diff --git a/doc/THANKS b/doc/THANKS index 8b25b4213..f53a5bb5d 100644 --- a/doc/THANKS +++ b/doc/THANKS @@ -126,6 +126,7 @@ Jason Swan Alessandro Tanasi for extensively beta-testing sqlmap for suggesting many features and reporting some bugs + for reviewing the documentation Efrain Torres for helping me out to improve the Metasploit Framework 3 sqlmap diff --git a/lib/core/agent.py b/lib/core/agent.py index 40b07b4e9..800be70f9 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -93,7 +93,7 @@ class Agent: if conf.prefix: query = conf.prefix else: - if kb.injType == "numeric": + if kb.injType == "numeric" or conf.postfix: pass elif kb.injType in ( "stringsingle", "likesingle" ): query = "'" diff --git a/lib/core/common.py b/lib/core/common.py index 1c21b6d4e..66153ec90 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -493,15 +493,40 @@ def parsePasswordHash(password): def cleanQuery(query): + # SQL SELECT statement upperQuery = query.replace("select ", "SELECT ") upperQuery = upperQuery.replace(" from ", " FROM ") + upperQuery = upperQuery.replace(" where ", " WHERE ") + upperQuery = upperQuery.replace(" group by ", " GROUP BY ") + upperQuery = upperQuery.replace(" order by ", " ORDER BY ") + upperQuery = upperQuery.replace(" having ", " HAVING ") upperQuery = upperQuery.replace(" limit ", " LIMIT ") upperQuery = upperQuery.replace(" offset ", " OFFSET ") - upperQuery = upperQuery.replace(" order by ", " ORDER BY ") - upperQuery = upperQuery.replace(" group by ", " GROUP BY ") upperQuery = upperQuery.replace(" union all ", " UNION ALL ") upperQuery = upperQuery.replace(" rownum ", " ROWNUM ") + # SQL data definition + upperQuery = upperQuery.replace(" create ", " CREATE ") + upperQuery = upperQuery.replace(" drop ", " DROP ") + upperQuery = upperQuery.replace(" truncate ", " TRUNCATE ") + upperQuery = upperQuery.replace(" alter ", " ALTER ") + + # SQL data manipulation + upperQuery = upperQuery.replace(" insert ", " INSERT ") + upperQuery = upperQuery.replace(" update ", " UPDATE ") + upperQuery = upperQuery.replace(" delete ", " DELETE ") + upperQuery = upperQuery.replace(" merge ", " MERGE ") + + # SQL data control + upperQuery = upperQuery.replace(" grant ", " GRANT ") + + # SQL transaction control + upperQuery = upperQuery.replace(" start transaction ", " START TRANSACTION ") + upperQuery = upperQuery.replace(" begin work ", " BEGIN WORK ") + upperQuery = upperQuery.replace(" begin transaction ", " BEGIN TRANSACTION ") + upperQuery = upperQuery.replace(" commit ", " COMMIT ") + upperQuery = upperQuery.replace(" rollback ", " ROLLBACK ") + return upperQuery diff --git a/lib/request/connect.py b/lib/request/connect.py index 3fde43633..ce6d561b9 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -97,6 +97,7 @@ class Connect: multipartOpener = urllib2.build_opener(multipartpost.MultipartPostHandler) conn = multipartOpener.open(url, multipart) page = conn.read() + return page else: @@ -197,7 +198,7 @@ class Connect: warnMsg += ", skipping to next url" logger.warn(warnMsg) - return None + return None, None if conf.retries < RETRIES: conf.retries += 1 @@ -206,6 +207,7 @@ class Connect: logger.warn(warnMsg) time.sleep(1) + return Connect.__getPageProxy(get=get, post=post, cookie=cookie, ua=ua, direct=direct, multipart=multipart) else: @@ -268,5 +270,7 @@ class Connect: if content: return page - else: + elif page and headers: return comparison(page, headers, content) + else: + return False diff --git a/plugins/dbms/mysql.py b/plugins/dbms/mysql.py index 48f3696e4..242680781 100644 --- a/plugins/dbms/mysql.py +++ b/plugins/dbms/mysql.py @@ -470,7 +470,7 @@ class MySQLMap(Fingerprint, Enumeration, Filesystem, Takeover): "uploadDir": directory, } uploaderUrl = "%s/%s" % (baseUrl, uploaderName) - page, _ = Request.getPage(url=uploaderUrl, multipart=multipartParams) + page = Request.getPage(url=uploaderUrl, multipart=multipartParams) if "Backdoor uploaded" not in page: warnMsg = "unable to upload the backdoor through "