2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2008-10-15 19:38:22 +04:00
"""
2021-09-08 22:01:41 +03:00
Copyright ( c ) 2006 - 2021 sqlmap developers ( https : / / sqlmap . org / )
2017-10-11 15:50:46 +03:00
See the file ' LICENSE ' for copying permission
2008-10-15 19:38:22 +04:00
"""
2019-06-04 13:15:39 +03:00
from __future__ import division
2018-06-19 17:08:38 +03:00
import binascii
2010-05-24 15:00:49 +04:00
import codecs
2012-07-01 03:19:54 +04:00
import contextlib
2011-07-06 09:44:47 +04:00
import copy
2020-12-26 01:24:59 +03:00
import distutils . version
2019-05-02 17:54:54 +03:00
import functools
2014-11-02 12:55:38 +03:00
import getpass
2014-10-27 02:37:46 +03:00
import hashlib
2010-05-26 13:48:20 +04:00
import inspect
2019-03-26 16:37:01 +03:00
import io
2014-10-27 02:37:46 +03:00
import json
2019-03-05 14:24:41 +03:00
import keyword
2015-01-21 11:26:30 +03:00
import locale
2011-04-20 02:54:13 +04:00
import logging
2011-07-23 23:04:59 +04:00
import ntpath
2008-10-15 19:38:22 +04:00
import os
2018-01-21 13:54:42 +03:00
import platform
2011-07-23 23:04:59 +04:00
import posixpath
2008-10-15 19:38:22 +04:00
import random
import re
2009-04-22 15:48:07 +04:00
import socket
2008-10-15 19:38:22 +04:00
import string
2016-12-20 01:47:39 +03:00
import subprocess
2008-10-15 19:38:22 +04:00
import sys
2013-01-08 13:23:02 +04:00
import tempfile
2017-04-11 14:34:40 +03:00
import threading
2008-10-15 19:38:22 +04:00
import time
2017-11-08 17:58:23 +03:00
import types
2011-03-24 23:04:20 +03:00
import unicodedata
2010-01-28 20:07:34 +03:00
2010-10-12 19:49:04 +04:00
from difflib import SequenceMatcher
2011-01-16 23:55:07 +03:00
from math import sqrt
2011-12-26 18:08:25 +04:00
from optparse import OptionValueError
2010-04-22 20:13:22 +04:00
from xml . sax import parse
2014-12-02 12:57:50 +03:00
from xml . sax import SAXParseException
2010-01-24 02:29:34 +03:00
2015-07-14 00:55:46 +03:00
from extra . beep . beep import beep
2013-01-08 13:23:02 +04:00
from extra . cloak . cloak import decloak
2012-02-16 13:46:41 +04:00
from lib . core . bigarray import BigArray
2019-05-03 00:51:54 +03:00
from lib . core . compat import cmp
from lib . core . compat import round
2019-03-28 18:04:38 +03:00
from lib . core . compat import xrange
2012-03-08 14:57:47 +04:00
from lib . core . convert import base64pickle
from lib . core . convert import base64unpickle
2019-05-03 14:20:15 +03:00
from lib . core . convert import decodeBase64
from lib . core . convert import decodeHex
from lib . core . convert import getBytes
from lib . core . convert import getText
2019-05-06 01:54:21 +03:00
from lib . core . convert import getUnicode
2019-05-20 12:24:43 +03:00
from lib . core . convert import htmlUnescape
2019-05-20 12:21:31 +03:00
from lib . core . convert import stdoutEncode
2020-07-28 12:30:47 +03:00
from lib . core . data import cmdLineOptions
2019-03-27 02:58:12 +03:00
from lib . core . data import conf
from lib . core . data import kb
from lib . core . data import logger
from lib . core . data import paths
2019-05-06 12:41:19 +03:00
from lib . core . datatype import OrderedSet
2012-07-30 12:06:14 +04:00
from lib . core . decorators import cachedmethod
2013-01-30 13:43:46 +04:00
from lib . core . defaults import defaults
2012-08-21 13:19:15 +04:00
from lib . core . dicts import DBMS_DICT
2013-02-25 13:44:04 +04:00
from lib . core . dicts import DEFAULT_DOC_ROOTS
2019-06-06 14:08:56 +03:00
from lib . core . dicts import DEPRECATED_OPTIONS
2019-05-27 14:23:50 +03:00
from lib . core . dicts import OBSOLETE_OPTIONS
2012-08-21 13:19:15 +04:00
from lib . core . dicts import SQL_STATEMENTS
2012-10-09 17:19:47 +04:00
from lib . core . enums import ADJUST_TIME_DELAY
2012-02-29 18:36:23 +04:00
from lib . core . enums import CHARSET_TYPE
2019-06-04 15:44:06 +03:00
from lib . core . enums import CONTENT_STATUS
2010-11-08 12:20:02 +03:00
from lib . core . enums import DBMS
2012-02-17 18:22:48 +04:00
from lib . core . enums import EXPECTED
2020-02-10 18:22:58 +03:00
from lib . core . enums import HASHDB_KEYS
2012-08-22 13:56:30 +04:00
from lib . core . enums import HEURISTIC_TEST
2013-03-20 14:10:24 +04:00
from lib . core . enums import HTTP_HEADER
2011-10-29 12:32:24 +04:00
from lib . core . enums import HTTPMETHOD
2018-02-06 12:27:10 +03:00
from lib . core . enums import LOGGING_LEVELS
2016-05-31 14:02:26 +03:00
from lib . core . enums import MKSTEMP_PREFIX
2017-04-10 15:50:17 +03:00
from lib . core . enums import OPTION_TYPE
2011-04-23 20:25:09 +04:00
from lib . core . enums import OS
2010-12-18 12:51:34 +03:00
from lib . core . enums import PAYLOAD
2019-05-14 14:58:42 +03:00
from lib . core . enums import PLACE
from lib . core . enums import POST_HINT
2011-05-30 13:46:32 +04:00
from lib . core . enums import REFLECTIVE_COUNTER
2011-12-21 23:40:42 +04:00
from lib . core . enums import SORT_ORDER
2019-02-12 12:42:32 +03:00
from lib . core . exception import SqlmapBaseException
2012-12-06 17:14:19 +04:00
from lib . core . exception import SqlmapDataException
from lib . core . exception import SqlmapGenericException
2014-12-02 12:57:50 +03:00
from lib . core . exception import SqlmapInstallationException
2012-12-06 17:14:19 +04:00
from lib . core . exception import SqlmapMissingDependence
2019-06-04 15:44:06 +03:00
from lib . core . exception import SqlmapNoneDataException
2012-12-06 17:14:19 +04:00
from lib . core . exception import SqlmapSilentQuitException
from lib . core . exception import SqlmapSyntaxException
2014-11-23 17:41:24 +03:00
from lib . core . exception import SqlmapSystemException
2012-12-06 17:14:19 +04:00
from lib . core . exception import SqlmapUserQuitException
2015-12-15 14:13:03 +03:00
from lib . core . exception import SqlmapValueException
2012-07-11 22:29:48 +04:00
from lib . core . log import LOGGER_HANDLER
2010-05-27 20:45:09 +04:00
from lib . core . optiondict import optDict
2019-03-19 16:07:39 +03:00
from lib . core . settings import BANNER
2012-07-12 18:30:35 +04:00
from lib . core . settings import BOLD_PATTERNS
2016-04-29 15:19:32 +03:00
from lib . core . settings import BOUNDED_INJECTION_MARKER
2013-05-09 16:26:29 +04:00
from lib . core . settings import BRUTE_DOC_ROOT_PREFIXES
from lib . core . settings import BRUTE_DOC_ROOT_SUFFIXES
from lib . core . settings import BRUTE_DOC_ROOT_TARGET_MARK
2018-06-19 17:08:38 +03:00
from lib . core . settings import BURP_REQUEST_REGEX
from lib . core . settings import BURP_XML_HISTORY_REGEX
from lib . core . settings import CRAWL_EXCLUDE_EXTENSIONS
2017-07-20 03:41:47 +03:00
from lib . core . settings import CUSTOM_INJECTION_MARK_CHAR
2019-06-04 15:44:06 +03:00
from lib . core . settings import DBMS_DIRECTORY_DICT
2011-11-22 01:31:08 +04:00
from lib . core . settings import DEFAULT_COOKIE_DELIMITER
from lib . core . settings import DEFAULT_GET_POST_DELIMITER
2012-10-29 17:08:48 +04:00
from lib . core . settings import DEFAULT_MSSQL_SCHEMA
2017-10-31 12:10:22 +03:00
from lib . core . settings import DEV_EMAIL_ADDRESS
2020-06-24 12:41:51 +03:00
from lib . core . settings import DOLLAR_MARKER
2012-10-29 17:08:48 +04:00
from lib . core . settings import DUMMY_USER_INJECTION
2017-11-19 04:16:52 +03:00
from lib . core . settings import DYNAMICITY_BOUNDARY_LENGTH
2012-10-29 17:08:48 +04:00
from lib . core . settings import ERROR_PARSING_REGEXES
2019-03-05 14:24:41 +03:00
from lib . core . settings import EVALCODE_ENCODED_PREFIX
2016-05-25 16:29:25 +03:00
from lib . core . settings import FILE_PATH_REGEXES
2013-04-15 13:49:11 +04:00
from lib . core . settings import FORCE_COOKIE_EXPIRATION_TIME
2012-10-29 17:08:48 +04:00
from lib . core . settings import FORM_SEARCH_REGEX
from lib . core . settings import GENERIC_DOC_ROOT_DIRECTORY_NAMES
2014-10-01 16:23:45 +04:00
from lib . core . settings import GIT_PAGE
2014-10-27 02:37:46 +03:00
from lib . core . settings import GITHUB_REPORT_OAUTH_TOKEN
2013-12-04 12:56:37 +04:00
from lib . core . settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
2012-03-13 02:55:57 +04:00
from lib . core . settings import HASHDB_MILESTONE_VALUE
2011-12-20 16:52:41 +04:00
from lib . core . settings import HOST_ALIASES
2019-03-19 16:07:39 +03:00
from lib . core . settings import HTTP_CHUNKED_SPLIT_KEYWORDS
2019-11-13 01:02:38 +03:00
from lib . core . settings import IGNORE_PARAMETERS
2017-04-10 15:50:17 +03:00
from lib . core . settings import IGNORE_SAVE_OPTIONS
2012-10-29 17:08:48 +04:00
from lib . core . settings import INFERENCE_UNKNOWN_CHAR
2013-05-09 16:26:29 +04:00
from lib . core . settings import IP_ADDRESS_REGEX
2012-10-29 17:08:48 +04:00
from lib . core . settings import ISSUES_PAGE
2019-05-21 15:37:55 +03:00
from lib . core . settings import IS_TTY
2012-10-29 17:08:48 +04:00
from lib . core . settings import IS_WIN
2011-12-23 00:14:56 +04:00
from lib . core . settings import LARGE_OUTPUT_THRESHOLD
2016-10-10 15:19:44 +03:00
from lib . core . settings import LOCALHOST
2020-01-27 03:07:15 +03:00
from lib . core . settings import MAX_INT
2013-01-18 14:00:21 +04:00
from lib . core . settings import MIN_ENCODED_LEN_CHECK
2019-06-06 13:46:38 +03:00
from lib . core . settings import MIN_ERROR_PARSING_NON_WRITING_RATIO
2010-12-08 17:46:07 +03:00
from lib . core . settings import MIN_TIME_RESPONSES
2013-01-30 00:06:02 +04:00
from lib . core . settings import MIN_VALID_DELAYED_RESPONSE
2013-02-12 15:42:12 +04:00
from lib . core . settings import NETSCAPE_FORMAT_HEADER_COOKIES
2012-10-29 17:08:48 +04:00
from lib . core . settings import NULL
from lib . core . settings import PARAMETER_AMP_MARKER
from lib . core . settings import PARAMETER_SEMICOLON_MARKER
2020-01-17 19:14:41 +03:00
from lib . core . settings import PARAMETER_PERCENTAGE_MARKER
2013-02-04 19:46:08 +04:00
from lib . core . settings import PARTIAL_HEX_VALUE_MARKER
2012-10-29 17:08:48 +04:00
from lib . core . settings import PARTIAL_VALUE_MARKER
2011-02-25 12:22:44 +03:00
from lib . core . settings import PAYLOAD_DELIMITER
2012-10-29 17:08:48 +04:00
from lib . core . settings import PLATFORM
from lib . core . settings import PRINTABLE_CHAR_REGEX
2018-06-19 17:08:38 +03:00
from lib . core . settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS
2016-03-17 18:23:28 +03:00
from lib . core . settings import PUSH_VALUE_EXCEPTION_RETRY_COUNT
2012-10-29 17:08:48 +04:00
from lib . core . settings import PYVERSION
2019-02-28 04:23:14 +03:00
from lib . core . settings import RANDOMIZATION_TLDS
2012-10-29 17:08:48 +04:00
from lib . core . settings import REFERER_ALIASES
2012-04-12 01:26:00 +04:00
from lib . core . settings import REFLECTED_BORDER_REGEX
2011-07-13 03:21:15 +04:00
from lib . core . settings import REFLECTED_MAX_REGEX_PARTS
2012-10-29 17:08:48 +04:00
from lib . core . settings import REFLECTED_REPLACEMENT_REGEX
2017-04-11 14:34:40 +03:00
from lib . core . settings import REFLECTED_REPLACEMENT_TIMEOUT
2011-02-25 12:22:44 +03:00
from lib . core . settings import REFLECTED_VALUE_MARKER
2011-05-30 13:46:32 +04:00
from lib . core . settings import REFLECTIVE_MISS_THRESHOLD
2011-02-02 17:25:16 +03:00
from lib . core . settings import SENSITIVE_DATA_REGEX
2016-11-09 13:29:08 +03:00
from lib . core . settings import SENSITIVE_OPTIONS
2019-03-15 17:36:13 +03:00
from lib . core . settings import STDIN_PIPE_DASH
2012-10-29 17:08:48 +04:00
from lib . core . settings import SUPPORTED_DBMS
2012-04-11 01:48:34 +04:00
from lib . core . settings import TEXT_TAG_REGEX
2012-10-29 17:08:48 +04:00
from lib . core . settings import TIME_STDEV_COEFF
from lib . core . settings import UNICODE_ENCODING
from lib . core . settings import UNKNOWN_DBMS_VERSION
2011-02-04 15:43:18 +03:00
from lib . core . settings import URI_QUESTION_MARKER
2012-07-31 13:03:44 +04:00
from lib . core . settings import URLENCODE_CHAR_LIMIT
from lib . core . settings import URLENCODE_FAILSAFE_CHARS
2012-10-29 17:08:48 +04:00
from lib . core . settings import USER_AGENT_ALIASES
2019-06-09 02:11:29 +03:00
from lib . core . settings import VERSION_COMPARISON_CORRECTION
2012-10-29 17:08:48 +04:00
from lib . core . settings import VERSION_STRING
2019-05-24 13:01:39 +03:00
from lib . core . settings import ZIP_HEADER
2018-06-19 17:08:38 +03:00
from lib . core . settings import WEBSCARAB_SPLITTER
2010-12-24 15:13:48 +03:00
from lib . core . threads import getCurrentThreadData
2019-09-11 15:05:25 +03:00
from lib . utils . safe2bin import safecharencode
2013-04-15 16:20:21 +04:00
from lib . utils . sqlalchemy import _sqlalchemy
2019-03-28 15:53:54 +03:00
from thirdparty import six
2012-07-14 19:01:04 +04:00
from thirdparty . clientform . clientform import ParseResponse
from thirdparty . clientform . clientform import ParseError
2016-04-29 01:51:20 +03:00
from thirdparty . colorama . initialise import init as coloramainit
2012-07-14 19:01:04 +04:00
from thirdparty . magic import magic
2019-03-11 16:36:01 +03:00
from thirdparty . odict import OrderedDict
2019-05-15 11:57:22 +03:00
from thirdparty . six import unichr as _unichr
2021-01-15 11:31:57 +03:00
from thirdparty . six . moves import collections_abc as _collections
2019-03-27 05:05:53 +03:00
from thirdparty . six . moves import configparser as _configparser
2019-03-27 15:33:46 +03:00
from thirdparty . six . moves import http_client as _http_client
2019-05-02 01:45:44 +03:00
from thirdparty . six . moves import input as _input
2019-05-03 00:51:54 +03:00
from thirdparty . six . moves import reload_module as _reload_module
2019-03-27 04:55:44 +03:00
from thirdparty . six . moves import urllib as _urllib
2019-05-03 00:51:54 +03:00
from thirdparty . six . moves import zip as _zip
2012-07-14 19:01:04 +04:00
from thirdparty . termcolor . termcolor import colored
2010-09-15 16:51:02 +04:00
2019-03-27 05:05:53 +03:00
class UnicodeRawConfigParser ( _configparser . RawConfigParser ) :
2010-09-15 16:52:28 +04:00
"""
RawConfigParser with unicode writing support
"""
2011-01-20 02:06:15 +03:00
2010-09-15 16:51:02 +04:00
def write ( self , fp ) :
"""
Write an . ini - format representation of the configuration state .
"""
if self . _defaults :
2019-03-27 05:05:53 +03:00
fp . write ( " [ %s ] \n " % _configparser . DEFAULTSECT )
2010-09-15 16:51:02 +04:00
for ( key , value ) in self . _defaults . items ( ) :
2021-01-12 17:57:12 +03:00
fp . write ( " %s = %s " % ( key , getUnicode ( value , UNICODE_ENCODING ) ) )
2010-09-15 16:51:02 +04:00
fp . write ( " \n " )
for section in self . _sections :
fp . write ( " [ %s ] \n " % section )
for ( key , value ) in self . _sections [ section ] . items ( ) :
if key != " __name__ " :
if value is None :
2021-01-12 17:57:12 +03:00
fp . write ( " %s \n " % ( key ) )
2020-10-25 19:34:06 +03:00
elif not isListLike ( value ) :
2021-01-12 17:57:12 +03:00
fp . write ( " %s = %s \n " % ( key , getUnicode ( value , UNICODE_ENCODING ) ) )
2010-09-15 16:51:02 +04:00
fp . write ( " \n " )
2012-12-06 13:42:53 +04:00
class Format ( object ) :
2011-01-28 19:36:09 +03:00
@staticmethod
def humanize ( values , chain = " or " ) :
2012-03-28 17:31:07 +04:00
return chain . join ( values )
2011-01-28 19:36:09 +03:00
# Get methods
@staticmethod
def getDbms ( versions = None ) :
"""
Format the back - end DBMS fingerprint value and return its
values formatted as a human readable string .
@return : detected back - end DBMS based upon fingerprint techniques .
@rtype : C { str }
"""
if versions is None and Backend . getVersionList ( ) :
versions = Backend . getVersionList ( )
2019-03-29 04:28:16 +03:00
return Backend . getDbms ( ) if versions is None else " %s %s " % ( Backend . getDbms ( ) , " and " . join ( filterNone ( versions ) ) )
2011-01-28 19:36:09 +03:00
@staticmethod
def getErrorParsedDBMSes ( ) :
"""
Parses the knowledge base htmlFp list and return its values
formatted as a human readable string .
@return : list of possible back - end DBMS based upon error messages
parsing .
@rtype : C { str }
"""
2012-03-28 17:31:07 +04:00
htmlParsed = None
2011-01-28 19:36:09 +03:00
2012-08-22 13:56:30 +04:00
if len ( kb . htmlFp ) == 0 or kb . heuristicTest != HEURISTIC_TEST . POSITIVE :
2012-03-28 17:31:07 +04:00
pass
2011-01-28 19:36:09 +03:00
elif len ( kb . htmlFp ) == 1 :
htmlParsed = kb . htmlFp [ 0 ]
elif len ( kb . htmlFp ) > 1 :
2012-03-28 17:31:07 +04:00
htmlParsed = " or " . join ( kb . htmlFp )
2011-01-28 19:36:09 +03:00
return htmlParsed
@staticmethod
def getOs ( target , info ) :
"""
Formats the back - end operating system fingerprint value
and return its values formatted as a human readable string .
Example of info ( kb . headersFp ) dictionary :
{
' distrib ' : set ( [ ' Ubuntu ' ] ) ,
' type ' : set ( [ ' Linux ' ] ) ,
' technology ' : set ( [ ' PHP 5.2.6 ' , ' Apache 2.2.9 ' ] ) ,
' release ' : set ( [ ' 8.10 ' ] )
}
Example of info ( kb . bannerFp ) dictionary :
{
' sp ' : set ( [ ' Service Pack 4 ' ] ) ,
' dbmsVersion ' : ' 8.00.194 ' ,
' dbmsServicePack ' : ' 0 ' ,
' distrib ' : set ( [ ' 2000 ' ] ) ,
' dbmsRelease ' : ' 2000 ' ,
' type ' : set ( [ ' Windows ' ] )
}
@return : detected back - end operating system based upon fingerprint
techniques .
@rtype : C { str }
"""
infoStr = " "
2013-02-07 04:05:26 +04:00
infoApi = { }
2011-01-28 19:36:09 +03:00
if info and " type " in info :
2017-04-10 20:21:22 +03:00
if conf . api :
2013-02-07 04:05:26 +04:00
infoApi [ " %s operating system " % target ] = info
else :
infoStr + = " %s operating system: %s " % ( target , Format . humanize ( info [ " type " ] ) )
2011-01-28 19:36:09 +03:00
2013-02-07 04:05:26 +04:00
if " distrib " in info :
infoStr + = " %s " % Format . humanize ( info [ " distrib " ] )
2011-01-28 19:36:09 +03:00
2013-02-07 04:05:26 +04:00
if " release " in info :
infoStr + = " %s " % Format . humanize ( info [ " release " ] )
2011-01-28 19:36:09 +03:00
2013-02-07 04:05:26 +04:00
if " sp " in info :
infoStr + = " %s " % Format . humanize ( info [ " sp " ] )
2011-01-28 19:36:09 +03:00
2013-02-07 04:05:26 +04:00
if " codename " in info :
infoStr + = " ( %s ) " % Format . humanize ( info [ " codename " ] )
2011-01-28 19:36:09 +03:00
if " technology " in info :
2017-04-10 20:21:22 +03:00
if conf . api :
2013-02-07 04:05:26 +04:00
infoApi [ " web application technology " ] = Format . humanize ( info [ " technology " ] , " , " )
else :
infoStr + = " \n web application technology: %s " % Format . humanize ( info [ " technology " ] , " , " )
2017-04-10 20:21:22 +03:00
if conf . api :
2013-02-07 04:05:26 +04:00
return infoApi
else :
return infoStr . lstrip ( )
2011-01-28 19:36:09 +03:00
2019-05-29 17:42:04 +03:00
class Backend ( object ) :
2011-01-28 19:36:09 +03:00
@staticmethod
def setDbms ( dbms ) :
dbms = aliasToDbmsEnum ( dbms )
if dbms is None :
return None
# Little precaution, in theory this condition should always be false
elif kb . dbms is not None and kb . dbms != dbms :
2016-05-22 22:44:17 +03:00
warnMsg = " there appears to be a high probability that "
2014-02-27 17:23:14 +04:00
warnMsg + = " this could be a false positive case "
logger . warn ( warnMsg )
msg = " sqlmap previously fingerprinted back-end DBMS as "
2011-01-28 19:36:09 +03:00
msg + = " %s . However now it has been fingerprinted " % kb . dbms
2014-02-27 17:23:14 +04:00
msg + = " as %s . " % dbms
msg + = " Please, specify which DBMS should be "
2011-01-28 19:36:09 +03:00
msg + = " correct [ %s (default)/ %s ] " % ( kb . dbms , dbms )
while True :
2017-04-19 15:46:27 +03:00
choice = readInput ( msg , default = kb . dbms )
2011-01-28 19:36:09 +03:00
2017-04-19 15:46:27 +03:00
if aliasToDbmsEnum ( choice ) == kb . dbms :
2016-05-30 11:32:49 +03:00
kb . dbmsVersion = [ ]
kb . resolutionDbms = kb . dbms
2011-01-28 19:36:09 +03:00
break
2017-04-19 15:46:27 +03:00
elif aliasToDbmsEnum ( choice ) == dbms :
kb . dbms = aliasToDbmsEnum ( choice )
2011-01-28 19:36:09 +03:00
break
else :
warnMsg = " invalid value "
logger . warn ( warnMsg )
elif kb . dbms is None :
kb . dbms = aliasToDbmsEnum ( dbms )
return kb . dbms
@staticmethod
def setVersion ( version ) :
2019-03-28 15:53:54 +03:00
if isinstance ( version , six . string_types ) :
2012-02-22 19:53:36 +04:00
kb . dbmsVersion = [ version ]
2011-01-28 19:36:09 +03:00
return kb . dbmsVersion
@staticmethod
def setVersionList ( versionsList ) :
if isinstance ( versionsList , list ) :
kb . dbmsVersion = versionsList
2019-03-28 15:53:54 +03:00
elif isinstance ( versionsList , six . string_types ) :
2011-01-28 19:36:09 +03:00
Backend . setVersion ( versionsList )
else :
logger . error ( " invalid format of versionsList " )
@staticmethod
2011-06-02 03:00:18 +04:00
def forceDbms ( dbms , sticky = False ) :
2012-07-12 17:24:40 +04:00
if not kb . stickyDBMS :
2011-09-26 01:10:45 +04:00
kb . forcedDbms = aliasToDbmsEnum ( dbms )
2012-07-12 17:24:40 +04:00
kb . stickyDBMS = sticky
2011-01-28 19:36:09 +03:00
@staticmethod
2011-06-02 03:00:18 +04:00
def flushForcedDbms ( force = False ) :
2012-07-12 17:24:40 +04:00
if not kb . stickyDBMS or force :
2011-09-26 01:10:45 +04:00
kb . forcedDbms = None
2012-07-12 17:24:40 +04:00
kb . stickyDBMS = False
2011-01-28 19:36:09 +03:00
@staticmethod
def setOs ( os ) :
if os is None :
return None
# Little precaution, in theory this condition should always be false
2019-03-28 15:53:54 +03:00
elif kb . os is not None and isinstance ( os , six . string_types ) and kb . os . lower ( ) != os . lower ( ) :
2011-01-28 19:36:09 +03:00
msg = " sqlmap previously fingerprinted back-end DBMS "
msg + = " operating system %s . However now it has " % kb . os
msg + = " been fingerprinted to be %s . " % os
msg + = " Please, specify which OS is "
msg + = " correct [ %s (default)/ %s ] " % ( kb . os , os )
while True :
2017-04-19 15:46:27 +03:00
choice = readInput ( msg , default = kb . os )
2011-01-28 19:36:09 +03:00
2017-04-19 15:46:27 +03:00
if choice == kb . os :
2011-01-28 19:36:09 +03:00
break
2017-04-19 15:46:27 +03:00
elif choice == os :
kb . os = choice . capitalize ( )
2011-01-28 19:36:09 +03:00
break
else :
warnMsg = " invalid value "
logger . warn ( warnMsg )
2019-03-28 15:53:54 +03:00
elif kb . os is None and isinstance ( os , six . string_types ) :
2011-04-23 20:25:09 +04:00
kb . os = os . capitalize ( )
2011-01-28 19:36:09 +03:00
return kb . os
2012-01-13 20:49:52 +04:00
@staticmethod
def setOsVersion ( version ) :
if version is None :
return None
2019-03-28 15:53:54 +03:00
elif kb . osVersion is None and isinstance ( version , six . string_types ) :
2012-01-13 20:49:52 +04:00
kb . osVersion = version
@staticmethod
def setOsServicePack ( sp ) :
2012-01-13 21:04:59 +04:00
if sp is None :
2012-01-13 20:49:52 +04:00
return None
2012-01-13 21:04:59 +04:00
elif kb . osSP is None and isinstance ( sp , int ) :
kb . osSP = sp
2012-01-13 20:49:52 +04:00
2011-04-25 03:01:21 +04:00
@staticmethod
def setArch ( ) :
msg = " what is the back-end database management system architecture? "
msg + = " \n [1] 32-bit (default) "
msg + = " \n [2] 64-bit "
while True :
2017-04-19 15:46:27 +03:00
choice = readInput ( msg , default = ' 1 ' )
2011-04-25 03:01:21 +04:00
2019-03-28 15:53:54 +03:00
if hasattr ( choice , " isdigit " ) and choice . isdigit ( ) and int ( choice ) in ( 1 , 2 ) :
2017-04-19 15:46:27 +03:00
kb . arch = 32 if int ( choice ) == 1 else 64
2011-04-25 03:01:21 +04:00
break
else :
2012-02-16 17:46:01 +04:00
warnMsg = " invalid value. Valid values are 1 and 2 "
2011-04-25 03:01:21 +04:00
logger . warn ( warnMsg )
return kb . arch
2011-01-28 19:36:09 +03:00
# Get methods
@staticmethod
def getForcedDbms ( ) :
2017-08-28 13:30:42 +03:00
return aliasToDbmsEnum ( conf . get ( " forceDbms " ) ) or aliasToDbmsEnum ( kb . get ( " forcedDbms " ) )
2011-01-28 19:36:09 +03:00
@staticmethod
def getDbms ( ) :
2012-07-24 16:44:44 +04:00
return aliasToDbmsEnum ( kb . get ( " dbms " ) )
2011-01-28 19:36:09 +03:00
@staticmethod
def getErrorParsedDBMSes ( ) :
"""
Returns array with parsed DBMS names till now
This functions is called to :
2015-02-21 16:12:03 +03:00
1. Ask user whether or not skip specific DBMS tests in detection phase ,
2011-01-28 19:36:09 +03:00
lib / controller / checks . py - detection phase .
2015-02-21 16:12:03 +03:00
2. Sort the fingerprint of the DBMS , lib / controller / handler . py -
2011-01-28 19:36:09 +03:00
fingerprint phase .
"""
2012-09-07 12:09:19 +04:00
return kb . htmlFp if kb . get ( " heuristicTest " ) == HEURISTIC_TEST . POSITIVE else [ ]
2011-01-28 19:36:09 +03:00
@staticmethod
def getIdentifiedDbms ( ) :
2015-02-21 16:12:03 +03:00
"""
This functions is called to :
1. Sort the tests , getSortedInjectionTests ( ) - detection phase .
2. Etc .
"""
2011-01-28 19:36:09 +03:00
dbms = None
2011-06-03 15:01:26 +04:00
if not kb :
pass
2017-03-01 13:09:55 +03:00
elif not kb . get ( " testMode " ) and conf . get ( " dbmsHandler " ) and getattr ( conf . dbmsHandler , " _dbms " , None ) :
2017-02-27 15:58:07 +03:00
dbms = conf . dbmsHandler . _dbms
2011-06-03 15:01:26 +04:00
elif Backend . getForcedDbms ( ) is not None :
2011-01-28 19:36:09 +03:00
dbms = Backend . getForcedDbms ( )
elif Backend . getDbms ( ) is not None :
2015-02-21 16:12:30 +03:00
dbms = Backend . getDbms ( )
2012-12-12 14:54:59 +04:00
elif kb . get ( " injection " ) and kb . injection . dbms :
2012-10-28 03:11:50 +04:00
dbms = unArrayizeValue ( kb . injection . dbms )
2015-02-27 17:19:30 +03:00
elif Backend . getErrorParsedDBMSes ( ) :
dbms = unArrayizeValue ( Backend . getErrorParsedDBMSes ( ) )
elif conf . get ( " dbms " ) :
dbms = conf . get ( " dbms " )
2011-01-28 19:36:09 +03:00
return aliasToDbmsEnum ( dbms )
@staticmethod
def getVersion ( ) :
2019-06-09 02:11:29 +03:00
versions = filterNone ( flattenValue ( kb . dbmsVersion ) ) if not isinstance ( kb . dbmsVersion , six . string_types ) else [ kb . dbmsVersion ]
2015-10-25 17:32:02 +03:00
if not isNoneValue ( versions ) :
return versions [ 0 ]
2011-01-28 19:36:09 +03:00
else :
return None
@staticmethod
def getVersionList ( ) :
2019-06-09 02:11:29 +03:00
versions = filterNone ( flattenValue ( kb . dbmsVersion ) ) if not isinstance ( kb . dbmsVersion , six . string_types ) else [ kb . dbmsVersion ]
2015-10-25 17:32:02 +03:00
if not isNoneValue ( versions ) :
return versions
2011-01-28 19:36:09 +03:00
else :
return None
2011-02-07 03:21:17 +03:00
@staticmethod
def getOs ( ) :
return kb . os
2012-01-13 20:49:52 +04:00
@staticmethod
def getOsVersion ( ) :
return kb . osVersion
@staticmethod
def getOsServicePack ( ) :
return kb . osSP
2011-04-25 03:01:21 +04:00
@staticmethod
def getArch ( ) :
if kb . arch is None :
Backend . setArch ( )
return kb . arch
2011-01-28 19:36:09 +03:00
# Comparison methods
@staticmethod
def isDbms ( dbms ) :
2017-03-06 14:53:04 +03:00
if not kb . get ( " testMode " ) and all ( ( Backend . getDbms ( ) , Backend . getIdentifiedDbms ( ) ) ) and Backend . getDbms ( ) != Backend . getIdentifiedDbms ( ) :
singleTimeWarnMessage ( " identified ( ' %s ' ) and fingerprinted ( ' %s ' ) DBMSes differ. If you experience problems in enumeration phase please rerun with ' --flush-session ' " % ( Backend . getIdentifiedDbms ( ) , Backend . getDbms ( ) ) )
return Backend . getIdentifiedDbms ( ) == aliasToDbmsEnum ( dbms )
2011-01-28 19:36:09 +03:00
2020-02-10 18:22:58 +03:00
@staticmethod
def isFork ( fork ) :
return hashDBRetrieve ( HASHDB_KEYS . DBMS_FORK ) == fork
2011-01-28 19:36:09 +03:00
@staticmethod
def isDbmsWithin ( aliases ) :
2011-05-03 18:13:45 +04:00
return Backend . getDbms ( ) is not None and Backend . getDbms ( ) . lower ( ) in aliases
2011-01-28 19:36:09 +03:00
@staticmethod
def isVersion ( version ) :
return Backend . getVersion ( ) is not None and Backend . getVersion ( ) == version
@staticmethod
def isVersionWithin ( versionList ) :
if Backend . getVersionList ( ) is None :
return False
2012-02-16 17:46:01 +04:00
for _ in Backend . getVersionList ( ) :
if _ != UNKNOWN_DBMS_VERSION and _ in versionList :
2011-01-28 19:36:09 +03:00
return True
return False
@staticmethod
def isVersionGreaterOrEqualThan ( version ) :
2020-12-26 02:49:42 +03:00
retVal = False
if Backend . getVersion ( ) is not None and version is not None :
try :
retVal = distutils . version . LooseVersion ( Backend . getVersion ( ) ) > = distutils . version . LooseVersion ( version )
except :
retVal = str ( Backend . getVersion ( ) ) > = str ( version )
return retVal
2011-01-28 19:36:09 +03:00
2011-02-07 03:21:17 +03:00
@staticmethod
def isOs ( os ) :
2011-04-23 20:25:09 +04:00
return Backend . getOs ( ) is not None and Backend . getOs ( ) . lower ( ) == os . lower ( )
2011-02-07 03:21:17 +03:00
2008-10-15 19:38:22 +04:00
def paramToDict ( place , parameters = None ) :
"""
Split the parameters into names and values , check if these parameters
are within the testable parameters and return in a dictionary .
"""
2011-02-04 21:07:21 +03:00
testableParameters = OrderedDict ( )
2008-10-15 19:38:22 +04:00
2012-02-22 19:53:36 +04:00
if place in conf . parameters and not parameters :
2008-10-15 19:38:22 +04:00
parameters = conf . parameters [ place ]
2012-10-04 13:25:44 +04:00
parameters = re . sub ( r " &( \ w { 1,4}); " , r " %s \ g<1> %s " % ( PARAMETER_AMP_MARKER , PARAMETER_SEMICOLON_MARKER ) , parameters )
2013-07-31 22:41:19 +04:00
if place == PLACE . COOKIE :
2014-04-06 18:50:58 +04:00
splitParams = parameters . split ( conf . cookieDel or DEFAULT_COOKIE_DELIMITER )
2013-07-31 22:41:19 +04:00
else :
2014-04-06 18:48:46 +04:00
splitParams = parameters . split ( conf . paramDel or DEFAULT_GET_POST_DELIMITER )
2012-02-14 13:26:52 +04:00
2012-10-04 13:25:44 +04:00
for element in splitParams :
element = re . sub ( r " %s (.+?) %s " % ( PARAMETER_AMP_MARKER , PARAMETER_SEMICOLON_MARKER ) , r " & \ g<1>; " , element )
2013-01-17 16:56:04 +04:00
parts = element . split ( " = " )
2010-10-21 01:49:05 +04:00
2013-01-17 16:56:04 +04:00
if len ( parts ) > = 2 :
2014-09-12 15:29:30 +04:00
parameter = urldecode ( parts [ 0 ] . replace ( " " , " " ) )
2010-10-21 01:49:05 +04:00
2014-11-24 07:44:38 +03:00
if not parameter :
continue
2014-04-06 18:48:46 +04:00
if conf . paramDel and conf . paramDel == ' \n ' :
2013-05-30 14:01:13 +04:00
parts [ - 1 ] = parts [ - 1 ] . rstrip ( )
2010-06-30 01:07:23 +04:00
condition = not conf . testParameter
2014-12-22 08:02:39 +03:00
condition | = conf . testParameter is not None and parameter in conf . testParameter
2013-05-12 18:24:13 +04:00
condition | = place == PLACE . COOKIE and len ( intersect ( ( PLACE . COOKIE , ) , conf . testParameter , True ) ) > 0
2008-10-15 19:38:22 +04:00
if condition :
2019-04-17 15:22:36 +03:00
value = " = " . join ( parts [ 1 : ] )
if parameter in ( conf . base64Parameter or [ ] ) :
try :
2020-08-10 23:26:03 +03:00
kb . base64Originals [ parameter ] = oldValue = value
2020-09-04 13:45:33 +03:00
value = urldecode ( value , convall = True )
2019-09-16 20:29:38 +03:00
value = decodeBase64 ( value , binary = False , encoding = conf . encoding or UNICODE_ENCODING )
2019-08-25 14:20:06 +03:00
parameters = re . sub ( r " \ b %s ( \ b| \ Z) " % re . escape ( oldValue ) , value , parameters )
2019-04-17 15:22:36 +03:00
except :
errMsg = " parameter ' %s ' does not contain " % parameter
errMsg + = " valid Base64 encoded value ( ' %s ' ) " % value
raise SqlmapValueException ( errMsg )
testableParameters [ parameter ] = value
2018-12-10 16:53:11 +03:00
if not conf . multipleTargets and not ( conf . csrfToken and re . search ( conf . csrfToken , parameter , re . I ) ) :
2012-11-19 14:59:28 +04:00
_ = urldecode ( testableParameters [ parameter ] , convall = True )
2018-03-13 13:13:38 +03:00
if ( _ . endswith ( " ' " ) and _ . count ( " ' " ) == 1 or re . search ( r ' \ A9 { 3,} ' , _ ) or re . search ( r ' \ A- \ d+ \ Z ' , _ ) or re . search ( DUMMY_USER_INJECTION , _ ) ) and not parameter . upper ( ) . startswith ( GOOGLE_ANALYTICS_COOKIE_PREFIX ) :
2012-10-04 13:25:44 +04:00
warnMsg = " it appears that you have provided tainted parameter values "
2017-02-28 00:14:52 +03:00
warnMsg + = " ( ' %s ' ) with most likely leftover " % element
2012-12-13 13:03:21 +04:00
warnMsg + = " chars/statements from manual SQL injection test(s). "
2012-10-04 13:25:44 +04:00
warnMsg + = " Please, always use only valid parameter values "
2013-08-22 12:44:21 +04:00
warnMsg + = " so sqlmap could be able to run properly "
2012-10-04 13:25:44 +04:00
logger . warn ( warnMsg )
2015-01-22 11:17:45 +03:00
message = " are you really sure that you want to continue (sqlmap could have problems)? [y/N] "
2017-04-18 16:48:05 +03:00
if not readInput ( message , default = ' N ' , boolean = True ) :
2012-12-06 17:14:19 +04:00
raise SqlmapSilentQuitException
2014-08-30 22:58:15 +04:00
elif not _ :
warnMsg = " provided value for parameter ' %s ' is empty. " % parameter
warnMsg + = " Please, always use only valid parameter values "
warnMsg + = " so sqlmap could be able to run properly "
logger . warn ( warnMsg )
2008-10-15 19:38:22 +04:00
2016-04-29 15:19:32 +03:00
if place in ( PLACE . POST , PLACE . GET ) :
2016-05-12 18:16:55 +03:00
for regex in ( r " \ A((?:<[^>]+>)+ \ w+)((?:<[^>]+>)+) \ Z " , r " \ A([^ \ w]+.* \ w+)([^ \ w]+) \ Z " ) :
match = re . search ( regex , testableParameters [ parameter ] )
if match :
2016-05-17 14:45:03 +03:00
try :
candidates = OrderedDict ( )
def walk ( head , current = None ) :
2017-03-17 11:43:45 +03:00
if current is None :
current = head
2016-05-17 14:45:03 +03:00
if isListLike ( current ) :
for _ in current :
walk ( head , _ )
elif isinstance ( current , dict ) :
for key in current . keys ( ) :
value = current [ key ]
2020-05-04 13:25:46 +03:00
if isinstance ( value , ( bool , int , float , six . string_types ) ) or value in ( None , [ ] ) :
2016-05-17 14:45:03 +03:00
original = current [ key ]
if isinstance ( value , bool ) :
2017-12-05 13:33:30 +03:00
current [ key ] = " %s %s " % ( getUnicode ( value ) . lower ( ) , BOUNDED_INJECTION_MARKER )
2020-05-04 13:25:46 +03:00
elif value is None :
current [ key ] = " %s %s " % ( randomInt ( ) , BOUNDED_INJECTION_MARKER )
elif value == [ ] :
current [ key ] = [ " %s %s " % ( randomInt ( ) , BOUNDED_INJECTION_MARKER ) ]
2016-05-17 14:45:03 +03:00
else :
current [ key ] = " %s %s " % ( value , BOUNDED_INJECTION_MARKER )
2018-11-02 00:41:33 +03:00
candidates [ " %s ( %s ) " % ( parameter , key ) ] = re . sub ( r " \ b( %s \ s*= \ s*) %s " % ( re . escape ( parameter ) , re . escape ( testableParameters [ parameter ] ) ) , r " \ g<1> %s " % json . dumps ( deserialized , separators = ( ' , ' , ' : ' ) if " , " not in testableParameters [ parameter ] else None ) , parameters )
2016-05-17 14:45:03 +03:00
current [ key ] = original
2020-05-04 13:25:46 +03:00
elif isinstance ( value , ( list , tuple , set , dict ) ) :
if value :
walk ( head , value )
2016-05-17 14:45:03 +03:00
deserialized = json . loads ( testableParameters [ parameter ] )
walk ( deserialized )
if candidates :
2019-05-21 13:07:19 +03:00
message = " it appears that provided value for %s parameter ' %s ' " % ( " %s " % place if place != parameter else " " , parameter )
2016-05-17 14:45:03 +03:00
message + = " is JSON deserializable. Do you want to inject inside? [y/N] "
2017-04-18 16:48:05 +03:00
2018-03-12 13:37:48 +03:00
if readInput ( message , default = ' N ' , boolean = True ) :
2016-05-17 14:45:03 +03:00
del testableParameters [ parameter ]
testableParameters . update ( candidates )
break
except ( KeyboardInterrupt , SqlmapUserQuitException ) :
raise
except Exception :
pass
2017-08-11 12:48:05 +03:00
_ = re . sub ( regex , r " \ g<1> %s \ g< %d > " % ( kb . customInjectionMark , len ( match . groups ( ) ) ) , testableParameters [ parameter ] )
2019-05-21 13:07:19 +03:00
message = " it appears that provided value for %s parameter ' %s ' " % ( " %s " % place if place != parameter else " " , parameter )
2017-04-27 14:18:29 +03:00
message + = " has boundaries. Do you want to inject inside? ( ' %s ' ) [y/N] " % getUnicode ( _ )
2017-04-18 16:48:05 +03:00
if readInput ( message , default = ' N ' , boolean = True ) :
2019-08-25 14:20:06 +03:00
testableParameters [ parameter ] = re . sub ( r " \ b( %s \ s*= \ s*) %s " % ( re . escape ( parameter ) , re . escape ( testableParameters [ parameter ] ) ) , ( r " \ g<1> %s " % re . sub ( regex , r " \ g<1> %s \ g<2> " % BOUNDED_INJECTION_MARKER , testableParameters [ parameter ] . replace ( " \\ " , r " \\ " ) ) ) , parameters )
2016-05-12 18:16:55 +03:00
break
2016-04-29 15:19:32 +03:00
2016-05-24 17:34:07 +03:00
if conf . testParameter :
if not testableParameters :
paramStr = " , " . join ( test for test in conf . testParameter )
2008-10-15 19:38:22 +04:00
2016-05-24 17:34:07 +03:00
if len ( conf . testParameter ) > 1 :
warnMsg = " provided parameters ' %s ' " % paramStr
warnMsg + = " are not inside the %s " % place
logger . warn ( warnMsg )
else :
parameter = conf . testParameter [ 0 ]
if not intersect ( USER_AGENT_ALIASES + REFERER_ALIASES + HOST_ALIASES , parameter , True ) :
debugMsg = " provided parameter ' %s ' " % paramStr
debugMsg + = " is not inside the %s " % place
logger . debug ( debugMsg )
2019-01-22 05:00:44 +03:00
elif len ( conf . testParameter ) != len ( testableParameters ) :
2016-05-24 17:34:07 +03:00
for parameter in conf . testParameter :
if parameter not in testableParameters :
debugMsg = " provided parameter ' %s ' " % parameter
debugMsg + = " is not inside the %s " % place
logger . debug ( debugMsg )
2008-10-15 19:38:22 +04:00
2013-01-17 16:56:04 +04:00
if testableParameters :
for parameter , value in testableParameters . items ( ) :
if value and not value . isdigit ( ) :
for encoding in ( " hex " , " base64 " ) :
try :
2019-05-07 12:00:50 +03:00
decoded = codecs . decode ( value , encoding )
if len ( decoded ) > MIN_ENCODED_LEN_CHECK and all ( _ in getBytes ( string . printable ) for _ in decoded ) :
2013-01-17 16:56:04 +04:00
warnMsg = " provided parameter ' %s ' " % parameter
2016-05-22 22:44:17 +03:00
warnMsg + = " appears to be ' %s ' encoded " % encoding
2013-01-17 16:56:04 +04:00
logger . warn ( warnMsg )
break
except :
pass
2008-10-15 19:38:22 +04:00
return testableParameters
2014-01-13 21:12:37 +04:00
def getManualDirectories ( ) :
directories = None
2013-02-25 13:44:04 +04:00
defaultDocRoot = DEFAULT_DOC_ROOTS . get ( Backend . getOs ( ) , DEFAULT_DOC_ROOTS [ OS . LINUX ] )
2009-04-28 03:05:11 +04:00
if kb . absFilePaths :
for absFilePath in kb . absFilePaths :
2014-01-13 21:12:37 +04:00
if directories :
2012-07-13 13:23:21 +04:00
break
2010-02-09 17:27:41 +03:00
if directoryPath ( absFilePath ) == ' / ' :
continue
2010-04-23 20:34:20 +04:00
2010-01-05 14:30:33 +03:00
absFilePath = normalizePath ( absFilePath )
2012-07-13 13:23:21 +04:00
windowsDriveLetter = None
2009-04-28 03:05:11 +04:00
2012-07-13 13:23:21 +04:00
if isWindowsDriveLetterPath ( absFilePath ) :
windowsDriveLetter , absFilePath = absFilePath [ : 2 ] , absFilePath [ 2 : ]
absFilePath = ntToPosixSlashes ( posixToNtSlashes ( absFilePath ) )
2010-04-22 14:31:33 +04:00
2016-07-15 12:45:59 +03:00
for _ in list ( GENERIC_DOC_ROOT_DIRECTORY_NAMES ) + [ conf . hostname ] :
_ = " / %s / " % _
if _ in absFilePath :
directories = " %s %s " % ( absFilePath . split ( _ ) [ 0 ] , _ )
break
2013-02-14 21:16:49 +04:00
2016-07-15 12:45:59 +03:00
if not directories and conf . path . strip ( ' / ' ) and conf . path in absFilePath :
directories = absFilePath . split ( conf . path ) [ 0 ]
2009-04-28 03:05:11 +04:00
2016-07-15 12:45:59 +03:00
if directories and windowsDriveLetter :
directories = " %s / %s " % ( windowsDriveLetter , ntToPosixSlashes ( directories ) )
2010-04-22 14:31:33 +04:00
2014-01-13 21:12:37 +04:00
directories = normalizePath ( directories )
2008-10-15 19:38:22 +04:00
2017-03-01 12:09:13 +03:00
if conf . webRoot :
2017-03-01 12:07:26 +03:00
directories = [ conf . webRoot ]
infoMsg = " using ' %s ' as web server document root " % conf . webRoot
logger . info ( infoMsg )
elif directories :
2014-01-13 21:12:37 +04:00
infoMsg = " retrieved the web server document root: ' %s ' " % directories
2009-04-28 03:05:11 +04:00
logger . info ( infoMsg )
2008-10-15 19:38:22 +04:00
else :
2016-05-25 16:32:17 +03:00
warnMsg = " unable to automatically retrieve the web server "
2013-01-20 05:26:46 +04:00
warnMsg + = " document root "
2008-10-15 19:38:22 +04:00
logger . warn ( warnMsg )
2014-01-13 21:12:37 +04:00
directories = [ ]
2008-10-15 19:38:22 +04:00
2014-01-13 21:12:37 +04:00
message = " what do you want to use for writable directory? \n "
2014-08-21 03:19:10 +04:00
message + = " [1] common location(s) ( ' %s ' ) (default) \n " % " , " . join ( root for root in defaultDocRoot )
2014-01-13 21:12:37 +04:00
message + = " [2] custom location(s) \n "
2013-05-09 16:26:29 +04:00
message + = " [3] custom directory list file \n "
2014-08-21 03:12:44 +04:00
message + = " [4] brute force search "
2017-04-19 15:46:27 +03:00
choice = readInput ( message , default = ' 1 ' )
2013-05-09 16:26:29 +04:00
2017-04-19 15:46:27 +03:00
if choice == ' 2 ' :
2014-01-13 21:12:37 +04:00
message = " please provide a comma separate list of absolute directory paths: "
directories = readInput ( message , default = " " ) . split ( ' , ' )
2017-04-19 15:46:27 +03:00
elif choice == ' 3 ' :
2013-05-09 16:26:29 +04:00
message = " what ' s the list file location? \n "
2013-06-24 16:49:53 +04:00
listPath = readInput ( message , default = " " )
2013-05-09 16:26:29 +04:00
checkFile ( listPath )
2014-01-13 21:12:37 +04:00
directories = getFileItems ( listPath )
2017-04-19 15:46:27 +03:00
elif choice == ' 4 ' :
2018-01-31 13:24:28 +03:00
targets = set ( [ conf . hostname ] )
2013-05-09 16:26:29 +04:00
_ = conf . hostname . split ( ' . ' )
if _ [ 0 ] == " www " :
targets . add ( ' . ' . join ( _ [ 1 : ] ) )
targets . add ( ' . ' . join ( _ [ 1 : - 1 ] ) )
else :
targets . add ( ' . ' . join ( _ [ : - 1 ] ) )
2013-01-19 22:04:33 +04:00
2019-03-29 04:28:16 +03:00
targets = filterNone ( targets )
2013-01-19 22:04:33 +04:00
2013-05-09 16:26:29 +04:00
for prefix in BRUTE_DOC_ROOT_PREFIXES . get ( Backend . getOs ( ) , DEFAULT_DOC_ROOTS [ OS . LINUX ] ) :
if BRUTE_DOC_ROOT_TARGET_MARK in prefix and re . match ( IP_ADDRESS_REGEX , conf . hostname ) :
continue
2013-01-19 22:04:33 +04:00
2013-05-09 16:26:29 +04:00
for suffix in BRUTE_DOC_ROOT_SUFFIXES :
for target in targets :
2016-05-24 13:53:21 +03:00
if not prefix . endswith ( " / %s " % suffix ) :
item = " %s / %s " % ( prefix , suffix )
else :
item = prefix
2013-08-30 12:22:43 +04:00
item = item . replace ( BRUTE_DOC_ROOT_TARGET_MARK , target ) . replace ( " // " , ' / ' ) . rstrip ( ' / ' )
2016-05-24 13:53:21 +03:00
if item not in directories :
directories . append ( item )
2013-01-19 22:04:33 +04:00
2013-05-09 16:26:29 +04:00
if BRUTE_DOC_ROOT_TARGET_MARK not in prefix :
break
2014-08-21 03:12:44 +04:00
infoMsg = " using generated directory list: %s " % ' , ' . join ( directories )
2013-08-30 12:22:43 +04:00
logger . info ( infoMsg )
2014-08-21 03:12:44 +04:00
msg = " use any additional custom directories [Enter for None]: "
2013-08-30 12:22:43 +04:00
answer = readInput ( msg )
if answer :
2014-01-13 21:12:37 +04:00
directories . extend ( answer . split ( ' , ' ) )
2013-08-30 12:22:43 +04:00
2013-05-09 16:26:29 +04:00
else :
2014-01-13 21:12:37 +04:00
directories = defaultDocRoot
2008-10-15 19:38:22 +04:00
2014-01-13 21:12:37 +04:00
return directories
2008-10-15 19:38:22 +04:00
2014-01-13 21:12:37 +04:00
def getAutoDirectories ( ) :
2019-05-06 12:41:19 +03:00
"""
>> > pushValue ( kb . absFilePaths )
>> > kb . absFilePaths = [ " C: \\ inetpub \\ wwwroot \\ index.asp " , " /var/www/html " ]
>> > getAutoDirectories ( )
[ ' C:/inetpub/wwwroot ' , ' /var/www/html ' ]
>> > kb . absFilePaths = popValue ( )
"""
retVal = OrderedSet ( )
2010-11-17 12:46:04 +03:00
2009-04-28 03:05:11 +04:00
if kb . absFilePaths :
2014-01-13 21:12:37 +04:00
infoMsg = " retrieved web server absolute paths: "
2011-01-23 23:47:06 +03:00
infoMsg + = " ' %s ' " % " , " . join ( ntToPosixSlashes ( path ) for path in kb . absFilePaths )
2009-04-28 03:05:11 +04:00
logger . info ( infoMsg )
2010-09-14 01:01:46 +04:00
2009-04-28 03:05:11 +04:00
for absFilePath in kb . absFilePaths :
2009-07-09 15:11:25 +04:00
if absFilePath :
2010-02-04 12:49:31 +03:00
directory = directoryPath ( absFilePath )
2011-01-23 23:47:06 +03:00
directory = ntToPosixSlashes ( directory )
2014-02-02 01:12:00 +04:00
retVal . add ( directory )
2009-04-28 03:05:11 +04:00
else :
2014-08-21 03:19:10 +04:00
warnMsg = " unable to automatically parse any web server path "
2009-04-28 03:05:11 +04:00
logger . warn ( warnMsg )
2008-10-15 19:38:22 +04:00
2014-02-02 01:12:00 +04:00
return list ( retVal )
2010-03-27 02:23:25 +03:00
2013-03-12 23:10:32 +04:00
def filePathToSafeString ( filePath ) :
"""
Returns string representation of a given filepath safe for a single filename usage
>> > filePathToSafeString ( ' C:/Windows/system32 ' )
' C__Windows_system32 '
"""
2013-01-03 00:52:50 +04:00
retVal = filePath . replace ( " / " , " _ " ) . replace ( " \\ " , " _ " )
retVal = retVal . replace ( " " , " _ " ) . replace ( " : " , " _ " )
2008-10-15 19:38:22 +04:00
2013-01-03 00:52:50 +04:00
return retVal
2008-10-15 19:38:22 +04:00
2012-12-19 17:21:16 +04:00
def singleTimeDebugMessage ( message ) :
singleTimeLogMessage ( message , logging . DEBUG )
2011-06-08 18:35:23 +04:00
def singleTimeWarnMessage ( message ) :
singleTimeLogMessage ( message , logging . WARN )
def singleTimeLogMessage ( message , level = logging . INFO , flag = None ) :
2011-06-07 19:13:51 +04:00
if flag is None :
flag = hash ( message )
2013-03-14 00:57:09 +04:00
if not conf . smokeTest and flag not in kb . singleLogFlags :
2011-04-20 02:54:13 +04:00
kb . singleLogFlags . add ( flag )
logger . log ( level , message )
2019-04-29 17:58:53 +03:00
def boldifyMessage ( message , istty = None ) :
2019-04-19 12:24:34 +03:00
"""
Sets ANSI bold marking on entire message if parts found in predefined BOLD_PATTERNS
2019-04-29 17:58:53 +03:00
>> > boldifyMessage ( " Hello World " , istty = True )
2019-04-19 12:24:34 +03:00
' Hello World '
2019-04-29 17:58:53 +03:00
>> > boldifyMessage ( " GET parameter id is not injectable " , istty = True )
2019-04-19 12:24:34 +03:00
' \\ x1b[1mGET parameter id is not injectable \\ x1b[0m '
"""
2012-07-12 18:30:35 +04:00
retVal = message
if any ( _ in message for _ in BOLD_PATTERNS ) :
2019-04-29 17:58:53 +03:00
retVal = setColor ( message , bold = True , istty = istty )
2012-07-12 18:30:35 +04:00
return retVal
2019-04-29 17:58:53 +03:00
def setColor ( message , color = None , bold = False , level = None , istty = None ) :
2019-04-19 12:24:34 +03:00
"""
Sets ANSI color codes
2019-04-29 17:58:53 +03:00
>> > setColor ( " Hello World " , color = " red " , istty = True )
2019-04-19 12:24:34 +03:00
' \\ x1b[31mHello World \\ x1b[0m '
2020-03-06 14:26:31 +03:00
>> > setColor ( " [INFO] Hello World " , istty = True )
' [ \\ x1b[32mINFO \\ x1b[0m] Hello World '
>> > setColor ( " [INFO] Hello [CRITICAL] World " , istty = True )
' [INFO] Hello [CRITICAL] World '
2019-04-19 12:24:34 +03:00
"""
2012-07-11 22:36:32 +04:00
retVal = message
2018-02-06 12:27:10 +03:00
2020-04-17 20:29:36 +03:00
if message :
if ( IS_TTY or istty ) and not conf . get ( " disableColoring " ) : # colorizing handler
if level is None :
levels = re . findall ( r " \ [(?P<result> %s ) \ ] " % ' | ' . join ( _ [ 0 ] for _ in getPublicTypeMembers ( LOGGING_LEVELS ) ) , message )
if len ( levels ) == 1 :
level = levels [ 0 ]
if bold or color :
retVal = colored ( message , color = color , on_color = None , attrs = ( " bold " , ) if bold else None )
elif level :
try :
level = getattr ( logging , level , None )
except :
level = None
2021-01-29 16:38:13 +03:00
retVal = LOGGER_HANDLER . colorize ( message , level , True )
2020-04-17 20:29:36 +03:00
else :
match = re . search ( r " \ (([^)]*) \ s*fork \ ) " , message )
if match :
retVal = retVal . replace ( match . group ( 1 ) , colored ( match . group ( 1 ) , color = " lightgrey " ) )
2020-03-06 14:21:26 +03:00
2020-11-20 15:03:15 +03:00
if not any ( _ in message for _ in ( " Payload: " , ) ) :
for match in re . finditer ( r " ([^ \ w]) ' ([^ \ n ' ]+) ' " , message ) : # single-quoted (Note: watch-out for the banner)
retVal = retVal . replace ( match . group ( 0 ) , " %s ' %s ' " % ( match . group ( 1 ) , colored ( match . group ( 2 ) , color = " lightgrey " ) ) )
2012-07-12 17:23:35 +04:00
2020-04-17 20:29:36 +03:00
message = message . strip ( )
2020-02-07 16:26:01 +03:00
2012-07-11 21:54:21 +04:00
return retVal
2012-07-11 19:48:30 +04:00
2018-02-20 16:02:02 +03:00
def clearColors ( message ) :
"""
Clears ANSI color codes
>> > clearColors ( " \x1b [38;5;82mHello \x1b [38;5;198mWorld " )
' Hello World '
"""
retVal = message
2018-10-03 13:46:40 +03:00
if isinstance ( message , str ) :
2018-02-20 16:02:02 +03:00
retVal = re . sub ( r " \ x1b \ [[ \ d;]+m " , " " , message )
return retVal
2020-03-06 14:21:26 +03:00
def dataToStdout ( data , forceOutput = False , bold = False , contentType = None , status = CONTENT_STATUS . IN_PROGRESS , coloring = True ) :
2012-07-01 03:19:54 +04:00
"""
Writes text to the stdout ( console ) stream
"""
2020-04-17 20:29:36 +03:00
if not IS_TTY and isinstance ( data , six . string_types ) and data . startswith ( " \r " ) :
if re . search ( r " \ ( \ d+ % \ ) " , data ) :
data = " "
else :
data = " \n %s " % data . strip ( " \r " )
2011-12-27 15:41:57 +04:00
if not kb . get ( " threadException " ) :
2018-02-27 14:37:45 +03:00
if forceOutput or not ( getCurrentThreadData ( ) . disableStdOut or kb . get ( " wizardMode " ) ) :
2021-09-29 17:13:13 +03:00
multiThreadMode = kb . get ( " multiThreadMode " )
2019-01-22 15:45:16 +03:00
if multiThreadMode :
2012-07-31 13:03:44 +04:00
logging . _acquireLock ( )
2012-07-11 19:48:30 +04:00
2012-08-31 21:48:45 +04:00
try :
2017-04-10 20:21:22 +03:00
if conf . get ( " api " ) :
2020-03-06 14:21:26 +03:00
sys . stdout . write ( stdoutEncode ( clearColors ( data ) ) , status , contentType )
2016-10-06 00:02:20 +03:00
else :
2020-03-06 14:21:26 +03:00
sys . stdout . write ( stdoutEncode ( setColor ( data , bold = bold ) if coloring else clearColors ( data ) ) )
2016-10-06 00:02:20 +03:00
2012-08-31 21:48:45 +04:00
sys . stdout . flush ( )
except IOError :
pass
2012-07-11 19:48:30 +04:00
2019-01-22 15:45:16 +03:00
if multiThreadMode :
2012-07-11 19:48:30 +04:00
logging . _releaseLock ( )
2019-03-28 15:53:54 +03:00
kb . prependFlag = isinstance ( data , six . string_types ) and ( len ( data ) == 1 and data not in ( ' \n ' , ' \r ' ) or len ( data ) > 2 and data [ 0 ] == ' \r ' and data [ - 1 ] != ' \n ' )
2010-03-27 02:23:25 +03:00
2010-11-08 14:22:47 +03:00
def dataToTrafficFile ( data ) :
if not conf . trafficFile :
return
2012-12-30 14:22:23 +04:00
try :
conf . trafficFP . write ( data )
conf . trafficFP . flush ( )
2019-01-22 02:40:48 +03:00
except IOError as ex :
2012-12-30 14:22:23 +04:00
errMsg = " something went wrong while trying "
2016-01-12 12:27:04 +03:00
errMsg + = " to write to the traffic file ' %s ' ( ' %s ' ) " % ( conf . trafficFile , getSafeExString ( ex ) )
2014-11-23 17:41:24 +03:00
raise SqlmapSystemException ( errMsg )
2010-11-08 14:22:47 +03:00
2008-10-15 19:38:22 +04:00
def dataToDumpFile ( dumpFile , data ) :
2014-12-11 15:29:42 +03:00
try :
dumpFile . write ( data )
dumpFile . flush ( )
2019-01-22 02:40:48 +03:00
except IOError as ex :
2014-12-15 15:36:08 +03:00
if " No space left " in getUnicode ( ex ) :
2014-12-11 15:29:42 +03:00
errMsg = " no space left on output device "
logger . error ( errMsg )
2015-08-27 13:25:25 +03:00
elif " Permission denied " in getUnicode ( ex ) :
errMsg = " permission denied when flushing dump data "
logger . error ( errMsg )
2014-12-11 15:29:42 +03:00
else :
2021-01-18 14:29:35 +03:00
errMsg = " error occurred when writing dump data to file ( ' %s ' ) " % getUnicode ( ex )
logger . error ( errMsg )
2014-12-11 15:29:42 +03:00
2012-12-19 18:12:09 +04:00
def dataToOutFile ( filename , data ) :
2020-08-24 12:10:13 +03:00
"""
Saves data to filename
>> > pushValue ( conf . get ( " filePath " ) )
>> > conf . filePath = tempfile . gettempdir ( )
>> > " _etc_passwd " in dataToOutFile ( " /etc/passwd " , b " :::* " )
True
>> > conf . filePath = popValue ( )
"""
2012-12-21 13:51:35 +04:00
retVal = None
2009-04-22 15:48:07 +04:00
2012-12-21 13:51:35 +04:00
if data :
2016-10-25 00:52:33 +03:00
while True :
retVal = os . path . join ( conf . filePath , filePathToSafeString ( filename ) )
try :
with open ( retVal , " w+b " ) as f : # has to stay as non-codecs because data is raw ASCII encoded data
2019-04-18 17:06:19 +03:00
f . write ( getBytes ( data ) )
2019-01-22 02:40:48 +03:00
except UnicodeEncodeError as ex :
2016-10-25 00:52:33 +03:00
_ = normalizeUnicode ( filename )
if filename != _ :
filename = _
else :
errMsg = " couldn ' t write to the "
errMsg + = " output file ( ' %s ' ) " % getSafeExString ( ex )
raise SqlmapGenericException ( errMsg )
2019-01-22 02:40:48 +03:00
except IOError as ex :
2016-10-25 00:52:33 +03:00
errMsg = " something went wrong while trying to write "
errMsg + = " to the output file ( ' %s ' ) " % getSafeExString ( ex )
raise SqlmapGenericException ( errMsg )
else :
break
2009-04-22 15:48:07 +04:00
2012-07-01 02:33:19 +04:00
return retVal
2009-04-22 15:48:07 +04:00
2017-04-18 16:48:05 +03:00
def readInput ( message , default = None , checkBatch = True , boolean = False ) :
2008-10-15 19:38:22 +04:00
"""
2012-03-28 17:31:07 +04:00
Reads input from terminal
2008-10-15 19:38:22 +04:00
"""
2012-11-21 13:16:13 +04:00
retVal = None
2012-07-11 20:53:32 +04:00
2013-06-10 13:44:56 +04:00
message = getUnicode ( message )
2009-04-22 15:48:07 +04:00
if " \n " in message :
2011-06-30 12:42:43 +04:00
message + = " %s > " % ( " \n " if message . count ( " \n " ) > 1 else " " )
2010-11-05 19:08:42 +03:00
elif message [ - 1 ] == ' ] ' :
message + = " "
2009-04-22 15:48:07 +04:00
2014-12-15 11:30:54 +03:00
if kb . get ( " prependFlag " ) :
2013-02-15 20:11:53 +04:00
message = " \n %s " % message
kb . prependFlag = False
2014-10-27 02:37:46 +03:00
if conf . get ( " answers " ) :
2018-09-05 00:30:58 +03:00
if not any ( _ in conf . answers for _ in " ,= " ) :
return conf . answers
2012-11-21 13:16:13 +04:00
for item in conf . answers . split ( ' , ' ) :
question = item . split ( ' = ' ) [ 0 ] . strip ( )
answer = item . split ( ' = ' ) [ 1 ] if len ( item . split ( ' = ' ) ) > 1 else None
if answer and question . lower ( ) in message . lower ( ) :
retVal = getUnicode ( answer , UNICODE_ENCODING )
2015-09-10 17:21:31 +03:00
elif answer is None and retVal :
retVal = " %s , %s " % ( retVal , getUnicode ( item , UNICODE_ENCODING ) )
2011-02-08 13:08:48 +03:00
2019-05-21 15:37:55 +03:00
if message and IS_TTY :
2018-04-12 12:33:23 +03:00
message = " \r %s " % message
2015-09-10 17:21:31 +03:00
if retVal :
2018-04-12 12:33:23 +03:00
dataToStdout ( " %s %s \n " % ( message , retVal ) , forceOutput = not kb . wizardMode , bold = True )
2008-10-15 19:38:22 +04:00
2015-09-10 17:21:31 +03:00
debugMsg = " used the given answer "
logger . debug ( debugMsg )
2012-11-21 13:16:13 +04:00
if retVal is None :
2020-01-08 12:37:59 +03:00
if checkBatch and conf . get ( " batch " ) or any ( conf . get ( _ ) for _ in ( " api " , " nonInteractive " ) ) :
2012-11-21 13:16:13 +04:00
if isListLike ( default ) :
2017-04-18 16:56:24 +03:00
options = ' , ' . join ( getUnicode ( opt , UNICODE_ENCODING ) for opt in default )
2012-11-21 13:16:13 +04:00
elif default :
options = getUnicode ( default , UNICODE_ENCODING )
else :
2019-04-30 14:20:31 +03:00
options = six . text_type ( )
2012-11-21 13:16:13 +04:00
2018-04-12 12:33:23 +03:00
dataToStdout ( " %s %s \n " % ( message , options ) , forceOutput = not kb . wizardMode , bold = True )
2012-11-21 13:16:13 +04:00
2017-12-13 15:49:55 +03:00
debugMsg = " used the default behavior, running in batch mode "
2012-11-21 13:16:13 +04:00
logger . debug ( debugMsg )
retVal = default
else :
2017-11-24 12:38:29 +03:00
try :
logging . _acquireLock ( )
2015-07-14 00:55:46 +03:00
2017-11-24 12:38:29 +03:00
if conf . get ( " beep " ) :
beep ( )
2015-07-14 00:55:46 +03:00
2018-04-12 12:33:23 +03:00
dataToStdout ( " %s " % message , forceOutput = not kb . wizardMode , bold = True )
2017-11-24 12:38:29 +03:00
kb . prependFlag = False
2013-02-15 13:35:09 +04:00
2019-12-27 20:18:32 +03:00
retVal = _input ( )
if not retVal : # Note: Python doesn't print newline on empty input
dataToStdout ( " \n " )
retVal = retVal . strip ( ) or default
2020-03-03 16:32:01 +03:00
retVal = getUnicode ( retVal , encoding = getattr ( sys . stdin , " encoding " , None ) ) if retVal else retVal
2012-11-21 13:16:13 +04:00
except :
2016-06-20 10:59:50 +03:00
try :
time . sleep ( 0.05 ) # Reference: http://www.gossamer-threads.com/lists/python/python/781893
except :
pass
2016-06-20 11:01:57 +03:00
finally :
kb . prependFlag = True
raise SqlmapUserQuitException
2013-02-15 13:35:09 +04:00
2012-11-21 13:16:13 +04:00
finally :
logging . _releaseLock ( )
2019-03-28 15:53:54 +03:00
if retVal and default and isinstance ( default , six . string_types ) and len ( default ) == 1 :
2017-04-19 15:46:27 +03:00
retVal = retVal . strip ( )
2017-04-18 16:48:05 +03:00
if boolean :
2017-04-19 15:46:27 +03:00
retVal = retVal . strip ( ) . upper ( ) == ' Y '
2019-12-27 17:37:02 +03:00
else :
retVal = retVal or " "
2017-04-18 16:48:05 +03:00
2019-12-27 17:37:02 +03:00
return retVal
2010-09-14 01:01:46 +04:00
2019-07-01 11:43:05 +03:00
def setTechnique ( technique ) :
"""
Thread - safe setting of currently used technique ( Note : dealing with cases of per - thread technique switching )
"""
getCurrentThreadData ( ) . technique = technique
def getTechnique ( ) :
"""
Thread - safe getting of currently used technique
"""
2019-07-30 21:31:22 +03:00
return getCurrentThreadData ( ) . technique or kb . get ( " technique " )
2019-07-01 11:43:05 +03:00
2014-05-27 23:41:07 +04:00
def randomRange ( start = 0 , stop = 1000 , seed = None ) :
2008-10-15 19:38:22 +04:00
"""
2012-03-28 17:31:07 +04:00
Returns random integer value in given range
2013-03-12 23:10:32 +04:00
2019-05-03 14:20:15 +03:00
>> > random . seed ( 0 )
>> > randomRange ( 1 , 500 )
152
2008-10-15 19:38:22 +04:00
"""
2016-04-08 15:41:34 +03:00
if seed is not None :
_ = getCurrentThreadData ( ) . random
_ . seed ( seed )
randint = _ . randint
else :
randint = random . randint
2008-10-15 19:38:22 +04:00
2014-05-27 23:41:07 +04:00
return int ( randint ( start , stop ) )
def randomInt ( length = 4 , seed = None ) :
2008-10-15 19:38:22 +04:00
"""
2012-03-28 17:31:07 +04:00
Returns random integer value with provided number of digits
2013-03-12 23:10:32 +04:00
2019-05-03 14:20:15 +03:00
>> > random . seed ( 0 )
>> > randomInt ( 6 )
963638
2008-10-15 19:38:22 +04:00
"""
2016-04-08 15:41:34 +03:00
if seed is not None :
_ = getCurrentThreadData ( ) . random
_ . seed ( seed )
choice = _ . choice
else :
choice = random . choice
2014-05-27 23:41:07 +04:00
return int ( " " . join ( choice ( string . digits if _ != 0 else string . digits . replace ( ' 0 ' , ' ' ) ) for _ in xrange ( 0 , length ) ) )
2008-10-15 19:38:22 +04:00
2014-05-27 23:41:07 +04:00
def randomStr ( length = 4 , lowercase = False , alphabet = None , seed = None ) :
2008-10-15 19:38:22 +04:00
"""
2012-03-28 17:31:07 +04:00
Returns random string value with provided number of characters
2013-03-12 23:10:32 +04:00
2019-05-03 14:20:15 +03:00
>> > random . seed ( 0 )
>> > randomStr ( 6 )
' FUPGpY '
2008-10-15 19:38:22 +04:00
"""
2016-04-08 15:41:34 +03:00
if seed is not None :
2020-04-03 01:16:38 +03:00
_random = getCurrentThreadData ( ) . random
_random . seed ( seed )
choice = _random . choice
2016-04-08 15:41:34 +03:00
else :
choice = random . choice
2014-05-27 23:41:07 +04:00
2010-10-11 16:26:35 +04:00
if alphabet :
2014-05-27 23:41:07 +04:00
retVal = " " . join ( choice ( alphabet ) for _ in xrange ( 0 , length ) )
2010-10-11 16:26:35 +04:00
elif lowercase :
2014-05-27 23:41:07 +04:00
retVal = " " . join ( choice ( string . ascii_lowercase ) for _ in xrange ( 0 , length ) )
2009-04-22 15:48:07 +04:00
else :
2014-05-27 23:41:07 +04:00
retVal = " " . join ( choice ( string . ascii_letters ) for _ in xrange ( 0 , length ) )
2009-04-22 15:48:07 +04:00
2012-07-01 02:33:19 +04:00
return retVal
2010-09-13 17:31:01 +04:00
2011-12-21 23:40:42 +04:00
def sanitizeStr ( value ) :
2008-10-15 19:38:22 +04:00
"""
2012-03-28 17:31:07 +04:00
Sanitizes string value in respect to newline and line - feed characters
2013-03-12 23:10:32 +04:00
2019-04-30 14:20:31 +03:00
>> > sanitizeStr ( ' foo \\ n \\ rbar ' ) == ' foo bar '
True
2021-01-05 16:50:54 +03:00
>> > sanitizeStr ( None ) == ' None '
True
2008-10-15 19:38:22 +04:00
"""
2021-01-05 16:50:54 +03:00
return getUnicode ( value ) . replace ( " \n " , " " ) . replace ( " \r " , " " )
2008-10-15 19:38:22 +04:00
2015-06-05 18:02:56 +03:00
def getHeader ( headers , key ) :
2017-07-05 15:07:21 +03:00
"""
Returns header value ignoring the letter case
>> > getHeader ( { " Foo " : " bar " } , " foo " )
' bar '
"""
2015-06-05 18:02:56 +03:00
retVal = None
2020-04-03 01:16:38 +03:00
for header in ( headers or { } ) :
if header . upper ( ) == key . upper ( ) :
retVal = headers [ header ]
2015-06-05 18:02:56 +03:00
break
2020-04-03 01:16:38 +03:00
2015-06-05 18:02:56 +03:00
return retVal
2019-03-15 17:36:13 +03:00
def checkPipedInput ( ) :
"""
Checks whether input to program has been provided via standard input ( e . g . cat / tmp / req . txt | python sqlmap . py - r - )
# Reference: https://stackoverflow.com/a/33873570
"""
2020-05-15 13:58:03 +03:00
return hasattr ( sys . stdin , " fileno " ) and not os . isatty ( sys . stdin . fileno ( ) )
2019-03-15 17:36:13 +03:00
2019-05-24 13:01:39 +03:00
def isZipFile ( filename ) :
"""
Checks if file contains zip compressed content
>> > isZipFile ( paths . WORDLIST )
True
"""
checkFile ( filename )
return openFile ( filename , " rb " , encoding = None ) . read ( len ( ZIP_HEADER ) ) == ZIP_HEADER
2019-10-07 15:20:18 +03:00
def isDigit ( value ) :
"""
Checks if provided ( string ) value consists of digits ( Note : Python ' s isdigit() is problematic)
>> > u ' \xb2 ' . isdigit ( )
True
>> > isDigit ( u ' \xb2 ' )
False
>> > isDigit ( ' 123456 ' )
True
>> > isDigit ( ' 3b3 ' )
False
"""
return re . search ( r " \ A[0-9]+ \ Z " , value or " " ) is not None
2016-04-04 13:25:07 +03:00
def checkFile ( filename , raiseOnError = True ) :
2008-10-15 19:38:22 +04:00
"""
2014-11-23 17:55:12 +03:00
Checks for file existence and readability
2018-09-07 12:23:47 +03:00
>> > checkFile ( __file__ )
True
2008-10-15 19:38:22 +04:00
"""
2014-11-23 17:55:12 +03:00
valid = True
2017-08-23 15:10:11 +03:00
if filename :
filename = filename . strip ( ' " \' ' )
2017-08-23 15:08:40 +03:00
2019-03-15 17:36:13 +03:00
if filename == STDIN_PIPE_DASH :
return checkPipedInput ( )
else :
2014-11-23 17:55:12 +03:00
try :
2019-03-15 17:36:13 +03:00
if filename is None or not os . path . isfile ( filename ) :
valid = False
2014-11-23 17:55:12 +03:00
except :
valid = False
2019-03-15 17:36:13 +03:00
if valid :
try :
with open ( filename , " rb " ) :
pass
except :
valid = False
2016-04-04 13:25:07 +03:00
if not valid and raiseOnError :
2014-11-23 17:42:41 +03:00
raise SqlmapSystemException ( " unable to read file ' %s ' " % filename )
2010-03-22 20:38:19 +03:00
2016-04-04 13:25:07 +03:00
return valid
2008-10-15 19:38:22 +04:00
def banner ( ) :
"""
This function prints sqlmap banner with its version
"""
2018-10-03 13:28:55 +03:00
if not any ( _ in sys . argv for _ in ( " --version " , " --api " ) ) and not conf . get ( " disableBanner " ) :
2019-08-26 17:46:21 +03:00
result = BANNER
2016-04-29 01:51:20 +03:00
2020-08-05 23:43:32 +03:00
if not IS_TTY or any ( _ in sys . argv for _ in ( " --disable-coloring " , " --disable-colouring " ) ) :
2019-08-26 17:46:21 +03:00
result = clearColors ( result )
2016-04-29 01:51:20 +03:00
elif IS_WIN :
coloramainit ( )
2019-08-26 17:46:21 +03:00
dataToStdout ( result , forceOutput = True )
2010-09-13 17:31:01 +04:00
2008-10-15 19:38:22 +04:00
def parsePasswordHash ( password ) :
2014-04-12 14:41:54 +04:00
"""
In case of Microsoft SQL Server password hash value is expanded to its components
2019-08-26 17:46:21 +03:00
>> > pushValue ( kb . forcedDbms )
>> > kb . forcedDbms = DBMS . MSSQL
>> > " salt: 4086ceb6 " in parsePasswordHash ( " 0x01004086ceb60c90646a8ab9889fe3ed8e5c150b5460ece8425a " )
True
>> > kb . forcedDbms = popValue ( )
2014-04-12 14:41:54 +04:00
"""
2020-05-15 13:58:03 +03:00
blank = ' ' * 8
2008-10-15 19:38:22 +04:00
2020-05-15 13:58:03 +03:00
if isNoneValue ( password ) or password == ' ' :
2019-08-26 17:46:21 +03:00
retVal = NULL
else :
retVal = password
2008-10-15 19:38:22 +04:00
2019-08-26 17:46:21 +03:00
if Backend . isDbms ( DBMS . MSSQL ) and retVal != NULL and isHexEncodedString ( password ) :
retVal = " %s \n " % password
retVal + = " %s header: %s \n " % ( blank , password [ : 6 ] )
retVal + = " %s salt: %s \n " % ( blank , password [ 6 : 14 ] )
retVal + = " %s mixedcase: %s \n " % ( blank , password [ 14 : 54 ] )
2008-10-15 19:38:22 +04:00
2019-08-26 17:46:21 +03:00
if password [ 54 : ] :
retVal + = " %s uppercase: %s " % ( blank , password [ 54 : ] )
2008-10-15 19:38:22 +04:00
2019-08-26 17:46:21 +03:00
return retVal
2010-01-05 19:15:31 +03:00
2008-10-15 19:38:22 +04:00
def cleanQuery ( query ) :
2014-04-12 14:50:45 +04:00
"""
Switch all SQL statement ( alike ) keywords to upper case
2017-11-02 15:02:38 +03:00
>> > cleanQuery ( " select id from users " )
' SELECT id FROM users '
2014-04-12 14:50:45 +04:00
"""
2012-07-01 02:33:19 +04:00
retVal = query
2008-12-19 23:09:46 +03:00
for sqlStatements in SQL_STATEMENTS . values ( ) :
for sqlStatement in sqlStatements :
2017-11-02 15:02:38 +03:00
candidate = sqlStatement . replace ( " ( " , " " ) . replace ( " ) " , " " ) . strip ( )
queryMatch = re . search ( r " (?i) \ b( %s ) \ b " % candidate , query )
2009-01-28 17:53:11 +03:00
2012-03-15 04:19:57 +04:00
if queryMatch and " sys_exec " not in query :
2017-11-02 15:02:38 +03:00
retVal = retVal . replace ( queryMatch . group ( 1 ) , candidate . upper ( ) )
2008-12-18 23:38:57 +03:00
2012-07-01 02:33:19 +04:00
return retVal
2010-09-13 17:31:01 +04:00
2016-08-02 01:17:59 +03:00
def setPaths ( rootPath ) :
2012-02-24 18:12:19 +04:00
"""
Sets absolute paths for project directories and files
"""
2016-08-02 01:17:59 +03:00
paths . SQLMAP_ROOT_PATH = rootPath
2008-10-15 19:38:22 +04:00
# sqlmap paths
2019-05-24 13:01:39 +03:00
paths . SQLMAP_DATA_PATH = os . path . join ( paths . SQLMAP_ROOT_PATH , " data " )
2011-01-19 02:05:32 +03:00
paths . SQLMAP_EXTRAS_PATH = os . path . join ( paths . SQLMAP_ROOT_PATH , " extra " )
2019-03-20 15:26:53 +03:00
paths . SQLMAP_SETTINGS_PATH = os . path . join ( paths . SQLMAP_ROOT_PATH , " lib " , " core " , " settings.py " )
2011-05-19 01:47:40 +04:00
paths . SQLMAP_TAMPER_PATH = os . path . join ( paths . SQLMAP_ROOT_PATH , " tamper " )
2019-05-24 13:01:39 +03:00
paths . SQLMAP_PROCS_PATH = os . path . join ( paths . SQLMAP_DATA_PATH , " procs " )
paths . SQLMAP_SHELL_PATH = os . path . join ( paths . SQLMAP_DATA_PATH , " shell " )
paths . SQLMAP_TXT_PATH = os . path . join ( paths . SQLMAP_DATA_PATH , " txt " )
paths . SQLMAP_UDF_PATH = os . path . join ( paths . SQLMAP_DATA_PATH , " udf " )
paths . SQLMAP_XML_PATH = os . path . join ( paths . SQLMAP_DATA_PATH , " xml " )
2009-12-18 01:04:01 +03:00
paths . SQLMAP_XML_BANNER_PATH = os . path . join ( paths . SQLMAP_XML_PATH , " banner " )
2015-02-15 19:31:35 +03:00
paths . SQLMAP_XML_PAYLOADS_PATH = os . path . join ( paths . SQLMAP_XML_PATH , " payloads " )
2014-04-28 00:40:41 +04:00
2019-05-24 13:01:39 +03:00
# sqlmap files
paths . COMMON_COLUMNS = os . path . join ( paths . SQLMAP_TXT_PATH , " common-columns.txt " )
2019-06-27 18:28:43 +03:00
paths . COMMON_FILES = os . path . join ( paths . SQLMAP_TXT_PATH , " common-files.txt " )
2019-05-24 13:01:39 +03:00
paths . COMMON_TABLES = os . path . join ( paths . SQLMAP_TXT_PATH , " common-tables.txt " )
paths . COMMON_OUTPUTS = os . path . join ( paths . SQLMAP_TXT_PATH , ' common-outputs.txt ' )
paths . SQL_KEYWORDS = os . path . join ( paths . SQLMAP_TXT_PATH , " keywords.txt " )
paths . SMALL_DICT = os . path . join ( paths . SQLMAP_TXT_PATH , " smalldict.txt " )
paths . USER_AGENTS = os . path . join ( paths . SQLMAP_TXT_PATH , " user-agents.txt " )
paths . WORDLIST = os . path . join ( paths . SQLMAP_TXT_PATH , " wordlist.tx_ " )
paths . ERRORS_XML = os . path . join ( paths . SQLMAP_XML_PATH , " errors.xml " )
paths . BOUNDARIES_XML = os . path . join ( paths . SQLMAP_XML_PATH , " boundaries.xml " )
paths . QUERIES_XML = os . path . join ( paths . SQLMAP_XML_PATH , " queries.xml " )
paths . GENERIC_XML = os . path . join ( paths . SQLMAP_XML_BANNER_PATH , " generic.xml " )
paths . MSSQL_XML = os . path . join ( paths . SQLMAP_XML_BANNER_PATH , " mssql.xml " )
paths . MYSQL_XML = os . path . join ( paths . SQLMAP_XML_BANNER_PATH , " mysql.xml " )
paths . ORACLE_XML = os . path . join ( paths . SQLMAP_XML_BANNER_PATH , " oracle.xml " )
paths . PGSQL_XML = os . path . join ( paths . SQLMAP_XML_BANNER_PATH , " postgresql.xml " )
for path in paths . values ( ) :
if any ( path . endswith ( _ ) for _ in ( " .txt " , " .xml " , " .tx_ " ) ) :
checkFile ( path )
2019-02-05 18:58:18 +03:00
if IS_WIN :
2020-04-03 01:16:38 +03:00
# Reference: https://pureinfotech.com/list-environment-variables-windows-10/
2019-02-05 18:58:18 +03:00
if os . getenv ( " LOCALAPPDATA " ) :
paths . SQLMAP_HOME_PATH = os . path . expandvars ( " % LOCALAPPDATA % \\ sqlmap " )
elif os . getenv ( " USERPROFILE " ) :
paths . SQLMAP_HOME_PATH = os . path . expandvars ( " % USERPROFILE % \\ Local Settings \\ sqlmap " )
else :
paths . SQLMAP_HOME_PATH = os . path . join ( os . path . expandvars ( os . path . expanduser ( " ~ " ) ) , " sqlmap " )
else :
paths . SQLMAP_HOME_PATH = os . path . join ( os . path . expandvars ( os . path . expanduser ( " ~ " ) ) , " .sqlmap " )
2020-05-11 18:55:48 +03:00
if not os . path . isdir ( paths . SQLMAP_HOME_PATH ) :
if " XDG_DATA_HOME " in os . environ :
paths . SQLMAP_HOME_PATH = os . path . join ( os . environ [ " XDG_DATA_HOME " ] , " sqlmap " )
else :
paths . SQLMAP_HOME_PATH = os . path . join ( os . path . expandvars ( os . path . expanduser ( " ~ " ) ) , " .local " , " share " , " sqlmap " )
2019-02-05 18:58:18 +03:00
paths . SQLMAP_OUTPUT_PATH = getUnicode ( paths . get ( " SQLMAP_OUTPUT_PATH " , os . path . join ( paths . SQLMAP_HOME_PATH , " output " ) ) , encoding = sys . getfilesystemencoding ( ) or UNICODE_ENCODING )
2011-01-19 02:05:32 +03:00
paths . SQLMAP_DUMP_PATH = os . path . join ( paths . SQLMAP_OUTPUT_PATH , " %s " , " dump " )
paths . SQLMAP_FILES_PATH = os . path . join ( paths . SQLMAP_OUTPUT_PATH , " %s " , " files " )
2008-10-15 19:38:22 +04:00
2020-04-03 01:16:38 +03:00
# History files
2019-02-05 18:58:18 +03:00
paths . SQLMAP_HISTORY_PATH = getUnicode ( os . path . join ( paths . SQLMAP_HOME_PATH , " history " ) , encoding = sys . getfilesystemencoding ( ) or UNICODE_ENCODING )
2018-06-21 00:52:08 +03:00
paths . API_SHELL_HISTORY = os . path . join ( paths . SQLMAP_HISTORY_PATH , " api.hst " )
paths . OS_SHELL_HISTORY = os . path . join ( paths . SQLMAP_HISTORY_PATH , " os.hst " )
paths . SQL_SHELL_HISTORY = os . path . join ( paths . SQLMAP_HISTORY_PATH , " sql.hst " )
paths . SQLMAP_SHELL_HISTORY = os . path . join ( paths . SQLMAP_HISTORY_PATH , " sqlmap.hst " )
paths . GITHUB_HISTORY = os . path . join ( paths . SQLMAP_HISTORY_PATH , " github.hst " )
2008-10-15 19:38:22 +04:00
def weAreFrozen ( ) :
"""
Returns whether we are frozen via py2exe .
This will affect how we find out where we are located .
2019-04-29 17:58:53 +03:00
# Reference: http://www.py2exe.org/index.cgi/WhereAmI
2008-10-15 19:38:22 +04:00
"""
return hasattr ( sys , " frozen " )
2010-03-27 02:23:25 +03:00
def parseTargetDirect ( ) :
"""
2019-05-06 12:41:19 +03:00
Parse target dbms and set some attributes into the configuration singleton
>> > pushValue ( conf . direct )
>> > conf . direct = " mysql://root:testpass@127.0.0.1:3306/testdb "
>> > parseTargetDirect ( )
>> > conf . dbmsDb
' testdb '
>> > conf . dbmsPass
' testpass '
>> > conf . direct = popValue ( )
2010-03-27 02:23:25 +03:00
"""
if not conf . direct :
return
details = None
2010-04-13 15:00:15 +04:00
remote = False
2010-03-27 02:23:25 +03:00
for dbms in SUPPORTED_DBMS :
2021-02-08 22:47:37 +03:00
details = re . search ( r " ^(?P<dbms> %s )://(?P<credentials>(?P<user>.*?) \ :(?P<pass>.*) \ @)?(?P<remote>(?P<hostname>[ \ w.-]+?) \ :(?P<port>[ \ d]+) \ /)?(?P<db>[ \ w \ d \ \ : \ . \ _ \ - \ / \\ ]*)$ " % dbms , conf . direct , re . I )
2010-09-13 17:31:01 +04:00
2010-03-27 02:23:25 +03:00
if details :
2013-10-27 02:24:57 +04:00
conf . dbms = details . group ( " dbms " )
2010-03-31 14:50:47 +04:00
2020-05-15 13:58:03 +03:00
if details . group ( " credentials " ) :
2013-10-27 02:24:57 +04:00
conf . dbmsUser = details . group ( " user " )
conf . dbmsPass = details . group ( " pass " )
2010-03-30 15:06:30 +04:00
else :
2013-04-17 13:12:15 +04:00
if conf . dbmsCred :
conf . dbmsUser , conf . dbmsPass = conf . dbmsCred . split ( ' : ' )
else :
2017-07-03 15:17:11 +03:00
conf . dbmsUser = " "
conf . dbmsPass = " "
2010-03-31 14:50:47 +04:00
2010-04-29 17:34:03 +04:00
if not conf . dbmsPass :
conf . dbmsPass = None
2013-10-27 02:24:57 +04:00
if details . group ( " remote " ) :
2010-04-13 15:00:15 +04:00
remote = True
2013-10-27 02:24:57 +04:00
conf . hostname = details . group ( " hostname " ) . strip ( )
conf . port = int ( details . group ( " port " ) )
2010-03-30 15:21:26 +04:00
else :
2010-03-30 15:06:30 +04:00
conf . hostname = " localhost "
2011-01-19 02:05:32 +03:00
conf . port = 0
2010-03-31 14:50:47 +04:00
2018-08-22 11:41:43 +03:00
conf . dbmsDb = details . group ( " db " ) . strip ( ) if details . group ( " db " ) is not None else None
2010-03-27 02:23:25 +03:00
conf . parameters [ None ] = " direct connection "
break
2019-05-06 12:41:19 +03:00
if kb . smokeMode :
return
2010-03-27 02:23:25 +03:00
if not details :
2010-03-31 14:50:47 +04:00
errMsg = " invalid target details, valid syntax is for instance "
errMsg + = " ' mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME ' "
errMsg + = " or ' access://DATABASE_FILEPATH ' "
2013-01-04 02:20:55 +04:00
raise SqlmapSyntaxException ( errMsg )
2010-03-27 02:23:25 +03:00
2011-04-23 20:25:09 +04:00
for dbmsName , data in DBMS_DICT . items ( ) :
2014-12-07 17:55:22 +03:00
if dbmsName == conf . dbms or conf . dbms . lower ( ) in data [ 0 ] :
2010-03-27 02:23:25 +03:00
try :
2019-05-07 16:59:26 +03:00
conf . dbms = dbmsName
2010-11-02 15:08:28 +03:00
if dbmsName in ( DBMS . ACCESS , DBMS . SQLITE , DBMS . FIREBIRD ) :
2010-04-13 15:00:15 +04:00
if remote :
2010-04-13 15:13:01 +04:00
warnMsg = " direct connection over the network for "
warnMsg + = " %s DBMS is not supported " % dbmsName
logger . warn ( warnMsg )
conf . hostname = " localhost "
2011-01-19 02:05:32 +03:00
conf . port = 0
2010-04-13 15:13:01 +04:00
elif not remote :
2014-12-07 17:55:22 +03:00
errMsg = " missing remote connection details (e.g. "
errMsg + = " ' mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME ' "
errMsg + = " or ' access://DATABASE_FILEPATH ' ) "
2013-01-10 19:09:28 +04:00
raise SqlmapSyntaxException ( errMsg )
2010-04-13 15:00:15 +04:00
2011-02-04 18:57:53 +03:00
if dbmsName in ( DBMS . MSSQL , DBMS . SYBASE ) :
2018-03-13 13:13:38 +03:00
__import__ ( " _mssql " )
2019-06-01 14:42:57 +03:00
pymssql = __import__ ( " pymssql " )
2010-03-31 19:31:11 +04:00
if not hasattr ( pymssql , " __version__ " ) or pymssql . __version__ < " 1.0.2 " :
2011-06-13 22:44:02 +04:00
errMsg = " ' %s ' third-party library must be " % data [ 1 ]
errMsg + = " version >= 1.0.2 to work properly. "
2012-02-09 13:48:47 +04:00
errMsg + = " Download from ' %s ' " % data [ 2 ]
2013-01-04 02:20:55 +04:00
raise SqlmapMissingDependence ( errMsg )
2010-03-31 19:31:11 +04:00
2010-11-02 15:08:28 +03:00
elif dbmsName == DBMS . MYSQL :
2018-03-13 13:13:38 +03:00
__import__ ( " pymysql " )
2010-12-04 01:28:09 +03:00
elif dbmsName == DBMS . PGSQL :
2018-03-13 13:13:38 +03:00
__import__ ( " psycopg2 " )
2010-11-02 15:08:28 +03:00
elif dbmsName == DBMS . ORACLE :
2018-03-13 13:13:38 +03:00
__import__ ( " cx_Oracle " )
2018-05-09 14:38:39 +03:00
# Reference: http://itsiti.com/ora-28009-connection-sys-sysdba-sysoper
if ( conf . dbmsUser or " " ) . upper ( ) == " SYS " :
conf . direct = " %s ?mode=SYSDBA " % conf . direct
2010-11-02 15:08:28 +03:00
elif dbmsName == DBMS . SQLITE :
2018-03-13 13:13:38 +03:00
__import__ ( " sqlite3 " )
2010-11-02 15:08:28 +03:00
elif dbmsName == DBMS . ACCESS :
2018-03-13 13:13:38 +03:00
__import__ ( " pyodbc " )
2010-11-02 15:08:28 +03:00
elif dbmsName == DBMS . FIREBIRD :
2018-03-13 13:13:38 +03:00
__import__ ( " kinterbasdb " )
2018-11-02 17:44:44 +03:00
except ( SqlmapSyntaxException , SqlmapMissingDependence ) :
raise
2017-10-20 11:00:26 +03:00
except :
2018-11-02 18:18:08 +03:00
if _sqlalchemy and data [ 3 ] and any ( _ in _sqlalchemy . dialects . __all__ for _ in ( data [ 3 ] , data [ 3 ] . split ( ' + ' ) [ 0 ] ) ) :
2013-04-15 16:20:21 +04:00
pass
else :
errMsg = " sqlmap requires ' %s ' third-party library " % data [ 1 ]
2014-12-05 13:15:33 +03:00
errMsg + = " in order to directly connect to the DBMS "
2016-10-05 00:39:18 +03:00
errMsg + = " ' %s ' . You can download it from ' %s ' " % ( dbmsName , data [ 2 ] )
2013-04-15 16:20:21 +04:00
errMsg + = " . Alternative is to use a package ' python-sqlalchemy ' "
errMsg + = " with support for dialect ' %s ' installed " % data [ 3 ]
raise SqlmapMissingDependence ( errMsg )
2010-03-27 02:23:25 +03:00
2008-10-15 19:38:22 +04:00
def parseTargetUrl ( ) :
"""
2019-05-06 12:41:19 +03:00
Parse target URL and set some attributes into the configuration singleton
>> > pushValue ( conf . url )
>> > conf . url = " https://www.test.com/?id=1 "
>> > parseTargetUrl ( )
>> > conf . hostname
' www.test.com '
>> > conf . scheme
' https '
>> > conf . url = popValue ( )
2008-10-15 19:38:22 +04:00
"""
2012-02-24 18:12:19 +04:00
2008-10-15 19:38:22 +04:00
if not conf . url :
return
2012-08-15 18:37:18 +04:00
originalUrl = conf . url
2020-05-15 13:58:03 +03:00
if re . search ( r " :// \ [.+ \ ] " , conf . url ) and not socket . has_ipv6 :
2020-04-03 01:16:38 +03:00
errMsg = " IPv6 communication is not supported "
2012-05-25 01:36:35 +04:00
errMsg + = " on this platform "
2013-01-04 02:20:55 +04:00
raise SqlmapGenericException ( errMsg )
2012-05-25 01:36:35 +04:00
2019-06-07 00:45:30 +03:00
if not re . search ( r " ^(http|ws)s?:// " , conf . url , re . I ) :
2018-03-16 16:38:47 +03:00
if re . search ( r " :443 \ b " , conf . url ) :
2018-01-15 16:04:41 +03:00
conf . url = " https:// %s " % conf . url
2008-10-15 19:38:22 +04:00
else :
2018-01-15 16:04:41 +03:00
conf . url = " http:// %s " % conf . url
2008-10-15 19:38:22 +04:00
2017-07-20 03:41:47 +03:00
if kb . customInjectionMark in conf . url :
2011-02-04 15:43:18 +03:00
conf . url = conf . url . replace ( ' ? ' , URI_QUESTION_MARKER )
2014-11-13 12:28:38 +03:00
try :
2019-03-27 04:55:44 +03:00
urlSplit = _urllib . parse . urlsplit ( conf . url )
2019-01-22 02:40:48 +03:00
except ValueError as ex :
2016-01-12 12:27:04 +03:00
errMsg = " invalid URL ' %s ' has been given ( ' %s ' ). " % ( conf . url , getSafeExString ( ex ) )
2014-11-13 12:28:38 +03:00
errMsg + = " Please be sure that you don ' t have any leftover characters (e.g. ' [ ' or ' ] ' ) "
errMsg + = " in the hostname part "
raise SqlmapGenericException ( errMsg )
2019-03-29 04:28:16 +03:00
hostnamePort = urlSplit . netloc . split ( " : " ) if not re . search ( r " \ [.+ \ ] " , urlSplit . netloc ) else filterNone ( ( re . search ( r " \ [.+ \ ] " , urlSplit . netloc ) . group ( 0 ) , re . search ( r " \ ](:(?P<port> \ d+))? " , urlSplit . netloc ) . group ( " port " ) ) )
2008-10-15 19:38:22 +04:00
2019-06-07 00:45:30 +03:00
conf . scheme = ( urlSplit . scheme . strip ( ) . lower ( ) or " http " )
2013-01-10 18:41:07 +04:00
conf . path = urlSplit . path . strip ( )
2012-07-01 03:19:54 +04:00
conf . hostname = hostnamePort [ 0 ] . strip ( )
2012-05-25 02:07:50 +04:00
2019-06-07 00:45:30 +03:00
if conf . forceSSL :
conf . scheme = re . sub ( r " (?i) \ A(http|ws) \ Z " , r " \ g<1>s " , conf . scheme )
2012-05-25 02:07:50 +04:00
conf . ipv6 = conf . hostname != conf . hostname . strip ( " [] " )
2017-07-20 03:41:47 +03:00
conf . hostname = conf . hostname . strip ( " [] " ) . replace ( kb . customInjectionMark , " " )
2011-01-24 17:52:50 +03:00
2012-01-07 20:06:18 +04:00
try :
2018-03-13 13:25:26 +03:00
conf . hostname . encode ( " idna " )
conf . hostname . encode ( UNICODE_ENCODING )
except ( LookupError , UnicodeError ) :
invalid = True
else :
invalid = False
2012-01-07 20:06:18 +04:00
2018-03-13 13:25:26 +03:00
if any ( ( invalid , re . search ( r " \ s " , conf . hostname ) , ' .. ' in conf . hostname , conf . hostname . startswith ( ' . ' ) , ' \n ' in originalUrl ) ) :
2016-05-24 15:17:00 +03:00
errMsg = " invalid target URL ( ' %s ' ) " % originalUrl
2013-01-04 02:20:55 +04:00
raise SqlmapSyntaxException ( errMsg )
2008-10-15 19:38:22 +04:00
2012-07-01 03:19:54 +04:00
if len ( hostnamePort ) == 2 :
2010-02-10 15:06:23 +03:00
try :
2012-07-01 03:19:54 +04:00
conf . port = int ( hostnamePort [ 1 ] )
2010-02-10 15:06:23 +03:00
except :
2013-04-09 13:48:42 +04:00
errMsg = " invalid target URL "
2013-01-04 02:20:55 +04:00
raise SqlmapSyntaxException ( errMsg )
2019-06-07 00:45:30 +03:00
elif conf . scheme in ( " https " , " wss " ) :
2008-10-15 19:38:22 +04:00
conf . port = 443
else :
conf . port = 80
2017-07-20 04:09:09 +03:00
if conf . port < 1 or conf . port > 65535 :
2020-04-03 01:16:38 +03:00
errMsg = " invalid target URL port ( %d ) " % conf . port
2016-06-10 19:18:48 +03:00
raise SqlmapSyntaxException ( errMsg )
2012-07-03 23:00:18 +04:00
conf . url = getUnicode ( " %s :// %s : %d %s " % ( conf . scheme , ( " [ %s ] " % conf . hostname ) if conf . ipv6 else conf . hostname , conf . port , conf . path ) )
2011-02-04 15:43:18 +03:00
conf . url = conf . url . replace ( URI_QUESTION_MARKER , ' ? ' )
2010-09-14 01:01:46 +04:00
2016-05-10 10:55:03 +03:00
if urlSplit . query :
if ' = ' not in urlSplit . query :
conf . url = " %s ? %s " % ( conf . url , getUnicode ( urlSplit . query ) )
else :
2019-12-19 19:35:39 +03:00
conf . parameters [ PLACE . GET ] = urldecode ( urlSplit . query , spaceplus = not conf . base64Parameter ) if urlSplit . query and urlencode ( DEFAULT_GET_POST_DELIMITER , None ) not in urlSplit . query else urlSplit . query
2016-05-10 10:55:03 +03:00
2020-02-17 15:48:22 +03:00
if ( intersect ( REFERER_ALIASES , conf . testParameter , True ) or conf . level > = 3 ) and not any ( _ [ 0 ] . upper ( ) == HTTP_HEADER . REFERER . upper ( ) for _ in conf . httpHeaders ) :
2013-04-09 13:48:42 +04:00
debugMsg = " setting the HTTP Referer header to the target URL "
2012-04-04 14:35:52 +04:00
logger . debug ( debugMsg )
2017-04-19 17:13:05 +03:00
conf . httpHeaders = [ _ for _ in conf . httpHeaders if _ [ 0 ] != HTTP_HEADER . REFERER ]
2017-07-20 03:41:47 +03:00
conf . httpHeaders . append ( ( HTTP_HEADER . REFERER , conf . url . replace ( kb . customInjectionMark , " " ) ) )
2012-04-04 14:35:52 +04:00
2020-02-17 15:48:22 +03:00
if ( intersect ( HOST_ALIASES , conf . testParameter , True ) or conf . level > = 5 ) and not any ( _ [ 0 ] . upper ( ) == HTTP_HEADER . HOST . upper ( ) for _ in conf . httpHeaders ) :
2013-04-09 13:48:42 +04:00
debugMsg = " setting the HTTP Host header to the target URL "
2012-04-04 14:35:52 +04:00
logger . debug ( debugMsg )
2017-04-19 17:13:05 +03:00
conf . httpHeaders = [ _ for _ in conf . httpHeaders if _ [ 0 ] != HTTP_HEADER . HOST ]
2013-03-20 14:10:24 +04:00
conf . httpHeaders . append ( ( HTTP_HEADER . HOST , getHostHeader ( conf . url ) ) )
2012-04-04 14:35:52 +04:00
2013-01-17 17:17:39 +04:00
if conf . url != originalUrl :
kb . originalUrls [ conf . url ] = originalUrl
2012-08-15 18:37:18 +04:00
2018-04-11 16:19:44 +03:00
def escapeJsonValue ( value ) :
"""
Escapes JSON value ( used in payloads )
# Reference: https://stackoverflow.com/a/16652683
2020-08-24 12:10:13 +03:00
>> > " \\ n " in escapeJsonValue ( " foo \\ nbar " )
False
>> > " \\ \\ t " in escapeJsonValue ( " foo \\ tbar " )
True
2018-04-11 16:19:44 +03:00
"""
retVal = " "
for char in value :
if char < ' ' or char == ' " ' :
retVal + = json . dumps ( char ) [ 1 : - 1 ]
else :
retVal + = char
return retVal
2008-10-15 19:38:22 +04:00
def expandAsteriskForColumns ( expression ) :
2012-02-24 18:12:19 +04:00
"""
If the user provided an asterisk rather than the column ( s )
name , sqlmap will retrieve the columns itself and reprocess
the SQL query string ( expression )
"""
2020-10-21 15:44:07 +03:00
match = re . search ( r " (?i) \ ASELECT( \ s+TOP \ s+[ \ d]+)? \ s+ \ * \ s+FROM \ s+((`[^`]+`|[^ \ s]+)+) " , expression )
2008-10-15 19:38:22 +04:00
2018-07-27 01:30:30 +03:00
if match :
2011-01-19 02:05:32 +03:00
infoMsg = " you did not provide the fields in your query. "
2008-10-15 19:38:22 +04:00
infoMsg + = " sqlmap will retrieve the column names itself "
logger . info ( infoMsg )
2018-07-27 01:30:30 +03:00
_ = match . group ( 2 ) . replace ( " .. " , ' . ' ) . replace ( " .dbo. " , ' . ' )
2017-10-31 11:55:14 +03:00
db , conf . tbl = _ . split ( ' . ' , 1 ) if ' . ' in _ else ( None , _ )
2014-08-27 01:11:44 +04:00
if db is None :
2019-04-30 15:04:39 +03:00
if expression != conf . sqlQuery :
2014-08-27 01:11:44 +04:00
conf . db = db
2019-11-17 20:31:53 +03:00
elif conf . db :
2019-05-08 13:28:50 +03:00
expression = re . sub ( r " ([^ \ w]) %s " % re . escape ( conf . tbl ) , r " \ g<1> %s . %s " % ( conf . db , conf . tbl ) , expression )
2014-08-27 01:11:44 +04:00
else :
conf . db = db
2017-10-31 11:55:14 +03:00
2012-12-21 12:47:58 +04:00
conf . db = safeSQLIdentificatorNaming ( conf . db )
conf . tbl = safeSQLIdentificatorNaming ( conf . tbl , True )
2008-11-13 01:53:25 +03:00
2008-10-15 19:38:22 +04:00
columnsDict = conf . dbmsHandler . getColumns ( onlyColNames = True )
if columnsDict and conf . db in columnsDict and conf . tbl in columnsDict [ conf . db ] :
2019-01-22 05:00:44 +03:00
columns = list ( columnsDict [ conf . db ] [ conf . tbl ] . keys ( ) )
2008-10-15 19:38:22 +04:00
columns . sort ( )
2011-11-20 23:38:56 +04:00
columnsStr = " , " . join ( column for column in columns )
2017-10-31 11:55:14 +03:00
expression = expression . replace ( ' * ' , columnsStr , 1 )
2008-10-15 19:38:22 +04:00
2013-08-13 22:40:36 +04:00
infoMsg = " the query with expanded column name(s) is: "
2008-10-15 19:38:22 +04:00
infoMsg + = " %s " % expression
logger . info ( infoMsg )
return expression
2010-01-09 02:50:06 +03:00
2015-09-28 12:11:39 +03:00
def getLimitRange ( count , plusOne = False ) :
2012-02-16 18:42:28 +04:00
"""
Returns range of values used in limit / offset constructs
2013-03-12 23:10:32 +04:00
>> > [ _ for _ in getLimitRange ( 10 ) ]
[ 0 , 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 , 9 ]
2012-02-16 18:42:28 +04:00
"""
retVal = None
2011-01-19 02:05:32 +03:00
count = int ( count )
2012-02-16 18:42:28 +04:00
limitStart , limitStop = 1 , count
2017-08-11 11:47:32 +03:00
reverse = False
2008-10-15 19:38:22 +04:00
2017-03-01 13:09:55 +03:00
if kb . dumpTable :
2017-08-11 11:47:32 +03:00
if conf . limitStart and conf . limitStop and conf . limitStart > conf . limitStop :
limitStop = conf . limitStart
limitStart = conf . limitStop
reverse = True
else :
if isinstance ( conf . limitStop , int ) and conf . limitStop > 0 and conf . limitStop < limitStop :
limitStop = conf . limitStop
2008-10-15 19:38:22 +04:00
2017-08-11 11:47:32 +03:00
if isinstance ( conf . limitStart , int ) and conf . limitStart > 0 and conf . limitStart < = limitStop :
limitStart = conf . limitStart
2008-10-15 19:38:22 +04:00
2012-02-16 18:42:28 +04:00
retVal = xrange ( limitStart , limitStop + 1 ) if plusOne else xrange ( limitStart - 1 , limitStop )
2008-10-15 19:38:22 +04:00
2017-08-11 11:47:32 +03:00
if reverse :
retVal = xrange ( retVal [ - 1 ] , retVal [ 0 ] - 1 , - 1 )
2012-02-16 18:42:28 +04:00
return retVal
2010-09-14 01:01:46 +04:00
2012-06-16 00:41:53 +04:00
def parseUnionPage ( page ) :
2012-02-16 18:42:28 +04:00
"""
2012-12-19 04:30:22 +04:00
Returns resulting items from UNION query inside provided page content
2021-01-12 18:55:15 +03:00
>> > parseUnionPage ( " %s foo %s %s bar %s " % ( kb . chars . start , kb . chars . stop , kb . chars . start , kb . chars . stop ) )
[ ' foo ' , ' bar ' ]
2012-02-16 18:42:28 +04:00
"""
2012-05-09 22:47:40 +04:00
if page is None :
2011-02-02 01:05:12 +03:00
return None
2017-10-31 11:55:14 +03:00
if re . search ( r " (?si) \ A %s .* %s \ Z " % ( kb . chars . start , kb . chars . stop ) , page ) :
2012-05-09 22:47:40 +04:00
if len ( page ) > LARGE_OUTPUT_THRESHOLD :
2011-12-23 00:14:56 +04:00
warnMsg = " large output detected. This might take a while "
logger . warn ( warnMsg )
2011-12-23 00:08:28 +04:00
data = BigArray ( )
2012-08-08 02:03:58 +04:00
keys = set ( )
2011-12-23 00:08:28 +04:00
2017-10-31 13:38:09 +03:00
for match in re . finditer ( r " %s (.*?) %s " % ( kb . chars . start , kb . chars . stop ) , page , re . DOTALL | re . IGNORECASE ) :
2012-05-09 22:47:40 +04:00
entry = match . group ( 1 )
2011-07-25 00:44:17 +04:00
2012-05-09 22:47:40 +04:00
if kb . chars . start in entry :
entry = entry . split ( kb . chars . start ) [ - 1 ]
2011-12-22 14:44:14 +04:00
2012-06-16 00:41:53 +04:00
if kb . unionDuplicates :
2011-12-22 03:23:00 +04:00
key = entry . lower ( )
2012-08-08 02:03:58 +04:00
if key not in keys :
keys . add ( key )
2011-12-22 14:32:21 +04:00
else :
continue
2008-12-10 20:23:07 +03:00
2011-12-22 14:59:28 +04:00
entry = entry . split ( kb . chars . delimiter )
2011-07-29 14:45:09 +04:00
2012-03-14 14:31:24 +04:00
if conf . hexConvert :
2019-05-03 14:20:15 +03:00
entry = applyFunctionRecursively ( entry , decodeDbmsHexValue )
2012-03-14 14:31:24 +04:00
if kb . safeCharEncode :
entry = applyFunctionRecursively ( entry , safecharencode )
2011-12-22 14:32:21 +04:00
data . append ( entry [ 0 ] if len ( entry ) == 1 else entry )
2011-07-25 00:44:17 +04:00
else :
2012-05-09 22:47:40 +04:00
data = page
2008-12-10 20:23:07 +03:00
2019-03-28 15:53:54 +03:00
if len ( data ) == 1 and isinstance ( data [ 0 ] , six . string_types ) :
2008-12-10 20:23:07 +03:00
data = data [ 0 ]
return data
2010-01-05 14:43:16 +03:00
2011-11-22 12:39:13 +04:00
def parseFilePaths ( page ) :
"""
2012-02-16 18:42:28 +04:00
Detects ( possible ) absolute system paths inside the provided page content
2018-09-07 12:23:47 +03:00
>> > _ = " /var/www/html/index.php " ; parseFilePaths ( " <html>Error occurred at line 207 of: %s <br>Please contact your administrator</html> " % _ ) ; _ in kb . absFilePaths
True
2011-11-22 12:39:13 +04:00
"""
if page :
2016-05-25 16:29:25 +03:00
for regex in FILE_PATH_REGEXES :
2011-11-22 12:39:13 +04:00
for match in re . finditer ( regex , page ) :
absFilePath = match . group ( " result " ) . strip ( )
page = page . replace ( absFilePath , " " )
if isWindowsDriveLetterPath ( absFilePath ) :
absFilePath = posixToNtSlashes ( absFilePath )
if absFilePath not in kb . absFilePaths :
kb . absFilePaths . add ( absFilePath )
2009-04-22 15:48:07 +04:00
def getLocalIP ( ) :
2014-02-02 01:12:00 +04:00
"""
Get local IP address ( exposed to the remote / target )
"""
2010-11-04 15:51:04 +03:00
retVal = None
2012-07-01 02:33:19 +04:00
2010-11-04 15:51:04 +03:00
try :
s = socket . socket ( socket . AF_INET , socket . SOCK_STREAM )
s . connect ( ( conf . hostname , conf . port ) )
retVal , _ = s . getsockname ( )
s . close ( )
except :
debugMsg = " there was an error in opening socket "
debugMsg + = " connection toward ' %s ' " % conf . hostname
logger . debug ( debugMsg )
2009-04-22 15:48:07 +04:00
2010-11-04 15:51:04 +03:00
return retVal
2009-04-22 15:48:07 +04:00
def getRemoteIP ( ) :
2014-02-02 01:12:00 +04:00
"""
Get remote / target IP address
2020-08-24 12:10:13 +03:00
>> > pushValue ( conf . hostname )
>> > conf . hostname = " localhost "
>> > getRemoteIP ( ) == " 127.0.0.1 "
True
>> > conf . hostname = popValue ( )
2014-02-02 01:12:00 +04:00
"""
2013-05-29 17:26:11 +04:00
retVal = None
2013-05-29 17:46:59 +04:00
2013-05-29 17:26:11 +04:00
try :
retVal = socket . gethostbyname ( conf . hostname )
except socket . gaierror :
errMsg = " address resolution problem "
errMsg + = " occurred for hostname ' %s ' " % conf . hostname
singleTimeLogMessage ( errMsg , logging . ERROR )
2013-05-29 17:46:59 +04:00
2013-05-29 17:26:11 +04:00
return retVal
2009-04-22 15:48:07 +04:00
def getFileType ( filePath ) :
2017-07-05 15:07:21 +03:00
"""
Returns " magic " file type for given file path
>> > getFileType ( __file__ )
' text '
2019-05-08 13:28:50 +03:00
>> > getFileType ( sys . executable )
' binary '
2017-07-05 15:07:21 +03:00
"""
2009-04-22 16:44:16 +04:00
try :
2019-05-08 18:21:40 +03:00
desc = magic . from_file ( filePath ) or magic . MAGIC_UNKNOWN_FILETYPE
2009-04-22 16:44:16 +04:00
except :
2019-05-08 13:28:50 +03:00
desc = magic . MAGIC_UNKNOWN_FILETYPE
2019-05-08 18:21:40 +03:00
finally :
desc = getText ( desc )
2019-05-08 13:28:50 +03:00
2019-05-20 12:48:45 +03:00
if desc == getText ( magic . MAGIC_UNKNOWN_FILETYPE ) :
2019-05-08 13:28:50 +03:00
content = openFile ( filePath , " rb " , encoding = None ) . read ( )
try :
content . decode ( )
except :
pass
else :
desc = " ascii "
2009-04-22 15:48:07 +04:00
2017-10-31 12:03:23 +03:00
return " text " if any ( _ in desc . lower ( ) for _ in ( " ascii " , " text " ) ) else " binary "
2010-09-14 01:01:46 +04:00
2009-04-22 15:48:07 +04:00
def getCharset ( charsetType = None ) :
2013-03-12 23:10:32 +04:00
"""
Returns list with integers representing characters of a given
charset type appropriate for inference techniques
>> > getCharset ( CHARSET_TYPE . BINARY )
[ 0 , 1 , 47 , 48 , 49 ]
"""
2009-04-22 15:48:07 +04:00
asciiTbl = [ ]
2010-01-02 05:02:12 +03:00
if charsetType is None :
2011-12-21 23:40:42 +04:00
asciiTbl . extend ( xrange ( 0 , 128 ) )
2009-04-22 15:48:07 +04:00
2017-10-31 12:03:23 +03:00
# Binary
2012-02-29 18:36:23 +04:00
elif charsetType == CHARSET_TYPE . BINARY :
2017-12-04 15:24:51 +03:00
asciiTbl . extend ( ( 0 , 1 ) )
2011-12-21 23:40:42 +04:00
asciiTbl . extend ( xrange ( 47 , 50 ) )
2009-04-22 15:48:07 +04:00
# Digits
2012-02-29 18:36:23 +04:00
elif charsetType == CHARSET_TYPE . DIGITS :
2017-12-04 15:24:51 +03:00
asciiTbl . extend ( ( 0 , 9 ) )
2011-12-21 23:40:42 +04:00
asciiTbl . extend ( xrange ( 47 , 58 ) )
2009-04-22 15:48:07 +04:00
# Hexadecimal
2012-02-29 18:36:23 +04:00
elif charsetType == CHARSET_TYPE . HEXADECIMAL :
2017-12-04 15:24:51 +03:00
asciiTbl . extend ( ( 0 , 1 ) )
2011-12-21 23:40:42 +04:00
asciiTbl . extend ( xrange ( 47 , 58 ) )
asciiTbl . extend ( xrange ( 64 , 71 ) )
2017-12-04 15:24:51 +03:00
asciiTbl . extend ( ( 87 , 88 ) ) # X
2011-12-21 23:40:42 +04:00
asciiTbl . extend ( xrange ( 96 , 103 ) )
2017-12-04 15:24:51 +03:00
asciiTbl . extend ( ( 119 , 120 ) ) # x
2009-04-22 15:48:07 +04:00
# Characters
2012-02-29 18:36:23 +04:00
elif charsetType == CHARSET_TYPE . ALPHA :
2017-12-04 15:24:51 +03:00
asciiTbl . extend ( ( 0 , 1 ) )
2011-12-21 23:40:42 +04:00
asciiTbl . extend ( xrange ( 64 , 91 ) )
asciiTbl . extend ( xrange ( 96 , 123 ) )
2009-04-22 15:48:07 +04:00
# Characters and digits
2012-02-29 18:36:23 +04:00
elif charsetType == CHARSET_TYPE . ALPHANUM :
2017-12-04 15:24:51 +03:00
asciiTbl . extend ( ( 0 , 1 ) )
2011-12-21 23:40:42 +04:00
asciiTbl . extend ( xrange ( 47 , 58 ) )
asciiTbl . extend ( xrange ( 64 , 91 ) )
asciiTbl . extend ( xrange ( 96 , 123 ) )
2009-04-22 15:48:07 +04:00
return asciiTbl
2010-09-14 01:01:46 +04:00
2012-02-16 18:42:28 +04:00
def directoryPath ( filepath ) :
"""
Returns directory path for a given filepath
2013-03-12 23:10:32 +04:00
>> > directoryPath ( ' /var/log/apache.log ' )
' /var/log '
2019-05-06 12:41:19 +03:00
>> > directoryPath ( ' /var/log ' )
' /var/log '
2012-02-16 18:42:28 +04:00
"""
2012-07-13 13:23:21 +04:00
retVal = filepath
2019-05-06 12:41:19 +03:00
if filepath and os . path . splitext ( filepath ) [ - 1 ] :
2012-07-13 13:23:21 +04:00
retVal = ntpath . dirname ( filepath ) if isWindowsDriveLetterPath ( filepath ) else posixpath . dirname ( filepath )
return retVal
2010-01-15 20:42:46 +03:00
2012-02-16 18:42:28 +04:00
def normalizePath ( filepath ) :
"""
Returns normalized string representation of a given filepath
2013-03-12 23:10:32 +04:00
>> > normalizePath ( ' //var///log/apache.log ' )
2017-11-02 15:09:31 +03:00
' /var/log/apache.log '
2012-02-16 18:42:28 +04:00
"""
2012-07-13 13:23:21 +04:00
retVal = filepath
2013-01-19 22:04:33 +04:00
if retVal :
2013-01-29 18:34:41 +04:00
retVal = retVal . strip ( " \r \n " )
2017-11-02 15:09:31 +03:00
retVal = ntpath . normpath ( retVal ) if isWindowsDriveLetterPath ( retVal ) else re . sub ( r " \ A/ { 2,} " , " / " , posixpath . normpath ( retVal ) )
2012-07-13 13:23:21 +04:00
return retVal
2010-01-15 19:06:59 +03:00
2019-03-13 18:40:22 +03:00
def safeFilepathEncode ( filepath ) :
2019-03-13 18:49:41 +03:00
"""
Returns filepath in ( ASCII ) format acceptable for OS handling ( e . g . reading )
2020-08-24 12:10:13 +03:00
>> > ' sqlmap ' in safeFilepathEncode ( paths . SQLMAP_HOME_PATH )
True
2019-03-13 18:49:41 +03:00
"""
2019-03-13 18:40:22 +03:00
retVal = filepath
2019-05-02 17:54:54 +03:00
if filepath and six . PY2 and isinstance ( filepath , six . text_type ) :
2019-12-01 01:10:20 +03:00
retVal = getBytes ( filepath , sys . getfilesystemencoding ( ) or UNICODE_ENCODING )
2019-03-13 18:40:22 +03:00
return retVal
2015-01-21 11:26:30 +03:00
def safeExpandUser ( filepath ) :
"""
Patch for a Python Issue18171 ( http : / / bugs . python . org / issue18171 )
2021-01-12 18:55:15 +03:00
>> > os . path . basename ( __file__ ) in safeExpandUser ( __file__ )
True
2015-01-21 11:26:30 +03:00
"""
retVal = filepath
try :
retVal = os . path . expanduser ( filepath )
2015-08-23 23:11:59 +03:00
except UnicodeError :
2015-01-21 11:26:30 +03:00
_ = locale . getdefaultlocale ( )
2015-08-23 23:11:59 +03:00
encoding = _ [ 1 ] if _ and len ( _ ) > 1 else UNICODE_ENCODING
retVal = getUnicode ( os . path . expanduser ( filepath . encode ( encoding ) ) , encoding = encoding )
2015-01-21 11:26:30 +03:00
return retVal
2012-02-16 18:42:28 +04:00
def safeStringFormat ( format_ , params ) :
"""
Avoids problems with inappropriate string format strings
2013-03-12 23:10:32 +04:00
2014-12-19 11:26:01 +03:00
>> > safeStringFormat ( ' SELECT foo FROM %s LIMIT %d ' , ( ' bar ' , ' 1 ' ) )
2019-05-03 14:20:15 +03:00
' SELECT foo FROM bar LIMIT 1 '
2020-10-05 13:12:06 +03:00
>> > safeStringFormat ( " SELECT foo FROM %s WHERE name LIKE ' %s usan % ' LIMIT %d " , ( ' bar ' , ' 1 ' ) )
" SELECT foo FROM bar WHERE name LIKE ' %s usan % ' LIMIT 1 "
2012-02-16 18:42:28 +04:00
"""
2014-03-30 18:21:18 +04:00
if format_ . count ( PAYLOAD_DELIMITER ) == 2 :
_ = format_ . split ( PAYLOAD_DELIMITER )
2014-10-07 13:49:53 +04:00
_ [ 1 ] = re . sub ( r " ( \ A|[^A-Za-z0-9])( %d )([^A-Za-z0-9]| \ Z) " , r " \ g<1> %s \ g<3> " , _ [ 1 ] )
2014-03-30 18:21:18 +04:00
retVal = PAYLOAD_DELIMITER . join ( _ )
else :
2014-10-07 13:49:53 +04:00
retVal = re . sub ( r " ( \ A|[^A-Za-z0-9])( %d )([^A-Za-z0-9]| \ Z) " , r " \ g<1> %s \ g<3> " , format_ )
2010-01-15 20:42:46 +03:00
2019-03-28 15:53:54 +03:00
if isinstance ( params , six . string_types ) :
2013-02-05 14:37:49 +04:00
retVal = retVal . replace ( " %s " , params , 1 )
2013-01-31 19:24:44 +04:00
elif not isListLike ( params ) :
2019-05-03 17:36:21 +03:00
retVal = retVal . replace ( " %s " , getUnicode ( params ) , 1 )
2010-01-15 20:42:46 +03:00
else :
2014-11-10 16:51:31 +03:00
start , end = 0 , len ( retVal )
match = re . search ( r " %s (.+) %s " % ( PAYLOAD_DELIMITER , PAYLOAD_DELIMITER ) , retVal )
if match and PAYLOAD_DELIMITER not in match . group ( 1 ) :
start , end = match . start ( ) , match . end ( )
if retVal . count ( " %s " , start , end ) == len ( params ) :
for param in params :
index = retVal . find ( " %s " , start )
2020-01-17 19:14:41 +03:00
if isinstance ( param , six . string_types ) :
param = param . replace ( ' % ' , PARAMETER_PERCENTAGE_MARKER )
2019-05-03 17:36:21 +03:00
retVal = retVal [ : index ] + getUnicode ( param ) + retVal [ index + 2 : ]
2014-08-13 16:01:57 +04:00
else :
2015-09-25 15:59:21 +03:00
if any ( ' %s ' in _ for _ in conf . parameters . values ( ) ) :
parts = format_ . split ( ' ' )
for i in xrange ( len ( parts ) ) :
if PAYLOAD_DELIMITER in parts [ i ] :
parts [ i ] = parts [ i ] . replace ( PAYLOAD_DELIMITER , " " )
parts [ i ] = " %s %s " % ( parts [ i ] , PAYLOAD_DELIMITER )
break
format_ = ' ' . join ( parts )
2014-08-13 16:01:57 +04:00
count = 0
while True :
match = re . search ( r " ( \ A|[^A-Za-z0-9])( %s )([^A-Za-z0-9]| \ Z) " , retVal )
if match :
2014-10-07 13:34:47 +04:00
if count > = len ( params ) :
2015-12-15 14:13:03 +03:00
warnMsg = " wrong number of parameters during string formatting. "
2017-10-31 12:10:22 +03:00
warnMsg + = " Please report by e-mail content \" %r | %r | %r \" to ' %s ' " % ( format_ , params , retVal , DEV_EMAIL_ADDRESS )
2015-12-15 14:13:03 +03:00
raise SqlmapValueException ( warnMsg )
2014-08-13 16:01:57 +04:00
else :
2020-10-05 13:12:06 +03:00
try :
retVal = re . sub ( r " ( \ A|[^A-Za-z0-9])( %s )([^A-Za-z0-9]| \ Z) " , r " \ g<1> %s \ g<3> " % params [ count ] , retVal , 1 )
except re . error :
retVal = retVal . replace ( match . group ( 0 ) , match . group ( 0 ) % params [ count ] , 1 )
2014-08-13 16:01:57 +04:00
count + = 1
2010-01-15 20:42:46 +03:00
else :
2014-08-13 16:01:57 +04:00
break
2019-05-03 17:36:21 +03:00
2020-01-17 19:14:41 +03:00
retVal = getText ( retVal ) . replace ( PARAMETER_PERCENTAGE_MARKER , ' % ' )
2019-05-03 17:36:21 +03:00
2010-01-15 19:06:59 +03:00
return retVal
2010-01-24 02:29:34 +03:00
2017-02-06 15:28:33 +03:00
def getFilteredPageContent ( page , onlyText = True , split = " " ) :
2012-02-16 18:42:28 +04:00
"""
Returns filtered page content without script , style and / or comments
or all HTML tags
2013-03-12 23:10:32 +04:00
2019-05-02 17:54:54 +03:00
>> > getFilteredPageContent ( u ' <html><title>foobar</title><body>test</body></html> ' ) == " foobar test "
True
2012-02-16 18:42:28 +04:00
"""
2010-10-12 19:49:04 +04:00
retVal = page
2010-10-16 19:10:48 +04:00
2011-06-09 11:53:31 +04:00
# only if the page's charset has been successfully identified
2019-04-19 12:24:34 +03:00
if isinstance ( page , six . text_type ) :
2017-02-06 15:28:33 +03:00
retVal = re . sub ( r " (?si)<script.+?</script>|<!--.+?-->|<style.+?</style> %s " % ( r " |<[^>]+>| \ t| \ n| \ r " if onlyText else " " ) , split , page )
2018-06-07 02:28:02 +03:00
retVal = re . sub ( r " %s { 2,} " % split , split , retVal )
2019-05-20 12:24:43 +03:00
retVal = htmlUnescape ( retVal . strip ( ) . strip ( split ) )
2010-11-07 03:12:00 +03:00
2010-10-12 19:49:04 +04:00
return retVal
2011-06-18 19:47:19 +04:00
def getPageWordSet ( page ) :
2012-02-23 19:32:36 +04:00
"""
Returns word set used in page content
2013-03-12 23:10:32 +04:00
2019-05-02 17:54:54 +03:00
>> > sorted ( getPageWordSet ( u ' <html><title>foobar</title><body>test</body></html> ' ) ) == [ u ' foobar ' , u ' test ' ]
True
2012-02-23 19:32:36 +04:00
"""
2011-09-11 20:41:07 +04:00
retVal = set ( )
2010-10-16 19:10:48 +04:00
2011-06-09 11:53:31 +04:00
# only if the page's charset has been successfully identified
2019-05-08 17:43:57 +03:00
if isinstance ( page , six . string_types ) :
2017-11-24 13:36:27 +03:00
retVal = set ( _ . group ( 0 ) for _ in re . finditer ( r " \ w+ " , getFilteredPageContent ( page ) ) )
2010-10-16 19:10:48 +04:00
2010-10-12 19:49:04 +04:00
return retVal
2019-05-08 17:43:57 +03:00
def showStaticWords ( firstPage , secondPage , minLength = 3 ) :
2014-02-02 01:12:00 +04:00
"""
Prints words appearing in two different response pages
2019-05-08 17:43:57 +03:00
>> > showStaticWords ( " this is a test " , " this is another test " )
[ ' this ' ]
2014-02-02 01:12:00 +04:00
"""
2010-10-12 19:49:04 +04:00
infoMsg = " finding static words in longest matching part of dynamic page content "
logger . info ( infoMsg )
2010-10-16 19:10:48 +04:00
2010-10-12 19:49:04 +04:00
firstPage = getFilteredPageContent ( firstPage )
secondPage = getFilteredPageContent ( secondPage )
2010-10-16 19:10:48 +04:00
2010-10-12 19:49:04 +04:00
infoMsg = " static words: "
2010-10-14 16:38:06 +04:00
2011-12-12 13:45:40 +04:00
if firstPage and secondPage :
match = SequenceMatcher ( None , firstPage , secondPage ) . find_longest_match ( 0 , len ( firstPage ) , 0 , len ( secondPage ) )
2012-02-22 19:53:36 +04:00
commonText = firstPage [ match [ 0 ] : match [ 0 ] + match [ 2 ] ]
2011-12-12 13:45:40 +04:00
commonWords = getPageWordSet ( commonText )
else :
commonWords = None
2010-10-14 16:38:06 +04:00
if commonWords :
2019-05-08 17:43:57 +03:00
commonWords = [ _ for _ in commonWords if len ( _ ) > = minLength ]
commonWords . sort ( key = functools . cmp_to_key ( lambda a , b : cmp ( a . lower ( ) , b . lower ( ) ) ) )
2010-10-14 16:38:06 +04:00
2011-12-12 13:45:40 +04:00
for word in commonWords :
2019-05-08 17:43:57 +03:00
infoMsg + = " ' %s ' , " % word
2011-12-12 13:45:40 +04:00
infoMsg = infoMsg . rstrip ( " , " )
else :
infoMsg + = " None "
2010-10-14 16:38:06 +04:00
2010-10-12 19:49:04 +04:00
logger . info ( infoMsg )
2019-05-08 17:43:57 +03:00
return commonWords
2010-04-22 14:31:33 +04:00
def isWindowsDriveLetterPath ( filepath ) :
2011-10-22 01:29:24 +04:00
"""
Returns True if given filepath starts with a Windows drive letter
2013-03-12 23:10:32 +04:00
>> > isWindowsDriveLetterPath ( ' C: \\ boot.ini ' )
True
>> > isWindowsDriveLetterPath ( ' /var/log/apache.log ' )
False
2011-10-22 01:29:24 +04:00
"""
2017-10-31 13:38:09 +03:00
return re . search ( r " \ A[ \ w] \ : " , filepath ) is not None
2010-04-22 14:31:33 +04:00
2010-02-04 17:37:00 +03:00
def posixToNtSlashes ( filepath ) :
2010-08-21 01:27:47 +04:00
"""
2019-05-08 13:28:50 +03:00
Replaces all occurrences of Posix slashes in provided
filepath with NT backslashes
2011-04-10 02:39:03 +04:00
2010-08-21 01:27:47 +04:00
>> > posixToNtSlashes ( ' C:/Windows ' )
' C: \\ \\ Windows '
"""
2010-10-16 19:10:48 +04:00
2015-12-15 12:46:37 +03:00
return filepath . replace ( ' / ' , ' \\ ' ) if filepath else filepath
2010-02-04 17:37:00 +03:00
def ntToPosixSlashes ( filepath ) :
2010-08-21 01:27:47 +04:00
"""
2019-05-08 13:28:50 +03:00
Replaces all occurrences of NT backslashes in provided
filepath with Posix slashes
2011-04-10 02:39:03 +04:00
2010-08-21 01:27:47 +04:00
>> > ntToPosixSlashes ( ' C: \\ Windows ' )
' C:/Windows '
"""
2010-10-16 19:10:48 +04:00
2015-12-15 12:46:37 +03:00
return filepath . replace ( ' \\ ' , ' / ' ) if filepath else filepath
2010-03-26 20:18:02 +03:00
def isHexEncodedString ( subject ) :
2010-08-21 01:27:47 +04:00
"""
Checks if the provided string is hex encoded
2011-04-10 02:39:03 +04:00
2010-08-21 01:27:47 +04:00
>> > isHexEncodedString ( ' DEADBEEF ' )
True
>> > isHexEncodedString ( ' test ' )
False
"""
2010-10-16 19:10:48 +04:00
2010-10-21 02:12:53 +04:00
return re . match ( r " \ A[0-9a-fA-Fx]+ \ Z " , subject ) is not None
2010-04-16 17:40:02 +04:00
2013-02-22 13:18:22 +04:00
@cachedmethod
2010-04-16 17:40:02 +04:00
def getConsoleWidth ( default = 80 ) :
2011-10-22 01:29:24 +04:00
"""
Returns console width
2020-08-24 12:10:13 +03:00
>> > any ( ( getConsoleWidth ( ) , True ) )
True
2011-10-22 01:29:24 +04:00
"""
2010-04-16 17:40:02 +04:00
width = None
2012-07-01 03:19:54 +04:00
if os . getenv ( " COLUMNS " , " " ) . isdigit ( ) :
width = int ( os . getenv ( " COLUMNS " ) )
2010-04-16 17:40:02 +04:00
else :
2013-02-22 13:18:22 +04:00
try :
2019-05-14 14:36:12 +03:00
output = shellExec ( " stty size " )
match = re . search ( r " \ A \ d+ ( \ d+) " , output )
2010-10-16 19:10:48 +04:00
2019-05-14 14:36:12 +03:00
if match :
width = int ( match . group ( 1 ) )
2014-12-13 15:41:39 +03:00
except ( OSError , MemoryError ) :
2013-02-22 13:18:22 +04:00
pass
2010-04-16 17:40:02 +04:00
if width is None :
try :
import curses
2010-10-16 19:10:48 +04:00
2010-04-16 17:40:02 +04:00
stdscr = curses . initscr ( )
_ , width = stdscr . getmaxyx ( )
curses . endwin ( )
except :
pass
2012-07-01 03:19:54 +04:00
return width or default
2010-04-16 23:57:00 +04:00
2019-04-19 14:28:11 +03:00
def shellExec ( cmd ) :
"""
Executes arbitrary shell command
2019-05-13 12:08:25 +03:00
>> > shellExec ( ' echo 1 ' ) . strip ( ) == ' 1 '
2019-04-30 14:20:31 +03:00
True
2019-04-19 14:28:11 +03:00
"""
2019-05-13 12:08:25 +03:00
retVal = " "
2019-04-19 14:28:11 +03:00
try :
2019-05-13 12:08:25 +03:00
retVal = subprocess . Popen ( cmd , shell = True , stdout = subprocess . PIPE , stderr = subprocess . STDOUT ) . communicate ( ) [ 0 ] or " "
2019-04-19 14:28:11 +03:00
except Exception as ex :
2019-05-13 12:08:25 +03:00
retVal = getSafeExString ( ex )
finally :
retVal = getText ( retVal )
return retVal
2019-04-19 14:28:11 +03:00
2010-11-24 00:00:42 +03:00
def clearConsoleLine ( forceOutput = False ) :
2011-10-22 01:29:24 +04:00
"""
Clears current console line
"""
2019-05-21 15:37:55 +03:00
if IS_TTY :
2012-12-12 19:45:29 +04:00
dataToStdout ( " \r %s \r " % ( " " * ( getConsoleWidth ( ) - 1 ) ) , forceOutput )
2012-07-12 17:58:45 +04:00
kb . prependFlag = False
2010-11-23 23:54:40 +03:00
2010-04-16 23:57:00 +04:00
def parseXmlFile ( xmlFile , handler ) :
2011-10-22 01:29:24 +04:00
"""
Parses XML file by a given handler
"""
2014-12-02 12:57:50 +03:00
try :
2019-03-26 16:37:01 +03:00
with contextlib . closing ( io . StringIO ( readCachedFileContent ( xmlFile ) ) ) as stream :
2014-12-02 12:57:50 +03:00
parse ( stream , handler )
2019-01-22 02:40:48 +03:00
except ( SAXParseException , UnicodeError ) as ex :
2016-05-22 22:44:17 +03:00
errMsg = " something appears to be wrong with "
2016-01-12 12:27:04 +03:00
errMsg + = " the file ' %s ' ( ' %s ' ). Please make " % ( xmlFile , getSafeExString ( ex ) )
2014-12-02 12:57:50 +03:00
errMsg + = " sure that you haven ' t made any changes to it "
2018-03-13 13:13:38 +03:00
raise SqlmapInstallationException ( errMsg )
2010-05-13 15:05:35 +04:00
2012-07-10 03:19:32 +04:00
def getSQLSnippet ( dbms , sfile , * * variables ) :
2012-02-15 17:17:01 +04:00
"""
2012-07-10 03:19:32 +04:00
Returns content of SQL snippet located inside ' procs/ ' directory
2018-09-07 12:23:47 +03:00
>> > ' RECONFIGURE ' in getSQLSnippet ( DBMS . MSSQL , " activate_sp_oacreate " )
True
2012-02-15 17:17:01 +04:00
"""
2012-02-15 17:24:02 +04:00
2012-07-10 04:37:16 +04:00
if sfile . endswith ( ' .sql ' ) and os . path . exists ( sfile ) :
2012-07-10 03:53:07 +04:00
filename = sfile
2012-07-10 04:37:16 +04:00
elif not sfile . endswith ( ' .sql ' ) and os . path . exists ( " %s .sql " % sfile ) :
filename = " %s .sql " % sfile
2012-07-10 03:53:07 +04:00
else :
filename = os . path . join ( paths . SQLMAP_PROCS_PATH , DBMS_DIRECTORY_DICT [ dbms ] , sfile if sfile . endswith ( ' .sql ' ) else " %s .sql " % sfile )
checkFile ( filename )
2012-02-15 17:24:02 +04:00
2012-07-10 03:19:32 +04:00
retVal = readCachedFileContent ( filename )
2012-04-02 18:57:15 +04:00
retVal = re . sub ( r " #.+ " , " " , retVal )
2017-04-14 14:08:51 +03:00
retVal = re . sub ( r " ; \ s+ " , " ; " , retVal ) . strip ( " \r \n " )
2012-02-15 17:45:10 +04:00
2019-01-22 05:00:44 +03:00
for _ in variables :
2017-07-31 15:20:59 +03:00
retVal = re . sub ( r " %% %s %% " % _ , variables [ _ ] . replace ( ' \\ ' , r ' \\ ' ) , retVal )
2012-02-15 17:24:02 +04:00
2012-04-07 18:06:11 +04:00
for _ in re . findall ( r " % RANDSTR \ d+ % " , retVal , re . I ) :
retVal = retVal . replace ( _ , randomStr ( ) )
for _ in re . findall ( r " % RANDINT \ d+ % " , retVal , re . I ) :
retVal = retVal . replace ( _ , randomInt ( ) )
2013-02-13 19:31:03 +04:00
variables = re . findall ( r " (?<! \ bLIKE ' ) % ( \ w+) % " , retVal , re . I )
2012-07-10 03:19:32 +04:00
2012-07-10 04:05:03 +04:00
if variables :
errMsg = " unresolved variable %s ' %s ' in SQL file ' %s ' " % ( " s " if len ( variables ) > 1 else " " , " , " . join ( variables ) , sfile )
logger . error ( errMsg )
msg = " do you want to provide the substitution values? [y/N] "
2017-04-18 16:48:05 +03:00
if readInput ( msg , default = ' N ' , boolean = True ) :
2012-07-10 04:05:03 +04:00
for var in variables :
msg = " insert value for variable ' %s ' : " % var
2014-12-15 11:30:54 +03:00
val = readInput ( msg , default = " " )
2012-07-10 04:05:03 +04:00
retVal = retVal . replace ( r " %% %s %% " % var , val )
2012-02-15 17:24:02 +04:00
2012-02-15 17:17:01 +04:00
return retVal
2018-09-07 12:23:47 +03:00
def readCachedFileContent ( filename , mode = " rb " ) :
2011-10-22 01:29:24 +04:00
"""
Cached reading of file content ( avoiding multiple same file reading )
2018-09-07 12:23:47 +03:00
>> > " readCachedFileContent " in readCachedFileContent ( __file__ )
True
2011-10-22 01:29:24 +04:00
"""
2010-11-02 10:32:08 +03:00
if filename not in kb . cache . content :
2012-06-14 17:52:56 +04:00
with kb . locks . cache :
if filename not in kb . cache . content :
checkFile ( filename )
2015-10-05 16:18:54 +03:00
try :
2016-05-30 11:32:49 +03:00
with openFile ( filename , mode ) as f :
kb . cache . content [ filename ] = f . read ( )
2019-01-22 02:40:48 +03:00
except ( IOError , OSError , MemoryError ) as ex :
2015-10-05 16:18:54 +03:00
errMsg = " something went wrong while trying "
2016-01-12 12:27:04 +03:00
errMsg + = " to read the content of file ' %s ' ( ' %s ' ) " % ( filename , getSafeExString ( ex ) )
2015-10-05 16:18:54 +03:00
raise SqlmapSystemException ( errMsg )
2010-11-03 13:08:27 +03:00
2010-11-02 10:32:08 +03:00
return kb . cache . content [ filename ]
2018-12-28 20:22:44 +03:00
def average ( values ) :
"""
Computes the arithmetic mean of a list of numbers .
2019-05-09 15:10:18 +03:00
>> > " %.1f " % average ( [ 0.9 , 0.9 , 0.9 , 1.0 , 0.8 , 0.9 ] )
' 0.9 '
2018-12-28 20:22:44 +03:00
"""
2019-01-22 04:29:52 +03:00
return ( 1.0 * sum ( values ) / len ( values ) ) if values else None
2018-12-28 20:22:44 +03:00
2017-11-14 00:53:22 +03:00
@cachedmethod
2010-12-07 19:39:31 +03:00
def stdev ( values ) :
"""
Computes standard deviation of a list of numbers .
2019-04-29 17:58:53 +03:00
# Reference: http://www.goldb.org/corestats.html
2013-03-12 23:10:32 +04:00
2019-05-09 15:10:18 +03:00
>> > " %.3f " % stdev ( [ 0.9 , 0.9 , 0.9 , 1.0 , 0.8 , 0.9 ] )
' 0.063 '
2010-12-07 19:39:31 +03:00
"""
2010-12-09 03:26:06 +03:00
2010-12-08 01:45:38 +03:00
if not values or len ( values ) < 2 :
return None
2010-12-14 15:22:17 +03:00
else :
avg = average ( values )
2018-12-28 20:22:44 +03:00
_ = 1.0 * sum ( pow ( ( _ or 0 ) - avg , 2 ) for _ in values )
2017-11-14 00:53:22 +03:00
return sqrt ( _ / ( len ( values ) - 1 ) )
2010-12-07 19:39:31 +03:00
2010-12-07 19:04:53 +03:00
def calculateDeltaSeconds ( start ) :
"""
Returns elapsed time from start till now
2018-09-07 12:23:47 +03:00
>> > calculateDeltaSeconds ( 0 ) > 1151721660
True
2010-12-07 19:04:53 +03:00
"""
2011-10-22 01:29:24 +04:00
2010-12-07 19:04:53 +03:00
return time . time ( ) - start
2010-05-21 13:35:36 +04:00
2010-05-21 16:19:20 +04:00
def initCommonOutputs ( ) :
2011-10-22 01:29:24 +04:00
"""
Initializes dictionary containing common output values used by " good samaritan " feature
2018-09-07 12:23:47 +03:00
>> > initCommonOutputs ( ) ; " information_schema " in kb . commonOutputs [ " Databases " ]
True
2011-10-22 01:29:24 +04:00
"""
2010-05-21 16:19:20 +04:00
kb . commonOutputs = { }
2010-05-21 16:44:09 +04:00
key = None
2019-05-30 23:40:51 +03:00
for line in openFile ( paths . COMMON_OUTPUTS , ' r ' ) :
if line . find ( ' # ' ) != - 1 :
line = line [ : line . find ( ' # ' ) ]
2010-05-24 19:46:12 +04:00
2019-05-30 23:40:51 +03:00
line = line . strip ( )
2010-05-27 20:45:09 +04:00
2019-05-30 23:40:51 +03:00
if len ( line ) > 1 :
if line . startswith ( ' [ ' ) and line . endswith ( ' ] ' ) :
key = line [ 1 : - 1 ]
elif key :
if key not in kb . commonOutputs :
kb . commonOutputs [ key ] = set ( )
2010-05-24 19:46:12 +04:00
2019-05-30 23:40:51 +03:00
if line not in kb . commonOutputs [ key ] :
kb . commonOutputs [ key ] . add ( line )
2010-05-21 16:19:20 +04:00
2018-05-08 13:09:24 +03:00
def getFileItems ( filename , commentPrefix = ' # ' , unicoded = True , lowercase = False , unique = False ) :
2011-10-22 01:29:24 +04:00
"""
Returns newline delimited items contained inside file
2020-08-24 12:10:13 +03:00
>> > " SELECT " in getFileItems ( paths . SQL_KEYWORDS )
True
2011-10-22 01:29:24 +04:00
"""
2011-12-22 14:51:41 +04:00
retVal = list ( ) if not unique else OrderedDict ( )
2010-09-30 16:35:45 +04:00
2017-08-23 15:10:11 +03:00
if filename :
filename = filename . strip ( ' " \' ' )
2017-08-23 15:08:40 +03:00
2010-09-30 16:35:45 +04:00
checkFile ( filename )
2010-11-23 16:24:02 +03:00
2014-11-23 17:39:08 +03:00
try :
2018-05-08 13:09:24 +03:00
with openFile ( filename , ' r ' , errors = " ignore " ) if unicoded else open ( filename , ' r ' ) as f :
2019-05-03 00:51:54 +03:00
for line in f :
2014-11-23 17:39:08 +03:00
if commentPrefix :
if line . find ( commentPrefix ) != - 1 :
line = line [ : line . find ( commentPrefix ) ]
2011-01-07 19:50:39 +03:00
2014-11-23 17:39:08 +03:00
line = line . strip ( )
2011-01-07 19:50:39 +03:00
2014-11-23 17:39:08 +03:00
if line :
if lowercase :
line = line . lower ( )
2011-01-07 19:50:39 +03:00
2014-11-23 17:39:08 +03:00
if unique and line in retVal :
continue
2010-09-30 16:35:45 +04:00
2014-11-23 17:39:08 +03:00
if unique :
retVal [ line ] = True
else :
retVal . append ( line )
2019-01-22 02:40:48 +03:00
except ( IOError , OSError , MemoryError ) as ex :
2014-11-23 17:39:08 +03:00
errMsg = " something went wrong while trying "
2016-01-12 12:27:04 +03:00
errMsg + = " to read the content of file ' %s ' ( ' %s ' ) " % ( filename , getSafeExString ( ex ) )
2014-11-23 17:41:24 +03:00
raise SqlmapSystemException ( errMsg )
2011-12-21 23:40:42 +04:00
2019-01-22 05:00:44 +03:00
return retVal if not unique else list ( retVal . keys ( ) )
2010-09-30 16:35:45 +04:00
2010-06-21 18:40:12 +04:00
def goGoodSamaritan ( prevValue , originalCharset ) :
2010-05-26 15:14:22 +04:00
"""
2010-05-27 20:45:09 +04:00
Function for retrieving parameters needed for common prediction ( good
samaritan ) feature .
prevValue : retrieved query output so far ( e . g . ' i ' ) .
2010-06-21 18:40:12 +04:00
Returns commonValue if there is a complete single match ( in kb . partRun
of txt / common - outputs . txt under kb . partRun ) regarding parameter
prevValue . If there is no single value match , but multiple , commonCharset is
2010-05-27 20:45:09 +04:00
returned containing more probable characters ( retrieved from matched
values in txt / common - outputs . txt ) together with the rest of charset as
otherCharset .
2010-05-26 15:14:22 +04:00
"""
2010-05-27 20:45:09 +04:00
2010-05-24 19:46:12 +04:00
if kb . commonOutputs is None :
2010-05-21 16:19:20 +04:00
initCommonOutputs ( )
2010-05-21 13:35:36 +04:00
predictionSet = set ( )
2010-06-21 18:40:12 +04:00
commonValue = None
commonPattern = None
countCommonValue = 0
2010-05-21 16:44:09 +04:00
2010-05-31 19:05:29 +04:00
# If the header (e.g. Databases) we are looking for has common
# outputs defined
2010-06-21 18:40:12 +04:00
if kb . partRun in kb . commonOutputs :
commonPartOutputs = kb . commonOutputs [ kb . partRun ]
2010-06-30 15:22:25 +04:00
commonPattern = commonFinderOnly ( prevValue , commonPartOutputs )
2010-06-17 15:38:32 +04:00
# If the longest common prefix is the same as previous value then
# do not consider it
2010-06-21 18:40:12 +04:00
if commonPattern and commonPattern == prevValue :
commonPattern = None
2010-06-17 15:38:32 +04:00
2010-05-31 19:05:29 +04:00
# For each common output
2010-06-17 15:38:32 +04:00
for item in commonPartOutputs :
2010-05-27 20:45:09 +04:00
# Check if the common output (item) starts with prevValue
2010-05-31 19:05:29 +04:00
# where prevValue is the enumerated character(s) so far
2010-05-31 13:41:41 +04:00
if item . startswith ( prevValue ) :
2010-06-21 18:40:12 +04:00
commonValue = item
countCommonValue + = 1
2010-05-27 20:45:09 +04:00
2010-05-31 13:41:41 +04:00
if len ( item ) > len ( prevValue ) :
char = item [ len ( prevValue ) ]
2010-06-17 15:38:32 +04:00
predictionSet . add ( char )
2010-05-31 19:05:29 +04:00
2010-06-17 15:38:32 +04:00
# Reset single value if there is more than one possible common
# output
2010-06-21 18:40:12 +04:00
if countCommonValue > 1 :
commonValue = None
2010-05-24 19:46:12 +04:00
2010-05-27 20:45:09 +04:00
commonCharset = [ ]
2010-05-21 16:44:09 +04:00
otherCharset = [ ]
2010-05-24 19:46:12 +04:00
2010-05-27 20:45:09 +04:00
# Split the original charset into common chars (commonCharset)
# and other chars (otherCharset)
2010-05-25 17:06:23 +04:00
for ordChar in originalCharset :
2019-05-15 11:57:22 +03:00
if _unichr ( ordChar ) not in predictionSet :
2010-05-21 16:44:09 +04:00
otherCharset . append ( ordChar )
2010-05-21 13:35:36 +04:00
else :
2010-05-27 20:45:09 +04:00
commonCharset . append ( ordChar )
2010-05-24 19:46:12 +04:00
2010-05-27 20:45:09 +04:00
commonCharset . sort ( )
2010-05-24 19:46:12 +04:00
2010-06-21 18:40:12 +04:00
return commonValue , commonPattern , commonCharset , originalCharset
2010-05-21 13:35:36 +04:00
else :
2010-06-17 15:38:32 +04:00
return None , None , None , originalCharset
2010-05-21 18:42:59 +04:00
2013-02-04 02:09:33 +04:00
def getPartRun ( alias = True ) :
2010-05-26 15:14:22 +04:00
"""
2020-08-24 12:10:13 +03:00
Goes through call stack and finds constructs matching
conf . dbmsHandler . * . Returns it or its alias used in ' txt/common-outputs.txt '
2010-05-26 15:14:22 +04:00
"""
2010-05-27 20:45:09 +04:00
2010-05-26 13:48:20 +04:00
retVal = None
2010-05-27 20:45:09 +04:00
commonPartsDict = optDict [ " Enumeration " ]
2011-07-27 12:25:51 +04:00
try :
stack = [ item [ 4 ] [ 0 ] if isinstance ( item [ 4 ] , list ) else ' ' for item in inspect . stack ( ) ]
# Goes backwards through the stack to find the conf.dbmsHandler method
# calling this function
2012-02-22 19:53:36 +04:00
for i in xrange ( 0 , len ( stack ) - 1 ) :
2012-04-03 18:34:15 +04:00
for regex in ( r " self \ .(get[^(]+) \ ( \ ) " , r " conf \ .dbmsHandler \ .([^(]+) \ ( \ ) " ) :
match = re . search ( regex , stack [ i ] )
2011-07-27 12:25:51 +04:00
if match :
# This is the calling conf.dbmsHandler or self method
# (e.g. 'getDbms')
retVal = match . groups ( ) [ 0 ]
break
if retVal is not None :
2010-06-21 18:40:12 +04:00
break
2010-05-27 20:45:09 +04:00
2011-07-27 12:25:51 +04:00
# Reference: http://coding.derkeiler.com/Archive/Python/comp.lang.python/2004-06/2267.html
except TypeError :
pass
2010-05-27 20:45:09 +04:00
2010-06-21 18:40:12 +04:00
# Return the INI tag to consider for common outputs (e.g. 'Databases')
2013-02-04 02:09:33 +04:00
if alias :
return commonPartsDict [ retVal ] [ 1 ] if isinstance ( commonPartsDict . get ( retVal ) , tuple ) else retVal
else :
return retVal
2010-05-28 13:13:50 +04:00
2010-06-30 15:22:25 +04:00
def longestCommonPrefix ( * sequences ) :
2011-10-22 01:29:24 +04:00
"""
Returns longest common prefix occuring in given sequences
2019-04-29 17:58:53 +03:00
# Reference: http://boredzo.org/blog/archives/2007-01-06/longest-common-prefix-in-python-2
2013-03-12 23:10:32 +04:00
>> > longestCommonPrefix ( ' foobar ' , ' fobar ' )
' fo '
2011-10-22 01:29:24 +04:00
"""
2010-06-17 15:38:32 +04:00
if len ( sequences ) == 1 :
return sequences [ 0 ]
sequences = [ pair [ 1 ] for pair in sorted ( ( len ( fi ) , fi ) for fi in sequences ) ]
if not sequences :
return None
for i , comparison_ch in enumerate ( sequences [ 0 ] ) :
for fi in sequences [ 1 : ] :
ch = fi [ i ]
if ch != comparison_ch :
return fi [ : i ]
return sequences [ 0 ]
2010-06-30 15:22:25 +04:00
def commonFinderOnly ( initial , sequence ) :
2019-05-03 00:51:54 +03:00
"""
Returns parts of sequence which start with the given initial string
>> > commonFinderOnly ( " abcd " , [ " abcdefg " , " foobar " , " abcde " ] )
2019-05-27 14:39:20 +03:00
' abcde '
2019-05-03 00:51:54 +03:00
"""
2019-05-27 14:39:20 +03:00
return longestCommonPrefix ( * [ _ for _ in sequence if _ . startswith ( initial ) ] )
2010-09-25 01:59:03 +04:00
2010-12-21 01:45:01 +03:00
def pushValue ( value ) :
"""
Push value to the stack ( thread dependent )
"""
2010-12-21 13:31:56 +03:00
2019-06-04 13:15:39 +03:00
exception = None
2016-03-17 18:23:28 +03:00
success = False
for i in xrange ( PUSH_VALUE_EXCEPTION_RETRY_COUNT ) :
try :
getCurrentThreadData ( ) . valueStack . append ( copy . deepcopy ( value ) )
success = True
break
2019-01-22 02:40:48 +03:00
except Exception as ex :
2019-06-04 13:15:39 +03:00
exception = ex
2016-03-17 18:23:28 +03:00
if not success :
getCurrentThreadData ( ) . valueStack . append ( None )
2019-06-04 13:15:39 +03:00
if exception :
raise exception
2010-09-30 16:35:45 +04:00
def popValue ( ) :
2010-10-25 18:06:56 +04:00
"""
2010-12-21 01:45:01 +03:00
Pop value from the stack ( thread dependent )
2013-03-12 23:10:32 +04:00
>> > pushValue ( ' foobar ' )
>> > popValue ( )
' foobar '
2010-10-25 18:06:56 +04:00
"""
2010-10-26 10:08:40 +04:00
2021-05-31 01:34:14 +03:00
retVal = None
try :
retVal = getCurrentThreadData ( ) . valueStack . pop ( )
except IndexError :
pass
return retVal
2010-10-25 18:06:56 +04:00
2013-01-29 23:53:11 +04:00
def wasLastResponseDBMSError ( ) :
2010-10-25 18:06:56 +04:00
"""
Returns True if the last web request resulted in a ( recognized ) DBMS error page
"""
2010-10-26 10:08:40 +04:00
2010-12-21 01:45:01 +03:00
threadData = getCurrentThreadData ( )
return threadData . lastErrorPage and threadData . lastErrorPage [ 0 ] == threadData . lastRequestUID
2010-12-08 17:26:40 +03:00
2013-01-29 23:53:11 +04:00
def wasLastResponseHTTPError ( ) :
2010-12-26 16:20:52 +03:00
"""
2017-02-28 00:03:15 +03:00
Returns True if the last web request resulted in an erroneous HTTP code ( like 500 )
2010-12-26 16:20:52 +03:00
"""
threadData = getCurrentThreadData ( )
return threadData . lastHTTPError and threadData . lastHTTPError [ 0 ] == threadData . lastRequestUID
2013-01-29 23:53:11 +04:00
def wasLastResponseDelayed ( ) :
2010-12-08 17:26:40 +03:00
"""
Returns True if the last web request resulted in a time - delay
"""
2012-06-19 12:33:51 +04:00
# 99.9999999997440% of all non time-based SQL injection affected
2011-01-19 02:05:32 +03:00
# response times should be inside +-7*stdev([normal response times])
# Math reference: http://www.answers.com/topic/standard-deviation
2011-10-22 01:29:24 +04:00
2016-01-09 19:32:19 +03:00
deviation = stdev ( kb . responseTimes . get ( kb . responseTimeMode , [ ] ) )
2010-12-21 01:45:01 +03:00
threadData = getCurrentThreadData ( )
2010-12-09 03:26:06 +03:00
2017-02-14 15:14:35 +03:00
if deviation and not conf . direct and not conf . disableStats :
2016-01-09 19:32:19 +03:00
if len ( kb . responseTimes [ kb . responseTimeMode ] ) < MIN_TIME_RESPONSES :
2010-12-09 03:26:06 +03:00
warnMsg = " time-based standard deviation method used on a model "
warnMsg + = " with less than %d response times " % MIN_TIME_RESPONSES
2010-12-08 17:46:07 +03:00
logger . warn ( warnMsg )
2010-12-09 03:26:06 +03:00
2016-01-09 19:32:19 +03:00
lowerStdLimit = average ( kb . responseTimes [ kb . responseTimeMode ] ) + TIME_STDEV_COEFF * deviation
2013-01-30 00:06:02 +04:00
retVal = ( threadData . lastQueryDuration > = max ( MIN_VALID_DELAYED_RESPONSE , lowerStdLimit ) )
2011-01-16 15:04:32 +03:00
2012-10-09 17:19:47 +04:00
if not kb . testMode and retVal :
if kb . adjustTimeDelay is None :
msg = " do you want sqlmap to try to optimize value(s) "
msg + = " for DBMS delay responses (option ' --time-sec ' )? [Y/n] "
2017-04-18 16:48:05 +03:00
kb . adjustTimeDelay = ADJUST_TIME_DELAY . DISABLE if not readInput ( msg , default = ' Y ' , boolean = True ) else ADJUST_TIME_DELAY . YES
2012-10-09 17:19:47 +04:00
if kb . adjustTimeDelay is ADJUST_TIME_DELAY . YES :
adjustTimeDelay ( threadData . lastQueryDuration , lowerStdLimit )
2011-01-16 15:04:32 +03:00
return retVal
2010-12-08 17:46:07 +03:00
else :
2017-02-14 15:14:35 +03:00
delta = threadData . lastQueryDuration - conf . timeSec
if Backend . getIdentifiedDbms ( ) in ( DBMS . MYSQL , ) : # MySQL's SLEEP(X) lasts 0.05 seconds shorter on average
delta + = 0.05
return delta > = 0
2010-10-25 23:16:42 +04:00
2011-01-16 20:52:42 +03:00
def adjustTimeDelay ( lastQueryDuration , lowerStdLimit ) :
"""
2011-10-28 15:25:07 +04:00
Provides tip for adjusting time delay in time - based data retrieval
2011-01-16 20:52:42 +03:00
"""
2019-05-09 18:39:16 +03:00
candidate = ( 1 if not isHeavyQueryBased ( ) else 2 ) + int ( round ( lowerStdLimit ) )
2011-01-16 20:52:42 +03:00
2019-05-09 18:39:16 +03:00
kb . delayCandidates = [ candidate ] + kb . delayCandidates [ : - 1 ]
2011-01-19 02:05:32 +03:00
2019-05-09 18:39:16 +03:00
if all ( ( _ == candidate for _ in kb . delayCandidates ) ) and candidate < conf . timeSec :
if lastQueryDuration / ( 1.0 * conf . timeSec / candidate ) > MIN_VALID_DELAYED_RESPONSE : # Note: to prevent problems with fast responses for heavy-queries like RANDOMBLOB
conf . timeSec = candidate
2012-02-29 19:51:23 +04:00
2019-05-09 18:39:16 +03:00
infoMsg = " adjusting time delay to "
infoMsg + = " %d second %s due to good response times " % ( conf . timeSec , ' s ' if conf . timeSec > 1 else ' ' )
logger . info ( infoMsg )
2011-01-16 20:52:42 +03:00
2012-01-14 00:56:06 +04:00
def getLastRequestHTTPError ( ) :
"""
Returns last HTTP error code
"""
threadData = getCurrentThreadData ( )
return threadData . lastHTTPError [ 1 ] if threadData . lastHTTPError else None
2010-11-16 13:42:42 +03:00
def extractErrorMessage ( page ) :
"""
Returns reported error message from page if it founds one
2013-01-30 13:38:11 +04:00
2019-06-01 01:55:36 +03:00
>> > getText ( extractErrorMessage ( u ' <html><title>Test</title> \\ n<b>Warning</b>: oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated<br><p>Only a test page</p></html> ' ) )
2019-05-29 00:44:27 +03:00
' oci_parse() [function.oci-parse]: ORA-01756: quoted string not properly terminated '
>> > extractErrorMessage ( ' Warning: This is only a dummy foobar test ' ) is None
2019-05-02 17:54:54 +03:00
True
2010-11-16 13:42:42 +03:00
"""
retVal = None
2019-03-28 15:53:54 +03:00
if isinstance ( page , six . string_types ) :
2019-06-06 13:13:30 +03:00
if wasLastResponseDBMSError ( ) :
page = re . sub ( r " <[^>]+> " , " " , page )
2010-12-25 13:16:20 +03:00
for regex in ERROR_PARSING_REGEXES :
2019-03-21 18:35:48 +03:00
match = re . search ( regex , page , re . IGNORECASE )
2010-11-24 15:03:01 +03:00
2010-11-16 17:41:46 +03:00
if match :
2019-05-29 00:44:27 +03:00
candidate = htmlUnescape ( match . group ( " result " ) ) . replace ( " <br> " , " \n " ) . strip ( )
2019-06-26 12:06:50 +03:00
if candidate and ( 1.0 * len ( re . findall ( r " [^A-Za-z,. ] " , candidate ) ) / len ( candidate ) > MIN_ERROR_PARSING_NON_WRITING_RATIO ) :
2019-05-29 00:44:27 +03:00
retVal = candidate
break
2010-11-16 13:42:42 +03:00
2020-02-03 00:01:57 +03:00
if not retVal and wasLastResponseDBMSError ( ) :
match = re . search ( r " [^ \ n]*SQL[^ \ n:]*:[^ \ n]* " , page , re . IGNORECASE )
if match :
retVal = match . group ( 0 )
2010-11-16 13:42:42 +03:00
return retVal
2016-10-10 15:19:44 +03:00
def findLocalPort ( ports ) :
"""
Find the first opened localhost port from a given list of ports ( e . g . for Tor port checks )
"""
retVal = None
for port in ports :
try :
2016-10-22 23:07:29 +03:00
try :
s = socket . _orig_socket ( socket . AF_INET , socket . SOCK_STREAM )
except AttributeError :
s = socket . socket ( socket . AF_INET , socket . SOCK_STREAM )
2016-10-10 15:19:44 +03:00
s . connect ( ( LOCALHOST , port ) )
retVal = port
break
except socket . error :
pass
finally :
try :
s . close ( )
except socket . error :
pass
return retVal
2012-10-16 14:32:58 +04:00
def findMultipartPostBoundary ( post ) :
"""
Finds value for a boundary parameter in given multipart POST body
2017-11-02 16:31:16 +03:00
>> > findMultipartPostBoundary ( " -----------------------------9051914041544843365972754266 \\ nContent-Disposition: form-data; name=text \\ n \\ ndefault " )
' 9051914041544843365972754266 '
2012-10-16 14:32:58 +04:00
"""
retVal = None
done = set ( )
candidates = [ ]
for match in re . finditer ( r " (?m)^--(.+?)(--)?$ " , post or " " ) :
2015-08-17 00:29:39 +03:00
_ = match . group ( 1 ) . strip ( ) . strip ( ' - ' )
2015-08-17 00:15:04 +03:00
2015-08-17 00:29:39 +03:00
if _ in done :
2012-10-16 14:32:58 +04:00
continue
else :
candidates . append ( ( post . count ( _ ) , _ ) )
done . add ( _ )
if candidates :
candidates . sort ( key = lambda _ : _ [ 0 ] , reverse = True )
retVal = candidates [ 0 ] [ 1 ]
return retVal
2019-11-13 00:51:11 +03:00
def urldecode ( value , encoding = None , unsafe = " %% ?&=;+ %s " % CUSTOM_INJECTION_MARK_CHAR , convall = False , spaceplus = True ) :
2013-03-12 23:10:32 +04:00
"""
URL decodes given value
2019-05-02 17:54:54 +03:00
>> > urldecode ( ' AND %201% 3E %282% 2B3 %29% 23 ' , convall = True ) == ' AND 1>(2+3)# '
True
>> > urldecode ( ' AND %201% 3E %282% 2B3 %29% 23 ' , convall = False ) == ' AND 1>(2 % 2B3)# '
True
2021-02-08 13:18:27 +03:00
>> > urldecode ( b ' AND %201% 3E %282% 2B3 %29% 23 ' , convall = False ) == ' AND 1>(2 % 2B3)# '
True
2013-03-12 23:10:32 +04:00
"""
2012-11-20 14:19:23 +04:00
result = value
2012-07-31 13:03:44 +04:00
if value :
2021-02-08 13:18:27 +03:00
value = getUnicode ( value )
if convall :
result = _urllib . parse . unquote_plus ( value ) if spaceplus else _urllib . parse . unquote ( value )
else :
result = value
charset = set ( string . printable ) - set ( unsafe )
2019-04-30 14:20:31 +03:00
2021-02-08 13:18:27 +03:00
def _ ( match ) :
char = decodeHex ( match . group ( 1 ) , binary = False )
return char if char in charset else match . group ( 0 )
2019-04-30 14:20:31 +03:00
2021-02-08 13:18:27 +03:00
if spaceplus :
result = result . replace ( ' + ' , ' ' ) # plus sign has a special meaning in URL encoded data (hence the usage of _urllib.parse.unquote_plus in convall case)
2019-04-30 14:20:31 +03:00
2021-02-08 13:18:27 +03:00
result = re . sub ( r " % ([0-9a-fA-F] {2} ) " , _ , result )
2012-07-31 13:03:44 +04:00
2021-02-08 13:18:27 +03:00
result = getUnicode ( result , encoding or UNICODE_ENCODING )
2012-07-31 13:03:44 +04:00
return result
2013-12-18 03:56:11 +04:00
def urlencode ( value , safe = " % &=-_ " , convall = False , limit = False , spaceplus = False ) :
2013-01-30 13:38:11 +04:00
"""
URL encodes given value
>> > urlencode ( ' AND 1>(2+3)# ' )
' AND %201% 3E %282% 2B3 %29% 23 '
2020-12-01 18:36:34 +03:00
>> > urlencode ( " AND COUNT(SELECT name FROM users WHERE name LIKE ' % DBA % ' )>0 " )
2020-03-02 14:43:12 +03:00
' AND % 20COUNT % 28SELECT % 20name %20F ROM %20u sers % 20WHERE % 20name % 20LIKE %20% 27 % 25DBA %25% 27 %29% 3E0 '
2020-12-01 18:36:34 +03:00
>> > urlencode ( " AND COUNT(SELECT name FROM users WHERE name LIKE ' % _SYSTEM % ' )>0 " )
2020-03-02 14:43:12 +03:00
' AND % 20COUNT % 28SELECT % 20name %20F ROM %20u sers % 20WHERE % 20name % 20LIKE %20% 27 % 25_SYSTEM %25% 27 %29% 3E0 '
2020-12-01 18:36:34 +03:00
>> > urlencode ( " SELECT NAME FROM TABLE WHERE VALUE LIKE ' % SOME % BEGIN % ' " )
' SELECT % 20NAME %20F ROM % 20TABLE % 20WHERE % 20VALUE % 20LIKE %20% 27 % 25SOME % 25BEGIN %25% 27 '
2013-01-30 13:38:11 +04:00
"""
if conf . get ( " direct " ) :
2012-07-31 13:03:44 +04:00
return value
count = 0
result = None if value is None else " "
if value :
2020-06-24 12:41:51 +03:00
value = re . sub ( r " \ b[$ \ w]+= " , lambda match : match . group ( 0 ) . replace ( ' $ ' , DOLLAR_MARKER ) , value )
2014-05-21 00:00:26 +04:00
if Backend . isDbms ( DBMS . MSSQL ) and not kb . tamperFunctions and any ( ord ( _ ) > 255 for _ in value ) :
warnMsg = " if you experience problems with "
warnMsg + = " non-ASCII identifier names "
warnMsg + = " you are advised to rerun with ' --tamper=charunicodeencode ' "
singleTimeWarnMessage ( warnMsg )
2012-07-31 13:03:44 +04:00
if convall or safe is None :
safe = " "
# corner case when character % really needs to be
2013-04-09 13:48:42 +04:00
# encoded (when not representing URL encoded char)
2012-07-31 13:03:44 +04:00
# except in cases when tampering scripts are used
2017-06-20 00:06:05 +03:00
if all ( ' % ' in _ for _ in ( safe , value ) ) and not kb . tamperFunctions :
2020-12-01 18:36:34 +03:00
value = re . sub ( r " (?i) \ bLIKE \ s+ ' [^ ' ]+ ' " , lambda match : match . group ( 0 ) . replace ( ' % ' , " % 25 " ) , value )
2020-03-02 14:43:12 +03:00
value = re . sub ( r " % (?![0-9a-fA-F] {2} ) " , " % 25 " , value )
2012-07-31 13:03:44 +04:00
while True :
2019-05-03 14:20:15 +03:00
result = _urllib . parse . quote ( getBytes ( value ) , safe )
2012-07-31 13:03:44 +04:00
if limit and len ( result ) > URLENCODE_CHAR_LIMIT :
if count > = len ( URLENCODE_FAILSAFE_CHARS ) :
break
while count < len ( URLENCODE_FAILSAFE_CHARS ) :
safe + = URLENCODE_FAILSAFE_CHARS [ count ]
count + = 1
if safe [ - 1 ] in value :
break
else :
break
2013-01-19 21:06:36 +04:00
if spaceplus :
2019-03-27 04:55:44 +03:00
result = result . replace ( _urllib . parse . quote ( ' ' ) , ' + ' )
2013-01-19 21:06:36 +04:00
2020-06-24 12:41:51 +03:00
result = result . replace ( DOLLAR_MARKER , ' $ ' )
2012-07-31 13:03:44 +04:00
return result
2010-10-28 00:39:50 +04:00
def runningAsAdmin ( ) :
2011-10-22 01:29:24 +04:00
"""
Returns True if the current process is run under admin privileges
"""
2012-03-31 14:22:50 +04:00
isAdmin = None
2010-10-28 00:39:50 +04:00
2012-02-22 19:53:36 +04:00
if PLATFORM in ( " posix " , " mac " ) :
2012-03-31 14:22:50 +04:00
_ = os . geteuid ( )
2010-10-28 00:39:50 +04:00
2019-05-03 00:51:54 +03:00
isAdmin = isinstance ( _ , ( float , six . integer_types ) ) and _ == 0
2010-10-28 00:39:50 +04:00
elif IS_WIN :
2013-06-05 00:23:44 +04:00
import ctypes
2012-03-31 14:22:50 +04:00
_ = ctypes . windll . shell32 . IsUserAnAdmin ( )
2010-10-28 00:39:50 +04:00
2019-05-03 00:51:54 +03:00
isAdmin = isinstance ( _ , ( float , six . integer_types ) ) and _ == 1
2010-10-28 00:39:50 +04:00
else :
2011-01-19 02:05:32 +03:00
errMsg = " sqlmap is not able to check if you are running it "
2010-10-29 20:11:50 +04:00
errMsg + = " as an administrator account on this platform. "
2010-10-28 00:39:50 +04:00
errMsg + = " sqlmap will assume that you are an administrator "
errMsg + = " which is mandatory for the requested takeover attack "
errMsg + = " to work properly "
logger . error ( errMsg )
isAdmin = True
return isAdmin
2010-11-08 14:22:47 +03:00
2017-07-04 13:14:17 +03:00
def logHTTPTraffic ( requestLogMsg , responseLogMsg , startTime = None , endTime = None ) :
2011-01-08 12:30:10 +03:00
"""
Logs HTTP traffic to the output file
"""
2017-07-03 17:55:24 +03:00
if conf . harFile :
2017-07-04 13:14:17 +03:00
conf . httpCollector . collectRequest ( requestLogMsg , responseLogMsg , startTime , endTime )
2011-12-26 16:24:39 +04:00
2017-07-20 03:50:34 +03:00
if conf . trafficFile :
2017-07-03 17:55:24 +03:00
with kb . locks . log :
dataToTrafficFile ( " %s %s " % ( requestLogMsg , os . linesep ) )
dataToTrafficFile ( " %s %s " % ( responseLogMsg , os . linesep ) )
dataToTrafficFile ( " %s %s %s %s " % ( os . linesep , 76 * ' # ' , os . linesep , os . linesep ) )
2010-11-23 16:58:01 +03:00
2018-03-21 16:29:54 +03:00
def getPageTemplate ( payload , place ) : # Cross-referenced function
2013-08-12 16:25:51 +04:00
raise NotImplementedError
2016-09-09 12:06:38 +03:00
@cachedmethod
2010-12-15 14:21:47 +03:00
def getPublicTypeMembers ( type_ , onlyValues = False ) :
2010-11-23 17:50:47 +03:00
"""
Useful for getting members from types ( e . g . in enums )
2013-01-30 13:38:11 +04:00
>> > [ _ for _ in getPublicTypeMembers ( OS , True ) ]
[ ' Linux ' , ' Windows ' ]
2021-02-08 13:46:19 +03:00
>> > [ _ for _ in getPublicTypeMembers ( PAYLOAD . TECHNIQUE , True ) ]
[ 1 , 2 , 3 , 4 , 5 , 6 ]
2010-11-23 17:50:47 +03:00
"""
2011-01-08 12:30:10 +03:00
2016-09-09 12:06:38 +03:00
retVal = [ ]
2011-01-15 15:13:45 +03:00
for name , value in inspect . getmembers ( type_ ) :
2017-03-15 18:07:52 +03:00
if not name . startswith ( " __ " ) :
2010-12-15 14:21:47 +03:00
if not onlyValues :
2016-09-09 12:06:38 +03:00
retVal . append ( ( name , value ) )
2010-12-15 14:21:47 +03:00
else :
2016-09-09 12:06:38 +03:00
retVal . append ( value )
return retVal
2010-11-24 14:38:27 +03:00
2010-12-18 12:51:34 +03:00
def enumValueToNameLookup ( type_ , value_ ) :
2011-01-08 12:30:10 +03:00
"""
Returns name of a enum member with a given value
2013-01-30 13:38:11 +04:00
>> > enumValueToNameLookup ( SORT_ORDER , 100 )
' LAST '
2011-01-08 12:30:10 +03:00
"""
2010-12-18 12:51:34 +03:00
retVal = None
for name , value in getPublicTypeMembers ( type_ ) :
if value == value_ :
retVal = name
break
return retVal
2017-11-09 14:24:11 +03:00
@cachedmethod
2010-11-24 17:20:43 +03:00
def extractRegexResult ( regex , content , flags = 0 ) :
2011-01-08 12:30:10 +03:00
"""
2012-02-22 14:40:11 +04:00
Returns ' result ' group value from a possible match with regex on a given
2011-01-08 12:30:10 +03:00
content
2013-01-30 13:38:11 +04:00
>> > extractRegexResult ( r ' a(?P<result>[^g]+)g ' , ' abcdefg ' )
' bcdef '
2011-01-08 12:30:10 +03:00
"""
2010-11-24 14:38:27 +03:00
retVal = None
2013-01-30 13:38:11 +04:00
if regex and content and " ?P<result> " in regex :
2019-05-02 01:45:44 +03:00
if isinstance ( content , six . binary_type ) and isinstance ( regex , six . text_type ) :
regex = getBytes ( regex )
2012-04-03 18:34:15 +04:00
match = re . search ( regex , content , flags )
2010-12-07 15:32:58 +03:00
2010-11-24 14:38:27 +03:00
if match :
retVal = match . group ( " result " )
return retVal
2010-11-29 18:14:49 +03:00
2012-04-11 01:48:34 +04:00
def extractTextTagContent ( page ) :
"""
Returns list containing content from " textual " tags
2013-01-30 13:38:11 +04:00
2019-04-30 14:20:31 +03:00
>> > extractTextTagContent ( ' <html><head><title>Title</title></head><body><pre>foobar</pre><a href= " #link " >Link</a></body></html> ' )
[ ' Title ' , ' foobar ' ]
2012-04-11 01:48:34 +04:00
"""
2015-07-23 01:41:03 +03:00
page = page or " "
2015-07-23 01:42:29 +03:00
2015-07-23 01:41:03 +03:00
if REFLECTED_VALUE_MARKER in page :
2015-10-05 16:33:29 +03:00
try :
page = re . sub ( r " (?i)[^ \ s>]* %s [^ \ s<]* " % REFLECTED_VALUE_MARKER , " " , page )
except MemoryError :
page = page . replace ( REFLECTED_VALUE_MARKER , " " )
2015-07-23 01:42:29 +03:00
2019-03-29 04:28:16 +03:00
return filterNone ( _ . group ( " result " ) . strip ( ) for _ in re . finditer ( TEXT_TAG_REGEX , page ) )
2012-04-11 01:48:34 +04:00
2010-11-29 18:14:49 +03:00
def trimAlphaNum ( value ) :
"""
Trims alpha numeric characters from start and ending of a given value
2013-01-30 13:38:11 +04:00
2019-04-30 14:20:31 +03:00
>> > trimAlphaNum ( ' AND 1>(2+3)-- foobar ' )
' 1>(2+3)-- '
2010-11-29 18:14:49 +03:00
"""
2011-01-08 12:30:10 +03:00
2010-11-29 18:14:49 +03:00
while value and value [ - 1 ] . isalnum ( ) :
value = value [ : - 1 ]
while value and value [ 0 ] . isalnum ( ) :
value = value [ 1 : ]
return value
2010-12-02 21:57:43 +03:00
def isNumPosStrValue ( value ) :
2011-01-08 12:30:10 +03:00
"""
2012-02-17 18:22:48 +04:00
Returns True if value is a string ( or integer ) with a positive integer representation
2013-01-30 13:38:11 +04:00
>> > isNumPosStrValue ( 1 )
True
>> > isNumPosStrValue ( ' 1 ' )
True
>> > isNumPosStrValue ( 0 )
False
>> > isNumPosStrValue ( ' -2 ' )
False
2020-01-27 03:07:15 +03:00
>> > isNumPosStrValue ( ' 100000000000000000000 ' )
False
2011-01-08 12:30:10 +03:00
"""
2020-01-27 03:07:15 +03:00
return ( ( hasattr ( value , " isdigit " ) and value . isdigit ( ) and int ( value ) > 0 ) or ( isinstance ( value , int ) and value > 0 ) ) and int ( value ) < MAX_INT
2010-12-04 01:44:29 +03:00
2011-07-24 13:19:33 +04:00
@cachedmethod
2011-01-14 12:49:14 +03:00
def aliasToDbmsEnum ( dbms ) :
2011-01-08 12:30:10 +03:00
"""
Returns major DBMS name from a given alias
2013-01-30 13:38:11 +04:00
>> > aliasToDbmsEnum ( ' mssql ' )
' Microsoft SQL Server '
2011-01-08 12:30:10 +03:00
"""
2010-12-04 01:44:29 +03:00
retVal = None
2010-12-10 13:54:17 +03:00
2012-02-07 16:05:23 +04:00
if dbms :
for key , item in DBMS_DICT . items ( ) :
if dbms . lower ( ) in item [ 0 ] or dbms . lower ( ) == key . lower ( ) :
retVal = key
break
2010-12-10 13:54:17 +03:00
2010-12-04 01:44:29 +03:00
return retVal
2010-12-29 22:39:32 +03:00
def findDynamicContent ( firstPage , secondPage ) :
"""
This function checks if the provided pages have dynamic content . If they
2011-01-08 12:30:10 +03:00
are dynamic , proper markings will be made
2017-11-02 16:31:16 +03:00
>> > findDynamicContent ( " Lorem ipsum dolor sit amet, congue tation referrentur ei sed. Ne nec legimus habemus recusabo, natum reque et per. Facer tritani reprehendunt eos id, modus constituam est te. Usu sumo indoctum ad, pri paulo molestiae complectitur no. " , " Lorem ipsum dolor sit amet, congue tation referrentur ei sed. Ne nec legimus habemus recusabo, natum reque et per. <script src= ' ads.js ' ></script>Facer tritani reprehendunt eos id, modus constituam est te. Usu sumo indoctum ad, pri paulo molestiae complectitur no. " )
>> > kb . dynamicMarkings
2017-11-22 15:31:44 +03:00
[ ( ' natum reque et per. ' , ' Facer tritani repreh ' ) ]
2010-12-29 22:39:32 +03:00
"""
2014-12-23 10:23:40 +03:00
if not firstPage or not secondPage :
return
2010-12-29 22:39:32 +03:00
infoMsg = " searching for dynamic content "
2017-11-02 16:31:16 +03:00
singleTimeLogMessage ( infoMsg )
2010-12-29 22:39:32 +03:00
2019-05-08 13:28:50 +03:00
blocks = list ( SequenceMatcher ( None , firstPage , secondPage ) . get_matching_blocks ( ) )
2010-12-29 22:39:32 +03:00
kb . dynamicMarkings = [ ]
# Removing too small matching blocks
2011-12-22 02:59:23 +04:00
for block in blocks [ : ] :
2010-12-29 22:39:32 +03:00
( _ , _ , length ) = block
2017-11-19 04:16:52 +03:00
if length < = 2 * DYNAMICITY_BOUNDARY_LENGTH :
2010-12-29 22:39:32 +03:00
blocks . remove ( block )
# Making of dynamic markings based on prefix/suffix principle
if len ( blocks ) > 0 :
blocks . insert ( 0 , None )
blocks . append ( None )
for i in xrange ( len ( blocks ) - 1 ) :
prefix = firstPage [ blocks [ i ] [ 0 ] : blocks [ i ] [ 0 ] + blocks [ i ] [ 2 ] ] if blocks [ i ] else None
suffix = firstPage [ blocks [ i + 1 ] [ 0 ] : blocks [ i + 1 ] [ 0 ] + blocks [ i + 1 ] [ 2 ] ] if blocks [ i + 1 ] else None
if prefix is None and blocks [ i + 1 ] [ 0 ] == 0 :
continue
if suffix is None and ( blocks [ i ] [ 0 ] + blocks [ i ] [ 2 ] > = len ( firstPage ) ) :
continue
2017-11-02 16:31:16 +03:00
if prefix and suffix :
2017-11-19 04:16:52 +03:00
prefix = prefix [ - DYNAMICITY_BOUNDARY_LENGTH : ]
suffix = suffix [ : DYNAMICITY_BOUNDARY_LENGTH ]
2019-05-02 17:54:54 +03:00
for _ in ( firstPage , secondPage ) :
match = re . search ( r " (?s) %s (.+) %s " % ( re . escape ( prefix ) , re . escape ( suffix ) ) , _ )
if match :
infix = match . group ( 1 )
if infix [ 0 ] . isalnum ( ) :
prefix = trimAlphaNum ( prefix )
if infix [ - 1 ] . isalnum ( ) :
suffix = trimAlphaNum ( suffix )
break
2010-12-29 22:39:32 +03:00
2017-11-19 04:16:52 +03:00
kb . dynamicMarkings . append ( ( prefix if prefix else None , suffix if suffix else None ) )
2010-12-29 22:39:32 +03:00
if len ( kb . dynamicMarkings ) > 0 :
infoMsg = " dynamic content marked for removal ( %d region %s ) " % ( len ( kb . dynamicMarkings ) , ' s ' if len ( kb . dynamicMarkings ) > 1 else ' ' )
2017-11-02 16:31:16 +03:00
singleTimeLogMessage ( infoMsg )
2010-12-29 22:39:32 +03:00
2010-12-04 13:13:18 +03:00
def removeDynamicContent ( page ) :
2010-12-24 13:55:41 +03:00
"""
2011-01-07 18:41:09 +03:00
Removing dynamic content from supplied page basing removal on
precalculated dynamic markings
2010-12-24 13:55:41 +03:00
"""
2011-01-07 18:41:09 +03:00
2010-12-04 13:13:18 +03:00
if page :
for item in kb . dynamicMarkings :
prefix , suffix = item
2011-01-07 18:41:09 +03:00
2010-12-26 16:27:24 +03:00
if prefix is None and suffix is None :
continue
elif prefix is None :
2017-03-15 18:07:52 +03:00
page = re . sub ( r " (?s)^.+ %s " % re . escape ( suffix ) , suffix . replace ( ' \\ ' , r ' \\ ' ) , page )
2010-12-04 13:13:18 +03:00
elif suffix is None :
2017-03-15 18:07:52 +03:00
page = re . sub ( r " (?s) %s .+$ " % re . escape ( prefix ) , prefix . replace ( ' \\ ' , r ' \\ ' ) , page )
2010-12-04 13:13:18 +03:00
else :
2017-03-15 18:07:52 +03:00
page = re . sub ( r " (?s) %s .+ %s " % ( re . escape ( prefix ) , re . escape ( suffix ) ) , " %s %s " % ( prefix . replace ( ' \\ ' , r ' \\ ' ) , suffix . replace ( ' \\ ' , r ' \\ ' ) ) , page )
2010-12-04 13:13:18 +03:00
return page
2010-12-10 13:54:17 +03:00
2013-01-30 13:38:11 +04:00
def filterStringValue ( value , charRegex , replacement = " " ) :
2010-12-24 13:55:41 +03:00
"""
2011-01-07 18:41:09 +03:00
Returns string value consisting only of chars satisfying supplied
2011-11-22 13:00:00 +04:00
regular expression ( note : it has to be in form [ . . . ] )
2013-01-30 13:38:11 +04:00
2019-04-30 14:20:31 +03:00
>> > filterStringValue ( ' wzydeadbeef0123# ' , r ' [0-9a-f] ' )
' deadbeef0123 '
2010-12-24 13:55:41 +03:00
"""
2011-01-07 18:41:09 +03:00
2011-12-16 16:34:26 +04:00
retVal = value
2012-07-01 02:33:19 +04:00
2011-12-16 16:34:26 +04:00
if value :
2013-01-30 13:38:11 +04:00
retVal = re . sub ( charRegex . replace ( " [ " , " [^ " ) if " [^ " not in charRegex else charRegex . replace ( " [^ " , " [ " ) , replacement , value )
2012-07-01 02:33:19 +04:00
2011-12-16 16:34:26 +04:00
return retVal
2010-12-10 13:54:17 +03:00
2018-08-08 00:35:58 +03:00
def filterControlChars ( value , replacement = ' ' ) :
2011-01-05 13:25:07 +03:00
"""
2018-08-08 00:35:58 +03:00
Returns string value with control chars being supstituted with replacement character
2013-01-30 13:38:11 +04:00
2019-04-30 14:20:31 +03:00
>> > filterControlChars ( ' AND 1>(2+3) \\ n-- ' )
' AND 1>(2+3) -- '
2011-01-05 13:25:07 +03:00
"""
2011-01-07 18:41:09 +03:00
2018-08-08 00:35:58 +03:00
return filterStringValue ( value , PRINTABLE_CHAR_REGEX , replacement )
2011-01-05 13:25:07 +03:00
2019-03-29 04:28:16 +03:00
def filterNone ( values ) :
"""
Emulates filterNone ( [ . . . ] ) functionality
>> > filterNone ( [ 1 , 2 , " " , None , 3 ] )
[ 1 , 2 , 3 ]
"""
retVal = values
2021-01-15 11:31:57 +03:00
if isinstance ( values , _collections . Iterable ) :
2019-03-29 04:28:16 +03:00
retVal = [ _ for _ in values if _ ]
return retVal
2019-06-09 02:11:29 +03:00
def isDBMSVersionAtLeast ( minimum ) :
2010-12-24 13:55:41 +03:00
"""
2019-05-06 12:41:19 +03:00
Checks if the recognized DBMS version is at least the version specified
2019-06-09 02:11:29 +03:00
>> > pushValue ( kb . dbmsVersion )
>> > kb . dbmsVersion = " 2 "
>> > isDBMSVersionAtLeast ( " 1.3.4.1.4 " )
True
>> > isDBMSVersionAtLeast ( 2.1 )
False
>> > isDBMSVersionAtLeast ( " >2 " )
False
>> > isDBMSVersionAtLeast ( " >=2.0 " )
True
>> > kb . dbmsVersion = " <2 "
>> > isDBMSVersionAtLeast ( " 2 " )
False
>> > isDBMSVersionAtLeast ( " 1.5 " )
True
2019-06-27 02:48:35 +03:00
>> > kb . dbmsVersion = " MySQL 5.4.3-log4 "
>> > isDBMSVersionAtLeast ( " 5 " )
True
2019-06-09 02:11:29 +03:00
>> > kb . dbmsVersion = popValue ( )
2010-12-24 13:55:41 +03:00
"""
2011-01-07 18:41:09 +03:00
2010-12-10 13:54:17 +03:00
retVal = None
2010-12-11 14:17:24 +03:00
2019-06-09 02:11:29 +03:00
if not any ( isNoneValue ( _ ) for _ in ( Backend . getVersion ( ) , minimum ) ) and Backend . getVersion ( ) != UNKNOWN_DBMS_VERSION :
version = Backend . getVersion ( ) . replace ( " " , " " ) . rstrip ( ' . ' )
2010-12-21 03:47:07 +03:00
2019-06-09 02:11:29 +03:00
correction = 0.0
if " >= " in version :
pass
elif ' > ' in version :
correction = VERSION_COMPARISON_CORRECTION
elif ' < ' in version :
correction = - VERSION_COMPARISON_CORRECTION
2010-12-21 03:47:07 +03:00
2019-06-27 02:48:35 +03:00
version = extractRegexResult ( r " (?P<result>[0-9][0-9.]*) " , version )
2019-06-09 02:11:29 +03:00
2019-06-27 02:48:35 +03:00
if version :
if ' . ' in version :
parts = version . split ( ' . ' , 1 )
2019-06-09 02:11:29 +03:00
parts [ 1 ] = filterStringValue ( parts [ 1 ] , ' [0-9] ' )
2019-06-27 02:48:35 +03:00
version = ' . ' . join ( parts )
2019-06-09 02:11:29 +03:00
2019-10-22 15:43:29 +03:00
try :
version = float ( filterStringValue ( version , ' [0-9.] ' ) ) + correction
except ValueError :
return None
2019-06-27 02:48:35 +03:00
if isinstance ( minimum , six . string_types ) :
if ' . ' in minimum :
parts = minimum . split ( ' . ' , 1 )
parts [ 1 ] = filterStringValue ( parts [ 1 ] , ' [0-9] ' )
minimum = ' . ' . join ( parts )
correction = 0.0
if minimum . startswith ( " >= " ) :
pass
elif minimum . startswith ( " > " ) :
correction = VERSION_COMPARISON_CORRECTION
2010-12-14 00:55:30 +03:00
2019-06-27 02:48:35 +03:00
minimum = float ( filterStringValue ( minimum , ' [0-9.] ' ) ) + correction
2010-12-12 17:38:07 +03:00
2019-06-27 02:48:35 +03:00
retVal = version > = minimum
2010-12-10 13:54:17 +03:00
return retVal
2010-12-12 01:00:16 +03:00
def parseSqliteTableSchema ( value ) :
2010-12-24 13:55:41 +03:00
"""
2011-01-07 18:41:09 +03:00
Parses table column names and types from specified SQLite table schema
2019-05-06 12:41:19 +03:00
>> > kb . data . cachedColumns = { }
2020-05-27 16:44:44 +03:00
>> > parseSqliteTableSchema ( " CREATE TABLE users( \\ n \\ t \\ tid INTEGER, \\ n \\ t \\ tname TEXT \\ n); " )
2019-05-06 12:41:19 +03:00
True
>> > repr ( kb . data . cachedColumns ) . count ( ' , ' ) == 1
True
2010-12-24 13:55:41 +03:00
"""
2011-01-07 18:41:09 +03:00
2019-02-07 19:33:16 +03:00
retVal = False
2010-12-12 01:13:19 +03:00
if value :
table = { }
columns = { }
2010-12-12 01:00:16 +03:00
2020-05-20 16:35:20 +03:00
for match in re . finditer ( r " [(,] \ s*[ \" ' `]?( \ w+)[ \" ' `]?(?: \ s+(INT|INTEGER|TINYINT|SMALLINT|MEDIUMINT|BIGINT|UNSIGNED BIG INT|INT2|INT8|INTEGER|CHARACTER|VARCHAR|VARYING CHARACTER|NCHAR|NATIVE CHARACTER|NVARCHAR|TEXT|CLOB|LONGTEXT|BLOB|NONE|REAL|DOUBLE|DOUBLE PRECISION|FLOAT|REAL|NUMERIC|DECIMAL|BOOLEAN|DATE|DATETIME|NUMERIC) \ b)? " , decodeStringEscape ( value ) , re . I ) :
2019-02-07 19:33:16 +03:00
retVal = True
2020-05-20 16:35:20 +03:00
columns [ match . group ( 1 ) ] = match . group ( 2 ) or " TEXT "
2010-12-12 01:00:16 +03:00
2019-02-07 19:33:16 +03:00
table [ safeSQLIdentificatorNaming ( conf . tbl , True ) ] = columns
2010-12-12 01:13:19 +03:00
kb . data . cachedColumns [ conf . db ] = table
2010-12-15 14:21:47 +03:00
2019-02-07 19:33:16 +03:00
return retVal
2010-12-15 14:21:47 +03:00
def getTechniqueData ( technique = None ) :
2010-12-24 13:55:41 +03:00
"""
Returns injection data for technique specified
"""
2011-01-07 18:41:09 +03:00
2019-07-18 12:27:00 +03:00
return kb . injection . data . get ( technique if technique is not None else getTechnique ( ) )
2010-12-15 14:46:28 +03:00
2012-01-07 23:30:35 +04:00
def isTechniqueAvailable ( technique ) :
2010-12-24 13:55:41 +03:00
"""
2019-05-06 12:41:19 +03:00
Returns True if there is injection data which sqlmap could use for technique specified
>> > pushValue ( kb . injection . data )
>> > kb . injection . data [ PAYLOAD . TECHNIQUE . ERROR ] = [ test for test in getSortedInjectionTests ( ) if " error " in test [ " title " ] . lower ( ) ] [ 0 ]
>> > isTechniqueAvailable ( PAYLOAD . TECHNIQUE . ERROR )
True
>> > kb . injection . data = popValue ( )
2010-12-24 13:55:41 +03:00
"""
2011-02-02 01:05:12 +03:00
2019-06-07 01:21:43 +03:00
if conf . technique and isinstance ( conf . technique , list ) and technique not in conf . technique :
2011-01-24 19:47:24 +03:00
return False
else :
return getTechniqueData ( technique ) is not None
2010-12-18 12:51:34 +03:00
2019-05-10 11:00:54 +03:00
def isHeavyQueryBased ( technique = None ) :
2019-05-09 18:39:16 +03:00
"""
2019-05-10 11:00:54 +03:00
Returns True whether current ( kb . ) technique is heavy - query based
2019-05-09 18:39:16 +03:00
>> > pushValue ( kb . injection . data )
2019-07-01 11:43:05 +03:00
>> > setTechnique ( PAYLOAD . TECHNIQUE . STACKED )
>> > kb . injection . data [ getTechnique ( ) ] = [ test for test in getSortedInjectionTests ( ) if " heavy " in test [ " title " ] . lower ( ) ] [ 0 ]
2019-05-09 18:39:16 +03:00
>> > isHeavyQueryBased ( )
True
>> > kb . injection . data = popValue ( )
"""
retVal = False
2019-07-01 11:43:05 +03:00
technique = technique or getTechnique ( )
2019-05-10 11:00:54 +03:00
if isTechniqueAvailable ( technique ) :
2019-05-09 18:39:16 +03:00
data = getTechniqueData ( technique )
if data and " heavy query " in data [ " title " ] . lower ( ) :
retVal = True
return retVal
2013-02-13 12:57:16 +04:00
def isStackingAvailable ( ) :
"""
Returns True whether techniques using stacking are available
2019-05-06 12:41:19 +03:00
>> > pushValue ( kb . injection . data )
>> > kb . injection . data [ PAYLOAD . TECHNIQUE . STACKED ] = [ test for test in getSortedInjectionTests ( ) if " stacked " in test [ " title " ] . lower ( ) ] [ 0 ]
>> > isStackingAvailable ( )
True
>> > kb . injection . data = popValue ( )
2013-02-13 12:57:16 +04:00
"""
retVal = False
if PAYLOAD . TECHNIQUE . STACKED in kb . injection . data :
retVal = True
else :
for technique in getPublicTypeMembers ( PAYLOAD . TECHNIQUE , True ) :
2017-10-31 12:27:58 +03:00
data = getTechniqueData ( technique )
if data and " stacked " in data [ " title " ] . lower ( ) :
2013-02-13 12:57:16 +04:00
retVal = True
break
return retVal
2012-01-07 23:30:35 +04:00
def isInferenceAvailable ( ) :
2012-02-16 18:42:28 +04:00
"""
Returns True whether techniques using inference technique are available
2019-05-06 12:41:19 +03:00
>> > pushValue ( kb . injection . data )
>> > kb . injection . data [ PAYLOAD . TECHNIQUE . BOOLEAN ] = getSortedInjectionTests ( ) [ 0 ]
>> > isInferenceAvailable ( )
True
>> > kb . injection . data = popValue ( )
2012-02-16 18:42:28 +04:00
"""
2012-01-07 23:30:35 +04:00
return any ( isTechniqueAvailable ( _ ) for _ in ( PAYLOAD . TECHNIQUE . BOOLEAN , PAYLOAD . TECHNIQUE . STACKED , PAYLOAD . TECHNIQUE . TIME ) )
2011-07-25 15:05:49 +04:00
def setOptimize ( ) :
2012-07-01 03:19:54 +04:00
"""
Sets options turned on by switch ' -o '
"""
2018-03-13 13:25:26 +03:00
# conf.predictOutput = True
2011-07-25 15:05:49 +04:00
conf . keepAlive = True
2020-07-28 12:30:47 +03:00
conf . threads = 3 if conf . threads < 3 and cmdLineOptions . threads is None else conf . threads
2013-02-13 15:28:51 +04:00
conf . nullConnection = not any ( ( conf . data , conf . textOnly , conf . titles , conf . string , conf . notString , conf . regexp , conf . tor ) )
2011-07-25 15:05:49 +04:00
if not conf . nullConnection :
2016-05-24 16:18:19 +03:00
debugMsg = " turning off switch ' --null-connection ' used indirectly by switch ' -o ' "
2011-07-25 15:05:49 +04:00
logger . debug ( debugMsg )
2017-04-10 15:50:17 +03:00
def saveConfig ( conf , filename ) :
"""
Saves conf to configuration filename
"""
config = UnicodeRawConfigParser ( )
userOpts = { }
2019-01-22 05:00:44 +03:00
for family in optDict :
2017-04-10 15:50:17 +03:00
userOpts [ family ] = [ ]
for option , value in conf . items ( ) :
for family , optionData in optDict . items ( ) :
if option in optionData :
userOpts [ family ] . append ( ( option , value , optionData [ option ] ) )
for family , optionData in userOpts . items ( ) :
config . add_section ( family )
optionData . sort ( )
for option , value , datatype in optionData :
if datatype and isListLike ( datatype ) :
datatype = datatype [ 0 ]
if option in IGNORE_SAVE_OPTIONS :
continue
if value is None :
if datatype == OPTION_TYPE . BOOLEAN :
value = " False "
elif datatype in ( OPTION_TYPE . INTEGER , OPTION_TYPE . FLOAT ) :
if option in defaults :
value = str ( defaults [ option ] )
else :
2017-10-31 12:27:58 +03:00
value = ' 0 '
2017-04-10 15:50:17 +03:00
elif datatype == OPTION_TYPE . STRING :
value = " "
2019-03-28 15:53:54 +03:00
if isinstance ( value , six . string_types ) :
2017-04-10 15:50:17 +03:00
value = value . replace ( " \n " , " \n " )
config . set ( family , option , value )
with openFile ( filename , " wb " ) as f :
try :
config . write ( f )
2019-01-22 02:40:48 +03:00
except IOError as ex :
2017-04-10 15:50:17 +03:00
errMsg = " something went wrong while trying "
errMsg + = " to write to the configuration file ' %s ' ( ' %s ' ) " % ( filename , getSafeExString ( ex ) )
raise SqlmapSystemException ( errMsg )
2010-12-18 12:51:34 +03:00
def initTechnique ( technique = None ) :
2010-12-24 13:55:41 +03:00
"""
2011-12-21 15:50:49 +04:00
Prepares data for technique specified
2010-12-24 13:55:41 +03:00
"""
2011-01-12 01:18:47 +03:00
2011-01-10 13:30:17 +03:00
try :
data = getTechniqueData ( technique )
2011-12-21 15:50:49 +04:00
resetCounter ( technique )
2011-01-07 18:41:09 +03:00
2011-01-10 13:30:17 +03:00
if data :
kb . pageTemplate , kb . errorIsNone = getPageTemplate ( data . templatePayload , kb . injection . place )
2011-01-14 17:55:59 +03:00
kb . matchRatio = data . matchRatio
2012-03-29 18:33:27 +04:00
kb . negativeLogic = ( technique == PAYLOAD . TECHNIQUE . BOOLEAN ) and ( data . where == PAYLOAD . WHERE . NEGATIVE )
2011-01-14 17:37:03 +03:00
2011-01-14 17:55:59 +03:00
# Restoring stored conf options
2011-01-14 18:33:49 +03:00
for key , value in kb . injection . conf . items ( ) :
2011-01-16 02:43:26 +03:00
if value and ( not hasattr ( conf , key ) or ( hasattr ( conf , key ) and not getattr ( conf , key ) ) ) :
2011-01-14 18:33:49 +03:00
setattr ( conf , key , value )
2019-03-28 15:53:54 +03:00
debugMsg = " resuming configuration option ' %s ' ( %s ) " % ( key , ( " ' %s ' " % value ) if isinstance ( value , six . string_types ) else value )
2011-01-14 18:33:49 +03:00
logger . debug ( debugMsg )
2011-07-25 15:05:49 +04:00
if value and key == " optimize " :
setOptimize ( )
2011-01-10 13:30:17 +03:00
else :
warnMsg = " there is no injection data available for technique "
warnMsg + = " ' %s ' " % enumValueToNameLookup ( PAYLOAD . TECHNIQUE , technique )
logger . warn ( warnMsg )
2011-01-12 01:18:47 +03:00
2012-12-06 17:14:19 +04:00
except SqlmapDataException :
2011-01-10 13:30:17 +03:00
errMsg = " missing data in old session file(s). "
2011-12-22 15:55:02 +04:00
errMsg + = " Please use ' --flush-session ' to deal "
2011-01-10 13:30:17 +03:00
errMsg + = " with this error "
2013-01-04 02:20:55 +04:00
raise SqlmapNoneDataException ( errMsg )
2010-12-22 21:55:50 +03:00
def arrayizeValue ( value ) :
2010-12-24 13:55:41 +03:00
"""
2012-02-29 19:38:01 +04:00
Makes a list out of value if it is not already a list or tuple itself
2013-01-30 13:38:11 +04:00
2019-04-30 14:20:31 +03:00
>> > arrayizeValue ( ' 1 ' )
[ ' 1 ' ]
2010-12-24 13:55:41 +03:00
"""
2011-01-07 18:41:09 +03:00
2021-01-15 11:31:57 +03:00
if isinstance ( value , _collections . KeysView ) :
2019-05-02 12:26:31 +03:00
value = [ _ for _ in value ]
elif not isListLike ( value ) :
2012-02-22 19:53:36 +04:00
value = [ value ]
2011-01-07 18:41:09 +03:00
2010-12-22 21:55:50 +03:00
return value
2010-12-24 13:55:41 +03:00
2011-03-07 12:50:43 +03:00
def unArrayizeValue ( value ) :
"""
2012-02-29 19:38:01 +04:00
Makes a value out of iterable if it is a list or tuple itself
2013-01-30 13:38:11 +04:00
2019-04-30 14:20:31 +03:00
>> > unArrayizeValue ( [ ' 1 ' ] )
' 1 '
2019-05-03 00:51:54 +03:00
>> > unArrayizeValue ( [ ' 1 ' , ' 2 ' ] )
' 1 '
2019-05-09 14:14:42 +03:00
>> > unArrayizeValue ( [ [ ' a ' , ' b ' ] , ' c ' ] )
' a '
>> > unArrayizeValue ( _ for _ in xrange ( 10 ) )
0
2011-03-07 12:50:43 +03:00
"""
2012-06-14 17:38:53 +04:00
if isListLike ( value ) :
2015-09-30 12:26:56 +03:00
if not value :
value = None
elif len ( value ) == 1 and not isListLike ( value [ 0 ] ) :
value = value [ 0 ]
else :
2019-05-03 00:51:54 +03:00
value = [ _ for _ in flattenValue ( value ) if _ is not None ]
value = value [ 0 ] if len ( value ) > 0 else None
2019-05-09 14:14:42 +03:00
elif inspect . isgenerator ( value ) :
value = unArrayizeValue ( [ _ for _ in value ] )
2011-03-07 12:50:43 +03:00
return value
2012-04-03 17:56:11 +04:00
def flattenValue ( value ) :
"""
Returns an iterator representing flat representation of a given value
2013-01-30 13:38:11 +04:00
2019-04-30 14:20:31 +03:00
>> > [ _ for _ in flattenValue ( [ [ ' 1 ' ] , [ [ ' 2 ' ] , ' 3 ' ] ] ) ]
[ ' 1 ' , ' 2 ' , ' 3 ' ]
2012-04-03 17:56:11 +04:00
"""
for i in iter ( value ) :
2012-06-14 17:38:53 +04:00
if isListLike ( i ) :
2012-04-03 17:56:11 +04:00
for j in flattenValue ( i ) :
yield j
else :
yield i
2019-11-13 01:32:09 +03:00
def joinValue ( value , delimiter = ' , ' ) :
"""
Returns a value consisting of joined parts of a given value
>> > joinValue ( [ ' 1 ' , ' 2 ' ] )
' 1,2 '
>> > joinValue ( ' 1 ' )
' 1 '
"""
if isListLike ( value ) :
retVal = delimiter . join ( value )
else :
retVal = value
return retVal
2012-06-14 17:38:53 +04:00
def isListLike ( value ) :
"""
Returns True if the given value is a list - like instance
2013-01-30 13:38:11 +04:00
>> > isListLike ( [ 1 , 2 , 3 ] )
True
2019-04-30 14:20:31 +03:00
>> > isListLike ( ' 2 ' )
2013-01-30 13:38:11 +04:00
False
2012-06-14 17:38:53 +04:00
"""
2020-10-14 12:49:58 +03:00
return isinstance ( value , ( list , tuple , set , OrderedSet , BigArray ) )
2012-06-14 17:38:53 +04:00
2011-01-20 02:06:15 +03:00
def getSortedInjectionTests ( ) :
2010-12-24 13:55:41 +03:00
"""
2019-05-06 12:41:19 +03:00
Returns prioritized test list by eventually detected DBMS from error messages
>> > pushValue ( kb . forcedDbms )
>> > kb . forcedDbms = DBMS . SQLITE
>> > [ test for test in getSortedInjectionTests ( ) if hasattr ( test , " details " ) and hasattr ( test . details , " dbms " ) ] [ 0 ] . details . dbms == kb . forcedDbms
True
>> > kb . forcedDbms = popValue ( )
2010-12-24 13:55:41 +03:00
"""
2011-01-07 18:41:09 +03:00
2012-07-26 02:49:51 +04:00
retVal = copy . deepcopy ( conf . tests )
2011-01-07 18:41:09 +03:00
2011-01-07 19:08:01 +03:00
def priorityFunction ( test ) :
2011-12-21 23:40:42 +04:00
retVal = SORT_ORDER . FIRST
2011-01-13 14:23:07 +03:00
2011-01-13 14:08:29 +03:00
if test . stype == PAYLOAD . TECHNIQUE . UNION :
2011-12-21 23:40:42 +04:00
retVal = SORT_ORDER . LAST
2011-01-13 14:23:07 +03:00
2017-10-31 12:27:58 +03:00
elif " details " in test and " dbms " in test . details :
2015-02-21 16:12:03 +03:00
if intersect ( test . details . dbms , Backend . getIdentifiedDbms ( ) ) :
2011-12-21 23:40:42 +04:00
retVal = SORT_ORDER . SECOND
2011-01-07 19:08:01 +03:00
else :
2011-12-21 23:40:42 +04:00
retVal = SORT_ORDER . THIRD
2011-01-13 14:23:07 +03:00
2011-01-07 19:08:01 +03:00
return retVal
2015-02-21 16:12:03 +03:00
if Backend . getIdentifiedDbms ( ) :
2011-01-07 19:08:01 +03:00
retVal = sorted ( retVal , key = priorityFunction )
2010-12-24 13:55:41 +03:00
return retVal
2010-12-27 02:50:16 +03:00
def filterListValue ( value , regex ) :
"""
2019-05-06 12:41:19 +03:00
Returns list with items that have parts satisfying given regular expression
2013-01-30 13:38:11 +04:00
>> > filterListValue ( [ ' users ' , ' admins ' , ' logs ' ] , r ' (users|admins) ' )
[ ' users ' , ' admins ' ]
2010-12-27 02:50:16 +03:00
"""
2011-01-07 18:41:09 +03:00
2011-05-17 00:09:12 +04:00
if isinstance ( value , list ) and regex :
2019-04-30 14:20:31 +03:00
retVal = [ _ for _ in value if re . search ( regex , _ , re . I ) ]
2010-12-27 02:50:16 +03:00
else :
2011-05-17 00:09:12 +04:00
retVal = value
return retVal
2010-12-28 17:40:34 +03:00
2011-01-02 10:37:47 +03:00
def showHttpErrorCodes ( ) :
2011-01-03 11:46:20 +03:00
"""
2011-01-07 18:41:09 +03:00
Shows all HTTP error codes raised till now
2011-01-03 11:46:20 +03:00
"""
2011-01-07 18:41:09 +03:00
2011-01-02 10:37:47 +03:00
if kb . httpErrorCodes :
2012-12-11 18:24:02 +04:00
warnMsg = " HTTP error codes detected during run: \n "
2019-03-27 15:33:46 +03:00
warnMsg + = " , " . join ( " %d ( %s ) - %d times " % ( code , _http_client . responses [ code ] if code in _http_client . responses else ' ? ' , count ) for code , count in kb . httpErrorCodes . items ( ) )
2011-01-02 10:37:47 +03:00
logger . warn ( warnMsg )
2019-05-02 12:26:31 +03:00
if any ( ( str ( _ ) . startswith ( ' 4 ' ) or str ( _ ) . startswith ( ' 5 ' ) ) and _ != _http_client . INTERNAL_SERVER_ERROR and _ != kb . originalCode for _ in kb . httpErrorCodes ) :
2014-12-04 11:34:37 +03:00
msg = " too many 4xx and/or 5xx HTTP error codes "
msg + = " could mean that some kind of protection is involved (e.g. WAF) "
2014-12-14 02:14:18 +03:00
logger . debug ( msg )
2011-01-03 11:32:06 +03:00
2019-04-17 18:19:22 +03:00
def openFile ( filename , mode = ' r ' , encoding = UNICODE_ENCODING , errors = " reversible " , buffering = 1 ) : # "buffering=1" means line buffered (Reference: http://stackoverflow.com/a/3168436)
2011-01-08 12:30:10 +03:00
"""
Returns file handle of a given filename
2019-05-06 12:41:19 +03:00
>> > " openFile " in openFile ( __file__ ) . read ( )
True
2019-11-19 14:21:39 +03:00
>> > b " openFile " in openFile ( __file__ , " rb " , None ) . read ( )
True
2011-01-08 12:30:10 +03:00
"""
2019-11-19 14:56:56 +03:00
# Reference: https://stackoverflow.com/a/37462452
if ' b ' in mode :
buffering = 0
2019-03-15 17:36:13 +03:00
if filename == STDIN_PIPE_DASH :
if filename not in kb . cache . content :
kb . cache . content [ filename ] = sys . stdin . read ( )
2019-03-26 16:37:01 +03:00
return contextlib . closing ( io . StringIO ( readCachedFileContent ( filename ) ) )
2019-03-15 17:36:13 +03:00
else :
try :
2019-11-19 14:56:56 +03:00
return codecs . open ( filename , mode , encoding , errors , buffering )
2019-03-15 17:36:13 +03:00
except IOError :
errMsg = " there has been a file opening error for filename ' %s ' . " % filename
errMsg + = " Please check %s permissions on a file " % ( " write " if mode and ( ' w ' in mode or ' a ' in mode or ' + ' in mode ) else " read " )
2019-07-10 14:49:41 +03:00
errMsg + = " and that it ' s not locked by another process "
2019-03-15 17:36:13 +03:00
raise SqlmapSystemException ( errMsg )
2011-01-19 18:25:48 +03:00
def decodeIntToUnicode ( value ) :
"""
2012-07-23 21:31:06 +04:00
Decodes inferenced integer value to an unicode character
2013-01-30 13:38:11 +04:00
2019-04-30 14:20:31 +03:00
>> > decodeIntToUnicode ( 35 ) == ' # '
True
>> > decodeIntToUnicode ( 64 ) == ' @ '
True
2011-01-19 18:25:48 +03:00
"""
2012-07-23 21:31:06 +04:00
retVal = value
if isinstance ( value , int ) :
try :
2014-10-07 15:02:47 +04:00
if value > 255 :
2013-02-12 00:16:35 +04:00
_ = " %x " % value
2019-11-30 06:42:38 +03:00
2013-02-12 00:16:35 +04:00
if len ( _ ) % 2 == 1 :
_ = " 0 %s " % _
2019-11-30 06:42:38 +03:00
2019-05-03 14:20:15 +03:00
raw = decodeHex ( _ )
2015-11-16 13:56:06 +03:00
2016-05-24 13:01:02 +03:00
if Backend . isDbms ( DBMS . MYSQL ) :
2019-11-30 06:42:38 +03:00
# Reference: https://dev.mysql.com/doc/refman/8.0/en/string-functions.html#function_ord
2017-10-31 12:27:58 +03:00
# Note: https://github.com/sqlmapproject/sqlmap/issues/1531
2017-09-21 15:35:24 +03:00
retVal = getUnicode ( raw , conf . encoding or UNICODE_ENCODING )
2016-05-24 13:01:02 +03:00
elif Backend . isDbms ( DBMS . MSSQL ) :
2019-11-30 06:42:38 +03:00
# Reference: https://docs.microsoft.com/en-us/sql/relational-databases/collations/collation-and-unicode-support?view=sql-server-2017 and https://stackoverflow.com/a/14488478
retVal = getUnicode ( raw , " UTF-16-BE " )
elif Backend . getIdentifiedDbms ( ) in ( DBMS . PGSQL , DBMS . ORACLE , DBMS . SQLITE ) : # Note: cases with Unicode code points (e.g. http://www.postgresqltutorial.com/postgresql-ascii/)
2019-05-15 11:57:22 +03:00
retVal = _unichr ( value )
2015-11-16 14:56:15 +03:00
else :
2017-09-21 15:35:24 +03:00
retVal = getUnicode ( raw , conf . encoding )
2012-12-19 04:48:53 +04:00
else :
2019-05-15 11:57:22 +03:00
retVal = _unichr ( value )
2012-07-23 21:31:06 +04:00
except :
retVal = INFERENCE_UNKNOWN_CHAR
return retVal
2011-01-28 19:15:45 +03:00
2016-07-17 01:04:30 +03:00
def checkIntegrity ( ) :
"""
Checks integrity of code files during the unhandled exceptions
"""
2017-04-11 11:01:37 +03:00
if not paths :
return
2016-07-17 01:09:09 +03:00
logger . debug ( " running code integrity check " )
2016-07-17 01:04:30 +03:00
retVal = True
2018-04-10 12:03:08 +03:00
2019-05-17 12:12:52 +03:00
baseTime = os . path . getmtime ( paths . SQLMAP_SETTINGS_PATH ) + 3600 # First hour free parking :)
2019-05-29 17:42:04 +03:00
for root , _ , filenames in os . walk ( paths . SQLMAP_ROOT_PATH ) :
2019-03-20 15:26:53 +03:00
for filename in filenames :
if re . search ( r " ( \ .py| \ .xml|_) \ Z " , filename ) :
filepath = os . path . join ( root , filename )
if os . path . getmtime ( filepath ) > baseTime :
logger . error ( " wrong modification time of ' %s ' " % filepath )
retVal = False
2018-04-10 12:03:08 +03:00
2016-07-17 01:04:30 +03:00
return retVal
2019-04-15 16:15:12 +03:00
def getDaysFromLastUpdate ( ) :
"""
Get total number of days from last update
2019-05-06 12:41:19 +03:00
>> > getDaysFromLastUpdate ( ) > = 0
True
2019-04-15 16:15:12 +03:00
"""
if not paths :
return
return int ( time . time ( ) - os . path . getmtime ( paths . SQLMAP_SETTINGS_PATH ) ) / / ( 3600 * 24 )
2011-01-28 19:15:45 +03:00
def unhandledExceptionMessage ( ) :
2011-02-01 14:06:56 +03:00
"""
2013-07-31 11:24:34 +04:00
Returns detailed message about occurred unhandled exception
2019-05-06 12:41:19 +03:00
>> > all ( _ in unhandledExceptionMessage ( ) for _ in ( " unhandled exception occurred " , " Operating system " , " Command line " ) )
True
2011-02-01 14:06:56 +03:00
"""
2014-10-01 16:23:45 +04:00
errMsg = " unhandled exception occurred in %s . It is recommended to retry your " % VERSION_STRING
errMsg + = " run with the latest development version from official GitHub "
errMsg + = " repository at ' %s ' . If the exception persists, please open a new issue " % GIT_PAGE
2015-01-06 14:30:49 +03:00
errMsg + = " at ' %s ' " % ISSUES_PAGE
2014-10-01 16:23:45 +04:00
errMsg + = " with the following text and any other information required to "
2019-01-30 02:45:38 +03:00
errMsg + = " reproduce the bug. Developers will try to reproduce the bug, fix it accordingly "
2014-10-01 16:23:45 +04:00
errMsg + = " and get back to you \n "
2018-02-20 16:26:31 +03:00
errMsg + = " Running version: %s \n " % VERSION_STRING [ VERSION_STRING . find ( ' / ' ) + 1 : ]
2011-01-28 19:15:45 +03:00
errMsg + = " Python version: %s \n " % PYVERSION
2018-01-21 13:54:42 +03:00
errMsg + = " Operating system: %s \n " % platform . platform ( )
2020-03-03 16:32:01 +03:00
errMsg + = " Command line: %s \n " % re . sub ( r " .+? \ bsqlmap \ .py \ b " , " sqlmap.py " , getUnicode ( " " . join ( sys . argv ) , encoding = getattr ( sys . stdin , " encoding " , None ) ) )
2019-07-01 11:43:05 +03:00
errMsg + = " Technique: %s \n " % ( enumValueToNameLookup ( PAYLOAD . TECHNIQUE , getTechnique ( ) ) if getTechnique ( ) is not None else ( " DIRECT " if conf . get ( " direct " ) else None ) )
2016-12-21 12:33:35 +03:00
errMsg + = " Back-end DBMS: "
if Backend . getDbms ( ) is not None :
errMsg + = " %s (fingerprinted) " % Backend . getDbms ( )
if Backend . getIdentifiedDbms ( ) is not None and ( Backend . getDbms ( ) is None or Backend . getIdentifiedDbms ( ) != Backend . getDbms ( ) ) :
errMsg + = " %s (identified) " % Backend . getIdentifiedDbms ( )
if not errMsg . endswith ( ' ) ' ) :
errMsg + = " None "
2011-12-21 23:40:42 +04:00
2014-11-02 12:55:38 +03:00
return errMsg
2011-02-02 17:25:16 +03:00
2018-07-11 20:30:14 +03:00
def getLatestRevision ( ) :
"""
Retrieves latest revision from the offical repository
"""
retVal = None
2019-08-29 18:07:16 +03:00
req = _urllib . request . Request ( url = " https://raw.githubusercontent.com/sqlmapproject/sqlmap/master/lib/core/settings.py " , headers = { HTTP_HEADER . USER_AGENT : fetchRandomAgent ( ) } )
2018-07-11 20:30:14 +03:00
try :
2019-05-02 17:54:54 +03:00
content = getUnicode ( _urllib . request . urlopen ( req ) . read ( ) )
2018-07-11 20:30:14 +03:00
retVal = extractRegexResult ( r " VERSION \ s*= \ s*[ \" ' ](?P<result>[ \ d.]+) " , content )
except :
pass
return retVal
2019-05-06 02:40:58 +03:00
def fetchRandomAgent ( ) :
"""
Returns random HTTP User - Agent header value
>> > ' ( ' in fetchRandomAgent ( )
True
"""
if not kb . userAgents :
debugMsg = " loading random HTTP User-Agent header(s) from "
debugMsg + = " file ' %s ' " % paths . USER_AGENTS
logger . debug ( debugMsg )
try :
kb . userAgents = getFileItems ( paths . USER_AGENTS )
except IOError :
errMsg = " unable to read HTTP User-Agent header "
errMsg + = " file ' %s ' " % paths . USER_AGENTS
raise SqlmapSystemException ( errMsg )
return random . sample ( kb . userAgents , 1 ) [ 0 ]
2014-10-27 02:37:46 +03:00
def createGithubIssue ( errMsg , excMsg ) :
"""
Automatically create a Github issue with unhandled exception information
"""
2014-11-10 00:07:11 +03:00
try :
issues = getFileItems ( paths . GITHUB_HISTORY , unique = True )
except :
2017-10-29 00:27:19 +03:00
issues = [ ]
2014-11-10 00:07:11 +03:00
finally :
issues = set ( issues )
_ = re . sub ( r " ' [^ ' ]+ ' " , " ' ' " , excMsg )
2014-11-16 15:34:35 +03:00
_ = re . sub ( r " \ s+line \ d+ " , " " , _ )
2018-06-10 00:38:00 +03:00
_ = re . sub ( r ' File " .+?/( \ w+ \ .py) ' , r " \ g<1> " , _ )
2014-12-30 19:07:08 +03:00
_ = re . sub ( r " .+ \ Z " , " " , _ )
2019-04-12 12:16:42 +03:00
_ = re . sub ( r " (Unicode[^:]*Error:).+ " , r " \ g<1> " , _ )
_ = re . sub ( r " = _ " , " = " , _ )
2019-05-06 02:08:42 +03:00
key = hashlib . md5 ( getBytes ( _ ) ) . hexdigest ( ) [ : 8 ]
2014-11-10 00:07:11 +03:00
if key in issues :
return
2014-10-27 02:37:46 +03:00
msg = " \n do you want to automatically create a new (anonymized) issue "
msg + = " with the unhandled exception information at "
msg + = " the official Github repository? [y/N] "
2014-10-28 16:08:06 +03:00
try :
2018-05-28 12:10:42 +03:00
choice = readInput ( msg , default = ' N ' , checkBatch = False , boolean = True )
2014-10-28 16:08:06 +03:00
except :
2017-04-18 16:48:05 +03:00
choice = None
2014-10-28 16:08:06 +03:00
2017-04-18 16:48:05 +03:00
if choice :
2019-05-03 00:51:54 +03:00
_excMsg = None
2014-10-27 02:37:46 +03:00
errMsg = errMsg [ errMsg . find ( " \n " ) : ]
2019-05-12 05:06:58 +03:00
req = _urllib . request . Request ( url = " https://api.github.com/search/issues?q= %s " % _urllib . parse . quote ( " repo:sqlmapproject/sqlmap Unhandled exception (# %s ) " % key ) , headers = { HTTP_HEADER . USER_AGENT : fetchRandomAgent ( ) } )
2016-10-11 00:27:41 +03:00
try :
2019-03-27 04:55:44 +03:00
content = _urllib . request . urlopen ( req ) . read ( )
2016-10-11 00:27:41 +03:00
_ = json . loads ( content )
duplicate = _ [ " total_count " ] > 0
closed = duplicate and _ [ " items " ] [ 0 ] [ " state " ] == " closed "
if duplicate :
warnMsg = " issue seems to be already reported "
if closed :
warnMsg + = " and resolved. Please update to the latest "
warnMsg + = " development version from official GitHub repository at ' %s ' " % GIT_PAGE
logger . warn ( warnMsg )
return
except :
pass
2014-11-09 20:58:25 +03:00
2014-11-10 00:07:11 +03:00
data = { " title " : " Unhandled exception (# %s ) " % key , " body " : " ``` %s \n ``` \n ``` \n %s ``` " % ( errMsg , excMsg ) }
2019-05-06 02:40:58 +03:00
req = _urllib . request . Request ( url = " https://api.github.com/repos/sqlmapproject/sqlmap/issues " , data = getBytes ( json . dumps ( data ) ) , headers = { HTTP_HEADER . AUTHORIZATION : " token %s " % decodeBase64 ( GITHUB_REPORT_OAUTH_TOKEN , binary = False ) , HTTP_HEADER . USER_AGENT : fetchRandomAgent ( ) } )
2014-10-27 02:37:46 +03:00
try :
2019-05-06 02:46:41 +03:00
content = getText ( _urllib . request . urlopen ( req ) . read ( ) )
2019-01-22 02:40:48 +03:00
except Exception as ex :
2014-10-27 02:37:46 +03:00
content = None
2019-05-03 00:51:54 +03:00
_excMsg = getSafeExString ( ex )
2014-10-27 02:37:46 +03:00
issueUrl = re . search ( r " https://github.com/sqlmapproject/sqlmap/issues/ \ d+ " , content or " " )
if issueUrl :
infoMsg = " created Github issue can been found at the address ' %s ' " % issueUrl . group ( 0 )
logger . info ( infoMsg )
2014-11-10 00:07:11 +03:00
try :
2019-07-04 12:07:25 +03:00
with openFile ( paths . GITHUB_HISTORY , " a+b " ) as f :
2014-11-10 00:07:11 +03:00
f . write ( " %s \n " % key )
except :
pass
2014-10-27 02:37:46 +03:00
else :
warnMsg = " something went wrong while creating a Github issue "
2019-05-03 00:51:54 +03:00
if _excMsg :
warnMsg + = " ( ' %s ' ) " % _excMsg
2015-01-26 11:09:38 +03:00
if " Unauthorized " in warnMsg :
warnMsg + = " . Please update to the latest revision "
2014-10-27 02:37:46 +03:00
logger . warn ( warnMsg )
2011-02-02 17:25:16 +03:00
def maskSensitiveData ( msg ) :
"""
Masks sensitive data in the supplied message
2017-11-02 16:31:16 +03:00
2019-05-02 13:39:16 +03:00
>> > maskSensitiveData ( ' python sqlmap.py -u " http://www.test.com/vuln.php?id=1 " --banner ' ) == ' python sqlmap.py -u *********************************** --banner '
True
2019-11-07 15:30:11 +03:00
>> > maskSensitiveData ( ' sqlmap.py -u test.com/index.go?id=index ' ) == ' sqlmap.py -u ************************** '
True
2011-02-02 17:25:16 +03:00
"""
2014-08-30 19:13:02 +04:00
retVal = getUnicode ( msg )
2011-02-02 17:25:16 +03:00
2019-03-29 04:28:16 +03:00
for item in filterNone ( conf . get ( _ ) for _ in SENSITIVE_OPTIONS ) :
2019-05-06 00:30:44 +03:00
if isListLike ( item ) :
item = listToStrValue ( item )
2017-10-31 13:38:09 +03:00
regex = SENSITIVE_DATA_REGEX % re . sub ( r " ( \ W) " , r " \\ \ 1 " , getUnicode ( item ) )
2011-02-02 17:35:21 +03:00
while extractRegexResult ( regex , retVal ) :
value = extractRegexResult ( regex , retVal )
2012-02-22 19:53:36 +04:00
retVal = retVal . replace ( value , ' * ' * len ( value ) )
2011-02-02 17:25:16 +03:00
2018-05-28 12:29:06 +03:00
# Just in case (for problematic parameters regarding user encoding)
2019-08-29 18:07:16 +03:00
for match in re . finditer ( r " (?i)[ -]-(u|url|data|cookie|auth- \ w+|proxy|host|referer|headers?|H)( |=)(.*?)(?= -?-[a-z]| \ Z) " , retVal ) :
2018-05-28 12:29:06 +03:00
retVal = retVal . replace ( match . group ( 3 ) , ' * ' * len ( match . group ( 3 ) ) )
2014-11-08 23:44:46 +03:00
2019-05-09 11:30:17 +03:00
# Fail-safe substitutions
2019-01-30 02:45:38 +03:00
retVal = re . sub ( r " (?i)(Command line:.+) \ b(https?://[^ ]+) " , lambda match : " %s %s " % ( match . group ( 1 ) , ' * ' * len ( match . group ( 2 ) ) ) , retVal )
2019-05-09 11:30:17 +03:00
retVal = re . sub ( r " (?i)( \ b \ w:[ \\ /]+Users[ \\ /]+|[ \\ /]+home[ \\ /]+)([^ \\ /]+) " , lambda match : " %s %s " % ( match . group ( 1 ) , ' * ' * len ( match . group ( 2 ) ) ) , retVal )
2018-10-27 15:14:21 +03:00
2014-11-02 12:55:38 +03:00
if getpass . getuser ( ) :
2017-10-31 12:27:58 +03:00
retVal = re . sub ( r " (?i) \ b %s \ b " % re . escape ( getpass . getuser ( ) ) , ' * ' * len ( getpass . getuser ( ) ) , retVal )
2014-11-02 12:55:38 +03:00
2011-02-02 17:25:16 +03:00
return retVal
2011-01-31 15:21:17 +03:00
def listToStrValue ( value ) :
"""
Flattens list to a string value
2011-04-10 02:39:03 +04:00
2011-01-31 15:21:17 +03:00
>> > listToStrValue ( [ 1 , 2 , 3 ] )
' 1, 2, 3 '
"""
2011-02-01 01:51:14 +03:00
2017-11-08 17:58:23 +03:00
if isinstance ( value , ( set , tuple , types . GeneratorType ) ) :
2011-02-01 01:51:14 +03:00
value = list ( value )
2011-01-31 15:21:17 +03:00
if isinstance ( value , list ) :
2011-02-01 14:10:23 +03:00
retVal = value . __str__ ( ) . lstrip ( ' [ ' ) . rstrip ( ' ] ' )
2011-01-31 15:21:17 +03:00
else :
2011-02-01 14:10:23 +03:00
retVal = value
2011-01-31 15:21:17 +03:00
2011-02-01 14:10:23 +03:00
return retVal
2011-02-01 14:06:56 +03:00
2018-12-10 15:10:01 +03:00
def intersect ( containerA , containerB , lowerCase = False ) :
2011-02-14 00:20:21 +03:00
"""
2018-12-10 15:10:01 +03:00
Returns intersection of the container - ized values
2013-01-30 13:38:11 +04:00
>> > intersect ( [ 1 , 2 , 3 ] , set ( [ 1 , 3 ] ) )
[ 1 , 3 ]
2011-02-14 00:20:21 +03:00
"""
2011-04-10 02:39:03 +04:00
2013-05-13 15:42:43 +04:00
retVal = [ ]
2011-02-14 00:20:21 +03:00
2018-12-10 15:10:01 +03:00
if containerA and containerB :
containerA = arrayizeValue ( containerA )
containerB = arrayizeValue ( containerB )
2011-08-29 17:47:32 +04:00
if lowerCase :
2019-03-28 15:53:54 +03:00
containerA = [ val . lower ( ) if hasattr ( val , " lower " ) else val for val in containerA ]
containerB = [ val . lower ( ) if hasattr ( val , " lower " ) else val for val in containerB ]
2011-08-29 17:47:32 +04:00
2018-12-10 15:10:01 +03:00
retVal = [ val for val in containerA if val in containerB ]
2011-02-14 00:20:21 +03:00
return retVal
2011-02-22 15:54:22 +03:00
2019-02-04 17:49:13 +03:00
def decodeStringEscape ( value ) :
"""
Decodes escaped string values ( e . g . " \\ t " - > " \t " )
"""
retVal = value
if value and ' \\ ' in value :
2019-04-15 14:15:21 +03:00
charset = " \\ %s " % string . whitespace . replace ( " " , " " )
for _ in charset :
retVal = retVal . replace ( repr ( _ ) . strip ( " ' " ) , _ )
2019-02-04 17:49:13 +03:00
2019-04-15 14:15:21 +03:00
return retVal
2019-02-04 17:49:13 +03:00
2019-04-15 14:15:21 +03:00
def encodeStringEscape ( value ) :
"""
Encodes escaped string values ( e . g . " \t " - > " \\ t " )
"""
retVal = value
if value :
charset = " \\ %s " % string . whitespace . replace ( " " , " " )
for _ in charset :
retVal = retVal . replace ( _ , repr ( _ ) . strip ( " ' " ) )
2019-02-04 17:49:13 +03:00
return retVal
2011-03-30 00:45:21 +04:00
def removeReflectiveValues ( content , payload , suppressWarning = False ) :
2011-02-25 12:22:44 +03:00
"""
2012-04-12 01:41:48 +04:00
Neutralizes reflective values in a given content based on a payload
2012-04-12 01:48:44 +04:00
( e . g . . . search . php ? q = 1 AND 1 = 2 - - > " ...searching for <b>1 % 20AND %201% 3D2</b>... " - - > " ...searching for <b>__REFLECTED_VALUE__</b>... " )
2011-02-25 12:22:44 +03:00
"""
2011-02-25 12:35:24 +03:00
retVal = content
2011-02-25 12:22:44 +03:00
2016-03-06 14:14:20 +03:00
try :
2019-04-19 12:24:34 +03:00
if all ( ( content , payload ) ) and isinstance ( content , six . text_type ) and kb . reflectiveMechanism and not kb . heuristicMode :
2016-03-06 14:14:20 +03:00
def _ ( value ) :
while 2 * REFLECTED_REPLACEMENT_REGEX in value :
value = value . replace ( 2 * REFLECTED_REPLACEMENT_REGEX , REFLECTED_REPLACEMENT_REGEX )
return value
2012-04-12 01:26:00 +04:00
2017-10-31 12:27:58 +03:00
payload = getUnicode ( urldecode ( payload . replace ( PAYLOAD_DELIMITER , " " ) , convall = True ) )
2019-04-15 14:15:21 +03:00
regex = _ ( filterStringValue ( payload , r " [A-Za-z0-9] " , encodeStringEscape ( REFLECTED_REPLACEMENT_REGEX ) ) )
2012-04-12 01:26:00 +04:00
2016-03-06 14:14:20 +03:00
if regex != payload :
2019-03-29 04:28:16 +03:00
if all ( part . lower ( ) in content . lower ( ) for part in filterNone ( regex . split ( REFLECTED_REPLACEMENT_REGEX ) ) [ 1 : ] ) : # fast optimization check
2016-03-06 14:14:20 +03:00
parts = regex . split ( REFLECTED_REPLACEMENT_REGEX )
2019-05-20 14:35:26 +03:00
# Note: naive approach
retVal = content . replace ( payload , REFLECTED_VALUE_MARKER )
2019-05-20 14:55:57 +03:00
retVal = retVal . replace ( re . sub ( r " \ A \ w+ " , " " , payload ) , REFLECTED_VALUE_MARKER )
2012-04-12 01:26:00 +04:00
2016-03-06 14:14:20 +03:00
if len ( parts ) > REFLECTED_MAX_REGEX_PARTS : # preventing CPU hogs
2019-01-22 04:29:52 +03:00
regex = _ ( " %s %s %s " % ( REFLECTED_REPLACEMENT_REGEX . join ( parts [ : REFLECTED_MAX_REGEX_PARTS / / 2 ] ) , REFLECTED_REPLACEMENT_REGEX , REFLECTED_REPLACEMENT_REGEX . join ( parts [ - REFLECTED_MAX_REGEX_PARTS / / 2 : ] ) ) )
2012-04-11 19:01:28 +04:00
2019-03-29 04:28:16 +03:00
parts = filterNone ( regex . split ( REFLECTED_REPLACEMENT_REGEX ) )
2012-04-12 01:26:00 +04:00
2016-03-06 14:14:20 +03:00
if regex . startswith ( REFLECTED_REPLACEMENT_REGEX ) :
regex = r " %s %s " % ( REFLECTED_BORDER_REGEX , regex [ len ( REFLECTED_REPLACEMENT_REGEX ) : ] )
else :
regex = r " \ b %s " % regex
2012-04-12 01:26:00 +04:00
2016-03-06 14:14:20 +03:00
if regex . endswith ( REFLECTED_REPLACEMENT_REGEX ) :
regex = r " %s %s " % ( regex [ : - len ( REFLECTED_REPLACEMENT_REGEX ) ] , REFLECTED_BORDER_REGEX )
else :
regex = r " %s \ b " % regex
2011-07-13 02:28:19 +04:00
2017-04-11 14:34:40 +03:00
_retVal = [ retVal ]
2018-06-10 00:38:00 +03:00
2017-04-11 14:34:40 +03:00
def _thread ( regex ) :
2017-04-19 14:35:36 +03:00
try :
_retVal [ 0 ] = re . sub ( r " (?i) %s " % regex , REFLECTED_VALUE_MARKER , _retVal [ 0 ] )
if len ( parts ) > 2 :
regex = REFLECTED_REPLACEMENT_REGEX . join ( parts [ 1 : ] )
_retVal [ 0 ] = re . sub ( r " (?i) \ b %s \ b " % regex , REFLECTED_VALUE_MARKER , _retVal [ 0 ] )
except KeyboardInterrupt :
raise
except :
pass
2017-04-11 14:34:40 +03:00
thread = threading . Thread ( target = _thread , args = ( regex , ) )
thread . daemon = True
thread . start ( )
thread . join ( REFLECTED_REPLACEMENT_TIMEOUT )
2020-02-28 16:44:27 +03:00
if thread . is_alive ( ) :
2017-04-11 14:34:40 +03:00
kb . reflectiveMechanism = False
retVal = content
if not suppressWarning :
debugMsg = " turning off reflection removal mechanism (because of timeouts) "
logger . debug ( debugMsg )
else :
retVal = _retVal [ 0 ]
2012-05-14 18:38:16 +04:00
2016-03-06 14:14:20 +03:00
if retVal != content :
kb . reflectiveCounters [ REFLECTIVE_COUNTER . HIT ] + = 1
2012-04-11 12:58:03 +04:00
if not suppressWarning :
2016-03-06 14:14:20 +03:00
warnMsg = " reflective value(s) found and filtering out "
singleTimeWarnMessage ( warnMsg )
2017-10-31 12:27:58 +03:00
if re . search ( r " (?i)FRAME[^>]+src=[^>]* %s " % REFLECTED_VALUE_MARKER , retVal ) :
2016-03-06 14:14:20 +03:00
warnMsg = " frames detected containing attacked parameter values. Please be sure to "
warnMsg + = " test those separately in case that attack on this page fails "
singleTimeWarnMessage ( warnMsg )
elif not kb . testMode and not kb . reflectiveCounters [ REFLECTIVE_COUNTER . HIT ] :
kb . reflectiveCounters [ REFLECTIVE_COUNTER . MISS ] + = 1
if kb . reflectiveCounters [ REFLECTIVE_COUNTER . MISS ] > REFLECTIVE_MISS_THRESHOLD :
kb . reflectiveMechanism = False
if not suppressWarning :
debugMsg = " turning off reflection removal mechanism (for optimization purposes) "
logger . debug ( debugMsg )
except MemoryError :
kb . reflectiveMechanism = False
if not suppressWarning :
debugMsg = " turning off reflection removal mechanism (because of low memory issues) "
logger . debug ( debugMsg )
2011-02-25 12:22:44 +03:00
return retVal
2011-03-24 23:04:20 +03:00
2019-05-16 13:41:26 +03:00
def normalizeUnicode ( value , charset = string . printable [ : string . printable . find ( ' ' ) + 1 ] ) :
2011-03-24 23:04:20 +03:00
"""
Does an ASCII normalization of unicode strings
2019-04-29 17:58:53 +03:00
# Reference: http://www.peterbe.com/plog/unicode-to-ascii
2013-03-13 22:42:22 +04:00
2019-05-30 23:40:51 +03:00
>> > normalizeUnicode ( u ' \\ u0161u \\ u0107uraj ' ) == u ' sucuraj '
2019-04-30 14:20:31 +03:00
True
2019-05-16 13:41:26 +03:00
>> > normalizeUnicode ( getUnicode ( decodeHex ( " 666f6f00626172 " ) ) ) == u ' foobar '
2019-05-16 13:35:45 +03:00
True
2011-03-24 23:04:20 +03:00
"""
2011-04-10 02:39:03 +04:00
2019-05-16 13:35:45 +03:00
retVal = value
if isinstance ( value , six . text_type ) :
retVal = unicodedata . normalize ( " NFKD " , value )
retVal = " " . join ( _ for _ in retVal if _ in charset )
return retVal
2011-03-30 01:54:15 +04:00
def safeSQLIdentificatorNaming ( name , isTable = False ) :
"""
2011-06-16 17:41:02 +04:00
Returns a safe representation of SQL identificator name ( internal data format )
2019-04-29 17:58:53 +03:00
# Reference: http://stackoverflow.com/questions/954884/what-special-characters-are-allowed-in-t-sql-column-retVal
2019-11-13 15:56:11 +03:00
>> > pushValue ( kb . forcedDbms )
>> > kb . forcedDbms = DBMS . MSSQL
>> > getText ( safeSQLIdentificatorNaming ( " begin " ) )
' [begin] '
>> > getText ( safeSQLIdentificatorNaming ( " foobar " ) )
' foobar '
>> > kb . forceDbms = popValue ( )
2011-03-30 01:54:15 +04:00
"""
2011-04-10 02:39:03 +04:00
2011-03-30 01:54:15 +04:00
retVal = name
2011-04-30 04:22:22 +04:00
2019-03-28 15:53:54 +03:00
if isinstance ( name , six . string_types ) :
2012-07-17 01:13:21 +04:00
retVal = getUnicode ( name )
_ = isTable and Backend . getIdentifiedDbms ( ) in ( DBMS . MSSQL , DBMS . SYBASE )
if _ :
2018-01-21 13:11:20 +03:00
retVal = re . sub ( r " (?i) \ A \ [? %s \ ]? \ . " % DEFAULT_MSSQL_SCHEMA , " %s . " % DEFAULT_MSSQL_SCHEMA , retVal )
2012-07-17 01:13:21 +04:00
2020-03-02 14:43:12 +03:00
# Note: SQL 92 has restrictions for identifiers starting with underscore (e.g. http://www.frontbase.com/documentation/FBUsers_4.pdf)
if retVal . upper ( ) in kb . keywords or ( not isTable and ( retVal or " " ) [ 0 ] == ' _ ' ) or ( retVal or " " ) [ 0 ] . isdigit ( ) or not re . match ( r " \ A[A-Za-z0-9_@ %s \ $]+ \ Z " % ( ' . ' if _ else " " ) , retVal ) : # MsSQL is the only DBMS where we automatically prepend schema to table name (dot is normal)
2020-06-29 21:29:46 +03:00
if not conf . noEscape :
retVal = unsafeSQLIdentificatorNaming ( retVal )
if Backend . getIdentifiedDbms ( ) in ( DBMS . MYSQL , DBMS . ACCESS , DBMS . CUBRID , DBMS . SQLITE ) : # Note: in SQLite double-quotes are treated as string if column/identifier is non-existent (e.g. SELECT "foobar" FROM users)
retVal = " ` %s ` " % retVal
2021-02-15 16:07:04 +03:00
elif Backend . getIdentifiedDbms ( ) in ( DBMS . PGSQL , DBMS . DB2 , DBMS . HSQLDB , DBMS . H2 , DBMS . INFORMIX , DBMS . MONETDB , DBMS . VERTICA , DBMS . MCKOI , DBMS . PRESTO , DBMS . CRATEDB , DBMS . CACHE , DBMS . EXTREMEDB , DBMS . FRONTBASE , DBMS . RAIMA , DBMS . VIRTUOSO ) :
2020-06-29 21:29:46 +03:00
retVal = " \" %s \" " % retVal
elif Backend . getIdentifiedDbms ( ) in ( DBMS . ORACLE , DBMS . ALTIBASE , DBMS . MIMERSQL ) :
retVal = " \" %s \" " % retVal . upper ( )
elif Backend . getIdentifiedDbms ( ) in ( DBMS . MSSQL , DBMS . SYBASE ) :
if isTable :
parts = retVal . split ( ' . ' , 1 )
for i in xrange ( len ( parts ) ) :
if parts [ i ] and ( re . search ( r " \ A \ d|[^ \ w] " , parts [ i ] , re . U ) or parts [ i ] . upper ( ) in kb . keywords ) :
parts [ i ] = " [ %s ] " % parts [ i ]
retVal = ' . ' . join ( parts )
else :
if re . search ( r " \ A \ d|[^ \ w] " , retVal , re . U ) or retVal . upper ( ) in kb . keywords :
retVal = " [ %s ] " % retVal
2012-07-17 01:13:21 +04:00
2012-11-27 13:08:22 +04:00
if _ and DEFAULT_MSSQL_SCHEMA not in retVal and ' . ' not in re . sub ( r " \ [[^]]+ \ ] " , " " , retVal ) :
2012-07-17 01:13:21 +04:00
retVal = " %s . %s " % ( DEFAULT_MSSQL_SCHEMA , retVal )
2011-03-30 01:54:15 +04:00
return retVal
def unsafeSQLIdentificatorNaming ( name ) :
"""
2012-03-14 02:03:23 +04:00
Extracts identificator ' s name from its safe SQL representation
2019-11-13 15:56:11 +03:00
>> > pushValue ( kb . forcedDbms )
>> > kb . forcedDbms = DBMS . MSSQL
>> > getText ( unsafeSQLIdentificatorNaming ( " [begin] " ) )
' begin '
>> > getText ( unsafeSQLIdentificatorNaming ( " foobar " ) )
' foobar '
>> > kb . forceDbms = popValue ( )
2011-03-30 01:54:15 +04:00
"""
2011-04-10 02:39:03 +04:00
2011-03-30 01:54:15 +04:00
retVal = name
2011-04-25 03:01:21 +04:00
2019-03-28 15:53:54 +03:00
if isinstance ( name , six . string_types ) :
2020-02-03 03:58:12 +03:00
if Backend . getIdentifiedDbms ( ) in ( DBMS . MYSQL , DBMS . ACCESS , DBMS . CUBRID , DBMS . SQLITE ) :
2011-03-30 01:54:15 +04:00
retVal = name . replace ( " ` " , " " )
2021-02-15 16:07:04 +03:00
elif Backend . getIdentifiedDbms ( ) in ( DBMS . PGSQL , DBMS . DB2 , DBMS . HSQLDB , DBMS . H2 , DBMS . INFORMIX , DBMS . MONETDB , DBMS . VERTICA , DBMS . MCKOI , DBMS . PRESTO , DBMS . CRATEDB , DBMS . CACHE , DBMS . EXTREMEDB , DBMS . FRONTBASE , DBMS . RAIMA , DBMS . VIRTUOSO ) :
2011-03-30 01:54:15 +04:00
retVal = name . replace ( " \" " , " " )
2020-01-31 13:33:31 +03:00
elif Backend . getIdentifiedDbms ( ) in ( DBMS . ORACLE , DBMS . ALTIBASE , DBMS . MIMERSQL ) :
2013-02-18 18:18:53 +04:00
retVal = name . replace ( " \" " , " " ) . upper ( )
2017-09-05 00:00:16 +03:00
elif Backend . getIdentifiedDbms ( ) in ( DBMS . MSSQL , DBMS . SYBASE ) :
2012-06-13 19:27:42 +04:00
retVal = name . replace ( " [ " , " " ) . replace ( " ] " , " " )
2011-03-30 01:54:15 +04:00
if Backend . getIdentifiedDbms ( ) in ( DBMS . MSSQL , DBMS . SYBASE ) :
2017-11-24 13:36:27 +03:00
retVal = re . sub ( r " (?i) \ A \ [? %s \ ]? \ . " % DEFAULT_MSSQL_SCHEMA , " " , retVal )
2011-04-25 03:01:21 +04:00
2011-03-30 01:54:15 +04:00
return retVal
2011-04-10 02:39:03 +04:00
2011-05-22 13:48:46 +04:00
def isNoneValue ( value ) :
"""
2012-02-29 18:19:59 +04:00
Returns whether the value is unusable ( None or ' ' )
2013-01-30 13:38:11 +04:00
>> > isNoneValue ( None )
True
>> > isNoneValue ( ' None ' )
True
>> > isNoneValue ( ' ' )
True
>> > isNoneValue ( [ ] )
True
>> > isNoneValue ( [ 2 ] )
False
2011-05-22 13:48:46 +04:00
"""
2019-03-28 15:53:54 +03:00
if isinstance ( value , six . string_types ) :
2012-02-29 17:56:40 +04:00
return value in ( " None " , " " )
2012-06-14 17:38:53 +04:00
elif isListLike ( value ) :
2012-02-29 18:19:59 +04:00
return all ( isNoneValue ( _ ) for _ in value )
2011-05-22 13:48:46 +04:00
elif isinstance ( value , dict ) :
2011-05-23 15:09:44 +04:00
return not any ( value )
2011-05-22 13:48:46 +04:00
else :
return value is None
2011-06-15 15:58:50 +04:00
2011-10-22 01:12:48 +04:00
def isNullValue ( value ) :
"""
Returns whether the value contains explicit ' NULL ' value
2013-01-30 13:38:11 +04:00
>> > isNullValue ( u ' NULL ' )
True
2013-03-13 22:42:22 +04:00
>> > isNullValue ( u ' foobar ' )
False
2011-10-22 01:12:48 +04:00
"""
2011-10-22 01:29:24 +04:00
2019-03-28 15:53:54 +03:00
return hasattr ( value , " upper " ) and value . upper ( ) == NULL
2011-10-22 01:12:48 +04:00
2011-06-15 15:58:50 +04:00
def expandMnemonics ( mnemonics , parser , args ) :
"""
2012-02-16 18:42:28 +04:00
Expands mnemonic options
2011-06-15 15:58:50 +04:00
"""
2012-12-06 13:42:53 +04:00
class MnemonicNode ( object ) :
2011-06-15 15:58:50 +04:00
def __init__ ( self ) :
self . next = { }
self . current = [ ]
head = MnemonicNode ( )
pointer = None
for group in parser . option_groups :
for option in group . option_list :
for opt in option . _long_opts + option . _short_opts :
pointer = head
2011-06-16 16:34:38 +04:00
2011-06-15 15:58:50 +04:00
for char in opt :
if char == " - " :
continue
elif char not in pointer . next :
pointer . next [ char ] = MnemonicNode ( )
2011-06-16 16:34:38 +04:00
2011-06-15 15:58:50 +04:00
pointer = pointer . next [ char ]
pointer . current . append ( option )
2015-07-07 10:24:16 +03:00
for mnemonic in ( mnemonics or " " ) . split ( ' , ' ) :
2011-06-15 15:58:50 +04:00
found = None
2017-10-31 12:27:58 +03:00
name = mnemonic . split ( ' = ' ) [ 0 ] . replace ( ' - ' , " " ) . strip ( )
2011-06-15 15:58:50 +04:00
value = mnemonic . split ( ' = ' ) [ 1 ] if len ( mnemonic . split ( ' = ' ) ) > 1 else None
pointer = head
2011-06-16 16:34:38 +04:00
2011-06-15 15:58:50 +04:00
for char in name :
if char in pointer . next :
pointer = pointer . next [ char ]
else :
pointer = None
2011-06-16 16:12:30 +04:00
break
2011-06-15 15:58:50 +04:00
if pointer in ( None , head ) :
errMsg = " mnemonic ' %s ' can ' t be resolved to any parameter name " % name
2013-01-04 02:20:55 +04:00
raise SqlmapSyntaxException ( errMsg )
2011-06-16 16:34:38 +04:00
2011-06-15 15:58:50 +04:00
elif len ( pointer . current ) > 1 :
options = { }
2011-06-16 16:34:38 +04:00
2011-06-15 15:58:50 +04:00
for option in pointer . current :
for opt in option . _long_opts + option . _short_opts :
2011-06-16 16:34:38 +04:00
opt = opt . strip ( ' - ' )
if opt . startswith ( name ) :
options [ opt ] = option
2015-01-08 11:22:47 +03:00
if not options :
warnMsg = " mnemonic ' %s ' can ' t be resolved " % name
logger . warn ( warnMsg )
elif name in options :
2011-06-15 15:58:50 +04:00
found = name
debugMsg = " mnemonic ' %s ' resolved to %s ). " % ( name , found )
logger . debug ( debugMsg )
else :
2019-05-30 23:40:51 +03:00
found = sorted ( options . keys ( ) , key = len ) [ 0 ]
2019-01-22 05:00:44 +03:00
warnMsg = " detected ambiguity (mnemonic ' %s ' can be resolved to any of: %s ). " % ( name , " , " . join ( " ' %s ' " % key for key in options ) )
2011-12-21 23:40:42 +04:00
warnMsg + = " Resolved to shortest of those ( ' %s ' ) " % found
2011-06-15 15:58:50 +04:00
logger . warn ( warnMsg )
2011-06-16 16:34:38 +04:00
2015-01-08 11:22:47 +03:00
if found :
found = options [ found ]
2011-06-15 15:58:50 +04:00
else :
found = pointer . current [ 0 ]
debugMsg = " mnemonic ' %s ' resolved to %s ). " % ( name , found )
logger . debug ( debugMsg )
if found :
2011-12-26 18:08:25 +04:00
try :
value = found . convert_value ( found , value )
except OptionValueError :
value = None
2011-06-16 16:34:38 +04:00
2011-06-15 15:58:50 +04:00
if value is not None :
setattr ( args , found . dest , value )
2012-02-23 19:32:36 +04:00
elif not found . type : # boolean
2011-06-15 15:58:50 +04:00
setattr ( args , found . dest , True )
2011-06-16 16:26:50 +04:00
else :
errMsg = " mnemonic ' %s ' requires value of type ' %s ' " % ( name , found . type )
2013-01-04 02:20:55 +04:00
raise SqlmapSyntaxException ( errMsg )
2011-07-03 02:48:56 +04:00
def safeCSValue ( value ) :
"""
2012-02-16 18:42:28 +04:00
Returns value safe for CSV dumping
2019-04-29 17:58:53 +03:00
# Reference: http://tools.ietf.org/html/rfc4180
2013-01-30 13:38:11 +04:00
2019-04-30 14:20:31 +03:00
>> > safeCSValue ( ' foo, bar ' )
' " foo, bar " '
>> > safeCSValue ( ' foobar ' )
' foobar '
2011-07-03 02:48:56 +04:00
"""
retVal = value
2019-03-28 15:53:54 +03:00
if retVal and isinstance ( retVal , six . string_types ) :
2011-07-03 02:48:56 +04:00
if not ( retVal [ 0 ] == retVal [ - 1 ] == ' " ' ) :
2013-01-30 13:43:46 +04:00
if any ( _ in retVal for _ in ( conf . get ( " csvDel " , defaults . csvDel ) , ' " ' , ' \n ' ) ) :
2011-07-03 02:48:56 +04:00
retVal = ' " %s " ' % retVal . replace ( ' " ' , ' " " ' )
return retVal
2011-08-09 18:20:25 +04:00
def filterPairValues ( values ) :
2012-02-16 18:42:28 +04:00
"""
Returns only list - like values with length 2
2013-01-30 13:38:11 +04:00
>> > filterPairValues ( [ [ 1 , 2 ] , [ 3 ] , 1 , [ 4 , 5 ] ] )
[ [ 1 , 2 ] , [ 4 , 5 ] ]
2012-02-16 18:42:28 +04:00
"""
2011-08-09 18:20:25 +04:00
retVal = [ ]
if not isNoneValue ( values ) and hasattr ( values , ' __iter__ ' ) :
2019-04-30 14:20:31 +03:00
retVal = [ value for value in values if isinstance ( value , ( tuple , list , set ) ) and len ( value ) == 2 ]
2011-08-09 18:20:25 +04:00
return retVal
2011-08-29 16:50:52 +04:00
def randomizeParameterValue ( value ) :
2011-10-22 01:29:24 +04:00
"""
2017-12-13 15:49:55 +03:00
Randomize a parameter value based on occurrences of alphanumeric characters
2013-03-13 22:42:22 +04:00
>> > random . seed ( 0 )
>> > randomizeParameterValue ( ' foobar ' )
2019-05-03 14:20:15 +03:00
' fupgpy '
2013-03-13 22:42:22 +04:00
>> > randomizeParameterValue ( ' 17 ' )
2019-05-03 14:20:15 +03:00
' 36 '
2011-10-22 01:29:24 +04:00
"""
2011-08-29 16:50:52 +04:00
retVal = value
2015-01-17 23:47:57 +03:00
value = re . sub ( r " % [0-9a-fA-F] {2} " , " " , value )
2017-10-31 13:38:09 +03:00
for match in re . finditer ( r " [A-Z]+ " , value ) :
2017-02-28 15:16:19 +03:00
while True :
original = match . group ( )
candidate = randomStr ( len ( match . group ( ) ) ) . upper ( )
if original != candidate :
break
retVal = retVal . replace ( original , candidate )
2011-08-29 16:50:52 +04:00
2017-10-31 13:38:09 +03:00
for match in re . finditer ( r " [a-z]+ " , value ) :
2017-02-28 15:16:19 +03:00
while True :
original = match . group ( )
candidate = randomStr ( len ( match . group ( ) ) ) . lower ( )
if original != candidate :
break
retVal = retVal . replace ( original , candidate )
2011-08-29 16:50:52 +04:00
2017-10-31 13:38:09 +03:00
for match in re . finditer ( r " [0-9]+ " , value ) :
2017-02-28 15:16:19 +03:00
while True :
original = match . group ( )
candidate = str ( randomInt ( len ( match . group ( ) ) ) )
if original != candidate :
break
retVal = retVal . replace ( original , candidate )
2011-08-29 16:50:52 +04:00
2019-02-28 04:23:14 +03:00
if re . match ( r " \ A[^@]+@.+ \ .[a-z]+ \ Z " , value ) :
parts = retVal . split ( ' . ' )
parts [ - 1 ] = random . sample ( RANDOMIZATION_TLDS , 1 ) [ 0 ]
retVal = ' . ' . join ( parts )
2019-02-28 04:29:13 +03:00
if not retVal :
retVal = randomStr ( lowercase = True )
2011-08-29 16:50:52 +04:00
return retVal
2011-10-23 21:02:48 +04:00
2016-09-09 12:06:38 +03:00
@cachedmethod
2011-10-29 12:32:24 +04:00
def asciifyUrl ( url , forceQuote = False ) :
2011-10-23 21:02:48 +04:00
"""
2017-12-13 15:22:42 +03:00
Attempts to make a unicode URL usable with ` ` urllib / urllib2 ` ` .
2011-10-23 21:02:48 +04:00
More specifically , it attempts to convert the unicode object ` ` url ` ` ,
which is meant to represent a IRI , to an unicode object that ,
containing only ASCII characters , is a valid URI . This involves :
* IDNA / Puny - encoding the domain name .
* UTF8 - quoting the path and querystring parts .
See also RFC 3987.
2019-04-29 17:58:53 +03:00
# Reference: http://blog.elsdoerfer.name/2008/12/12/opening-iris-in-python/
2013-03-13 22:42:22 +04:00
2019-05-03 16:33:32 +03:00
>> > asciifyUrl ( u ' http://www. \\ u0161u \\ u0107uraj.com ' )
' http://www.xn--uuraj-gxa24d.com '
2011-10-23 21:02:48 +04:00
"""
2019-03-27 04:55:44 +03:00
parts = _urllib . parse . urlsplit ( url )
2019-06-07 02:34:13 +03:00
if not all ( ( parts . scheme , parts . netloc , parts . hostname ) ) :
2011-10-23 21:02:48 +04:00
# apparently not an url
2019-05-03 17:36:21 +03:00
return getText ( url )
2011-10-23 21:02:48 +04:00
2011-12-22 02:09:21 +04:00
if all ( char in string . printable for char in url ) :
2019-05-03 17:36:21 +03:00
return getText ( url )
2011-12-22 02:09:21 +04:00
2019-11-22 17:20:45 +03:00
hostname = parts . hostname
if isinstance ( hostname , six . binary_type ) :
hostname = getUnicode ( hostname )
2011-10-23 21:02:48 +04:00
# idna-encode domain
2014-12-11 02:14:35 +03:00
try :
2019-11-22 17:20:45 +03:00
hostname = hostname . encode ( " idna " )
except :
hostname = hostname . encode ( " punycode " )
2011-10-23 21:02:48 +04:00
# UTF8-quote the other parts. We check each part individually if
# if needs to be quoted - that should catch some additional user
# errors, say for example an umlaut in the username even though
# the path *is* already quoted.
def quote ( s , safe ) :
s = s or ' '
# Triggers on non-ascii characters - another option would be:
2019-03-27 04:55:44 +03:00
# _urllib.parse.quote(s.replace('%', '')) != s.replace('%', '')
2011-10-23 21:02:48 +04:00
# which would trigger on all %-characters, e.g. "&".
2017-12-28 15:25:26 +03:00
if getUnicode ( s ) . encode ( " ascii " , " replace " ) != s or forceQuote :
2019-05-03 14:20:15 +03:00
s = _urllib . parse . quote ( getBytes ( s ) , safe = safe )
2011-10-23 21:02:48 +04:00
return s
username = quote ( parts . username , ' ' )
password = quote ( parts . password , safe = ' ' )
path = quote ( parts . path , safe = ' / ' )
2011-12-22 02:09:21 +04:00
query = quote ( parts . query , safe = " &= " )
2011-10-23 21:02:48 +04:00
# put everything back together
2019-05-03 14:20:15 +03:00
netloc = getText ( hostname )
2011-10-23 21:02:48 +04:00
if username or password :
netloc = ' @ ' + netloc
if password :
netloc = ' : ' + password + netloc
netloc = username + netloc
2012-07-06 19:18:22 +04:00
2015-08-23 22:09:20 +03:00
try :
port = parts . port
except :
port = None
if port :
netloc + = ' : ' + str ( port )
2011-10-23 21:02:48 +04:00
2019-05-03 17:36:21 +03:00
return getText ( _urllib . parse . urlunsplit ( [ parts . scheme , netloc , path , query , parts . fragment ] ) or url )
2011-10-29 12:32:24 +04:00
2012-10-25 00:59:46 +04:00
def isAdminFromPrivileges ( privileges ) :
"""
2016-11-11 12:21:57 +03:00
Inspects privileges to see if those are coming from an admin user
2012-10-25 00:59:46 +04:00
"""
2017-12-04 15:24:51 +03:00
privileges = privileges or [ ]
2012-10-25 00:59:46 +04:00
# In PostgreSQL the usesuper privilege means that the
# user is DBA
retVal = ( Backend . isDbms ( DBMS . PGSQL ) and " super " in privileges )
# In Oracle the DBA privilege means that the
# user is DBA
retVal | = ( Backend . isDbms ( DBMS . ORACLE ) and " DBA " in privileges )
# In MySQL >= 5.0 the SUPER privilege means
# that the user is DBA
retVal | = ( Backend . isDbms ( DBMS . MYSQL ) and kb . data . has_information_schema and " SUPER " in privileges )
# In MySQL < 5.0 the super_priv privilege means
# that the user is DBA
retVal | = ( Backend . isDbms ( DBMS . MYSQL ) and not kb . data . has_information_schema and " super_priv " in privileges )
# In Firebird there is no specific privilege that means
# that the user is DBA
2013-01-10 18:59:02 +04:00
retVal | = ( Backend . isDbms ( DBMS . FIREBIRD ) and all ( _ in privileges for _ in ( " SELECT " , " INSERT " , " UPDATE " , " DELETE " , " REFERENCES " , " EXECUTE " ) ) )
2012-10-25 00:59:46 +04:00
return retVal
2011-10-29 12:32:24 +04:00
def findPageForms ( content , url , raise_ = False , addToTargets = False ) :
2012-02-16 18:42:28 +04:00
"""
2019-05-03 17:36:21 +03:00
Parses given page content for possible forms ( Note : still not implemented for Python3 )
2018-03-20 12:31:31 +03:00
2019-05-06 17:38:18 +03:00
>> > findPageForms ( ' <html><form action= " /input.php " method= " POST " ><input type= " text " name= " id " value= " 1 " ><input type= " submit " value= " Submit " ></form></html> ' , ' http://www.site.com ' ) == set ( [ ( ' http://www.site.com/input.php ' , ' POST ' , ' id=1 ' , None , None ) ] )
True
2012-02-16 18:42:28 +04:00
"""
2019-06-01 14:42:57 +03:00
class _ ( six . StringIO , object ) :
2011-10-29 13:32:20 +04:00
def __init__ ( self , content , url ) :
2019-06-01 14:42:57 +03:00
super ( _ , self ) . __init__ ( content )
2011-10-29 12:32:24 +04:00
self . _url = url
2018-06-10 00:38:00 +03:00
2011-10-29 12:32:24 +04:00
def geturl ( self ) :
return self . _url
2011-10-29 14:31:52 +04:00
if not content :
2011-10-29 12:32:24 +04:00
errMsg = " can ' t parse forms as the page content appears to be blank "
2011-10-29 14:31:52 +04:00
if raise_ :
2013-01-04 02:20:55 +04:00
raise SqlmapGenericException ( errMsg )
2011-10-29 14:31:52 +04:00
else :
logger . debug ( errMsg )
2011-10-29 12:32:24 +04:00
2011-10-29 13:32:20 +04:00
forms = None
2011-10-29 12:32:24 +04:00
retVal = set ( )
2011-10-29 13:32:20 +04:00
response = _ ( content , url )
2012-03-28 17:31:07 +04:00
2011-10-29 12:32:24 +04:00
try :
forms = ParseResponse ( response , backwards_compat = False )
except ParseError :
2019-11-09 01:28:51 +03:00
if re . search ( r " (?i)<!DOCTYPE html|<html " , content or " " ) and not re . search ( r " (?i) \ .js( \ ?| \ Z) " , url ) :
2019-11-08 17:19:50 +03:00
dbgMsg = " badly formed HTML at the given URL ( ' %s ' ). Going to filter it " % url
logger . debug ( dbgMsg )
2014-12-10 14:13:37 +03:00
filtered = _ ( " " . join ( re . findall ( FORM_SEARCH_REGEX , content ) ) , url )
2017-12-04 15:24:51 +03:00
if filtered and filtered != content :
try :
forms = ParseResponse ( filtered , backwards_compat = False )
2021-01-18 14:04:47 +03:00
except :
2017-12-04 15:24:51 +03:00
errMsg = " no success "
if raise_ :
raise SqlmapGenericException ( errMsg )
else :
logger . debug ( errMsg )
2018-03-20 12:31:31 +03:00
except :
pass
2011-10-29 12:32:24 +04:00
2019-10-03 16:09:59 +03:00
for form in forms or [ ] :
try :
for control in form . controls :
if hasattr ( control , " items " ) and not any ( ( control . disabled , control . readonly ) ) :
# if control has selectable items select first non-disabled
for item in control . items :
if not item . disabled :
if not item . selected :
item . selected = True
break
2016-11-11 12:28:50 +03:00
2019-10-03 16:09:59 +03:00
if conf . crawlExclude and re . search ( conf . crawlExclude , form . action or " " ) :
dbgMsg = " skipping ' %s ' " % form . action
logger . debug ( dbgMsg )
continue
request = form . click ( )
except ( ValueError , TypeError ) as ex :
errMsg = " there has been a problem while "
errMsg + = " processing page forms ( ' %s ' ) " % getSafeExString ( ex )
if raise_ :
raise SqlmapGenericException ( errMsg )
2012-07-31 00:39:45 +04:00
else :
2019-10-03 16:09:59 +03:00
logger . debug ( errMsg )
else :
url = urldecode ( request . get_full_url ( ) , kb . pageEncoding )
method = request . get_method ( )
data = request . data
data = urldecode ( data , kb . pageEncoding , spaceplus = False )
2012-07-31 00:39:45 +04:00
2019-10-03 16:09:59 +03:00
if not data and method and method . upper ( ) == HTTPMETHOD . POST :
debugMsg = " invalid POST form with blank data detected "
logger . debug ( debugMsg )
continue
2012-02-16 18:42:28 +04:00
2019-10-03 16:09:59 +03:00
# flag to know if we are dealing with the same target host
_ = checkSameHost ( response . geturl ( ) , url )
2014-11-20 18:10:25 +03:00
2019-11-11 14:43:45 +03:00
if data :
data = data . lstrip ( " &= " ) . rstrip ( ' & ' )
2019-11-13 01:05:32 +03:00
if conf . scope and not re . search ( conf . scope , url , re . I ) :
continue
2019-11-13 12:55:02 +03:00
elif data and not re . sub ( r " ( %s )=[^&]*&? " % ' | ' . join ( IGNORE_PARAMETERS ) , " " , data ) :
2019-11-13 01:02:38 +03:00
continue
2019-10-03 16:09:59 +03:00
elif not _ :
continue
else :
target = ( url , method , data , conf . cookie , None )
retVal . add ( target )
2011-10-29 12:32:24 +04:00
2019-10-03 15:38:46 +03:00
for match in re . finditer ( r " \ .post \ ([ ' \" ]([^ ' \" ]*)[ ' \" ], \ s* \ { ([^}]*) \ } " , content ) :
url = _urllib . parse . urljoin ( url , htmlUnescape ( match . group ( 1 ) ) )
data = " "
for name , value in re . findall ( r " [ ' \" ]?( \ w+)[ ' \" ]? \ s*: \ s*([ ' \" ][^ ' \" ]+)? " , match . group ( 2 ) ) :
data + = " %s = %s %s " % ( name , value , DEFAULT_GET_POST_DELIMITER )
data = data . rstrip ( DEFAULT_GET_POST_DELIMITER )
retVal . add ( ( url , HTTPMETHOD . POST , data , conf . cookie , None ) )
2019-10-03 16:09:59 +03:00
for match in re . finditer ( r " (?s)( \ w+) \ .open \ ([ ' \" ]POST[ ' \" ], \ s*[ ' \" ]([^ ' \" ]+)[ ' \" ] \ ).*? \ 1 \ .send \ (([^)]+) \ ) " , content ) :
url = _urllib . parse . urljoin ( url , htmlUnescape ( match . group ( 2 ) ) )
data = match . group ( 3 )
data = re . sub ( r " \ s* \ + \ s*[^ \ s ' \" ]+|[^ \ s ' \" ]+ \ s* \ + \ s* " , " " , data )
data = data . strip ( " [ ' \" ] " )
retVal . add ( ( url , HTTPMETHOD . POST , data , conf . cookie , None ) )
2019-11-09 01:45:30 +03:00
if not retVal and not conf . crawlDepth :
2019-10-03 16:09:59 +03:00
errMsg = " there were no forms found at the given target URL "
if raise_ :
raise SqlmapGenericException ( errMsg )
else :
logger . debug ( errMsg )
2011-10-29 12:32:24 +04:00
if addToTargets and retVal :
for target in retVal :
2012-10-30 21:38:10 +04:00
kb . targets . add ( target )
2011-10-29 12:32:24 +04:00
2011-11-11 15:28:27 +04:00
return retVal
2016-12-20 11:53:44 +03:00
def checkSameHost ( * urls ) :
"""
Returns True if all provided urls share that same host
>> > checkSameHost ( ' http://www.target.com/page1.php?id=1 ' , ' http://www.target.com/images/page2.php ' )
True
>> > checkSameHost ( ' http://www.target.com/page1.php?id=1 ' , ' http://www.target2.com/images/page2.php ' )
False
"""
2016-12-20 11:56:44 +03:00
if not urls :
return None
elif len ( urls ) == 1 :
return True
else :
2018-12-16 04:56:31 +03:00
def _ ( value ) :
if value and not re . search ( r " \ A \ w+:// " , value ) :
value = " http:// %s " % value
return value
2019-03-27 04:55:44 +03:00
return all ( re . sub ( r " (?i) \ Awww \ . " , " " , _urllib . parse . urlparse ( _ ( url ) or " " ) . netloc . split ( ' : ' ) [ 0 ] ) == re . sub ( r " (?i) \ Awww \ . " , " " , _urllib . parse . urlparse ( _ ( urls [ 0 ] ) or " " ) . netloc . split ( ' : ' ) [ 0 ] ) for url in urls [ 1 : ] )
2016-12-20 11:53:44 +03:00
2011-11-11 15:28:27 +04:00
def getHostHeader ( url ) :
2012-02-16 18:42:28 +04:00
"""
Returns proper Host header value for a given target URL
2013-03-13 22:42:22 +04:00
>> > getHostHeader ( ' http://www.target.com/vuln.php?id=1 ' )
' www.target.com '
2012-02-16 18:42:28 +04:00
"""
2012-07-17 02:19:33 +04:00
retVal = url
2011-11-11 15:28:27 +04:00
2012-07-17 02:19:33 +04:00
if url :
2019-03-27 04:55:44 +03:00
retVal = _urllib . parse . urlparse ( url ) . netloc
2012-07-17 02:19:33 +04:00
2017-10-31 13:38:09 +03:00
if re . search ( r " http(s)?:// \ [.+ \ ] " , url , re . I ) :
2018-06-10 00:38:00 +03:00
retVal = extractRegexResult ( r " http(s)?:// \ [(?P<result>.+) \ ] " , url )
2012-07-17 02:19:33 +04:00
elif any ( retVal . endswith ( ' : %d ' % _ ) for _ in ( 80 , 443 ) ) :
retVal = retVal . split ( ' : ' ) [ 0 ]
2011-11-11 15:28:27 +04:00
2019-01-30 03:30:30 +03:00
if retVal and retVal . count ( ' : ' ) > 1 and not any ( _ in retVal for _ in ( ' [ ' , ' ] ' ) ) :
retVal = " [ %s ] " % retVal
2011-11-21 20:41:02 +04:00
return retVal
2019-06-06 14:08:56 +03:00
def checkOldOptions ( args ) :
2012-11-28 14:10:57 +04:00
"""
2019-06-06 14:08:56 +03:00
Checks for obsolete / deprecated options
2012-11-28 14:10:57 +04:00
"""
for _ in args :
2018-06-19 17:14:44 +03:00
_ = _ . split ( ' = ' ) [ 0 ] . strip ( )
2019-05-27 14:23:50 +03:00
if _ in OBSOLETE_OPTIONS :
errMsg = " switch/option ' %s ' is obsolete " % _
if OBSOLETE_OPTIONS [ _ ] :
errMsg + = " (hint: %s ) " % OBSOLETE_OPTIONS [ _ ]
2013-01-04 02:20:55 +04:00
raise SqlmapSyntaxException ( errMsg )
2019-06-06 14:08:56 +03:00
elif _ in DEPRECATED_OPTIONS :
warnMsg = " switch/option ' %s ' is deprecated " % _
if DEPRECATED_OPTIONS [ _ ] :
warnMsg + = " (hint: %s ) " % DEPRECATED_OPTIONS [ _ ]
logger . warn ( warnMsg )
2012-11-28 14:10:57 +04:00
2013-08-27 15:55:38 +04:00
def checkSystemEncoding ( ) :
"""
Checks for problematic encodings
"""
if sys . getdefaultencoding ( ) == " cp720 " :
try :
codecs . lookup ( " cp720 " )
except LookupError :
errMsg = " there is a known Python issue (#1616979) related "
errMsg + = " to support for charset ' cp720 ' . Please visit "
errMsg + = " ' http://blog.oneortheother.info/tip/python-fix-cp720-encoding/index.html ' "
errMsg + = " and follow the instructions to be able to fix it "
logger . critical ( errMsg )
warnMsg = " temporary switching to charset ' cp1256 ' "
logger . warn ( warnMsg )
2019-05-03 00:51:54 +03:00
_reload_module ( sys )
2013-08-27 15:55:38 +04:00
sys . setdefaultencoding ( " cp1256 " )
2012-02-16 18:42:28 +04:00
def evaluateCode ( code , variables = None ) :
"""
Executes given python code given in a string form
2018-09-07 12:23:47 +03:00
>> > _ = { } ; evaluateCode ( " a = 1; b = 2; c = a " , _ ) ; _ [ " c " ]
1
2012-02-16 18:42:28 +04:00
"""
2011-11-21 20:41:02 +04:00
try :
exec ( code , variables )
2012-08-21 16:34:19 +04:00
except KeyboardInterrupt :
raise
2019-01-22 02:40:48 +03:00
except Exception as ex :
2015-09-10 16:51:33 +03:00
errMsg = " an error occurred while evaluating provided code ( ' %s ' ) " % getSafeExString ( ex )
2013-01-04 02:20:55 +04:00
raise SqlmapGenericException ( errMsg )
2011-11-22 12:39:13 +04:00
def serializeObject ( object_ ) :
2012-02-16 18:42:28 +04:00
"""
Serializes given object
2016-12-20 11:53:44 +03:00
2020-09-09 17:15:23 +03:00
>> > type ( serializeObject ( [ 1 , 2 , 3 , ( ' a ' , ' b ' ) ] ) ) == str
2019-05-02 17:54:54 +03:00
True
2012-02-16 18:42:28 +04:00
"""
2012-03-08 14:57:47 +04:00
return base64pickle ( object_ )
2011-11-22 12:39:13 +04:00
def unserializeObject ( value ) :
2012-02-16 18:42:28 +04:00
"""
Unserializes object from given serialized form
2013-03-13 22:42:22 +04:00
>> > unserializeObject ( serializeObject ( [ 1 , 2 , 3 ] ) ) == [ 1 , 2 , 3 ]
True
2016-12-20 11:53:44 +03:00
>> > unserializeObject ( ' gAJVBmZvb2JhcnEBLg== ' )
' foobar '
2012-02-16 18:42:28 +04:00
"""
2012-07-01 03:19:54 +04:00
return base64unpickle ( value ) if value else None
2011-12-21 15:50:49 +04:00
2012-02-16 18:42:28 +04:00
def resetCounter ( technique ) :
"""
Resets query counter for a given technique
"""
kb . counters [ technique ] = 0
def incrementCounter ( technique ) :
"""
Increments query counter for a given technique
"""
kb . counters [ technique ] = getCounter ( technique ) + 1
2011-12-21 15:50:49 +04:00
2012-02-16 18:42:28 +04:00
def getCounter ( technique ) :
"""
Returns query counter for a given technique
2018-09-07 12:23:47 +03:00
>> > resetCounter ( PAYLOAD . TECHNIQUE . STACKED ) ; incrementCounter ( PAYLOAD . TECHNIQUE . STACKED ) ; getCounter ( PAYLOAD . TECHNIQUE . STACKED )
1
2012-02-16 18:42:28 +04:00
"""
2012-02-10 14:24:48 +04:00
2012-02-16 18:42:28 +04:00
return kb . counters . get ( technique , 0 )
2012-02-17 18:22:48 +04:00
2012-02-21 15:44:48 +04:00
def applyFunctionRecursively ( value , function ) :
2012-02-17 18:22:48 +04:00
"""
2012-02-21 15:44:48 +04:00
Applies function recursively through list - like structures
2013-03-13 22:42:22 +04:00
>> > applyFunctionRecursively ( [ 1 , 2 , [ 3 , 4 , [ 19 ] ] , - 9 ] , lambda _ : _ > 0 )
[ True , True , [ True , True , [ True ] ] , False ]
2012-02-21 15:44:48 +04:00
"""
2012-06-14 17:38:53 +04:00
if isListLike ( value ) :
2012-02-21 15:44:48 +04:00
retVal = [ applyFunctionRecursively ( _ , function ) for _ in value ]
else :
retVal = function ( value )
return retVal
2019-05-03 14:20:15 +03:00
def decodeDbmsHexValue ( value , raw = False ) :
2012-02-21 15:44:48 +04:00
"""
Returns value decoded from DBMS specific hexadecimal representation
2013-03-13 22:42:22 +04:00
2019-05-03 14:20:15 +03:00
>> > decodeDbmsHexValue ( ' 3132332031 ' ) == u ' 123 1 '
2019-04-30 14:20:31 +03:00
True
2019-05-16 02:22:09 +03:00
>> > decodeDbmsHexValue ( ' 313233203 ' ) == u ' 123 ? '
True
2019-05-03 14:20:15 +03:00
>> > decodeDbmsHexValue ( [ ' 0x31 ' , ' 0x32 ' ] ) == [ u ' 1 ' , u ' 2 ' ]
2019-04-30 14:20:31 +03:00
True
2019-05-16 02:41:26 +03:00
>> > decodeDbmsHexValue ( ' 5.1.41 ' ) == u ' 5.1.41 '
True
2012-02-17 18:22:48 +04:00
"""
2012-04-02 16:58:10 +04:00
retVal = value
2012-02-21 15:44:48 +04:00
def _ ( value ) :
2012-12-21 13:51:35 +04:00
retVal = value
2019-03-28 15:53:54 +03:00
if value and isinstance ( value , six . string_types ) :
2019-06-27 18:28:43 +03:00
value = value . strip ( )
2015-12-03 04:00:16 +03:00
if len ( value ) % 2 != 0 :
2019-05-16 02:41:26 +03:00
retVal = ( decodeHex ( value [ : - 1 ] ) + b ' ? ' ) if len ( value ) > 1 else value
2015-12-03 04:00:16 +03:00
singleTimeWarnMessage ( " there was a problem decoding value ' %s ' from expected hexadecimal form " % value )
else :
2019-05-03 14:20:15 +03:00
retVal = decodeHex ( value )
2012-12-19 04:30:22 +04:00
2019-10-09 20:06:47 +03:00
if not raw :
if not kb . binaryField :
if Backend . isDbms ( DBMS . MSSQL ) and value . startswith ( " 0x " ) :
try :
retVal = retVal . decode ( " utf-16-le " )
except UnicodeDecodeError :
pass
2019-05-16 02:22:09 +03:00
2019-10-09 20:06:47 +03:00
elif Backend . getIdentifiedDbms ( ) in ( DBMS . HSQLDB , DBMS . H2 ) :
try :
retVal = retVal . decode ( " utf-16-be " )
except UnicodeDecodeError :
pass
2019-05-16 02:22:09 +03:00
2019-04-19 12:24:34 +03:00
if not isinstance ( retVal , six . text_type ) :
retVal = getUnicode ( retVal , conf . encoding or UNICODE_ENCODING )
2012-12-19 04:30:22 +04:00
2012-12-21 13:51:35 +04:00
return retVal
2012-02-17 18:22:48 +04:00
2012-04-02 16:58:10 +04:00
try :
retVal = applyFunctionRecursively ( value , _ )
2013-01-10 18:54:28 +04:00
except :
2012-04-02 16:58:10 +04:00
singleTimeWarnMessage ( " there was a problem decoding value ' %s ' from expected hexadecimal form " % value )
return retVal
2012-02-21 15:44:48 +04:00
def extractExpectedValue ( value , expected ) :
"""
Extracts and returns expected value by a given type
2013-03-13 22:42:22 +04:00
>> > extractExpectedValue ( [ ' 1 ' ] , EXPECTED . BOOL )
True
>> > extractExpectedValue ( ' 1 ' , EXPECTED . INT )
1
2020-02-17 13:50:37 +03:00
>> > extractExpectedValue ( ' 7 \\ xb9645 ' , EXPECTED . INT ) is None
True
2012-02-21 15:44:48 +04:00
"""
if expected :
value = unArrayizeValue ( value )
if isNoneValue ( value ) :
value = None
elif expected == EXPECTED . BOOL :
if isinstance ( value , int ) :
value = bool ( value )
2019-03-28 15:53:54 +03:00
elif isinstance ( value , six . string_types ) :
2012-02-21 15:44:48 +04:00
value = value . strip ( ) . lower ( )
if value in ( " true " , " false " ) :
value = value == " true "
2018-07-27 01:30:30 +03:00
elif value in ( ' t ' , ' f ' ) :
value = value == ' t '
2012-02-21 15:44:48 +04:00
elif value in ( " 1 " , " -1 " ) :
value = True
2018-07-27 01:30:30 +03:00
elif value == ' 0 ' :
2012-02-21 15:44:48 +04:00
value = False
else :
value = None
elif expected == EXPECTED . INT :
2020-02-17 13:50:37 +03:00
try :
value = int ( value )
except :
value = None
2012-02-17 18:22:48 +04:00
return value
2012-02-24 14:48:19 +04:00
2012-02-24 17:07:20 +04:00
def hashDBWrite ( key , value , serialize = False ) :
"""
Helper function for writing session data to HashDB
"""
2018-12-17 19:38:47 +03:00
if conf . hashDB :
2019-03-28 15:53:54 +03:00
_ = ' | ' . join ( ( str ( _ ) if not isinstance ( _ , six . string_types ) else _ ) for _ in ( conf . hostname , conf . path . strip ( ' / ' ) if conf . path is not None else conf . port , key , HASHDB_MILESTONE_VALUE ) )
2018-12-17 19:38:47 +03:00
conf . hashDB . write ( _ , value , serialize )
2012-02-24 17:07:20 +04:00
2012-02-24 18:54:10 +04:00
def hashDBRetrieve ( key , unserialize = False , checkConf = False ) :
2012-02-24 17:07:20 +04:00
"""
Helper function for restoring session data from HashDB
"""
2018-12-17 19:38:47 +03:00
retVal = None
if conf . hashDB :
2019-03-28 15:53:54 +03:00
_ = ' | ' . join ( ( str ( _ ) if not isinstance ( _ , six . string_types ) else _ ) for _ in ( conf . hostname , conf . path . strip ( ' / ' ) if conf . path is not None else conf . port , key , HASHDB_MILESTONE_VALUE ) )
2018-12-17 19:38:47 +03:00
retVal = conf . hashDB . retrieve ( _ , unserialize ) if kb . resumeValues and not ( checkConf and any ( ( conf . flushSession , conf . freshQueries ) ) ) else None
2017-10-31 12:27:58 +03:00
2019-03-28 15:53:54 +03:00
if not kb . inferenceMode and not kb . fileReadMode and isinstance ( retVal , six . string_types ) and any ( _ in retVal for _ in ( PARTIAL_VALUE_MARKER , PARTIAL_HEX_VALUE_MARKER ) ) :
2018-12-17 19:38:47 +03:00
retVal = None
2017-10-31 12:27:58 +03:00
2013-02-04 19:46:08 +04:00
return retVal
2012-03-08 14:19:34 +04:00
def resetCookieJar ( cookieJar ) :
2012-07-01 03:19:54 +04:00
"""
Cleans cookies from a given cookie jar
"""
2012-07-24 17:34:50 +04:00
if not conf . loadCookies :
2012-03-08 14:19:34 +04:00
cookieJar . clear ( )
else :
try :
2013-02-12 15:58:15 +04:00
if not cookieJar . filename :
2013-02-12 17:29:56 +04:00
infoMsg = " loading cookies from ' %s ' " % conf . loadCookies
logger . info ( infoMsg )
2013-02-12 15:58:15 +04:00
content = readCachedFileContent ( conf . loadCookies )
2019-03-29 04:28:16 +03:00
lines = filterNone ( line . strip ( ) for line in content . split ( " \n " ) if not line . startswith ( ' # ' ) )
2016-05-31 14:02:26 +03:00
handle , filename = tempfile . mkstemp ( prefix = MKSTEMP_PREFIX . COOKIE_JAR )
2013-02-12 15:58:15 +04:00
os . close ( handle )
2013-02-12 17:29:56 +04:00
2013-04-14 03:13:08 +04:00
# Reference: http://www.hashbangcode.com/blog/netscape-http-cooke-file-parser-php-584.html
2015-10-31 12:16:44 +03:00
with openFile ( filename , " w+b " ) as f :
2013-02-12 15:58:15 +04:00
f . write ( " %s \n " % NETSCAPE_FORMAT_HEADER_COOKIES )
for line in lines :
2015-08-06 14:07:16 +03:00
_ = line . split ( " \t " )
2013-04-14 03:13:08 +04:00
if len ( _ ) == 7 :
2013-04-15 13:49:11 +04:00
_ [ 4 ] = FORCE_COOKIE_EXPIRATION_TIME
2013-04-14 03:13:08 +04:00
f . write ( " \n %s " % " \t " . join ( _ ) )
2013-02-12 17:29:56 +04:00
2013-02-12 15:58:15 +04:00
cookieJar . filename = filename
2013-02-12 17:29:56 +04:00
cookieJar . load ( cookieJar . filename , ignore_expires = True )
for cookie in cookieJar :
2020-12-07 14:00:10 +03:00
if getattr ( cookie , " expires " , MAX_INT ) < time . time ( ) :
2013-02-12 17:29:56 +04:00
warnMsg = " cookie ' %s ' has expired " % cookie
singleTimeWarnMessage ( warnMsg )
cookieJar . clear_expired_cookies ( )
2013-02-12 15:58:15 +04:00
if not cookieJar . _cookies :
2013-02-12 17:29:56 +04:00
errMsg = " no valid cookies found "
2013-02-12 15:58:15 +04:00
raise SqlmapGenericException ( errMsg )
2013-02-12 17:29:56 +04:00
2019-03-27 02:58:12 +03:00
except Exception as ex :
2012-03-08 14:19:34 +04:00
errMsg = " there was a problem loading "
2019-01-22 04:08:02 +03:00
errMsg + = " cookies file ( ' %s ' ) " % re . sub ( r " (cookies) file ' [^ ' ]+ ' " , r " \ g<1> " , getSafeExString ( ex ) )
2013-01-04 02:20:55 +04:00
raise SqlmapGenericException ( errMsg )
2012-04-12 01:26:00 +04:00
2013-01-08 13:23:02 +04:00
def decloakToTemp ( filename ) :
"""
Decloaks content of a given file to a temporary file with similar name and extension
2019-05-06 15:41:35 +03:00
>> > _ = decloakToTemp ( os . path . join ( paths . SQLMAP_SHELL_PATH , " stagers " , " stager.asp_ " ) )
>> > openFile ( _ , " rb " , encoding = None ) . read ( ) . startswith ( b ' < % ' )
True
2019-05-06 16:39:11 +03:00
>> > os . remove ( _ )
2020-08-31 12:55:14 +03:00
>> > _ = decloakToTemp ( os . path . join ( paths . SQLMAP_SHELL_PATH , " backdoors " , " backdoor.asp_ " ) )
>> > openFile ( _ , " rb " , encoding = None ) . read ( ) . startswith ( b ' < % ' )
True
>> > os . remove ( _ )
2020-08-31 23:06:22 +03:00
>> > _ = decloakToTemp ( os . path . join ( paths . SQLMAP_UDF_PATH , " postgresql " , " linux " , " 64 " , " 11 " , " lib_postgresqludf_sys.so_ " ) )
>> > b ' sys_eval ' in openFile ( _ , " rb " , encoding = None ) . read ( )
True
>> > os . remove ( _ )
2013-01-08 13:23:02 +04:00
"""
content = decloak ( filename )
2015-09-17 15:58:01 +03:00
2019-05-08 13:28:50 +03:00
parts = os . path . split ( filename [ : - 1 ] ) [ - 1 ] . split ( ' . ' )
prefix , suffix = parts [ 0 ] , ' . ' + parts [ - 1 ]
2013-01-08 13:23:02 +04:00
handle , filename = tempfile . mkstemp ( prefix = prefix , suffix = suffix )
os . close ( handle )
2015-09-17 15:58:01 +03:00
2019-05-06 15:41:35 +03:00
with openFile ( filename , " w+b " , encoding = None ) as f :
2013-01-08 13:23:02 +04:00
f . write ( content )
2015-09-17 15:58:01 +03:00
2013-01-08 13:23:02 +04:00
return filename
2012-05-04 02:34:18 +04:00
def prioritySortColumns ( columns ) :
2012-07-01 03:19:54 +04:00
"""
Sorts given column names by length in ascending order while those containing
string ' id ' go first
2013-03-13 22:42:22 +04:00
>> > prioritySortColumns ( [ ' password ' , ' userid ' , ' name ' ] )
[ ' userid ' , ' name ' , ' password ' ]
2012-07-01 03:19:54 +04:00
"""
2012-12-28 01:43:39 +04:00
2018-03-13 13:25:26 +03:00
def _ ( column ) :
2019-11-14 16:21:53 +03:00
return column and re . search ( r " ^id|id$ " , column , re . I ) is not None
2018-03-13 13:25:26 +03:00
2019-05-09 15:10:18 +03:00
return sorted ( sorted ( columns , key = len ) , key = functools . cmp_to_key ( lambda x , y : - 1 if _ ( x ) and not _ ( y ) else 1 if not _ ( x ) and _ ( y ) else 0 ) )
2012-08-31 14:15:09 +04:00
def getRequestHeader ( request , name ) :
"""
Solving an issue with an urllib2 Request header case sensitivity
2019-04-29 17:58:53 +03:00
# Reference: http://bugs.python.org/issue2275
2020-08-24 12:10:13 +03:00
>> > _ = lambda _ : _
>> > _ . headers = { " FOO " : " BAR " }
>> > _ . header_items = lambda : _ . headers . items ( )
>> > getText ( getRequestHeader ( _ , " foo " ) )
' BAR '
2012-08-31 14:15:09 +04:00
"""
retVal = None
2016-09-09 12:06:38 +03:00
2018-06-08 15:45:15 +03:00
if request and request . headers and name :
2016-09-09 12:06:38 +03:00
_ = name . upper ( )
2019-05-08 13:28:50 +03:00
retVal = max ( getBytes ( value if _ == key . upper ( ) else " " ) for key , value in request . header_items ( ) ) or None
2016-09-09 12:06:38 +03:00
2012-08-31 14:15:09 +04:00
return retVal
2012-10-04 20:01:42 +04:00
def isNumber ( value ) :
"""
Returns True if the given value is a number - like object
2013-03-13 22:42:22 +04:00
>> > isNumber ( 1 )
True
>> > isNumber ( ' 0 ' )
True
>> > isNumber ( ' foobar ' )
False
2012-10-04 20:01:42 +04:00
"""
try :
2012-12-06 14:15:05 +04:00
float ( value )
2012-10-04 20:01:42 +04:00
except :
return False
else :
return True
2013-01-09 20:04:23 +04:00
2013-01-21 14:50:47 +04:00
def zeroDepthSearch ( expression , value ) :
"""
2013-01-21 16:19:08 +04:00
Searches occurrences of value inside expression at 0 - depth level
2013-01-21 14:50:47 +04:00
regarding the parentheses
2018-09-07 12:23:47 +03:00
>> > _ = " SELECT (SELECT id FROM users WHERE 2>1) AS result FROM DUAL " ; _ [ zeroDepthSearch ( _ , " FROM " ) [ 0 ] : ]
' FROM DUAL '
2019-07-19 13:17:07 +03:00
>> > _ = " a(b; c),d;e " ; _ [ zeroDepthSearch ( _ , " [;, ] " ) [ 0 ] : ]
' ,d;e '
2013-01-21 14:50:47 +04:00
"""
2013-01-21 16:18:34 +04:00
2013-01-21 14:50:47 +04:00
retVal = [ ]
depth = 0
for index in xrange ( len ( expression ) ) :
if expression [ index ] == ' ( ' :
depth + = 1
elif expression [ index ] == ' ) ' :
depth - = 1
2019-07-19 13:17:07 +03:00
elif depth == 0 :
if value . startswith ( ' [ ' ) and value . endswith ( ' ] ' ) :
if re . search ( value , expression [ index : index + 1 ] ) :
retVal . append ( index )
elif expression [ index : index + len ( value ) ] == value :
retVal . append ( index )
2013-01-21 14:50:47 +04:00
return retVal
2013-01-22 18:51:06 +04:00
def splitFields ( fields , delimiter = ' , ' ) :
"""
2013-03-13 22:42:22 +04:00
Returns list of ( 0 - depth ) fields splitted by delimiter
>> > splitFields ( ' foo, bar, max(foo, bar) ' )
[ ' foo ' , ' bar ' , ' max(foo,bar) ' ]
2013-01-22 18:51:06 +04:00
"""
fields = fields . replace ( " %s " % delimiter , delimiter )
commas = [ - 1 , len ( fields ) ]
commas . extend ( zeroDepthSearch ( fields , ' , ' ) )
commas = sorted ( commas )
2019-05-03 00:51:54 +03:00
return [ fields [ x + 1 : y ] for ( x , y ) in _zip ( commas , commas [ 1 : ] ) ]
2013-01-22 18:51:06 +04:00
2013-01-09 20:04:23 +04:00
def pollProcess ( process , suppress_errors = False ) :
2014-02-02 01:12:00 +04:00
"""
Checks for process status ( prints . if still running )
"""
2018-09-07 12:23:47 +03:00
while process :
2013-01-09 20:04:23 +04:00
dataToStdout ( " . " )
time . sleep ( 1 )
returncode = process . poll ( )
if returncode is not None :
if not suppress_errors :
if returncode == 0 :
dataToStdout ( " done \n " )
elif returncode < 0 :
dataToStdout ( " process terminated by signal %d \n " % returncode )
elif returncode > 0 :
dataToStdout ( " quit unexpectedly with return code %d \n " % returncode )
break
2015-09-10 16:51:33 +03:00
2018-06-20 01:08:55 +03:00
def parseRequestFile ( reqFile , checkParams = True ) :
2018-06-19 17:08:38 +03:00
"""
Parses WebScarab and Burp logs and adds results to the target URL list
2020-08-24 12:10:13 +03:00
>> > handle , reqFile = tempfile . mkstemp ( suffix = " .req " )
>> > content = b " POST / HTTP/1.0 \\ nUser-agent: foobar \\ nHost: www.example.com \\ n \\ nid=1 \\ n "
>> > _ = os . write ( handle , content )
>> > os . close ( handle )
>> > next ( parseRequestFile ( reqFile ) ) == ( ' http://www.example.com:80/ ' , ' POST ' , ' id=1 ' , None , ( ( ' User-agent ' , ' foobar ' ) , ( ' Host ' , ' www.example.com ' ) ) )
True
2018-06-19 17:08:38 +03:00
"""
def _parseWebScarabLog ( content ) :
"""
Parses WebScarab logs ( POST method not supported )
"""
reqResList = content . split ( WEBSCARAB_SPLITTER )
for request in reqResList :
url = extractRegexResult ( r " URL: (?P<result>.+?) \ n " , request , re . I )
method = extractRegexResult ( r " METHOD: (?P<result>.+?) \ n " , request , re . I )
cookie = extractRegexResult ( r " COOKIE: (?P<result>.+?) \ n " , request , re . I )
if not method or not url :
logger . debug ( " not a valid WebScarab log data " )
continue
if method . upper ( ) == HTTPMETHOD . POST :
warnMsg = " POST requests from WebScarab logs aren ' t supported "
warnMsg + = " as their body content is stored in separate files. "
warnMsg + = " Nevertheless you can use -r to load them individually. "
logger . warning ( warnMsg )
continue
if not ( conf . scope and not re . search ( conf . scope , url , re . I ) ) :
2018-06-19 17:39:10 +03:00
yield ( url , method , None , cookie , tuple ( ) )
2018-06-19 17:08:38 +03:00
def _parseBurpLog ( content ) :
"""
Parses Burp logs
"""
if not re . search ( BURP_REQUEST_REGEX , content , re . I | re . S ) :
if re . search ( BURP_XML_HISTORY_REGEX , content , re . I | re . S ) :
reqResList = [ ]
for match in re . finditer ( BURP_XML_HISTORY_REGEX , content , re . I | re . S ) :
port , request = match . groups ( )
try :
2019-05-03 00:51:54 +03:00
request = decodeBase64 ( request , binary = False )
2019-10-14 10:54:00 +03:00
except ( binascii . Error , TypeError ) :
2018-06-19 17:08:38 +03:00
continue
_ = re . search ( r " %s :.+ " % re . escape ( HTTP_HEADER . HOST ) , request )
if _ :
host = _ . group ( 0 ) . strip ( )
if not re . search ( r " : \ d+ \ Z " , host ) :
request = request . replace ( host , " %s : %d " % ( host , int ( port ) ) )
reqResList . append ( request )
else :
reqResList = [ content ]
else :
reqResList = re . finditer ( BURP_REQUEST_REGEX , content , re . I | re . S )
for match in reqResList :
2019-03-28 15:53:54 +03:00
request = match if isinstance ( match , six . string_types ) else match . group ( 1 )
2018-06-19 17:08:38 +03:00
request = re . sub ( r " \ A[^ \ w]+ " , " " , request )
schemePort = re . search ( r " (http[ \ w]*) \ : \ / \ /.*? \ :([ \ d]+).+?= { 10,} " , request , re . I | re . S )
if schemePort :
scheme = schemePort . group ( 1 )
port = schemePort . group ( 2 )
request = re . sub ( r " \ n=+ \ Z " , " " , request . split ( schemePort . group ( 0 ) ) [ - 1 ] . lstrip ( ) )
else :
scheme , port = None , None
2019-07-31 21:00:51 +03:00
if " HTTP/ " not in request :
2018-06-19 17:08:38 +03:00
continue
2021-05-01 14:25:00 +03:00
if re . search ( r " ^[ \ n]* %s [^?]*? \ .( %s ) \ sHTTP \ / " % ( HTTPMETHOD . GET , " | " . join ( CRAWL_EXCLUDE_EXTENSIONS ) ) , request , re . I | re . M ) :
2021-02-16 16:27:02 +03:00
if not re . search ( r " ^[ \ n]* %s [^ \ n]* \ *[^ \ n]* \ sHTTP \ / " % HTTPMETHOD . GET , request , re . I | re . M ) :
continue
2018-06-19 17:08:38 +03:00
getPostReq = False
url = None
host = None
method = None
data = None
cookie = None
params = False
newline = None
lines = request . split ( ' \n ' )
headers = [ ]
for index in xrange ( len ( lines ) ) :
line = lines [ index ]
if not line . strip ( ) and index == len ( lines ) - 1 :
break
newline = " \r \n " if line . endswith ( ' \r ' ) else ' \n '
line = line . strip ( ' \r ' )
2019-07-31 21:00:51 +03:00
match = re . search ( r " \ A([A-Z]+) (.+) HTTP/[ \ d.]+ \ Z " , line ) if not method else None
2018-06-19 17:08:38 +03:00
if len ( line . strip ( ) ) == 0 and method and method != HTTPMETHOD . GET and data is None :
data = " "
params = True
elif match :
method = match . group ( 1 )
url = match . group ( 2 )
if any ( _ in line for _ in ( ' ? ' , ' = ' , kb . customInjectionMark ) ) :
params = True
getPostReq = True
# POST parameters
elif data is not None and params :
data + = " %s %s " % ( line , newline )
# GET parameters
elif " ? " in line and " = " in line and " : " not in line :
params = True
# Headers
elif re . search ( r " \ A \ S+: " , line ) :
key , value = line . split ( " : " , 1 )
value = value . strip ( ) . replace ( " \r " , " " ) . replace ( " \n " , " " )
2020-02-17 15:48:22 +03:00
# Note: overriding values with --headers '...'
match = re . search ( r " (?i) \ b( %s ): ([^ \ n]*) " % re . escape ( key ) , conf . headers or " " )
if match :
key , value = match . groups ( )
2018-06-19 17:08:38 +03:00
# Cookie and Host headers
if key . upper ( ) == HTTP_HEADER . COOKIE . upper ( ) :
cookie = value
elif key . upper ( ) == HTTP_HEADER . HOST . upper ( ) :
if ' :// ' in value :
scheme , value = value . split ( ' :// ' ) [ : 2 ]
splitValue = value . split ( " : " )
host = splitValue [ 0 ]
if len ( splitValue ) > 1 :
port = filterStringValue ( splitValue [ 1 ] , " [0-9] " )
# Avoid to add a static content length header to
# headers and consider the following lines as
# POSTed data
if key . upper ( ) == HTTP_HEADER . CONTENT_LENGTH . upper ( ) :
params = True
# Avoid proxy and connection type related headers
2020-09-11 15:32:25 +03:00
elif key not in ( HTTP_HEADER . PROXY_CONNECTION , HTTP_HEADER . CONNECTION , HTTP_HEADER . IF_MODIFIED_SINCE , HTTP_HEADER . IF_NONE_MATCH ) :
2018-06-19 17:08:38 +03:00
headers . append ( ( getUnicode ( key ) , getUnicode ( value ) ) )
if kb . customInjectionMark in re . sub ( PROBLEMATIC_CUSTOM_INJECTION_PATTERNS , " " , value or " " ) :
params = True
data = data . rstrip ( " \r \n " ) if data else data
2018-06-20 01:08:55 +03:00
if getPostReq and ( params or cookie or not checkParams ) :
2019-03-28 15:53:54 +03:00
if not port and hasattr ( scheme , " lower " ) and scheme . lower ( ) == " https " :
2018-06-19 17:08:38 +03:00
port = " 443 "
elif not scheme and port == " 443 " :
scheme = " https "
if conf . forceSSL :
scheme = " https "
port = port or " 443 "
if not host :
errMsg = " invalid format of a request file "
raise SqlmapSyntaxException ( errMsg )
if not url . startswith ( " http " ) :
url = " %s :// %s : %s %s " % ( scheme or " http " , host , port or " 80 " , url )
scheme = None
port = None
if not ( conf . scope and not re . search ( conf . scope , url , re . I ) ) :
yield ( url , conf . method or method , data , cookie , tuple ( headers ) )
2019-03-15 17:36:13 +03:00
content = readCachedFileContent ( reqFile )
2018-06-19 17:08:38 +03:00
if conf . scope :
logger . info ( " using regular expression ' %s ' for filtering targets " % conf . scope )
for target in _parseBurpLog ( content ) :
yield target
for target in _parseWebScarabLog ( content ) :
yield target
2015-09-15 14:26:25 +03:00
def getSafeExString ( ex , encoding = None ) :
2015-09-10 16:51:33 +03:00
"""
Safe way how to get the proper exception represtation as a string
2017-07-05 15:07:21 +03:00
2019-04-30 14:20:31 +03:00
>> > getSafeExString ( SqlmapBaseException ( ' foobar ' ) ) == ' foobar '
True
2019-06-04 13:15:39 +03:00
>> > getSafeExString ( OSError ( 0 , ' foobar ' ) ) == ' OSError: foobar '
True
2015-09-10 16:51:33 +03:00
"""
2019-02-12 12:42:32 +03:00
retVal = None
2015-09-10 16:51:33 +03:00
if getattr ( ex , " message " , None ) :
retVal = ex . message
elif getattr ( ex , " msg " , None ) :
retVal = ex . msg
2019-06-04 13:15:39 +03:00
elif getattr ( ex , " args " , None ) :
for candidate in ex . args [ : : - 1 ] :
if isinstance ( candidate , six . string_types ) :
retVal = candidate
break
2019-02-12 12:42:32 +03:00
if retVal is None :
2019-01-22 04:08:02 +03:00
retVal = str ( ex )
2019-02-12 12:42:32 +03:00
elif not isinstance ( ex , SqlmapBaseException ) :
retVal = " %s : %s " % ( type ( ex ) . __name__ , retVal )
2015-09-10 16:51:33 +03:00
2017-06-24 00:46:25 +03:00
return getUnicode ( retVal or " " , encoding = encoding ) . strip ( )
2017-10-10 17:08:13 +03:00
def safeVariableNaming ( value ) :
2018-09-07 12:23:47 +03:00
"""
Returns escaped safe - representation of a given variable name that can be used in Python evaluated code
2019-05-02 17:54:54 +03:00
>> > safeVariableNaming ( " class.id " ) == " EVAL_636c6173732e6964 "
True
2018-09-07 12:23:47 +03:00
"""
2019-03-05 14:24:41 +03:00
if value in keyword . kwlist or re . search ( r " \ A[^a-zA-Z]|[^ \ w] " , value ) :
2019-05-02 17:54:54 +03:00
value = " %s %s " % ( EVALCODE_ENCODED_PREFIX , getUnicode ( binascii . hexlify ( getBytes ( value ) ) ) )
2019-03-05 14:24:41 +03:00
return value
2017-10-10 17:08:13 +03:00
def unsafeVariableNaming ( value ) :
2018-09-07 12:23:47 +03:00
"""
Returns unescaped safe - representation of a given variable name
2019-05-02 17:54:54 +03:00
>> > unsafeVariableNaming ( " EVAL_636c6173732e6964 " ) == " class.id "
True
2018-09-07 12:23:47 +03:00
"""
2019-03-05 14:24:41 +03:00
if value . startswith ( EVALCODE_ENCODED_PREFIX ) :
2019-05-03 14:20:15 +03:00
value = decodeHex ( value [ len ( EVALCODE_ENCODED_PREFIX ) : ] , binary = False )
2019-03-05 14:24:41 +03:00
return value
2018-07-27 01:53:14 +03:00
def firstNotNone ( * args ) :
2018-09-07 12:23:47 +03:00
"""
Returns first not - None value from a given list of arguments
>> > firstNotNone ( None , None , 1 , 2 , 3 )
1
"""
2018-07-27 01:53:14 +03:00
retVal = None
for _ in args :
if _ is not None :
retVal = _
break
return retVal
2019-03-19 15:26:29 +03:00
2019-05-14 14:58:42 +03:00
def removePostHintPrefix ( value ) :
"""
Remove POST hint prefix from a given value ( name )
>> > removePostHintPrefix ( " JSON id " )
' id '
>> > removePostHintPrefix ( " id " )
' id '
"""
return re . sub ( r " \ A( %s ) " % ' | ' . join ( re . escape ( __ ) for __ in getPublicTypeMembers ( POST_HINT , onlyValues = True ) ) , " " , value )
2019-03-19 16:07:39 +03:00
def chunkSplitPostData ( data ) :
"""
Convert POST data to chunked transfer - encoded data ( Note : splitting done by SQL keywords )
2019-03-19 16:23:28 +03:00
>> > random . seed ( 0 )
>> > chunkSplitPostData ( " SELECT username,password FROM users " )
2019-05-03 14:20:15 +03:00
' 5;4Xe90 \\ r \\ nSELEC \\ r \\ n3;irWlc \\ r \\ nT u \\ r \\ n1;eT4zO \\ r \\ ns \\ r \\ n5;YB4hM \\ r \\ nernam \\ r \\ n9;2pUD8 \\ r \\ ne,passwor \\ r \\ n3;mp07y \\ r \\ nd F \\ r \\ n5;8RKXi \\ r \\ nROM u \\ r \\ n4;MvMhO \\ r \\ nsers \\ r \\ n0 \\ r \\ n \\ r \\ n '
2019-03-19 15:26:29 +03:00
"""
2019-03-19 16:07:39 +03:00
length = len ( data )
retVal = " "
index = 0
2019-03-19 15:26:29 +03:00
2019-03-19 16:07:39 +03:00
while index < length :
chunkSize = randomInt ( 1 )
2019-03-19 15:26:29 +03:00
2019-03-19 16:07:39 +03:00
if index + chunkSize > = length :
chunkSize = length - index
salt = randomStr ( 5 , alphabet = string . ascii_letters + string . digits )
while chunkSize :
candidate = data [ index : index + chunkSize ]
if re . search ( r " \ b %s \ b " % ' | ' . join ( HTTP_CHUNKED_SPLIT_KEYWORDS ) , candidate , re . I ) :
chunkSize - = 1
else :
2019-03-19 15:26:29 +03:00
break
2019-03-19 16:07:39 +03:00
index + = chunkSize
retVal + = " %x ; %s \r \n " % ( chunkSize , salt )
retVal + = " %s \r \n " % candidate
retVal + = " 0 \r \n \r \n "
return retVal