changes regarding Data (GET/POST/Cookie) encoding (Bug #129)

2024-11-22 09:36:35 +03:00 · 2010-01-14 18:05:03 +00:00 · 2010-01-14 18:05:03 +00:00 · 26c7b74e65
commit 26c7b74e65
parent 1d968f51e9
8 changed files with 20 additions and 14 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -31,7 +31,6 @@ from lib.controller.checks import checkRegexp
 from lib.controller.checks import checkConnection
 from lib.core.common import paramToDict
 from lib.core.common import readInput
-from lib.core.common import sanitizeCookie
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -162,10 +161,9 @@ def start():
                        setCookieAsInjectable = False
    
                if setCookieAsInjectable:
-                    safeCookie = sanitizeCookie(cookieStr)
-                    conf.httpHeaders.append(("Cookie", safeCookie))
-                    conf.parameters["Cookie"] = safeCookie
-                    __paramDict = paramToDict("Cookie", safeCookie)
+                    conf.httpHeaders.append(("Cookie", cookieStr))
+                    conf.parameters["Cookie"] = cookieStr
+                    __paramDict = paramToDict("Cookie", cookieStr)
    
                    if __paramDict:
                        conf.paramDict["Cookie"] = __paramDict
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -26,6 +26,7 @@ import re

 from lib.core.common import randomInt
 from lib.core.common import randomStr
+from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import queries
@ -78,6 +79,11 @@ class Agent:
            retValue = paramString.replace("%s=%s" % (parameter, value),
                                           "%s=%s" % (parameter, newValue))
        
+        if conf.cookieUrlencode and (kb.injPlace == "Cookie" or place == "Cookie"):
+            name = retValue[:retValue.find('=')]
+            value = retValue[retValue.find('=') + 1:]
+            retValue = "%s=%s" % (name, urlencode(value, convall=True))
+            
        return retValue

    def fullPayload(self, query):
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -38,7 +38,6 @@ from lib.core.common import getFileType
 from lib.core.common import parseTargetUrl
 from lib.core.common import paths
 from lib.core.common import randomRange
-from lib.core.common import sanitizeCookie
 from lib.core.common import sanitizeStr
 from lib.core.data import conf
 from lib.core.data import kb
@ -847,8 +846,6 @@ def __setHTTPCookies():
        debugMsg = "setting the HTTP Cookie header"
        logger.debug(debugMsg)
        
-        conf.cookie = sanitizeCookie(conf.cookie, True)
-        
        conf.httpHeaders.append(("Connection", "Keep-Alive"))
        conf.httpHeaders.append(("Cookie", conf.cookie))

--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -61,7 +61,8 @@ optDict = {
                               "string":            "string",
                               "regexp":            "string",
                               "eString":           "string",
-                               "eRegexp":           "string"
+                               "eRegexp":           "string",
+                               "cookieUrlencode":   "boolean"
                             },

            "Techniques":    {
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -28,7 +28,6 @@ import time
 from lib.core.common import dataToSessionFile
 from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
-from lib.core.common import sanitizeCookie
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
@ -73,7 +72,6 @@ def __setRequestParams():

    # Perform checks on Cookie parameters
    if conf.cookie:
-        conf.cookie = sanitizeCookie(conf.cookie)
        conf.parameters["Cookie"] = conf.cookie
        __paramDict = paramToDict("Cookie", conf.cookie)

--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -164,6 +164,10 @@ def cmdLineParser():
                             help="Matches to be excluded before "
                                  "comparing page contents")

+        injection.add_option("--cookie-urlencode", dest="cookieUrlencode",
+                              action="store_true",
+                              help="URLEncode generated cookie injections")
+                                   
        # Techniques options
        techniques = OptionGroup(parser, "Techniques", "These options can "
                                 "be used to test for specific SQL injection "
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -31,7 +31,6 @@ import urlparse
 import traceback

 from lib.contrib import multipartpost
-from lib.core.common import sanitizeCookie
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
@ -121,7 +120,7 @@ class Connect:

        try:
            # Perform HTTP request
-            headers        = forgeHeaders(sanitizeCookie(cookie), ua)
+            headers        = forgeHeaders(cookie, ua)
            req            = urllib2.Request(url, post, headers)
            conn           = urllib2.urlopen(req)

--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -155,6 +155,9 @@ eString =
 # (http://www.python.org/doc/2.5.2/lib/re-syntax.html)
 eRegexp = 

+# URLEncode generated cookie injections.
+# Valid: True or False
+cookieUrlencode = False

 [Techniques]