mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-28 10:29:04 +00:00
Compare commits
29 Commits
77a42b3a6f
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
8be94b488f | ||
|
|
c95f67c7e2 | ||
|
|
673a7a5ff8 | ||
|
|
e4960ce747 | ||
|
|
22dc46c926 | ||
|
|
9b3ed89fd6 | ||
|
|
eb5c1e0aa2 | ||
|
|
d79af7d1ec | ||
|
|
2b44aa1fbb | ||
|
|
137687e120 | ||
|
|
6d49b5a403 | ||
|
|
868536d466 | ||
|
|
e0ae53091f | ||
|
|
bcabe55fc3 | ||
|
|
7a21109ad0 | ||
|
|
870e11a38e | ||
|
|
1a7538ae0f | ||
|
|
60d145ab6b | ||
|
|
af8742e882 | ||
|
|
dbf5daf788 | ||
|
|
c62dd8511e | ||
|
|
d89a0bb9df | ||
|
|
09dfa568ae | ||
|
|
9c78723a63 | ||
|
|
801a431a3a | ||
|
|
f22abb36a3 | ||
|
|
6d4123c27d | ||
|
|
f44aef3e41 | ||
|
|
619d53a9e5 |
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
|
||||
|
||||
@@ -20,7 +20,7 @@ Preferably, you can download sqlmap by cloning the [Git](https://github.com/sqlm
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap works out of the box with [Python](https://www.python.org/download/) version **2.6**, **2.7** and **3.x** on any platform.
|
||||
sqlmap works out of the box with [Python](https://www.python.org/download/) version **2.7** and **3.x** on any platform.
|
||||
|
||||
Usage
|
||||
----
|
||||
|
||||
@@ -64,17 +64,17 @@ b427b65cc8b585cd02361f5155ffab2fe52fd5943100382c6b86cd0f52f352d9 data/udf/postg
|
||||
c444fd667a09927a22c92e855d206249e761c1fbd4f3630f7ee06265eb2576ee data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
|
||||
c6be099a5dee34f3a7570715428add2e7419f4e73a7ce9913d3fb76eea78d88e data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
|
||||
0a6d5fc399e9958477c8a71f63b7c7884567204253e0d2389a240d83ed83f241 data/udf/README.txt
|
||||
4e268596da67fb0b6a10a7cefb38af5de13f67dab760cc0505f8f80484a0fe79 data/xml/banner/generic.xml
|
||||
288592bbc7115870516865d5a92c2e1d1d54f11a26a86998f8829c13724e2551 data/xml/banner/generic.xml
|
||||
2adcdd08d2c11a5a23777b10c132164ed9e856f2a4eca2f75e5e9b6615d26a97 data/xml/banner/mssql.xml
|
||||
14b18da611d4bfad50341df89f893edf47cd09c41c9662e036e817055eaa0cfb data/xml/banner/mysql.xml
|
||||
6d1ab53eeac4fae6d03b67fb4ada71b915e1446a9c1cc4d82eafc032800a68fd data/xml/banner/oracle.xml
|
||||
9f4ca1ff145cfbe3c3a903a21bf35f6b06ab8b484dad6b7c09e95262bf6bfa05 data/xml/banner/postgresql.xml
|
||||
86da6e90d9ccf261568eda26a6455da226c19a42cc7cd211e379cab528ec621e data/xml/banner/server.xml
|
||||
146887f28e3e19861516bca551e050ce81a1b8d6bb69fd342cc1f19a25849328 data/xml/banner/servlet-engine.xml
|
||||
e87c062bdf05b27db6c1d7e0d41c25f269cbe66b1f9b8e2d9b3db0d567016c76 data/xml/banner/set-cookie.xml
|
||||
8af6b979b6e0a01062dc740ae475ba6be90dc10bb3716a45d28ada56e81f9648 data/xml/banner/set-cookie.xml
|
||||
a7eb4d1bcbdfd155383dcd35396e2d9dd40c2e89ce9d5a02e63a95a94f0ab4ea data/xml/banner/sharepoint.xml
|
||||
e2febc92f9686eacf17a0054f175917b783cc6638ca570435a5203b03245fc18 data/xml/banner/x-aspnet-version.xml
|
||||
75672f8faa8053af0df566a48700f2178075f67c593d916313fcff3474da6f82 data/xml/banner/x-powered-by.xml
|
||||
3a440fbbf8adffbe6f570978e96657da2750c76043f8e88a2c269fe9a190778c data/xml/banner/x-powered-by.xml
|
||||
1ac399c49ce3cb8c0812bb246e60c8a6718226efe89ccd1f027f49a18dbeb634 data/xml/boundaries.xml
|
||||
47c444f260fcba24bb1f13e3d4819ed846909f8d2b6e715069d6372ea30f026f data/xml/errors.xml
|
||||
cfa1f0557fb71be0631796a4848d17be536e38f94571cf6ef911454fbc6b30d1 data/xml/payloads/boolean_blind.xml
|
||||
@@ -83,37 +83,37 @@ b0f434f64105bd61ab0f6867b3f681b97fa02b4fb809ac538db382d031f0e609 data/xml/paylo
|
||||
0648264166455010921df1ec431e4c973809f37ef12cbfea75f95029222eb689 data/xml/payloads/stacked_queries.xml
|
||||
997556b6170964a64474a2e053abe33cf2cf029fb1acec660d4651cc67a3c7e1 data/xml/payloads/time_blind.xml
|
||||
40a4878669f318568097719d07dc906a19b8520bc742be3583321fc1e8176089 data/xml/payloads/union_query.xml
|
||||
95b7464b1a7b75e2b462d73c6cca455c13b301f50182a8b2cd6701cdcb80b43e data/xml/queries.xml
|
||||
eeaec8f6590db3315a740b04f21fed8ae229d9d0ef8b85af5ad83a905e9bfd6e data/xml/queries.xml
|
||||
abb6261b1c531ad2ee3ada8184c76bcdc38732558d11a8e519f36fcc95325f7e doc/AUTHORS
|
||||
2a0322f121cbda30336ab58382e9860fea8ab28ff4726f6f8abf143ce1657abe doc/CHANGELOG.md
|
||||
2df1f15110f74ce4e52f0e7e4a605e6c7e08fbda243e444f9b60e26dfc5cf09d doc/THANKS.md
|
||||
f939c6341e3ab16b0bb9d597e4b13856c7d922be27fd8dba3aa976b347771f16 doc/THIRD-PARTY.md
|
||||
3a8d6530c3aa16938078ee5f0e25178e8ce92758d3bad5809f800aded24c9633 doc/translations/README-ar-AR.md
|
||||
d739d4ced220b342316f5814216bdb1cb85609cd5ebb89e606478ac43301009e doc/translations/README-bg-BG.md
|
||||
66ffca43a07c6d366fe68d5d4c93dca447c7adbff8d5e0f716fcbe54a2021854 doc/translations/README-bn-BD.md
|
||||
6882f232e5c02d9feb7d4447e0501e4e27be453134fb32119a228686b46492a5 doc/translations/README-ckb-KU.md
|
||||
9bed1c72ffd6b25eaf0ff66ac9eefaa4efc2f5e168f51cf056b0daf3e92a3db2 doc/translations/README-de-DE.md
|
||||
008c66ba4a521f7b6f05af2d28669133341a00ebc0a7b68ce0f30480581e998c doc/translations/README-es-MX.md
|
||||
244cec6aee647e2447e70bbeaf848c7f95714c27e258ddbe7f68787b2be88fe9 doc/translations/README-fa-IR.md
|
||||
8d31107d021f468ebbcaac7d59ad616e8d5db93a7c459039a11a6bfd2a921ce9 doc/translations/README-fr-FR.md
|
||||
b9017db1f0167dda23780949b4d618baf877375dc14e08ebd6983331b945ed44 doc/translations/README-gr-GR.md
|
||||
40cb977cb510b0b9b0996c6ada1bace10f28ff7c43eaab96402d7b9198320fd3 doc/translations/README-hr-HR.md
|
||||
86b0f6357709e453a6380741cb05f39aa91217cf52da240d403ee8812cc4c95f doc/translations/README-id-ID.md
|
||||
384bacdd547f87749ea7d73fcb01b25e4b3681d5bcf51ee1b37e9865979eb7c3 doc/translations/README-in-HI.md
|
||||
21120d6671fe87c2d04e87de675f90f739a7cfe2b553db9b1b5ec31667817852 doc/translations/README-it-IT.md
|
||||
0daaccf3ccb2d42ad4fbedf0c4059e8a100bb66d5f093c5912b9862bf152bbf6 doc/translations/README-ja-JP.md
|
||||
81370d878567f411a80d2177d7862aa406229e6c862a6b48d922f64af0db8d14 doc/translations/README-ka-GE.md
|
||||
8fb3c1b2ddb0efc9a7a1962027fa64c11c11b37eda24ea3dfca0854be73839d8 doc/translations/README-ko-KR.md
|
||||
35bc7825417d83c21d19f7ebe288721c3960230a0f5b3d596be30b37e00e43c5 doc/translations/README-nl-NL.md
|
||||
12d6078189d5b4bc255f41f1aae1941f1abe501abd2c0442b5a2090f1628e17d doc/translations/README-pl-PL.md
|
||||
8d0708c2a215e2ee8367fe11a3af750a06bc792292cba8a204d44d03deb56b7d doc/translations/README-pt-BR.md
|
||||
070cc897789e98f144a6b6b166d11289b3cda4d871273d2afe0ab81ac7ae90ad doc/translations/README-rs-RS.md
|
||||
927743c0a1f68dc76969bda49b36a6146f756b907896078af2a99c3340d6cc34 doc/translations/README-ru-RU.md
|
||||
65de5053b014b0e0b9ab5ab68fe545a7f9db9329fa0645a9973e457438b4fde5 doc/translations/README-sk-SK.md
|
||||
a101a1d68362adbf6a82bf66be55a3bef4b6dc8a8855f363a284c71b2ec4e144 doc/translations/README-tr-TR.md
|
||||
0db2d479b1512c948a78ce5c1cf87b5ce0b5b94e3cb16b19e9afcbed2c7f5cae doc/translations/README-uk-UA.md
|
||||
82f9ec2cf2392163e694c99efa79c459a44b6213a5881887777db8228ea230fa doc/translations/README-vi-VN.md
|
||||
0e8f0a2186f90fabd721072972c571a7e5664496d88d6db8aedcb1d0e34c91f0 doc/translations/README-zh-CN.md
|
||||
25012296e8484ea04f7d2368ac9bdbcded4e42dbc5e3373d59c2bb3e950be0b8 doc/translations/README-ar-AR.md
|
||||
c25f7d7f0cc5e13db71994d2b34ada4965e06c87778f1d6c1a103063d25e2c89 doc/translations/README-bg-BG.md
|
||||
e85c82df1a312d93cd282520388c70ecb48bfe8692644fe8dbbf7d43244cda41 doc/translations/README-bn-BD.md
|
||||
00b327233fac8016f1d6d7177479ab3af050c1e7f17b0305c9a97ecdb61b82c9 doc/translations/README-ckb-KU.md
|
||||
f0bd369125459b81ced692ece2fe36c8b042dc007b013c31f2ea8c97b1f95c32 doc/translations/README-de-DE.md
|
||||
163f1c61258ee701894f381291f8f00a307fe0851ddd45501be51a8ace791b44 doc/translations/README-es-MX.md
|
||||
70d04bf35b8931c71ad65066bb5664fd48062c05d0461b887fdf3a0a8e0fab1d doc/translations/README-fa-IR.md
|
||||
a55afae7582937b04bedf11dd13c62d0c87dedae16fcbcbd92f98f04a45c2bdf doc/translations/README-fr-FR.md
|
||||
f4b8bd6cc8de08188f77a6aa780d913b5828f38ca1d5ef05729270cf39f9a3b8 doc/translations/README-gr-GR.md
|
||||
bb8ca97c1abf4cf2ba310d858072276b4a731d2d95b461d4d77e1deca7ccbd8e doc/translations/README-hr-HR.md
|
||||
27ecf8e38762b2ef5a6d48e59a9b4a35d43b91d7497f60027b263091acb067c6 doc/translations/README-id-ID.md
|
||||
830a33cddd601cb1735ced46bbad1c9fbf1ed8bea1860d9dfa15269ef8b3a11c doc/translations/README-in-HI.md
|
||||
40fc19ac5e790ee334732dd10fd8bd62be57f2203bd94bbd08e6aa8e154166e2 doc/translations/README-it-IT.md
|
||||
379a338a94762ff485305b79afaa3c97cb92deb4621d9055b75142806d487bf5 doc/translations/README-ja-JP.md
|
||||
754ce5f3be4c08d5f6ec209cc44168521286ce80f175b9ca95e053b9ec7d14d2 doc/translations/README-ka-GE.md
|
||||
2e7cda0795eee1ac6f0f36e51ce63a6afedc8bbdfc74895d44a72fd070cf9f17 doc/translations/README-ko-KR.md
|
||||
c161d366c1fa499e5f80c1b3c0f35e0fdeabf6616b89381d439ed67e80ed97eb doc/translations/README-nl-NL.md
|
||||
95298c270cc3f493522f2ef145766f6b40487fb8504f51f91bc91b966bb11a7b doc/translations/README-pl-PL.md
|
||||
b904f2db15eb14d5c276d2050b50afa82da3e60da0089b096ce5ddbf3fdc0741 doc/translations/README-pt-BR.md
|
||||
3ed5f7eb20f551363eed1dc34806de88871a66fee4d77564192b9056a59d26ec doc/translations/README-rs-RS.md
|
||||
7d5258bcd281ee620c7143598c18aba03454438c4dc00e7de3f4442d675c2593 doc/translations/README-ru-RU.md
|
||||
bc15e7db466e42182e4bf063919c105327ff1b0ccd0920bb9315c76641ffd71a doc/translations/README-sk-SK.md
|
||||
ab7d86319a68392caac23d8d7870d182d31fb8b33b24e84ba77c8119dbd194c2 doc/translations/README-tr-TR.md
|
||||
5e313398bfe2573c83e25cfc5ff4c003fdbf9244aa611597a7084f7ac11cc405 doc/translations/README-uk-UA.md
|
||||
c3a53e041ce868b4098c02add27ea3abaf6c9ecf73da61339519708ada6d4f24 doc/translations/README-vi-VN.md
|
||||
c4590a37dc1372be29b9ba8674b5e12bcda6ab62c5b2d18dab20bcb73a4ffbeb doc/translations/README-zh-CN.md
|
||||
788b845289c2fbbfc0549a2a94983f2a2468df15be5c8b5de84241a32758d70b extra/beep/beep.py
|
||||
509276140d23bfc079a6863e0291c4d0077dea6942658a992cbca7904a43fae9 extra/beep/beep.wav
|
||||
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/beep/__init__.py
|
||||
@@ -154,27 +154,27 @@ ca86d61d3349ed2d94a6b164d4648cff9701199b5e32378c3f40fca0f517b128 extra/shutils/
|
||||
84e7288c5642f9b267e55902bc7927f45e568b643bdf66c3aedbcd52655f0885 extra/shutils/pycodestyle.sh
|
||||
6b9a5b716a345f4eb6633f605fe74b5b6c4b9d5b100b41e25f167329f15a704c extra/shutils/pydiatra.sh
|
||||
53e6915daeed6396a5977a80e16d45d65367894bb22954df52f0665cf6fe13c3 extra/shutils/pyflakes.sh
|
||||
15d3e4be4a95d9142afb6b0187ca059ea71e23c3b1b08eafcc87fa61bd2bbfb8 extra/shutils/pypi.sh
|
||||
20e0ce27ec1c7809fe03868b3b4371ac29e44ece0e4c024060f497444d3c7c0a extra/shutils/pypi.sh
|
||||
df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264 extra/shutils/recloak.sh
|
||||
1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f extra/shutils/strip.sh
|
||||
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 extra/vulnserver/__init__.py
|
||||
eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df extra/vulnserver/vulnserver.py
|
||||
96a39b4e3a9178e4e8285d5acd00115460cc1098ef430ab7573fc8194368da5c lib/controller/action.py
|
||||
2c8652359d6790755117ec5c68d0ddffacff5f3377ad5004c4fffd29c2446d61 lib/controller/checks.py
|
||||
16487b3d984b9020cc68c0e4e079759a8990d05173f2496f7de30643ac772fe2 lib/controller/checks.py
|
||||
34e9cf166e21ce991b61ca7695c43c892e8425f7e1228daec8cadd38f786acc6 lib/controller/controller.py
|
||||
49bcd74281297c79a6ae5d4b0d1479ddace4476fddaf4383ca682a6977b553e3 lib/controller/handler.py
|
||||
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/controller/__init__.py
|
||||
216c9399853b7454d36dcb552baf9f1169ec7942897ddc46504684325cb6ce00 lib/core/agent.py
|
||||
fbba89420acafcdb9ba1a95428cf2161b13cfa2d1a7ad7d5e70c14b0e04861f0 lib/core/bigarray.py
|
||||
5b21bafe2eb07466d9751f4d80b21f256d5ffb1bb5a9639f91c09a43ec3fec87 lib/core/common.py
|
||||
d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87 lib/core/compat.py
|
||||
463005de14642fef4251c951c9b24ec8d456f67f0cd98a9f4d6add281ccbb775 lib/core/convert.py
|
||||
567c53222bc59f2aaba97ce9ba7613848ff0609007cc5dfc57051da34d76e41b lib/core/common.py
|
||||
11c748cc96ea2bc507bc6c1930a17fe4bc6fdd2dd2a80430df971cb21428eb00 lib/core/compat.py
|
||||
39ea62d4224be860befeffb3843c150f2343b64555ad8c438a400222056f6cc0 lib/core/convert.py
|
||||
ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1 lib/core/data.py
|
||||
ffae7cfe9f9afb92e887b9a8dbc1630d0063e865f35984ae417b04a4513e5024 lib/core/datatype.py
|
||||
1d70d75a1c1a2a0ad295f727ee9f1d90cea851dfc2f8c9a85ef79c7975007ead lib/core/decorators.py
|
||||
322978f03cd69f7c98f2ea2cbe7567ab4f386b6c0548dcdf09064a6e9c393383 lib/core/decorators.py
|
||||
d573a37bb00c8b65f75b275aa92549683180fb209b75fd0ff3870e3848939900 lib/core/defaults.py
|
||||
ce6e1c1766acd95168f7708ddcacaa4a586c21ffc9e92024c4715611c802b60c lib/core/dicts.py
|
||||
c9d1f64648062d7962caf02c4e2e7d84e8feb2a14451146f627112aae889afcd lib/core/dump.py
|
||||
bb7e6521edad1cbfffa89fd7d5e255ed4ff148d984ffadbeac8d42baa2d76dea lib/core/dicts.py
|
||||
20a6edda1d57a7564869e366f57ed7b2ab068dd8716cf7a10ef4a02d154d6c80 lib/core/dump.py
|
||||
2ca709fb52b4a1bc83cfe2acdad7e7d4dca1fee6a775e9290f0f1f517955d0b9 lib/core/enums.py
|
||||
00a9b29caa81fe4a5ef145202f9c92e6081f90b2a85cd76c878d520d900ad856 lib/core/exception.py
|
||||
1c48804c10b94da696d3470efbd25d2fff0f0bbf2af0101aaac8f8c097fce02b lib/core/gui.py
|
||||
@@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0 lib/core/readl
|
||||
d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920 lib/core/replication.py
|
||||
1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3 lib/core/revision.py
|
||||
d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38 lib/core/session.py
|
||||
d7b31917f9057dd078f0d5992a9e9d7c585b40b63ce5394d4b4d09d725f260b8 lib/core/settings.py
|
||||
8f2879edfb18a238d8601e22e82a2a53277fb2aa0876ce42e283e67df4be172c lib/core/settings.py
|
||||
1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09 lib/core/shell.py
|
||||
4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053 lib/core/subprocessng.py
|
||||
cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a lib/core/target.py
|
||||
@@ -220,7 +220,7 @@ fcab35db1da4ac11d8c5b8291f9c87b8d7bb073c460c438374bc5a71ce5c65a6 lib/request/in
|
||||
03490bed87a54bf6c42a33ac1a66f7f8504c2398534a211e7e9306f408cd506a lib/request/methodrequest.py
|
||||
eba8b1638c0c19d497dcbab86c9508b2ce870551b16a40db752a13c697d7d267 lib/request/pkihandler.py
|
||||
6336a6aba124905dab3e5ff67f76cf9b735c2a2879cc3bc8951cb06bea125895 lib/request/rangehandler.py
|
||||
083b961fcd6957c62b00c69d0435eac4612152b8d66e2358cf860a633fb2b0a8 lib/request/redirecthandler.py
|
||||
d6ab6436d7330278081ed21433ab18e5ef74b4d7af7ccb175ae956c245c13ce1 lib/request/redirecthandler.py
|
||||
3157d66bb021b71b2e71e355b209578d15f83000f0655bcf0cd7c7eed5d4669b lib/request/templates.py
|
||||
5f5680c5b1db48ed2a13f47ba9de8b816d9d4f7f4c7abd07a48eb7ecbe9cf3ca lib/takeover/abstraction.py
|
||||
250782249ee5afbcf3f398c596edbc3a9a1b35b3e11ac182678f6e22c1449852 lib/takeover/icmpsh.py
|
||||
@@ -240,7 +240,7 @@ d20798551d141b3eb0b1c789ee595f776386469ac3f9aeee612fd7a5607b98cd lib/techniques
|
||||
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/__init__.py
|
||||
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/techniques/union/__init__.py
|
||||
dca6a14d7e30f8d320cc972620402798b493528a0ad7bd98a7f38327cea04e20 lib/techniques/union/test.py
|
||||
4a866eefe165a541218eb71926a49f65ac13505b88857624b3759970c5069451 lib/techniques/union/use.py
|
||||
9c57e5467c295e10356f457d7a95a652602e6ef09566ab1346fa23519fdf1b3b lib/techniques/union/use.py
|
||||
e41d96b1520e30bd4ce13adfcf52e11d3a5ea75c0b2d7612958d0054be889763 lib/utils/api.py
|
||||
af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16 lib/utils/brute.py
|
||||
828940a8eefda29c9eb271c21f29e2c4d1d428ccf0dcc6380e7ee6740300ec55 lib/utils/crawler.py
|
||||
@@ -248,7 +248,7 @@ af67d25e8c16b429a5b471d3c629dc1da262262320bf7cd68465d151c02def16 lib/utils/brut
|
||||
3aca7632d53ab2569ddef876a1b90f244640a53e19b304c77745f8ddb15e6437 lib/utils/getch.py
|
||||
4979120bbbc030eaef97147ee9d7d564d9683989059b59be317153cdaa23d85b lib/utils/har.py
|
||||
00135cf61f1cfe79d7be14c526f84a841ad22e736db04e4fe087baeb4c22dc0d lib/utils/hashdb.py
|
||||
d1b4cea5658c0936e2003f01fbf7a9e6f6d6cd8503815cb2c358ed0c0e2f147f lib/utils/hash.py
|
||||
8c9caffbd821ad9547c27095c8e55c398ea743b2e44d04b3572e2670389ccf5b lib/utils/hash.py
|
||||
ba862f0c96b1d39797fb21974599e09690d312b17a85e6639bee9d1db510f543 lib/utils/httpd.py
|
||||
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 lib/utils/__init__.py
|
||||
f1d84b1b99ce64c1ccb64aaa35f5231cf094b3dac739f29f76843f23ee10b990 lib/utils/pivotdumptable.py
|
||||
@@ -259,7 +259,7 @@ c0e6e33d2aa115e7ab2459e099cbaeb282065ea158943efc2ff69ba771f03210 lib/utils/sear
|
||||
8258d0f54ad94e6101934971af4e55d5540f217c40ddcc594e2fba837b856d35 lib/utils/sgmllib.py
|
||||
61dfd44fb0a5a308ba225092cb2768491ea2393999683545b7a9c4f190001ab8 lib/utils/sqlalchemy.py
|
||||
6f5f4b921f8cfe625e4656ee4560bc7d699d1aebf6225e9a8f5cf969d0fa7896 lib/utils/timeout.py
|
||||
04f8a2419681876d507b66553797701f1f7a56b71b5221fa317ed56b789dedb3 lib/utils/versioncheck.py
|
||||
9cb6bd014598515a95945f03861e7484d6c0f9f4b508219eb5cc0c372ed5c173 lib/utils/versioncheck.py
|
||||
bd4975ff9cbc0745d341e6c884e6a11b07b0a414105cc899e950686d2c1f88ba lib/utils/xrange.py
|
||||
33049ba7ddaea4a8a83346b3be29d5afce52bbe0b9d8640072d45cadc0e6d4bb LICENSE
|
||||
4533aeb5b4fefb5db485a5976102b0449cc712a82d44f9630cf86150a7b3df55 plugins/dbms/access/connector.py
|
||||
@@ -342,7 +342,7 @@ fd9d9030d054b9b74cf6973902ca38b0a6cad5898b828366162df6bdc8ea10d2 plugins/dbms/f
|
||||
ed39a02193934768cf65d86f9424005f60e0ef03052b5fea1103c78818c19d45 plugins/dbms/h2/connector.py
|
||||
8556f37d4739f8eafcde253b2053d1af41959f6ec09af531304d0e695e3eed6b plugins/dbms/h2/enumeration.py
|
||||
080b0c1173ffe7511dc6990b6de8385b5e63a5c19b8d5e2d04de23ac9513a45c plugins/dbms/h2/filesystem.py
|
||||
d08c1a912f8334c3e706b598db2869edbb1a291a2ccb00c9523ee371de9db0d0 plugins/dbms/h2/fingerprint.py
|
||||
355f941c74cbd0d43726408970aab9518f50f588e780aa764ed237e4bc0c3316 plugins/dbms/h2/fingerprint.py
|
||||
94ee6a0f41bb17b863a0425f95c0dcf90963a7f0ed92f5a2b53659c33b5910b8 plugins/dbms/h2/__init__.py
|
||||
9899a908eb064888d0e385156395d0436801027b2f4a9846b588211dc4b61f83 plugins/dbms/h2/syntax.py
|
||||
53951b2ba616262df5a24aa53e83c1e401d7829bd4b7386dd07704fd05811de2 plugins/dbms/h2/takeover.py
|
||||
@@ -399,11 +399,11 @@ bb0edf756903d8a9df7b60272541768102c64e562e6e7a356c5a761b835efde3 plugins/dbms/m
|
||||
d471eb61a33bd3aa1290cdcce40a5966ebc84af79970f75e8992a2688da4be42 plugins/dbms/mysql/connector.py
|
||||
1e29529d6c4938a728a2d42ef4276b46a40bf4309570213cf3c08871a83abdc1 plugins/dbms/mysql/enumeration.py
|
||||
200b2c910e6902ef8021fe40b3fb426992a016926414cbf9bb74a3630f40842d plugins/dbms/mysql/filesystem.py
|
||||
55da8384ba32fe9b69022c8d5429acfacd4d44e55c14f902818d6794ed1bd0a2 plugins/dbms/mysql/fingerprint.py
|
||||
49e39e43e4f45f69d5a7b384c00deb09c5e474d535eb30b0a429519ec6e1bcc7 plugins/dbms/mysql/fingerprint.py
|
||||
88daad9cf2f62757949cb27128170f33268059e2f0a05d3bd9f75417b99149de plugins/dbms/mysql/__init__.py
|
||||
20108fe32ae3025036aa02b4702c4eda81db01c04a2e0e2e4494d8f1b1717eca plugins/dbms/mysql/syntax.py
|
||||
91f34b67fe3ad5bfa6eae5452a007f97f78b7af000457e9d1c75f4d0207f3d39 plugins/dbms/mysql/takeover.py
|
||||
4b04646298dfe366c401001ab77893bcd342d34211aec1164c6c92757a66f5f4 plugins/dbms/oracle/connector.py
|
||||
054fedf01dfd939b01289f85449bdcba3fd9c9414b846572dfc1641909153b09 plugins/dbms/oracle/connector.py
|
||||
8866391a951e577d2b38b58b970774d38fb09f930fa4f6d27f41af40c06987c1 plugins/dbms/oracle/enumeration.py
|
||||
5ca9f30cd44d63e2a06528da15643621350d44dc6be784bf134653a20b51efef plugins/dbms/oracle/filesystem.py
|
||||
b1c939e3728fe4a739de474edb88583b7e16297713147ca2ea64cac8edf2bdf5 plugins/dbms/oracle/fingerprint.py
|
||||
@@ -464,20 +464,20 @@ b333c73c6a490b5930a09c6c09951af1044eb97076446b2f1475c7cfdfc838a6 plugins/generi
|
||||
4a923f52e8d2dfa6b55c16e08fd5f64eeb292b99573030c0397c7292a4032dd3 plugins/generic/databases.py
|
||||
9b0dbf8f77f190ca92cc58e9c5f784d0b30276ee7d99906f6d9c826c23b6d2e1 plugins/generic/entries.py
|
||||
783a17bb5188b6b9f4a73dbf10d5cf5c073144d5c1970a9d4aec27cb828e2356 plugins/generic/enumeration.py
|
||||
5dbcb646c03b43d1f26c0dbd17ae8fb537fdc526ca9984e1cc3e9eae12c38e6e plugins/generic/filesystem.py
|
||||
8bf9cefa645a2e639861faf3c64ccc82a7bdc0fdc330a70138ddb8b280bef020 plugins/generic/filesystem.py
|
||||
ab661b605012168d72f84a92ff7e233542df3825c66714c99073e56acea37e2e plugins/generic/fingerprint.py
|
||||
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 plugins/generic/__init__.py
|
||||
9ec577d8ccf4698d4e7834bf1e97aea58fba9d2609714b7139c747bcc4f59a30 plugins/generic/misc.py
|
||||
546486bd4221729d7d85b6ce3dbc263c818d091c67774bd781d7d72896eb733b plugins/generic/search.py
|
||||
9be0e2f931b559052518b68511117d6d6e926e69e463ddfa6dc8e9717c0ca677 plugins/generic/syntax.py
|
||||
7bb6403d83cc9fd880180e3ad36dca0cc8268f05f9d7e6f6dba6d405eea48c3a plugins/generic/takeover.py
|
||||
115ee30c77698bb041351686a3f191a3aa247adb2e0da9844f1ad048d0e002cd plugins/generic/users.py
|
||||
cbc7684de872fac4baeabd1fce3938bc771316c36e54d69ac6a301e8a99f07b2 plugins/generic/users.py
|
||||
4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811 plugins/__init__.py
|
||||
f5cad477023c8145c4db7aa530976fc75b098cf59a49905f28d02f6771fd9697 README.md
|
||||
423d9bfaddb3cf527d02ddda97e53c4853d664c51ef7be519e4f45b9e399bc30 README.md
|
||||
535ab6ac8b8441a3758cee86df3e68abec8b43eee54e32777967252057915acc sqlmapapi.py
|
||||
168309215af7dd5b0b71070e1770e72f1cbb29a3d8025143fb8aa0b88cd56b62 sqlmapapi.yaml
|
||||
a40607ce164eb2d21865288d24b863edb1c734b56db857e130ac1aef961c80b9 sqlmap.conf
|
||||
ee57424aa71fbf2d2d1189304f91e95aac812912b7826ea67cfbc07b11aaa6b6 sqlmap.py
|
||||
1beb0711d15e38956759fbffa5331bde763c568a1baa8e32a04ebe5bc7a27e87 sqlmap.py
|
||||
82caac95182ac5cae02eb7d8a2dc07e71389aeae6b838d3d3f402c9597eb086a tamper/0eunion.py
|
||||
bc8f5e638578919e4e75a5b01a84b47456bac0fd540e600975a52408a3433460 tamper/apostrophemask.py
|
||||
c9c3d71f11de0140906d7b4f24fadb9926dc8eaf5adab864f8106275f05526ce tamper/apostrophenullencode.py
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
<root>
|
||||
<!-- Windows -->
|
||||
|
||||
<regexp value="(Microsoft|Windows|Win32)">
|
||||
<regexp value="(Microsoft|Windows|Win32|Win64|WOW64|Cygwin|MinGW)">
|
||||
<info type="Windows"/>
|
||||
</regexp>
|
||||
|
||||
@@ -151,6 +151,34 @@
|
||||
<info type="Linux" distrib="Ubuntu"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="\bAlpine\b">
|
||||
<info type="Linux" distrib="Alpine"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Oracle ?Linux">
|
||||
<info type="Linux" distrib="Oracle"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="\bRHEL\b">
|
||||
<info type="Linux" distrib="Red Hat"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Amazon Linux">
|
||||
<info type="Linux" distrib="Amazon"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Raspbian">
|
||||
<info type="Linux" distrib="Raspbian"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="\bKali\b">
|
||||
<info type="Linux" distrib="Kali"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Rocky Linux">
|
||||
<info type="Linux" distrib="Rocky"/>
|
||||
</regexp>
|
||||
|
||||
<!-- BSD -->
|
||||
|
||||
<regexp value="FreeBSD">
|
||||
@@ -167,11 +195,22 @@
|
||||
|
||||
<!-- Mac OSX -->
|
||||
|
||||
<regexp value="Mac[\-\_\ ]?OSX">
|
||||
<regexp value="Mac[\-\_\ ]?OS ?X|macOS|Darwin">
|
||||
<info type="Mac OSX"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Darwin">
|
||||
<info type="Mac OSX"/>
|
||||
<!-- *nix -->
|
||||
|
||||
<regexp value="SunOS|Solaris">
|
||||
<info type="SunOS"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="\bAIX\b">
|
||||
<info type="AIX"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="HP-UX|HPUX">
|
||||
<info type="HP-UX"/>
|
||||
</regexp>
|
||||
|
||||
</root>
|
||||
|
||||
@@ -76,7 +76,7 @@
|
||||
</regexp>
|
||||
|
||||
<regexp value="laravel_session">
|
||||
<info technology="Laravel (PHP)"/>
|
||||
<info technology="Laravel"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="SESS[a-f0-9]{32}">
|
||||
|
||||
@@ -62,4 +62,8 @@
|
||||
<regexp value="Servlet[\-\_\/\ ]?([\d\.]+)">
|
||||
<info technology="Servlet" tech_version="1"/>
|
||||
</regexp>
|
||||
|
||||
<regexp value="Laravel">
|
||||
<info technology="Laravel"/>
|
||||
</regexp>
|
||||
</root>
|
||||
|
||||
@@ -417,7 +417,8 @@
|
||||
</dbms>
|
||||
|
||||
<dbms value="Firebird">
|
||||
<cast query="TRIM(CAST(%s AS VARCHAR(10000)))"/>
|
||||
<!--Firebird doesn't like big VARCHARs-->
|
||||
<cast query="TRIM(CAST(%s AS VARCHAR(8000)))"/>
|
||||
<length query="CHAR_LENGTH(TRIM(%s))"/>
|
||||
<delimiter query="||"/>
|
||||
<limit query="ROWS %d TO %d"/>
|
||||
@@ -769,8 +770,8 @@
|
||||
<is_dba query="SELECT CURRENT_USER='SA'"/>
|
||||
<check_udf/>
|
||||
<users>
|
||||
<inband query="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
|
||||
<blind query="SELECT NAME FROM INFORMATION_SCHEMA.USERS LIMIT 1 OFFSET %d" count="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
|
||||
<inband query="SELECT USER_NAME FROM INFORMATION_SCHEMA.USERS" query2="SELECT NAME FROM INFORMATION_SCHEMA.USERS"/>
|
||||
<blind query="SELECT USER_NAME FROM INFORMATION_SCHEMA.USERS LIMIT 1 OFFSET %d" count="SELECT COUNT(USER_NAME) FROM INFORMATION_SCHEMA.USERS" query2="SELECT NAME FROM INFORMATION_SCHEMA.USERS LIMIT 1 OFFSET %d" count2="SELECT COUNT(NAME) FROM INFORMATION_SCHEMA.USERS"/>
|
||||
</users>
|
||||
<passwords/>
|
||||
<privileges/>
|
||||
@@ -785,8 +786,8 @@
|
||||
<blind query="SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s' LIMIT 1 OFFSET %d" count="SELECT COUNT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='%s'"/>
|
||||
</tables>
|
||||
<columns>
|
||||
<blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'" condition="COLUMN_NAME"/>
|
||||
<inband query="SELECT COLUMN_NAME,TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" condition="COLUMN_NAME"/>
|
||||
<blind query="SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" query2="SELECT DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND COLUMN_NAME='%s' AND TABLE_SCHEMA='%s'" count="SELECT COUNT(COLUMN_NAME) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s'" condition="COLUMN_NAME"/>
|
||||
<inband query="SELECT COLUMN_NAME,DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" condition="COLUMN_NAME" query2="SELECT COLUMN_NAME,TYPE_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='%s' AND TABLE_SCHEMA='%s' ORDER BY COLUMN_NAME" condition2="COLUMN_NAME"/>
|
||||
</columns>
|
||||
<dump_table>
|
||||
<blind query="SELECT %s FROM %s.%s ORDER BY %s LIMIT 1 OFFSET %d" count="SELECT COUNT(*) FROM %s.%s"/>
|
||||
@@ -945,8 +946,8 @@
|
||||
<limitstring/>
|
||||
<order query="ORDER BY %s ASC"/>
|
||||
<count query="COUNT(%s)"/>
|
||||
<!-- NOTE: comment without alphanumeric char in continuation is invalid -->
|
||||
<comment query="--x"/>
|
||||
<!-- NOTE: https://issues.apache.org/jira/browse/DERBY-3157 -->
|
||||
<comment query="--aa"/>
|
||||
<substring query="SUBSTR((%s),%d,%d)"/>
|
||||
<concatenate query="%s||%s"/>
|
||||
<!-- NOTE: Apache Derby does not support implicit conversion from int to string -->
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
<div dir=rtl>
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap e инструмент за тестване и проникване, с отворен код, който автоматизира процеса на откриване и използване на недостатъците на SQL база данните чрез SQL инжекция, която ги взима от сървъра. Снабден е с мощен детектор, множество специални функции за най-добрия тестер и широк спектър от функции, които могат да се използват за множество цели - извличане на данни от базата данни, достъп до основната файлова система и изпълняване на команди на операционната система.
|
||||
|
||||
@@ -20,7 +20,7 @@ sqlmap e инструмент за тестване и проникване, с
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap работи самостоятелно с [Python](https://www.python.org/download/) версия **2.6**, **2.7** и **3.x** на всички платформи.
|
||||
sqlmap работи самостоятелно с [Python](https://www.python.org/download/) версия **2.7** и **3.x** на всички платформи.
|
||||
|
||||
Използване
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
**SQLMap** একটি ওপেন সোর্স পেনিট্রেশন টেস্টিং টুল যা স্বয়ংক্রিয়ভাবে SQL ইনজেকশন দুর্বলতা সনাক্ত ও শোষণ করতে এবং ডাটাবেস সার্ভার নিয়ন্ত্রণে নিতে সহায়তা করে। এটি একটি শক্তিশালী ডিটেকশন ইঞ্জিন, উন্নত ফিচার এবং পেনিট্রেশন টেস্টারদের জন্য দরকারি বিভিন্ন অপশন নিয়ে আসে। এর মাধ্যমে ডাটাবেস ফিঙ্গারপ্রিন্টিং, ডাটাবেস থেকে তথ্য আহরণ, ফাইল সিস্টেম অ্যাক্সেস, এবং অপারেটিং সিস্টেমে কমান্ড চালানোর মতো কাজ করা যায়, এমনকি আউট-অফ-ব্যান্ড সংযোগ ব্যবহার করেও।
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
```
|
||||
|
||||
SQLMap স্বয়ংক্রিয়ভাবে [Python](https://www.python.org/download/) **2.6**, **2.7** এবং **3.x** সংস্করণে যেকোনো প্ল্যাটফর্মে কাজ করে।
|
||||
SQLMap স্বয়ংক্রিয়ভাবে [Python](https://www.python.org/download/) **2.7** এবং **3.x** সংস্করণে যেকোনো প্ল্যাটফর্মে কাজ করে।
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
|
||||
<div dir=rtl>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap ist ein quelloffenes Penetrationstest Werkzeug, das die Entdeckung, Ausnutzung und Übernahme von SQL injection Schwachstellen automatisiert. Es kommt mit einer mächtigen Erkennungs-Engine, vielen Nischenfunktionen für den ultimativen Penetrationstester und einem breiten Spektrum an Funktionen von Datenbankerkennung, abrufen von Daten aus der Datenbank, zugreifen auf das unterliegende Dateisystem bis hin zur Befehlsausführung auf dem Betriebssystem mit Hilfe von out-of-band Verbindungen.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap es una herramienta para pruebas de penetración "penetration testing" de software libre que automatiza el proceso de detección y explotación de fallos mediante inyección de SQL además de tomar el control de servidores de bases de datos. Contiene un poderoso motor de detección, así como muchas de las funcionalidades escenciales para el "pentester" y una amplia gama de opciones desde la recopilación de información para identificar el objetivo conocido como "fingerprinting" mediante la extracción de información de la base de datos, hasta el acceso al sistema de archivos subyacente para ejecutar comandos en el sistema operativo a través de conexiones alternativas conocidas como "Out-of-band".
|
||||
|
||||
@@ -19,7 +19,7 @@ Preferentemente, se puede descargar sqlmap clonando el repositorio [Git](https:/
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap funciona con las siguientes versiones de [Python](https://www.python.org/download/) **2.6**, **2.7** y **3.x** en cualquier plataforma.
|
||||
sqlmap funciona con las siguientes versiones de [Python](https://www.python.org/download/) **2.7** y **3.x** en cualquier plataforma.
|
||||
|
||||
Uso
|
||||
---
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
|
||||
<div dir=rtl>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
**sqlmap** est un outil Open Source de test d'intrusion. Cet outil permet d'automatiser le processus de détection et d'exploitation des failles d'injection SQL afin de prendre le contrôle des serveurs de base de données. __sqlmap__ dispose d'un puissant moteur de détection utilisant les techniques les plus récentes et les plus dévastatrices de tests d'intrusion comme L'Injection SQL, qui permet d'accéder à la base de données, au système de fichiers sous-jacent et permet aussi l'exécution des commandes sur le système d'exploitation.
|
||||
|
||||
@@ -19,7 +19,7 @@ De préférence, télécharger __sqlmap__ en le [clonant](https://github.com/sql
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap fonctionne sur n'importe quel système d'exploitation avec la version **2.6**, **2.7** et **3.x** de [Python](https://www.python.org/download/)
|
||||
sqlmap fonctionne sur n'importe quel système d'exploitation avec la version **2.7** et **3.x** de [Python](https://www.python.org/download/)
|
||||
|
||||
Utilisation
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
Το sqlmap είναι πρόγραμμα ανοιχτού κώδικα, που αυτοματοποιεί την εύρεση και εκμετάλλευση ευπαθειών τύπου SQL Injection σε βάσεις δεδομένων. Έρχεται με μια δυνατή μηχανή αναγνώρισης ευπαθειών, πολλά εξειδικευμένα χαρακτηριστικά για τον απόλυτο penetration tester όπως και με ένα μεγάλο εύρος επιλογών αρχίζοντας από την αναγνώριση της βάσης δεδομένων, κατέβασμα δεδομένων της βάσης, μέχρι και πρόσβαση στο βαθύτερο σύστημα αρχείων και εκτέλεση εντολών στο απευθείας στο λειτουργικό μέσω εκτός ζώνης συνδέσεων.
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](https://www.python.org/download/) έκδοσης **2.6**, **2.7** και **3.x** σε όποια πλατφόρμα.
|
||||
Το sqlmap λειτουργεί χωρίς περαιτέρω κόπο με την [Python](https://www.python.org/download/) έκδοσης **2.7** και **3.x** σε όποια πλατφόρμα.
|
||||
|
||||
Χρήση
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap je alat namijenjen za penetracijsko testiranje koji automatizira proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije te preuzimanje poslužitelja baze podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko dohvaćanja podataka iz baze, do pristupa zahvaćenom datotečnom sustavu i izvršavanja komandi na operacijskom sustavu korištenjem tzv. "out-of-band" veza.
|
||||
|
||||
@@ -20,7 +20,7 @@ Po mogućnosti, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sql
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap radi bez posebnih zahtjeva korištenjem [Python](https://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi.
|
||||
sqlmap radi bez posebnih zahtjeva korištenjem [Python](https://www.python.org/download/) verzije **2.7** i/ili **3.x** na bilo kojoj platformi.
|
||||
|
||||
Korištenje
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap adalah perangkat lunak sumber terbuka yang digunakan untuk melakukan uji penetrasi, mengotomasi proses deteksi, eksploitasi kelemahan _SQL injection_ serta pengambil-alihan server basis data.
|
||||
|
||||
@@ -22,7 +22,7 @@ Sebagai alternatif, Anda dapat mengunduh sqlmap dengan melakukan _clone_ pada re
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap berfungsi langsung pada [Python](https://www.python.org/download/) versi **2.6**, **2.7** dan **3.x** pada platform apapun.
|
||||
sqlmap berfungsi langsung pada [Python](https://www.python.org/download/) versi **2.7** dan **3.x** pada platform apapun.
|
||||
|
||||
Penggunaan
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap एक ओपन सोर्स प्रवेश परीक्षण उपकरण है जो SQL इन्जेक्शन दोषों की पहचान और उपयोग की प्रक्रिया को स्वचलित करता है और डेटाबेस सर्वरों को अधिकृत कर लेता है। इसके साथ एक शक्तिशाली पहचान इंजन, अंतिम प्रवेश परीक्षक के लिए कई निचले विशेषताएँ और डेटाबेस प्रिंट करने, डेटाबेस से डेटा निकालने, नीचे के फ़ाइल सिस्टम तक पहुँचने और आउट-ऑफ-बैंड कनेक्शन के माध्यम से ऑपरेटिंग सिस्टम पर कमांड चलाने के लिए कई बड़े रेंज के स्विच शामिल हैं।
|
||||
|
||||
@@ -20,7 +20,7 @@ sqlmap एक ओपन सोर्स प्रवेश परीक्षण
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap [Python](https://www.python.org/download/) संस्करण **2.6**, **2.7** और **3.x** पर किसी भी प्लेटफार्म पर तुरंत काम करता है।
|
||||
sqlmap [Python](https://www.python.org/download/) संस्करण **2.7** और **3.x** पर किसी भी प्लेटफार्म पर तुरंत काम करता है।
|
||||
|
||||
उपयोग
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap è uno strumento open source per il penetration testing. Il suo scopo è quello di rendere automatico il processo di scoperta ed exploit di vulnerabilità di tipo SQL injection al fine di compromettere database online. Dispone di un potente motore per la ricerca di vulnerabilità, molti strumenti di nicchia anche per il più esperto penetration tester ed un'ampia gamma di controlli che vanno dal fingerprinting di database allo scaricamento di dati, fino all'accesso al file system sottostante e l'esecuzione di comandi nel sistema operativo attraverso connessioni out-of-band.
|
||||
|
||||
@@ -20,7 +20,7 @@ La cosa migliore sarebbe però scaricare sqlmap clonando la repository [Git](htt
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap è in grado di funzionare con le versioni **2.6**, **2.7** e **3.x** di [Python](https://www.python.org/download/) su ogni piattaforma.
|
||||
sqlmap è in grado di funzionare con le versioni **2.7** e **3.x** di [Python](https://www.python.org/download/) su ogni piattaforma.
|
||||
|
||||
Utilizzo
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmapはオープンソースのペネトレーションテスティングツールです。SQLインジェクションの脆弱性の検出、活用、そしてデータベースサーバ奪取のプロセスを自動化します。
|
||||
強力な検出エンジン、ペネトレーションテスターのための多くのニッチ機能、持続的なデータベースのフィンガープリンティングから、データベースのデータ取得やアウトオブバンド接続を介したオペレーティング・システム上でのコマンド実行、ファイルシステムへのアクセスなどの広範囲に及ぶスイッチを提供します。
|
||||
@@ -21,7 +21,7 @@ wikiに載っているいくつかの機能のデモをスクリーンショッ
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmapは、 [Python](https://www.python.org/download/) バージョン **2.6**, **2.7** または **3.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。
|
||||
sqlmapは、 [Python](https://www.python.org/download/) バージョン **2.7** または **3.x** がインストールされていれば、全てのプラットフォームですぐに使用できます。
|
||||
|
||||
使用方法
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap არის შეღწევადობის ტესტირებისათვის განკუთვილი ინსტრუმენტი, რომლის კოდიც ღიად არის ხელმისაწვდომი. ინსტრუმენტი ახდენს SQL-ინექციის სისუსტეების აღმოჩენისა, გამოყენების და მონაცემთა ბაზათა სერვერების დაუფლების პროცესების ავტომატიზაციას. იგი აღჭურვილია მძლავრი აღმომჩენი მექანიძმით, შეღწევადობის პროფესიონალი ტესტერისათვის შესაფერისი ბევრი ფუნქციით და სკრიპტების ფართო სპექტრით, რომლებიც შეიძლება გამოყენებულ იქნეს მრავალი მიზნით, მათ შორის: მონაცემთა ბაზიდან მონაცემების შეგროვებისათვის, ძირითად საფაილო სისტემაზე წვდომისათვის და out-of-band კავშირების გზით ოპერაციულ სისტემაში ბრძანებათა შესრულებისათვის.
|
||||
|
||||
@@ -20,7 +20,7 @@ sqlmap არის შეღწევადობის ტესტირე
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap ნებისმიერ პლატფორმაზე მუშაობს [Python](https://www.python.org/download/)-ის **2.6**, **2.7** და **3.x** ვერსიებთან.
|
||||
sqlmap ნებისმიერ პლატფორმაზე მუშაობს [Python](https://www.python.org/download/)-ის **2.7** და **3.x** ვერსიებთან.
|
||||
|
||||
გამოყენება
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap은 SQL 인젝션 결함 탐지 및 활용, 데이터베이스 서버 장악 프로세스를 자동화 하는 오픈소스 침투 테스팅 도구입니다. 최고의 침투 테스터, 데이터베이스 핑거프린팅 부터 데이터베이스 데이터 읽기, 대역 외 연결을 통한 기반 파일 시스템 접근 및 명령어 실행에 걸치는 광범위한 스위치들을 위한 강력한 탐지 엔진과 다수의 편리한 기능이 탑재되어 있습니다.
|
||||
|
||||
@@ -20,7 +20,7 @@ sqlmap은 SQL 인젝션 결함 탐지 및 활용, 데이터베이스 서버 장
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap은 [Python](https://www.python.org/download/) 버전 **2.6**, **2.7** 그리고 **3.x** 을 통해 모든 플랫폼 위에서 사용 가능합니다.
|
||||
sqlmap은 [Python](https://www.python.org/download/) 버전 **2.7** 그리고 **3.x** 을 통해 모든 플랫폼 위에서 사용 가능합니다.
|
||||
|
||||
사용법
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap is een open source penetratie test tool dat het proces automatiseert van het detecteren en exploiteren van SQL injectie fouten en het overnemen van database servers. Het wordt geleverd met een krachtige detectie-engine, vele niche-functies voor de ultieme penetratietester, en een breed scala aan switches, waaronder database fingerprinting, het overhalen van gegevens uit de database, toegang tot het onderliggende bestandssysteem, en het uitvoeren van commando's op het besturingssysteem via out-of-band verbindingen.
|
||||
|
||||
@@ -20,7 +20,7 @@ Bij voorkeur, kun je sqlmap downloaden door de [Git](https://github.com/sqlmappr
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap werkt op alle platformen met de volgende [Python](https://www.python.org/download/) versies: **2.6**, **2.7** en **3.x**.
|
||||
sqlmap werkt op alle platformen met de volgende [Python](https://www.python.org/download/) versies: **2.7** en **3.x**.
|
||||
|
||||
Gebruik
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap to open sourceowe narzędzie do testów penetracyjnych, które automatyzuje procesy detekcji, przejmowania i testowania odporności serwerów SQL na podatność na iniekcję niechcianego kodu. Zawiera potężny mechanizm detekcji, wiele niszowych funkcji dla zaawansowanych testów penetracyjnych oraz szeroki wachlarz opcji począwszy od identyfikacji bazy danych, poprzez wydobywanie z niej danych, a nawet pozwalających na dostęp do systemu plików oraz wykonywanie poleceń w systemie operacyjnym serwera poprzez niestandardowe połączenia.
|
||||
|
||||
@@ -20,7 +20,7 @@ Można również pobrać sqlmap klonując rezozytorium [Git](https://github.com/
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
do użycia sqlmap potrzebny jest [Python](https://www.python.org/download/) w wersji **2.6**, **2.7** lub **3.x** na dowolnej platformie systemowej.
|
||||
do użycia sqlmap potrzebny jest [Python](https://www.python.org/download/) w wersji **2.7** lub **3.x** na dowolnej platformie systemowej.
|
||||
|
||||
Sposób użycia
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap é uma ferramenta de teste de intrusão, de código aberto, que automatiza o processo de detecção e exploração de falhas de injeção SQL. Com essa ferramenta é possível assumir total controle de servidores de banco de dados em páginas web vulneráveis, inclusive de base de dados fora do sistema invadido. Ele possui um motor de detecção poderoso, empregando as últimas e mais devastadoras técnicas de teste de intrusão por SQL Injection, que permite acessar a base de dados, o sistema de arquivos subjacente e executar comandos no sistema operacional.
|
||||
|
||||
@@ -20,7 +20,7 @@ De preferência, você pode baixar o sqlmap clonando o repositório [Git](https:
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap funciona em [Python](https://www.python.org/download/) nas versões **2.6**, **2.7** e **3.x** em todas as plataformas.
|
||||
sqlmap funciona em [Python](https://www.python.org/download/) nas versões **2.7** e **3.x** em todas as plataformas.
|
||||
|
||||
Como usar
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap je alat otvorenog koda namenjen za penetraciono testiranje koji automatizuje proces detekcije i eksploatacije sigurnosnih propusta SQL injekcije i preuzimanje baza podataka. Dolazi s moćnim mehanizmom za detekciju, mnoštvom korisnih opcija za napredno penetracijsko testiranje te široki spektar opcija od onih za prepoznavanja baze podataka, preko uzimanja podataka iz baze, do pristupa zahvaćenom fajl sistemu i izvršavanja komandi na operativnom sistemu korištenjem tzv. "out-of-band" veza.
|
||||
|
||||
@@ -20,7 +20,7 @@ Opciono, možete preuzeti sqlmap kloniranjem [Git](https://github.com/sqlmapproj
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap radi bez posebnih zahteva korištenjem [Python](https://www.python.org/download/) verzije **2.6**, **2.7** i/ili **3.x** na bilo kojoj platformi.
|
||||
sqlmap radi bez posebnih zahteva korištenjem [Python](https://www.python.org/download/) verzije **2.7** i/ili **3.x** na bilo kojoj platformi.
|
||||
|
||||
Korišćenje
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap - это инструмент для тестирования уязвимостей с открытым исходным кодом, который автоматизирует процесс обнаружения и использования ошибок SQL-инъекций и захвата серверов баз данных. Он оснащен мощным механизмом обнаружения, множеством приятных функций для профессионального тестера уязвимостей и широким спектром скриптов, которые упрощают работу с базами данных, от сбора данных из базы данных, до доступа к базовой файловой системе и выполнения команд в операционной системе через out-of-band соединение.
|
||||
|
||||
@@ -20,7 +20,7 @@ sqlmap - это инструмент для тестирования уязви
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap работает из коробки с [Python](https://www.python.org/download/) версии **2.6**, **2.7** и **3.x** на любой платформе.
|
||||
sqlmap работает из коробки с [Python](https://www.python.org/download/) версии **2.7** и **3.x** на любой платформе.
|
||||
|
||||
Использование
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap je open source nástroj na penetračné testovanie, ktorý automatizuje proces detekovania a využívania chýb SQL injekcie a preberania databázových serverov. Je vybavený výkonným detekčným mechanizmom, mnohými výklenkovými funkciami pre dokonalého penetračného testera a širokou škálou prepínačov vrátane odtlačkov databázy, cez načítanie údajov z databázy, prístup k základnému súborovému systému a vykonávanie príkazov v operačnom systéme prostredníctvom mimopásmových pripojení.
|
||||
|
||||
@@ -20,7 +20,7 @@ Najlepšie je stiahnuť sqlmap naklonovaním [Git](https://github.com/sqlmapproj
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap funguje bez problémov s programovacím jazykom [Python](https://www.python.org/download/) vo verziách **2.6**, **2.7** a **3.x** na akejkoľvek platforme.
|
||||
sqlmap funguje bez problémov s programovacím jazykom [Python](https://www.python.org/download/) vo verziách **2.7** a **3.x** na akejkoľvek platforme.
|
||||
|
||||
Využitie
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap sql injection açıklarını otomatik olarak tespit ve istismar etmeye yarayan açık kaynak bir penetrasyon aracıdır. sqlmap gelişmiş tespit özelliğinin yanı sıra penetrasyon testleri sırasında gerekli olabilecek birçok aracı, uzak veritabanından, veri indirmek, dosya sistemine erişmek, dosya çalıştırmak gibi işlevleri de barındırmaktadır.
|
||||
|
||||
@@ -23,7 +23,7 @@ Veya tercihen, [Git](https://github.com/sqlmapproject/sqlmap) reposunu klonlayar
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.6**, **2.7** ve **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
|
||||
sqlmap [Python](https://www.python.org/download/) sitesinde bulunan **2.7** ve **3.x** versiyonları ile bütün platformlarda çalışabilmektedir.
|
||||
|
||||
Kullanım
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap - це інструмент для тестування вразливостей з відкритим сирцевим кодом, який автоматизує процес виявлення і використання дефектів SQL-ін'єкцій, а також захоплення серверів баз даних. Він оснащений потужним механізмом виявлення, безліччю приємних функцій для професійного тестувальника вразливостей і широким спектром скриптів, які спрощують роботу з базами даних - від відбитка бази даних до доступу до базової файлової системи та виконання команд в операційній системі через out-of-band з'єднання.
|
||||
|
||||
@@ -20,7 +20,7 @@ sqlmap - це інструмент для тестування вразливо
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap «працює з коробки» з [Python](https://www.python.org/download/) версії **2.6**, **2.7** та **3.x** на будь-якій платформі.
|
||||
sqlmap «працює з коробки» з [Python](https://www.python.org/download/) версії **2.7** та **3.x** на будь-якій платформі.
|
||||
|
||||
Використання
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap là một công cụ kiểm tra thâm nhập mã nguồn mở, nhằm tự động hóa quá trình phát hiện, khai thác lỗ hổng SQL injection và tiếp quản các máy chủ cơ sở dữ liệu. Công cụ này đi kèm với
|
||||
một hệ thống phát hiện mạnh mẽ, nhiều tính năng thích hợp cho người kiểm tra thâm nhập (pentester) và một loạt các tùy chọn bao gồm phát hiện, truy xuất dữ liệu từ cơ sở dữ liệu, truy cập file hệ thống và thực hiện các lệnh trên hệ điều hành từ xa.
|
||||
@@ -22,7 +22,7 @@ Tốt hơn là bạn nên tải xuống sqlmap bằng cách clone về repo [Git
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap hoạt động hiệu quả với [Python](https://www.python.org/download/) phiên bản **2.6**, **2.7** và **3.x** trên bất kì hệ điều hành nào.
|
||||
sqlmap hoạt động hiệu quả với [Python](https://www.python.org/download/) phiên bản **2.7** và **3.x** trên bất kì hệ điều hành nào.
|
||||
|
||||
Sử dụng
|
||||
----
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# sqlmap 
|
||||
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
[](https://github.com/sqlmapproject/sqlmap/actions/workflows/tests.yml) [](https://www.python.org/) [](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [](https://x.com/sqlmap)
|
||||
|
||||
sqlmap 是一款开源的渗透测试工具,可以自动化进行SQL注入的检测、利用,并能接管数据库服务器。它具有功能强大的检测引擎,为渗透测试人员提供了许多专业的功能并且可以进行组合,其中包括数据库指纹识别、数据读取和访问底层文件系统,甚至可以通过带外数据连接的方式执行系统命令。
|
||||
|
||||
@@ -20,7 +20,7 @@ sqlmap 是一款开源的渗透测试工具,可以自动化进行SQL注入的
|
||||
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap 可以运行在 [Python](https://www.python.org/download/) **2.6**, **2.7** 和 **3.x** 版本的任何平台上
|
||||
sqlmap 可以运行在 [Python](https://www.python.org/download/) **2.7** 和 **3.x** 版本的任何平台上
|
||||
|
||||
使用方法
|
||||
----
|
||||
|
||||
@@ -82,7 +82,7 @@ cat > README.rst << "EOF"
|
||||
sqlmap
|
||||
======
|
||||
|
||||
|Python 2.6|2.7|3.x| |License| |X|
|
||||
|Python 2.7|3.x| |License| |X|
|
||||
|
||||
sqlmap is an open source penetration testing tool that automates the
|
||||
process of detecting and exploiting SQL injection flaws and taking over
|
||||
@@ -123,7 +123,7 @@ If you prefer fetching daily updates, you can download sqlmap by cloning the
|
||||
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
|
||||
|
||||
sqlmap works out of the box with
|
||||
`Python <http://www.python.org/download/>`__ version **2.6**, **2.7** and
|
||||
`Python <http://www.python.org/download/>`__ version **2.7** and
|
||||
**3.x** on any platform.
|
||||
|
||||
Usage
|
||||
@@ -164,7 +164,7 @@ Links
|
||||
- Demos: http://www.youtube.com/user/inquisb/videos
|
||||
- Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots
|
||||
|
||||
.. |Python 2.6|2.7|3.x| image:: https://img.shields.io/badge/python-2.6|2.7|3.x-yellow.svg
|
||||
.. |Python 2.7|3.x| image:: https://img.shields.io/badge/python-2.7|3.x-yellow.svg
|
||||
:target: https://www.python.org/
|
||||
.. |License| image:: https://img.shields.io/badge/license-GPLv2-red.svg
|
||||
:target: https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE
|
||||
|
||||
@@ -521,7 +521,7 @@ def checkSqlInjection(place, parameter, value):
|
||||
|
||||
if ratio == 1.0:
|
||||
continue
|
||||
except (MemoryError, OverflowError):
|
||||
except:
|
||||
pass
|
||||
|
||||
# Perform the test's True request
|
||||
@@ -1134,15 +1134,18 @@ def heuristicCheckSqlInjection(place, parameter):
|
||||
if conf.beep:
|
||||
beep()
|
||||
|
||||
for match in re.finditer(FI_ERROR_REGEX, page or ""):
|
||||
if randStr1.lower() in match.group(0).lower():
|
||||
infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||
logger.info(infoMsg)
|
||||
try:
|
||||
for match in re.finditer(FI_ERROR_REGEX, page or ""):
|
||||
if randStr1.lower() in match.group(0).lower():
|
||||
infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if conf.beep:
|
||||
beep()
|
||||
if conf.beep:
|
||||
beep()
|
||||
|
||||
break
|
||||
break
|
||||
except (SystemError, RuntimeError) as ex:
|
||||
logger.debug("Skipping FI heuristic due to regex failure: %s", getSafeExString(ex))
|
||||
|
||||
kb.disableHtmlDecoding = False
|
||||
kb.heuristicMode = False
|
||||
|
||||
@@ -47,6 +47,7 @@ from extra.beep.beep import beep
|
||||
from extra.cloak.cloak import decloak
|
||||
from lib.core.bigarray import BigArray
|
||||
from lib.core.compat import cmp
|
||||
from lib.core.compat import codecs_open
|
||||
from lib.core.compat import LooseVersion
|
||||
from lib.core.compat import round
|
||||
from lib.core.compat import xrange
|
||||
@@ -104,7 +105,7 @@ from lib.core.exception import SqlmapValueException
|
||||
from lib.core.log import LOGGER_HANDLER
|
||||
from lib.core.optiondict import optDict
|
||||
from lib.core.settings import BANNER
|
||||
from lib.core.settings import BOLD_PATTERNS
|
||||
from lib.core.settings import BOLD_PATTERNS_REGEX
|
||||
from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
|
||||
from lib.core.settings import BOUNDED_INJECTION_MARKER
|
||||
from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
|
||||
@@ -170,6 +171,7 @@ from lib.core.settings import REFLECTED_REPLACEMENT_REGEX
|
||||
from lib.core.settings import REFLECTED_REPLACEMENT_TIMEOUT
|
||||
from lib.core.settings import REFLECTED_VALUE_MARKER
|
||||
from lib.core.settings import REFLECTIVE_MISS_THRESHOLD
|
||||
from lib.core.settings import REPLACEMENT_MARKER
|
||||
from lib.core.settings import SENSITIVE_DATA_REGEX
|
||||
from lib.core.settings import SENSITIVE_OPTIONS
|
||||
from lib.core.settings import STDIN_PIPE_DASH
|
||||
@@ -958,7 +960,7 @@ def boldifyMessage(message, istty=None):
|
||||
|
||||
retVal = message
|
||||
|
||||
if any(_ in message for _ in BOLD_PATTERNS):
|
||||
if re.search(BOLD_PATTERNS_REGEX, message):
|
||||
retVal = setColor(message, bold=True, istty=istty)
|
||||
|
||||
return retVal
|
||||
@@ -3337,14 +3339,14 @@ def filterNone(values):
|
||||
"""
|
||||
Emulates filterNone([...]) functionality
|
||||
|
||||
>>> filterNone([1, 2, "", None, 3])
|
||||
[1, 2, 3]
|
||||
>>> filterNone([1, 2, "", None, 3, 0])
|
||||
[1, 2, 3, 0]
|
||||
"""
|
||||
|
||||
retVal = values
|
||||
|
||||
if isinstance(values, _collections.Iterable):
|
||||
retVal = [_ for _ in values if _]
|
||||
retVal = [_ for _ in values if _ or _ == 0]
|
||||
|
||||
return retVal
|
||||
|
||||
@@ -3818,7 +3820,7 @@ def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="reversible",
|
||||
return contextlib.closing(io.StringIO(readCachedFileContent(filename)))
|
||||
else:
|
||||
try:
|
||||
return codecs.open(filename, mode, encoding, errors, buffering)
|
||||
return codecs_open(filename, mode, encoding, errors, buffering)
|
||||
except IOError:
|
||||
errMsg = "there has been a file opening error for filename '%s'. " % filename
|
||||
errMsg += "Please check %s permissions on a file " % ("write" if mode and ('w' in mode or 'a' in mode or '+' in mode) else "read")
|
||||
@@ -4149,6 +4151,11 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
|
||||
payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ""), convall=True))
|
||||
regex = _(filterStringValue(payload, r"[A-Za-z0-9]", encodeStringEscape(REFLECTED_REPLACEMENT_REGEX)))
|
||||
|
||||
# NOTE: special case when part of the result shares the same output as the payload (e.g. ?id=1... and "sqlmap/1.0-dev (http://sqlmap.org)")
|
||||
preserve = extractRegexResult(r"%s(?P<result>.+?)%s" % (kb.chars.start, kb.chars.stop), content)
|
||||
if preserve:
|
||||
content = content.replace(preserve, REPLACEMENT_MARKER)
|
||||
|
||||
if regex != payload:
|
||||
if all(part.lower() in content.lower() for part in filterNone(regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]): # fast optimization check
|
||||
parts = regex.split(REFLECTED_REPLACEMENT_REGEX)
|
||||
@@ -4219,6 +4226,9 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
|
||||
debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
|
||||
logger.debug(debugMsg)
|
||||
|
||||
if preserve and retVal:
|
||||
retVal = retVal.replace(REPLACEMENT_MARKER, preserve)
|
||||
|
||||
except (MemoryError, SystemError):
|
||||
kb.reflectiveMechanism = False
|
||||
if not suppressWarning:
|
||||
@@ -5007,6 +5017,10 @@ def extractExpectedValue(value, expected):
|
||||
|
||||
>>> extractExpectedValue(['1'], EXPECTED.BOOL)
|
||||
True
|
||||
>>> extractExpectedValue(['17'], EXPECTED.BOOL)
|
||||
True
|
||||
>>> extractExpectedValue(['0'], EXPECTED.BOOL)
|
||||
False
|
||||
>>> extractExpectedValue('1', EXPECTED.INT)
|
||||
1
|
||||
>>> extractExpectedValue('7\\xb9645', EXPECTED.INT) is None
|
||||
@@ -5027,10 +5041,10 @@ def extractExpectedValue(value, expected):
|
||||
value = value == "true"
|
||||
elif value in ('t', 'f'):
|
||||
value = value == 't'
|
||||
elif value in ("1", "-1"):
|
||||
value = True
|
||||
elif value == '0':
|
||||
value = False
|
||||
elif re.search(r"\A-?[1-9]\d*\Z", value):
|
||||
value = True
|
||||
else:
|
||||
value = None
|
||||
elif expected == EXPECTED.INT:
|
||||
@@ -5317,7 +5331,7 @@ def parseRequestFile(reqFile, checkParams=True):
|
||||
_ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request)
|
||||
if _:
|
||||
host = _.group(0).strip()
|
||||
if not re.search(r":\d+\Z", host):
|
||||
if not re.search(r":\d+\Z", host) and int(port) != 80:
|
||||
request = request.replace(host, "%s:%d" % (host, int(port)))
|
||||
reqResList.append(request)
|
||||
else:
|
||||
|
||||
@@ -7,8 +7,10 @@ See the file 'LICENSE' for copying permission
|
||||
|
||||
from __future__ import division
|
||||
|
||||
import codecs
|
||||
import binascii
|
||||
import functools
|
||||
import io
|
||||
import math
|
||||
import os
|
||||
import random
|
||||
@@ -312,3 +314,116 @@ def LooseVersion(version):
|
||||
result = float("NaN")
|
||||
|
||||
return result
|
||||
|
||||
# NOTE: codecs.open re-implementation (deprecated in Python 3.14)
|
||||
|
||||
try:
|
||||
# Py2
|
||||
_text_type = unicode
|
||||
_bytes_types = (str, bytearray)
|
||||
except NameError:
|
||||
# Py3
|
||||
_text_type = str
|
||||
_bytes_types = (bytes, bytearray, memoryview)
|
||||
|
||||
_WRITE_CHARS = ("w", "a", "x", "+")
|
||||
|
||||
def _is_write_mode(mode):
|
||||
return any(ch in mode for ch in _WRITE_CHARS)
|
||||
|
||||
class MixedWriteTextIO(object):
|
||||
"""
|
||||
Text-ish stream wrapper that accepts both text and bytes in write().
|
||||
Bytes are decoded using the file's (encoding, errors) before writing.
|
||||
|
||||
Optionally approximates line-buffering by flushing when a newline is written.
|
||||
"""
|
||||
def __init__(self, fh, encoding, errors, line_buffered=False):
|
||||
self._fh = fh
|
||||
self._encoding = encoding
|
||||
self._errors = errors
|
||||
self._line_buffered = line_buffered
|
||||
|
||||
def write(self, data):
|
||||
# bytes-like but not text -> decode
|
||||
if isinstance(data, _bytes_types) and not isinstance(data, _text_type):
|
||||
data = bytes(data).decode(self._encoding, self._errors)
|
||||
elif not isinstance(data, _text_type):
|
||||
data = _text_type(data)
|
||||
|
||||
n = self._fh.write(data)
|
||||
|
||||
# Approximate "line buffering" behavior if requested
|
||||
if self._line_buffered and u"\n" in data:
|
||||
try:
|
||||
self._fh.flush()
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
return n
|
||||
|
||||
def writelines(self, lines):
|
||||
for x in lines:
|
||||
self.write(x)
|
||||
|
||||
def __iter__(self):
|
||||
return iter(self._fh)
|
||||
|
||||
def __next__(self):
|
||||
return next(self._fh)
|
||||
|
||||
def next(self): # Py2
|
||||
return self.__next__()
|
||||
|
||||
def __getattr__(self, name):
|
||||
return getattr(self._fh, name)
|
||||
|
||||
def __enter__(self):
|
||||
self._fh.__enter__()
|
||||
return self
|
||||
|
||||
def __exit__(self, exc_type, exc, tb):
|
||||
return self._fh.__exit__(exc_type, exc, tb)
|
||||
|
||||
|
||||
def _codecs_open(filename, mode="r", encoding=None, errors="strict", buffering=-1):
|
||||
"""
|
||||
Replacement for deprecated codecs.open() entry point with sqlmap-friendly behavior.
|
||||
|
||||
- If encoding is None: return io.open(...) as-is.
|
||||
- If encoding is set: force underlying binary mode and wrap via StreamReaderWriter
|
||||
(like codecs.open()).
|
||||
- For write-ish modes: return a wrapper that also accepts bytes on .write().
|
||||
- Handles buffering=1 in binary mode by downgrading underlying buffering to -1,
|
||||
while optionally preserving "flush on newline" behavior in the wrapper.
|
||||
"""
|
||||
if encoding is None:
|
||||
return io.open(filename, mode, buffering=buffering)
|
||||
|
||||
bmode = mode
|
||||
if "b" not in bmode:
|
||||
bmode += "b"
|
||||
|
||||
# Avoid line-buffering warnings/errors on binary streams
|
||||
line_buffered = (buffering == 1)
|
||||
if line_buffered:
|
||||
buffering = -1
|
||||
|
||||
f = io.open(filename, bmode, buffering=buffering)
|
||||
|
||||
try:
|
||||
info = codecs.lookup(encoding)
|
||||
srw = codecs.StreamReaderWriter(f, info.streamreader, info.streamwriter, errors)
|
||||
srw.encoding = encoding
|
||||
|
||||
if _is_write_mode(mode):
|
||||
return MixedWriteTextIO(srw, encoding, errors, line_buffered=line_buffered)
|
||||
|
||||
return srw
|
||||
except Exception:
|
||||
try:
|
||||
f.close()
|
||||
finally:
|
||||
raise
|
||||
|
||||
codecs_open = _codecs_open if sys.version_info >= (3, 14) else codecs.open
|
||||
|
||||
@@ -31,6 +31,7 @@ from lib.core.settings import SAFE_HEX_MARKER
|
||||
from lib.core.settings import UNICODE_ENCODING
|
||||
from thirdparty import six
|
||||
from thirdparty.six import unichr as _unichr
|
||||
from thirdparty.six.moves import html_parser
|
||||
from thirdparty.six.moves import collections_abc as _collections
|
||||
|
||||
try:
|
||||
@@ -58,7 +59,7 @@ def base64pickle(value):
|
||||
try:
|
||||
retVal = encodeBase64(pickle.dumps(value), binary=False)
|
||||
except:
|
||||
retVal = encodeBase64(pickle.dumps(str(value), PICKLE_PROTOCOL), binary=False)
|
||||
raise
|
||||
|
||||
return retVal
|
||||
|
||||
@@ -81,25 +82,27 @@ def base64unpickle(value):
|
||||
|
||||
def htmlUnescape(value):
|
||||
"""
|
||||
Returns (basic conversion) HTML unescaped value
|
||||
Returns HTML unescaped value
|
||||
|
||||
>>> htmlUnescape('a<b') == 'a<b'
|
||||
True
|
||||
>>> htmlUnescape('a<b') == 'a<b'
|
||||
True
|
||||
>>> htmlUnescape('foobar') == 'foobar'
|
||||
True
|
||||
>>> htmlUnescape('foobar') == 'foobar'
|
||||
True
|
||||
>>> htmlUnescape('©€') == htmlUnescape('©€')
|
||||
True
|
||||
"""
|
||||
|
||||
retVal = value
|
||||
|
||||
if value and isinstance(value, six.string_types):
|
||||
replacements = (("<", '<'), (">", '>'), (""", '"'), (" ", ' '), ("&", '&'), ("'", "'"))
|
||||
for code, value in replacements:
|
||||
retVal = retVal.replace(code, value)
|
||||
|
||||
try:
|
||||
retVal = re.sub(r"&#x([^ ;]+);", lambda match: _unichr(int(match.group(1), 16)), retVal)
|
||||
except (ValueError, OverflowError):
|
||||
pass
|
||||
|
||||
return retVal
|
||||
if six.PY3:
|
||||
import html
|
||||
return html.unescape(value)
|
||||
else:
|
||||
return html_parser.HTMLParser().unescape(value)
|
||||
return value
|
||||
|
||||
def singleTimeWarnMessage(message): # Cross-referenced function
|
||||
sys.stdout.write(message)
|
||||
@@ -143,13 +146,19 @@ def rot13(data):
|
||||
'sbbone jnf urer!!'
|
||||
>>> rot13('sbbone jnf urer!!')
|
||||
'foobar was here!!'
|
||||
>>> rot13(b'foobar was here!!')
|
||||
'sbbone jnf urer!!'
|
||||
"""
|
||||
|
||||
# Reference: https://stackoverflow.com/a/62662878
|
||||
retVal = ""
|
||||
alphabit = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||
|
||||
if isinstance(data, six.binary_type):
|
||||
data = getText(data)
|
||||
|
||||
for char in data:
|
||||
retVal += alphabit[alphabit.index(char) + 13] if char in alphabit else char
|
||||
|
||||
return retVal
|
||||
|
||||
def decodeHex(value, binary=True):
|
||||
@@ -190,10 +199,12 @@ def encodeHex(value, binary=True):
|
||||
'313233'
|
||||
>>> encodeHex(b"123"[0]) == b"31"
|
||||
True
|
||||
>>> encodeHex(123, binary=False)
|
||||
'7b'
|
||||
"""
|
||||
|
||||
if isinstance(value, int):
|
||||
value = six.unichr(value)
|
||||
value = six.int2byte(value)
|
||||
|
||||
if isinstance(value, six.text_type):
|
||||
value = value.encode(UNICODE_ENCODING)
|
||||
@@ -472,7 +483,7 @@ def getConsoleLength(value):
|
||||
"""
|
||||
|
||||
if isinstance(value, six.text_type):
|
||||
retVal = sum((2 if ord(_) >= 0x3000 else 1) for _ in value)
|
||||
retVal = len(value) + sum(ord(_) >= 0x3000 for _ in value)
|
||||
else:
|
||||
retVal = len(value)
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ See the file 'LICENSE' for copying permission
|
||||
|
||||
import functools
|
||||
import hashlib
|
||||
import struct
|
||||
import threading
|
||||
|
||||
from lib.core.datatype import LRUDict
|
||||
@@ -47,17 +48,22 @@ def cachedmethod(f):
|
||||
"^".join("%s=%r" % (k, kwargs[k]) for k in sorted(kwargs))
|
||||
)
|
||||
try:
|
||||
key = int(hashlib.md5("`".join(parts).encode(UNICODE_ENCODING)).hexdigest(), 16) & 0x7fffffffffffffff
|
||||
except ValueError: # https://github.com/sqlmapproject/sqlmap/issues/4281 (NOTE: non-standard Python behavior where hexdigest returns binary value)
|
||||
key = struct.unpack(">Q", hashlib.md5("`".join(parts).encode(UNICODE_ENCODING)).digest()[:8])[0] & 0x7fffffffffffffff
|
||||
except (struct.error, ValueError): # https://github.com/sqlmapproject/sqlmap/issues/4281 (NOTE: non-standard Python behavior where hexdigest returns binary value)
|
||||
result = f(*args, **kwargs)
|
||||
else:
|
||||
lock, cache = _method_locks[f], _cache[f]
|
||||
|
||||
with lock:
|
||||
try:
|
||||
result = cache[key]
|
||||
except KeyError:
|
||||
result = f(*args, **kwargs)
|
||||
cache[key] = result
|
||||
if key in cache:
|
||||
return cache[key]
|
||||
|
||||
result = f(*args, **kwargs)
|
||||
|
||||
with lock:
|
||||
cache[key] = result
|
||||
|
||||
return result
|
||||
|
||||
return result
|
||||
|
||||
|
||||
@@ -270,7 +270,7 @@ HEURISTIC_NULL_EVAL = {
|
||||
DBMS.ACCESS: "CVAR(NULL)",
|
||||
DBMS.MAXDB: "ALPHA(NULL)",
|
||||
DBMS.MSSQL: "IIF(1=1,DIFFERENCE(NULL,NULL),0)",
|
||||
DBMS.MYSQL: "QUARTER(NULL XOR NULL)",
|
||||
DBMS.MYSQL: "IFNULL(QUARTER(NULL),NULL XOR NULL)", # NOTE: previous form (i.e., QUARTER(NULL XOR NULL)) was bad as some optimization engines wrongly evaluate QUARTER(NULL XOR NULL) to 0
|
||||
DBMS.ORACLE: "INSTR2(NULL,NULL)",
|
||||
DBMS.PGSQL: "QUOTE_IDENT(NULL)",
|
||||
DBMS.SQLITE: "UNLIKELY(NULL)",
|
||||
@@ -282,7 +282,7 @@ HEURISTIC_NULL_EVAL = {
|
||||
DBMS.PRESTO: "FROM_HEX(NULL)",
|
||||
DBMS.ALTIBASE: "TDESENCRYPT(NULL,NULL)",
|
||||
DBMS.MIMERSQL: "ASCII_CHAR(256)",
|
||||
DBMS.CRATEDB: "MD5(NULL~NULL)", # Note: NULL~NULL also being evaluated on H2 and Ignite
|
||||
DBMS.CRATEDB: "MD5(NULL~NULL)", # NOTE: NULL~NULL also being evaluated on H2 and Ignite
|
||||
DBMS.CUBRID: "(NULL SETEQ NULL)",
|
||||
DBMS.CACHE: "%SQLUPPER NULL",
|
||||
DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))",
|
||||
|
||||
@@ -45,6 +45,7 @@ from lib.core.exception import SqlmapGenericException
|
||||
from lib.core.exception import SqlmapSystemException
|
||||
from lib.core.exception import SqlmapValueException
|
||||
from lib.core.replication import Replication
|
||||
from lib.core.settings import CHECK_SQLITE_TYPE_THRESHOLD
|
||||
from lib.core.settings import DUMP_FILE_BUFFER_SIZE
|
||||
from lib.core.settings import HTML_DUMP_CSS_STYLE
|
||||
from lib.core.settings import IS_WIN
|
||||
@@ -483,6 +484,12 @@ class Dump(object):
|
||||
dumpFP = openFile(dumpFileName, "wb" if not appendToFile else "ab", buffering=DUMP_FILE_BUFFER_SIZE)
|
||||
|
||||
count = int(tableValues["__infos__"]["count"])
|
||||
if count > TRIM_STDOUT_DUMP_SIZE:
|
||||
warnMsg = "console output will be trimmed to "
|
||||
warnMsg += "last %d rows due to " % TRIM_STDOUT_DUMP_SIZE
|
||||
warnMsg += "large table size"
|
||||
logger.warning(warnMsg)
|
||||
|
||||
separator = str()
|
||||
field = 1
|
||||
fields = len(tableValues) - 1
|
||||
@@ -509,7 +516,8 @@ class Dump(object):
|
||||
if column != "__infos__":
|
||||
colType = Replication.INTEGER
|
||||
|
||||
for value in tableValues[column]['values']:
|
||||
for i in xrange(min(CHECK_SQLITE_TYPE_THRESHOLD, len(tableValues[column]['values']))):
|
||||
value = tableValues[column]['values'][i]
|
||||
try:
|
||||
if not value or value == " ": # NULL
|
||||
continue
|
||||
@@ -522,7 +530,8 @@ class Dump(object):
|
||||
if colType is None:
|
||||
colType = Replication.REAL
|
||||
|
||||
for value in tableValues[column]['values']:
|
||||
for i in xrange(min(CHECK_SQLITE_TYPE_THRESHOLD, len(tableValues[column]['values']))):
|
||||
value = tableValues[column]['values'][i]
|
||||
try:
|
||||
if not value or value == " ": # NULL
|
||||
continue
|
||||
@@ -567,7 +576,7 @@ class Dump(object):
|
||||
else:
|
||||
dataToDumpFile(dumpFP, "%s%s" % (safeCSValue(column), conf.csvDel))
|
||||
elif conf.dumpFormat == DUMP_FORMAT.HTML:
|
||||
dataToDumpFile(dumpFP, "<th>%s</th>" % getUnicode(htmlEscape(column).encode("ascii", "xmlcharrefreplace")))
|
||||
dataToDumpFile(dumpFP, "<th onclick=\"sortTable(%d,this)\">%s</th>" % (field - 1, getUnicode(htmlEscape(column).encode("ascii", "xmlcharrefreplace"))))
|
||||
|
||||
field += 1
|
||||
|
||||
@@ -582,17 +591,14 @@ class Dump(object):
|
||||
elif conf.dumpFormat == DUMP_FORMAT.SQLITE:
|
||||
rtable.beginTransaction()
|
||||
|
||||
if count > TRIM_STDOUT_DUMP_SIZE:
|
||||
warnMsg = "console output will be trimmed to "
|
||||
warnMsg += "last %d rows due to " % TRIM_STDOUT_DUMP_SIZE
|
||||
warnMsg += "large table size"
|
||||
logger.warning(warnMsg)
|
||||
|
||||
for i in xrange(count):
|
||||
console = (i >= count - TRIM_STDOUT_DUMP_SIZE)
|
||||
field = 1
|
||||
values = []
|
||||
|
||||
if i == 0 and count > TRIM_STDOUT_DUMP_SIZE:
|
||||
self._write(" ...")
|
||||
|
||||
if conf.dumpFormat == DUMP_FORMAT.HTML:
|
||||
dataToDumpFile(dumpFP, "<tr>")
|
||||
|
||||
@@ -609,7 +615,9 @@ class Dump(object):
|
||||
value = getUnicode(info["values"][i])
|
||||
value = DUMP_REPLACEMENTS.get(value, value)
|
||||
|
||||
values.append(value)
|
||||
if conf.dumpFormat == DUMP_FORMAT.SQLITE:
|
||||
values.append(value)
|
||||
|
||||
maxlength = int(info["length"])
|
||||
blank = " " * (maxlength - getConsoleLength(value))
|
||||
self._write("| %s%s" % (value, blank), newline=False, console=console)
|
||||
@@ -663,7 +671,7 @@ class Dump(object):
|
||||
|
||||
elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML):
|
||||
if conf.dumpFormat == DUMP_FORMAT.HTML:
|
||||
dataToDumpFile(dumpFP, "</tbody>\n</table>\n</body>\n</html>")
|
||||
dataToDumpFile(dumpFP, "</tbody>\n</table>\n<script>let lc=-1,ld=1;function sortTable(n,h){var t=document.querySelector(\"table\"),r=Array.from(t.tBodies[0].rows);ld=(lc==n?-ld:1);lc=n;r.sort((a,b)=>{var x=a.cells[n].innerText.trim(),y=b.cells[n].innerText.trim(),nx=parseFloat(x),ny=parseFloat(y);return(!isNaN(nx)&&!isNaN(ny)?(nx-ny)*ld:x.localeCompare(y)*ld)});r.forEach(e=>t.tBodies[0].appendChild(e));Array.from(t.tHead.rows[0].cells).forEach(c=>{c.innerText=c.innerText.replace(/[\u2191\u2193]/g,\"\")});h.innerText=h.innerText+ (ld==1?\"\u2191\":\"\u2193\");}</script>\n</body>\n</html>")
|
||||
else:
|
||||
dataToDumpFile(dumpFP, "\n")
|
||||
dumpFP.close()
|
||||
|
||||
@@ -19,7 +19,7 @@ from lib.core.enums import OS
|
||||
from thirdparty import six
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.9.11.1"
|
||||
VERSION = "1.9.12.25"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
@@ -790,8 +790,14 @@ VALID_TIME_CHARS_RUN_THRESHOLD = 100
|
||||
# Check for empty columns only if table is sufficiently large
|
||||
CHECK_ZERO_COLUMNS_THRESHOLD = 10
|
||||
|
||||
# Threshold for checking types of columns in case of SQLite dump format
|
||||
CHECK_SQLITE_TYPE_THRESHOLD = 100
|
||||
|
||||
# Boldify all logger messages containing these "patterns"
|
||||
BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ")
|
||||
BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED", "for more than", "connection to ", "will be trimmed")
|
||||
|
||||
# Regular expression used to search for bold-patterns
|
||||
BOLD_PATTERNS_REGEX = '|'.join(BOLD_PATTERNS)
|
||||
|
||||
# TLDs used in randomization of email-alike parameter values
|
||||
RANDOMIZATION_TLDS = ("com", "net", "ru", "org", "de", "uk", "br", "jp", "cn", "fr", "it", "pl", "tv", "edu", "in", "ir", "es", "me", "info", "gr", "gov", "ca", "co", "se", "cz", "to", "vn", "nl", "cc", "az", "hu", "ua", "be", "no", "biz", "io", "ch", "ro", "sk", "eu", "us", "tw", "pt", "fi", "at", "lt", "kz", "cl", "hr", "pk", "lv", "la", "pe", "au")
|
||||
@@ -941,6 +947,7 @@ td{
|
||||
}
|
||||
th{
|
||||
font-size:12px;
|
||||
cursor:pointer;
|
||||
}
|
||||
</style>"""
|
||||
|
||||
|
||||
@@ -76,16 +76,10 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler):
|
||||
redurl = self._get_header_redirect(headers) if not conf.ignoreRedirects else None
|
||||
|
||||
try:
|
||||
content = fp.read(MAX_CONNECTION_TOTAL_SIZE)
|
||||
content = fp.fp.read(MAX_CONNECTION_TOTAL_SIZE)
|
||||
fp.fp = io.BytesIO(content)
|
||||
except: # e.g. IncompleteRead
|
||||
content = b""
|
||||
finally:
|
||||
if content:
|
||||
try: # try to write it back to the read buffer so we could reuse it in further steps
|
||||
fp.fp._rbuf.truncate(0)
|
||||
fp.fp._rbuf.write(content)
|
||||
except:
|
||||
pass
|
||||
|
||||
content = decodePage(content, headers.get(HTTP_HEADER.CONTENT_ENCODING), headers.get(HTTP_HEADER.CONTENT_TYPE))
|
||||
|
||||
|
||||
@@ -107,12 +107,23 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
|
||||
for _page in (page or "", (page or "").replace('\\"', '"')):
|
||||
if Backend.isDbms(DBMS.MSSQL):
|
||||
output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(_page, payload))
|
||||
|
||||
if output:
|
||||
try:
|
||||
retVal = ""
|
||||
fields = re.findall(r'"([^"]+)":', extractRegexResult(r"{(?P<result>[^}]+)}", output))
|
||||
for row in json.loads(output):
|
||||
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row[field] or NULL) for field in fields), kb.chars.stop)
|
||||
retVal = None
|
||||
output_decoded = htmlUnescape(output)
|
||||
json_data = json.loads(output_decoded, object_pairs_hook=OrderedDict)
|
||||
|
||||
if not isinstance(json_data, list):
|
||||
json_data = [json_data]
|
||||
|
||||
if json_data and isinstance(json_data[0], dict):
|
||||
fields = list(json_data[0].keys())
|
||||
|
||||
if fields:
|
||||
retVal = ""
|
||||
for row in json_data:
|
||||
retVal += "%s%s%s" % (kb.chars.start, kb.chars.delimiter.join(getUnicode(row.get(field) or NULL) for field in fields), kb.chars.stop)
|
||||
except:
|
||||
retVal = None
|
||||
else:
|
||||
|
||||
@@ -65,6 +65,7 @@ from lib.core.data import conf
|
||||
from lib.core.data import kb
|
||||
from lib.core.data import logger
|
||||
from lib.core.datatype import OrderedSet
|
||||
from lib.core.decorators import cachedmethod
|
||||
from lib.core.enums import DBMS
|
||||
from lib.core.enums import HASH
|
||||
from lib.core.enums import MKSTEMP_PREFIX
|
||||
@@ -784,6 +785,7 @@ def attackDumpedTable():
|
||||
table[column]['values'][i] = "%s (%s)" % (getUnicode(table[column]['values'][i]), getUnicode(lut[value.lower()] or HASH_EMPTY_PASSWORD_MARKER))
|
||||
table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i]))
|
||||
|
||||
@cachedmethod
|
||||
def hashRecognition(value):
|
||||
"""
|
||||
>>> hashRecognition("179ad45c6ce2cb97cf1029e212046e81") == HASH.MD5_GENERIC
|
||||
|
||||
@@ -10,8 +10,8 @@ import time
|
||||
|
||||
PYVERSION = sys.version.split()[0]
|
||||
|
||||
if PYVERSION < "2.6":
|
||||
sys.exit("[%s] [CRITICAL] incompatible Python version detected ('%s'). To successfully run sqlmap you'll have to use version 2.6, 2.7 or 3.x (visit 'https://www.python.org/downloads/')" % (time.strftime("%X"), PYVERSION))
|
||||
if PYVERSION < "2.7":
|
||||
sys.exit("[%s] [CRITICAL] incompatible Python version detected ('%s'). To successfully run sqlmap you'll have to use version 2.7 or 3.x (visit 'https://www.python.org/downloads/')" % (time.strftime("%X"), PYVERSION))
|
||||
|
||||
errors = []
|
||||
extensions = ("bz2", "gzip", "pyexpat", "ssl", "sqlite3", "zlib")
|
||||
|
||||
@@ -103,6 +103,10 @@ class Fingerprint(GenericFingerprint):
|
||||
else:
|
||||
setDbms(DBMS.H2)
|
||||
|
||||
result = inject.checkBooleanExpression("JSON_OBJECT() IS NOT NULL")
|
||||
version = '2' if result else '1'
|
||||
Backend.setVersion(version)
|
||||
|
||||
self.getBanner()
|
||||
|
||||
return True
|
||||
|
||||
@@ -187,7 +187,7 @@ class Fingerprint(GenericFingerprint):
|
||||
infoMsg = "testing %s" % DBMS.MYSQL
|
||||
logger.info(infoMsg)
|
||||
|
||||
result = inject.checkBooleanExpression("QUARTER(NULL XOR NULL) IS NULL")
|
||||
result = inject.checkBooleanExpression("IFNULL(QUARTER(NULL),NULL XOR NULL) IS NULL")
|
||||
|
||||
if result:
|
||||
infoMsg = "confirming %s" % DBMS.MYSQL
|
||||
|
||||
@@ -12,7 +12,6 @@ except ImportError:
|
||||
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
|
||||
from lib.core.common import getSafeExString
|
||||
from lib.core.convert import getText
|
||||
@@ -40,7 +39,7 @@ class Connector(GenericConnector):
|
||||
dsn = oracledb.makedsn(self.hostname, self.port, service_name=self.db)
|
||||
self.connector = oracledb.connect(user=self.user, password=self.password, dsn=dsn, mode=oracledb.AUTH_MODE_SYSDBA)
|
||||
logger.info("successfully connected as SYSDBA")
|
||||
except oracledb.DatabaseError as ex:
|
||||
except oracledb.DatabaseError:
|
||||
# Try again without SYSDBA
|
||||
try:
|
||||
self.connector = oracledb.connect(user=self.user, password=self.password, dsn=dsn)
|
||||
|
||||
@@ -16,6 +16,8 @@ from lib.core.common import dataToOutFile
|
||||
from lib.core.common import decloakToTemp
|
||||
from lib.core.common import decodeDbmsHexValue
|
||||
from lib.core.common import isListLike
|
||||
from lib.core.common import isNoneValue
|
||||
from lib.core.common import isNullValue
|
||||
from lib.core.common import isNumPosStrValue
|
||||
from lib.core.common import isStackingAvailable
|
||||
from lib.core.common import isTechniqueAvailable
|
||||
@@ -243,8 +245,9 @@ class Filesystem(object):
|
||||
|
||||
kb.fileReadMode = False
|
||||
|
||||
if fileContent in (None, "") and not Backend.isDbms(DBMS.PGSQL):
|
||||
if (isNoneValue(fileContent) or isNullValue(fileContent)) and not Backend.isDbms(DBMS.PGSQL):
|
||||
self.cleanup(onlyFileTbl=True)
|
||||
fileContent = None
|
||||
elif isListLike(fileContent):
|
||||
newFileContent = ""
|
||||
|
||||
|
||||
@@ -13,6 +13,7 @@ from lib.core.common import Backend
|
||||
from lib.core.common import filterPairValues
|
||||
from lib.core.common import getLimitRange
|
||||
from lib.core.common import isAdminFromPrivileges
|
||||
from lib.core.common import isDBMSVersionAtLeast
|
||||
from lib.core.common import isInferenceAvailable
|
||||
from lib.core.common import isNoneValue
|
||||
from lib.core.common import isNullValue
|
||||
@@ -104,6 +105,7 @@ class Users(object):
|
||||
|
||||
condition = (Backend.isDbms(DBMS.MSSQL) and Backend.isVersionWithin(("2005", "2008")))
|
||||
condition |= (Backend.isDbms(DBMS.MYSQL) and not kb.data.has_information_schema)
|
||||
condition |= (Backend.isDbms(DBMS.H2) and not isDBMSVersionAtLeast("2"))
|
||||
|
||||
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
|
||||
if Backend.isDbms(DBMS.MYSQL) and Backend.isFork(FORK.DRIZZLE):
|
||||
|
||||
@@ -347,6 +347,12 @@ def main():
|
||||
logger.critical(errMsg)
|
||||
raise SystemExit
|
||||
|
||||
elif all(_ in excMsg for _ in ("httpcore", "typing.", "AttributeError")):
|
||||
errMsg = "please update the 'httpcore' package (>= 1.0.8) "
|
||||
errMsg += "(Reference: 'https://github.com/encode/httpcore/discussions/995')"
|
||||
logger.critical(errMsg)
|
||||
raise SystemExit
|
||||
|
||||
elif "invalid maximum character passed to PyUnicode_New" in excMsg and re.search(r"\A3\.[34]", sys.version) is not None:
|
||||
errMsg = "please upgrade the Python version (>= 3.5) "
|
||||
errMsg += "(Reference: 'https://bugs.python.org/issue18183')"
|
||||
@@ -444,7 +450,7 @@ def main():
|
||||
elif kb.get("dumpKeyboardInterrupt"):
|
||||
raise SystemExit
|
||||
|
||||
elif any(_ in excMsg for _ in ("Broken pipe",)):
|
||||
elif any(_ in excMsg for _ in ("Broken pipe", "KeyboardInterrupt")):
|
||||
raise SystemExit
|
||||
|
||||
elif valid is False:
|
||||
|
||||
Reference in New Issue
Block a user