sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-23 19:34:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor adjustments

Browse Source
This commit is contained in:
Bernardo Damele 2010-01-15 17:42:46 +00:00
parent 1a764e1f08
commit 4ce3abc56d
3 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lib/core/common.py
View File

@ -840,7 +840,7 @@ def directoryPath(path):
else: else:
retVal = ntpath.dirname(path) retVal = ntpath.dirname(path)
return retVal return retVal
def normalizePath(path): def normalizePath(path):
retVal = None retVal = None
if path.find('/') != -1: if path.find('/') != -1:
@ -850,18 +850,22 @@ def normalizePath(path):
return retVal return retVal
def safeStringFormat(formatStr, params): def safeStringFormat(formatStr, params):
index = 0
count = 0
retVal = formatStr.replace('%d', '%s') retVal = formatStr.replace('%d', '%s')
while index !=- 1: if isinstance(params, str):
index = retVal.find('%s') retVal = retVal.replace("%s", params)
if index != -1: else:
if count < len(params): count = 0
retVal = retVal[:index] + str(params[count]) + retVal[index+2:] index = 0
else:
raise sqlmapNoneDataException, "wrong number of parameters during string formatting" while index != -1:
count += 1 index = retVal.find('%s')
if index != -1:
if count < len(params):
retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
else:
raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
count += 1
return retVal return retVal

5
lib/techniques/inband/union/test.py
View File

@ -24,7 +24,6 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import randomStr from lib.core.common import randomStr
from lib.core.common import safeStringFormat
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
from lib.core.data import logger from lib.core.data import logger
@ -122,7 +121,7 @@ def __forgeUserFriendlyValue(payload):
value = "" value = ""
if kb.injPlace == "GET": if kb.injPlace == "GET":
value = safeStringFormat("%s?%s", (conf.url, payload)) value = "%s?%s" % (conf.url, payload)
elif kb.injPlace == "POST": elif kb.injPlace == "POST":
value = "URL:\t'%s'" % conf.url value = "URL:\t'%s'" % conf.url
value += "\nPOST:\t'%s'\n" % payload value += "\nPOST:\t'%s'\n" % payload
@ -203,7 +202,7 @@ def unionTest():
technique = "NULL bruteforcing" technique = "NULL bruteforcing"
infoMsg = "testing inband sql injection on parameter " infoMsg = "testing inband sql injection on parameter "
infoMsg += safeStringFormat("'%s' with %s technique", (kb.injParameter, technique)) infoMsg += "'%s' with %s technique" % (kb.injParameter, technique)
logger.info(infoMsg) logger.info(infoMsg)
value = "" value = ""

8
lib/utils/resume.py
View File

@ -75,7 +75,7 @@ def queryOutputLength(expression, payload):
if output: if output:
return 0, output, regExpr return 0, output, regExpr
dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], lengthExpr))) dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], lengthExpr))
lengthExprUnescaped = unescaper.unescape(lengthExpr) lengthExprUnescaped = unescaper.unescape(lengthExpr)
count, length = bisection(payload, lengthExprUnescaped) count, length = bisection(payload, lengthExprUnescaped)
@ -145,7 +145,7 @@ def resume(expression, payload):
infoMsg += "%s" % resumedValue.split("\n")[0] infoMsg += "%s" % resumedValue.split("\n")[0]
logger.info(infoMsg) logger.info(infoMsg)
dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][%s]\n", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))) dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
return resumedValue return resumedValue
elif len(resumedValue) < int(length): elif len(resumedValue) < int(length):
@ -153,7 +153,7 @@ def resume(expression, payload):
infoMsg += "%s..." % resumedValue.split("\n")[0] infoMsg += "%s..." % resumedValue.split("\n")[0]
logger.info(infoMsg) logger.info(infoMsg)
dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][%s", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))) dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
if select: if select:
newExpr = expression.replace(regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1) newExpr = expression.replace(regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1)
@ -176,6 +176,6 @@ def resume(expression, payload):
return None return None
return safeStringFormat("%s%s", (resumedValue, finalValue)) return "%s%s" % (resumedValue, finalValue)
return None return None