PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-22 06:09:02 +00:00
Code Issues Projects Releases Wiki Activity

Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)

Browse Source
This commit is contained in:
Miroslav Stampar
2012-12-06 14:14:19 +01:00
parent 003d21e962
commit 974407396e
102 changed files with 1115 additions and 1091 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/techniques/blind/inference.py
View File

@@ -33,7 +33,7 @@ from lib.core.enums import ADJUST_TIME_DELAY
from lib.core.enums import CHARSET_TYPE
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapThreadException
from lib.core.exception import SqlmapThreadException
from lib.core.progress import ProgressBar
from lib.core.settings import CHAR_INFERENCE_MARK
from lib.core.settings import INFERENCE_BLANK_BREAK
@@ -546,7 +546,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
logger.info(infoMsg)
if kb.threadException:
raise sqlmapThreadException, "something unexpected happened inside the threads"
raise SqlmapThreadException, "something unexpected happened inside the threads"
if abortedFlag:
raise KeyboardInterrupt

16
lib/techniques/brute/use.py
View File

@@ -23,8 +23,8 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.enums import DBMS
from lib.core.enums import HASHDB_KEYS
from lib.core.exception import sqlmapDataException
from lib.core.exception import sqlmapMissingMandatoryOptionException
from lib.core.exception import SqlmapDataException
from lib.core.exception import SqlmapMissingMandatoryOptionException
from lib.core.settings import METADB_SUFFIX
from lib.core.settings import BRUTE_COLUMN_EXISTS_TEMPLATE
from lib.core.settings import BRUTE_TABLE_EXISTS_TEMPLATE
@@ -32,7 +32,7 @@ from lib.core.threads import getCurrentThreadData
from lib.core.threads import runThreads
from lib.request import inject
def __addPageTextWords():
def _addPageTextWords():
wordsList = []
infoMsg = "adding words used on web page to the check list"
@@ -53,14 +53,14 @@ def tableExists(tableFile, regex=None):
errMsg = "can't use table existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection "
errMsg += "to distinguish errornous results)"
raise sqlmapDataException, errMsg
raise SqlmapDataException, errMsg
tables = getFileItems(tableFile, lowercase=Backend.getIdentifiedDbms() in (DBMS.ACCESS,), unique=True)
infoMsg = "checking table existence using items from '%s'" % tableFile
logger.info(infoMsg)
tables.extend(__addPageTextWords())
tables.extend(_addPageTextWords())
tables = filterListValue(tables, regex)
threadData = getCurrentThreadData()
@@ -138,20 +138,20 @@ def tableExists(tableFile, regex=None):
def columnExists(columnFile, regex=None):
if not conf.tbl:
errMsg = "missing table parameter"
raise sqlmapMissingMandatoryOptionException, errMsg
raise SqlmapMissingMandatoryOptionException, errMsg
result = inject.checkBooleanExpression(safeStringFormat(BRUTE_COLUMN_EXISTS_TEMPLATE, (randomStr(), randomStr())))
if result:
errMsg = "can't use column existence check because of detected invalid results "
errMsg += "(most probably caused by inability of the used injection "
errMsg += "to distinguish errornous results)"
raise sqlmapDataException, errMsg
raise SqlmapDataException, errMsg
infoMsg = "checking column existence using items from '%s'" % columnFile
logger.info(infoMsg)
columns = getFileItems(columnFile, unique=True)
columns.extend(__addPageTextWords())
columns.extend(_addPageTextWords())
columns = filterListValue(columns, regex)
table = safeSQLIdentificatorNaming(conf.tbl, True)

4
lib/techniques/dns/test.py
View File

@@ -11,7 +11,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.dicts import FROM_DUMMY_TABLE
from lib.core.exception import sqlmapNotVulnerableException
from lib.core.exception import SqlmapNotVulnerableException
from lib.techniques.dns.use import dnsUse
@@ -28,7 +28,7 @@ def dnsTest(payload):
errMsg += ". Turning off DNS exfiltration support"
logger.error(errMsg)
else:
raise sqlmapNotVulnerableException, errMsg
raise SqlmapNotVulnerableException, errMsg
else:
infoMsg = "data retrieval through DNS channel was successful"
logger.info(infoMsg)

24
lib/techniques/error/use.py
View File

@@ -45,7 +45,7 @@ from lib.core.threads import runThreads
from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request
def __oneShotErrorUse(expression, field=None):
def _oneShotErrorUse(expression, field=None):
offset = 1
partialValue = None
threadData = getCurrentThreadData()
@@ -53,7 +53,7 @@ def __oneShotErrorUse(expression, field=None):
if retVal and PARTIAL_VALUE_MARKER in retVal:
partialValue = retVal = retVal.replace(PARTIAL_VALUE_MARKER, "")
dataToStdout("[%s] [INFO] resuming partial value: '%s'\r\n" % (time.strftime("%X"), __formatPartialContent(partialValue)))
dataToStdout("[%s] [INFO] resuming partial value: '%s'\r\n" % (time.strftime("%X"), _formatPartialContent(partialValue)))
offset += len(partialValue)
threadData.resumed = retVal is not None and not partialValue
@@ -133,7 +133,7 @@ def __oneShotErrorUse(expression, field=None):
break
if kb.fileReadMode and output:
dataToStdout(__formatPartialContent(output).replace(r"\n", "\n").replace(r"\t", "\t"))
dataToStdout(_formatPartialContent(output).replace(r"\n", "\n").replace(r"\t", "\t"))
else:
retVal = output
break
@@ -146,7 +146,7 @@ def __oneShotErrorUse(expression, field=None):
if isinstance(retVal, basestring):
retVal = htmlunescape(retVal).replace("<br>", "\n")
retVal = __errorReplaceChars(retVal)
retVal = _errorReplaceChars(retVal)
hashDBWrite(expression, retVal)
@@ -156,7 +156,7 @@ def __oneShotErrorUse(expression, field=None):
return safecharencode(retVal) if kb.safeCharEncode else retVal
def __errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None):
def _errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None):
outputs = []
origExpr = None
@@ -177,7 +177,7 @@ def __errorFields(expression, expressionFields, expressionFieldsList, num=None,
else:
expressionReplaced = expression.replace(expressionFields, field, 1)
output = NULL if emptyFields and field in emptyFields else __oneShotErrorUse(expressionReplaced, field)
output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field)
if not kb.threadContinue:
return None
@@ -194,7 +194,7 @@ def __errorFields(expression, expressionFields, expressionFieldsList, num=None,
return outputs
def __errorReplaceChars(value):
def _errorReplaceChars(value):
"""
Restores safely replaced characters
"""
@@ -206,7 +206,7 @@ def __errorReplaceChars(value):
return retVal
def __formatPartialContent(value):
def _formatPartialContent(value):
"""
Prepares (possibly hex) partial content for safe console output
"""
@@ -315,7 +315,7 @@ def errorUse(expression, dump=False):
countedExpression = countedExpression[:countedExpression.index(" ORDER BY ")]
_, _, _, _, _, _, countedExpressionFields, _ = agent.getFields(countedExpression)
count = __oneShotErrorUse(countedExpression, countedExpressionFields)
count = _oneShotErrorUse(countedExpression, countedExpressionFields)
if isNumPosStrValue(count):
if isinstance(stopLimit, int) and stopLimit > 0:
@@ -360,7 +360,7 @@ def errorUse(expression, dump=False):
if kb.dumpTable and (len(expressionFieldsList) < (stopLimit - startLimit) > CHECK_ZERO_COLUMNS_THRESHOLD):
for field in expressionFieldsList:
if __oneShotErrorUse("SELECT COUNT(%s) FROM %s" % (field, kb.dumpTable)) == '0':
if _oneShotErrorUse("SELECT COUNT(%s) FROM %s" % (field, kb.dumpTable)) == '0':
emptyFields.append(field)
debugMsg = "column '%s' of table '%s' will not be " % (field, kb.dumpTable)
debugMsg += "dumped as it appears to be empty"
@@ -383,7 +383,7 @@ def errorUse(expression, dump=False):
except StopIteration:
break
output = __errorFields(expression, expressionFields, expressionFieldsList, num, emptyFields)
output = _errorFields(expression, expressionFields, expressionFieldsList, num, emptyFields)
if not kb.threadContinue:
break
@@ -407,7 +407,7 @@ def errorUse(expression, dump=False):
kb.suppressResumeInfo = False
if not outputs and not abortedFlag:
outputs = __errorFields(expression, expressionFields, expressionFieldsList)
outputs = _errorFields(expression, expressionFields, expressionFieldsList)
if outputs and isListLike(outputs) and len(outputs) == 1 and isinstance(outputs[0], basestring):
outputs = outputs[0]

32
lib/techniques/union/test.py
View File

@@ -41,21 +41,21 @@ from lib.core.unescaper import unescaper
from lib.request.comparison import comparison
from lib.request.connect import Connect as Request
def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=PAYLOAD.WHERE.ORIGINAL):
def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=PAYLOAD.WHERE.ORIGINAL):
"""
Finds number of columns affected by UNION based injection
"""
retVal = None
def __orderByTechnique():
def __orderByTest(cols):
def _orderByTechnique():
def _orderByTest(cols):
query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix)
query = agent.suffixQuery(query, suffix=suffix, comment=comment)
payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where)
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
return not re.search(r"(warning|error|order by|failed)", page or "", re.I) and comparison(page, headers) or re.search(r"data types cannot be compared or sorted", page or "", re.I)
if __orderByTest(1) and not __orderByTest(randomInt()):
if _orderByTest(1) and not _orderByTest(randomInt()):
infoMsg = "ORDER BY technique seems to be usable. "
infoMsg += "This should reduce the time needed "
infoMsg += "to find the right number "
@@ -66,13 +66,13 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
lowCols, highCols = 1, ORDER_BY_STEP
found = None
while not found:
if __orderByTest(highCols):
if _orderByTest(highCols):
lowCols = highCols
highCols += ORDER_BY_STEP
else:
while not found:
mid = highCols - (highCols - lowCols) / 2
if __orderByTest(mid):
if _orderByTest(mid):
lowCols = mid
else:
highCols = mid
@@ -87,7 +87,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
lowerCount, upperCount = conf.uColsStart, conf.uColsStop
if lowerCount == 1:
found = kb.orderByColumns or __orderByTechnique()
found = kb.orderByColumns or _orderByTechnique()
if found:
kb.orderByColumns = found
infoMsg = "target url appears to have %d column%s in query" % (found, 's' if found > 1 else "")
@@ -155,7 +155,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
return retVal
def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL):
def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL):
validPayload = None
vector = None
@@ -235,22 +235,22 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
return validPayload, vector
def __unionConfirm(comment, place, parameter, prefix, suffix, count):
def _unionConfirm(comment, place, parameter, prefix, suffix, count):
validPayload = None
vector = None
# Confirm the union SQL injection and get the exact column
# position which can be used to extract data
validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count)
validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count)
# Assure that the above function found the exploitable full union
# SQL injection position
if not validPayload:
validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE)
validPayload, vector = _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE)
return validPayload, vector
def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix):
def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix):
"""
This method tests if the target url is affected by an union
SQL injection vulnerability. The test is done up to 50 columns
@@ -264,10 +264,10 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
if conf.uColsStop == conf.uColsStart:
count = conf.uColsStart
else:
count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix, PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE)
count = _findUnionCharCount(comment, place, parameter, value, prefix, suffix, PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE)
if count:
validPayload, vector = __unionConfirm(comment, place, parameter, prefix, suffix, count)
validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)
if not all([validPayload, vector]) and not all([conf.uChar, conf.dbms]):
warnMsg = "if UNION based SQL injection is not detected, "
@@ -281,7 +281,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
warnMsg += "(e.g. --union-char=1) "
else:
conf.uChar = kb.uChar = str(randomInt(2))
validPayload, vector = __unionConfirm(comment, place, parameter, prefix, suffix, count)
validPayload, vector = _unionConfirm(comment, place, parameter, prefix, suffix, count)
if not conf.dbms:
if not conf.uChar:
@@ -305,7 +305,7 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
return
kb.technique = PAYLOAD.TECHNIQUE.UNION
validPayload, vector = __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
if validPayload:
validPayload = agent.removePayloadDelimiters(validPayload)

22
lib/techniques/union/use.py
View File

@@ -39,7 +39,7 @@ from lib.core.data import queries
from lib.core.dicts import FROM_DUMMY_TABLE
from lib.core.enums import DBMS
from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapSyntaxException
from lib.core.exception import SqlmapSyntaxException
from lib.core.settings import SQL_SCALAR_REGEX
from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT
from lib.core.threads import getCurrentThreadData
@@ -47,7 +47,7 @@ from lib.core.threads import runThreads
from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request
def __oneShotUnionUse(expression, unpack=True, limited=False):
def _oneShotUnionUse(expression, unpack=True, limited=False):
retVal = hashDBRetrieve("%s%s" % (conf.hexConvert, expression), checkConf=True) # as union data is stored raw unconverted
threadData = getCurrentThreadData()
@@ -106,7 +106,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
return retVal
def configUnion(char=None, columns=None):
def __configUnionChar(char):
def _configUnionChar(char):
if not isinstance(char, basestring):
return
@@ -115,7 +115,7 @@ def configUnion(char=None, columns=None):
if conf.uChar is not None:
kb.uChar = char.replace("[CHAR]", conf.uChar if conf.uChar.isdigit() else "'%s'" % conf.uChar.strip("'"))
def __configUnionCols(columns):
def _configUnionCols(columns):
if not isinstance(columns, basestring):
return
@@ -126,17 +126,17 @@ def configUnion(char=None, columns=None):
colsStart, colsStop = columns, columns
if not colsStart.isdigit() or not colsStop.isdigit():
raise sqlmapSyntaxException, "--union-cols must be a range of integers"
raise SqlmapSyntaxException, "--union-cols must be a range of integers"
conf.uColsStart, conf.uColsStop = int(colsStart), int(colsStop)
if conf.uColsStart > conf.uColsStop:
errMsg = "--union-cols range has to be from lower to "
errMsg += "higher number of columns"
raise sqlmapSyntaxException, errMsg
raise SqlmapSyntaxException, errMsg
__configUnionChar(char)
__configUnionCols(conf.uCols or columns)
_configUnionChar(char)
_configUnionCols(conf.uCols or columns)
def unionUse(expression, unpack=True, dump=False):
"""
@@ -239,7 +239,7 @@ def unionUse(expression, unpack=True, dump=False):
_ = countedExpression.upper().rindex(" ORDER BY ")
countedExpression = countedExpression[:_]
output = __oneShotUnionUse(countedExpression, unpack)
output = _oneShotUnionUse(countedExpression, unpack)
count = parseUnionPage(output)
if isNumPosStrValue(count):
@@ -300,7 +300,7 @@ def unionUse(expression, unpack=True, dump=False):
field = None
limitedExpr = agent.limitQuery(num, expression, field)
output = __oneShotUnionUse(limitedExpr, unpack, True)
output = _oneShotUnionUse(limitedExpr, unpack, True)
if not kb.threadContinue:
break
@@ -342,7 +342,7 @@ def unionUse(expression, unpack=True, dump=False):
if not value and not abortedFlag:
expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full union doesn't play well with ORDER BY
value = __oneShotUnionUse(expression, unpack)
value = _oneShotUnionUse(expression, unpack)
duration = calculateDeltaSeconds(start)