sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Major bug fix in multipartpost and minor adjustments elsewhere

Browse Source
This commit is contained in:
Bernardo Damele 2010-05-28 23:12:20 +00:00
parent 06af405efd
commit 10521b68eb
5 changed files with 30 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lib/contrib/multipartpost.py
View File

@ -74,32 +74,34 @@ class MultipartPostHandler(urllib2.BaseHandler):
request.add_data(data)
return request
def multipart_encode(vars, files, boundary = None, buffer = None):
def multipart_encode(vars, files, boundary = None, buf = None):
if boundary is None:
boundary = mimetools.choose_boundary()
if buffer is None:
buffer = ''
if buf is None:
buf = ''
for(key, value) in vars:
buffer += '--%s\r\n' % boundary
buffer += 'Content-Disposition: form-data; name="%s"' % key
buffer += '\r\n\r\n' + value + '\r\n'
for (key, value) in vars:
buf += '--%s\r\n' % boundary
buf += 'Content-Disposition: form-data; name="%s"' % key
buf += '\r\n\r\n' + value + '\r\n'
for(key, fd) in files:
for (key, fd) in files:
file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
filename = fd.name.split('/')[-1]
contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
buffer += '--%s\r\n' % boundary
buffer += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename)
buffer += 'Content-Type: %s\r\n' % contenttype
# buffer += 'Content-Length: %s\r\n' % file_size
buf += '--%s\r\n' % boundary
buf += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename)
buf += 'Content-Type: %s\r\n' % contenttype
# buf += 'Content-Length: %s\r\n' % file_size
fd.seek(0)
buffer += '\r\n' + fd.read() + '\r\n'
buffer += '--%s--\r\n\r\n' % boundary
buf = str(buf)
buf += '\r\n%s\r\n' % fd.read()
return boundary, buffer
buf += '--%s--\r\n\r\n' % boundary
return boundary, buf
multipart_encode = Callable(multipart_encode)

4
lib/core/common.py
View File

@ -377,9 +377,9 @@ def dataToOutFile(data):
if not data:
return "No data retrieved"
rFile = filePathToString(conf.rFile)
rFile = filePathToString(conf.rFile)
rFilePath = "%s%s%s" % (conf.filePath, os.sep, rFile)
rFileFP = codecs.open(rFilePath, "wb", conf.dataEncoding)
rFileFP = codecs.open(rFilePath, "wb", conf.dataEncoding)
rFileFP.write(data)
rFileFP.flush()

3
lib/parse/configfile.py
View File

@ -72,8 +72,9 @@ def configFileParser(configFile):
logger.debug(debugMsg)
checkFile(configFile)
configFP = codecs.open(configFile, "rb", conf.dataEncoding)
config = UnicodeRawConfigParser()
config.readfp(codecs.open(configFile, "rb", conf.dataEncoding))
config.readfp(configFP)
if not config.has_section("Target"):
raise NoSectionError, "Target in the configuration file is mandatory"

11
lib/takeover/web.py
View File

@ -22,6 +22,7 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
"""
import codecs
import os
import posixpath
import re
@ -82,13 +83,15 @@ class Web:
return output
def webFileUpload(self, fileToUpload, destFileName, directory):
inputFile = open(fileToUpload, "r")
retVal = self.__webFileStreamUpload(inputFile, destFileName, directory)
inputFile.close()
inputFP = codecs.open(fileToUpload, "rb")
retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
inputFP.close()
return retVal
def __webFileStreamUpload(self, stream, destFileName, directory):
stream.seek(0) #rewind
stream.seek(0) # Rewind
if self.webApi in ("php", "asp"):
multipartParams = {
"upload": "1",

3
sqlmap.py
View File

@ -32,7 +32,8 @@ import warnings
warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning)
sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout)
# NOTE: This breaks SQL shell and OS shell history and TAB functionalities
#sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout)
try:
import psyco