One more commit related to the last one (reduce false hopes in heavil…

…y dynamic cases)
cndavy · Mar 31, 2018 · 8a90512 · 8a90512
1 parent ae8699f
commit 8a90512
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 10 deletions.
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -508,14 +508,14 @@ def genCmpPayload():
                                         errorResult = Request.queryPage(errorPayload, place, raise404=False)
                                         if errorResult:
                                             continue
-                                    elif not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
+                                    elif kb.heuristicPage and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
                                         _ = comparison(kb.heuristicPage, None, getRatioValue=True)
                                         if _ > kb.matchRatio:
                                             kb.matchRatio = _
                                             logger.debug("adjusting match ratio for current parameter to %.3f" % kb.matchRatio)
 
                                     # Reducing false-positive "appears" messages in heavily dynamic environment
-                                    if kb.heavyDynamic and not Request.queryPage(reqPayload, place, raise404=False):
+                                    if kb.heavilyDynamic and not Request.queryPage(reqPayload, place, raise404=False):
                                         continue
 
                                     injectable = True
@@ -986,6 +986,11 @@ def heuristicCheckSqlInjection(place, parameter):
         logger.debug(debugMsg)
         return None
 
+    if kb.heavilyDynamic:
+        debugMsg = "heuristic check skipped because of heavy dynamicity"
+        logger.debug(debugMsg)
+        return None
+
     origValue = conf.paramDict[place][parameter]
     paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
 
@@ -1048,6 +1053,8 @@ def _(page):
             kb.ignoreCasted = readInput(message, default='Y' if conf.multipleTargets else 'N', boolean=True)
 
     elif result:
+        import pdb
+        pdb.set_trace()
         infoMsg += "be injectable"
         if Backend.getErrorParsedDBMSes():
             infoMsg += " (possible DBMS: '%s')" % Format.getErrorParsedDBMSes()
@@ -1172,7 +1179,7 @@ def checkDynamicContent(firstPage, secondPage):
             warnMsg += "sqlmap is going to retry the request(s)"
             singleTimeLogMessage(warnMsg, logging.CRITICAL)
 
-            kb.heavyDynamic = True
+            kb.heavilyDynamic = True
 
             secondPage, _, _ = Request.queryPage(content=True)
             findDynamicContent(firstPage, secondPage)

diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1945,7 +1945,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.forcePartialUnion = False
     kb.forceWhere = None
     kb.futileUnion = None
-    kb.heavyDynamic = False
+    kb.heavilyDynamic = False
     kb.headersFp = {}
     kb.heuristicDbms = None
     kb.heuristicExtendedDbms = None

diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.3.50"
+VERSION = "1.2.3.51"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py
@@ -54,7 +54,7 @@ def _orderByTest(cols):
             query = agent.suffixQuery(query, suffix=suffix, comment=comment)
             payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where)
             page, headers, code = Request.queryPage(payload, place=place, content=True, raise404=False)
-            return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and not kb.heavyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None
+            return not any(re.search(_, page or "", re.I) and not re.search(_, kb.pageTemplate or "", re.I) for _ in ("(warning|error):", "order by", "unknown column", "failed")) and not kb.heavilyDynamic and comparison(page, headers, code) or re.search(r"data types cannot be compared or sorted", page or "", re.I) is not None
 
         if _orderByTest(1 if lowerCount is None else lowerCount) and not _orderByTest(randomInt() if upperCount is None else upperCount + 1):
             infoMsg = "'ORDER BY' technique appears to be usable. "

diff --git a/txt/checksum.md5 b/txt/checksum.md5
@@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0  extra/shutils/regressiontest.py
 1e5532ede194ac9c083891c2f02bca93  extra/sqlharvest/__init__.py
 b3e60ea4e18a65c48515d04aab28ff68  extra/sqlharvest/sqlharvest.py
 0f581182871148b0456a691ae85b04c0  lib/controller/action.py
-28c80dd4b8f288f46388770415d7c1df  lib/controller/checks.py
+71a8af96273cde7fd8e8c8b3122df27a  lib/controller/checks.py
 33689bb1b064d4eebc216934795a595f  lib/controller/controller.py
 c7443613a0a2505b1faec931cee2a6ef  lib/controller/handler.py
 1e5532ede194ac9c083891c2f02bca93  lib/controller/__init__.py
@@ -40,13 +40,13 @@ cada93357a7321655927fc9625b3bfec  lib/core/exception.py
 1e5532ede194ac9c083891c2f02bca93  lib/core/__init__.py
 458a194764805cd8312c14ecd4be4d1e  lib/core/log.py
 c9a56e58984420a5abb7a3f7aadc196d  lib/core/optiondict.py
-8484e95c616b7a5220157c13e24fa1d6  lib/core/option.py
+b950c8c2f2ae87ad2ec99e1d19b2c03a  lib/core/option.py
 7cfd04e583cca782b843f6f6d973981a  lib/core/profiling.py
 ffa5f01f39b17c8d73423acca6cfe86a  lib/core/readlineng.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-30cc59cf0722d37effce632dcd38dc62  lib/core/settings.py
+05c1496418a91fba529536205a7e9cc0  lib/core/settings.py
 0dfc2ed40adf72e302291f6ecd4406f6  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 a35efa7bec9f1e6cedf17c9830a79241  lib/core/target.py
@@ -96,7 +96,7 @@ fb9e34d558293b5d6b9727f440712886  lib/takeover/registry.py
 f999f2e88dea9ac8831eb2f468478b5f  lib/techniques/error/use.py
 1e5532ede194ac9c083891c2f02bca93  lib/techniques/__init__.py
 1e5532ede194ac9c083891c2f02bca93  lib/techniques/union/__init__.py
-07882f244fc73e130ab1a17caa6f5fb0  lib/techniques/union/test.py
+36c49359a110fe0f797b2eb9e2d694ed  lib/techniques/union/test.py
 11ecf2effbe9f40b361843d546c3c521  lib/techniques/union/use.py
 c552f8d924d962a26f2ded250bcea3b8  lib/utils/api.py
 37dfb641358669f62c2acedff241348b  lib/utils/brute.py