg = "something went wrong while trying "
errMsg += "to write to the output directory '%s' (%s)" % (paths.SQLMAP_OUTPUT_PATH, ex)
raise SqlmapMissingPrivileges, errMsg
raise SqlmapMissingPrivileges(errMsg)
_createDumpDir()
_createFilesDir()

2
lib/core/threads.py
View File

@@ -165,7 +165,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
pass
except KeyboardInterrupt:
raise SqlmapThreadException, "user aborted (Ctrl+C was pressed multiple times)"
raise SqlmapThreadException("user aborted (Ctrl+C was pressed multiple times)")
if forwardException:
raise

2
lib/core/wordlist.py
View File

@@ -42,7 +42,7 @@ class Wordlist(object):
_ = zipfile.ZipFile(current, 'r')
if len(_.namelist()) == 0:
errMsg = "no file(s) inside '%s'" % current
raise SqlmapDataException, errMsg
raise SqlmapDataException(errMsg)
self.fp = _.open(_.namelist()[0])
else:
self.fp = open(current, 'r')