Major bug fix in multipartpost and minor adjustments elsewhere

lib/contrib/multipartpost.py

@@ -74,32 +74,34 @@ class MultipartPostHandler(urllib2.BaseHandler):
             request.add_data(data)
         return request
 
-    def multipart_encode(vars, files, boundary = None, buffer = None):
+    def multipart_encode(vars, files, boundary = None, buf = None):
         if boundary is None:
             boundary = mimetools.choose_boundary()
 
-        if buffer is None:
+        if buf is None:
-            buffer = ''
+            buf = ''
 
         for (key, value) in vars:
-            buffer += '--%s\r\n' % boundary
+            buf += '--%s\r\n' % boundary
-            buffer += 'Content-Disposition: form-data; name="%s"' % key
+            buf += 'Content-Disposition: form-data; name="%s"' % key
-            buffer += '\r\n\r\n' + value + '\r\n'
+            buf += '\r\n\r\n' + value + '\r\n'
 
         for (key, fd) in files:
             file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
             filename = fd.name.split('/')[-1]
             contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
-            buffer += '--%s\r\n' % boundary
+            buf += '--%s\r\n' % boundary
-            buffer += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename)
+            buf += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename)
-            buffer += 'Content-Type: %s\r\n' % contenttype
+            buf += 'Content-Type: %s\r\n' % contenttype
-            # buffer += 'Content-Length: %s\r\n' % file_size
+            # buf += 'Content-Length: %s\r\n' % file_size
             fd.seek(0)
-            buffer += '\r\n' + fd.read() + '\r\n'
 
-        buffer += '--%s--\r\n\r\n' % boundary
+            buf = str(buf)
+            buf += '\r\n%s\r\n' % fd.read()
 
-        return boundary, buffer
+        buf += '--%s--\r\n\r\n' % boundary
+
+        return boundary, buf
 
     multipart_encode = Callable(multipart_encode)
 

lib/parse/configfile.py

@@ -72,8 +72,9 @@ def configFileParser(configFile):
     logger.debug(debugMsg)
 
     checkFile(configFile)
+    configFP = codecs.open(configFile, "rb", conf.dataEncoding)
     config = UnicodeRawConfigParser()
-    config.readfp(codecs.open(configFile, "rb", conf.dataEncoding))
+    config.readfp(configFP)
 
     if not config.has_section("Target"):
         raise NoSectionError, "Target in the configuration file is mandatory"

lib/takeover/web.py

@@ -22,6 +22,7 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
+import codecs
 import os
 import posixpath
 import re
@@ -82,13 +83,15 @@ class Web:
         return output
 
     def webFileUpload(self, fileToUpload, destFileName, directory):
-        inputFile = open(fileToUpload, "r")
+        inputFP = codecs.open(fileToUpload, "rb")
-        retVal = self.__webFileStreamUpload(inputFile, destFileName, directory)
+        retVal = self.__webFileStreamUpload(inputFP, destFileName, directory)
-        inputFile.close()
+        inputFP.close()
+
         return retVal
 
     def __webFileStreamUpload(self, stream, destFileName, directory):
-        stream.seek(0) #rewind        
+        stream.seek(0) # Rewind
+
         if self.webApi in ("php", "asp"):
             multipartParams = {
                                 "upload":    "1",

sqlmap.py

@@ -32,7 +32,8 @@ import warnings
 
 warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning)
 
-sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout)
+# NOTE: This breaks SQL shell and OS shell history and TAB functionalities
+#sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.stdout)
 
 try:
     import psyco