PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-24 15:19:04 +00:00
Code Issues Projects Releases Wiki Activity

few fixes here and there and multi-core processing for dictionary based hash attack

Browse Source
This commit is contained in:
Miroslav Stampar
2011-07-04 19:58:41 +00:00
parent da049110df
commit b8ffcf9495
8 changed files with 225 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/option.py
View File

@@ -1453,7 +1453,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.testQueryCount = 0
kb.threadContinue = True
kb.threadException = False
kb.threadData = {}
kb.uChar = "NULL"
kb.xpCmdshellAvailable = False
@@ -1650,6 +1649,9 @@ def __mergeOptions(inputOptions, overrideOptions):
conf[key] = value
def __setTrafficOutputFP():
infoMsg = "setting file for logging HTTP traffic"
logger.info(infoMsg)
if conf.trafficFile:
conf.trafficFP = openFile(conf.trafficFile, "w+")

8
lib/core/settings.py
View File

@@ -300,7 +300,7 @@ MYSQL_ERROR_CHUNK_LENGTH = 50
MSSQL_ERROR_CHUNK_LENGTH = 100
# Do not unescape the injected statement if it contains any of the following SQL words
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", CHAR_INFERENCE_MARK)
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK)
# Mark used for replacement of reflected values
REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'
@@ -364,3 +364,9 @@ DUMMY_SQL_INJECTION_CHARS = ";()\"'"
# Extensions skipped by crawler
CRAWL_EXCLUDE_EXTENSIONS = ("gif","jpg","jar","tif","bmp","war","ear","mpg","wmv","mpeg","scm","iso","dmp","dll","cab","so","avi","bin","exe","iso","tar","png","pdf","ps","mp3","zip","rar","gz")
# Template used for common table existence check
BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"
# Template used for common column existence check
BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"

13
lib/core/threads.py
View File

@@ -25,7 +25,7 @@ from lib.core.settings import PYVERSION
shared = advancedDict()
class ThreadData():
class _ThreadData(threading.local):
"""
Represents thread independent data
"""
@@ -44,6 +44,8 @@ class ThreadData():
self.shared = shared
self.valueStack = []
ThreadData = _ThreadData()
def getCurrentThreadUID():
return hash(threading.currentThread())
@@ -52,13 +54,12 @@ def readInput(message, default=None):
def getCurrentThreadData():
"""
Returns current thread's dependent data
Returns current thread's local data
"""
threadUID = getCurrentThreadUID()
if threadUID not in kb.threadData:
kb.threadData[threadUID] = ThreadData()
return kb.threadData[threadUID]
global ThreadData
return ThreadData
def exceptionHandledFunction(threadFunction):
try: