sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Potential bug fix (escaping formatted regular expressions)

Browse Source
This commit is contained in:
Miroslav Stampar 2014-10-28 14:02:55 +01:00
parent 268e774087
commit 3b3b8d4ef2
6 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/core/common.py
View File

@ -1286,7 +1286,7 @@ def expandAsteriskForColumns(expression):
if expression != conf.query: if expression != conf.query:
conf.db = db conf.db = db
else: else:
expression = re.sub(r"([^\w])%s" % conf.tbl, "\g<1>%s.%s" % (conf.db, conf.tbl), expression) expression = re.sub(r"([^\w])%s" % re.escape(conf.tbl), "\g<1>%s.%s" % (conf.db, conf.tbl), expression)
else: else:
conf.db = db conf.db = db
conf.db = safeSQLIdentificatorNaming(conf.db) conf.db = safeSQLIdentificatorNaming(conf.db)
@ -2503,11 +2503,11 @@ def removeDynamicContent(page):
if prefix is None and suffix is None: if prefix is None and suffix is None:
continue continue
elif prefix is None: elif prefix is None:
page = re.sub(r'(?s)^.+%s' % suffix, suffix, page) page = re.sub(r'(?s)^.+%s' % re.escape(suffix), suffix, page)
elif suffix is None: elif suffix is None:
page = re.sub(r'(?s)%s.+$' % prefix, prefix, page) page = re.sub(r'(?s)%s.+$' % re.escape(prefix), prefix, page)
else: else:
page = re.sub(r'(?s)%s.+%s' % (prefix, suffix), '%s%s' % (prefix, suffix), page) page = re.sub(r'(?s)%s.+%s' % (re.escape(prefix), re.escape(suffix)), '%s%s' % (prefix, suffix), page)
return page return page

2
lib/core/option.py
View File

@ -233,7 +233,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S): for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S):
port, request = match.groups() port, request = match.groups()
request = request.decode("base64") request = request.decode("base64")
_ = re.search(r"%s:.+" % HTTP_HEADER.HOST, request) _ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request)
if _: if _:
host = _.group(0).strip() host = _.group(0).strip()
if not re.search(r":\d+\Z", host): if not re.search(r":\d+\Z", host):

2
lib/parse/banner.py
View File

@ -63,7 +63,7 @@ class MSSQLBannerHandler(ContentHandler):
def endElement(self, name): def endElement(self, name):
if name == "signature": if name == "signature":
for version in (self._version, self._versionAlt): for version in (self._version, self._versionAlt):
if version and re.search(r" %s[\.\ ]+" % version, self._banner): if version and re.search(r" %s[\.\ ]+" % re.escape(version), self._banner):
self._feedInfo("dbmsRelease", self._release) self._feedInfo("dbmsRelease", self._release)
self._feedInfo("dbmsVersion", self._version) self._feedInfo("dbmsVersion", self._version)
self._feedInfo("dbmsServicePack", self._servicePack) self._feedInfo("dbmsServicePack", self._servicePack)

12
lib/request/connect.py
View File

@ -752,14 +752,14 @@ class Connect(object):
if conf.csrfToken: if conf.csrfToken:
def _adjustParameter(paramString, parameter, newValue): def _adjustParameter(paramString, parameter, newValue):
retVal = paramString retVal = paramString
match = re.search("%s=(?P<value>[^&]*)" % parameter, paramString) match = re.search("%s=(?P<value>[^&]*)" % re.escape(parameter), paramString)
if match: if match:
origValue = match.group("value") origValue = match.group("value")
retVal = re.sub("%s=[^&]*" % parameter, "%s=%s" % (parameter, newValue), paramString) retVal = re.sub("%s=[^&]*" % re.escape(parameter), "%s=%s" % (parameter, newValue), paramString)
return retVal return retVal
page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST)) page, headers, code = Connect.getPage(url=conf.csrfUrl or conf.url, cookie=conf.parameters.get(PLACE.COOKIE), direct=True, silent=True, ua=conf.parameters.get(PLACE.USER_AGENT), referer=conf.parameters.get(PLACE.REFERER), host=conf.parameters.get(PLACE.HOST))
match = re.search(r"<input[^>]+name=[\"']?%s[\"']?\s[^>]*value=(\"([^\"]+)|'([^']+)|([^ >]+))" % conf.csrfToken, page or "") match = re.search(r"<input[^>]+name=[\"']?%s[\"']?\s[^>]*value=(\"([^\"]+)|'([^']+)|([^ >]+))" % re.escape(conf.csrfToken), page or "")
token = (match.group(2) or match.group(3) or match.group(4)) if match else None token = (match.group(2) or match.group(3) or match.group(4)) if match else None
if not token: if not token:
@ -802,10 +802,10 @@ class Connect(object):
if conf.rParam: if conf.rParam:
def _randomizeParameter(paramString, randomParameter): def _randomizeParameter(paramString, randomParameter):
retVal = paramString retVal = paramString
match = re.search("%s=(?P<value>[^&;]+)" % randomParameter, paramString) match = re.search("%s=(?P<value>[^&;]+)" % re.escape(randomParameter), paramString)
if match: if match:
origValue = match.group("value") origValue = match.group("value")
retVal = re.sub("%s=[^&;]+" % randomParameter, "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString) retVal = re.sub("%s=[^&;]+" % re.escape(randomParameter), "%s=%s" % (randomParameter, randomizeParameterValue(origValue)), paramString)
return retVal return retVal
for randomParameter in conf.rParam: for randomParameter in conf.rParam:
@ -847,7 +847,7 @@ class Connect(object):
found = False found = False
value = unicode(value) value = unicode(value)
regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), name, re.escape(delimiter)) regex = r"((\A|%s)%s=).+?(%s|\Z)" % (re.escape(delimiter), re.escape(name), re.escape(delimiter))
if re.search(regex, (get or "")): if re.search(regex, (get or "")):
found = True found = True
get = re.sub(regex, "\g<1>%s\g<3>" % value, get) get = re.sub(regex, "\g<1>%s\g<3>" % value, get)

4
lib/utils/pivotdumptable.py
View File

@ -64,7 +64,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
colList = filter(None, sorted(colList, key=lambda x: len(x) if x else MAX_INT)) colList = filter(None, sorted(colList, key=lambda x: len(x) if x else MAX_INT))
if conf.pivotColumn: if conf.pivotColumn:
if any(re.search(r"(.+\.)?%s" % conf.pivotColumn, _, re.I) for _ in colList): if any(re.search(r"(.+\.)?%s" % re.escape(conf.pivotColumn), _, re.I) for _ in colList):
infoMsg = "using column '%s' as a pivot " % conf.pivotColumn infoMsg = "using column '%s' as a pivot " % conf.pivotColumn
infoMsg += "for retrieving row data" infoMsg += "for retrieving row data"
logger.info(infoMsg) logger.info(infoMsg)
@ -173,7 +173,7 @@ def whereQuery(query):
prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "") prefix, suffix = query.split(" ORDER BY ") if " ORDER BY " in query else (query, "")
if "%s)" % conf.tbl.upper() in prefix.upper(): if "%s)" % conf.tbl.upper() in prefix.upper():
prefix = re.sub(r"(?i)%s\)" % conf.tbl, "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix) prefix = re.sub(r"(?i)%s\)" % re.escape(conf.tbl), "%s WHERE %s)" % (conf.tbl, conf.dumpWhere), prefix)
elif re.search(r"(?i)\bWHERE\b", prefix): elif re.search(r"(?i)\bWHERE\b", prefix):
prefix += " AND %s" % conf.dumpWhere prefix += " AND %s" % conf.dumpWhere
else: else:

2
plugins/generic/entries.py
View File

@ -147,7 +147,7 @@ class Entries:
for column in colList: for column in colList:
_ = agent.preprocessField(tbl, column) _ = agent.preprocessField(tbl, column)
if _ != column: if _ != column:
colString = re.sub(r"\b%s\b" % column, _, colString) colString = re.sub(r"\b%s\b" % re.escape(column), _, colString)
entriesCount = 0 entriesCount = 0