mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 05:31:04 +03:00 
			
		
		
		
	Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
This commit is contained in:
		
							parent
							
								
									9eac2339ca
								
							
						
					
					
						commit
						0800d9e49b
					
				|  | @ -54,7 +54,6 @@ from lib.core.settings import UNKNOWN_DBMS_VERSION | |||
| from lib.core.settings import LOWER_RATIO_BOUND | ||||
| from lib.core.settings import UPPER_RATIO_BOUND | ||||
| from lib.core.threads import getCurrentThreadData | ||||
| from lib.core.unescaper import unescaper | ||||
| from lib.request.connect import Connect as Request | ||||
| from lib.request.templates import getPageTemplate | ||||
| from lib.techniques.inband.union.test import unionTest | ||||
|  | @ -200,7 +199,6 @@ def checkSqlInjection(place, parameter, value): | |||
|             # Parse test's <request> | ||||
|             comment = agent.getComment(test.request) | ||||
|             fstPayload = agent.cleanupPayload(test.request.payload, value) | ||||
|             fstPayload = unescaper.unescape(fstPayload, dbms=dbms) | ||||
| 
 | ||||
|             for boundary in conf.boundaries: | ||||
|                 injectable = False | ||||
|  | @ -275,7 +273,6 @@ def checkSqlInjection(place, parameter, value): | |||
|                     # test's ' <payload><comment> ' string | ||||
|                     boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause) | ||||
|                     boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where) | ||||
|                     boundPayload = agent.cleanupPayload(boundPayload, value) | ||||
|                     reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where) | ||||
| 
 | ||||
|                     # Perform the test's request and check whether or not the | ||||
|  | @ -287,7 +284,6 @@ def checkSqlInjection(place, parameter, value): | |||
|                         # In case of boolean-based blind SQL injection | ||||
|                         if method == PAYLOAD.METHOD.COMPARISON: | ||||
|                             sndPayload = agent.cleanupPayload(test.response.comparison, value) | ||||
|                             sndPayload = unescaper.unescape(sndPayload, dbms=dbms) | ||||
| 
 | ||||
|                             # Forge response payload by prepending with | ||||
|                             # boundary's prefix and appending the boundary's | ||||
|  | @ -295,7 +291,6 @@ def checkSqlInjection(place, parameter, value): | |||
|                             # string | ||||
|                             boundPayload = agent.prefixQuery(sndPayload, prefix, where, clause) | ||||
|                             boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where) | ||||
|                             boundPayload = agent.cleanupPayload(boundPayload, value) | ||||
|                             cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where) | ||||
| 
 | ||||
|                             # Useful to set kb.matchRatio at first based on | ||||
|  |  | |||
|  | @ -129,16 +129,17 @@ class Agent: | |||
| 
 | ||||
|         return payload | ||||
| 
 | ||||
|     def prefixQuery(self, string, prefix=None, where=None, clause=None): | ||||
|     def prefixQuery(self, expression, prefix=None, where=None, clause=None): | ||||
|         """ | ||||
|         This method defines how the input string has to be escaped | ||||
|         This method defines how the input expression has to be escaped | ||||
|         to perform the injection depending on the injection type | ||||
|         identified as valid | ||||
|         """ | ||||
| 
 | ||||
|         if conf.direct: | ||||
|             return self.payloadDirect(string) | ||||
|             return self.payloadDirect(expression) | ||||
| 
 | ||||
|         expression = unescaper.unescape(expression) | ||||
|         query = None | ||||
| 
 | ||||
|         if where is None and kb.technique and kb.technique in kb.injection.data: | ||||
|  | @ -162,25 +163,27 @@ class Agent: | |||
|         else: | ||||
|             query = kb.injection.prefix or prefix or "" | ||||
| 
 | ||||
|             if not (string and string[0] == ";"): | ||||
|             if not (expression and expression[0] == ";"): | ||||
|                 query += " " | ||||
| 
 | ||||
|         query = "%s%s" % (query, string) | ||||
|         query = "%s%s" % (query, expression) | ||||
|         query = self.cleanupPayload(query) | ||||
| 
 | ||||
|         return query | ||||
| 
 | ||||
|     def suffixQuery(self, string, comment=None, suffix=None, where=None): | ||||
|     def suffixQuery(self, expression, comment=None, suffix=None, where=None): | ||||
|         """ | ||||
|         This method appends the DBMS comment to the | ||||
|         SQL injection request | ||||
|         """ | ||||
| 
 | ||||
|         if conf.direct: | ||||
|             return self.payloadDirect(string) | ||||
|             return self.payloadDirect(expression) | ||||
| 
 | ||||
|         expression = unescaper.unescape(expression) | ||||
| 
 | ||||
|         if comment is not None: | ||||
|             string += comment | ||||
|             expression += comment | ||||
| 
 | ||||
|         if where is None and kb.technique and kb.technique in kb.injection.data: | ||||
|             where = kb.injection.data[kb.technique].where | ||||
|  | @ -191,13 +194,13 @@ class Agent: | |||
|             pass | ||||
| 
 | ||||
|         elif kb.injection.suffix is not None: | ||||
|             string += " %s" % kb.injection.suffix | ||||
|             expression += " %s" % kb.injection.suffix | ||||
|         elif suffix is not None: | ||||
|             string += " %s" % suffix | ||||
|             expression += " %s" % suffix | ||||
| 
 | ||||
|         string = self.cleanupPayload(string) | ||||
|         expression = self.cleanupPayload(expression) | ||||
| 
 | ||||
|         return string.rstrip() | ||||
|         return expression.rstrip() | ||||
| 
 | ||||
|     def cleanupPayload(self, payload, origvalue=None, query=None): | ||||
|         if payload is None: | ||||
|  | @ -241,8 +244,6 @@ class Agent: | |||
|                 errMsg += "knowledge of underlying DBMS" | ||||
|                 raise sqlmapNoneDataException, errMsg | ||||
| 
 | ||||
|         #payload = unescaper.unescape(payload) | ||||
| 
 | ||||
|         return payload | ||||
| 
 | ||||
|     def getComment(self, reqObj): | ||||
|  |  | |||
|  | @ -114,8 +114,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r | |||
| 
 | ||||
|     initTechnique(kb.technique) | ||||
| 
 | ||||
|     vector = agent.cleanupPayload(kb.injection.data[kb.technique].vector) | ||||
|     query = agent.prefixQuery(vector) | ||||
|     query = agent.prefixQuery(kb.injection.data[kb.technique].vector) | ||||
|     query = agent.suffixQuery(query) | ||||
|     payload = agent.payload(newValue=query) | ||||
|     count = None | ||||
|  | @ -329,7 +328,6 @@ def __goBooleanProxy(expression, resumeValue=True): | |||
| 
 | ||||
|     vector = kb.injection.data[kb.technique].vector | ||||
|     vector = vector.replace("[INFERENCE]", expression) | ||||
|     vector = agent.cleanupPayload(vector) | ||||
|     query = agent.prefixQuery(vector) | ||||
|     query = agent.suffixQuery(query) | ||||
|     payload = agent.payload(newValue=query) | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user