PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

minor improvements regarding data retrieval through DNS channel

Browse Source
This commit is contained in:
Miroslav Stampar
2012-04-03 09:18:30 +00:00
parent 46cfa64d81
commit e05109812f
8 changed files with 43 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
lib/request/inject.py
View File

@@ -60,8 +60,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
value = None
count = 0
if conf.dnsDomain:
value = dnsUse(payload, expression)
value = __goDns(payload, expression)
if value is None:
timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
@@ -81,6 +80,26 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
return value
def __goDns(payload, expression):
value = None
if conf.dnsDomain and kb.dnsTest is not False:
if kb.dnsTest is None:
randInt = randomInt()
kb.dnsTest = dnsUse(payload, "SELECT %d" % randInt) == str(randInt)
if not kb.dnsTest:
errMsg = "test for data retrieval through DNS channel failed. Turning off DNS exfiltration support"
logger.error(errMsg)
conf.dnsDomain = None
else:
infoMsg = "test for data retrieval through DNS channel was successful"
logger.info(infoMsg)
if kb.dnsTest:
value = dnsUse(payload, expression)
return value
def __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected=None, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False):
outputs = []
origExpr = None