From 1b376c99a6992d5ecc529dc5a836f7106f6508ec Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 19 Oct 2010 23:00:19 +0000 Subject: [PATCH] removed temp dictionary and replaced with kb.misc --- lib/core/agent.py | 57 +++++++++++++++--------------- lib/core/common.py | 9 +++-- lib/core/data.py | 4 --- lib/request/inject.py | 9 +++-- lib/techniques/inband/union/use.py | 7 ++-- plugins/generic/enumeration.py | 6 +--- 6 files changed, 41 insertions(+), 51 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 8a3a3e7a8..d317ebeef 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -18,7 +18,7 @@ from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb from lib.core.data import queries -from lib.core.data import temp +from lib.core.datatype import advancedDict from lib.core.exception import sqlmapNoneDataException class Agent: @@ -27,9 +27,10 @@ class Agent: """ def __init__(self): - temp.delimiter = randomStr(6) - temp.start = randomStr(6) - temp.stop = randomStr(6) + kb.misc = advancedDict() + kb.misc.delimiter = randomStr(6) + kb.misc.start = randomStr(6) + kb.misc.stop = randomStr(6) def payloadDirect(self, query): if query.startswith(" AND "): @@ -265,7 +266,7 @@ class Agent: for field in fieldsSplitted: nulledCastedFields.append(self.nullAndCastField(field)) - delimiterStr = "%s'%s'%s" % (dbmsDelimiter, temp.delimiter, dbmsDelimiter) + delimiterStr = "%s'%s'%s" % (dbmsDelimiter, kb.misc.delimiter, dbmsDelimiter) nulledCastedConcatFields = delimiterStr.join([field for field in nulledCastedFields]) return nulledCastedConcatFields @@ -368,29 +369,29 @@ class Agent: if kb.dbms == "MySQL": if fieldsSelectCase: - concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % temp.start, 1) - concatenatedQuery += ",'%s')" % temp.stop + concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1) + concatenatedQuery += ",'%s')" % kb.misc.stop elif fieldsSelectFrom: - concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % temp.start, 1) - concatenatedQuery = concatenatedQuery.replace(" FROM ", ",'%s') FROM " % temp.stop, 1) + concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1) + concatenatedQuery = concatenatedQuery.replace(" FROM ", ",'%s') FROM " % kb.misc.stop, 1) elif fieldsSelect: - concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % temp.start, 1) - concatenatedQuery += ",'%s')" % temp.stop + concatenatedQuery = concatenatedQuery.replace("SELECT ", "CONCAT('%s'," % kb.misc.start, 1) + concatenatedQuery += ",'%s')" % kb.misc.stop elif fieldsNoSelect: - concatenatedQuery = "CONCAT('%s',%s,'%s')" % (temp.start, concatenatedQuery, temp.stop) + concatenatedQuery = "CONCAT('%s',%s,'%s')" % (kb.misc.start, concatenatedQuery, kb.misc.stop) elif kb.dbms in ( "PostgreSQL", "Oracle", "SQLite" ): if fieldsSelectCase: - concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % temp.start, 1) - concatenatedQuery += "||'%s'" % temp.stop + concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1) + concatenatedQuery += "||'%s'" % kb.misc.stop elif fieldsSelectFrom: - concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % temp.start, 1) - concatenatedQuery = concatenatedQuery.replace(" FROM ", "||'%s' FROM " % temp.stop, 1) + concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1) + concatenatedQuery = concatenatedQuery.replace(" FROM ", "||'%s' FROM " % kb.misc.stop, 1) elif fieldsSelect: - concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % temp.start, 1) - concatenatedQuery += "||'%s'" % temp.stop + concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'||" % kb.misc.start, 1) + concatenatedQuery += "||'%s'" % kb.misc.stop elif fieldsNoSelect: - concatenatedQuery = "'%s'||%s||'%s'" % (temp.start, concatenatedQuery, temp.stop) + concatenatedQuery = "'%s'||%s||'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop) if kb.dbms == "Oracle" and " FROM " not in concatenatedQuery and ( fieldsSelect or fieldsNoSelect ): concatenatedQuery += " FROM DUAL" @@ -398,19 +399,19 @@ class Agent: elif kb.dbms == "Microsoft SQL Server": if fieldsSelectTop: topNum = re.search("\ASELECT\s+TOP\s+([\d]+)\s+", concatenatedQuery, re.I).group(1) - concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, temp.start), 1) - concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % temp.stop, 1) + concatenatedQuery = concatenatedQuery.replace("SELECT TOP %s " % topNum, "TOP %s '%s'+" % (topNum, kb.misc.start), 1) + concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.misc.stop, 1) elif fieldsSelectCase: - concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % temp.start, 1) - concatenatedQuery += "+'%s'" % temp.stop + concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1) + concatenatedQuery += "+'%s'" % kb.misc.stop elif fieldsSelectFrom: - concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % temp.start, 1) - concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % temp.stop, 1) + concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1) + concatenatedQuery = concatenatedQuery.replace(" FROM ", "+'%s' FROM " % kb.misc.stop, 1) elif fieldsSelect: - concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % temp.start, 1) - concatenatedQuery += "+'%s'" % temp.stop + concatenatedQuery = concatenatedQuery.replace("SELECT ", "'%s'+" % kb.misc.start, 1) + concatenatedQuery += "+'%s'" % kb.misc.stop elif fieldsNoSelect: - concatenatedQuery = "'%s'+%s+'%s'" % (temp.start, concatenatedQuery, temp.stop) + concatenatedQuery = "'%s'+%s+'%s'" % (kb.misc.start, concatenatedQuery, kb.misc.stop) return concatenatedQuery diff --git a/lib/core/common.py b/lib/core/common.py index 14ac4087a..396a815ca 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -40,7 +40,6 @@ from lib.core.data import kb from lib.core.data import logger from lib.core.data import paths from lib.core.data import queries -from lib.core.data import temp from lib.core.convert import urlencode from lib.core.exception import sqlmapFilePathException from lib.core.exception import sqlmapGenericException @@ -585,7 +584,7 @@ def replaceNewlineTabs(inpStr, stdout=False): else: replacedString = inpStr.replace("\n", "__NEWLINE__").replace("\t", "__TAB__") - replacedString = replacedString.replace(temp.delimiter, "__DEL__") + replacedString = replacedString.replace(kb.misc.delimiter, "__DEL__") return replacedString @@ -860,12 +859,12 @@ def getRange(count, dump=False, plusOne=False): def parseUnionPage(output, expression, partial=False, condition=None, sort=True): data = [] - outCond1 = ( output.startswith(temp.start) and output.endswith(temp.stop) ) + outCond1 = ( output.startswith(kb.misc.start) and output.endswith(kb.misc.stop) ) outCond2 = ( output.startswith("__START__") and output.endswith("__STOP__") ) if outCond1 or outCond2: if outCond1: - regExpr = '%s(.*?)%s' % (temp.start, temp.stop) + regExpr = '%s(.*?)%s' % (kb.misc.start, kb.misc.stop) elif outCond2: regExpr = '__START__(.*?)__STOP__' @@ -890,7 +889,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True) if "__DEL__" in entry: entry = entry.split("__DEL__") else: - entry = entry.split(temp.delimiter) + entry = entry.split(kb.misc.delimiter) if len(entry) == 1: data.append(entry[0]) diff --git a/lib/core/data.py b/lib/core/data.py index 06fae7610..6d85c195f 100644 --- a/lib/core/data.py +++ b/lib/core/data.py @@ -20,10 +20,6 @@ conf = advancedDict() # object to share within function and classes results kb = advancedDict() -# object to share within function and classes temporary data, -# just for internal use -temp = advancedDict() - # object with each database management system specific queries queries = {} diff --git a/lib/request/inject.py b/lib/request/inject.py index 67f32c689..4d1dc2a4d 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -27,7 +27,6 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries -from lib.core.data import temp from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.request.direct import direct @@ -97,7 +96,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r parameter through a bisection algorithm. """ - query = agent.prefixQuery(" %s" % temp.inference) + query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].inference) query = agent.postfixQuery(query) payload = agent.payload(newValue=query) count = None @@ -336,7 +335,7 @@ def __goError(expression, resumeValue=True): Retrieve the output of a SQL query taking advantage of an error SQL injection vulnerability on the affected parameter. """ - query = agent.prefixQuery(" %s" % temp.error) + query = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error) query = agent.postfixQuery(query) payload = agent.payload(newValue=query) @@ -356,13 +355,13 @@ def __goError(expression, resumeValue=True): forgedPayload = safeStringFormat(payload, expressionUnescaped) result = Request.queryPage(urlencode(forgedPayload), content=True) - match = re.search(temp.errorRegex, result[0], re.DOTALL | re.IGNORECASE) + match = re.search(queries[kb.misc.testedDbms].errorRegex, result[0], re.DOTALL | re.IGNORECASE) if match: output = match.group('result') if output: output = output.replace("%c%c%c" % (58, 95, 58), " ").replace("%c%c%c" % (58, 120, 58), "") #':_:' -> EMPTY CHAR, ':x:' -> SPACE CHAR - if temp.error == queries['MySQL'].error: + if kb.misc.testedDbms == 'MySQL': output = output[:-1] infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True) diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index f6aaaaed5..bc49fd218 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -18,7 +18,6 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.data import queries -from lib.core.data import temp from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.techniques.inband.union.test import unionTest @@ -206,13 +205,13 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh resultPage, _ = Request.queryPage(payload, content=True) reqCount += 1 - if temp.start not in resultPage or temp.stop not in resultPage: + if kb.misc.start not in resultPage or kb.misc.stop not in resultPage: return # Parse the returned page to get the exact inband # sql injection output - startPosition = resultPage.index(temp.start) - endPosition = resultPage.rindex(temp.stop) + len(temp.stop) + startPosition = resultPage.index(kb.misc.start) + endPosition = resultPage.rindex(kb.misc.stop) + len(kb.misc.stop) value = getUnicode(resultPage[startPosition:endPosition]) duration = calculateDeltaSeconds(start) diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index e4ac725cd..e7b54be59 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -29,7 +29,6 @@ from lib.core.data import kb from lib.core.data import logger from lib.core.data import paths from lib.core.data import queries -from lib.core.data import temp from lib.core.exception import sqlmapMissingMandatoryOptionException from lib.core.exception import sqlmapNoneDataException from lib.core.exception import sqlmapUnsupportedFeatureException @@ -62,10 +61,7 @@ class Enumeration: kb.data.cachedTables = {} kb.data.cachedColumns = {} kb.data.dumpedTable = {} - - temp.inference = queries[dbms].inference - temp.error = queries[dbms].error - temp.errorRegex = queries[dbms].errorRegex + kb.misc.testedDbms = dbms def getBanner(self): if not conf.getBanner: