Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1369529

Browse files
stamparmstamparm
committed
minor cosmetic update
1 parent 43892cd commit 1369529

6 files changed

Lines changed: 65 additions & 56 deletions

File tree

lib/request/inject.py

Lines changed: 32 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@
3131
from lib.core.common import dataToSessionFile
3232
from lib.core.common import expandAsteriskForColumns
3333
from lib.core.common import parseUnionPage
34+
from lib.core.common import popValue
35+
from lib.core.common import pushValue
3436
from lib.core.common import readInput
3537
from lib.core.data import conf
3638
from lib.core.data import kb
@@ -339,45 +341,52 @@ def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=Tr
339341

340342
return data
341343

342-
def getValue(expression, blind=True, inband=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False):
344+
def getValue(expression, blind=True, inband=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None, dump=False, suppressOutput=False):
343345
"""
344346
Called each time sqlmap inject a SQL query on the SQL injection
345347
affected parameter. It can call a function to retrieve the output
346348
through inband SQL injection (if selected) and/or blind SQL injection
347349
(if selected).
348350
"""
349351

352+
if suppressOutput:
353+
pushValue(conf.verbose)
354+
conf.verbose = 0
355+
350356
if conf.direct:
351-
return direct(expression)
357+
value = direct(expression)
358+
else:
359+
expression = cleanQuery(expression)
360+
expression = expandAsteriskForColumns(expression)
361+
value = None
352362

353-
expression = cleanQuery(expression)
354-
expression = expandAsteriskForColumns(expression)
355-
value = None
363+
expression = expression.replace("DISTINCT ", "")
356364

357-
expression = expression.replace("DISTINCT ", "")
365+
if inband and kb.unionPosition:
366+
value = __goInband(expression, expected, sort, resumeValue, unpack, dump)
358367

359-
if inband and kb.unionPosition:
360-
value = __goInband(expression, expected, sort, resumeValue, unpack, dump)
368+
if not value:
369+
warnMsg = "for some reasons it was not possible to retrieve "
370+
warnMsg += "the query output through inband SQL injection "
371+
warnMsg += "technique, sqlmap is going blind"
372+
logger.warn(warnMsg)
361373

362-
if not value:
363-
warnMsg = "for some reasons it was not possible to retrieve "
364-
warnMsg += "the query output through inband SQL injection "
365-
warnMsg += "technique, sqlmap is going blind"
366-
logger.warn(warnMsg)
374+
oldParamFalseCond = kb.unionFalseCond
375+
oldParamNegative = kb.unionNegative
376+
kb.unionFalseCond = False
377+
kb.unionNegative = False
367378

368-
oldParamFalseCond = kb.unionFalseCond
369-
oldParamNegative = kb.unionNegative
370-
kb.unionFalseCond = False
371-
kb.unionNegative = False
379+
if blind and not value:
380+
value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
372381

373-
if blind and not value:
374-
value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
382+
kb.unionFalseCond = oldParamFalseCond
383+
kb.unionNegative = oldParamNegative
375384

376-
kb.unionFalseCond = oldParamFalseCond
377-
kb.unionNegative = oldParamNegative
385+
if value and isinstance(value, basestring):
386+
value = value.strip()
378387

379-
if value and isinstance(value, basestring):
380-
value = value.strip()
388+
if suppressOutput:
389+
conf.verbose = popValue()
381390

382391
return value
383392

plugins/dbms/mssqlserver/fingerprint.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -194,7 +194,7 @@ def checkDbmsOs(self, detailed=False):
194194
query += "LIKE '%Windows NT " + data[0] + "%')>0"
195195
query = agent.forgeCaseStatement(query)
196196

197-
if inject.getValue(query, charsetType=1) == "1":
197+
if inject.getValue(query, charsetType=1, suppressOutput=True) == "1":
198198
kb.osVersion = version
199199
infoMsg += " %s" % kb.osVersion
200200

@@ -221,7 +221,7 @@ def checkDbmsOs(self, detailed=False):
221221
query += "LIKE '%Service Pack " + getUnicode(sp) + "%')>0"
222222
query = agent.forgeCaseStatement(query)
223223

224-
if inject.getValue(query, charsetType=1) == "1":
224+
if inject.getValue(query, charsetType=1, suppressOutput=True) == "1":
225225
kb.osSP = sp
226226
break
227227

plugins/dbms/mysql/fingerprint.py

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -187,7 +187,7 @@ def checkDbms(self):
187187
return False
188188

189189
# Determine if it is MySQL >= 5.0.0
190-
if inject.getValue("SELECT %s FROM information_schema.TABLES LIMIT 0, 1" % randInt, charsetType=2) == randInt:
190+
if inject.getValue("SELECT %s FROM information_schema.TABLES LIMIT 0, 1" % randInt, charsetType=2, suppressOutput=True) == randInt:
191191
kb.data.has_information_schema = True
192192
kb.dbmsVersion = [">= 5.0.0"]
193193

@@ -199,28 +199,28 @@ def checkDbms(self):
199199
return True
200200

201201
# Check if it is MySQL >= 5.5.0
202-
if inject.getValue("SELECT MID(TO_SECONDS(950501), 1, 1)", unpack=False, charsetType=2) == "6":
202+
if inject.getValue("SELECT MID(TO_SECONDS(950501), 1, 1)", unpack=False, charsetType=2, suppressOutput=True) == "6":
203203
kb.dbmsVersion = [">= 5.5.0"]
204204

205205
# Check if it is MySQL >= 5.1.2 and < 5.5.0
206206
elif inject.getValue("SELECT MID(@@table_open_cache, 1, 1)", unpack=False):
207-
if inject.getValue("SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
207+
if inject.getValue("SELECT %s FROM information_schema.GLOBAL_STATUS LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
208208
kb.dbmsVersion = [">= 5.1.12", "< 5.5.0"]
209-
elif inject.getValue("SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
209+
elif inject.getValue("SELECT %s FROM information_schema.PROCESSLIST LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
210210
kb.dbmsVersion = [">= 5.1.7", "< 5.1.12"]
211-
elif inject.getValue("SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
211+
elif inject.getValue("SELECT %s FROM information_schema.PARTITIONS LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
212212
kb.dbmsVersion = ["= 5.1.6"]
213-
elif inject.getValue("SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1" % randInt, unpack=False, charsetType=2) == randInt:
213+
elif inject.getValue("SELECT %s FROM information_schema.PLUGINS LIMIT 0, 1" % randInt, unpack=False, charsetType=2, suppressOutput=True) == randInt:
214214
kb.dbmsVersion = [">= 5.1.5", "< 5.1.6"]
215215
else:
216216
kb.dbmsVersion = [">= 5.1.2", "< 5.1.5"]
217217

218218
# Check if it is MySQL >= 5.0.0 and < 5.1.2
219-
elif inject.getValue("SELECT MID(@@hostname, 1, 1)", unpack=False):
219+
elif inject.getValue("SELECT MID(@@hostname, 1, 1)", unpack=False, suppressOutput=True):
220220
kb.dbmsVersion = [">= 5.0.38", "< 5.1.2"]
221-
elif inject.getValue("SELECT 1 FROM DUAL", charsetType=1) == "1":
221+
elif inject.getValue("SELECT 1 FROM DUAL", charsetType=1, suppressOutput=True) == "1":
222222
kb.dbmsVersion = [">= 5.0.11", "< 5.0.38"]
223-
elif inject.getValue("SELECT DATABASE() LIKE SCHEMA()"):
223+
elif inject.getValue("SELECT DATABASE() LIKE SCHEMA()", suppressOutput=True):
224224
kb.dbmsVersion = [">= 5.0.2", "< 5.0.11"]
225225
else:
226226
kb.dbmsVersion = [">= 5.0.0", "<= 5.0.1"]
@@ -237,24 +237,24 @@ def checkDbms(self):
237237
return True
238238

239239
# Check which version of MySQL < 5.0.0 it is
240-
coercibility = inject.getValue("SELECT COERCIBILITY(USER())")
240+
coercibility = inject.getValue("SELECT COERCIBILITY(USER())", suppressOutput=True)
241241

242242
if coercibility == "3":
243243
kb.dbmsVersion = [">= 4.1.11", "< 5.0.0"]
244244
elif coercibility == "2":
245245
kb.dbmsVersion = [">= 4.1.1", "< 4.1.11"]
246-
elif inject.getValue("SELECT CURRENT_USER()"):
246+
elif inject.getValue("SELECT CURRENT_USER()", suppressOutput=True):
247247
kb.dbmsVersion = [">= 4.0.6", "< 4.1.1"]
248248

249-
if inject.getValue("SELECT CHARSET(CURRENT_USER())") == "utf8":
249+
if inject.getValue("SELECT CHARSET(CURRENT_USER())", suppressOutput=True) == "utf8":
250250
kb.dbmsVersion = ["= 4.1.0"]
251251
else:
252252
kb.dbmsVersion = [">= 4.0.6", "< 4.1.0"]
253-
elif inject.getValue("SELECT FOUND_ROWS()", charsetType=1) == "0":
253+
elif inject.getValue("SELECT FOUND_ROWS()", charsetType=1, suppressOutput=True) == "0":
254254
kb.dbmsVersion = [">= 4.0.0", "< 4.0.6"]
255-
elif inject.getValue("SELECT CONNECTION_ID()"):
255+
elif inject.getValue("SELECT CONNECTION_ID()", suppressOutput=True):
256256
kb.dbmsVersion = [">= 3.23.14", "< 4.0.0"]
257-
elif re.search("@[\w\.\-\_]+", inject.getValue("SELECT USER()")):
257+
elif re.search("@[\w\.\-\_]+", inject.getValue("SELECT USER()", suppressOutput=True)):
258258
kb.dbmsVersion = [">= 3.22.11", "< 3.23.14"]
259259
else:
260260
kb.dbmsVersion = ["< 3.22.11"]
@@ -273,7 +273,7 @@ def checkDbmsOs(self, detailed=False):
273273
infoMsg = "fingerprinting the back-end DBMS operating system"
274274
logger.info(infoMsg)
275275

276-
datadirSubstr = inject.getValue("SELECT MID(@@datadir, 1, 1)", unpack=False)
276+
datadirSubstr = inject.getValue("SELECT MID(@@datadir, 1, 1)", unpack=False, suppressOutput=True)
277277

278278
if datadirSubstr == "/":
279279
kb.os = "Linux"

plugins/dbms/oracle/fingerprint.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ def checkDbms(self):
123123
return True
124124

125125
query = "SELECT SUBSTR((VERSION), 1, 2) FROM SYS.PRODUCT_COMPONENT_VERSION WHERE ROWNUM=1"
126-
version = inject.getValue(query, unpack=False)
126+
version = inject.getValue(query, unpack=False, suppressOutput=True)
127127

128128
if re.search("^11", version):
129129
kb.dbmsVersion = ["11i"]

plugins/dbms/postgresql/fingerprint.py

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -123,33 +123,33 @@ def checkDbms(self):
123123
if not conf.extensiveFp:
124124
return True
125125

126-
if inject.getValue("SELECT DIV(6, 3)", unpack=False, charsetType=2) == "2":
126+
if inject.getValue("SELECT DIV(6, 3)", unpack=False, charsetType=2, suppressOutput=True) == "2":
127127
kb.dbmsVersion = [">= 8.4.0"]
128-
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP()::text, 1, 1)", unpack=False, charsetType=2) in ( "1", "2" ) and not inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2) in ( "1", "2" ):
128+
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP()::text, 1, 1)", unpack=False, charsetType=2, suppressOutput=True) in ( "1", "2" ) and not inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2, suppressOutput=True) in ( "1", "2" ):
129129
kb.dbmsVersion = [">= 8.3.0", "< 8.4"]
130-
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2):
130+
elif inject.getValue("SELECT SUBSTR(TRANSACTION_TIMESTAMP(), 1, 1)", unpack=False, charsetType=2, suppressOutput=True):
131131
kb.dbmsVersion = [">= 8.2.0", "< 8.3.0"]
132-
elif inject.getValue("SELECT GREATEST(5, 9, 1)", unpack=False, charsetType=2) == "9":
132+
elif inject.getValue("SELECT GREATEST(5, 9, 1)", unpack=False, charsetType=2, suppressOutput=True) == "9":
133133
kb.dbmsVersion = [">= 8.1.0", "< 8.2.0"]
134-
elif inject.getValue("SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5)", unpack=False, charsetType=2) == "3":
134+
elif inject.getValue("SELECT WIDTH_BUCKET(5.35, 0.024, 10.06, 5)", unpack=False, charsetType=2, suppressOutput=True) == "3":
135135
kb.dbmsVersion = [">= 8.0.0", "< 8.1.0"]
136-
elif inject.getValue("SELECT SUBSTR(MD5('sqlmap'), 1, 1)", unpack=False):
136+
elif inject.getValue("SELECT SUBSTR(MD5('sqlmap'), 1, 1)", unpack=False, suppressOutput=True):
137137
kb.dbmsVersion = [">= 7.4.0", "< 8.0.0"]
138-
elif inject.getValue("SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1)", unpack=False) == "p":
138+
elif inject.getValue("SELECT SUBSTR(CURRENT_SCHEMA(), 1, 1)", unpack=False, suppressOutput=True) == "p":
139139
kb.dbmsVersion = [">= 7.3.0", "< 7.4.0"]
140140
elif inject.getValue("SELECT BIT_LENGTH(1)") == "8":
141141
kb.dbmsVersion = [">= 7.2.0", "< 7.3.0"]
142-
elif inject.getValue("SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1)", unpack=False) == "a":
142+
elif inject.getValue("SELECT SUBSTR(QUOTE_LITERAL('a'), 2, 1)", unpack=False, suppressOutput=True) == "a":
143143
kb.dbmsVersion = [">= 7.1.0", "< 7.2.0"]
144-
elif inject.getValue("SELECT POW(2, 3)", unpack=False, charsetType=2) == "8":
144+
elif inject.getValue("SELECT POW(2, 3)", unpack=False, charsetType=2, suppressOutput=True) == "8":
145145
kb.dbmsVersion = [">= 7.0.0", "< 7.1.0"]
146146
elif inject.getValue("SELECT MAX('a')") == "a":
147147
kb.dbmsVersion = [">= 6.5.0", "< 6.5.3"]
148-
elif re.search("([\d\.]+)", inject.getValue("SELECT SUBSTR(VERSION(), 12, 5)", unpack=False)):
148+
elif re.search("([\d\.]+)", inject.getValue("SELECT SUBSTR(VERSION(), 12, 5)", unpack=False, suppressOutput=True)):
149149
kb.dbmsVersion = [">= 6.4.0", "< 6.5.0"]
150-
elif inject.getValue("SELECT SUBSTR(CURRENT_DATE, 1, 1)", unpack=False, charsetType=2) == "2":
150+
elif inject.getValue("SELECT SUBSTR(CURRENT_DATE, 1, 1)", unpack=False, charsetType=2, suppressOutput=True) == "2":
151151
kb.dbmsVersion = [">= 6.3.0", "< 6.4.0"]
152-
elif inject.getValue("SELECT SUBSTRING('sqlmap', 1, 1)", unpack=False) == "s":
152+
elif inject.getValue("SELECT SUBSTRING('sqlmap', 1, 1)", unpack=False, suppressOutput=True) == "s":
153153
kb.dbmsVersion = [">= 6.2.0", "< 6.3.0"]
154154
else:
155155
kb.dbmsVersion = ["< 6.2.0"]
@@ -180,7 +180,7 @@ def checkDbmsOs(self, detailed=False):
180180
query += "LIKE '%" + osPattern + "%')>0"
181181
query = agent.forgeCaseStatement(query)
182182

183-
if inject.getValue(query, charsetType=1) == "1":
183+
if inject.getValue(query, charsetType=1, suppressOutput=True) == "1":
184184
kb.os = "Windows"
185185

186186
break

plugins/dbms/sqlite/fingerprint.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ def checkDbms(self):
117117
if not conf.extensiveFp:
118118
return True
119119

120-
version = inject.getValue("SELECT SUBSTR((SQLITE_VERSION()), 1, 1)", unpack=False, charsetType=2)
120+
version = inject.getValue("SELECT SUBSTR((SQLITE_VERSION()), 1, 1)", unpack=False, charsetType=2, suppressOutput=True)
121121
kb.dbmsVersion = [ version ]
122122

123123
return True

0 commit comments

Comments
 (0)