Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 775e0df

Browse files
stamparmstamparm
committed
Update for an Issue #278 
1 parent 949fcb7 commit 775e0df

17 files changed

Lines changed: 46 additions & 43 deletions

File tree

extra/shutils/_sqlmap.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@
6868
'(--code)'--code=-'[HTTP code to match when query is evaluated to True]' \
6969
'(--text-only)'--text-only'[Compare pages based only on the textual content]' \
7070
'(--titles)'--titles'[Compare pages based only on their titles]' \
71-
'(--technique)'--technique=-'[SQL injection techniques to test for (default "BEUST")]:TECH:->list-techniques' \
71+
'(--technique)'--technique=-'[SQL injection techniques to test for (default "BEUSTQ")]:TECH:->list-techniques' \
7272
'(--time-sec)'--time-sec=-'[Seconds to delay the DBMS response (default 5)]:TIMESEC' \
7373
'(--union-cols)'--union-cols=-'[Range of columns to test for UNION query SQL injection]:UCOLS' \
7474
'(--union-char)'--union-char=-'[Character to use for bruteforcing number of columns]:UCHAR' \

lib/controller/controller.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ def __formatInjection(inj):
138138
title = title.replace("columns", "column")
139139
elif comment:
140140
vector = "%s%s" % (vector, comment)
141-
data += " Type: %s\n" % (PAYLOAD.SQLINJECTION[stype] if "inline" not in title else "inline query")
141+
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
142142
data += " Title: %s\n" % title
143143
data += " Payload: %s\n" % agent.adjustLateValues(sdata.payload)
144144
data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"

lib/core/defaults.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121
"level": 1,
2222
"risk": 1,
2323
"dumpFormat": "CSV",
24-
"tech": "BEUST",
24+
"tech": "BEUSTQ",
2525
"torType": "HTTP"
2626
}
2727

lib/core/enums.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,8 @@ class PAYLOAD:
177177
2: "error-based",
178178
3: "UNION query",
179179
4: "stacked queries",
180-
5: "AND/OR time-based blind"
180+
5: "AND/OR time-based blind",
181+
6: "inline query"
181182
}
182183

183184
PARAMETER = {
@@ -219,6 +220,7 @@ class TECHNIQUE:
219220
UNION = 3
220221
STACKED = 4
221222
TIME = 5
223+
QUERY = 6
222224

223225
class WHERE:
224226
ORIGINAL = 1

lib/core/threads.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
105105
kb.threadContinue = True
106106
kb.threadException = False
107107

108-
if threadChoice and numThreads == 1 and any(map(lambda x: x in kb.injection.data, [PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.UNION])):
108+
if threadChoice and numThreads == 1 and any(map(lambda _: _ in kb.injection.data, (PAYLOAD.TECHNIQUE.BOOLEAN, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY, PAYLOAD.TECHNIQUE.UNION))):
109109
while True:
110110
message = "please enter number of threads? [Enter for %d (current)] " % numThreads
111111
choice = readInput(message, default=str(numThreads))

lib/request/inject.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -407,14 +407,14 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
407407
count += 1
408408
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
409409

410-
if error and isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and not found:
411-
kb.technique = PAYLOAD.TECHNIQUE.ERROR
410+
if error and any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) and not found:
411+
kb.technique = PAYLOAD.TECHNIQUE.ERROR if isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) else PAYLOAD.TECHNIQUE.QUERY
412412
value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump)
413413
count += 1
414414
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
415415

416416
if found and conf.dnsName:
417-
_ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E":PAYLOAD.TECHNIQUE.ERROR, "U":PAYLOAD.TECHNIQUE.UNION}.items())))
417+
_ = "".join(filter(None, (key if isTechniqueAvailable(value) else None for key, value in {"E":PAYLOAD.TECHNIQUE.ERROR, "Q":PAYLOAD.TECHNIQUE.QUERY, "U":PAYLOAD.TECHNIQUE.UNION}.items())))
418418
warnMsg = "option '--dns-domain' will be ignored "
419419
warnMsg += "as faster techniques are usable "
420420
warnMsg += "(%s) " % _

lib/takeover/xp_cmdshell.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -209,7 +209,7 @@ def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
209209

210210
query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName)
211211

212-
if conf.direct or any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)):
212+
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
213213
output = inject.getValue(query, resumeValue=False, blind=False, time=False)
214214
else:
215215
output = []

lib/techniques/error/use.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ def __oneShotErrorUse(expression, field=None):
8383
nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, chunk_length)
8484

8585
# Forge the error-based SQL injection request
86-
vector = kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector
86+
vector = kb.injection.data[kb.technique].vector
8787
query = agent.prefixQuery(vector)
8888
query = agent.suffixQuery(query)
8989
injExpression = expression.replace(field, nulledCastedField, 1) if field else expression
@@ -94,7 +94,7 @@ def __oneShotErrorUse(expression, field=None):
9494
# Perform the request
9595
page, headers = Request.queryPage(payload, content=True)
9696

97-
incrementCounter(PAYLOAD.TECHNIQUE.ERROR)
97+
incrementCounter(kb.technique)
9898

9999
# Parse the returned page to get the exact error-based
100100
# SQL injection output
@@ -227,7 +227,7 @@ def errorUse(expression, dump=False):
227227
SQL injection vulnerability on the affected parameter.
228228
"""
229229

230-
initTechnique(PAYLOAD.TECHNIQUE.ERROR)
230+
initTechnique(kb.technique)
231231

232232
abortedFlag = False
233233
count = None
@@ -416,7 +416,7 @@ def errorThread():
416416
duration = calculateDeltaSeconds(start)
417417

418418
if not kb.bruteMode:
419-
debugMsg = "performed %d queries in %d seconds" % (kb.counters[PAYLOAD.TECHNIQUE.ERROR], duration)
419+
debugMsg = "performed %d queries in %d seconds" % (kb.counters[kb.technique], duration)
420420
logger.debug(debugMsg)
421421

422422
return outputs

plugins/dbms/mssqlserver/enumeration.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ def getTables(self):
8686

8787
rootQuery = queries[Backend.getIdentifiedDbms()].tables
8888

89-
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
89+
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
9090
for db in dbs:
9191
if conf.excludeSysDbs and db in self.excludeDbsList:
9292
infoMsg = "skipping system database '%s'" % db
@@ -196,7 +196,7 @@ def searchTable(self):
196196

197197
continue
198198

199-
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
199+
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
200200
query = rootQuery.inband.query.replace("%s", db)
201201
query += tblQuery
202202
values = inject.getValue(query, blind=False, time=False)
@@ -317,7 +317,7 @@ def searchColumn(self):
317317
if conf.excludeSysDbs and db in self.excludeDbsList:
318318
continue
319319

320-
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
320+
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
321321
query = rootQuery.inband.query % (db, db, db, db, db, db)
322322
query += " AND %s" % colQuery.replace("[DB]", db)
323323
query += whereTblsQuery.replace("[DB]", db)

plugins/dbms/oracle/enumeration.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ def getRoles(self, query2=False):
4141
# Set containing the list of DBMS administrators
4242
areAdmins = set()
4343

44-
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
44+
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) or conf.direct:
4545
if query2:
4646
query = rootQuery.inband.query2
4747
condition = rootQuery.inband.condition2

0 commit comments

Comments
 (0)