def checkConnection(suppressOutput=False):
if not any([conf.proxy, conf.tor]):
try:
socket.getaddrinfo(conf.hostname, None)
except socket.gaierror:
errMsg = "host '%s' does not exist" % conf.hostname
raise sqlmapConnectionException, errMsg
if not suppressOutput:
infoMsg = "testing connection to the target url"
logger.info(infoMsg)
try:
page, _ = Request.queryPage(content=True, noteResponseTime=False)
kb.originalPage = kb.pageTemplate = page
kb.errorIsNone = False
if not kb.originalPage and wasLastRequestHTTPError():
errMsg = "unable to retrieve page content"
raise sqlmapConnectionException, errMsg
elif wasLastRequestDBMSError():
warnMsg = "there is a DBMS error found in the HTTP response body"
warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg)
elif wasLastRequestHTTPError():
warnMsg = "the web server responded with an HTTP error code "
warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg)
else:
kb.errorIsNone = True
except sqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg)
raise sqlmapConnectionException, errMsg
def checkConnection(suppressOutput=False):
if not any([conf.proxy, conf.tor]):
try:
socket.getaddrinfo(conf.hostname, None)
except socket.gaierror:
errMsg = "host '%s' does not exist" % conf.hostname
raise sqlmapConnectionException, errMsg
if not suppressOutput:
infoMsg = "testing connection to the target url"
logger.info(infoMsg)
try:
page, _ = Request.queryPage(content=True, noteResponseTime=False)
kb.originalPage = kb.pageTemplate = page
kb.errorIsNone = False
if not kb.originalPage and wasLastRequestHTTPError():
errMsg = "unable to retrieve page content"
raise sqlmapConnectionException, errMsg
elif wasLastRequestDBMSError():
warnMsg = "there is a DBMS error found in the HTTP response body"
warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg)
elif wasLastRequestHTTPError():
warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError(
)
warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg)
else:
kb.errorIsNone = True
except sqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg)
logger.critical(errMsg)
if conf.ipv6:
warnMsg = "check connection to a provided "
warnMsg += "IPv6 address with a tool like ping6 "
warnMsg += "(e.g. 'ping6 %s') " % conf.hostname
warnMsg += "prior to running sqlmap to avoid "
warnMsg += "any addressing issues"
singleTimeWarnMessage(warnMsg)
if any(code in kb.httpErrorCodes for code in (httplib.NOT_FOUND, )):
if conf.multipleTargets:
return False
msg = "it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] "
if readInput(msg, default="Y") not in ("n", "N"):
raise sqlmapSilentQuitException
else:
kb.ignoreNotFound = True
else:
raise
def checkConnection(suppressOutput=False):
if not any([conf.proxy, conf.tor]):
try:
socket.getaddrinfo(conf.hostname, None)
except socket.gaierror:
errMsg = "host '%s' does not exist" % conf.hostname
raise SqlmapConnectionException, errMsg
if not suppressOutput:
infoMsg = "testing connection to the target url"
logger.info(infoMsg)
try:
page, _ = Request.queryPage(content=True, noteResponseTime=False)
kb.originalPage = kb.pageTemplate = page
kb.errorIsNone = False
if not kb.originalPage and wasLastRequestHTTPError():
errMsg = "unable to retrieve page content"
raise SqlmapConnectionException, errMsg
elif wasLastRequestDBMSError():
warnMsg = "there is a DBMS error found in the HTTP response body "
warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg)
elif wasLastRequestHTTPError():
warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError()
warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg)
else:
kb.errorIsNone = True
except SqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg)
logger.critical(errMsg)
if conf.ipv6:
warnMsg = "check connection to a provided "
warnMsg += "IPv6 address with a tool like ping6 "
warnMsg += "(e.g. 'ping6 %s') " % conf.hostname
warnMsg += "prior to running sqlmap to avoid "
warnMsg += "any addressing issues"
singleTimeWarnMessage(warnMsg)
if any(code in kb.httpErrorCodes for code in (httplib.NOT_FOUND, )):
if conf.multipleTargets:
return False
msg = "it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] "
if readInput(msg, default="Y") not in ("n", "N"):
raise SqlmapSilentQuitException
else:
kb.ignoreNotFound = True
else:
raise
def checkConnection(suppressOutput=False):
try:
socket.gethostbyname(conf.hostname)
except socket.gaierror:
errMsg = "host '%s' does not exist" % conf.hostname
raise sqlmapConnectionException, errMsg
if not suppressOutput:
infoMsg = "testing connection to the target url"
logger.info(infoMsg)
try:
page, _ = Request.queryPage(content=True)
kb.originalPage = kb.pageTemplate = page
kb.errorIsNone = False
if not kb.originalPage:
errMsg = "unable to retrieve page content"
raise sqlmapConnectionException, errMsg
elif wasLastRequestDBMSError():
warnMsg = "there is a DBMS error found in the HTTP response body"
warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg)
elif wasLastRequestHTTPError():
warnMsg = "the web server responded with an HTTP error code "
warnMsg += "which could interfere with the results of the tests"
logger.warn(warnMsg)
else:
kb.errorIsNone = True
except sqlmapConnectionException, errMsg:
errMsg = getUnicode(errMsg)
raise sqlmapConnectionException, errMsg
def simpletonCheckSqlInjection(place, parameter, value):
"""
This is a function for the quickest and simplest
SQL injection check (e.g. AND 1=1) - only works
with integer parameters
"""
result = False
randInt = randomInt()
if value.isdigit():
payload = "%s AND %d=%d" % (value, randInt, randInt)
else:
return False
payload = agent.payload(place, parameter, value, payload)
firstPage, _ = Request.queryPage(payload,
place,
content=True,
raise404=False)
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
if getComparePageRatio(kb.originalPage, firstPage,
filtered=True) > CONSTANT_RATIO:
payload = "%s AND %d=%d" % (value, randInt, randInt + 1)
payload = agent.payload(place, parameter, value, payload)
secondPage, _ = Request.queryPage(payload,
place,
content=True,
raise404=False)
result = getComparePageRatio(firstPage, secondPage,
filtered=True) <= CONSTANT_RATIO
infoMsg = "simpleton test shows that %s " % place
infoMsg += "parameter '%s' might " % parameter
if result:
infoMsg += "be injectable"
logger.info(infoMsg)
else:
infoMsg += "not be injectable"
logger.warn(infoMsg)
return result
def simpletonCheckSqlInjection(place, parameter, value):
"""
This is a function for the quickest and simplest
SQL injection check (e.g. AND 1=1) - only works
with integer parameters
"""
result = False
randInt = randomInt()
if value.isdigit():
payload = "%s AND %d=%d" % (value, randInt, randInt)
else:
return False
payload = agent.payload(place, parameter, value, payload)
firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
payload = "%s AND %d=%d" % (value, randInt, randInt + 1)
payload = agent.payload(place, parameter, value, payload)
secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
result = getComparePageRatio(firstPage, secondPage, filtered=True) <= CONSTANT_RATIO
infoMsg = "simpleton test shows that %s " % place
infoMsg += "parameter '%s' might " % parameter
if result:
infoMsg += "be injectable"
logger.info(infoMsg)
else:
infoMsg += "not be injectable"
logger.warn(infoMsg)
return result
def _comparison(page, headers, code, getRatioValue, pageLength):
threadData = getCurrentThreadData()
if kb.testMode:
threadData.lastComparisonPage = page
if page is None and pageLength is None:
return None
seqMatcher = threadData.seqMatcher
seqMatcher.set_seq1(kb.pageTemplate)
if any((conf.string, conf.notString, conf.regexp)):
rawResponse = "%s%s" % (
listToStrValue(headers.headers if headers else ""), page)
# String to match in page when the query is True and/or valid
if conf.string:
return conf.string in rawResponse
# String to match in page when the query is False and/or invalid
if conf.notString:
return conf.notString not in rawResponse
# Regular expression to match in page when the query is True and/or valid
if conf.regexp:
return re.search(conf.regexp, rawResponse, re.I | re.M) is not None
# HTTP code to match when the query is valid
if conf.code:
return conf.code == code
if page:
# In case of an DBMS error page return None
if kb.errorIsNone and (wasLastRequestDBMSError()
or wasLastRequestHTTPError()):
return None
# Dynamic content lines to be excluded before comparison
if not kb.nullConnection:
page = removeDynamicContent(page)
seqMatcher.set_seq1(removeDynamicContent(kb.pageTemplate))
if not pageLength:
pageLength = len(page)
if kb.nullConnection and pageLength:
if not seqMatcher.a:
errMsg = "problem occured while retrieving original page content "
errMsg += "which prevents sqlmap from continuation. Please rerun, "
errMsg += "and if the problem persists turn off any optimization switches"
raise SqlmapNoneDataException(errMsg)
ratio = 1. * pageLength / len(seqMatcher.a)
if ratio > 1.:
ratio = 1. / ratio
else:
# Preventing "Unicode equal comparison failed to convert both arguments to Unicode"
# (e.g. if one page is PDF and the other is HTML)
if isinstance(seqMatcher.a, str) and isinstance(page, unicode):
page = page.encode(kb.pageEncoding or DEFAULT_PAGE_ENCODING,
'ignore')
elif isinstance(seqMatcher.a, unicode) and isinstance(page, str):
seqMatcher.a = seqMatcher.a.encode(
kb.pageEncoding or DEFAULT_PAGE_ENCODING, 'ignore')
seq1, seq2 = None, None
if conf.titles:
seq1 = extractRegexResult(HTML_TITLE_REGEX, seqMatcher.a)
seq2 = extractRegexResult(HTML_TITLE_REGEX, page)
else:
seq1 = getFilteredPageContent(
seqMatcher.a, True) if conf.textOnly else seqMatcher.a
seq2 = getFilteredPageContent(page,
True) if conf.textOnly else page
if seq1 is None or seq2 is None:
return None
seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "")
seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "")
count = 0
while count < min(len(seq1), len(seq2)):
if seq1[count] == seq2[count]:
count += 1
else:
break
if count:
seq1 = seq1[count:]
seq2 = seq2[count:]
seqMatcher.set_seq1(seq1)
seqMatcher.set_seq2(seq2)
ratio = round(seqMatcher.quick_ratio(), 3)
# If the url is stable and we did not set yet the match ratio and the
# current injected value changes the url page content
if kb.matchRatio is None:
if ratio >= LOWER_RATIO_BOUND and ratio <= UPPER_RATIO_BOUND:
kb.matchRatio = ratio
logger.debug("setting match ratio for current parameter to %.3f" %
kb.matchRatio)
# If it has been requested to return the ratio and not a comparison
# response
if getRatioValue:
return ratio
elif ratio > UPPER_RATIO_BOUND:
return True
elif kb.matchRatio is None:
return None
else:
return (ratio - kb.matchRatio) > DIFF_TOLERANCE
def comparison(page, getRatioValue=False, pageLength=None):
if page is None and pageLength is None:
return None
regExpResults = None
seqMatcher = getCurrentThreadData().seqMatcher
seqMatcher.set_seq1(kb.pageTemplate)
if page:
# String to match in page when the query is valid
if conf.string:
condition = conf.string in page
return condition if not getRatioValue else (
MAX_RATIO if condition else MIN_RATIO)
# Regular expression to match in page when the query is valid
if conf.regexp:
condition = re.search(conf.regexp, page, re.I | re.M) is not None
return condition if not getRatioValue else (
MAX_RATIO if condition else MIN_RATIO)
# In case of an DBMS error page return None
if kb.errorIsNone and (wasLastRequestDBMSError()
or wasLastRequestHTTPError()):
return None
# Dynamic content lines to be excluded before comparison
if not kb.nullConnection:
page = removeDynamicContent(page)
seqMatcher.set_seq1(removeDynamicContent(kb.pageTemplate))
if not pageLength:
pageLength = len(page)
if kb.nullConnection and pageLength:
if not seqMatcher.a:
errMsg = "problem occured while retrieving original page content "
errMsg += "which prevents sqlmap from continuation. please rerun, "
errMsg += "and if problem persists please turn off optimization switches"
raise sqlmapNoneDataException, errMsg
ratio = 1. * pageLength / len(seqMatcher.a)
if ratio > 1.:
ratio = 1. / ratio
else:
seqMatcher.set_seq1(
getFilteredPageContent(seqMatcher.a, True) if conf.
textOnly else seqMatcher.a)
seqMatcher.set_seq2(
getFilteredPageContent(page, True) if conf.textOnly else page)
ratio = round(seqMatcher.quick_ratio(), 3)
# If the url is stable and we did not set yet the match ratio and the
# current injected value changes the url page content
if kb.matchRatio is None:
if kb.pageStable and ratio >= LOWER_RATIO_BOUND and ratio <= UPPER_RATIO_BOUND:
kb.matchRatio = ratio
logger.debug("setting match ratio for current parameter to %.3f" %
kb.matchRatio)
elif not kb.pageStable:
kb.matchRatio = CONSTANT_RATIO
logger.debug(
"setting match ratio for current parameter to default value 0.900"
)
# If it has been requested to return the ratio and not a comparison
# response
if getRatioValue:
return ratio
elif ratio > UPPER_RATIO_BOUND:
return True
elif kb.matchRatio is None:
return None
else:
if kb.matchRatio == CONSTANT_RATIO:
return ratio > kb.matchRatio
else:
return (ratio - kb.matchRatio) > DIFF_TOLERANCE
def _comparison(page, headers, code, getRatioValue, pageLength):
threadData = getCurrentThreadData()
if kb.testMode:
threadData.lastComparisonHeaders = listToStrValue(headers.headers) if headers else ""
threadData.lastComparisonPage = page
if page is None and pageLength is None:
return None
seqMatcher = threadData.seqMatcher
seqMatcher.set_seq1(kb.pageTemplate)
if any((conf.string, conf.notString, conf.regexp)):
rawResponse = "%s%s" % (listToStrValue(headers.headers) if headers else "", page)
# String to match in page when the query is True and/or valid
if conf.string:
return conf.string in rawResponse
# String to match in page when the query is False and/or invalid
if conf.notString:
return conf.notString not in rawResponse
# Regular expression to match in page when the query is True and/or valid
if conf.regexp:
return re.search(conf.regexp, rawResponse, re.I | re.M) is not None
# HTTP code to match when the query is valid
if conf.code:
return conf.code == code
if page:
# In case of an DBMS error page return None
if kb.errorIsNone and (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
return None
# Dynamic content lines to be excluded before comparison
if not kb.nullConnection:
page = removeDynamicContent(page)
seqMatcher.set_seq1(removeDynamicContent(kb.pageTemplate))
if not pageLength:
pageLength = len(page)
if kb.nullConnection and pageLength:
if not seqMatcher.a:
errMsg = "problem occured while retrieving original page content "
errMsg += "which prevents sqlmap from continuation. Please rerun, "
errMsg += "and if the problem persists turn off any optimization switches"
raise SqlmapNoneDataException(errMsg)
ratio = 1. * pageLength / len(seqMatcher.a)
if ratio > 1.:
ratio = 1. / ratio
else:
# Preventing "Unicode equal comparison failed to convert both arguments to Unicode"
# (e.g. if one page is PDF and the other is HTML)
if isinstance(seqMatcher.a, str) and isinstance(page, unicode):
page = page.encode(kb.pageEncoding or DEFAULT_PAGE_ENCODING, 'ignore')
elif isinstance(seqMatcher.a, unicode) and isinstance(page, str):
seqMatcher.a = seqMatcher.a.encode(kb.pageEncoding or DEFAULT_PAGE_ENCODING, 'ignore')
seq1, seq2 = None, None
if conf.titles:
seq1 = extractRegexResult(HTML_TITLE_REGEX, seqMatcher.a)
seq2 = extractRegexResult(HTML_TITLE_REGEX, page)
else:
seq1 = getFilteredPageContent(seqMatcher.a, True) if conf.textOnly else seqMatcher.a
seq2 = getFilteredPageContent(page, True) if conf.textOnly else page
if seq1 is None or seq2 is None:
return None
seq1 = seq1.replace(REFLECTED_VALUE_MARKER, "")
seq2 = seq2.replace(REFLECTED_VALUE_MARKER, "")
count = 0
while count < min(len(seq1), len(seq2)):
if seq1[count] == seq2[count]:
count += 1
else:
break
if count:
seq1 = seq1[count:]
seq2 = seq2[count:]
seqMatcher.set_seq1(seq1)
seqMatcher.set_seq2(seq2)
ratio = round(seqMatcher.quick_ratio(), 3)
# If the url is stable and we did not set yet the match ratio and the
# current injected value changes the url page content
if kb.matchRatio is None:
if ratio >= LOWER_RATIO_BOUND and ratio <= UPPER_RATIO_BOUND:
kb.matchRatio = ratio
logger.debug("setting match ratio for current parameter to %.3f" % kb.matchRatio)
# If it has been requested to return the ratio and not a comparison
# response
if getRatioValue:
return ratio
elif ratio > UPPER_RATIO_BOUND:
return True
elif kb.matchRatio is None:
return None
else:
return (ratio - kb.matchRatio) > DIFF_TOLERANCE
def comparison(page, getRatioValue=False, pageLength=None):
if page is None and pageLength is None:
return None
regExpResults = None
seqMatcher = getCurrentThreadData().seqMatcher
seqMatcher.set_seq1(kb.pageTemplate)
if page:
# String to match in page when the query is valid
if conf.string:
condition = conf.string in page
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
# Regular expression to match in page when the query is valid
if conf.regexp:
condition = re.search(conf.regexp, page, re.I | re.M) is not None
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
# In case of an DBMS error page return None
if kb.errorIsNone and (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
return None
# Dynamic content lines to be excluded before comparison
if not kb.nullConnection:
page = removeDynamicContent(page)
seqMatcher.set_seq1(removeDynamicContent(kb.pageTemplate))
if not pageLength:
pageLength = len(page)
if kb.nullConnection and pageLength:
if not seqMatcher.a:
errMsg = "problem occured while retrieving original page content "
errMsg += "which prevents sqlmap from continuation. please rerun, "
errMsg += "and if problem persists please turn off optimization switches"
raise sqlmapNoneDataException, errMsg
ratio = 1. * pageLength / len(seqMatcher.a)
if ratio > 1.:
ratio = 1. / ratio
else:
seqMatcher.set_seq1(getFilteredPageContent(seqMatcher.a, True) if conf.textOnly else seqMatcher.a)
seqMatcher.set_seq2(getFilteredPageContent(page, True) if conf.textOnly else page)
ratio = round(seqMatcher.quick_ratio(), 3)
# If the url is stable and we did not set yet the match ratio and the
# current injected value changes the url page content
if kb.matchRatio is None:
if kb.pageStable and ratio >= LOWER_RATIO_BOUND and ratio <= UPPER_RATIO_BOUND:
kb.matchRatio = ratio
logger.debug("setting match ratio for current parameter to %.3f" % kb.matchRatio)
elif not kb.pageStable:
kb.matchRatio = CONSTANT_RATIO
logger.debug("setting match ratio for current parameter to default value 0.900")
# If it has been requested to return the ratio and not a comparison
# response
if getRatioValue:
return ratio
elif ratio > UPPER_RATIO_BOUND:
return True
elif kb.matchRatio is None:
return None
else:
if kb.matchRatio == CONSTANT_RATIO:
return ratio > kb.matchRatio
else:
return (ratio - kb.matchRatio) > DIFF_TOLERANCE
