mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-07 21:21:33 +00:00
Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
6e968584f6 | ||
|
|
cc5ba4753c | ||
|
|
afa4d2c514 | ||
|
|
d63401632c | ||
|
|
45553f0efc | ||
|
|
f1dbe9e388 | ||
|
|
3977be9c9e | ||
|
|
9da558f041 | ||
|
|
b3bc401f2e |
@@ -127,8 +127,8 @@
|
||||
<blind query="SELECT DISTINCT(schemaname) FROM pg_tables ORDER BY schemaname OFFSET %d LIMIT 1" count="SELECT COUNT(DISTINCT(schemaname)) FROM pg_tables"/>
|
||||
</dbs>
|
||||
<tables>
|
||||
<inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname"/>
|
||||
<blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' ORDER BY tablename OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'"/>
|
||||
<inband query="SELECT schemaname,tablename FROM pg_tables" condition="schemaname" query2="SELECT table_schema,table_name FROM information_schema.tables" condition2="table_schema"/>
|
||||
<blind query="SELECT tablename FROM pg_tables WHERE schemaname='%s' ORDER BY tablename OFFSET %d LIMIT 1" count="SELECT COUNT(tablename) FROM pg_tables WHERE schemaname='%s'" query2="SELECT table_name FROM information_schema.tables WHERE table_schema='%s' OFFSET %d LIMIT 1" count2="SELECT COUNT(table_name) FROM information_schema.tables WHERE table_schema='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<inband query="SELECT attname,typname FROM pg_attribute b JOIN pg_class a ON a.oid=b.attrelid JOIN pg_type c ON c.oid=b.atttypid JOIN pg_namespace d ON a.relnamespace=d.oid WHERE b.attnum>0 AND a.relname='%s' AND nspname='%s' ORDER BY attname" condition="attname"/>
|
||||
|
||||
@@ -295,10 +295,12 @@ def start():
|
||||
infoMsg = "found a total of %d targets" % len(kb.targets)
|
||||
logger.info(infoMsg)
|
||||
|
||||
hostCount = 0
|
||||
targetCount = 0
|
||||
initialHeaders = list(conf.httpHeaders)
|
||||
|
||||
for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:
|
||||
targetCount += 1
|
||||
|
||||
try:
|
||||
if conf.checkInternet:
|
||||
infoMsg = "checking for Internet connection"
|
||||
@@ -375,12 +377,10 @@ def start():
|
||||
continue
|
||||
|
||||
if conf.multipleTargets:
|
||||
hostCount += 1
|
||||
|
||||
if conf.forms and conf.method:
|
||||
message = "[#%d] form:\n%s %s" % (hostCount, conf.method, targetUrl)
|
||||
message = "[%d/%s] Form:\n%s %s" % (targetCount, len(kb.targets) if isListLike(kb.targets) else '?', conf.method, targetUrl)
|
||||
else:
|
||||
message = "URL %d:\n%s %s" % (hostCount, HTTPMETHOD.GET, targetUrl)
|
||||
message = "[%d/%s] URL:\n%s %s" % (targetCount, len(kb.targets) if isListLike(kb.targets) else '?', HTTPMETHOD.GET, targetUrl)
|
||||
|
||||
if conf.cookie:
|
||||
message += "\nCookie: %s" % conf.cookie
|
||||
@@ -738,7 +738,7 @@ def start():
|
||||
if conf.multipleTargets:
|
||||
_saveToResultsFile()
|
||||
|
||||
errMsg += ", skipping to the next %s" % ("form" if conf.forms else "URL")
|
||||
errMsg += ", skipping to the next target"
|
||||
logger.error(errMsg.lstrip(", "))
|
||||
else:
|
||||
logger.critical(errMsg)
|
||||
|
||||
@@ -20,7 +20,7 @@ from thirdparty import six
|
||||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.5.8.0"
|
||||
VERSION = "1.5.9.0"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
||||
@@ -695,7 +695,7 @@ class Connect(object):
|
||||
|
||||
except SqlmapConnectionException as ex:
|
||||
if conf.proxyList and not kb.threadException:
|
||||
warnMsg = "unable to connect to the target URL ('%s')" % ex
|
||||
warnMsg = "unable to connect to the target URL ('%s')" % getSafeExString(ex)
|
||||
logger.critical(warnMsg)
|
||||
threadData.retriesCount = conf.retries
|
||||
return Connect._retryProxy(**kwargs)
|
||||
@@ -978,7 +978,7 @@ class Connect(object):
|
||||
|
||||
if conf.httpHeaders:
|
||||
headers = OrderedDict(conf.httpHeaders)
|
||||
contentType = max(headers[_] if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else "" for _ in headers) or None
|
||||
contentType = max(headers[_] or "" if _.upper() == HTTP_HEADER.CONTENT_TYPE.upper() else "" for _ in headers) or None
|
||||
|
||||
if (kb.postHint or conf.skipUrlEncode) and postUrlEncode:
|
||||
postUrlEncode = False
|
||||
|
||||
@@ -773,7 +773,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non
|
||||
if not isinstance(ex, _urllib.error.HTTPError) or ex.code == _http_client.UNAUTHORIZED:
|
||||
errMsg = "There has been a problem while connecting to the "
|
||||
errMsg += "REST-JSON API server at '%s' " % addr
|
||||
errMsg += "(%s)" % ex
|
||||
errMsg += "(%s)" % getSafeExString(ex)
|
||||
logger.critical(errMsg)
|
||||
return
|
||||
|
||||
@@ -825,7 +825,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non
|
||||
try:
|
||||
argv = ["sqlmap.py"] + shlex.split(command)[1:]
|
||||
except Exception as ex:
|
||||
logger.error("Error occurred while parsing arguments ('%s')" % ex)
|
||||
logger.error("Error occurred while parsing arguments ('%s')" % getSafeExString(ex))
|
||||
taskid = None
|
||||
continue
|
||||
|
||||
|
||||
@@ -636,7 +636,10 @@ def storeHashesToFile(attack_dict):
|
||||
|
||||
with openFile(filename, "w+") as f:
|
||||
for item in items:
|
||||
try:
|
||||
f.write(item)
|
||||
except (UnicodeError, TypeError):
|
||||
pass
|
||||
|
||||
def attackCachedUsersPasswords():
|
||||
if kb.data.cachedUsersPasswords:
|
||||
|
||||
@@ -51,7 +51,7 @@ class Takeover(GenericTakeover):
|
||||
|
||||
banVer = kb.bannerFp["dbmsVersion"]
|
||||
|
||||
if not banVer:
|
||||
if not banVer or not banVer[0].isdigit():
|
||||
errMsg = "unsupported feature on unknown version of PostgreSQL"
|
||||
raise SqlmapUnsupportedFeatureException(errMsg)
|
||||
elif distutils.version.LooseVersion(banVer) >= distutils.version.LooseVersion("10"):
|
||||
|
||||
@@ -363,14 +363,18 @@ class Databases(object):
|
||||
singleTimeLogMessage(infoMsg)
|
||||
continue
|
||||
|
||||
for _query, _count in ((rootQuery.blind.query, rootQuery.blind.count), (getattr(rootQuery.blind, "query2", None), getattr(rootQuery.blind, "count2", None))):
|
||||
if _query is None:
|
||||
break
|
||||
|
||||
infoMsg = "fetching number of tables for "
|
||||
infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB):
|
||||
query = rootQuery.blind.count
|
||||
if Backend.getIdentifiedDbms() not in (DBMS.SQLITE, DBMS.FIREBIRD, DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB):
|
||||
query = _count % unsafeSQLIdentificatorNaming(db)
|
||||
else:
|
||||
query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db)
|
||||
query = _count
|
||||
|
||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||
|
||||
@@ -378,12 +382,12 @@ class Databases(object):
|
||||
warnMsg = "database '%s' " % unsafeSQLIdentificatorNaming(db)
|
||||
warnMsg += "appears to be empty"
|
||||
logger.warn(warnMsg)
|
||||
continue
|
||||
break
|
||||
|
||||
elif not isNumPosStrValue(count):
|
||||
warnMsg = "unable to retrieve the number of "
|
||||
warnMsg += "tables for database '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||
logger.warn(warnMsg)
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
continue
|
||||
|
||||
tables = []
|
||||
@@ -393,15 +397,15 @@ class Databases(object):
|
||||
|
||||
for index in indexRange:
|
||||
if Backend.isDbms(DBMS.SYBASE):
|
||||
query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
|
||||
query = _query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.MAXDB, DBMS.ACCESS, DBMS.MCKOI, DBMS.EXTREMEDB):
|
||||
query = rootQuery.blind.query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
|
||||
query = _query % (kb.data.cachedTables[-1] if kb.data.cachedTables else " ")
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.FIREBIRD):
|
||||
query = rootQuery.blind.query % index
|
||||
query = _query % index
|
||||
elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.INFORMIX, DBMS.FRONTBASE, DBMS.VIRTUOSO):
|
||||
query = rootQuery.blind.query % (index, unsafeSQLIdentificatorNaming(db))
|
||||
query = _query % (index, unsafeSQLIdentificatorNaming(db))
|
||||
else:
|
||||
query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), index)
|
||||
query = _query % (unsafeSQLIdentificatorNaming(db), index)
|
||||
|
||||
table = unArrayizeValue(inject.getValue(query, union=False, error=False))
|
||||
|
||||
@@ -410,7 +414,11 @@ class Databases(object):
|
||||
table = safeSQLIdentificatorNaming(table, True)
|
||||
tables.append(table)
|
||||
|
||||
if tables:
|
||||
kb.data.cachedTables[db] = tables
|
||||
|
||||
if conf.getComments:
|
||||
for table in tables:
|
||||
_ = queries[Backend.getIdentifiedDbms()].table_comment
|
||||
if hasattr(_, "query"):
|
||||
if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.DERBY, DBMS.ALTIBASE):
|
||||
@@ -429,8 +437,7 @@ class Databases(object):
|
||||
warnMsg += "possible to get table comments"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
|
||||
if tables:
|
||||
kb.data.cachedTables[db] = tables
|
||||
break
|
||||
else:
|
||||
warnMsg = "unable to retrieve the table names "
|
||||
warnMsg += "for database '%s'" % unsafeSQLIdentificatorNaming(db)
|
||||
|
||||
Reference in New Issue
Block a user