mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-06 20:51:31 +00:00
Compare commits
79 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9c103b3dd6 | ||
|
7f62572f43 | ||
|
|
e846209b87 | ||
|
|
a246b8da5e | ||
|
|
70665c5d2b | ||
|
111620e395 | ||
|
|
2382d2654e | ||
|
|
4cdc3af585 | ||
|
|
212f28d1ad | ||
|
|
e1f7690de4 | ||
|
|
7e425d4c9b | ||
|
|
fe2042ea58 | ||
|
|
54e953d206 | ||
|
|
8c26c67ce9 | ||
|
c722f8e3bd | ||
|
|
521da5e734 | ||
|
|
43fba39366 | ||
|
|
afdaba76dc | ||
|
|
d98d64504c | ||
|
|
290058451d | ||
|
|
e7372a9512 | ||
|
864ab597c0 | ||
|
|
e8731e1af5 | ||
|
|
df4293473d | ||
|
|
90b444c927 | ||
|
|
99f07b64c5 | ||
|
|
07ae377987 | ||
|
|
4a355b99be | ||
|
|
7008361017 | ||
|
|
a14a3d0e54 | ||
|
3aae1849bb | ||
|
|
7d07976969 | ||
|
|
9dc1344478 | ||
|
|
e8e7d66356 | ||
|
|
2038512518 | ||
|
|
184454ba8e | ||
|
|
aacb360d46 | ||
|
|
5eaf1d2d27 | ||
|
|
be987815c9 | ||
|
|
fb3f428804 | ||
|
|
52f2faf2cf | ||
|
|
d5fb92ee42 | ||
|
|
cd76f8863b | ||
|
|
5b2c0f0d46 | ||
|
|
548d98e0af | ||
|
68c2180c59 | ||
|
|
e2f48a9346 | ||
|
|
582bb2fec9 | ||
|
|
9bdad4bcd5 | ||
|
|
e1a04a8201 | ||
|
|
7149991faf | ||
|
32acb1e4ff | ||
|
|
e91b1a0f97 | ||
|
|
439d1cce67 | ||
|
|
dcf304c65e | ||
|
|
f5ed2c0c97 | ||
|
|
dd55d97f77 | ||
|
|
445d69f678 | ||
|
|
02ff0eef88 | ||
|
|
acd5ef055a | ||
|
|
a2fcab448c | ||
|
|
0b775b6d1d | ||
|
|
b1881129b6 | ||
|
|
acae6e3e7c | ||
|
|
bacf18832a | ||
|
|
75905e0cd9 | ||
|
|
6aa4d9bdf1 | ||
|
|
90eeab68b9 | ||
|
|
22168204c2 | ||
|
|
63977ebdff | ||
|
|
e393e1b80e | ||
|
a4cf25c97d | ||
|
796173f81c | ||
|
|
5e18bf81b9 | ||
|
|
74f5518e62 | ||
|
|
74ecc72588 | ||
|
|
292cc5fe59 | ||
|
|
b528fc07f9 | ||
|
25d6479f91 |
2
.github/FUNDING.yml
vendored
2
.github/FUNDING.yml
vendored
@@ -1 +1 @@
|
||||
custom: 'https://www.paypal.com/donate?hosted_button_id=A34GMDLKA2V7G'
|
||||
github: sqlmapproject
|
||||
|
||||
@@ -55,7 +55,9 @@ Translations
|
||||
* [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md)
|
||||
* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md)
|
||||
* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md)
|
||||
* [Dutch](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-nl-NL.md)
|
||||
* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md)
|
||||
* [Georgian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ka-GE.md)
|
||||
* [German](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-de-GER.md)
|
||||
* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md)
|
||||
* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<!-- http://angrytools.com/bootstrap/editor/ -->
|
||||
<!-- https://angrytools.com/bootstrap/editor/ -->
|
||||
|
||||
<html lang="en">
|
||||
<head>
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<!--
|
||||
References:
|
||||
* https://en.wikipedia.org/wiki/Internet_Information_Services
|
||||
* http://distrowatch.com
|
||||
* https://distrowatch.com
|
||||
-->
|
||||
|
||||
<root>
|
||||
@@ -97,6 +97,10 @@
|
||||
<info type="Linux" distrib="CentOS" release="8"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.48 \(CentOS\)">
|
||||
<info type="Linux" distrib="CentOS" release="9"/>
|
||||
</regexp>
|
||||
|
||||
<!-- Apache: Debian -->
|
||||
|
||||
<regexp value="Apache/1\.0\.5 \(Unix\) Debian/GNU">
|
||||
@@ -444,8 +448,12 @@
|
||||
<info type="FreeBSD" release="11.3"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.51 \(FreeBSD\)">
|
||||
<info type="FreeBSD" release="12.3"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.46 \(FreeBSD\)">
|
||||
<info type="FreeBSD" release="12.2"/>
|
||||
<info type="FreeBSD" release="13.0"/>
|
||||
</regexp>
|
||||
|
||||
<!-- Apache: Mandrake / Mandriva -->
|
||||
@@ -764,7 +772,7 @@
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.43 \(Linux/SuSE\)">
|
||||
<info type="Linux" distrib="SuSE" release="15.2"/>
|
||||
<info type="Linux" distrib="SuSE" release="15.3"/>
|
||||
</regexp>
|
||||
|
||||
<!-- Apache: Ubuntu -->
|
||||
@@ -869,6 +877,10 @@
|
||||
<info type="Linux" distrib="Ubuntu" release="19.10|20.04|20.10" codename="eoan|focal"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Apache/2\.4\.46 \(Ubuntu\)">
|
||||
<info type="Linux" distrib="Ubuntu" release="21.04|21.10" codename="eoan|focal"/>
|
||||
</regexp>
|
||||
|
||||
<!-- Nginx -->
|
||||
|
||||
<regexp value="nginx$">
|
||||
|
||||
@@ -199,6 +199,7 @@
|
||||
<error regexp="io\.prestosql\.jdbc"/>
|
||||
<error regexp="com\.simba\.presto\.jdbc"/>
|
||||
<error regexp="UNION query has different number of fields: \d+, \d+"/>
|
||||
<error regexp="line \d+:\d+: mismatched input '[^']+'. Expecting:"/>
|
||||
</dbms>
|
||||
|
||||
<dbms value="Altibase">
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap e инструмент за тестване и проникване, с отворен код, който автоматизира процеса на откриване и използване на недостатъците на SQL база данните чрез SQL инжекция, която ги взима от сървъра. Снабден е с мощен детектор, множество специални функции за най-добрия тестер и широк спектър от функции, които могат да се използват за множество цели - извличане на данни от базата данни, достъп до основната файлова система и изпълняване на команди на операционната система.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap ist ein quelloffenes Penetrationstest Werkzeug, das die Entdeckung, Ausnutzung und Übernahme von SQL injection Schwachstellen automatisiert. Es kommt mit einer mächtigen Erkennungs-Engine, vielen Nischenfunktionen für den ultimativen Penetrationstester und einem breiten Spektrum an Funktionen von Datenbankerkennung, abrufen von Daten aus der Datenbank, zugreifen auf das unterliegende Dateisystem bis hin zur Befehlsausführung auf dem Betriebssystem mit Hilfe von out-of-band Verbindungen.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band".
|
||||
|
||||
|
||||
@@ -1,16 +1,16 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
|
||||
<div dir=rtl>
|
||||
|
||||
|
||||
|
||||
برنامه `sqlmap`، برنامهی منبع باز هست که برای تست نفوذ پذیزی دربرابر حملههای احتمالی `sql injection` (جلوگیری از لو رفتن پایگاه داده) جلو گیری میکند. این برنامه مجهز به مکانیزیم تشخیص قدرتمندی میباشد. همچنین داری طیف گستردهای از اسکریپت ها میباشد که برای متخصص تست نفوذ کار کردن با بانک اطلاعاتی را راحتر میکند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق `via out-of-band` درسیستم عامل را امکان پذیر میکند.
|
||||
برنامه `sqlmap`، یک برنامهی تست نفوذ منبع باز است که فرآیند تشخیص و اکسپلویت پایگاه های داده با مشکل امنیتی SQL Injection را بطور خودکار انجام می دهد. این برنامه مجهز به موتور تشخیص قدرتمندی میباشد. همچنین داری طیف گستردهای از اسکریپت ها میباشد که برای متخصصان تست نفوذ کار کردن با بانک اطلاعاتی را راحتر میکند. از جمع اوری اطلاعات درباره بانک داده تا دسترسی به داده های سیستم و اجرا دستورات از طریق ارتباط Out Of Band درسیستم عامل را امکان پذیر میکند.
|
||||
|
||||
|
||||
عکس
|
||||
تصویر محیط ابزار
|
||||
----
|
||||
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
|
||||
<div dir=rtl>
|
||||
|
||||
برای دیدن کردن از [مجموعهی از اسکریپتها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) میتوانید از ویکی دیدن کنید.
|
||||
برای نمایش [مجموعه ای از اسکریپتها](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) میتوانید از دانشنامه دیدن کنید.
|
||||
|
||||
|
||||
نصب
|
||||
@@ -32,11 +32,11 @@
|
||||
برای دانلود اخرین نسخه tarball، با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/tarball/master) یا دانلود اخرین نسخه zipball با کلیک در [اینجا](https://github.com/sqlmapproject/sqlmap/zipball/master) میتوانید این کار را انجام دهید.
|
||||
|
||||
|
||||
طرز استفاده
|
||||
نحوه استفاده
|
||||
----
|
||||
|
||||
|
||||
برای گرفتن لیست ارگومانهای اساسی میتوانید از دستور زیر استفاده کنید:
|
||||
برای دریافت لیست ارگومانهای اساسی میتوانید از دستور زیر استفاده کنید:
|
||||
|
||||
|
||||
|
||||
@@ -53,7 +53,7 @@
|
||||
<div dir=rtl>
|
||||
|
||||
|
||||
برای گرفتن لیست تمامی ارگومانهای میتوانید از دستور زیر استفاده کنید:
|
||||
برای دریافت لیست تمامی ارگومانها میتوانید از دستور زیر استفاده کنید:
|
||||
|
||||
<div dir=ltr>
|
||||
|
||||
@@ -66,7 +66,7 @@
|
||||
<div dir=rtl>
|
||||
|
||||
|
||||
برای اطلاعات بیشتر برای اجرا از [اینجا](https://asciinema.org/a/46601) میتوانید استفاده کنید. برای گرفتن اطلاعات بیشتر توسعه میشود به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید.
|
||||
برای اجرای سریع و ساده ابزار می توانید از [اینجا](https://asciinema.org/a/46601) استفاده کنید. برای دریافت اطلاعات بیشتر در رابطه با قابلیت ها ، امکانات قابل پشتیبانی و لیست کامل امکانات و دستورات همراه با مثال می توانید به [راهنمای](https://github.com/sqlmapproject/sqlmap/wiki/Usage) `sqlmap` سر بزنید.
|
||||
|
||||
|
||||
لینکها
|
||||
@@ -74,11 +74,11 @@
|
||||
|
||||
|
||||
* خانه: https://sqlmap.org
|
||||
* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) or [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* کایمت و نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* پیگری مشکلات: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* دانلود: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) یا [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* نظرات: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* پیگیری مشکلات: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* راهنمای کاربران: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* سوالات متداول: https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* تویتر: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* توییتر: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* رسانه: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* عکسها: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
* تصاویر: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
**sqlmap** est un outil Open Source de test d'intrusion. Cet outil permet d'automatiser le processus de détection et d'exploitation des failles d'injection SQL afin de prendre le contrôle des serveurs de base de données. __sqlmap__ dispose d'un puissant moteur de détection utilisant les techniques les plus récentes et les plus dévastatrices de tests d'intrusion comme L'Injection SQL, qui permet d'accéder à la base de données, au système de fichiers sous-jacent et permet aussi l'exécution des commandes sur le système d'exploitation.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap merupakan alat _(tool)_ bantu _open source_ dalam melakukan tes penetrasi yang mengotomasi proses deteksi dan eksploitasi kelemahan _SQL injection_ dan pengambil-alihan server basis data. sqlmap dilengkapi dengan pendeteksi canggih, fitur-fitur handal bagi _penetration tester_, beragam cara untuk mendeteksi basis data, hingga mengakses _file system_ dan mengeksekusi perintah dalam sistem operasi melalui koneksi _out-of-band_.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
r# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap è uno strumento open source per il penetration testing. Il suo scopo è quello di rendere automatico il processo di scoperta ed exploit di vulnerabilità di tipo SQL injection al fine di compromettere database online. Dispone di un potente motore per la ricerca di vulnerabilità, molti strumenti di nicchia anche per il più esperto penetration tester ed un'ampia gamma di controlli che vanno dal fingerprinting di database allo scaricamento di dati, fino all'accesso al file system sottostante e l'esecuzione di comandi nel sistema operativo attraverso connessioni out-of-band.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmapはオープンソースのペネトレーションテスティングツールです。SQLインジェクションの脆弱性の検出、活用、そしてデータベースサーバ奪取のプロセスを自動化します。
|
||||
強力な検出エンジン、ペネトレーションテスターのための多くのニッチ機能、持続的なデータベースのフィンガープリンティングから、データベースのデータ取得やアウトオブバンド接続を介したオペレーティング・システム上でのコマンド実行、ファイルシステムへのアクセスなどの広範囲に及ぶスイッチを提供します。
|
||||
@@ -23,19 +23,19 @@ wikiに載っているいくつかの機能のデモをスクリーンショッ
|
||||
|
||||
sqlmapは、 [Python](https://www.python.org/download/) バージョン **2.6**, **2.7** または **3.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。
|
||||
|
||||
使用法
|
||||
使用方法
|
||||
----
|
||||
|
||||
基本的なオプションとスイッチの使用法をリストするには:
|
||||
基本的なオプションとスイッチの使用方法をリストで取得するには:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
全てのオプションとスイッチの使用法をリストするには:
|
||||
全てのオプションとスイッチの使用方法をリストで取得するには:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
実行例を [こちら](https://asciinema.org/a/46601) で見ることができます。
|
||||
sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。
|
||||
sqlmapの概要、機能の一覧、全てのオプションやスイッチの使用方法を例とともに、 [ユーザーマニュアル](https://github.com/sqlmapproject/sqlmap/wiki/Usage) で確認することができます。
|
||||
|
||||
リンク
|
||||
----
|
||||
|
||||
49
doc/translations/README-ka-GE.md
Normal file
49
doc/translations/README-ka-GE.md
Normal file
@@ -0,0 +1,49 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap არის შეღწევადობის ტესტირებისათვის განკუთვილი ინსტრუმენტი, რომლის კოდიც ღიად არის ხელმისაწვდომი. ინსტრუმენტი ახდენს SQL-ინექციის სისუსტეების აღმოჩენისა, გამოყენების და მონაცემთა ბაზათა სერვერების დაუფლების პროცესების ავტომატიზაციას. იგი აღჭურვილია მძლავრი აღმომჩენი მექანიძმით, შეღწევადობის პროფესიონალი ტესტერისათვის შესაფერისი ბევრი ფუნქციით და სკრიპტების ფართო სპექტრით, რომლებიც შეიძლება გამოყენებულ იქნეს მრავალი მიზნით, მათ შორის: მონაცემთა ბაზიდან მონაცემების შეგროვებისათვის, ძირითად საფაილო სისტემაზე წვდომისათვის და out-of-band კავშირების გზით ოპერაციულ სისტემაში ბრძანებათა შესრულებისათვის.
|
||||
|
||||
ეკრანის ანაბეჭდები
|
||||
----
|
||||
|
||||
|
||||
|
||||
შეგიძლიათ ესტუმროთ [ეკრანის ანაბეჭდთა კოლექციას](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), სადაც დემონსტრირებულია ინსტრუმენტის ზოგიერთი ფუნქცია.
|
||||
|
||||
ინსტალაცია
|
||||
----
|
||||
|
||||
თქვენ შეგიძლიათ უახლესი tar-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/tarball/master) დაწკაპუნებით, ან უახლესი zip-არქივის ჩამოტვირთვა [აქ](https://github.com/sqlmapproject/sqlmap/zipball/master) დაწკაპუნებით.
|
||||
|
||||
ასევე შეგიძლიათ (და სასურველია) sqlmap-ის ჩამოტვირთვა [Git](https://github.com/sqlmapproject/sqlmap)-საცავის (repository) კლონირებით:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap ნებისმიერ პლატფორმაზე მუშაობს [Python](https://www.python.org/download/)-ის **2.6**, **2.7** და **3.x** ვერსიებთან.
|
||||
|
||||
გამოყენება
|
||||
----
|
||||
|
||||
ძირითადი ვარიანტებისა და პარამეტრების ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
ვარიანტებისა და პარამეტრების სრული ჩამონათვალის მისაღებად გამოიყენეთ ბრძანება:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
გამოყენების მარტივი მაგალითი შეგიძლიათ იხილოთ [აქ](https://asciinema.org/a/46601). sqlmap-ის შესაძლებლობათა მიმოხილვის, მხარდაჭერილი ფუნქციონალისა და ყველა ვარიანტის აღწერების მისაღებად გამოყენების მაგალითებთან ერთად, გირჩევთ, იხილოთ [მომხმარებლის სახელმძღვანელო](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
ბმულები
|
||||
----
|
||||
|
||||
* საწყისი გვერდი: https://sqlmap.org
|
||||
* ჩამოტვირთვა: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) ან [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* RSS არხი: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* პრობლემებისათვის თვალყურის დევნება: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* მომხმარებლის სახელმძღვანელო: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* ხშირად დასმული კითხვები (ხდკ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* დემონსტრაციები: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* ეკრანის ანაბეჭდები: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap은 SQL 인젝션 결함 탐지 및 활용, 데이터베이스 서버 장악 프로세스를 자동화 하는 오픈소스 침투 테스팅 도구입니다. 최고의 침투 테스터, 데이터베이스 핑거프린팅 부터 데이터베이스 데이터 읽기, 대역 외 연결을 통한 기반 파일 시스템 접근 및 명령어 실행에 걸치는 광범위한 스위치들을 위한 강력한 탐지 엔진과 다수의 편리한 기능이 탑재되어 있습니다.
|
||||
|
||||
|
||||
50
doc/translations/README-nl-NL.md
Normal file
50
doc/translations/README-nl-NL.md
Normal file
@@ -0,0 +1,50 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap is een open source penetratie test tool dat het proces automatiseert van het detecteren en exploiteren van SQL injectie fouten en het overnemen van database servers. Het wordt geleverd met een krachtige detectie-engine, vele niche-functies voor de ultieme penetratietester, en een breed scala aan switches, waaronder database fingerprinting, het overhalen van gegevens uit de database, toegang tot het onderliggende bestandssysteem, en het uitvoeren van commando's op het besturingssysteem via out-of-band verbindingen.
|
||||
|
||||
Screenshots
|
||||
----
|
||||
|
||||
|
||||
|
||||
Je kunt de [collectie met screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) bezoeken voor een demonstratie van sommige functies in the wiki.
|
||||
|
||||
Installatie
|
||||
----
|
||||
|
||||
Je kunt de laatste tarball installeren door [hier](https://github.com/sqlmapproject/sqlmap/tarball/master) te klikken of de laatste zipball door [hier](https://github.com/sqlmapproject/sqlmap/zipball/master) te klikken.
|
||||
|
||||
Bij voorkeur, kun je sqlmap downloaden door de [Git](https://github.com/sqlmapproject/sqlmap) repository te clonen:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap werkt op alle platformen met de volgende [Python](https://www.python.org/download/) versies: **2.6**, **2.7** en **3.x**.
|
||||
|
||||
Gebruik
|
||||
----
|
||||
|
||||
Om een lijst van basisopties en switches te krijgen gebruik:
|
||||
|
||||
python sqlmap.py -h
|
||||
|
||||
Om een lijst van alle opties en switches te krijgen gebruik:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
Je kunt [hier](https://asciinema.org/a/46601) een proefrun vinden.
|
||||
Voor een overzicht van de mogelijkheden van sqlmap, een lijst van ondersteunde functies, en een beschrijving van alle opties en switches, samen met voorbeelden, wordt u aangeraden de [gebruikershandleiding](https://github.com/sqlmapproject/sqlmap/wiki/Usage) te raadplegen.
|
||||
|
||||
Links
|
||||
----
|
||||
|
||||
* Homepage: https://sqlmap.org
|
||||
* Download: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) of [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master)
|
||||
* RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom
|
||||
* Probleem tracker: https://github.com/sqlmapproject/sqlmap/issues
|
||||
* Gebruikers handleiding: https://github.com/sqlmapproject/sqlmap/wiki
|
||||
* Vaak gestelde vragen (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ
|
||||
* Twitter: [@sqlmap](https://twitter.com/sqlmap)
|
||||
* Demos: [https://www.youtube.com/user/inquisb/videos](https://www.youtube.com/user/inquisb/videos)
|
||||
* Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
@@ -1,20 +1,20 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z nich danych, a nawet pozwalającuch na dostęp do systemu plików o uruchamianie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.
|
||||
sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z nich danych, a nawet pozwalających na dostęp do systemu plików o uruchamianie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.
|
||||
|
||||
Zrzuty ekranowe
|
||||
----
|
||||
|
||||
|
||||
|
||||
Możesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstruującą na wiki niektóre możliwości.
|
||||
Możesz odwiedzić [kolekcję zrzutów](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) demonstrującą na wiki niektóre możliwości.
|
||||
|
||||
Instalacja
|
||||
----
|
||||
|
||||
Najnowsze tarball archiwum jest dostępne po klikcięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master).
|
||||
Najnowsze tarball archiwum jest dostępne po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/tarball/master) lub najnowsze zipball archiwum po kliknięciu [tutaj](https://github.com/sqlmapproject/sqlmap/zipball/master).
|
||||
|
||||
Można również pobrać sqlmap klonując rezozytorium [Git](https://github.com/sqlmapproject/sqlmap):
|
||||
|
||||
@@ -33,8 +33,8 @@ Aby uzyskać listę wszystkich funkcji i parametrów użyj polecenia:
|
||||
|
||||
python sqlmap.py -hh
|
||||
|
||||
Przykładowy wynik działania dostępny [tutaj](https://asciinema.org/a/46601).
|
||||
Aby uzyskać listę wszystkich dostępnych fukcji, parametrów i opisów ich działania wraz z przykładami użycia sqlnap proponujemy odwiedzić [instrukjcę użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
Przykładowy wynik działania dostępny jest [tutaj](https://asciinema.org/a/46601).
|
||||
Aby uzyskać listę wszystkich dostępnych funkcji, parametrów i opisów ich działania wraz z przykładami użycia sqlmap proponujemy odwiedzić [instrukcję użytkowania](https://github.com/sqlmapproject/sqlmap/wiki/Usage).
|
||||
|
||||
Odnośniki
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap é uma ferramenta de teste de intrusão, de código aberto, que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de intrusão por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap je alat otvorenog koda namenjen za penetraciono testiranje koji automatizuje proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije i preuzimanje baza podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko uzimanja podataka iz baze, do pristupa zahvaćenom fajl sistemu i izvršavanja komandi na operativnom sistemu korištenjem tzv. "out-of-band" veza.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap - это инструмент для тестирования уязвимостей с открытым исходным кодом, который автоматизирует процесс обнаружения и использования ошибок SQL-инъекций и захвата серверов баз данных. Он оснащен мощным механизмом обнаружения, множеством приятных функций для профессионального тестера уязвимостей и широким спектром скриптов, которые упрощают работу с базами данных, от сбора данных из базы данных, до доступа к базовой файловой системе и выполнения команд в операционной системе через out-of-band соединение.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek bir çok aracı, -uzak veritabınınından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi - işlevleri de barındırmaktadır.
|
||||
|
||||
@@ -11,7 +11,7 @@ Ekran görüntüleri
|
||||
|
||||
|
||||
|
||||
İsterseniz özelliklerin tanıtımının yapıldığı [collection of screenshots](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz.
|
||||
İsterseniz özelliklerin tanıtımının yapıldığı [ekran görüntüleri](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) sayfasını ziyaret edebilirsiniz.
|
||||
|
||||
|
||||
Kurulum
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap - це інструмент для тестування вразливостей з відкритим сирцевим кодом, який автоматизує процес виявлення і використання дефектів SQL-ін'єкцій, а також захоплення серверів баз даних. Він оснащений потужним механізмом виявлення, безліччю приємних функцій для професійного тестувальника вразливостей і широким спектром скриптів, які спрощують роботу з базами даних - від відбитка бази даних до доступу до базової файлової системи та виконання команд в операційній системі через out-of-band з'єднання.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng tiêm SQL và tiếp quản các máy chủ cơ sở dữ liệu. Nó đi kèm với
|
||||
một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện cơ sở dữ liệu, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập tệp của hệ thống và thực hiện các lệnh trên hệ điều hành từ xa.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap
|
||||
# sqlmap 
|
||||
|
||||
[](https://travis-ci.org/sqlmapproject/sqlmap) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://badge.fury.io/py/sqlmap) [](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [](https://twitter.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://twitter.com/sqlmap)
|
||||
|
||||
sqlmap 是一个开源的渗透测试工具,可以用来自动化的检测,利用SQL注入漏洞,获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项,包括获取数据库中存储的数据,访问操作系统文件甚至可以通过带外数据连接的方式执行操作系统命令。
|
||||
|
||||
|
||||
Binary file not shown.
Binary file not shown.
@@ -81,7 +81,7 @@ cat > README.rst << "EOF"
|
||||
sqlmap
|
||||
======
|
||||
|
||||
|Build Status| |Python 2.6|2.7|3.x| |License| |Twitter|
|
||||
|Python 2.6|2.7|3.x| |License| |Twitter|
|
||||
|
||||
sqlmap is an open source penetration testing tool that automates the
|
||||
process of detecting and exploiting SQL injection flaws and taking over
|
||||
|
||||
@@ -271,15 +271,18 @@ def checkSqlInjection(place, parameter, value):
|
||||
logger.debug(debugMsg)
|
||||
continue
|
||||
|
||||
if kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True):
|
||||
elif kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True):
|
||||
debugMsg = "skipping test '%s' because " % title
|
||||
debugMsg += "its declared DBMS is different than provided"
|
||||
logger.debug(debugMsg)
|
||||
continue
|
||||
|
||||
elif kb.reduceTests == False:
|
||||
pass
|
||||
|
||||
# Skip DBMS-specific test if it does not match the
|
||||
# previously identified DBMS (via DBMS-specific payload)
|
||||
if injection.dbms and not intersect(payloadDbms, injection.dbms, True):
|
||||
elif injection.dbms and not intersect(payloadDbms, injection.dbms, True):
|
||||
debugMsg = "skipping test '%s' because " % title
|
||||
debugMsg += "its declared DBMS is different than identified"
|
||||
logger.debug(debugMsg)
|
||||
@@ -287,7 +290,7 @@ def checkSqlInjection(place, parameter, value):
|
||||
|
||||
# Skip DBMS-specific test if it does not match the
|
||||
# previously identified DBMS (via DBMS-specific error message)
|
||||
if kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True):
|
||||
elif kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True):
|
||||
debugMsg = "skipping test '%s' because the heuristic " % title
|
||||
debugMsg += "tests showed that the back-end DBMS "
|
||||
debugMsg += "could be '%s'" % unArrayizeValue(kb.reduceTests)
|
||||
@@ -810,7 +813,7 @@ def checkSqlInjection(place, parameter, value):
|
||||
|
||||
except KeyboardInterrupt:
|
||||
warnMsg = "user aborted during detection phase"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if conf.multipleTargets:
|
||||
msg = "how do you want to proceed? [ne(X)t target/(s)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]"
|
||||
@@ -826,7 +829,7 @@ def checkSqlInjection(place, parameter, value):
|
||||
choice = None
|
||||
while not ((choice or "").isdigit() and 0 <= int(choice) <= 6):
|
||||
if choice:
|
||||
logger.warn("invalid value")
|
||||
logger.warning("invalid value")
|
||||
msg = "enter new verbosity level: [0-6] "
|
||||
choice = readInput(msg, default=str(conf.verbose), checkBatch=False)
|
||||
conf.verbose = int(choice)
|
||||
@@ -851,7 +854,7 @@ def checkSqlInjection(place, parameter, value):
|
||||
warnMsg = "in OR boolean-based injection cases, please consider usage "
|
||||
warnMsg += "of switch '--drop-set-cookie' if you experience any "
|
||||
warnMsg += "problems during data retrieval"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if not checkFalsePositives(injection):
|
||||
if conf.hostname in kb.vulnHosts:
|
||||
@@ -976,7 +979,7 @@ def checkFalsePositives(injection):
|
||||
|
||||
if not retVal:
|
||||
warnMsg = "false positive or unexploitable injection point detected"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
kb.injection = popValue()
|
||||
|
||||
@@ -1002,7 +1005,7 @@ def checkSuhosinPatch(injection):
|
||||
warnMsg = "parameter length constraining "
|
||||
warnMsg += "mechanism detected (e.g. Suhosin patch). "
|
||||
warnMsg += "Potential problems in enumeration phase can be expected"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
kb.injection = popValue()
|
||||
|
||||
@@ -1023,7 +1026,7 @@ def checkFilteredChars(injection):
|
||||
warnMsg += "filtered by the back-end server. There is a strong "
|
||||
warnMsg += "possibility that sqlmap won't be able to properly "
|
||||
warnMsg += "exploit this vulnerability"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
# inference techniques depend on character '>'
|
||||
if not any(_ in injection.data for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.QUERY)):
|
||||
@@ -1031,7 +1034,7 @@ def checkFilteredChars(injection):
|
||||
warnMsg = "it appears that the character '>' is "
|
||||
warnMsg += "filtered by the back-end server. You are strongly "
|
||||
warnMsg += "advised to rerun with the '--tamper=between'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
kb.injection = popValue()
|
||||
|
||||
@@ -1122,7 +1125,7 @@ def heuristicCheckSqlInjection(place, parameter):
|
||||
|
||||
else:
|
||||
infoMsg += "not be injectable"
|
||||
logger.warn(infoMsg)
|
||||
logger.warning(infoMsg)
|
||||
|
||||
kb.heuristicMode = True
|
||||
kb.disableHtmlDecoding = True
|
||||
@@ -1230,7 +1233,7 @@ def checkDynamicContent(firstPage, secondPage):
|
||||
if count > conf.retries:
|
||||
warnMsg = "target URL content appears to be too dynamic. "
|
||||
warnMsg += "Switching to '--text-only' "
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
conf.textOnly = True
|
||||
return
|
||||
@@ -1288,7 +1291,7 @@ def checkStability():
|
||||
warnMsg += "injectable parameters are detected, or in case of "
|
||||
warnMsg += "junk results, refer to user's manual paragraph "
|
||||
warnMsg += "'Page comparison'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] "
|
||||
choice = readInput(message, default='C').upper()
|
||||
@@ -1367,11 +1370,10 @@ def checkWaf():
|
||||
retVal = False
|
||||
payload = "%d %s" % (randomInt(), IPS_WAF_CHECK_PAYLOAD)
|
||||
|
||||
place = PLACE.GET
|
||||
if PLACE.URI in conf.parameters:
|
||||
place = PLACE.POST
|
||||
value = "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))
|
||||
else:
|
||||
place = PLACE.GET
|
||||
value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
|
||||
value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))
|
||||
|
||||
@@ -1514,7 +1516,7 @@ def checkConnection(suppressOutput=False):
|
||||
warnMsg = "you provided '%s' as the string to " % conf.string
|
||||
warnMsg += "match, but such a string is not within the target "
|
||||
warnMsg += "URL raw response, sqlmap will carry on anyway"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if conf.regexp:
|
||||
infoMsg = "testing if the provided regular expression matches within "
|
||||
@@ -1525,7 +1527,7 @@ def checkConnection(suppressOutput=False):
|
||||
warnMsg = "you provided '%s' as the regular expression " % conf.regexp
|
||||
warnMsg += "which does not have any match within the target URL raw response. sqlmap "
|
||||
warnMsg += "will carry on anyway"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
kb.errorIsNone = False
|
||||
|
||||
@@ -1540,12 +1542,12 @@ def checkConnection(suppressOutput=False):
|
||||
elif wasLastResponseDBMSError():
|
||||
warnMsg = "there is a DBMS error found in the HTTP response body "
|
||||
warnMsg += "which could interfere with the results of the tests"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
elif wasLastResponseHTTPError():
|
||||
if getLastRequestHTTPError() not in (conf.ignoreCode or []):
|
||||
warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError()
|
||||
warnMsg += "which could interfere with the results of the tests"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
kb.errorIsNone = True
|
||||
|
||||
|
||||
@@ -186,12 +186,12 @@ def _showInjections():
|
||||
if conf.tamper:
|
||||
warnMsg = "changes made by tampering scripts are not "
|
||||
warnMsg += "included in shown payload content(s)"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if conf.hpp:
|
||||
warnMsg = "changes made by HTTP parameter pollution are not "
|
||||
warnMsg += "included in shown payload content(s)"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def _randomFillBlankFields(value):
|
||||
retVal = value
|
||||
@@ -496,7 +496,7 @@ def start():
|
||||
if skip:
|
||||
continue
|
||||
|
||||
if place not in conf.paramDict:
|
||||
if place not in conf.paramDict or place not in conf.parameters:
|
||||
continue
|
||||
|
||||
paramDict = conf.paramDict[place]
|
||||
@@ -556,7 +556,7 @@ def start():
|
||||
|
||||
if not check:
|
||||
warnMsg = "%sparameter '%s' does not appear to be dynamic" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if conf.skipStatic:
|
||||
infoMsg = "skipping static %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||
@@ -612,7 +612,7 @@ def start():
|
||||
|
||||
if not injectable:
|
||||
warnMsg = "%sparameter '%s' does not seem to be injectable" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
finally:
|
||||
if place == PLACE.COOKIE:
|
||||
@@ -709,7 +709,7 @@ def start():
|
||||
|
||||
if conf.multipleTargets:
|
||||
warnMsg = "user aborted in multiple target mode"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
message = "do you want to skip to the next target in list? [Y/n/q]"
|
||||
choice = readInput(message, default='Y').upper()
|
||||
@@ -749,7 +749,7 @@ def start():
|
||||
warnMsg = "it appears that the target "
|
||||
warnMsg += "has a maximum connections "
|
||||
warnMsg += "constraint"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if kb.dataOutputFlag and not conf.multipleTargets:
|
||||
logger.info("fetched data logged to text files under '%s'" % conf.outputPath)
|
||||
|
||||
@@ -129,10 +129,12 @@ class Agent(object):
|
||||
if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
|
||||
origValue = re.split(r"['\">]", origValue)[-1]
|
||||
elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
|
||||
origValue = extractRegexResult(r"(?s)\"\s*:\s*(?P<result>\d+\Z)", origValue) or extractRegexResult(r'(?s)[\s:]*(?P<result>[^"\[,]+\Z)', origValue)
|
||||
match = re.search(r"['\"]", origValue)
|
||||
quote = match.group(0) if match else '"'
|
||||
origValue = extractRegexResult(r"%s\s*:\s*(?P<result>\d+)\Z" % quote, origValue) or extractRegexResult(r"(?P<result>[^%s]*)\Z" % quote, origValue)
|
||||
else:
|
||||
_ = extractRegexResult(r"(?s)(?P<result>[^\s<>{}();'\"&]+\Z)", origValue) or ""
|
||||
origValue = _.split('=', 1)[1] if '=' in _ else ""
|
||||
origValue = _.split('=', 1)[1] if '=' in _ else _
|
||||
elif place == PLACE.CUSTOM_HEADER:
|
||||
paramString = origValue
|
||||
origValue = origValue[origValue.find(',') + 1:]
|
||||
@@ -194,9 +196,9 @@ class Agent(object):
|
||||
if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
|
||||
_ = "%s%s" % (origValue, kb.customInjectionMark)
|
||||
|
||||
if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and '"%s"' % _ not in paramString:
|
||||
if kb.postHint == POST_HINT.JSON and isNumber(origValue) and not isNumber(newValue) and '"%s"' % _ not in paramString:
|
||||
newValue = '"%s"' % self.addPayloadDelimiters(newValue)
|
||||
elif kb.postHint == POST_HINT.JSON_LIKE and not isNumber(newValue) and re.search(r"['\"]%s['\"]" % re.escape(_), paramString) is None:
|
||||
elif kb.postHint == POST_HINT.JSON_LIKE and isNumber(origValue) and not isNumber(newValue) and re.search(r"['\"]%s['\"]" % re.escape(_), paramString) is None:
|
||||
newValue = "'%s'" % self.addPayloadDelimiters(newValue)
|
||||
else:
|
||||
newValue = self.addPayloadDelimiters(newValue)
|
||||
@@ -398,7 +400,7 @@ class Agent(object):
|
||||
"""
|
||||
|
||||
if payload:
|
||||
for match in re.finditer(r"%s(.*?)%s" % (BOUNDED_BASE64_MARKER, BOUNDED_BASE64_MARKER), payload):
|
||||
for match in re.finditer(r"(?s)%s(.*?)%s" % (BOUNDED_BASE64_MARKER, BOUNDED_BASE64_MARKER), payload):
|
||||
_ = encodeBase64(match.group(1), binary=False, encoding=conf.encoding or UNICODE_ENCODING, safe=conf.base64Safe)
|
||||
payload = payload.replace(match.group(0), _)
|
||||
|
||||
@@ -416,6 +418,11 @@ class Agent(object):
|
||||
payload = re.sub(r"(?i)\bMID\(", "SUBSTR(", payload)
|
||||
payload = re.sub(r"(?i)\bNCHAR\b", "CHAR", payload)
|
||||
|
||||
# NOTE: https://github.com/sqlmapproject/sqlmap/issues/5057
|
||||
match = re.search(r"(=0x)(303a303a)3(\d{2,})", payload)
|
||||
if match:
|
||||
payload = payload.replace(match.group(0), "%s%s%s" % (match.group(1), match.group(2).upper(), "".join("3%s" % _ for _ in match.group(3))))
|
||||
|
||||
return payload
|
||||
|
||||
def getComment(self, request):
|
||||
|
||||
@@ -104,6 +104,7 @@ from lib.core.log import LOGGER_HANDLER
|
||||
from lib.core.optiondict import optDict
|
||||
from lib.core.settings import BANNER
|
||||
from lib.core.settings import BOLD_PATTERNS
|
||||
from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
|
||||
from lib.core.settings import BOUNDED_INJECTION_MARKER
|
||||
from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
|
||||
from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES
|
||||
@@ -350,7 +351,7 @@ class Backend(object):
|
||||
elif kb.dbms is not None and kb.dbms != dbms:
|
||||
warnMsg = "there appears to be a high probability that "
|
||||
warnMsg += "this could be a false positive case"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
msg = "sqlmap previously fingerprinted back-end DBMS as "
|
||||
msg += "%s. However now it has been fingerprinted " % kb.dbms
|
||||
@@ -370,7 +371,7 @@ class Backend(object):
|
||||
break
|
||||
else:
|
||||
warnMsg = "invalid value"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
elif kb.dbms is None:
|
||||
kb.dbms = aliasToDbmsEnum(dbms)
|
||||
@@ -428,7 +429,7 @@ class Backend(object):
|
||||
break
|
||||
else:
|
||||
warnMsg = "invalid value"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
elif kb.os is None and isinstance(os, six.string_types):
|
||||
kb.os = os.capitalize()
|
||||
@@ -465,7 +466,7 @@ class Backend(object):
|
||||
break
|
||||
else:
|
||||
warnMsg = "invalid value. Valid values are 1 and 2"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return kb.arch
|
||||
|
||||
@@ -589,7 +590,7 @@ class Backend(object):
|
||||
def isVersionGreaterOrEqualThan(version):
|
||||
retVal = False
|
||||
|
||||
if Backend.getVersion() is not None and version is not None:
|
||||
if all(_ not in (None, UNKNOWN_DBMS_VERSION) for _ in (Backend.getVersion(), version)):
|
||||
_version = unArrayizeValue(Backend.getVersion())
|
||||
_version = re.sub(r"[<>= ]", "", _version)
|
||||
|
||||
@@ -662,7 +663,7 @@ def paramToDict(place, parameters=None):
|
||||
warnMsg += "chars/statements from manual SQL injection test(s). "
|
||||
warnMsg += "Please, always use only valid parameter values "
|
||||
warnMsg += "so sqlmap could be able to run properly"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
message = "are you really sure that you want to continue (sqlmap could have problems)? [y/N] "
|
||||
|
||||
@@ -672,7 +673,7 @@ def paramToDict(place, parameters=None):
|
||||
warnMsg = "provided value for parameter '%s' is empty. " % parameter
|
||||
warnMsg += "Please, always use only valid parameter values "
|
||||
warnMsg += "so sqlmap could be able to run properly"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if place in (PLACE.POST, PLACE.GET):
|
||||
for regex in (r"\A((?:<[^>]+>)+\w+)((?:<[^>]+>)+)\Z", r"\A([^\w]+.*\w+)([^\w]+)\Z"):
|
||||
@@ -737,7 +738,7 @@ def paramToDict(place, parameters=None):
|
||||
if len(conf.testParameter) > 1:
|
||||
warnMsg = "provided parameters '%s' " % paramStr
|
||||
warnMsg += "are not inside the %s" % place
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
parameter = conf.testParameter[0]
|
||||
|
||||
@@ -762,7 +763,7 @@ def paramToDict(place, parameters=None):
|
||||
if len(decoded) > MIN_ENCODED_LEN_CHECK and all(_ in getBytes(string.printable) for _ in decoded):
|
||||
warnMsg = "provided parameter '%s' " % parameter
|
||||
warnMsg += "appears to be '%s' encoded" % encoding
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
break
|
||||
except:
|
||||
pass
|
||||
@@ -813,7 +814,7 @@ def getManualDirectories():
|
||||
else:
|
||||
warnMsg = "unable to automatically retrieve the web server "
|
||||
warnMsg += "document root"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
directories = []
|
||||
|
||||
@@ -899,7 +900,7 @@ def getAutoDirectories():
|
||||
retVal.add(directory)
|
||||
else:
|
||||
warnMsg = "unable to automatically parse any web server path"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return list(retVal)
|
||||
|
||||
@@ -1384,6 +1385,38 @@ def banner():
|
||||
|
||||
dataToStdout(result, forceOutput=True)
|
||||
|
||||
def parseJson(content):
|
||||
"""
|
||||
This function parses POST_HINT.JSON and POST_HINT.JSON_LIKE content
|
||||
|
||||
>>> parseJson("{'id':1}")["id"] == 1
|
||||
True
|
||||
>>> parseJson('{"id":1}')["id"] == 1
|
||||
True
|
||||
"""
|
||||
|
||||
quote = None
|
||||
retVal = None
|
||||
|
||||
for regex in (r"'[^']+'\s*:", r'"[^"]+"\s*:'):
|
||||
match = re.search(regex, content)
|
||||
if match:
|
||||
quote = match.group(0)[0]
|
||||
|
||||
try:
|
||||
if quote == '"':
|
||||
retVal = json.loads(content)
|
||||
elif quote == "'":
|
||||
content = content.replace('"', '\\"')
|
||||
content = content.replace("\\'", BOUNDARY_BACKSLASH_MARKER)
|
||||
content = content.replace("'", '"')
|
||||
content = content.replace(BOUNDARY_BACKSLASH_MARKER, "'")
|
||||
retVal = json.loads(content)
|
||||
except:
|
||||
pass
|
||||
|
||||
return retVal
|
||||
|
||||
def parsePasswordHash(password):
|
||||
"""
|
||||
In case of Microsoft SQL Server password hash value is expanded to its components
|
||||
@@ -1604,7 +1637,7 @@ def parseTargetDirect():
|
||||
if remote:
|
||||
warnMsg = "direct connection over the network for "
|
||||
warnMsg += "%s DBMS is not supported" % dbmsName
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
conf.hostname = "localhost"
|
||||
conf.port = 0
|
||||
@@ -1867,7 +1900,7 @@ def parseUnionPage(page):
|
||||
if re.search(r"(?si)\A%s.*%s\Z" % (kb.chars.start, kb.chars.stop), page):
|
||||
if len(page) > LARGE_OUTPUT_THRESHOLD:
|
||||
warnMsg = "large output detected. This might take a while"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
data = BigArray()
|
||||
keys = set()
|
||||
@@ -2756,7 +2789,7 @@ def wasLastResponseDelayed():
|
||||
if len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES:
|
||||
warnMsg = "time-based standard deviation method used on a model "
|
||||
warnMsg += "with less than %d response times" % MIN_TIME_RESPONSES
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
lowerStdLimit = average(kb.responseTimes[kb.responseTimeMode]) + TIME_STDEV_COEFF * deviation
|
||||
retVal = (threadData.lastQueryDuration >= max(MIN_VALID_DELAYED_RESPONSE, lowerStdLimit))
|
||||
@@ -3079,6 +3112,8 @@ def extractRegexResult(regex, content, flags=0):
|
||||
|
||||
>>> extractRegexResult(r'a(?P<result>[^g]+)g', 'abcdefg')
|
||||
'bcdef'
|
||||
>>> extractRegexResult(r'a(?P<result>[^g]+)g', 'ABCDEFG', re.I)
|
||||
'BCDEF'
|
||||
"""
|
||||
|
||||
retVal = None
|
||||
@@ -3558,7 +3593,7 @@ def initTechnique(technique=None):
|
||||
else:
|
||||
warnMsg = "there is no injection data available for technique "
|
||||
warnMsg += "'%s'" % enumValueToNameLookup(PAYLOAD.TECHNIQUE, technique)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
except SqlmapDataException:
|
||||
errMsg = "missing data in old session file(s). "
|
||||
@@ -3673,7 +3708,7 @@ def getSortedInjectionTests():
|
||||
if test.stype == PAYLOAD.TECHNIQUE.UNION:
|
||||
retVal = SORT_ORDER.LAST
|
||||
|
||||
elif "details" in test and "dbms" in test.details:
|
||||
elif "details" in test and "dbms" in (test.details or {}):
|
||||
if intersect(test.details.dbms, Backend.getIdentifiedDbms()):
|
||||
retVal = SORT_ORDER.SECOND
|
||||
else:
|
||||
@@ -3709,7 +3744,7 @@ def showHttpErrorCodes():
|
||||
if kb.httpErrorCodes:
|
||||
warnMsg = "HTTP error codes detected during run:\n"
|
||||
warnMsg += ", ".join("%d (%s) - %d times" % (code, _http_client.responses[code] if code in _http_client.responses else '?', count) for code, count in kb.httpErrorCodes.items())
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
if any((str(_).startswith('4') or str(_).startswith('5')) and _ != _http_client.INTERNAL_SERVER_ERROR and _ != kb.originalCode for _ in kb.httpErrorCodes):
|
||||
msg = "too many 4xx and/or 5xx HTTP error codes "
|
||||
msg += "could mean that some kind of protection is involved (e.g. WAF)"
|
||||
@@ -3937,7 +3972,7 @@ def createGithubIssue(errMsg, excMsg):
|
||||
if closed:
|
||||
warnMsg += " and resolved. Please update to the latest "
|
||||
warnMsg += "development version from official GitHub repository at '%s'" % GIT_PAGE
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
return
|
||||
except:
|
||||
pass
|
||||
@@ -3967,7 +4002,7 @@ def createGithubIssue(errMsg, excMsg):
|
||||
warnMsg += " ('%s')" % _excMsg
|
||||
if "Unauthorized" in warnMsg:
|
||||
warnMsg += ". Please update to the latest revision"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def maskSensitiveData(msg):
|
||||
"""
|
||||
@@ -4360,7 +4395,7 @@ def expandMnemonics(mnemonics, parser, args):
|
||||
|
||||
if not options:
|
||||
warnMsg = "mnemonic '%s' can't be resolved" % name
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
elif name in options:
|
||||
found = name
|
||||
debugMsg = "mnemonic '%s' resolved to %s). " % (name, found)
|
||||
@@ -4369,7 +4404,7 @@ def expandMnemonics(mnemonics, parser, args):
|
||||
found = sorted(options.keys(), key=len)[0]
|
||||
warnMsg = "detected ambiguity (mnemonic '%s' can be resolved to any of: %s). " % (name, ", ".join("'%s'" % key for key in options))
|
||||
warnMsg += "Resolved to shortest of those ('%s')" % found
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if found:
|
||||
found = options[found]
|
||||
@@ -4658,7 +4693,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
|
||||
else:
|
||||
url = urldecode(request.get_full_url(), kb.pageEncoding)
|
||||
method = request.get_method()
|
||||
data = request.data
|
||||
data = unArrayizeValue(request.data)
|
||||
data = urldecode(data, kb.pageEncoding, spaceplus=False)
|
||||
|
||||
if not data and method and method.upper() == HTTPMETHOD.POST:
|
||||
@@ -4775,7 +4810,7 @@ def checkOldOptions(args):
|
||||
warnMsg = "switch/option '%s' is deprecated" % _
|
||||
if DEPRECATED_OPTIONS[_]:
|
||||
warnMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_]
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def checkSystemEncoding():
|
||||
"""
|
||||
@@ -4793,7 +4828,7 @@ def checkSystemEncoding():
|
||||
logger.critical(errMsg)
|
||||
|
||||
warnMsg = "temporary switching to charset 'cp1256'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
_reload_module(sys)
|
||||
sys.setdefaultencoding("cp1256")
|
||||
@@ -5373,6 +5408,12 @@ def parseRequestFile(reqFile, checkParams=True):
|
||||
if conf.scope:
|
||||
logger.info("using regular expression '%s' for filtering targets" % conf.scope)
|
||||
|
||||
try:
|
||||
re.compile(conf.scope)
|
||||
except Exception as ex:
|
||||
errMsg = "invalid regular expression '%s' ('%s')" % (conf.scope, getSafeExString(ex))
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
for target in _parseBurpLog(content):
|
||||
yield target
|
||||
|
||||
|
||||
@@ -167,8 +167,27 @@ class WichmannHill(random.Random):
|
||||
|
||||
def patchHeaders(headers):
|
||||
if headers is not None and not hasattr(headers, "headers"):
|
||||
if isinstance(headers, dict):
|
||||
class _(dict):
|
||||
def __getitem__(self, key):
|
||||
for key_ in self:
|
||||
if key_.lower() == key.lower():
|
||||
return super(_, self).__getitem__(key_)
|
||||
|
||||
raise KeyError(key)
|
||||
|
||||
def get(self, key, default=None):
|
||||
try:
|
||||
return self[key]
|
||||
except KeyError:
|
||||
return default
|
||||
|
||||
headers = _(headers)
|
||||
|
||||
headers.headers = ["%s: %s\r\n" % (header, headers[header]) for header in headers]
|
||||
|
||||
return headers
|
||||
|
||||
def cmp(a, b):
|
||||
"""
|
||||
>>> cmp("a", "b")
|
||||
|
||||
@@ -16,7 +16,7 @@ _defaults = {
|
||||
"timeout": 30,
|
||||
"retries": 3,
|
||||
"csrfRetries": 0,
|
||||
"saFreq": 0,
|
||||
"safeFreq": 0,
|
||||
"threads": 1,
|
||||
"level": 1,
|
||||
"risk": 1,
|
||||
|
||||
@@ -231,7 +231,7 @@ DBMS_DICT = {
|
||||
DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"),
|
||||
DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "sybase"),
|
||||
DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
|
||||
DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/", None),
|
||||
DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype", None),
|
||||
DBMS.H2: (H2_ALIASES, None, None, None),
|
||||
DBMS.INFORMIX: (INFORMIX_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
|
||||
DBMS.MONETDB: (MONETDB_ALIASES, "pymonetdb", "https://github.com/gijzelaerr/pymonetdb", "monetdb"),
|
||||
@@ -241,9 +241,9 @@ DBMS_DICT = {
|
||||
DBMS.PRESTO: (PRESTO_ALIASES, "presto-python-client", "https://github.com/prestodb/presto-python-client", None),
|
||||
DBMS.ALTIBASE: (ALTIBASE_ALIASES, None, None, None),
|
||||
DBMS.MIMERSQL: (MIMERSQL_ALIASES, "mimerpy", "https://github.com/mimersql/MimerPy", None),
|
||||
DBMS.CRATEDB: (CRATEDB_ALIASES, "python-psycopg2", "http://initd.org/psycopg/", "postgresql"),
|
||||
DBMS.CRATEDB: (CRATEDB_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"),
|
||||
DBMS.CUBRID: (CUBRID_ALIASES, "CUBRID-Python", "https://github.com/CUBRID/cubrid-python", None),
|
||||
DBMS.CACHE: (CACHE_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/", None),
|
||||
DBMS.CACHE: (CACHE_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype", None),
|
||||
DBMS.EXTREMEDB: (EXTREMEDB_ALIASES, None, None, None),
|
||||
DBMS.FRONTBASE: (FRONTBASE_ALIASES, None, None, None),
|
||||
DBMS.RAIMA: (RAIMA_ALIASES, None, None, None),
|
||||
|
||||
@@ -79,18 +79,19 @@ class Dump(object):
|
||||
elif console:
|
||||
dataToStdout(text)
|
||||
|
||||
multiThreadMode = kb.multiThreadMode
|
||||
if multiThreadMode:
|
||||
self._lock.acquire()
|
||||
if self._outputFP:
|
||||
multiThreadMode = kb.multiThreadMode
|
||||
if multiThreadMode:
|
||||
self._lock.acquire()
|
||||
|
||||
try:
|
||||
self._outputFP.write(text)
|
||||
except IOError as ex:
|
||||
errMsg = "error occurred while writing to log file ('%s')" % getSafeExString(ex)
|
||||
raise SqlmapGenericException(errMsg)
|
||||
try:
|
||||
self._outputFP.write(text)
|
||||
except IOError as ex:
|
||||
errMsg = "error occurred while writing to log file ('%s')" % getSafeExString(ex)
|
||||
raise SqlmapGenericException(errMsg)
|
||||
|
||||
if multiThreadMode:
|
||||
self._lock.release()
|
||||
if multiThreadMode:
|
||||
self._lock.release()
|
||||
|
||||
kb.dataOutputFlag = True
|
||||
|
||||
@@ -102,6 +103,10 @@ class Dump(object):
|
||||
pass
|
||||
|
||||
def setOutputFile(self):
|
||||
if conf.noLogging:
|
||||
self._outputFP = None
|
||||
return
|
||||
|
||||
self._outputFile = os.path.join(conf.outputPath, "log")
|
||||
try:
|
||||
self._outputFP = openFile(self._outputFile, "ab" if not conf.flushSession else "wb")
|
||||
@@ -410,7 +415,15 @@ class Dump(object):
|
||||
try:
|
||||
dumpDbPath = os.path.join(conf.dumpPath, unsafeSQLIdentificatorNaming(db))
|
||||
except UnicodeError:
|
||||
dumpDbPath = os.path.join(conf.dumpPath, normalizeUnicode(unsafeSQLIdentificatorNaming(db)))
|
||||
try:
|
||||
dumpDbPath = os.path.join(conf.dumpPath, normalizeUnicode(unsafeSQLIdentificatorNaming(db)))
|
||||
except (UnicodeError, OSError):
|
||||
tempDir = tempfile.mkdtemp(prefix="sqlmapdb")
|
||||
warnMsg = "currently unable to use regular dump directory. "
|
||||
warnMsg += "Using temporary directory '%s' instead" % tempDir
|
||||
logger.warning(warnMsg)
|
||||
|
||||
dumpDbPath = tempDir
|
||||
|
||||
if conf.dumpFormat == DUMP_FORMAT.SQLITE:
|
||||
replication = Replication(os.path.join(conf.dumpPath, "%s.sqlite3" % unsafeSQLIdentificatorNaming(db)))
|
||||
@@ -432,7 +445,7 @@ class Dump(object):
|
||||
warnMsg = "unable to create dump directory "
|
||||
warnMsg += "'%s' (%s). " % (dumpDbPath, getSafeExString(ex))
|
||||
warnMsg += "Using temporary directory '%s' instead" % tempDir
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
dumpDbPath = tempDir
|
||||
|
||||
@@ -611,7 +624,7 @@ class Dump(object):
|
||||
_ = re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, normalizeUnicode(unsafeSQLIdentificatorNaming(column)))
|
||||
filepath = os.path.join(dumpDbPath, "%s-%d.bin" % (_, randomInt(8)))
|
||||
warnMsg = "writing binary ('%s') content to file '%s' " % (mimetype, filepath)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
with openFile(filepath, "w+b", None) as f:
|
||||
_ = safechardecode(value, True)
|
||||
@@ -659,7 +672,7 @@ class Dump(object):
|
||||
if not warnFile:
|
||||
logger.info(msg)
|
||||
else:
|
||||
logger.warn(msg)
|
||||
logger.warning(msg)
|
||||
|
||||
def dbColumns(self, dbColumnsDict, colConsider, dbs):
|
||||
if conf.api:
|
||||
|
||||
@@ -433,7 +433,7 @@ def _setStdinPipeTargets():
|
||||
def next(self):
|
||||
try:
|
||||
line = next(conf.stdinPipe)
|
||||
except (IOError, OSError):
|
||||
except (IOError, OSError, TypeError):
|
||||
line = None
|
||||
|
||||
if line:
|
||||
@@ -475,7 +475,7 @@ def _setBulkMultipleTargets():
|
||||
|
||||
if not found and not conf.forms and not conf.crawlDepth:
|
||||
warnMsg = "no usable links found (with GET parameters)"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def _findPageForms():
|
||||
if not conf.forms or conf.crawlDepth:
|
||||
@@ -523,7 +523,7 @@ def _findPageForms():
|
||||
|
||||
if not found:
|
||||
warnMsg = "no forms found"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def _setDBMSAuthentication():
|
||||
"""
|
||||
@@ -607,16 +607,16 @@ def _setMetasploit():
|
||||
warnMsg += "or more of the needed Metasploit executables "
|
||||
warnMsg += "within msfcli, msfconsole, msfencode and "
|
||||
warnMsg += "msfpayload do not exist"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
warnMsg = "you did not provide the local path where Metasploit "
|
||||
warnMsg += "Framework is installed"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if not msfEnvPathExists:
|
||||
warnMsg = "sqlmap is going to look for Metasploit Framework "
|
||||
warnMsg += "installation inside the environment path(s)"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
envPaths = os.environ.get("PATH", "").split(";" if IS_WIN else ":")
|
||||
|
||||
@@ -1202,10 +1202,10 @@ def _setHTTPHandlers():
|
||||
|
||||
if conf.proxy:
|
||||
warnMsg += "with HTTP(s) proxy"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
elif conf.authType:
|
||||
warnMsg += "with authentication methods"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
handlers.append(keepAliveHandler)
|
||||
|
||||
@@ -1547,7 +1547,7 @@ def _setHTTPTimeout():
|
||||
if conf.timeout < 3.0:
|
||||
warnMsg = "the minimum HTTP timeout is 3 seconds, sqlmap "
|
||||
warnMsg += "will going to reset it"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
conf.timeout = 3.0
|
||||
else:
|
||||
@@ -1586,13 +1586,13 @@ def _createHomeDirectories():
|
||||
|
||||
if conf.get("outputDir") and context == "output":
|
||||
warnMsg = "using '%s' as the %s directory" % (directory, context)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
except (OSError, IOError) as ex:
|
||||
tempDir = tempfile.mkdtemp(prefix="sqlmap%s" % context)
|
||||
warnMsg = "unable to %s %s directory " % ("create" if not os.path.isdir(directory) else "write to the", context)
|
||||
warnMsg += "'%s' (%s). " % (directory, getUnicode(ex))
|
||||
warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
paths["SQLMAP_%s_PATH" % context.upper()] = tempDir
|
||||
|
||||
@@ -1617,7 +1617,7 @@ def _createTemporaryDirectory():
|
||||
tempfile.tempdir = conf.tmpDir
|
||||
|
||||
warnMsg = "using '%s' as the temporary directory" % conf.tmpDir
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
except (OSError, IOError) as ex:
|
||||
errMsg = "there has been a problem while accessing "
|
||||
errMsg += "temporary directory location(s) ('%s')" % getSafeExString(ex)
|
||||
@@ -1632,7 +1632,7 @@ def _createTemporaryDirectory():
|
||||
warnMsg += "make sure that there is enough disk space left. If problem persists, "
|
||||
warnMsg += "try to set environment variable 'TEMP' to a location "
|
||||
warnMsg += "writeable by the current user"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if "sqlmap" not in (tempfile.tempdir or "") or conf.tmpDir and tempfile.tempdir == conf.tmpDir:
|
||||
try:
|
||||
@@ -1832,13 +1832,22 @@ def _cleanupOptions():
|
||||
warnMsg = "increasing default value for "
|
||||
warnMsg += "option '--time-sec' to %d because " % conf.timeSec
|
||||
warnMsg += "switch '--tor' was provided"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
|
||||
|
||||
if conf.retries:
|
||||
conf.retries = min(conf.retries, MAX_CONNECT_RETRIES)
|
||||
|
||||
if conf.url:
|
||||
match = re.search(r"\A(\w+://)?([^/@?]+)@", conf.url)
|
||||
if match:
|
||||
credentials = match.group(2)
|
||||
conf.url = conf.url.replace("%s@" % credentials, "", 1)
|
||||
|
||||
conf.authType = AUTH_TYPE.BASIC
|
||||
conf.authCred = credentials if ':' in credentials else "%s:" % credentials
|
||||
|
||||
if conf.code:
|
||||
conf.code = int(conf.code)
|
||||
|
||||
@@ -2036,6 +2045,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
||||
kb.delayCandidates = TIME_DELAY_CANDIDATES * [0]
|
||||
kb.dep = None
|
||||
kb.disableHtmlDecoding = False
|
||||
kb.disableShiftTable = False
|
||||
kb.dnsMode = False
|
||||
kb.dnsTest = None
|
||||
kb.docRoot = None
|
||||
@@ -2116,6 +2126,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
||||
kb.pageStable = None
|
||||
kb.partRun = None
|
||||
kb.permissionFlag = False
|
||||
kb.place = None
|
||||
kb.postHint = None
|
||||
kb.postSpaceToPlus = False
|
||||
kb.postUrlEncode = True
|
||||
@@ -2196,7 +2207,7 @@ def _useWizardInterface():
|
||||
|
||||
while not conf.url:
|
||||
message = "Please enter full target URL (-u): "
|
||||
conf.url = readInput(message, default=None)
|
||||
conf.url = readInput(message, default=None, checkBatch=False)
|
||||
|
||||
message = "%s data (--data) [Enter for None]: " % ((conf.method if conf.method != HTTPMETHOD.GET else None) or HTTPMETHOD.POST)
|
||||
conf.data = readInput(message, default=None)
|
||||
@@ -2207,7 +2218,7 @@ def _useWizardInterface():
|
||||
if not conf.crawlDepth and not conf.forms:
|
||||
warnMsg += "Will search for forms"
|
||||
conf.forms = True
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
choice = None
|
||||
|
||||
@@ -2463,7 +2474,7 @@ def _setTorHttpProxySettings():
|
||||
warnMsg += "Tor anonymizing network because of "
|
||||
warnMsg += "known issues with default settings of various 'bundles' "
|
||||
warnMsg += "(e.g. Vidalia)"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def _setTorSocksProxySettings():
|
||||
infoMsg = "setting Tor SOCKS proxy settings"
|
||||
@@ -2543,7 +2554,7 @@ def _basicOptionValidation():
|
||||
if isinstance(conf.limitStart, int) and conf.limitStart > 0 and \
|
||||
isinstance(conf.limitStop, int) and conf.limitStop < conf.limitStart:
|
||||
warnMsg = "usage of option '--start' (limitStart) which is bigger than value for --stop (limitStop) option is considered unstable"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if isinstance(conf.firstChar, int) and conf.firstChar > 0 and \
|
||||
isinstance(conf.lastChar, int) and conf.lastChar < conf.firstChar:
|
||||
@@ -2553,7 +2564,7 @@ def _basicOptionValidation():
|
||||
if conf.proxyFile and not any((conf.randomAgent, conf.mobile, conf.agent, conf.requestFile)):
|
||||
warnMsg = "usage of switch '--random-agent' is strongly recommended when "
|
||||
warnMsg += "using option '--proxy-file'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if conf.textOnly and conf.nullConnection:
|
||||
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
|
||||
@@ -2661,7 +2672,7 @@ def _basicOptionValidation():
|
||||
warnMsg = "increasing default value for "
|
||||
warnMsg += "option '--retries' to %d because " % conf.retries
|
||||
warnMsg += "option '--retry-on' was provided"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
|
||||
if conf.cookieDel and len(conf.cookieDel):
|
||||
@@ -2829,10 +2840,13 @@ def _basicOptionValidation():
|
||||
else:
|
||||
conf.encoding = _
|
||||
|
||||
if conf.loadCookies:
|
||||
if not os.path.exists(conf.loadCookies):
|
||||
errMsg = "cookies file '%s' does not exist" % conf.loadCookies
|
||||
raise SqlmapFilePathException(errMsg)
|
||||
if conf.fileWrite and not os.path.isfile(conf.fileWrite):
|
||||
errMsg = "file '%s' does not exist" % os.path.abspath(conf.fileWrite)
|
||||
raise SqlmapFilePathException(errMsg)
|
||||
|
||||
if conf.loadCookies and not os.path.exists(conf.loadCookies):
|
||||
errMsg = "cookies file '%s' does not exist" % os.path.abspath(conf.loadCookies)
|
||||
raise SqlmapFilePathException(errMsg)
|
||||
|
||||
def initOptions(inputOptions=AttribDict(), overrideOptions=False):
|
||||
_setConfAttributes()
|
||||
|
||||
@@ -243,6 +243,7 @@ optDict = {
|
||||
"dependencies": "boolean",
|
||||
"disableColoring": "boolean",
|
||||
"listTampers": "boolean",
|
||||
"noLogging": "boolean",
|
||||
"offline": "boolean",
|
||||
"purge": "boolean",
|
||||
"resultsFile": "string",
|
||||
|
||||
@@ -5,12 +5,7 @@ Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
from lib.core.data import logger
|
||||
from lib.core.settings import IS_WIN
|
||||
from lib.core.settings import PLATFORM
|
||||
|
||||
_readline = None
|
||||
|
||||
try:
|
||||
from readline import *
|
||||
import readline as _readline
|
||||
@@ -21,6 +16,10 @@ except:
|
||||
except:
|
||||
pass
|
||||
|
||||
from lib.core.data import logger
|
||||
from lib.core.settings import IS_WIN
|
||||
from lib.core.settings import PLATFORM
|
||||
|
||||
if IS_WIN and _readline:
|
||||
try:
|
||||
_outputfile = _readline.GetOutputFile()
|
||||
|
||||
@@ -20,7 +20,7 @@ from thirdparty import six
|
||||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.6.1.7"
|
||||
VERSION = "1.6.10.0"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
@@ -68,11 +68,11 @@ BOUNDARY_BACKSLASH_MARKER = "__BACKSLASH__"
|
||||
PARAMETER_PERCENTAGE_MARKER = "__PERCENTAGE__"
|
||||
PARTIAL_VALUE_MARKER = "__PARTIAL_VALUE__"
|
||||
PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"
|
||||
URI_QUESTION_MARKER = "__QUESTION_MARK__"
|
||||
ASTERISK_MARKER = "__ASTERISK_MARK__"
|
||||
REPLACEMENT_MARKER = "__REPLACEMENT_MARK__"
|
||||
BOUNDED_BASE64_MARKER = "__BOUNDED_BASE64_MARK__"
|
||||
BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION_MARK__"
|
||||
URI_QUESTION_MARKER = "__QUESTION__"
|
||||
ASTERISK_MARKER = "__ASTERISK__"
|
||||
REPLACEMENT_MARKER = "__REPLACEMENT__"
|
||||
BOUNDED_BASE64_MARKER = "__BOUNDED_BASE64__"
|
||||
BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION__"
|
||||
SAFE_VARIABLE_MARKER = "__SAFE__"
|
||||
SAFE_HEX_MARKER = "__SAFE_HEX__"
|
||||
DOLLAR_MARKER = "__DOLLAR__"
|
||||
@@ -592,7 +592,7 @@ LEGAL_DISCLAIMER = "Usage of sqlmap for attacking targets without prior mutual c
|
||||
REFLECTIVE_MISS_THRESHOLD = 20
|
||||
|
||||
# Regular expression used for extracting HTML title
|
||||
HTML_TITLE_REGEX = r"<title>(?P<result>[^<]+)</title>"
|
||||
HTML_TITLE_REGEX = r"(?i)<title>(?P<result>[^<]+)</title>"
|
||||
|
||||
# Table used for Base64 conversion in WordPress hash cracking routine
|
||||
ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||||
@@ -698,7 +698,7 @@ DEFAULT_COOKIE_DELIMITER = ';'
|
||||
FORCE_COOKIE_EXPIRATION_TIME = "9999999999"
|
||||
|
||||
# Github OAuth token used for creating an automatic Issue for unhandled exceptions
|
||||
GITHUB_REPORT_OAUTH_TOKEN = "NTYzYjhmZWJjYzc0Njg2ODJhNzhmNDg1YzM0YzlkYjk3N2JiMzE3Nw"
|
||||
GITHUB_REPORT_OAUTH_TOKEN = "Z2hwX2FOMDdpUWx0NDg0ak85QW4yU1pSQjhtazhBaVVlRzNaMUxmMA"
|
||||
|
||||
# Skip unforced HashDB flush requests below the threshold number of cached items
|
||||
HASHDB_FLUSH_THRESHOLD = 32
|
||||
@@ -845,7 +845,7 @@ JSON_LIKE_RECOGNITION_REGEX = r"(?s)\A(\s*\[)*\s*\{.*('[^']+'|\"[^\"]+\"|\w+)\s*
|
||||
MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name="
|
||||
|
||||
# Regular expression used for detecting Array-like POST data
|
||||
ARRAY_LIKE_RECOGNITION_REGEX = r"(\A|%s)(\w+)\[\]=.+%s\2\[\]=" % (DEFAULT_GET_POST_DELIMITER, DEFAULT_GET_POST_DELIMITER)
|
||||
ARRAY_LIKE_RECOGNITION_REGEX = r"(\A|%s)(\w+)\[\d*\]=.+%s\2\[\d*\]=" % (DEFAULT_GET_POST_DELIMITER, DEFAULT_GET_POST_DELIMITER)
|
||||
|
||||
# Default POST data content-type
|
||||
DEFAULT_CONTENT_TYPE = "application/x-www-form-urlencoded; charset=utf-8"
|
||||
|
||||
@@ -79,7 +79,7 @@ def saveHistory(completion=None):
|
||||
readline.write_history_file(historyPath)
|
||||
except IOError as ex:
|
||||
warnMsg = "there was a problem writing the history file '%s' (%s)" % (historyPath, getSafeExString(ex))
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
except KeyboardInterrupt:
|
||||
pass
|
||||
|
||||
@@ -103,12 +103,12 @@ def loadHistory(completion=None):
|
||||
readline.read_history_file(historyPath)
|
||||
except IOError as ex:
|
||||
warnMsg = "there was a problem loading the history file '%s' (%s)" % (historyPath, getSafeExString(ex))
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
except UnicodeError:
|
||||
if IS_WIN:
|
||||
warnMsg = "there was a problem loading the history file '%s'. " % historyPath
|
||||
warnMsg += "More info can be found at 'https://github.com/pyreadline/pyreadline/issues/30'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def autoCompletion(completion=None, os=None, commands=None):
|
||||
if not readlineAvailable():
|
||||
|
||||
@@ -26,8 +26,10 @@ from lib.core.common import readInput
|
||||
from lib.core.common import removePostHintPrefix
|
||||
from lib.core.common import resetCookieJar
|
||||
from lib.core.common import safeStringFormat
|
||||
from lib.core.common import unArrayizeValue
|
||||
from lib.core.common import urldecode
|
||||
from lib.core.compat import xrange
|
||||
from lib.core.convert import decodeBase64
|
||||
from lib.core.convert import getUnicode
|
||||
from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
@@ -104,7 +106,7 @@ def _setRequestParams():
|
||||
|
||||
# Perform checks on POST parameters
|
||||
if conf.method == HTTPMETHOD.POST and conf.data is None:
|
||||
logger.warn("detected empty POST body")
|
||||
logger.warning("detected empty POST body")
|
||||
conf.data = ""
|
||||
|
||||
if conf.data is not None:
|
||||
@@ -118,7 +120,10 @@ def _setRequestParams():
|
||||
while True:
|
||||
_ = re.search(r"\\g<([^>]+)>", retVal)
|
||||
if _:
|
||||
retVal = retVal.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
|
||||
try:
|
||||
retVal = retVal.replace(_.group(0), match.group(int(_.group(1)) if _.group(1).isdigit() else _.group(1)))
|
||||
except IndexError:
|
||||
break
|
||||
else:
|
||||
break
|
||||
if kb.customInjectionMark in retVal:
|
||||
@@ -245,7 +250,7 @@ def _setRequestParams():
|
||||
warnMsg += "parameters (e.g. 'http://www.site.com/article.php?id=1') "
|
||||
warnMsg += "and without providing any POST parameters "
|
||||
warnMsg += "through option '--data'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
message = "do you want to try URI injections "
|
||||
message += "in the target URL itself? [Y/n/q] "
|
||||
@@ -281,7 +286,7 @@ def _setRequestParams():
|
||||
warnMsg = "it seems that you've provided empty parameter value(s) "
|
||||
warnMsg += "for testing. Please, always use only valid parameter values "
|
||||
warnMsg += "so sqlmap could be able to run properly"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if not kb.processUserMarks:
|
||||
if place == PLACE.URI:
|
||||
@@ -303,6 +308,9 @@ def _setRequestParams():
|
||||
testableParameters = True
|
||||
|
||||
else:
|
||||
if place == PLACE.URI:
|
||||
value = conf.url = conf.url.replace('+', "%20") # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5123
|
||||
|
||||
conf.parameters[place] = value
|
||||
conf.paramDict[place] = OrderedDict()
|
||||
|
||||
@@ -580,7 +588,7 @@ def _setResultsFile():
|
||||
os.close(handle)
|
||||
conf.resultsFP = openFile(conf.resultsFile, "w+", UNICODE_ENCODING, buffering=0)
|
||||
warnMsg += "Using temporary file '%s' instead" % conf.resultsFile
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
except IOError as _:
|
||||
errMsg = "unable to write to the temporary directory ('%s'). " % _
|
||||
errMsg += "Please make sure that your disk is not full and "
|
||||
@@ -611,7 +619,7 @@ def _createFilesDir():
|
||||
warnMsg = "unable to create files directory "
|
||||
warnMsg += "'%s' (%s). " % (conf.filePath, getUnicode(ex))
|
||||
warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
conf.filePath = tempDir
|
||||
|
||||
@@ -633,7 +641,7 @@ def _createDumpDir():
|
||||
warnMsg = "unable to create dump directory "
|
||||
warnMsg += "'%s' (%s). " % (conf.dumpPath, getUnicode(ex))
|
||||
warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
conf.dumpPath = tempDir
|
||||
|
||||
@@ -656,7 +664,7 @@ def _createTargetDirs():
|
||||
warnMsg = "unable to create output directory "
|
||||
warnMsg += "'%s' (%s). " % (conf.outputPath, getUnicode(ex))
|
||||
warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
conf.outputPath = tempDir
|
||||
|
||||
@@ -679,7 +687,7 @@ def _createTargetDirs():
|
||||
raise SqlmapMissingPrivileges(errMsg)
|
||||
except UnicodeError as ex:
|
||||
warnMsg = "something went wrong while saving target data ('%s')" % getSafeExString(ex)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
_createDumpDir()
|
||||
_createFilesDir()
|
||||
@@ -741,6 +749,15 @@ def initTargetEnv():
|
||||
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
|
||||
kb.postSpaceToPlus = '+' in original
|
||||
|
||||
if conf.data and unArrayizeValue(conf.base64Parameter) == HTTPMETHOD.POST:
|
||||
if '=' not in conf.data.strip('='):
|
||||
try:
|
||||
original = conf.data
|
||||
conf.data = _(decodeBase64(conf.data, binary=False))
|
||||
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
|
||||
except:
|
||||
pass
|
||||
|
||||
match = re.search(INJECT_HERE_REGEX, "%s %s %s" % (conf.url, conf.data, conf.httpHeaders))
|
||||
kb.customInjectionMark = match.group(0) if match else CUSTOM_INJECTION_MARK_CHAR
|
||||
|
||||
|
||||
@@ -39,7 +39,7 @@ def vulnTest():
|
||||
|
||||
TESTS = (
|
||||
("-h", ("to see full list of options run with '-hh'",)),
|
||||
("--dependencies --deprecations", ("sqlmap requires", "third-party library", "~DeprecationWarning:")),
|
||||
("--dependencies", ("sqlmap requires", "third-party library")),
|
||||
("-u <url> --data=\"reflect=1\" --flush-session --wizard --disable-coloring", ("Please choose:", "back-end DBMS: SQLite", "current user is DBA: True", "banner: '3.")),
|
||||
("-u <url> --data=\"code=1\" --code=200 --technique=B --banner --no-cast --flush-session", ("back-end DBMS: SQLite", "banner: '3.", "~COALESCE(CAST(")),
|
||||
(u"-c <config> --flush-session --output-dir=\"<tmpdir>\" --smart --roles --statements --hostname --privileges --sql-query=\"SELECT '\u0161u\u0107uraj'\" --technique=U", (u": '\u0161u\u0107uraj'", "on SQLite it is not possible", "as the output directory")),
|
||||
@@ -65,6 +65,7 @@ def vulnTest():
|
||||
("-u <url> --flush-session --banner --invalid-logical --technique=B --predict-output --test-filter=\"OR boolean\" --tamper=space2dash", ("banner: '3.", " LIKE ")),
|
||||
("-u <url> --flush-session --cookie=\"PHPSESSID=d41d8cd98f00b204e9800998ecf8427e; id=1*; id2=2\" --tables --union-cols=3", ("might be injectable", "Cookie #1* ((custom) HEADER)", "Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", " users ")),
|
||||
("-u <url> --flush-session --null-connection --technique=B --tamper=between,randomcase --banner --count -T users", ("NULL connection is supported with HEAD method", "banner: '3.", "users | 5")),
|
||||
("-u <base> --data=\"aWQ9MQ==\" --flush-session --base64=POST -v 6", ("aWQ9MTtXQUlURk9SIERFTEFZICcwOjA",)),
|
||||
("-u <url> --flush-session --parse-errors --test-filter=\"subquery\" --eval=\"import hashlib; id2=2; id3=hashlib.md5(id.encode()).hexdigest()\" --referer=\"localhost\"", ("might be injectable", ": syntax error", "back-end DBMS: SQLite", "WHERE or HAVING clause (subquery")),
|
||||
("-u <url> --banner --schema --dump -T users --binary-fields=surname --where \"id>3\"", ("banner: '3.", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
|
||||
("-u <url> --technique=U --fresh-queries --force-partial --dump -T users --dump-format=HTML --answers=\"crack=n\" -v 3", ("performed 6 queries", "nameisnull", "~using default dictionary", "dumped to HTML file")),
|
||||
|
||||
@@ -119,6 +119,13 @@ def setDaemon(thread):
|
||||
def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardException=True, threadChoice=False, startThreadMsg=True):
|
||||
threads = []
|
||||
|
||||
def _threadFunction():
|
||||
try:
|
||||
threadFunction()
|
||||
finally:
|
||||
if conf.hashDB:
|
||||
conf.hashDB.close()
|
||||
|
||||
kb.multipleCtrlC = False
|
||||
kb.threadContinue = True
|
||||
kb.threadException = False
|
||||
@@ -147,21 +154,25 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
|
||||
|
||||
if numThreads == 1:
|
||||
warnMsg = "running in a single-thread mode. This could take a while"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if numThreads > 1:
|
||||
if startThreadMsg:
|
||||
infoMsg = "starting %d threads" % numThreads
|
||||
logger.info(infoMsg)
|
||||
else:
|
||||
threadFunction()
|
||||
return
|
||||
try:
|
||||
_threadFunction()
|
||||
except (SqlmapUserQuitException, SqlmapSkipTargetException):
|
||||
pass
|
||||
finally:
|
||||
return
|
||||
|
||||
kb.multiThreadMode = True
|
||||
|
||||
# Start the threads
|
||||
for numThread in xrange(numThreads):
|
||||
thread = threading.Thread(target=exceptionHandledFunction, name=str(numThread), args=[threadFunction])
|
||||
thread = threading.Thread(target=exceptionHandledFunction, name=str(numThread), args=[_threadFunction])
|
||||
|
||||
setDaemon(thread)
|
||||
|
||||
|
||||
@@ -68,7 +68,7 @@ def update():
|
||||
elif not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")):
|
||||
warnMsg = "not a git repository. It is recommended to clone the 'sqlmapproject/sqlmap' repository "
|
||||
warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if VERSION == getLatestRevision():
|
||||
logger.info("already at the latest revision '%s'" % getRevisionNumber())
|
||||
|
||||
@@ -745,6 +745,9 @@ def cmdLineParser(argv=None):
|
||||
miscellaneous.add_argument("--list-tampers", dest="listTampers", action="store_true",
|
||||
help="Display list of available tamper scripts")
|
||||
|
||||
miscellaneous.add_argument("--no-logging", dest="noLogging", action="store_true",
|
||||
help="Disable logging to a file")
|
||||
|
||||
miscellaneous.add_argument("--offline", dest="offline", action="store_true",
|
||||
help="Work in offline mode (only use session data)")
|
||||
|
||||
@@ -955,7 +958,7 @@ def cmdLineParser(argv=None):
|
||||
argv[i] = re.sub(u"\\A(\u2010|\u2013|\u2212|\u2014|\u4e00|\u1680|\uFE63|\uFF0D)+", lambda match: '-' * len(match.group(0)), argv[i])
|
||||
|
||||
# Reference: https://unicode-table.com/en/sets/quotation-marks/
|
||||
argv[i] = argv[i].strip(u"\u00AB\u2039\u00BB\u203A\u201E\u201C\u201F\u201D\u2019\u0022\u275D\u275E\u276E\u276F\u2E42\u301D\u301E\u301F\uFF02\u201A\u2018\u201B\u275B\u275C")
|
||||
argv[i] = argv[i].strip(u"\u00AB\u2039\u00BB\u203A\u201E\u201C\u201F\u201D\u2019\u275D\u275E\u276E\u276F\u2E42\u301D\u301E\u301F\uFF02\u201A\u2018\u201B\u275B\u275C")
|
||||
|
||||
if argv[i] == "-hh":
|
||||
argv[i] = "-h"
|
||||
|
||||
@@ -51,6 +51,6 @@ def parseSitemap(url, retVal=None):
|
||||
abortedFlag = True
|
||||
warnMsg = "user aborted during sitemap parsing. sqlmap "
|
||||
warnMsg += "will use partial list"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return retVal
|
||||
|
||||
@@ -46,6 +46,7 @@ from lib.core.common import getSafeExString
|
||||
from lib.core.common import logHTTPTraffic
|
||||
from lib.core.common import openFile
|
||||
from lib.core.common import popValue
|
||||
from lib.core.common import parseJson
|
||||
from lib.core.common import pushValue
|
||||
from lib.core.common import randomizeParameterValue
|
||||
from lib.core.common import randomInt
|
||||
@@ -56,12 +57,14 @@ from lib.core.common import safeVariableNaming
|
||||
from lib.core.common import singleTimeLogMessage
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.common import stdev
|
||||
from lib.core.common import unArrayizeValue
|
||||
from lib.core.common import unsafeVariableNaming
|
||||
from lib.core.common import urldecode
|
||||
from lib.core.common import urlencode
|
||||
from lib.core.common import wasLastResponseDelayed
|
||||
from lib.core.compat import patchHeaders
|
||||
from lib.core.compat import xrange
|
||||
from lib.core.convert import encodeBase64
|
||||
from lib.core.convert import getBytes
|
||||
from lib.core.convert import getText
|
||||
from lib.core.convert import getUnicode
|
||||
@@ -151,7 +154,7 @@ class Connect(object):
|
||||
if (len(inspect.stack()) > sys.getrecursionlimit() // 2): # Note: https://github.com/sqlmapproject/sqlmap/issues/4525
|
||||
warnMsg = "unable to connect to the target URL"
|
||||
raise SqlmapConnectionException(warnMsg)
|
||||
except TypeError:
|
||||
except (TypeError, UnicodeError):
|
||||
pass
|
||||
|
||||
try:
|
||||
@@ -166,7 +169,7 @@ class Connect(object):
|
||||
|
||||
if conf.proxyList and threadData.retriesCount >= conf.retries and not kb.locks.handlers.locked():
|
||||
warnMsg = "changing proxy"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
conf.proxy = None
|
||||
threadData.retriesCount = 0
|
||||
@@ -309,7 +312,7 @@ class Connect(object):
|
||||
conf.proxy = None
|
||||
|
||||
warnMsg = "changing proxy"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
setHTTPHandlers()
|
||||
|
||||
@@ -466,7 +469,7 @@ class Connect(object):
|
||||
break
|
||||
|
||||
if post is not None and not multipart and not getHeader(headers, HTTP_HEADER.CONTENT_TYPE):
|
||||
headers[HTTP_HEADER.CONTENT_TYPE] = POST_HINT_CONTENT_TYPES.get(kb.postHint, DEFAULT_CONTENT_TYPE)
|
||||
headers[HTTP_HEADER.CONTENT_TYPE] = POST_HINT_CONTENT_TYPES.get(kb.postHint, DEFAULT_CONTENT_TYPE if unArrayizeValue(conf.base64Parameter) != HTTPMETHOD.POST else PLAIN_TEXT_CONTENT_TYPE)
|
||||
|
||||
if headers.get(HTTP_HEADER.CONTENT_TYPE) == POST_HINT_CONTENT_TYPES[POST_HINT.MULTIPART]:
|
||||
warnMsg = "missing 'boundary parameter' in '%s' header. " % HTTP_HEADER.CONTENT_TYPE
|
||||
@@ -498,6 +501,9 @@ class Connect(object):
|
||||
headers[HTTP_HEADER.HOST] = "localhost"
|
||||
|
||||
for key, value in list(headers.items()):
|
||||
if key.upper() == HTTP_HEADER.ACCEPT_ENCODING.upper():
|
||||
value = re.sub(r"(?i)(,)br(,)?", lambda match: ',' if match.group(1) and match.group(2) else "", value) or "identity"
|
||||
|
||||
del headers[key]
|
||||
if isinstance(value, six.string_types):
|
||||
for char in (r"\r", r"\n"):
|
||||
@@ -552,6 +558,13 @@ class Connect(object):
|
||||
else:
|
||||
post = getBytes(post)
|
||||
|
||||
if unArrayizeValue(conf.base64Parameter) == HTTPMETHOD.POST:
|
||||
if kb.place != HTTPMETHOD.POST:
|
||||
conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data)
|
||||
else:
|
||||
post = urldecode(post, convall=True)
|
||||
post = encodeBase64(post)
|
||||
|
||||
if target and cmdLineOptions.method or method and method not in (HTTPMETHOD.GET, HTTPMETHOD.POST):
|
||||
req = MethodRequest(url, post, headers)
|
||||
req.set_method(cmdLineOptions.method or method)
|
||||
@@ -574,8 +587,14 @@ class Connect(object):
|
||||
|
||||
if not getRequestHeader(req, HTTP_HEADER.COOKIE) and conf.cj:
|
||||
conf.cj._policy._now = conf.cj._now = int(time.time())
|
||||
cookies = conf.cj._cookies_for_request(req)
|
||||
requestHeaders += "\r\n%s" % ("Cookie: %s" % ";".join("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies))
|
||||
while True:
|
||||
try:
|
||||
cookies = conf.cj._cookies_for_request(req)
|
||||
except RuntimeError: # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5187
|
||||
time.sleep(1)
|
||||
else:
|
||||
requestHeaders += "\r\n%s" % ("Cookie: %s" % ";".join("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value)) for cookie in cookies))
|
||||
break
|
||||
|
||||
if post is not None:
|
||||
if not getRequestHeader(req, HTTP_HEADER.CONTENT_LENGTH) and not chunked:
|
||||
@@ -633,7 +652,7 @@ class Connect(object):
|
||||
if hasattr(conn, "redurl"):
|
||||
responseHeaders[HTTP_HEADER.LOCATION] = conn.redurl
|
||||
|
||||
patchHeaders(responseHeaders)
|
||||
responseHeaders = patchHeaders(responseHeaders)
|
||||
kb.serverHeader = responseHeaders.get(HTTP_HEADER.SERVER, kb.serverHeader)
|
||||
else:
|
||||
code = None
|
||||
@@ -693,7 +712,7 @@ class Connect(object):
|
||||
conn.close()
|
||||
except Exception as ex:
|
||||
warnMsg = "problem occurred during connection closing ('%s')" % getSafeExString(ex)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
except SqlmapConnectionException as ex:
|
||||
if conf.proxyList and not kb.threadException:
|
||||
@@ -715,12 +734,12 @@ class Connect(object):
|
||||
page = ex.read() if not skipRead else None
|
||||
responseHeaders = ex.info()
|
||||
responseHeaders[URI_HTTP_HEADER] = ex.geturl()
|
||||
patchHeaders(responseHeaders)
|
||||
responseHeaders = patchHeaders(responseHeaders)
|
||||
page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE), percentDecode=not crawling)
|
||||
except socket.timeout:
|
||||
warnMsg = "connection timed out while trying "
|
||||
warnMsg += "to get error page information (%d)" % ex.code
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
return None, None, None
|
||||
except KeyboardInterrupt:
|
||||
raise
|
||||
@@ -795,7 +814,7 @@ class Connect(object):
|
||||
debugMsg = "got HTTP error code: %d ('%s')" % (code, status)
|
||||
logger.debug(debugMsg)
|
||||
|
||||
except (_urllib.error.URLError, socket.error, socket.timeout, _http_client.HTTPException, struct.error, binascii.Error, ProxyError, SqlmapCompressionException, WebSocketException, TypeError, ValueError, OverflowError, AttributeError):
|
||||
except (_urllib.error.URLError, socket.error, socket.timeout, _http_client.HTTPException, struct.error, binascii.Error, ProxyError, SqlmapCompressionException, WebSocketException, TypeError, ValueError, OverflowError, AttributeError, OSError):
|
||||
tbMsg = traceback.format_exc()
|
||||
|
||||
if conf.debug:
|
||||
@@ -811,7 +830,7 @@ class Connect(object):
|
||||
elif "no host given" in tbMsg:
|
||||
warnMsg = "invalid URL address used (%s)" % repr(url)
|
||||
raise SqlmapSyntaxException(warnMsg)
|
||||
elif "forcibly closed" in tbMsg or "Connection is already closed" in tbMsg:
|
||||
elif any(_ in tbMsg for _ in ("forcibly closed", "Connection is already closed", "ConnectionAbortedError")):
|
||||
warnMsg = "connection was forcibly closed by the target URL"
|
||||
elif "timed out" in tbMsg:
|
||||
if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED):
|
||||
@@ -912,11 +931,13 @@ class Connect(object):
|
||||
|
||||
socket.setdefaulttimeout(conf.timeout)
|
||||
|
||||
if conf.retryOn and re.search(conf.retryOn, page, re.I):
|
||||
if threadData.retriesCount < conf.retries:
|
||||
warnMsg = "forced retry of the request because of undesired page content"
|
||||
logger.warn(warnMsg)
|
||||
return Connect._retryProxy(**kwargs)
|
||||
# Dirty patch for Python3.11.0a7 (e.g. https://github.com/sqlmapproject/sqlmap/issues/5091)
|
||||
if not sys.version.startswith("3.11."):
|
||||
if conf.retryOn and re.search(conf.retryOn, page, re.I):
|
||||
if threadData.retriesCount < conf.retries:
|
||||
warnMsg = "forced retry of the request because of undesired page content"
|
||||
logger.warning(warnMsg)
|
||||
return Connect._retryProxy(**kwargs)
|
||||
|
||||
processResponse(page, responseHeaders, code, status)
|
||||
|
||||
@@ -976,6 +997,8 @@ class Connect(object):
|
||||
if not place:
|
||||
place = kb.injection.place or PLACE.GET
|
||||
|
||||
kb.place = place
|
||||
|
||||
if not auxHeaders:
|
||||
auxHeaders = {}
|
||||
|
||||
@@ -994,9 +1017,10 @@ class Connect(object):
|
||||
|
||||
if (kb.postHint or conf.skipUrlEncode) and postUrlEncode:
|
||||
postUrlEncode = False
|
||||
conf.httpHeaders = [_ for _ in conf.httpHeaders if _[1] != contentType]
|
||||
contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)
|
||||
conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))
|
||||
if not (conf.skipUrlEncode and contentType): # NOTE: https://github.com/sqlmapproject/sqlmap/issues/5092
|
||||
conf.httpHeaders = [_ for _ in conf.httpHeaders if _[1] != contentType]
|
||||
contentType = POST_HINT_CONTENT_TYPES.get(kb.postHint, PLAIN_TEXT_CONTENT_TYPE)
|
||||
conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))
|
||||
|
||||
if payload:
|
||||
delimiter = conf.paramDel or (DEFAULT_GET_POST_DELIMITER if place != PLACE.COOKIE else DEFAULT_COOKIE_DELIMITER)
|
||||
@@ -1160,7 +1184,7 @@ class Connect(object):
|
||||
if attempt > 0:
|
||||
warnMsg = "unable to find anti-CSRF token '%s' at '%s'" % (conf.csrfToken._original, conf.csrfUrl or conf.url)
|
||||
warnMsg += ". sqlmap is going to retry the request"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.csrfMethod or (conf.method if conf.csrfUrl == conf.url else None), cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
|
||||
page = urldecode(page) # for anti-CSRF tokens with special characters in their name (e.g. 'foo:bar=...')
|
||||
@@ -1191,7 +1215,7 @@ class Connect(object):
|
||||
|
||||
if not token:
|
||||
if conf.csrfUrl and conf.csrfToken and conf.csrfUrl != conf.url and code == _http_client.OK:
|
||||
if headers and "text/plain" in headers.get(HTTP_HEADER.CONTENT_TYPE, ""):
|
||||
if headers and PLAIN_TEXT_CONTENT_TYPE in headers.get(HTTP_HEADER.CONTENT_TYPE, ""):
|
||||
token.name = conf.csrfToken
|
||||
token.value = page
|
||||
|
||||
@@ -1239,6 +1263,12 @@ class Connect(object):
|
||||
origValue = match.group("value")
|
||||
newValue = randomizeParameterValue(origValue) if randomParameter not in kb.randomPool else random.sample(kb.randomPool[randomParameter], 1)[0]
|
||||
retVal = re.sub(r"(\A|\b)%s=[^&;]*" % re.escape(randomParameter), "%s=%s" % (randomParameter, newValue), paramString)
|
||||
else:
|
||||
match = re.search(r"(\A|\b)(%s\b[^\w]+)(?P<value>\w+)" % re.escape(randomParameter), paramString)
|
||||
if match:
|
||||
origValue = match.group("value")
|
||||
newValue = randomizeParameterValue(origValue) if randomParameter not in kb.randomPool else random.sample(kb.randomPool[randomParameter], 1)[0]
|
||||
retVal = paramString.replace(match.group(0), "%s%s" % (match.group(2), newValue))
|
||||
return retVal
|
||||
|
||||
for randomParameter in conf.rParam:
|
||||
@@ -1274,6 +1304,13 @@ class Connect(object):
|
||||
value = urldecode(value, convall=True, spaceplus=(item == post and kb.postSpaceToPlus))
|
||||
variables[name] = value
|
||||
|
||||
if post and kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
|
||||
for name, value in (parseJson(post) or {}).items():
|
||||
if safeVariableNaming(name) != name:
|
||||
conf.evalCode = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), conf.evalCode)
|
||||
name = safeVariableNaming(name)
|
||||
variables[name] = value
|
||||
|
||||
if cookie:
|
||||
for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER):
|
||||
if '=' in part:
|
||||
@@ -1331,7 +1368,27 @@ class Connect(object):
|
||||
found = False
|
||||
value = getUnicode(value, UNICODE_ENCODING)
|
||||
|
||||
if kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""):
|
||||
if kb.postHint == POST_HINT.MULTIPART:
|
||||
boundary = "--%s" % re.search(r"boundary=([^\s]+)", contentType).group(1)
|
||||
if boundary:
|
||||
parts = post.split(boundary)
|
||||
match = re.search(r'\bname="%s"' % re.escape(name), post)
|
||||
if not match and parts:
|
||||
parts.insert(2, parts[1])
|
||||
parts[2] = re.sub(r'\bname="[^"]+".*', 'name="%s"' % re.escape(name), parts[2])
|
||||
for i in xrange(len(parts)):
|
||||
part = parts[i]
|
||||
if re.search(r'\bname="%s"' % re.escape(name), part):
|
||||
match = re.search(r"(?s)\A.+?\r?\n\r?\n", part)
|
||||
if match:
|
||||
found = True
|
||||
first = match.group(0)
|
||||
second = part[len(first):]
|
||||
second = re.sub(r"(?s).+?(\r?\n?\-*\Z)", r"%s\g<1>" % re.escape(value), second)
|
||||
parts[i] = "%s%s" % (first, second)
|
||||
post = boundary.join(parts)
|
||||
|
||||
elif kb.postHint and re.search(r"\b%s\b" % re.escape(name), post or ""):
|
||||
if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP):
|
||||
if re.search(r"<%s\b" % re.escape(name), post):
|
||||
found = True
|
||||
@@ -1340,6 +1397,17 @@ class Connect(object):
|
||||
found = True
|
||||
post = re.sub(r"(?s)(\b%s>)(.*?)(</[^<]*\b%s>)" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post)
|
||||
|
||||
elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
|
||||
match = re.search(r"['\"]%s['\"]:" % re.escape(name), post)
|
||||
if match:
|
||||
quote = match.group(0)[0]
|
||||
post = post.replace("\\%s" % quote, BOUNDARY_BACKSLASH_MARKER)
|
||||
match = re.search(r"(%s%s%s:\s*)(\d+|%s[^%s]*%s)" % (quote, re.escape(name), quote, quote, quote, quote), post)
|
||||
if match:
|
||||
found = True
|
||||
post = post.replace(match.group(0), "%s%s" % (match.group(1), value if value.isdigit() else "%s%s%s" % (match.group(0)[0], value, match.group(0)[0])))
|
||||
post = post.replace(BOUNDARY_BACKSLASH_MARKER, "\\%s" % quote)
|
||||
|
||||
regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name)
|
||||
if not found and re.search(regex, (post or "")):
|
||||
found = True
|
||||
@@ -1358,14 +1426,20 @@ class Connect(object):
|
||||
found = True
|
||||
uri = re.sub(regex.replace(r"\A", r"\?"), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), uri)
|
||||
|
||||
regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER), re.escape(name), re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER))
|
||||
regex = r"((\A|%s\s*)%s=).+?(%s|\Z)" % (re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER), re.escape(name), re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER))
|
||||
if re.search(regex, (cookie or "")):
|
||||
found = True
|
||||
cookie = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), cookie)
|
||||
|
||||
if not found:
|
||||
if post is not None:
|
||||
post += "%s%s=%s" % (delimiter, name, value)
|
||||
if kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
|
||||
match = re.search(r"['\"]", post)
|
||||
if match:
|
||||
quote = match.group(0)
|
||||
post = re.sub(r"\}\Z", "%s%s}" % (',' if re.search(r"\w", post) else "", "%s%s%s:%s" % (quote, name, quote, value if value.isdigit() else "%s%s%s" % (quote, value, quote))), post)
|
||||
else:
|
||||
post += "%s%s=%s" % (delimiter, name, value)
|
||||
elif get is not None:
|
||||
get += "%s%s=%s" % (delimiter, name, value)
|
||||
elif cookie is not None:
|
||||
@@ -1413,7 +1487,7 @@ class Connect(object):
|
||||
|
||||
deviation = stdev(kb.responseTimes[kb.responseTimeMode])
|
||||
|
||||
if deviation > WARN_TIME_STDEV:
|
||||
if deviation is not None and deviation > WARN_TIME_STDEV:
|
||||
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
|
||||
|
||||
warnMsg = "considerable lagging has been detected "
|
||||
@@ -1477,7 +1551,10 @@ class Connect(object):
|
||||
if payload is None:
|
||||
value = value.replace(kb.customInjectionMark, "")
|
||||
else:
|
||||
value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), payload, value)
|
||||
try:
|
||||
value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), payload, value)
|
||||
except re.error:
|
||||
value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), re.escape(payload), value)
|
||||
return value
|
||||
page, headers, code = Connect.getPage(url=_(kb.secondReq[0]), post=_(kb.secondReq[2]), method=kb.secondReq[1], cookie=kb.secondReq[3], silent=silent, auxHeaders=dict(auxHeaders, **dict(kb.secondReq[4])), response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True)
|
||||
|
||||
@@ -1507,7 +1584,7 @@ class Connect(object):
|
||||
kb.permissionFlag = True
|
||||
singleTimeWarnMessage("potential permission problems detected ('%s')" % message)
|
||||
|
||||
patchHeaders(headers)
|
||||
headers = patchHeaders(headers)
|
||||
|
||||
if content or response:
|
||||
return page, headers, code
|
||||
|
||||
@@ -36,6 +36,8 @@ class HTTPSConnection(_http_client.HTTPSConnection):
|
||||
Connection class that enables usage of newer SSL protocols.
|
||||
|
||||
Reference: http://bugs.python.org/msg128686
|
||||
|
||||
NOTE: use https://check-tls.akamaized.net/ to check if (e.g.) TLS/SNI is working properly
|
||||
"""
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
@@ -61,7 +63,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
|
||||
|
||||
# Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext
|
||||
# https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
|
||||
if re.search(r"\A[\d.]+\Z", conf.hostname or "") is None and kb.tlsSNI.get(conf.hostname) is not False and hasattr(ssl, "SSLContext"):
|
||||
if re.search(r"\A[\d.]+\Z", self.host or "") is None and kb.tlsSNI.get(self.host) is not False and hasattr(ssl, "SSLContext"):
|
||||
for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1):
|
||||
try:
|
||||
sock = create_sock()
|
||||
@@ -73,7 +75,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
|
||||
_contexts[protocol].set_ciphers("DEFAULT@SECLEVEL=1")
|
||||
except ssl.SSLError:
|
||||
pass
|
||||
result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=conf.hostname)
|
||||
result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host)
|
||||
if result:
|
||||
success = True
|
||||
self.sock = result
|
||||
@@ -86,8 +88,8 @@ class HTTPSConnection(_http_client.HTTPSConnection):
|
||||
self._tunnel_host = None
|
||||
logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
|
||||
|
||||
if kb.tlsSNI.get(conf.hostname) is None:
|
||||
kb.tlsSNI[conf.hostname] = success
|
||||
if kb.tlsSNI.get(self.host) is None:
|
||||
kb.tlsSNI[self.host] = success
|
||||
|
||||
if not success:
|
||||
for protocol in _protocols:
|
||||
|
||||
@@ -270,7 +270,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
|
||||
warnMsg += "of entries for the SQL query provided. "
|
||||
warnMsg += "sqlmap will assume that it returns only "
|
||||
warnMsg += "one entry"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
stopLimit = 1
|
||||
|
||||
@@ -278,7 +278,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
|
||||
if not count:
|
||||
warnMsg = "the SQL query provided does not "
|
||||
warnMsg += "return any output"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return None
|
||||
|
||||
@@ -298,7 +298,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char
|
||||
except KeyboardInterrupt:
|
||||
print()
|
||||
warnMsg = "user aborted during dumping phase"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return outputs
|
||||
|
||||
|
||||
@@ -211,7 +211,7 @@ class Abstraction(Web, UDF, XP_cmdshell):
|
||||
warnMsg += "were able to extract and crack a DBA "
|
||||
warnMsg += "password by any mean"
|
||||
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if any((conf.osCmd, conf.osShell)) and Backend.isDbms(DBMS.PGSQL) and self.checkCopyExec():
|
||||
success = True
|
||||
|
||||
@@ -72,7 +72,7 @@ class ICMPsh(object):
|
||||
raise SqlmapDataException("local host address is missing")
|
||||
elif address and not valid:
|
||||
warnMsg = "invalid local host address"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return address
|
||||
|
||||
|
||||
@@ -206,7 +206,7 @@ class Metasploit(object):
|
||||
warnMsg = "by default PostgreSQL on Windows runs as "
|
||||
warnMsg += "postgres user, it is unlikely that the VNC "
|
||||
warnMsg += "injection will be successful"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
choose = True
|
||||
@@ -215,7 +215,7 @@ class Metasploit(object):
|
||||
warnMsg += "successful because usually Microsoft SQL Server "
|
||||
warnMsg += "%s runs as Network Service " % Backend.getVersion()
|
||||
warnMsg += "or the Administrator is not logged in"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if choose:
|
||||
message = "what do you want to do?\n"
|
||||
@@ -236,23 +236,23 @@ class Metasploit(object):
|
||||
|
||||
elif choice == "1":
|
||||
if Backend.isDbms(DBMS.PGSQL):
|
||||
logger.warn("beware that the VNC injection might not work")
|
||||
logger.warning("beware that the VNC injection might not work")
|
||||
break
|
||||
|
||||
elif Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")):
|
||||
break
|
||||
|
||||
elif not isDigit(choice):
|
||||
logger.warn("invalid value, only digits are allowed")
|
||||
logger.warning("invalid value, only digits are allowed")
|
||||
|
||||
elif int(choice) < 1 or int(choice) > 2:
|
||||
logger.warn("invalid value, it must be 1 or 2")
|
||||
logger.warning("invalid value, it must be 1 or 2")
|
||||
|
||||
if self.connectionStr.startswith("reverse_http") and _payloadStr != "windows/meterpreter":
|
||||
warnMsg = "Reverse HTTP%s connection is only supported " % ("S" if self.connectionStr.endswith("s") else "")
|
||||
warnMsg += "with the Meterpreter payload. Falling back to "
|
||||
warnMsg += "reverse TCP"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
self.connectionStr = "reverse_tcp"
|
||||
|
||||
|
||||
@@ -198,7 +198,7 @@ class UDF(object):
|
||||
if not self.isDba():
|
||||
warnMsg = "functionality requested probably does not work because "
|
||||
warnMsg += "the current session user is not a database administrator"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if not conf.shLib:
|
||||
msg = "what is the local path of the shared library? "
|
||||
@@ -209,7 +209,7 @@ class UDF(object):
|
||||
if self.udfLocalFile:
|
||||
break
|
||||
else:
|
||||
logger.warn("you need to specify the local path of the shared library")
|
||||
logger.warning("you need to specify the local path of the shared library")
|
||||
else:
|
||||
self.udfLocalFile = conf.shLib
|
||||
|
||||
@@ -249,7 +249,7 @@ class UDF(object):
|
||||
else:
|
||||
break
|
||||
else:
|
||||
logger.warn("invalid value, only digits are allowed")
|
||||
logger.warning("invalid value, only digits are allowed")
|
||||
|
||||
for x in xrange(0, udfCount):
|
||||
while True:
|
||||
@@ -260,7 +260,7 @@ class UDF(object):
|
||||
self.udfs[udfName] = {}
|
||||
break
|
||||
else:
|
||||
logger.warn("you need to specify the name of the UDF")
|
||||
logger.warning("you need to specify the name of the UDF")
|
||||
|
||||
if Backend.isDbms(DBMS.MYSQL):
|
||||
defaultType = "string"
|
||||
@@ -280,7 +280,7 @@ class UDF(object):
|
||||
break
|
||||
|
||||
else:
|
||||
logger.warn("invalid value, only digits >= 0 are allowed")
|
||||
logger.warning("invalid value, only digits >= 0 are allowed")
|
||||
|
||||
for y in xrange(0, parCount):
|
||||
msg = "what is the data-type of input parameter "
|
||||
@@ -290,7 +290,7 @@ class UDF(object):
|
||||
parType = readInput(msg, default=defaultType).strip()
|
||||
|
||||
if parType.isdigit():
|
||||
logger.warn("you need to specify the data-type of the parameter")
|
||||
logger.warning("you need to specify the data-type of the parameter")
|
||||
|
||||
else:
|
||||
self.udfs[udfName]["input"].append(parType)
|
||||
@@ -303,7 +303,7 @@ class UDF(object):
|
||||
retType = readInput(msg, default=defaultType)
|
||||
|
||||
if hasattr(retType, "isdigit") and retType.isdigit():
|
||||
logger.warn("you need to specify the data-type of the return value")
|
||||
logger.warning("you need to specify the data-type of the return value")
|
||||
else:
|
||||
self.udfs[udfName]["return"] = retType
|
||||
break
|
||||
@@ -346,7 +346,7 @@ class UDF(object):
|
||||
else:
|
||||
warnMsg = "invalid value, only digits >= 1 and "
|
||||
warnMsg += "<= %d are allowed" % len(udfList)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if not isinstance(choice, int):
|
||||
break
|
||||
@@ -370,7 +370,7 @@ class UDF(object):
|
||||
|
||||
break
|
||||
else:
|
||||
logger.warn("you need to specify the value of the parameter")
|
||||
logger.warning("you need to specify the value of the parameter")
|
||||
|
||||
count += 1
|
||||
|
||||
|
||||
@@ -137,7 +137,7 @@ class Web(object):
|
||||
if "File uploaded" not in (page or ""):
|
||||
warnMsg = "unable to upload the file through the web file "
|
||||
warnMsg += "stager to '%s'" % directory
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
return False
|
||||
else:
|
||||
return True
|
||||
@@ -202,10 +202,10 @@ class Web(object):
|
||||
choice = readInput(message, default=str(default))
|
||||
|
||||
if not isDigit(choice):
|
||||
logger.warn("invalid value, only digits are allowed")
|
||||
logger.warning("invalid value, only digits are allowed")
|
||||
|
||||
elif int(choice) < 1 or int(choice) > len(choices):
|
||||
logger.warn("invalid value, it must be between 1 and %d" % len(choices))
|
||||
logger.warning("invalid value, it must be between 1 and %d" % len(choices))
|
||||
|
||||
else:
|
||||
self.webPlatform = choices[int(choice) - 1]
|
||||
@@ -362,7 +362,7 @@ class Web(object):
|
||||
if "<%" in uplPage or "<?" in uplPage:
|
||||
warnMsg = "file stager uploaded on '%s', " % directory
|
||||
warnMsg += "but not dynamically interpreted"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
continue
|
||||
|
||||
elif self.webPlatform == WEB_PLATFORM.ASPX:
|
||||
@@ -399,7 +399,7 @@ class Web(object):
|
||||
warnMsg += "was able to upload the file stager or "
|
||||
warnMsg += "because the DBMS and web server sit on "
|
||||
warnMsg += "different servers"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
message = "do you want to try the same method used "
|
||||
message += "for the file stager? [Y/n] "
|
||||
|
||||
@@ -270,7 +270,7 @@ class XP_cmdshell(object):
|
||||
kb.xpCmdshellAvailable = True
|
||||
|
||||
else:
|
||||
logger.warn("xp_cmdshell re-enabling failed")
|
||||
logger.warning("xp_cmdshell re-enabling failed")
|
||||
|
||||
logger.info("creating xp_cmdshell with sp_OACreate")
|
||||
self._xpCmdshellConfigure(0)
|
||||
@@ -283,7 +283,7 @@ class XP_cmdshell(object):
|
||||
else:
|
||||
warnMsg = "xp_cmdshell creation failed, probably "
|
||||
warnMsg += "because sp_OACreate is disabled"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
hashDBWrite(HASHDB_KEYS.KB_XP_CMDSHELL_AVAILABLE, kb.xpCmdshellAvailable)
|
||||
|
||||
|
||||
@@ -274,9 +274,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||
|
||||
originalTbl = type(charTbl)(charTbl)
|
||||
|
||||
if continuousOrder and shiftTable is None:
|
||||
if kb.disableShiftTable:
|
||||
shiftTable = None
|
||||
elif continuousOrder and shiftTable is None:
|
||||
# Used for gradual expanding into unicode charspace
|
||||
shiftTable = [2, 2, 3, 3, 5, 4]
|
||||
shiftTable = [2, 2, 3, 3, 3]
|
||||
|
||||
if "'%s'" % CHAR_INFERENCE_MARK in payload:
|
||||
for char in ('\n', '\r'):
|
||||
@@ -358,6 +360,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||
kb.responseTimePayload = None
|
||||
|
||||
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
|
||||
|
||||
incrementCounter(getTechnique())
|
||||
|
||||
if not timeBasedCompare and getTechniqueData() is not None:
|
||||
@@ -405,6 +408,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||
maxChar = maxValue = charTbl[-1]
|
||||
minValue = charTbl[0]
|
||||
else:
|
||||
kb.disableShiftTable = True
|
||||
return None
|
||||
else:
|
||||
retVal = minValue + 1
|
||||
@@ -423,7 +427,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||
if kb.adjustTimeDelay is not ADJUST_TIME_DELAY.DISABLE:
|
||||
conf.timeSec += 1
|
||||
warnMsg = "increasing time delay to %d second%s" % (conf.timeSec, 's' if conf.timeSec > 1 else '')
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
|
||||
dbgMsg = "turning off time auto-adjustment mechanism"
|
||||
|
||||
@@ -167,7 +167,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False):
|
||||
warnMsg = "possible server trimmed output detected "
|
||||
warnMsg += "(due to its length and/or content): "
|
||||
warnMsg += safecharencode(trimmed)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if not kb.testMode:
|
||||
check = r"(?P<result>[^<>\n]*?)%s" % kb.chars.stop[:2]
|
||||
@@ -351,7 +351,7 @@ def errorUse(expression, dump=False):
|
||||
warnMsg += "of entries for the SQL query provided. "
|
||||
warnMsg += "sqlmap will assume that it returns only "
|
||||
warnMsg += "one entry"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
stopLimit = 1
|
||||
|
||||
@@ -359,7 +359,7 @@ def errorUse(expression, dump=False):
|
||||
if not count:
|
||||
warnMsg = "the SQL query provided does not "
|
||||
warnMsg += "return any output"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
value = [] # for empty tables
|
||||
return value
|
||||
@@ -445,7 +445,7 @@ def errorUse(expression, dump=False):
|
||||
abortedFlag = True
|
||||
warnMsg = "user aborted during enumeration. sqlmap "
|
||||
warnMsg += "will display partial output"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
finally:
|
||||
threadData.shared.value.extend(_[1] for _ in sorted(threadData.shared.buffered))
|
||||
|
||||
@@ -275,7 +275,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
||||
content = ("%s%s" % (removeReflectiveValues(page, payload) or "", removeReflectiveValues(listToStrValue(headers.headers if headers else None), payload, True) or "")).lower()
|
||||
if content.count(phrase) > 0 and content.count(phrase) < LIMITED_ROWS_TEST_NUMBER:
|
||||
warnMsg = "output with limited number of rows detected. Switching to partial mode"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
vector = (position, count, comment, prefix, suffix, kb.uChar, where, kb.unionDuplicates, True, kb.tableFrom, kb.unionTemplate)
|
||||
|
||||
unionErrorCase = kb.errorIsNone and wasLastResponseDBMSError()
|
||||
@@ -284,7 +284,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
||||
warnMsg = "combined UNION/error-based SQL injection case found on "
|
||||
warnMsg += "column %d. sqlmap will try to find another " % (position + 1)
|
||||
warnMsg += "column with better characteristics"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
break
|
||||
|
||||
|
||||
@@ -167,7 +167,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
|
||||
warnMsg = "possible server trimmed output detected "
|
||||
warnMsg += "(probably due to its length and/or content): "
|
||||
warnMsg += safecharencode(trimmed)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
elif re.search(r"ORDER BY [^ ]+\Z", expression):
|
||||
debugMsg = "retrying failed SQL query without the ORDER BY clause"
|
||||
@@ -304,7 +304,7 @@ def unionUse(expression, unpack=True, dump=False):
|
||||
warnMsg += "of entries for the SQL query provided. "
|
||||
warnMsg += "sqlmap will assume that it returns only "
|
||||
warnMsg += "one entry"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
stopLimit = 1
|
||||
|
||||
@@ -312,7 +312,7 @@ def unionUse(expression, unpack=True, dump=False):
|
||||
if not count:
|
||||
warnMsg = "the SQL query provided does not "
|
||||
warnMsg += "return any output"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
value = [] # for empty tables
|
||||
return value
|
||||
@@ -429,7 +429,7 @@ def unionUse(expression, unpack=True, dump=False):
|
||||
|
||||
warnMsg = "user aborted during enumeration. sqlmap "
|
||||
warnMsg += "will display partial output"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
finally:
|
||||
for _ in sorted(threadData.shared.buffered):
|
||||
|
||||
@@ -66,7 +66,7 @@ def tableExists(tableFile, regex=None):
|
||||
if kb.choices.tableExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:
|
||||
warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
|
||||
warnMsg += "for common table existence check"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
message = "are you sure you want to continue? [y/N] "
|
||||
kb.choices.tableExists = readInput(message, default='N', boolean=True)
|
||||
@@ -160,7 +160,7 @@ def tableExists(tableFile, regex=None):
|
||||
except KeyboardInterrupt:
|
||||
warnMsg = "user aborted during table existence "
|
||||
warnMsg += "check. sqlmap will display partial output"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
clearConsoleLine(True)
|
||||
dataToStdout("\n")
|
||||
@@ -169,7 +169,7 @@ def tableExists(tableFile, regex=None):
|
||||
warnMsg = "no table(s) found"
|
||||
if conf.db:
|
||||
warnMsg += " for database '%s'" % conf.db
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
for item in threadData.shared.files:
|
||||
if conf.db not in kb.data.cachedTables:
|
||||
@@ -190,7 +190,7 @@ def columnExists(columnFile, regex=None):
|
||||
if kb.choices.columnExists is None and not any(_ for _ in kb.injection.data if _ not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED)) and not conf.direct:
|
||||
warnMsg = "it's not recommended to use '%s' and/or '%s' " % (PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.TIME], PAYLOAD.SQLINJECTION[PAYLOAD.TECHNIQUE.STACKED])
|
||||
warnMsg += "for common column existence check"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
message = "are you sure you want to continue? [y/N] "
|
||||
kb.choices.columnExists = readInput(message, default='N', boolean=True)
|
||||
@@ -281,7 +281,7 @@ def columnExists(columnFile, regex=None):
|
||||
except KeyboardInterrupt:
|
||||
warnMsg = "user aborted during column existence "
|
||||
warnMsg += "check. sqlmap will display partial output"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
finally:
|
||||
kb.bruteMode = False
|
||||
|
||||
@@ -290,7 +290,7 @@ def columnExists(columnFile, regex=None):
|
||||
|
||||
if not threadData.shared.files:
|
||||
warnMsg = "no column(s) found"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
columns = {}
|
||||
|
||||
@@ -394,7 +394,7 @@ def fileExists(pathFile):
|
||||
except KeyboardInterrupt:
|
||||
warnMsg = "user aborted during file existence "
|
||||
warnMsg += "check. sqlmap will display partial output"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
finally:
|
||||
kb.bruteMode = False
|
||||
logger.setLevel(popValue())
|
||||
@@ -404,7 +404,7 @@ def fileExists(pathFile):
|
||||
|
||||
if not threadData.shared.files:
|
||||
warnMsg = "no file(s) found"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
retVal = threadData.shared.files
|
||||
|
||||
|
||||
@@ -126,6 +126,8 @@ def crawl(target, post=None, cookie=None):
|
||||
pass
|
||||
except ValueError: # for non-valid links
|
||||
pass
|
||||
except AssertionError: # for invalid HTML
|
||||
pass
|
||||
finally:
|
||||
if conf.forms:
|
||||
threadData.shared.formsFound |= len(findPageForms(content, current, False, True)) > 0
|
||||
@@ -160,7 +162,7 @@ def crawl(target, post=None, cookie=None):
|
||||
except SqlmapConnectionException as ex:
|
||||
if "page not found" in getSafeExString(ex):
|
||||
found = False
|
||||
logger.warn("'sitemap.xml' not found")
|
||||
logger.warning("'sitemap.xml' not found")
|
||||
except:
|
||||
pass
|
||||
finally:
|
||||
@@ -196,7 +198,7 @@ def crawl(target, post=None, cookie=None):
|
||||
except KeyboardInterrupt:
|
||||
warnMsg = "user aborted during crawling. sqlmap "
|
||||
warnMsg += "will use partial list"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
finally:
|
||||
clearConsoleLine(True)
|
||||
@@ -206,7 +208,7 @@ def crawl(target, post=None, cookie=None):
|
||||
warnMsg = "no usable links found (with GET parameters)"
|
||||
if conf.forms:
|
||||
warnMsg += " or forms"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
else:
|
||||
for url in threadData.shared.value:
|
||||
kb.targets.add((urldecode(url, kb.pageEncoding), None, None, None, None))
|
||||
|
||||
@@ -26,7 +26,7 @@ def checkDependencies():
|
||||
warnMsg = "'%s' third-party library must be " % data[1]
|
||||
warnMsg += "version >= 1.0.2 to work properly. "
|
||||
warnMsg += "Download from '%s'" % data[2]
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
elif dbmsName == DBMS.MYSQL:
|
||||
__import__("pymysql")
|
||||
elif dbmsName in (DBMS.PGSQL, DBMS.CRATEDB):
|
||||
@@ -62,7 +62,7 @@ def checkDependencies():
|
||||
warnMsg = "sqlmap requires '%s' third-party library " % data[1]
|
||||
warnMsg += "in order to directly connect to the DBMS "
|
||||
warnMsg += "'%s'. Download from '%s'" % (dbmsName, data[2])
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
missing_libraries.add(data[1])
|
||||
|
||||
continue
|
||||
@@ -78,7 +78,7 @@ def checkDependencies():
|
||||
warnMsg = "sqlmap requires 'python-impacket' third-party library for "
|
||||
warnMsg += "out-of-band takeover feature. Download from "
|
||||
warnMsg += "'https://github.com/coresecurity/impacket'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
missing_libraries.add('python-impacket')
|
||||
|
||||
try:
|
||||
@@ -89,7 +89,7 @@ def checkDependencies():
|
||||
warnMsg = "sqlmap requires 'python-ntlm' third-party library "
|
||||
warnMsg += "if you plan to attack a web application behind NTLM "
|
||||
warnMsg += "authentication. Download from 'https://github.com/mullender/python-ntlm'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
missing_libraries.add('python-ntlm')
|
||||
|
||||
try:
|
||||
@@ -100,7 +100,7 @@ def checkDependencies():
|
||||
warnMsg = "sqlmap requires 'websocket-client' third-party library "
|
||||
warnMsg += "if you plan to attack a web application using WebSocket. "
|
||||
warnMsg += "Download from 'https://pypi.python.org/pypi/websocket-client/'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
missing_libraries.add('websocket-client')
|
||||
|
||||
try:
|
||||
@@ -110,7 +110,7 @@ def checkDependencies():
|
||||
except ImportError:
|
||||
warnMsg = "sqlmap requires 'tkinter' library "
|
||||
warnMsg += "if you plan to run a GUI"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
missing_libraries.add('tkinter')
|
||||
|
||||
try:
|
||||
@@ -120,7 +120,7 @@ def checkDependencies():
|
||||
except ImportError:
|
||||
warnMsg = "sqlmap requires 'tkinter.ttk' library "
|
||||
warnMsg += "if you plan to run a GUI"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
missing_libraries.add('tkinter.ttk')
|
||||
|
||||
if IS_WIN:
|
||||
@@ -134,7 +134,7 @@ def checkDependencies():
|
||||
warnMsg += "completion and history support features in the SQL "
|
||||
warnMsg += "shell and OS shell. Download from "
|
||||
warnMsg += "'https://pypi.org/project/pyreadline/'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
missing_libraries.add('python-pyreadline')
|
||||
|
||||
if len(missing_libraries) == 0:
|
||||
|
||||
@@ -12,6 +12,13 @@ try:
|
||||
except: # removed ImportError because of https://github.com/sqlmapproject/sqlmap/issues/3171
|
||||
from thirdparty.fcrypt.fcrypt import crypt
|
||||
|
||||
try:
|
||||
from Crypto.Cipher.DES import MODE_CBC as CBC
|
||||
from Crypto.Cipher.DES import new as des
|
||||
except:
|
||||
from thirdparty.pydes.pyDes import CBC
|
||||
from thirdparty.pydes.pyDes import des
|
||||
|
||||
_multiprocessing = None
|
||||
|
||||
import base64
|
||||
@@ -80,8 +87,6 @@ from lib.core.settings import UNICODE_ENCODING
|
||||
from lib.core.wordlist import Wordlist
|
||||
from thirdparty import six
|
||||
from thirdparty.colorama.initialise import init as coloramainit
|
||||
from thirdparty.pydes.pyDes import CBC
|
||||
from thirdparty.pydes.pyDes import des
|
||||
from thirdparty.six.moves import queue as _queue
|
||||
|
||||
def mysql_passwd(password, uppercase=True):
|
||||
@@ -219,14 +224,21 @@ def oracle_old_passwd(password, username, uppercase=True): # prior to version '
|
||||
'F894844C34402B67'
|
||||
"""
|
||||
|
||||
IV, pad = "\0" * 8, "\0"
|
||||
IV, pad = b"\0" * 8, b"\0"
|
||||
|
||||
unistr = b"".join((b"\0" + _.encode(UNICODE_ENCODING)) if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in (username + password).upper())
|
||||
|
||||
cipher = des(decodeHex("0123456789ABCDEF"), CBC, IV, pad)
|
||||
encrypted = cipher.encrypt(unistr)
|
||||
cipher = des(encrypted[-8:], CBC, IV, pad)
|
||||
encrypted = cipher.encrypt(unistr)
|
||||
if des.__module__ == "Crypto.Cipher.DES":
|
||||
unistr += b"\0" * ((8 - len(unistr) % 8) & 7)
|
||||
cipher = des(decodeHex("0123456789ABCDEF"), CBC, iv=IV)
|
||||
encrypted = cipher.encrypt(unistr)
|
||||
cipher = des(encrypted[-8:], CBC, iv=IV)
|
||||
encrypted = cipher.encrypt(unistr)
|
||||
else:
|
||||
cipher = des(decodeHex("0123456789ABCDEF"), CBC, IV, pad)
|
||||
encrypted = cipher.encrypt(unistr)
|
||||
cipher = des(encrypted[-8:], CBC, IV, pad)
|
||||
encrypted = cipher.encrypt(unistr)
|
||||
|
||||
retVal = encodeHex(encrypted[-8:], binary=False)
|
||||
|
||||
@@ -689,7 +701,7 @@ def attackDumpedTable():
|
||||
_ = ','.join(binary_fields)
|
||||
warnMsg = "potential binary fields detected ('%s'). In case of any problems you are " % _
|
||||
warnMsg += "advised to rerun table dump with '--fresh-queries --binary-fields=\"%s\"'" % _
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
for i in xrange(count):
|
||||
if not found and i > HASH_RECOGNITION_QUIT_THRESHOLD:
|
||||
@@ -1052,7 +1064,7 @@ def dictionaryAttack(attack_dict):
|
||||
item = [(user, hash_), {"salt": hash_[4:12], "count": 1 << ITOA64.index(hash_[3]), "prefix": hash_[:3]}]
|
||||
else:
|
||||
warnMsg = "invalid hash '%s'" % hash_
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if item and hash_ not in keys:
|
||||
resumed = hashDBRetrieve(hash_)
|
||||
@@ -1185,7 +1197,7 @@ def dictionaryAttack(attack_dict):
|
||||
print()
|
||||
processException = True
|
||||
warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
finally:
|
||||
_finalize(retVal, results, processes, attack_info)
|
||||
@@ -1260,7 +1272,7 @@ def dictionaryAttack(attack_dict):
|
||||
print()
|
||||
processException = True
|
||||
warnMsg = "user aborted during dictionary-based attack phase (Ctrl+C was pressed)"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
for process in processes:
|
||||
try:
|
||||
@@ -1278,11 +1290,11 @@ def dictionaryAttack(attack_dict):
|
||||
|
||||
if foundHash and len(hash_regexes) == 0:
|
||||
warnMsg = "unknown hash format"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if len(results) == 0:
|
||||
warnMsg = "no clear password(s) found"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return results
|
||||
|
||||
|
||||
@@ -62,6 +62,7 @@ class HashDB(object):
|
||||
threadData = getCurrentThreadData()
|
||||
try:
|
||||
if threadData.hashDBCursor:
|
||||
threadData.hashDBCursor.connection.commit()
|
||||
threadData.hashDBCursor.close()
|
||||
threadData.hashDBCursor.connection.close()
|
||||
threadData.hashDBCursor = None
|
||||
@@ -115,7 +116,7 @@ class HashDB(object):
|
||||
retVal = None
|
||||
warnMsg = "error occurred while unserializing value for session key '%s'. " % key
|
||||
warnMsg += "If the problem persists please rerun with '--flush-session'"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return retVal
|
||||
|
||||
@@ -162,7 +163,7 @@ class HashDB(object):
|
||||
if retries == 0:
|
||||
warnMsg = "there has been a problem while writing to "
|
||||
warnMsg += "the session file ('%s')" % getSafeExString(ex)
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if retries >= HASHDB_FLUSH_RETRIES:
|
||||
return
|
||||
@@ -197,6 +198,10 @@ class HashDB(object):
|
||||
threadData.inTransaction = False
|
||||
except sqlite3.OperationalError:
|
||||
pass
|
||||
except sqlite3.ProgrammingError:
|
||||
self.cursor = None
|
||||
threadData.inTransaction = False
|
||||
return
|
||||
else:
|
||||
return
|
||||
|
||||
|
||||
@@ -88,7 +88,7 @@ def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
|
||||
if not validPivotValue:
|
||||
warnMsg = "column '%s' not " % conf.pivotColumn
|
||||
warnMsg += "found in table '%s'" % table
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
if not validPivotValue:
|
||||
for column in colList:
|
||||
@@ -120,7 +120,7 @@ def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
|
||||
if not validPivotValue:
|
||||
warnMsg = "no proper pivot column provided (with unique values)."
|
||||
warnMsg += " It won't be possible to retrieve all rows"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
pivotValue = " "
|
||||
breakRetrieval = False
|
||||
@@ -177,7 +177,7 @@ def pivotDumpTable(table, colList, count=None, blind=True, alias=None):
|
||||
|
||||
warnMsg = "user aborted during enumeration. sqlmap "
|
||||
warnMsg += "will display partial output"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
except SqlmapConnectionException as ex:
|
||||
errMsg = "connection exception detected ('%s'). sqlmap " % getSafeExString(ex)
|
||||
|
||||
@@ -26,7 +26,7 @@ def purge(directory):
|
||||
|
||||
if not os.path.isdir(directory):
|
||||
warnMsg = "skipping purging of directory '%s' as it does not exist" % directory
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
return
|
||||
|
||||
infoMsg = "purging content of directory '%s'..." % directory
|
||||
|
||||
@@ -196,7 +196,7 @@ def search(dork):
|
||||
logger.critical(getSafeExString(ex))
|
||||
|
||||
warnMsg = "changing proxy"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
conf.proxy = None
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ Copyright (c) 2006-2022 sqlmap developers (https://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
import imp
|
||||
import importlib
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
@@ -13,15 +13,18 @@ import sys
|
||||
import traceback
|
||||
import warnings
|
||||
|
||||
_path = list(sys.path)
|
||||
_sqlalchemy = None
|
||||
try:
|
||||
f, pathname, desc = imp.find_module("sqlalchemy", sys.path[1:])
|
||||
_ = imp.load_module("sqlalchemy", f, pathname, desc)
|
||||
if hasattr(_, "dialects"):
|
||||
_sqlalchemy = _
|
||||
sys.path = sys.path[1:]
|
||||
module = importlib.import_module("sqlalchemy")
|
||||
if hasattr(module, "dialects"):
|
||||
_sqlalchemy = module
|
||||
warnings.simplefilter(action="ignore", category=_sqlalchemy.exc.SAWarning)
|
||||
except ImportError:
|
||||
pass
|
||||
finally:
|
||||
sys.path = _path
|
||||
|
||||
try:
|
||||
import MySQLdb # used by SQLAlchemy in case of MySQL
|
||||
|
||||
@@ -11,74 +11,74 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def getBanner(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to get the banner"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return None
|
||||
|
||||
def getCurrentUser(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to enumerate the current user"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getCurrentDb(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to get name of the current database"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def isDba(self, user=None):
|
||||
warnMsg = "on Microsoft Access it is not possible to test if current user is DBA"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getUsers(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to enumerate the users"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to enumerate the user password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getPrivileges(self, *args, **kwargs):
|
||||
warnMsg = "on Microsoft Access it is not possible to enumerate the user privileges"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getDbs(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to enumerate databases (use only '--tables')"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def searchDb(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to search databases"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def searchTable(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to search tables"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def searchColumn(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to search columns"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def search(self):
|
||||
warnMsg = "on Microsoft Access search option is not available"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on Microsoft Access it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
@@ -166,7 +166,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.ACCESS
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
return False
|
||||
|
||||
setDbms(DBMS.ACCESS)
|
||||
@@ -185,7 +185,7 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.ACCESS
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
|
||||
@@ -11,10 +11,10 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def getStatements(self):
|
||||
warnMsg = "on Altibase it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on Altibase it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
@@ -79,7 +79,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.ALTIBASE
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -90,6 +90,6 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.ALTIBASE
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
12
plugins/dbms/cache/enumeration.py
vendored
12
plugins/dbms/cache/enumeration.py
vendored
@@ -15,34 +15,34 @@ class Enumeration(GenericEnumeration):
|
||||
|
||||
def getUsers(self):
|
||||
warnMsg = "on Cache it is not possible to enumerate the users"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on Cache it is not possible to enumerate password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getPrivileges(self, *args, **kwargs):
|
||||
warnMsg = "on Cache it is not possible to enumerate the user privileges"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on Cache it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getRoles(self, *args, **kwargs):
|
||||
warnMsg = "on Cache it is not possible to enumerate the user roles"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on Cache it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
4
plugins/dbms/cache/fingerprint.py
vendored
4
plugins/dbms/cache/fingerprint.py
vendored
@@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.CACHE
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -108,6 +108,6 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.CACHE
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -46,7 +46,7 @@ class Connector(GenericConnector):
|
||||
try:
|
||||
return self.cursor.fetchall()
|
||||
except psycopg2.ProgrammingError as ex:
|
||||
logger.warn(getSafeExString(ex))
|
||||
logger.warning(getSafeExString(ex))
|
||||
return None
|
||||
|
||||
def execute(self, query):
|
||||
@@ -56,7 +56,7 @@ class Connector(GenericConnector):
|
||||
self.cursor.execute(query)
|
||||
retVal = True
|
||||
except (psycopg2.OperationalError, psycopg2.ProgrammingError) as ex:
|
||||
logger.warn(("(remote) '%s'" % getSafeExString(ex)).strip())
|
||||
logger.warning(("(remote) '%s'" % getSafeExString(ex)).strip())
|
||||
except psycopg2.InternalError as ex:
|
||||
raise SqlmapConnectionException(getSafeExString(ex))
|
||||
|
||||
|
||||
@@ -11,12 +11,12 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on CrateDB it is not possible to enumerate the user password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getRoles(self, *args, **kwargs):
|
||||
warnMsg = "on CrateDB it is not possible to enumerate the user roles"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
@@ -78,7 +78,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.CRATEDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -89,6 +89,6 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.CRATEDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -11,22 +11,22 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on Cubrid it is not possible to enumerate password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on Cubrid it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getRoles(self, *args, **kwargs):
|
||||
warnMsg = "on Cubrid it is not possible to enumerate the user roles"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on Cubrid it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
@@ -78,7 +78,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.CUBRID
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -89,6 +89,6 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.CUBRID
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -11,12 +11,12 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on IBM DB2 it is not possible to enumerate password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on IBM DB2 it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
@@ -101,7 +101,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.DB2
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -115,7 +115,7 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.DB2
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
|
||||
@@ -12,31 +12,31 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on Apache Derby it is not possible to enumerate password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on Apache Derby it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getPrivileges(self, *args, **kwargs):
|
||||
warnMsg = "on Apache Derby it is not possible to enumerate the user privileges"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getRoles(self, *args, **kwargs):
|
||||
warnMsg = "on Apache Derby it is not possible to enumerate the user roles"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on Apache Derby it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getBanner(self):
|
||||
warnMsg = "on Apache Derby it is not possible to enumerate the banner"
|
||||
|
||||
@@ -78,7 +78,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.DERBY
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -89,6 +89,6 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.DERBY
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -11,74 +11,74 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def getBanner(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to get the banner"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return None
|
||||
|
||||
def getCurrentUser(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to enumerate the current user"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getCurrentDb(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to get name of the current database"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def isDba(self, user=None):
|
||||
warnMsg = "on eXtremeDB it is not possible to test if current user is DBA"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getUsers(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to enumerate the users"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to enumerate the user password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getPrivileges(self, *args, **kwargs):
|
||||
warnMsg = "on eXtremeDB it is not possible to enumerate the user privileges"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getDbs(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to enumerate databases (use only '--tables')"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def searchDb(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to search databases"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def searchTable(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to search tables"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def searchColumn(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to search columns"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def search(self):
|
||||
warnMsg = "on eXtremeDB search option is not available"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on eXtremeDB it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
@@ -76,7 +76,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.EXTREMEDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -85,7 +85,7 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.EXTREMEDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
|
||||
@@ -11,28 +11,28 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def getDbs(self):
|
||||
warnMsg = "on Firebird it is not possible to enumerate databases (use only '--tables')"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on Firebird it is not possible to enumerate the user password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def searchDb(self):
|
||||
warnMsg = "on Firebird it is not possible to search databases"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on Firebird it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on Firebird it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
@@ -126,7 +126,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.FIREBIRD
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -146,7 +146,7 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.FIREBIRD
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
|
||||
@@ -11,22 +11,22 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def getBanner(self):
|
||||
warnMsg = "on FrontBase it is not possible to get the banner"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return None
|
||||
|
||||
def getPrivileges(self, *args, **kwargs):
|
||||
warnMsg = "on FrontBase it is not possible to enumerate the user privileges"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on FrontBase it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on FrontBase it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
@@ -75,7 +75,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.FRONTBASE
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -84,6 +84,6 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.FRONTBASE
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -31,25 +31,25 @@ class Enumeration(GenericEnumeration):
|
||||
|
||||
def getPrivileges(self, *args, **kwargs):
|
||||
warnMsg = "on H2 it is not possible to enumerate the user privileges"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on H2 it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getCurrentDb(self):
|
||||
return H2_DEFAULT_SCHEMA
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on H2 it is not possible to enumerate password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on H2 it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
@@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.H2
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
else:
|
||||
@@ -108,10 +108,10 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.H2
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on H2 it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
@@ -31,19 +31,19 @@ class Enumeration(GenericEnumeration):
|
||||
|
||||
def getPrivileges(self, *args, **kwargs):
|
||||
warnMsg = "on HSQLDB it is not possible to enumerate the user privileges"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on HSQLDB it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getCurrentDb(self):
|
||||
return HSQLDB_DEFAULT_SCHEMA
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on HSQLDB it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
@@ -41,7 +41,7 @@ class Filesystem(GenericFilesystem):
|
||||
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
|
||||
warnMsg += "bytes, this might cause errors in the file "
|
||||
warnMsg += "writing process"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
debugMsg = "exporting the %s file content to file '%s'" % (fileType, remoteFile)
|
||||
logger.debug(debugMsg)
|
||||
|
||||
@@ -103,14 +103,14 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
else:
|
||||
result = inject.checkBooleanExpression("ZERO() IS 0") # Note: check for H2 DBMS (sharing majority of same functions)
|
||||
if result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -134,7 +134,7 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
dbgMsg = "...or version is < 1.7.2"
|
||||
logger.debug(dbgMsg)
|
||||
@@ -143,7 +143,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on HSQLDB it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def checkDbmsOs(self, detailed=False):
|
||||
if Backend.getOs():
|
||||
|
||||
@@ -11,28 +11,28 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
|
||||
class Enumeration(GenericEnumeration):
|
||||
def searchDb(self):
|
||||
warnMsg = "on Informix searching of databases is not implemented"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def searchTable(self):
|
||||
warnMsg = "on Informix searching of tables is not implemented"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def searchColumn(self):
|
||||
warnMsg = "on Informix searching of columns is not implemented"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
def search(self):
|
||||
warnMsg = "on Informix search option is not available"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on Informix it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
@@ -78,7 +78,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.INFORMIX
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -106,6 +106,6 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.INFORMIX
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -37,7 +37,7 @@ class Enumeration(GenericEnumeration):
|
||||
|
||||
def getPasswordHashes(self):
|
||||
warnMsg = "on SAP MaxDB it is not possible to enumerate the user password hashes"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
@@ -108,7 +108,7 @@ class Enumeration(GenericEnumeration):
|
||||
warnMsg = "missing database parameter. sqlmap is going "
|
||||
warnMsg += "to use the current database to enumerate "
|
||||
warnMsg += "table(s) columns"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
conf.db = self.getCurrentDb()
|
||||
|
||||
@@ -226,20 +226,20 @@ class Enumeration(GenericEnumeration):
|
||||
|
||||
def getPrivileges(self, *args, **kwargs):
|
||||
warnMsg = "on SAP MaxDB it is not possible to enumerate the user privileges"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return {}
|
||||
|
||||
def search(self):
|
||||
warnMsg = "on SAP MaxDB search option is not available"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getHostname(self):
|
||||
warnMsg = "on SAP MaxDB it is not possible to enumerate the hostname"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
def getStatements(self):
|
||||
warnMsg = "on SAP MaxDB it is not possible to enumerate the SQL statements"
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return []
|
||||
|
||||
@@ -34,7 +34,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "unable to perform %s version check" % DBMS.MAXDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return None
|
||||
|
||||
@@ -112,7 +112,7 @@ class Fingerprint(GenericFingerprint):
|
||||
|
||||
if not result:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.MAXDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
@@ -123,7 +123,7 @@ class Fingerprint(GenericFingerprint):
|
||||
return True
|
||||
else:
|
||||
warnMsg = "the back-end DBMS is not %s" % DBMS.MAXDB
|
||||
logger.warn(warnMsg)
|
||||
logger.warning(warnMsg)
|
||||
|
||||
return False
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user