Major bug fix to avoid tracebacks when multiple targets are specified and one

bdamele · bdamele · commit c32ef9d751ad · 2008-12-18T20:38:57.000Z
of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided.
diff --git a/doc/THANKS b/doc/THANKS
@@ -126,6 +126,7 @@ Jason Swan <jasoneswan@gmail.com>
 Alessandro Tanasi <alessandro@tanasi.it>
     for extensively beta-testing sqlmap
     for suggesting many features and reporting some bugs
+    for reviewing the documentation
 
 Efrain Torres <et@metasploit.com>
     for helping me out to improve the Metasploit Framework 3 sqlmap
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -93,7 +93,7 @@ def prefixQuery(self, string):
         if conf.prefix:
             query = conf.prefix
         else:
-            if kb.injType == "numeric":
+            if kb.injType == "numeric" or conf.postfix:
                 pass
             elif kb.injType in ( "stringsingle", "likesingle" ):
                 query = "'"
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -493,15 +493,40 @@ def parsePasswordHash(password):
 
 
 def cleanQuery(query):
+    # SQL SELECT statement
     upperQuery = query.replace("select ", "SELECT ")
     upperQuery = upperQuery.replace(" from ", " FROM ")
+    upperQuery = upperQuery.replace(" where ", " WHERE ")
+    upperQuery = upperQuery.replace(" group by ", " GROUP BY ")
+    upperQuery = upperQuery.replace(" order by ", " ORDER BY ")
+    upperQuery = upperQuery.replace(" having ", " HAVING ")
     upperQuery = upperQuery.replace(" limit ", " LIMIT ")
     upperQuery = upperQuery.replace(" offset ", " OFFSET ")
-    upperQuery = upperQuery.replace(" order by ", " ORDER BY ")
-    upperQuery = upperQuery.replace(" group by ", " GROUP BY ")
     upperQuery = upperQuery.replace(" union all ", " UNION ALL ")
     upperQuery = upperQuery.replace(" rownum ", " ROWNUM ")
 
+    # SQL data definition
+    upperQuery = upperQuery.replace(" create ", " CREATE ")
+    upperQuery = upperQuery.replace(" drop ", " DROP ")
+    upperQuery = upperQuery.replace(" truncate ", " TRUNCATE ")
+    upperQuery = upperQuery.replace(" alter ", " ALTER ")
+
+    # SQL data manipulation
+    upperQuery = upperQuery.replace(" insert ", " INSERT ")
+    upperQuery = upperQuery.replace(" update ", " UPDATE ")
+    upperQuery = upperQuery.replace(" delete ", " DELETE ")
+    upperQuery = upperQuery.replace(" merge ", " MERGE ")
+
+    # SQL data control
+    upperQuery = upperQuery.replace(" grant ", " GRANT ")
+
+    # SQL transaction control
+    upperQuery = upperQuery.replace(" start transaction ", " START TRANSACTION ")
+    upperQuery = upperQuery.replace(" begin work ", " BEGIN WORK ")
+    upperQuery = upperQuery.replace(" begin transaction ", " BEGIN TRANSACTION ")
+    upperQuery = upperQuery.replace(" commit ", " COMMIT ")
+    upperQuery = upperQuery.replace(" rollback ", " ROLLBACK ")
+
     return upperQuery
 
 
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -97,6 +97,7 @@ def getPage(**kwargs):
                 multipartOpener = urllib2.build_opener(multipartpost.MultipartPostHandler)
                 conn = multipartOpener.open(url, multipart)
                 page = conn.read()
+
                 return page
 
         else:
@@ -197,7 +198,7 @@ def getPage(**kwargs):
                 warnMsg += ", skipping to next url"
                 logger.warn(warnMsg)
 
-                return None
+                return None, None
 
             if conf.retries < RETRIES:
                 conf.retries += 1
@@ -206,6 +207,7 @@ def getPage(**kwargs):
                 logger.warn(warnMsg)
 
                 time.sleep(1)
+
                 return Connect.__getPageProxy(get=get, post=post, cookie=cookie, ua=ua, direct=direct, multipart=multipart)
 
             else:
@@ -268,5 +270,7 @@ def queryPage(value=None, place=None, content=False):
 
         if content:
             return page
-        else:
+        elif page and headers:
             return comparison(page, headers, content)
+        else:
+            return False
diff --git a/plugins/dbms/mysql.py b/plugins/dbms/mysql.py
@@ -470,7 +470,7 @@ def osShell(self):
                                 "uploadDir": directory,
                               }
             uploaderUrl = "%s/%s" % (baseUrl, uploaderName)
-            page, _ = Request.getPage(url=uploaderUrl, multipart=multipartParams)
+            page = Request.getPage(url=uploaderUrl, multipart=multipartParams)
 
             if "Backdoor uploaded" not in page:
                 warnMsg  = "unable to upload the backdoor through "

Original file line number	Diff line number	Diff line change
`@@ -470,7 +470,7 @@ def osShell(self):`
`470`	`470`	`"uploadDir": directory,`
`471`	`471`	`}`
`472`	`472`	`uploaderUrl = "%s/%s" % (baseUrl, uploaderName)`
`473`		`- page, _ = Request.getPage(url=uploaderUrl, multipart=multipartParams)`
	`473`	`+ page = Request.getPage(url=uploaderUrl, multipart=multipartParams)`
`474`	`474`
`475`	`475`	`if "Backdoor uploaded" not in page:`
`476`	`476`	`warnMsg = "unable to upload the backdoor through "`