PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-25 08:59:02 +00:00
Code Issues Projects Releases Wiki Activity

Minor adjustments and minor bug fixes. Documentation almost complete for sqlmap 0.6.3.

Browse Source
This commit is contained in:
Bernardo Damele
2008-12-12 19:06:31 +00:00
parent 072eb7154c
commit bf2a857b9a
12 changed files with 2077 additions and 970 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/controller/checks.py
View File

@@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import re
import time
from lib.controller.action import action
@@ -35,6 +36,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.exception import sqlmapConnectionException
from lib.core.session import setString
from lib.core.session import setRegexp
from lib.request.connect import Connect as Request
@@ -337,6 +339,38 @@ def checkString():
return False
def checkRegexp():
if not conf.regexp:
return True
condition = (
kb.resumedQueries.has_key(conf.url) and
kb.resumedQueries[conf.url].has_key("Regular expression") and
kb.resumedQueries[conf.url]["Regular expression"][:-1] == conf.regexp
)
if condition:
return True
infoMsg = "testing if the provided regular expression matches within "
infoMsg += "the target URL page content"
logger.info(infoMsg)
page = Request.queryPage(content=True)
if re.search(conf.regexp, page, re.I | re.M):
setRegexp()
return True
else:
errMsg = "you provided '%s' as the regular expression to " % conf.regexp
errMsg += "match, but such a regular expression does not have any "
errMsg += "match within the target URL page content, please provide "
errMsg += "another regular expression."
logger.error(errMsg)
return False
def checkConnection():
infoMsg = "testing connection to the target url"
logger.info(infoMsg)

14
lib/controller/controller.py
View File

@@ -29,6 +29,7 @@ from lib.controller.checks import checkSqlInjection
from lib.controller.checks import checkDynParam
from lib.controller.checks import checkStability
from lib.controller.checks import checkString
from lib.controller.checks import checkRegexp
from lib.controller.checks import checkConnection
from lib.core.common import paramToDict
from lib.core.common import readInput
@@ -117,7 +118,7 @@ def start():
if conf.multipleTargets:
hostCount += 1
message = "url %d:\n%s %s" % (hostCount, conf.method, targetUrl)
message = "url %d:\n%s %s" % (hostCount, conf.method or "GET", targetUrl)
if conf.cookie:
message += "\nCookie: %s" % conf.cookie
@@ -140,7 +141,7 @@ def start():
initTargetEnv()
if not checkConnection() or not checkString():
if not checkConnection() or not checkString() or not checkRegexp():
continue
for _, cookie in enumerate(conf.cj):
@@ -173,14 +174,14 @@ def start():
__testableParameters = True
if not kb.injPlace or not kb.injParameter or not kb.injType:
if not conf.string:
if not conf.string and not conf.regexp and not conf.eRegexp:
if checkStability():
logMsg = "url is stable"
logger.info(logMsg)
else:
errMsg = "url is not stable, try with --string option, refer "
errMsg += "to the user's manual paragraph 'String match' "
errMsg += "for details"
errMsg = "url is not stable, try with --string or "
errMsg += "--regexp options, refer to the user's manual "
errMsg += "paragraph 'Page comparison' for details"
if conf.multipleTargets:
errMsg += ", skipping to next url"
@@ -214,7 +215,6 @@ def start():
if injType:
injData.append((place, parameter, injType))
kb.parenthesis = parenthesis
break
else: