sqlmap/thirdparty/multipart/multipartpost.py

116 lines
4.4 KiB
Python
Raw Normal View History

2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2012-07-14 18:53:15 +04:00
"""
02/2006 Will Holcomb <wholcomb@gmail.com>
Reference: http://odin.himinbi.org/MultipartPostHandler.py
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
import io
2012-07-14 18:53:15 +04:00
import mimetypes
import os
2020-06-17 21:56:50 +03:00
import re
2012-07-14 18:53:15 +04:00
import stat
import sys
2019-03-27 18:36:32 +03:00
from lib.core.compat import choose_boundary
2019-05-03 14:20:15 +03:00
from lib.core.convert import getBytes
2019-05-03 16:33:32 +03:00
from lib.core.convert import getText
from lib.core.exception import SqlmapDataException
2019-04-30 12:21:44 +03:00
from thirdparty.six.moves import urllib as _urllib
2012-07-14 18:53:15 +04:00
# Controls how sequences are uncoded. If true, elements may be given
# multiple values by assigning a sequence.
doseq = 1
2019-04-30 12:21:44 +03:00
class MultipartPostHandler(_urllib.request.BaseHandler):
handler_order = _urllib.request.HTTPHandler.handler_order - 10 # needs to run first
2012-07-14 18:53:15 +04:00
def http_request(self, request):
2019-05-02 01:45:44 +03:00
data = request.data
2012-07-14 18:53:15 +04:00
2016-09-02 15:14:17 +03:00
if isinstance(data, dict):
2012-07-14 18:53:15 +04:00
v_files = []
v_vars = []
try:
for(key, value) in data.items():
2019-05-03 01:48:46 +03:00
if hasattr(value, "fileno") or hasattr(value, "file") or isinstance(value, io.IOBase):
2012-07-14 18:53:15 +04:00
v_files.append((key, value))
else:
v_vars.append((key, value))
except TypeError:
systype, value, traceback = sys.exc_info()
2019-01-22 04:47:06 +03:00
raise SqlmapDataException("not a valid non-string sequence or mapping object '%s'" % traceback)
2012-07-14 18:53:15 +04:00
if len(v_files) == 0:
2019-04-30 12:21:44 +03:00
data = _urllib.parse.urlencode(v_vars, doseq)
2012-07-14 18:53:15 +04:00
else:
boundary, data = self.multipart_encode(v_vars, v_files)
2016-09-02 15:14:17 +03:00
contenttype = "multipart/form-data; boundary=%s" % boundary
#if (request.has_header("Content-Type") and request.get_header("Content-Type").find("multipart/form-data") != 0):
# print "Replacing %s with %s" % (request.get_header("content-type"), "multipart/form-data")
request.add_unredirected_header("Content-Type", contenttype)
2012-07-14 18:53:15 +04:00
2019-05-02 01:45:44 +03:00
request.data = data
2020-06-17 21:56:50 +03:00
# NOTE: https://github.com/sqlmapproject/sqlmap/issues/4235
if request.data:
2020-12-18 14:01:49 +03:00
for match in re.finditer(b"(?i)\\s*-{20,}\\w+(\\s+Content-Disposition[^\\n]+\\s+|\\-\\-\\s*)", request.data):
2020-06-17 21:56:50 +03:00
part = match.group(0)
2020-06-17 22:58:10 +03:00
if b'\r' not in part:
request.data = request.data.replace(part, part.replace(b'\n', b"\r\n"))
2020-06-17 21:56:50 +03:00
2012-07-14 18:53:15 +04:00
return request
2019-05-03 16:33:32 +03:00
def multipart_encode(self, vars, files, boundary=None, buf=None):
2012-07-14 18:53:15 +04:00
if boundary is None:
2019-03-27 18:36:32 +03:00
boundary = choose_boundary()
2012-07-14 18:53:15 +04:00
if buf is None:
2019-05-03 16:33:32 +03:00
buf = b""
2012-07-14 18:53:15 +04:00
for (key, value) in vars:
2015-01-19 11:17:16 +03:00
if key is not None and value is not None:
2019-05-03 16:33:32 +03:00
buf += b"--%s\r\n" % getBytes(boundary)
buf += b"Content-Disposition: form-data; name=\"%s\"" % getBytes(key)
buf += b"\r\n\r\n" + getBytes(value) + b"\r\n"
2012-07-14 18:53:15 +04:00
for (key, fd) in files:
2019-05-03 16:33:32 +03:00
file_size = fd.len if hasattr(fd, "len") else os.fstat(fd.fileno())[stat.ST_SIZE]
2016-09-02 15:14:17 +03:00
filename = fd.name.split("/")[-1] if "/" in fd.name else fd.name.split("\\")[-1]
2014-12-06 23:40:52 +03:00
try:
2019-05-03 16:33:32 +03:00
contenttype = mimetypes.guess_type(filename)[0] or b"application/octet-stream"
2014-12-06 23:40:52 +03:00
except:
# Reference: http://bugs.python.org/issue9291
2019-05-03 16:33:32 +03:00
contenttype = b"application/octet-stream"
buf += b"--%s\r\n" % getBytes(boundary)
buf += b"Content-Disposition: form-data; name=\"%s\"; filename=\"%s\"\r\n" % (getBytes(key), getBytes(filename))
buf += b"Content-Type: %s\r\n" % getBytes(contenttype)
# buf += b"Content-Length: %s\r\n" % file_size
2012-07-14 18:53:15 +04:00
fd.seek(0)
2019-05-03 01:48:46 +03:00
buf += b"\r\n%s\r\n" % fd.read()
2012-07-14 18:53:15 +04:00
2019-05-03 16:33:32 +03:00
buf += b"--%s--\r\n\r\n" % getBytes(boundary)
buf = getBytes(buf)
2012-07-14 18:53:15 +04:00
return boundary, buf
https_request = http_request