2008-10-15 19:38:22 +04:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
"""
|
2008-10-15 19:56:32 +04:00
|
|
|
$Id$
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2010-10-14 18:41:14 +04:00
|
|
|
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
|
2010-10-15 03:18:29 +04:00
|
|
|
See the file 'doc/COPYING' for copying permission
|
2008-10-15 19:38:22 +04:00
|
|
|
"""
|
|
|
|
|
2010-02-23 11:54:33 +03:00
|
|
|
try:
|
|
|
|
import hashlib
|
|
|
|
except:
|
|
|
|
import md5
|
|
|
|
import sha
|
2010-04-12 13:35:20 +04:00
|
|
|
|
|
|
|
import pickle
|
2011-04-10 20:46:33 +04:00
|
|
|
import re
|
2010-02-23 11:54:33 +03:00
|
|
|
import sys
|
2011-04-10 11:16:19 +04:00
|
|
|
import string
|
2008-10-15 19:38:22 +04:00
|
|
|
import struct
|
|
|
|
import urllib
|
|
|
|
|
2010-03-27 02:23:25 +03:00
|
|
|
from lib.core.data import conf
|
2011-03-09 12:36:56 +03:00
|
|
|
from lib.core.data import logger
|
2011-04-14 17:53:56 +04:00
|
|
|
from lib.core.settings import HEX_ENCODED_CHAR_REGEX
|
2011-03-03 13:39:04 +03:00
|
|
|
from lib.core.settings import UNICODE_ENCODING
|
2011-03-09 12:36:56 +03:00
|
|
|
from lib.core.settings import URLENCODE_CHAR_LIMIT
|
|
|
|
from lib.core.settings import URLENCODE_FAILSAFE_CHARS
|
2010-03-27 02:23:25 +03:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def base64decode(value):
|
|
|
|
return value.decode("base64")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def base64encode(value):
|
|
|
|
return value.encode("base64")[:-1].replace("\n", "")
|
2010-04-12 13:35:20 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def base64pickle(value):
|
|
|
|
return base64encode(pickle.dumps(value))
|
2010-04-12 13:35:20 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def base64unpickle(value):
|
|
|
|
return pickle.loads(base64decode(value))
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def hexdecode(value):
|
|
|
|
value = value.lower()
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
if value.startswith("0x"):
|
|
|
|
value = value[2:]
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
return value.decode("hex")
|
2010-11-03 13:08:27 +03:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def hexencode(value):
|
|
|
|
return value.encode("hex")
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def md5hash(value):
|
2010-02-23 11:54:33 +03:00
|
|
|
if sys.modules.has_key('hashlib'):
|
2011-01-15 15:13:45 +03:00
|
|
|
return hashlib.md5(value).hexdigest()
|
2010-02-23 11:54:33 +03:00
|
|
|
else:
|
2011-01-15 15:13:45 +03:00
|
|
|
return md5.new(value).hexdigest()
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def orddecode(value):
|
|
|
|
packedString = struct.pack("!"+"I" * len(value), *value)
|
2008-10-15 19:38:22 +04:00
|
|
|
return "".join([chr(char) for char in struct.unpack("!"+"I"*(len(packedString)/4), packedString)])
|
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def ordencode(value):
|
|
|
|
return tuple([ord(char) for char in value])
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def sha1hash(value):
|
2010-02-23 11:54:33 +03:00
|
|
|
if sys.modules.has_key('hashlib'):
|
2011-01-15 15:13:45 +03:00
|
|
|
return hashlib.sha1(value).hexdigest()
|
2010-02-23 11:54:33 +03:00
|
|
|
else:
|
2011-01-15 15:13:45 +03:00
|
|
|
return sha.new(value).hexdigest()
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-03-03 13:39:04 +03:00
|
|
|
def urldecode(value, encoding=None):
|
2010-01-02 05:02:12 +03:00
|
|
|
result = None
|
2010-10-01 12:03:39 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
if value:
|
2011-02-26 01:43:01 +03:00
|
|
|
try:
|
|
|
|
# for cases like T%C3%BCrk%C3%A7e
|
|
|
|
value = str(value)
|
|
|
|
except ValueError:
|
2011-03-03 13:39:04 +03:00
|
|
|
pass
|
|
|
|
finally:
|
2011-02-26 01:43:01 +03:00
|
|
|
result = urllib.unquote_plus(value)
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-03-03 13:39:04 +03:00
|
|
|
if isinstance(result, str):
|
|
|
|
result = unicode(result, encoding or UNICODE_ENCODING, errors="replace")
|
|
|
|
|
2010-01-02 05:02:12 +03:00
|
|
|
return result
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-03-09 12:36:56 +03:00
|
|
|
def urlencode(value, safe="%&=", convall=False, limit=False):
|
2010-06-30 01:07:23 +04:00
|
|
|
if conf.direct or "POSTxml" in conf.paramDict:
|
2011-01-15 15:13:45 +03:00
|
|
|
return value
|
2010-03-27 02:23:25 +03:00
|
|
|
|
2011-03-11 22:57:44 +03:00
|
|
|
count = 0
|
2010-01-02 05:02:12 +03:00
|
|
|
result = None
|
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
if value is None:
|
2010-01-02 05:02:12 +03:00
|
|
|
return result
|
2008-10-15 19:38:22 +04:00
|
|
|
|
2011-03-11 22:57:44 +03:00
|
|
|
if convall or safe is None:
|
|
|
|
safe = ""
|
|
|
|
|
2011-04-10 20:46:33 +04:00
|
|
|
# corner case when character % really needs to be
|
|
|
|
# encoded (when not representing url encoded char)
|
|
|
|
if all(map(lambda x: '%' in x, [safe, value])):
|
|
|
|
value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE)
|
|
|
|
|
2011-03-11 22:57:44 +03:00
|
|
|
while True:
|
|
|
|
result = urllib.quote(utf8encode(value), safe)
|
2011-03-09 12:36:56 +03:00
|
|
|
|
2011-03-11 22:57:44 +03:00
|
|
|
if limit and len(result) > URLENCODE_CHAR_LIMIT:
|
|
|
|
if count >= len(URLENCODE_FAILSAFE_CHARS):
|
|
|
|
dbgMsg = "failed to fully shorten urlencoding value"
|
|
|
|
logger.debug(dbgMsg)
|
2011-03-09 12:36:56 +03:00
|
|
|
break
|
2010-01-02 05:02:12 +03:00
|
|
|
|
2011-03-11 22:57:44 +03:00
|
|
|
while count < len(URLENCODE_FAILSAFE_CHARS):
|
|
|
|
safe += URLENCODE_FAILSAFE_CHARS[count]
|
|
|
|
count += 1
|
|
|
|
if safe[-1] in value:
|
|
|
|
break
|
|
|
|
else:
|
|
|
|
break
|
|
|
|
|
2010-01-02 05:02:12 +03:00
|
|
|
return result
|
2010-05-28 15:32:10 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def utf8encode(value):
|
|
|
|
return value.encode("utf-8")
|
2010-05-28 15:32:10 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def utf8decode(value):
|
|
|
|
return value.decode("utf-8")
|
2010-10-01 12:03:39 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def htmlescape(value):
|
|
|
|
return value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace("'", ''').replace(' ', ' ')
|
2010-10-01 12:03:39 +04:00
|
|
|
|
2011-01-15 15:13:45 +03:00
|
|
|
def htmlunescape(value):
|
|
|
|
return value.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace(''', "'").replace(' ', ' ')
|
2011-04-10 11:16:19 +04:00
|
|
|
|
2011-04-14 13:31:45 +04:00
|
|
|
def safecharencode(value):
|
2011-04-10 11:16:19 +04:00
|
|
|
"""
|
2011-04-14 13:31:45 +04:00
|
|
|
Returns safe representation of a given basestring value
|
2011-04-10 11:16:19 +04:00
|
|
|
|
2011-04-14 13:31:45 +04:00
|
|
|
>>> safecharencode(u'test123')
|
2011-04-10 11:16:19 +04:00
|
|
|
u'test123'
|
2011-04-14 13:31:45 +04:00
|
|
|
>>> safecharencode(u'test\x01\x02\xff')
|
2011-04-10 11:16:19 +04:00
|
|
|
u'test\\01\\02\\03\\ff'
|
|
|
|
"""
|
|
|
|
|
|
|
|
retVal = value
|
2011-04-14 17:53:56 +04:00
|
|
|
|
2011-04-10 11:16:19 +04:00
|
|
|
if isinstance(value, basestring):
|
|
|
|
retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\%02x' % ord(y)), value, unicode())
|
2011-04-14 13:31:45 +04:00
|
|
|
for char in "\t\n\r\x0b\x0c":
|
|
|
|
retVal = retVal.replace(char, repr(char).strip('\''))
|
2011-04-14 17:53:56 +04:00
|
|
|
|
2011-04-10 11:16:19 +04:00
|
|
|
elif isinstance(value, list):
|
|
|
|
for i in xrange(len(value)):
|
2011-04-14 13:31:45 +04:00
|
|
|
retVal[i] = safecharencode(value[i])
|
2011-04-14 17:53:56 +04:00
|
|
|
|
|
|
|
return retVal
|
|
|
|
|
|
|
|
def safechardecode(value):
|
|
|
|
"""
|
|
|
|
Reverse function to safecharencode
|
|
|
|
"""
|
|
|
|
|
|
|
|
retVal = value
|
|
|
|
if isinstance(value, basestring):
|
|
|
|
for char in "\t\n\r\x0b\x0c":
|
|
|
|
retVal = retVal.replace(repr(char).strip('\''), char)
|
|
|
|
|
|
|
|
regex = re.compile(HEX_ENCODED_CHAR_REGEX)
|
|
|
|
|
|
|
|
while True:
|
|
|
|
match = regex.search(retVal)
|
|
|
|
if match:
|
|
|
|
retVal = retVal.replace(match.group("result"), unhexlify(value.lstrip('\\')))
|
|
|
|
else:
|
|
|
|
break
|
|
|
|
|
|
|
|
elif isinstance(value, list):
|
|
|
|
for i in xrange(len(value)):
|
|
|
|
retVal[i] = safechardecode(value[i])
|
|
|
|
|
2011-04-10 11:16:19 +04:00
|
|
|
return retVal
|