sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.

2025-12-07 13:11:29 +00:00 · 2010-01-02 02:02:12 +00:00
parent d55175a340
commit ce022a3b6e
62 changed files with 567 additions and 1026 deletions
--- a/lib/parse/banner.py
+++ b/lib/parse/banner.py
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 import re

 from xml.sax import parse
@@ -35,7 +33,6 @@ from lib.core.data import kb
 from lib.core.data import paths
 from lib.parse.handler import FingerprintHandler

-
 class MSSQLBannerHandler(ContentHandler):
    """
    This class defines methods to parse and extract information from the
@@ -51,7 +48,6 @@ class MSSQLBannerHandler(ContentHandler):
        self.__servicePack   = ""
        self.__info          = info

-
    def __feedInfo(self, key, value):
        value = sanitizeStr(value)

@@ -60,7 +56,6 @@ class MSSQLBannerHandler(ContentHandler):

        self.__info[key] = value

-
    def startElement(self, name, attrs):
        if name == "signatures":
            self.__release = sanitizeStr(attrs.get("release"))
@@ -71,14 +66,12 @@ class MSSQLBannerHandler(ContentHandler):
        elif name == "servicepack":
            self.__inServicePack = True

-
    def characters(self, data):
        if self.__inVersion:
            self.__version += sanitizeStr(data)
        elif self.__inServicePack:
            self.__servicePack += sanitizeStr(data)

-
    def endElement(self, name):
        if name == "signature":
            if re.search(" %s[\.\ ]+" % self.__version, self.__banner):
@@ -89,7 +82,6 @@ class MSSQLBannerHandler(ContentHandler):
            self.__version     = ""
            self.__servicePack = ""

-
        elif name == "version":
            self.__inVersion = False
            self.__version = self.__version.replace(" ", "")
@@ -98,7 +90,6 @@ class MSSQLBannerHandler(ContentHandler):
            self.__inServicePack = False
            self.__servicePack = self.__servicePack.replace(" ", "")

-
 def bannerParser(banner):
    """
    This function calls a class to extract information from the given
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 import sys

 from optparse import OptionError
@@ -33,7 +31,6 @@ from optparse import OptionParser
 from lib.core.data import logger
 from lib.core.settings import VERSION_STRING

-
 def cmdLineParser():
    """
    This function parses the command line parameters and arguments
@@ -75,8 +72,8 @@ def cmdLineParser():
        request.add_option("--cookie", dest="cookie",
                           help="HTTP Cookie header")

-        request.add_option("--referer", dest="referer",
-                           help="HTTP Referer header")
+        request.add_option("--drop-set-cookie", dest="dropSetCookie", action="store_true",
+                           help="Ignore Set-Cookie header from response")

        request.add_option("--user-agent", dest="agent",
                           help="HTTP User-Agent header")
@@ -85,6 +82,9 @@ def cmdLineParser():
                           help="Load a random HTTP User-Agent "
                                "header from file")

+        request.add_option("--referer", dest="referer",
+                           help="HTTP Referer header")
+
        request.add_option("--headers", dest="headers",
                           help="Extra HTTP headers newline separated")

@@ -195,7 +195,6 @@ def cmdLineParser():
                               action="store_true",
                               help="Perform an extensive DBMS version fingerprint")

-
        # Enumeration options
        enumeration = OptionGroup(parser, "Enumeration", "These options can "
                                  "be used to enumerate the back-end database "
@@ -377,17 +376,20 @@ def cmdLineParser():
        # Miscellaneous options
        miscellaneous = OptionGroup(parser, "Miscellaneous")

+        miscellaneous.add_option("-s", dest="sessionFile",
+                                 help="Save and resume all data retrieved "
+                                      "on a session file")
+                                      
        miscellaneous.add_option("--eta", dest="eta", action="store_true",
                                 help="Display for each output the "
                                      "estimated time of arrival")

+        miscellaneous.add_option("--gpage", dest="googlePage", type="int",
+                               help="Use google dork results from specified page number")
+
        miscellaneous.add_option("--update", dest="updateAll", action="store_true",
                                help="Update sqlmap to the latest stable version")

-        miscellaneous.add_option("-s", dest="sessionFile",
-                                 help="Save and resume all data retrieved "
-                                      "on a session file")
-
        miscellaneous.add_option("--save", dest="saveCmdline", action="store_true",
                                 help="Save options on a configuration INI file")

--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 from ConfigParser import NoSectionError
 from ConfigParser import ConfigParser

@@ -33,10 +31,8 @@ from lib.core.data import logger
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.optiondict import optDict

-
 config = None

-
 def configFileProxy(section, option, boolean=False, integer=False):
    """
    Parse configuration file and save settings into the configuration
@@ -63,7 +59,6 @@ def configFileProxy(section, option, boolean=False, integer=False):
        debugMsg += "ignoring. Skipping to next."
        logger.debug(debugMsg)

-
 def configFileParser(configFile):
    """
    Parse configuration file and save settings into the configuration
--- a/lib/parse/handler.py
+++ b/lib/parse/handler.py
@@ -22,15 +22,10 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 import re
-
 from xml.sax.handler import ContentHandler
-
 from lib.core.common import sanitizeStr

-
 class FingerprintHandler(ContentHandler):
    """
    This class defines methods to parse and extract information from
@@ -45,7 +40,6 @@ class FingerprintHandler(ContentHandler):
        self.__techVersion = None
        self.__info        = info

-
    def __feedInfo(self, key, value):
        value = sanitizeStr(value)

@@ -61,7 +55,6 @@ class FingerprintHandler(ContentHandler):
            for v in value.split("|"):
                self.__info[key].add(v)

-
    def startElement(self, name, attrs):
        if name == "regexp":
            self.__regexp = sanitizeStr(attrs.get("value"))
--- a/lib/parse/headers.py
+++ b/lib/parse/headers.py
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 import os

 from xml.sax import parse
@@ -33,7 +31,6 @@ from lib.core.data import kb
 from lib.core.data import paths
 from lib.parse.handler import FingerprintHandler

-
 def headersParser(headers):
    """
    This function calls a class that parses the input HTTP headers to
--- a/lib/parse/html.py
+++ b/lib/parse/html.py
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 import re

 from xml.sax import parse
@@ -34,7 +32,6 @@ from lib.core.common import sanitizeStr
 from lib.core.data import kb
 from lib.core.data import paths

-
 class htmlHandler(ContentHandler):
    """
    This class defines methods to parse the input HTML page to
@@ -49,7 +46,6 @@ class htmlHandler(ContentHandler):

        self.dbms     = None

-
    def startElement(self, name, attrs):
        if name == "dbms":
            self.__dbms = attrs.get("value")
@@ -62,7 +58,6 @@ class htmlHandler(ContentHandler):
                self.dbms = self.__dbms
                self.__match = None

-
 def htmlParser(page):
    """
    This function calls a class that parses the input HTML page to
--- a/lib/parse/queriesfile.py
+++ b/lib/parse/queriesfile.py
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 from xml.sax import parse
 from xml.sax.handler import ContentHandler

@@ -34,7 +32,6 @@ from lib.core.data import queries
 from lib.core.data import paths
 from lib.core.datatype import advancedDict

-
 class queriesHandler(ContentHandler):
    """
    This class defines methods to parse the default DBMS queries
@@ -45,7 +42,6 @@ class queriesHandler(ContentHandler):
        self.__dbms    = ''
        self.__queries = advancedDict()

-
    def startElement(self, name, attrs):
        if name == "dbms":
            data = sanitizeStr(attrs.get("value"))
@@ -150,7 +146,6 @@ class queriesHandler(ContentHandler):
            self.__count  = sanitizeStr(attrs.get("count"))
            self.__count2 = sanitizeStr(attrs.get("count2"))

-
    def endElement(self, name):
        if name == "dbms":
            queries[self.__dbms] = self.__queries
@@ -209,7 +204,6 @@ class queriesHandler(ContentHandler):

            self.__queries.dumpTable = self.__dumpTable

-
 def queriesParser():
    """
    This function calls a class to parse the default DBMS queries