CERBERUS/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-06-28 04:20:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Minor update

Browse source
This commit is contained in:
Miroslav Štampar 2026-06-21 22:36:48 +02:00
parent 9d653d2d50
commit e82b1b56f7
4 changed files with 41 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/core/settings.py
View file

@ -20,7 +20,7 @@ from lib.core.enums import OS
from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.10.6.134"
VERSION = "1.10.6.135"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -809,6 +809,11 @@ MAX_STABILITY_DELAY = 0.5
# Reference: http://www.tcpipguide.com/free/t_DNSLabelsNamesandSyntaxRules.htm
MAX_DNS_LABEL = 63
# Maximum number of (most recent) DNS resolution requests retained by the DNS server (bounded so
# that unrelated/stray traffic to the listening :53 socket cannot grow memory without limit; the
# value is popped right after it is triggered, so only recent entries ever matter)
MAX_DNS_REQUESTS = 1000
# Alphabet used for prefix and suffix strings of name resolution requests in DNS technique (excluding hexadecimal chars for not mixing with inner content)
DNS_BOUNDARIES_ALPHABET = re.sub(r"[a-fA-F]", "", string.ascii_letters)

34
lib/request/dns.py
View file

@ -8,6 +8,7 @@ See the file 'LICENSE' for copying permission
from __future__ import print_function
import binascii
import collections
import os
import re
import socket
@ -15,6 +16,11 @@ import struct
import threading
import time
try:
from lib.core.settings import MAX_DNS_REQUESTS
except ImportError:
MAX_DNS_REQUESTS = 1000 # fallback so this module stays runnable standalone
class DNSQuery(object):
"""
>>> DNSQuery(b'|K\\x01 \\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x01\\x03www\\x06google\\x03com\\x00\\x00\\x01\\x00\\x01\\x00\\x00)\\x10\\x00\\x00\\x00\\x00\\x00\\x00\\x0c\\x00\\n\\x00\\x08O4|Np!\\x1d\\xb3')._query == b"www.google.com."
@ -74,7 +80,7 @@ class DNSServer(object):
def __init__(self):
self._check_localhost()
self._requests = []
self._requests = collections.deque(maxlen=MAX_DNS_REQUESTS)
self._lock = threading.Lock()
try:
@ -140,12 +146,28 @@ class DNSServer(object):
self._initialized = True
while True:
data, addr = self._socket.recvfrom(1024)
_ = DNSQuery(data)
self._socket.sendto(_.response("127.0.0.1"), addr)
try:
data, addr = self._socket.recvfrom(1024)
except KeyboardInterrupt:
raise
except Exception:
break # socket closed/broken - stop serving (e.g. program exit)
with self._lock:
self._requests.append(_._query)
# Note: a single malformed packet or a transient send error must NOT kill the
# server thread (otherwise all subsequent DNS exfiltration is silently lost).
# The query is recorded BEFORE responding, so the exfiltrated data is captured
# even if crafting/sending the (fake) resolution response fails.
try:
_ = DNSQuery(data)
with self._lock:
self._requests.append(_._query)
self._socket.sendto(_.response("127.0.0.1"), addr)
except KeyboardInterrupt:
raise
except Exception:
pass
except KeyboardInterrupt:
raise

5
lib/techniques/dns/use.py
View file

@ -84,7 +84,10 @@ def dnsUse(payload, expression):
_ = conf.dnsServer.pop(prefix, suffix)
if _:
_ = extractRegexResult(r"%s\.(?P<result>.+)\.%s" % (prefix, suffix), _, re.I)
# Note: non-greedy so a '--dns-domain' label that happens to match the random
# suffix can't make the match run past the real boundary (the boundary alphabet
# excludes hex characters, so it can never under-match into the hex payload)
_ = extractRegexResult(r"%s\.(?P<result>.+?)\.%s" % (prefix, suffix), _, re.I)
_ = decodeDbmsHexValue(_)
output = (output or "") + _
offset += len(_)