Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.

2026-01-22 06:09:02 +00:00 · 2008-12-12 19:06:31 +00:00
parent 072eb7154c
commit bf2a857b9a
12 changed files with 2077 additions and 970 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA



+import re
 import time

 from lib.controller.action import action
@@ -35,6 +36,7 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapConnectionException
 from lib.core.session import setString
+from lib.core.session import setRegexp
 from lib.request.connect import Connect as Request


@@ -337,6 +339,38 @@ def checkString():
        return False


+def checkRegexp():
+    if not conf.regexp:
+        return True
+
+    condition = (
+                  kb.resumedQueries.has_key(conf.url) and
+                  kb.resumedQueries[conf.url].has_key("Regular expression") and
+                  kb.resumedQueries[conf.url]["Regular expression"][:-1] == conf.regexp
+                )
+
+    if condition:
+        return True
+
+    infoMsg  = "testing if the provided regular expression matches within "
+    infoMsg += "the target URL page content"
+    logger.info(infoMsg)
+
+    page = Request.queryPage(content=True)
+
+    if re.search(conf.regexp, page, re.I | re.M):
+        setRegexp()
+        return True
+    else:
+        errMsg  = "you provided '%s' as the regular expression to " % conf.regexp
+        errMsg += "match, but such a regular expression does not have any "
+        errMsg += "match within the target URL page content, please provide "
+        errMsg += "another regular expression."
+        logger.error(errMsg)
+
+        return False
+
+
 def checkConnection():
    infoMsg = "testing connection to the target url"
    logger.info(infoMsg)
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -29,6 +29,7 @@ from lib.controller.checks import checkSqlInjection
 from lib.controller.checks import checkDynParam
 from lib.controller.checks import checkStability
 from lib.controller.checks import checkString
+from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
 from lib.core.common import paramToDict
 from lib.core.common import readInput
@@ -117,7 +118,7 @@ def start():

        if conf.multipleTargets:
            hostCount += 1
-            message = "url %d:\n%s %s" % (hostCount, conf.method, targetUrl)
+            message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl)

            if conf.cookie:
                message += "\nCookie: %s" % conf.cookie
@@ -140,7 +141,7 @@ def start():

        initTargetEnv()

-        if not checkConnection() or not checkString():
+        if not checkConnection() or not checkString() or not checkRegexp():
            continue

        for _, cookie in enumerate(conf.cj):
@@ -173,14 +174,14 @@ def start():
                    __testableParameters = True

        if not kb.injPlace or not kb.injParameter or not kb.injType:
-            if not conf.string:
+            if not conf.string and not conf.regexp and not conf.eRegexp:
                if checkStability():
                    logMsg = "url is stable"
                    logger.info(logMsg)
                else:
-                    errMsg  = "url is not stable, try with --string option, refer "
-                    errMsg += "to the user's manual paragraph 'String match' "
-                    errMsg += "for details"
+                    errMsg  = "url is not stable, try with --string or "
+                    errMsg += "--regexp options, refer to the user's manual "
+                    errMsg += "paragraph 'Page comparison' for details"

                    if conf.multipleTargets:
                        errMsg += ", skipping to next url"
@@ -214,7 +215,6 @@ def start():

                            if injType:
                                injData.append((place, parameter, injType))
-                                kb.parenthesis = parenthesis

                                break
                            else:
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -48,6 +48,20 @@ def setString():
        dataToSessionFile("[%s][None][None][String][%s]\n" % (conf.url, conf.string))


+def setRegexp():
+    """
+    Save regular expression to match in session file.
+    """
+
+    condition = (
+                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
+                  not kb.resumedQueries[conf.url].has_key("Regular expression") )
+                )
+
+    if condition:
+        dataToSessionFile("[%s][None][None][Regular expression][%s]\n" % (conf.url, conf.regexp))
+
+
 def setInjection():
    """
    Save information retrieved about injection place and parameter in the
@@ -178,6 +192,28 @@ def resumeConfKb(expression, url, value):
            if not test or test[0] in ("y", "Y"):
                conf.string = string

+    elif expression == "Regular expression" and url == conf.url:
+        regexp = value[:-1]
+
+        logMsg  = "resuming regular expression match '%s' from session file" % regexp
+        logger.info(logMsg)
+
+        if regexp and ( not conf.regexp or regexp != conf.regexp ):
+            if not conf.regexp:
+                message  = "you did not provide any regular expression "
+                message += "to match. "
+            else:
+                message  = "The regular expression you provided does not "
+                message += "match the resumed regular expression. "
+
+            message += "Do you want to use the resumed regular expression "
+            message += "to be matched in page when the query "
+            message += "is valid? [Y/n] "
+            test = readInput(message, default="Y")
+
+            if not test or test[0] in ("y", "Y"):
+                conf.regexp = regexp
+
    elif expression == "Injection point" and url == conf.url:
        injPlace = value[:-1]

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -30,7 +30,7 @@ import sys


 # sqlmap version and site
-VERSION            = "0.6.3-rc5"
+VERSION            = "0.6.3"
 VERSION_STRING     = "sqlmap/%s" % VERSION
 SITE               = "http://sqlmap.sourceforge.net"

--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -24,6 +24,8 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA



+import sys
+
 from optparse import OptionError
 from optparse import OptionGroup
 from optparse import OptionParser
@@ -37,7 +39,7 @@ def cmdLineParser():
    This function parses the command line parameters and arguments
    """

-    usage = "sqlmap.py [options]"
+    usage = "%s [options]" % sys.argv[0]
    parser = OptionParser(usage=usage, version=VERSION_STRING)

    try:
@@ -108,7 +110,12 @@ def cmdLineParser():


        # Injection options
-        injection = OptionGroup(parser, "Injection")
+        injection = OptionGroup(parser, "Injection", "These options can be "
+                                "used to specify which parameters to test "
+                                "for, provide custom injection payloads and "
+                                "how to parse and compare HTTP responses "
+                                "page content when using the blind SQL "
+                                "injection technique.")

        injection.add_option("-p", dest="testParameter",
                             help="Testable parameter(s)")
--- a/lib/utils/parenthesis.py
+++ b/lib/utils/parenthesis.py
@@ -46,7 +46,11 @@ def checkForParenthesis():

    count = 0

+    if kb.parenthesis != None:
+        return
+
    if conf.prefix or conf.postfix:
+        kb.parenthesis = 0
        return

    for parenthesis in range(1, 4):