sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-29 09:29:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

Handle non-alnum parameters with --eval

Browse Source
This commit is contained in:
Rogdham 2015-07-18 10:31:15 +02:00
parent a7c4400cc9
commit 573bcad59c
2 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/settings.py
View File

@ -611,6 +611,9 @@ MIN_ENCODED_LEN_CHECK = 5
# Timeout in seconds in which Metasploit remote session has to be initialized # Timeout in seconds in which Metasploit remote session has to be initialized
METASPLOIT_SESSION_TIMEOUT = 300 METASPLOIT_SESSION_TIMEOUT = 300
# Replacement for non-ALNUM chars in variables
EVALCODE_NONALNUM_REP = "_%s_" # %s to be changed for hex(ord(char))
# Suffix used to mark variables having keyword names # Suffix used to mark variables having keyword names
EVALCODE_KEYWORD_SUFFIX = "_KEYWORD" EVALCODE_KEYWORD_SUFFIX = "_KEYWORD"

29
lib/request/connect.py
View File

@ -82,6 +82,7 @@ from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import DEFAULT_CONTENT_TYPE from lib.core.settings import DEFAULT_CONTENT_TYPE
from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import EVALCODE_NONALNUM_REP
from lib.core.settings import EVALCODE_KEYWORD_SUFFIX from lib.core.settings import EVALCODE_KEYWORD_SUFFIX
from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
@ -892,12 +893,25 @@ class Connect(object):
variables = {"uri": uri} variables = {"uri": uri}
originals = {} originals = {}
keywords = keyword.kwlist keywords = keyword.kwlist
regex_nonalnum = '(%s)' % \
(EVALCODE_NONALNUM_REP % '0x([0-9a-f]{1,2})')
for item in filter(None, (get, post if not kb.postHint else None)): for item in filter(None, (get, post if not kb.postHint else None)):
for part in item.split(delimiter): for part in item.split(delimiter):
if '=' in part: if '=' in part:
name, value = part.split('=', 1) name, value = part.split('=', 1)
name = re.sub(r"[^\w]", "", name.strip()) # modify non-alnum delimiters already in name
for p in re.findall(regex_nonalnum, name):
b = EVALCODE_NONALNUM_REP % hex(ord(p[0][0]))
e = EVALCODE_NONALNUM_REP % hex(ord(p[0][-1]))
name = name.replace(
p[0], "%s%s%s" % (b, p[0][1:-1], e))
# modify non-alnum characters
name = "".join(
c if re.search(r"^\w$", c)
else EVALCODE_NONALNUM_REP % hex(ord(c))
for c in name)
# modify keywords
if name in keywords: if name in keywords:
name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX) name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus)) value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus))
@ -934,10 +948,17 @@ class Connect(object):
evaluateCode(conf.evalCode, variables) evaluateCode(conf.evalCode, variables)
for variable in variables.keys(): for variable in variables.keys():
original = variable
value = variables[variable]
# restore non-alnum characters
for p in re.findall(regex_nonalnum, variable):
variable = variable.replace(p[0], chr(int(p[1], 16)))
# restore keywords
if variable.endswith(EVALCODE_KEYWORD_SUFFIX): if variable.endswith(EVALCODE_KEYWORD_SUFFIX):
value = variables[variable] variable = variable.replace(EVALCODE_KEYWORD_SUFFIX, "")
del variables[variable] if variable != original:
variables[variable.replace(EVALCODE_KEYWORD_SUFFIX, "")] = value del variables[original]
variables[variable] = value
uri = variables["uri"] uri = variables["uri"]