mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-07 13:11:29 +00:00
Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
2382d2654e | ||
|
|
4cdc3af585 | ||
|
|
212f28d1ad | ||
|
|
e1f7690de4 | ||
|
|
7e425d4c9b | ||
|
|
fe2042ea58 | ||
|
|
54e953d206 | ||
|
|
8c26c67ce9 | ||
|
c722f8e3bd |
2
.github/FUNDING.yml
vendored
2
.github/FUNDING.yml
vendored
@@ -1 +1 @@
|
||||
custom: 'https://www.paypal.com/donate?hosted_button_id=A34GMDLKA2V7G'
|
||||
github: sqlmapproject
|
||||
|
||||
@@ -271,15 +271,18 @@ def checkSqlInjection(place, parameter, value):
|
||||
logger.debug(debugMsg)
|
||||
continue
|
||||
|
||||
if kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True):
|
||||
elif kb.dbmsFilter and not intersect(payloadDbms, kb.dbmsFilter, True):
|
||||
debugMsg = "skipping test '%s' because " % title
|
||||
debugMsg += "its declared DBMS is different than provided"
|
||||
logger.debug(debugMsg)
|
||||
continue
|
||||
|
||||
elif kb.reduceTests == False:
|
||||
pass
|
||||
|
||||
# Skip DBMS-specific test if it does not match the
|
||||
# previously identified DBMS (via DBMS-specific payload)
|
||||
if injection.dbms and not intersect(payloadDbms, injection.dbms, True):
|
||||
elif injection.dbms and not intersect(payloadDbms, injection.dbms, True):
|
||||
debugMsg = "skipping test '%s' because " % title
|
||||
debugMsg += "its declared DBMS is different than identified"
|
||||
logger.debug(debugMsg)
|
||||
@@ -287,7 +290,7 @@ def checkSqlInjection(place, parameter, value):
|
||||
|
||||
# Skip DBMS-specific test if it does not match the
|
||||
# previously identified DBMS (via DBMS-specific error message)
|
||||
if kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True):
|
||||
elif kb.reduceTests and not intersect(payloadDbms, kb.reduceTests, True):
|
||||
debugMsg = "skipping test '%s' because the heuristic " % title
|
||||
debugMsg += "tests showed that the back-end DBMS "
|
||||
debugMsg += "could be '%s'" % unArrayizeValue(kb.reduceTests)
|
||||
|
||||
@@ -196,9 +196,9 @@ class Agent(object):
|
||||
if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
|
||||
_ = "%s%s" % (origValue, kb.customInjectionMark)
|
||||
|
||||
if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and '"%s"' % _ not in paramString:
|
||||
if kb.postHint == POST_HINT.JSON and isNumber(origValue) and not isNumber(newValue) and '"%s"' % _ not in paramString:
|
||||
newValue = '"%s"' % self.addPayloadDelimiters(newValue)
|
||||
elif kb.postHint == POST_HINT.JSON_LIKE and not isNumber(newValue) and re.search(r"['\"]%s['\"]" % re.escape(_), paramString) is None:
|
||||
elif kb.postHint == POST_HINT.JSON_LIKE and isNumber(origValue) and not isNumber(newValue) and re.search(r"['\"]%s['\"]" % re.escape(_), paramString) is None:
|
||||
newValue = "'%s'" % self.addPayloadDelimiters(newValue)
|
||||
else:
|
||||
newValue = self.addPayloadDelimiters(newValue)
|
||||
|
||||
@@ -3708,7 +3708,7 @@ def getSortedInjectionTests():
|
||||
if test.stype == PAYLOAD.TECHNIQUE.UNION:
|
||||
retVal = SORT_ORDER.LAST
|
||||
|
||||
elif "details" in test and "dbms" in test.details:
|
||||
elif "details" in test and "dbms" in (test.details or {}):
|
||||
if intersect(test.details.dbms, Backend.getIdentifiedDbms()):
|
||||
retVal = SORT_ORDER.SECOND
|
||||
else:
|
||||
@@ -4693,7 +4693,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
|
||||
else:
|
||||
url = urldecode(request.get_full_url(), kb.pageEncoding)
|
||||
method = request.get_method()
|
||||
data = request.data
|
||||
data = unArrayizeValue(request.data)
|
||||
data = urldecode(data, kb.pageEncoding, spaceplus=False)
|
||||
|
||||
if not data and method and method.upper() == HTTPMETHOD.POST:
|
||||
|
||||
@@ -20,7 +20,7 @@ from thirdparty import six
|
||||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.6.7.0"
|
||||
VERSION = "1.6.9.0"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
||||
@@ -161,8 +161,12 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
|
||||
infoMsg = "starting %d threads" % numThreads
|
||||
logger.info(infoMsg)
|
||||
else:
|
||||
_threadFunction()
|
||||
return
|
||||
try:
|
||||
_threadFunction()
|
||||
except (SqlmapUserQuitException, SqlmapSkipTargetException):
|
||||
pass
|
||||
finally:
|
||||
return
|
||||
|
||||
kb.multiThreadMode = True
|
||||
|
||||
|
||||
@@ -501,6 +501,9 @@ class Connect(object):
|
||||
headers[HTTP_HEADER.HOST] = "localhost"
|
||||
|
||||
for key, value in list(headers.items()):
|
||||
if key.upper() == HTTP_HEADER.ACCEPT_ENCODING.upper():
|
||||
value = re.sub(r"(?i)(,)br(,)?", lambda match: ',' if match.group(1) and match.group(2) else "", value) or "identity"
|
||||
|
||||
del headers[key]
|
||||
if isinstance(value, six.string_types):
|
||||
for char in (r"\r", r"\n"):
|
||||
@@ -1541,7 +1544,10 @@ class Connect(object):
|
||||
if payload is None:
|
||||
value = value.replace(kb.customInjectionMark, "")
|
||||
else:
|
||||
value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), payload, value)
|
||||
try:
|
||||
value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), payload, value)
|
||||
except re.error:
|
||||
value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), re.escape(payload), value)
|
||||
return value
|
||||
page, headers, code = Connect.getPage(url=_(kb.secondReq[0]), post=_(kb.secondReq[2]), method=kb.secondReq[1], cookie=kb.secondReq[3], silent=silent, auxHeaders=dict(auxHeaders, **dict(kb.secondReq[4])), response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True)
|
||||
|
||||
|
||||
@@ -36,6 +36,8 @@ class HTTPSConnection(_http_client.HTTPSConnection):
|
||||
Connection class that enables usage of newer SSL protocols.
|
||||
|
||||
Reference: http://bugs.python.org/msg128686
|
||||
|
||||
NOTE: use https://check-tls.akamaized.net/ to check if (e.g.) TLS/SNI is working properly
|
||||
"""
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
@@ -61,7 +63,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
|
||||
|
||||
# Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext
|
||||
# https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni
|
||||
if re.search(r"\A[\d.]+\Z", conf.hostname or "") is None and kb.tlsSNI.get(conf.hostname) is not False and hasattr(ssl, "SSLContext"):
|
||||
if re.search(r"\A[\d.]+\Z", self.host or "") is None and kb.tlsSNI.get(self.host) is not False and hasattr(ssl, "SSLContext"):
|
||||
for protocol in (_ for _ in _protocols if _ >= ssl.PROTOCOL_TLSv1):
|
||||
try:
|
||||
sock = create_sock()
|
||||
@@ -73,7 +75,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
|
||||
_contexts[protocol].set_ciphers("DEFAULT@SECLEVEL=1")
|
||||
except ssl.SSLError:
|
||||
pass
|
||||
result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=conf.hostname)
|
||||
result = _contexts[protocol].wrap_socket(sock, do_handshake_on_connect=True, server_hostname=self.host)
|
||||
if result:
|
||||
success = True
|
||||
self.sock = result
|
||||
@@ -86,8 +88,8 @@ class HTTPSConnection(_http_client.HTTPSConnection):
|
||||
self._tunnel_host = None
|
||||
logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
|
||||
|
||||
if kb.tlsSNI.get(conf.hostname) is None:
|
||||
kb.tlsSNI[conf.hostname] = success
|
||||
if kb.tlsSNI.get(self.host) is None:
|
||||
kb.tlsSNI[self.host] = success
|
||||
|
||||
if not success:
|
||||
for protocol in _protocols:
|
||||
|
||||
Reference in New Issue
Block a user