同步操作将从 yeqingchen1/sqlmap 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
#!/usr/bin/env python"""Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)See the file 'LICENSE' for copying permission"""from __future__ import divisionimport osimport reimport timefrom lib.controller.action import actionfrom lib.controller.checks import checkConnectionfrom lib.controller.checks import checkDynParamfrom lib.controller.checks import checkInternetfrom lib.controller.checks import checkNullConnectionfrom lib.controller.checks import checkRegexpfrom lib.controller.checks import checkSqlInjectionfrom lib.controller.checks import checkStabilityfrom lib.controller.checks import checkStringfrom lib.controller.checks import checkWaffrom lib.controller.checks import heuristicCheckSqlInjectionfrom lib.core.agent import agentfrom lib.core.common import dataToStdoutfrom lib.core.common import extractRegexResultfrom lib.core.common import getFilteredPageContentfrom lib.core.common import getPublicTypeMembersfrom lib.core.common import getSafeExStringfrom lib.core.common import hashDBRetrievefrom lib.core.common import hashDBWritefrom lib.core.common import intersectfrom lib.core.common import isListLikefrom lib.core.common import parseTargetUrlfrom lib.core.common import popValuefrom lib.core.common import pushValuefrom lib.core.common import randomStrfrom lib.core.common import readInputfrom lib.core.common import removePostHintPrefixfrom lib.core.common import safeCSValuefrom lib.core.common import showHttpErrorCodesfrom lib.core.common import urldecodefrom lib.core.common import urlencodefrom lib.core.compat import xrangefrom lib.core.data import conffrom lib.core.data import kbfrom lib.core.data import loggerfrom lib.core.decorators import stackedmethodfrom lib.core.enums import CONTENT_TYPEfrom lib.core.enums import HASHDB_KEYSfrom lib.core.enums import HEURISTIC_TESTfrom lib.core.enums import HTTP_HEADERfrom lib.core.enums import HTTPMETHODfrom lib.core.enums import NOTEfrom lib.core.enums import PAYLOADfrom lib.core.enums import PLACEfrom lib.core.exception import SqlmapBaseExceptionfrom lib.core.exception import SqlmapNoneDataExceptionfrom lib.core.exception import SqlmapNotVulnerableExceptionfrom lib.core.exception import SqlmapSilentQuitExceptionfrom lib.core.exception import SqlmapSkipTargetExceptionfrom lib.core.exception import SqlmapSystemExceptionfrom lib.core.exception import SqlmapUserQuitExceptionfrom lib.core.exception import SqlmapValueExceptionfrom lib.core.settings import ASP_NET_CONTROL_REGEXfrom lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXESfrom lib.core.settings import DEFAULT_GET_POST_DELIMITERfrom lib.core.settings import EMPTY_FORM_FIELDS_REGEXfrom lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIXfrom lib.core.settings import HOST_ALIASESfrom lib.core.settings import IGNORE_PARAMETERSfrom lib.core.settings import LOW_TEXT_PERCENTfrom lib.core.settings import REFERER_ALIASESfrom lib.core.settings import USER_AGENT_ALIASESfrom lib.core.target import initTargetEnvfrom lib.core.target import setupTargetEnvfrom lib.utils.hash import crackHashFiledef _selectInjection():"""Selection function for injection place, parameters and type."""points = {}for injection in kb.injections:place = injection.placeparameter = injection.parameterptype = injection.ptypepoint = (place, parameter, ptype)if point not in points:points[point] = injectionelse:for key in points[point]:if key != 'data':points[point][key] = points[point][key] or injection[key]points[point]['data'].update(injection['data'])if len(points) == 1:kb.injection = kb.injections[0]elif len(points) > 1:message = "there were multiple injection points, please select "message += "the one to use for following injections:\n"points = []for i in xrange(0, len(kb.injections)):place = kb.injections[i].placeparameter = kb.injections[i].parameterptype = kb.injections[i].ptypepoint = (place, parameter, ptype)if point not in points:points.append(point)ptype = PAYLOAD.PARAMETER[ptype] if isinstance(ptype, int) else ptypemessage += "[%d] place: %s, parameter: " % (i, place)message += "%s, type: %s" % (parameter, ptype)if i == 0:message += " (default)"message += "\n"message += "[q] Quit"choice = readInput(message, default='0').upper()if choice.isdigit() and int(choice) < len(kb.injections) and int(choice) >= 0:index = int(choice)elif choice == 'Q':raise SqlmapUserQuitExceptionelse:errMsg = "invalid choice"raise SqlmapValueException(errMsg)kb.injection = kb.injections[index]def _formatInjection(inj):paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else inj.placedata = "Parameter: %s (%s)\n" % (inj.parameter, paramType)for stype, sdata in inj.data.items():title = sdata.titlevector = sdata.vectorcomment = sdata.commentpayload = agent.adjustLateValues(sdata.payload)if inj.place == PLACE.CUSTOM_HEADER:payload = payload.split(',', 1)[1]if stype == PAYLOAD.TECHNIQUE.UNION:count = re.sub(r"(?i)(\(.+\))|(\blimit[^a-z]+)", "", sdata.payload).count(',') + 1title = re.sub(r"\d+ to \d+", str(count), title)vector = agent.forgeUnionQuery("[QUERY]", vector[0], vector[1], vector[2], None, None, vector[5], vector[6])if count == 1:title = title.replace("columns", "column")elif comment:vector = "%s%s" % (vector, comment)data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]data += " Title: %s\n" % titledata += " Payload: %s\n" % urldecode(payload, unsafe="&", spaceplus=(inj.place != PLACE.GET and kb.postSpaceToPlus))data += " Vector: %s\n\n" % vector if conf.verbose > 1 else "\n"return datadef _showInjections():if conf.wizard and kb.wizardMode:kb.wizardMode = Falseif kb.testQueryCount > 0:header = "sqlmap identified the following injection point(s) with "header += "a total of %d HTTP(s) requests" % kb.testQueryCountelse:header = "sqlmap resumed the following injection point(s) from stored session"if conf.api:conf.dumper.string("", {"url": conf.url, "query": conf.parameters.get(PLACE.GET), "data": conf.parameters.get(PLACE.POST)}, content_type=CONTENT_TYPE.TARGET)conf.dumper.string("", kb.injections, content_type=CONTENT_TYPE.TECHNIQUES)else:data = "".join(set(_formatInjection(_) for _ in kb.injections)).rstrip("\n")conf.dumper.string(header, data)if conf.tamper:warnMsg = "changes made by tampering scripts are not "warnMsg += "included in shown payload content(s)"logger.warn(warnMsg)if conf.hpp:warnMsg = "changes made by HTTP parameter pollution are not "warnMsg += "included in shown payload content(s)"logger.warn(warnMsg)def _randomFillBlankFields(value):retVal = valueif extractRegexResult(EMPTY_FORM_FIELDS_REGEX, value):message = "do you want to fill blank fields with random values? [Y/n] "if readInput(message, default='Y', boolean=True):for match in re.finditer(EMPTY_FORM_FIELDS_REGEX, retVal):item = match.group("result")if not any(_ in item for _ in IGNORE_PARAMETERS) and not re.search(ASP_NET_CONTROL_REGEX, item):if item[-1] == DEFAULT_GET_POST_DELIMITER:retVal = retVal.replace(item, "%s%s%s" % (item[:-1], randomStr(), DEFAULT_GET_POST_DELIMITER))else:retVal = retVal.replace(item, "%s%s" % (item, randomStr()))return retValdef _saveToHashDB():injections = hashDBRetrieve(HASHDB_KEYS.KB_INJECTIONS, True)if not isListLike(injections):injections = []injections.extend(_ for _ in kb.injections if _ and _.place is not None and _.parameter is not None)_ = dict()for injection in injections:key = (injection.place, injection.parameter, injection.ptype)if key not in _:_[key] = injectionelse:_[key].data.update(injection.data)hashDBWrite(HASHDB_KEYS.KB_INJECTIONS, list(_.values()), True)_ = hashDBRetrieve(HASHDB_KEYS.KB_ABS_FILE_PATHS, True)hashDBWrite(HASHDB_KEYS.KB_ABS_FILE_PATHS, kb.absFilePaths | (_ if isinstance(_, set) else set()), True)if not hashDBRetrieve(HASHDB_KEYS.KB_CHARS):hashDBWrite(HASHDB_KEYS.KB_CHARS, kb.chars, True)if not hashDBRetrieve(HASHDB_KEYS.KB_DYNAMIC_MARKINGS):hashDBWrite(HASHDB_KEYS.KB_DYNAMIC_MARKINGS, kb.dynamicMarkings, True)def _saveToResultsFile():if not conf.resultsFP:returnresults = {}techniques = dict((_[1], _[0]) for _ in getPublicTypeMembers(PAYLOAD.TECHNIQUE))for injection in kb.injections + kb.falsePositives:if injection.place is None or injection.parameter is None:continuekey = (injection.place, injection.parameter, ';'.join(injection.notes))if key not in results:results[key] = []results[key].extend(list(injection.data.keys()))try:for key, value in results.items():place, parameter, notes = keyline = "%s,%s,%s,%s,%s%s" % (safeCSValue(kb.originalUrls.get(conf.url) or conf.url), place, parameter, "".join(techniques[_][0].upper() for _ in sorted(value)), notes, os.linesep)conf.resultsFP.write(line)if not results:line = "%s,,,,%s" % (conf.url, os.linesep)conf.resultsFP.write(line)conf.resultsFP.flush()except IOError as ex:errMsg = "unable to write to the results file '%s' ('%s'). " % (conf.resultsFilename, getSafeExString(ex))raise SqlmapSystemException(errMsg)@stackedmethoddef start():"""This function calls a function that performs checks on both URLstability and all GET, POST, Cookie and User-Agent parameters tocheck if they are dynamic and SQL injection affected"""if conf.hashFile:crackHashFile(conf.hashFile)if conf.direct:initTargetEnv()setupTargetEnv()action()return Trueif conf.url and not any((conf.forms, conf.crawlDepth)):kb.targets.add((conf.url, conf.method, conf.data, conf.cookie, None))if conf.configFile and not kb.targets:errMsg = "you did not edit the configuration file properly, set "errMsg += "the target URL, list of targets or google dork"logger.error(errMsg)return Falseif kb.targets and len(kb.targets) > 1:infoMsg = "sqlmap got a total of %d targets" % len(kb.targets)logger.info(infoMsg)hostCount = 0initialHeaders = list(conf.httpHeaders)for targetUrl, targetMethod, targetData, targetCookie, targetHeaders in kb.targets:try:if conf.checkInternet:infoMsg = "checking for Internet connection"logger.info(infoMsg)if not checkInternet():warnMsg = "[%s] [WARNING] no connection detected" % time.strftime("%X")dataToStdout(warnMsg)while not checkInternet():dataToStdout('.')time.sleep(5)dataToStdout("\n")conf.url = targetUrlconf.method = targetMethod.upper() if targetMethod else targetMethodconf.data = targetDataconf.cookie = targetCookieconf.httpHeaders = list(initialHeaders)conf.httpHeaders.extend(targetHeaders or [])if conf.randomAgent or conf.mobile:for header, value in initialHeaders:if header.upper() == HTTP_HEADER.USER_AGENT.upper():conf.httpHeaders.append((header, value))breakconf.httpHeaders = [conf.httpHeaders[i] for i in xrange(len(conf.httpHeaders)) if conf.httpHeaders[i][0].upper() not in (__[0].upper() for __ in conf.httpHeaders[i + 1:])]initTargetEnv()parseTargetUrl()testSqlInj = Falseif PLACE.GET in conf.parameters and not any((conf.data, conf.testParameter)):for parameter in re.findall(r"([^=]+)=([^%s]+%s?|\Z)" % (re.escape(conf.paramDel or "") or DEFAULT_GET_POST_DELIMITER, re.escape(conf.paramDel or "") or DEFAULT_GET_POST_DELIMITER), conf.parameters[PLACE.GET]):paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0])if paramKey not in kb.testedParams:testSqlInj = Truebreakelse:paramKey = (conf.hostname, conf.path, None, None)if paramKey not in kb.testedParams:testSqlInj = Trueif testSqlInj and conf.hostname in kb.vulnHosts:if kb.skipVulnHost is None:message = "SQL injection vulnerability has already been detected "message += "against '%s'. Do you want to skip " % conf.hostnamemessage += "further tests involving it? [Y/n]"kb.skipVulnHost = readInput(message, default='Y', boolean=True)testSqlInj = not kb.skipVulnHostif not testSqlInj:infoMsg = "skipping '%s'" % targetUrllogger.info(infoMsg)continueif conf.multipleTargets:hostCount += 1if conf.forms and conf.method:message = "[#%d] form:\n%s %s" % (hostCount, conf.method, targetUrl)else:message = "URL %d:\n%s %s" % (hostCount, HTTPMETHOD.GET, targetUrl)if conf.cookie:message += "\nCookie: %s" % conf.cookieif conf.data is not None:message += "\n%s data: %s" % ((conf.method if conf.method != HTTPMETHOD.GET else conf.method) or HTTPMETHOD.POST, urlencode(conf.data) if conf.data else "")if conf.forms and conf.method:if conf.method == HTTPMETHOD.GET and targetUrl.find("?") == -1:continuemessage += "\ndo you want to test this form? [Y/n/q] "choice = readInput(message, default='Y').upper()if choice == 'N':continueelif choice == 'Q':breakelse:if conf.method != HTTPMETHOD.GET:message = "Edit %s data [default: %s]%s: " % (conf.method, urlencode(conf.data) if conf.data else "None", " (Warning: blank fields detected)" if conf.data and extractRegexResult(EMPTY_FORM_FIELDS_REGEX, conf.data) else "")conf.data = readInput(message, default=conf.data)conf.data = _randomFillBlankFields(conf.data)conf.data = urldecode(conf.data) if conf.data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in conf.data else conf.dataelse:if '?' in targetUrl:firstPart, secondPart = targetUrl.split('?', 1)message = "Edit GET data [default: %s]: " % secondParttest = readInput(message, default=secondPart)test = _randomFillBlankFields(test)conf.url = "%s?%s" % (firstPart, test)parseTargetUrl()else:message += "\ndo you want to test this URL? [Y/n/q]"choice = readInput(message, default='Y').upper()if choice == 'N':dataToStdout(os.linesep)continueelif choice == 'Q':breakinfoMsg = "testing URL '%s'" % targetUrllogger.info(infoMsg)setupTargetEnv()if not checkConnection(suppressOutput=conf.forms) or not checkString() or not checkRegexp():continueif conf.rParam and kb.originalPage:kb.randomPool = dict([_ for _ in kb.randomPool.items() if isinstance(_[1], list)])for match in re.finditer(r"(?si)<select[^>]+\bname\s*=\s*[\"']([^\"']+)(.+?)</select>", kb.originalPage):name, _ = match.groups()options = tuple(re.findall(r"<option[^>]+\bvalue\s*=\s*[\"']([^\"']+)", _))if options:kb.randomPool[name] = optionscheckWaf()if conf.nullConnection:checkNullConnection()if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) and (kb.injection.place is None or kb.injection.parameter is None):if not any((conf.string, conf.notString, conf.regexp)) and PAYLOAD.TECHNIQUE.BOOLEAN in conf.technique:# NOTE: this is not needed anymore, leaving only to display# a warning message to the user in case the page is not stablecheckStability()# Do a little prioritization reorder of a testable parameter listparameters = list(conf.parameters.keys())# Order of testing list (first to last)orderList = (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER, PLACE.URI, PLACE.POST, PLACE.GET)for place in orderList[::-1]:if place in parameters:parameters.remove(place)parameters.insert(0, place)proceed = Truefor place in parameters:# Test User-Agent and Referer headers only if# --level >= 3skip = (place == PLACE.USER_AGENT and conf.level < 3)skip |= (place == PLACE.REFERER and conf.level < 3)# --param-filterskip |= (len(conf.paramFilter) > 0 and place.upper() not in conf.paramFilter)# Test Host header only if# --level >= 5skip |= (place == PLACE.HOST and conf.level < 5)# Test Cookie header only if --level >= 2skip |= (place == PLACE.COOKIE and conf.level < 2)skip |= (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.skip, True) not in ([], None))skip |= (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.skip, True) not in ([], None))skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None))skip |= (place == PLACE.HOST and intersect(PLACE.HOST, conf.skip, True) not in ([], None))skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True))skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True))skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True))skip &= not (place == PLACE.COOKIE and intersect((PLACE.COOKIE,), conf.testParameter, True))if skip:continueif kb.testOnlyCustom and place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):continueif place not in conf.paramDict:continueparamDict = conf.paramDict[place]paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else placefor parameter, value in paramDict.items():if not proceed:breakkb.vainRun = FalsetestSqlInj = TrueparamKey = (conf.hostname, conf.path, place, parameter)if paramKey in kb.testedParams:testSqlInj = FalseinfoMsg = "skipping previously processed %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)logger.info(infoMsg)elif any(_ in conf.testParameter for _ in (parameter, removePostHintPrefix(parameter))):passelif parameter in conf.rParam:testSqlInj = FalseinfoMsg = "skipping randomizing %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)logger.info(infoMsg)elif parameter in conf.skip or kb.postHint and parameter.split(' ')[-1] in conf.skip:testSqlInj = FalseinfoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)logger.info(infoMsg)elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):testSqlInj = FalseinfoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)logger.info(infoMsg)elif conf.csrfToken and re.search(conf.csrfToken, parameter, re.I):testSqlInj = FalseinfoMsg = "skipping anti-CSRF token parameter '%s'" % parameterlogger.info(infoMsg)# Ignore session-like parameters for --level < 4elif conf.level < 4 and (parameter.upper() in IGNORE_PARAMETERS or any(_ in parameter.lower() for _ in CSRF_TOKEN_PARAMETER_INFIXES) or parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX)):testSqlInj = FalseinfoMsg = "ignoring %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)logger.info(infoMsg)elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.technique or conf.skipStatic:check = checkDynParam(place, parameter, value)if not check:warnMsg = "%sparameter '%s' does not appear to be dynamic" % ("%s " % paramType if paramType != parameter else "", parameter)logger.warn(warnMsg)if conf.skipStatic:infoMsg = "skipping static %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)logger.info(infoMsg)testSqlInj = Falseelse:infoMsg = "%sparameter '%s' appears to be dynamic" % ("%s " % paramType if paramType != parameter else "", parameter)logger.info(infoMsg)kb.testedParams.add(paramKey)if testSqlInj:try:if place == PLACE.COOKIE:pushValue(kb.mergeCookies)kb.mergeCookies = Falsecheck = heuristicCheckSqlInjection(place, parameter)if check != HEURISTIC_TEST.POSITIVE:if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED):infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)logger.info(infoMsg)continueinfoMsg = "testing for SQL injection on %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)logger.info(infoMsg)injection = checkSqlInjection(place, parameter, value)proceed = not kb.endDetectioninjectable = Falseif getattr(injection, "place", None) is not None:if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE in injection.notes:kb.falsePositives.append(injection)else:injectable = Truekb.injections.append(injection)# In case when user wants to end detection phase (Ctrl+C)if not proceed:breakmsg = "%sparameter '%s' " % ("%s " % injection.place if injection.place != injection.parameter else "", injection.parameter)msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "if not readInput(msg, default='N', boolean=True):proceed = FalseparamKey = (conf.hostname, conf.path, None, None)kb.testedParams.add(paramKey)if not injectable:warnMsg = "%sparameter '%s' does not seem to be injectable" % ("%s " % paramType if paramType != parameter else "", parameter)logger.warn(warnMsg)finally:if place == PLACE.COOKIE:kb.mergeCookies = popValue()if len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None):if kb.vainRun and not conf.multipleTargets:errMsg = "no parameter(s) found for testing in the provided data "errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"if kb.originalPage:advice = []if not conf.forms and re.search(r"<form", kb.originalPage) is not None:advice.append("--forms")if not conf.crawlDepth and re.search(r"href=[\"']/?\w", kb.originalPage) is not None:advice.append("--crawl=2")if advice:errMsg += ". You are advised to rerun with '%s'" % ' '.join(advice)raise SqlmapNoneDataException(errMsg)else:errMsg = "all tested parameters do not appear to be injectable."if conf.level < 5 or conf.risk < 3:errMsg += " Try to increase values for '--level'/'--risk' options "errMsg += "if you wish to perform more tests."if isinstance(conf.technique, list) and len(conf.technique) < 5:errMsg += " Rerun without providing the option '--technique'."if not conf.textOnly and kb.originalPage:percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) / len(kb.originalPage))if kb.dynamicMarkings:errMsg += " You can give it a go with the switch '--text-only' "errMsg += "if the target page has a low percentage "errMsg += "of textual content (~%.2f%% of " % percenterrMsg += "page content is text)."elif percent < LOW_TEXT_PERCENT and not kb.errorIsNone:errMsg += " Please retry with the switch '--text-only' "errMsg += "(along with --technique=BU) as this case "errMsg += "looks like a perfect candidate "errMsg += "(low textual content along with inability "errMsg += "of comparison engine to detect at least "errMsg += "one dynamic parameter)."if kb.heuristicTest == HEURISTIC_TEST.POSITIVE:errMsg += " As heuristic test turned out positive you are "errMsg += "strongly advised to continue on with the tests."if conf.string:errMsg += " Also, you can try to rerun by providing a "errMsg += "valid value for option '--string' as perhaps the string you "errMsg += "have chosen does not match "errMsg += "exclusively True responses."elif conf.regexp:errMsg += " Also, you can try to rerun by providing a "errMsg += "valid value for option '--regexp' as perhaps the regular "errMsg += "expression that you have chosen "errMsg += "does not match exclusively True responses."if not conf.tamper:errMsg += " If you suspect that there is some kind of protection mechanism "errMsg += "involved (e.g. WAF) maybe you could try to use "errMsg += "option '--tamper' (e.g. '--tamper=space2comment')"if not conf.randomAgent:errMsg += " and/or switch '--random-agent'"raise SqlmapNotVulnerableException(errMsg.rstrip('.'))else:# Flush the flagkb.testMode = False_saveToResultsFile()_saveToHashDB()_showInjections()_selectInjection()if kb.injection.place is not None and kb.injection.parameter is not None:if conf.multipleTargets:message = "do you want to exploit this SQL injection? [Y/n] "condition = readInput(message, default='Y', boolean=True)else:condition = Trueif condition:action()except KeyboardInterrupt:if conf.multipleTargets:warnMsg = "user aborted in multiple target mode"logger.warn(warnMsg)message = "do you want to skip to the next target in list? [Y/n/q]"choice = readInput(message, default='Y').upper()if choice == 'N':return Falseelif choice == 'Q':raise SqlmapUserQuitExceptionelse:raiseexcept SqlmapSkipTargetException:passexcept SqlmapUserQuitException:raiseexcept SqlmapSilentQuitException:raiseexcept SqlmapBaseException as ex:errMsg = getSafeExString(ex)if conf.multipleTargets:_saveToResultsFile()errMsg += ", skipping to the next %s" % ("form" if conf.forms else "URL")logger.error(errMsg.lstrip(", "))else:logger.critical(errMsg)return Falsefinally:showHttpErrorCodes()if kb.maxConnectionsFlag:warnMsg = "it appears that the target "warnMsg += "has a maximum connections "warnMsg += "constraint"logger.warn(warnMsg)if kb.dataOutputFlag and not conf.multipleTargets:logger.info("fetched data logged to text files under '%s'" % conf.outputPath)if conf.multipleTargets:if conf.resultsFilename:infoMsg = "you can find results of scanning in multiple targets "infoMsg += "mode inside the CSV file '%s'" % conf.resultsFilenamelogger.info(infoMsg)return True
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。