sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-14 15:14:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor adjustments

Browse Source
This commit is contained in:
Bernardo Damele 2010-01-15 17:42:46 +00:00
parent 1a764e1f08
commit 4ce3abc56d
3 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lib/core/common.py
View File

@ -840,7 +840,7 @@ def directoryPath(path):
else:
retVal = ntpath.dirname(path)
return retVal
def normalizePath(path):
retVal = None
if path.find('/') != -1:
@ -850,18 +850,22 @@ def normalizePath(path):
return retVal
def safeStringFormat(formatStr, params):
index = 0
count = 0
retVal = formatStr.replace('%d', '%s')
while index !=- 1:
index = retVal.find('%s')
if index != -1:
if count < len(params):
retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
else:
raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
count += 1
if isinstance(params, str):
retVal = retVal.replace("%s", params)
else:
count = 0
index = 0
while index != -1:
index = retVal.find('%s')
if index != -1:
if count < len(params):
retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
else:
raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
count += 1
return retVal

5
lib/techniques/inband/union/test.py
View File

@ -24,7 +24,6 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
from lib.core.agent import agent
from lib.core.common import randomStr
from lib.core.common import safeStringFormat
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
@ -122,7 +121,7 @@ def __forgeUserFriendlyValue(payload):
value = ""
if kb.injPlace == "GET":
value = safeStringFormat("%s?%s", (conf.url, payload))
value = "%s?%s" % (conf.url, payload)
elif kb.injPlace == "POST":
value = "URL:\t'%s'" % conf.url
value += "\nPOST:\t'%s'\n" % payload
@ -203,7 +202,7 @@ def unionTest():
technique = "NULL bruteforcing"
infoMsg = "testing inband sql injection on parameter "
infoMsg += safeStringFormat("'%s' with %s technique", (kb.injParameter, technique))
infoMsg += "'%s' with %s technique" % (kb.injParameter, technique)
logger.info(infoMsg)
value = ""

8
lib/utils/resume.py
View File

@ -75,7 +75,7 @@ def queryOutputLength(expression, payload):
if output:
return 0, output, regExpr
dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], lengthExpr)))
dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], lengthExpr))
lengthExprUnescaped = unescaper.unescape(lengthExpr)
count, length = bisection(payload, lengthExprUnescaped)
@ -145,7 +145,7 @@ def resume(expression, payload):
infoMsg += "%s" % resumedValue.split("\n")[0]
logger.info(infoMsg)
dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][%s]\n", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue)))
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
return resumedValue
elif len(resumedValue) < int(length):
@ -153,7 +153,7 @@ def resume(expression, payload):
infoMsg += "%s..." % resumedValue.split("\n")[0]
logger.info(infoMsg)
dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][%s", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue)))
dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
if select:
newExpr = expression.replace(regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1)
@ -176,6 +176,6 @@ def resume(expression, payload):
return None
return safeStringFormat("%s%s", (resumedValue, finalValue))
return "%s%s" % (resumedValue, finalValue)
return None