Fixes #2144

2024-11-22 01:26:42 +03:00 · 2016-09-02 14:14:17 +02:00 · 2016-09-02 14:14:17 +02:00 · 577e346774
commit 577e346774
parent 81c6aad129
5 changed files with 39 additions and 46 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -155,6 +155,7 @@ from lib.utils.deps import checkDependencies
 from lib.utils.search import search
 from lib.utils.purge import purge
 from thirdparty.keepalive import keepalive
+from thirdparty.multipart import multipartpost
 from thirdparty.oset.pyoset import oset
 from thirdparty.socks import socks
 from xml.etree.ElementTree import ElementTree
@ -165,6 +166,7 @@ keepAliveHandler = keepalive.HTTPHandler()
 proxyHandler = urllib2.ProxyHandler()
 redirectHandler = SmartRedirectHandler()
 rangeHandler = HTTPRangeHandler()
+multipartPostHandler = multipartpost.MultipartPostHandler()

 def _feedTargetsDict(reqFile, addedTargetUrls):
    """
@ -1164,7 +1166,7 @@ def _setHTTPHandlers():
    debugMsg = "creating HTTP requests opener object"
    logger.debug(debugMsg)

-    handlers = filter(None, [proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, httpsHandler])
+    handlers = filter(None, [multipartPostHandler, proxyHandler if proxyHandler.proxies else None, authHandler, redirectHandler, rangeHandler, httpsHandler])

    if not conf.dropSetCookie:
        if not conf.loadCookies:
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.8.24"
+VERSION = "1.0.9.0"
 REVISION = getRevisionNumber()
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -110,7 +110,6 @@ from lib.request.basic import processResponse
 from lib.request.direct import direct
 from lib.request.comparison import comparison
 from lib.request.methodrequest import MethodRequest
-from thirdparty.multipart import multipartpost
 from thirdparty.odict.odict import OrderedDict
 from thirdparty.socks.socks import ProxyError

@ -242,7 +241,7 @@ class Connect(object):
        referer = kwargs.get("referer",             None) or conf.referer
        host = kwargs.get("host",                   None) or conf.host
        direct_ = kwargs.get("direct",              False)
-        multipart = kwargs.get("multipart",         False)
+        multipart = kwargs.get("multipart",         None)
        silent = kwargs.get("silent",               False)
        raise404 = kwargs.get("raise404",           True)
        timeout = kwargs.get("timeout",             None) or conf.timeout
@ -254,6 +253,9 @@ class Connect(object):
        crawling = kwargs.get("crawling",           False)
        skipRead = kwargs.get("skipRead",           False)

+        if multipart:
+            post = multipart
+
        websocket_ = url.lower().startswith("ws")

        if not urlparse.urlsplit(url).netloc:
@ -298,20 +300,6 @@ class Connect(object):
                    params = urlencode(params)
                    url = "%s?%s" % (url, params)

-            elif multipart:
-                # Needed in this form because of potential circle dependency
-                # problem (option -> update -> connect -> option)
-                from lib.core.option import proxyHandler
-
-                multipartOpener = urllib2.build_opener(proxyHandler, multipartpost.MultipartPostHandler)
-                conn = multipartOpener.open(unicodeencode(url), multipart)
-                page = Connect._connReadProxy(conn) if not skipRead else None
-                responseHeaders = conn.info()
-                responseHeaders[URI_HTTP_HEADER] = conn.geturl()
-                page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))
-
-                return page
-
            elif any((refreshing, crawling)):
                pass

@ -364,7 +352,7 @@ class Connect(object):
            if not getHeader(headers, HTTP_HEADER.ACCEPT_ENCODING):
                headers[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE if kb.pageCompress else "identity"

-            if post is not None and not getHeader(headers, HTTP_HEADER.CONTENT_TYPE):
+            if post is not None and not multipart and not getHeader(headers, HTTP_HEADER.CONTENT_TYPE):
                headers[HTTP_HEADER.CONTENT_TYPE] = POST_HINT_CONTENT_TYPES.get(kb.postHint, DEFAULT_CONTENT_TYPE)

            if headers.get(HTTP_HEADER.CONTENT_TYPE) == POST_HINT_CONTENT_TYPES[POST_HINT.MULTIPART]:
@ -455,9 +443,10 @@ class Connect(object):

                requestMsg += "\n"

-                threadData.lastRequestMsg = requestMsg
+                if not multipart:
+                    threadData.lastRequestMsg = requestMsg

-                logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)
+                    logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)

                if conf.cj:
                    for cookie in conf.cj:
@ -578,7 +567,8 @@ class Connect(object):
            elif conf.verbose > 5:
                responseMsg += "%s\n\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])

-            logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
+            if not multipart:
+                logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)

            if ex.code == httplib.UNAUTHORIZED and not conf.ignore401:
                errMsg = "not authorized, try to provide right HTTP "
@ -711,7 +701,8 @@ class Connect(object):
        elif conf.verbose > 5:
            responseMsg += "%s\n\n%s" % (logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE])

-        logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)
+        if not multipart:
+            logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)

        return page, responseHeaders, code

--- a/thirdparty/multipart/multipartpost.py
+++ b/thirdparty/multipart/multipartpost.py
@ -47,13 +47,13 @@ class MultipartPostHandler(urllib2.BaseHandler):
    def http_request(self, request):
        data = request.get_data()

-        if data is not None and type(data) != str:
+        if isinstance(data, dict):
            v_files = []
            v_vars = []

            try:
                for(key, value) in data.items():
-                    if isinstance(value, file) or hasattr(value, 'file') or isinstance(value, StringIO.StringIO):
+                    if isinstance(value, file) or hasattr(value, "file") or isinstance(value, StringIO.StringIO):
                        v_files.append((key, value))
                    else:
                        v_vars.append((key, value))
@ -65,10 +65,10 @@ class MultipartPostHandler(urllib2.BaseHandler):
                data = urllib.urlencode(v_vars, doseq)
            else:
                boundary, data = self.multipart_encode(v_vars, v_files)
-                contenttype = 'multipart/form-data; boundary=%s' % boundary
-                #if (request.has_header('Content-Type') and request.get_header('Content-Type').find('multipart/form-data') != 0):
-                #    print "Replacing %s with %s" % (request.get_header('content-type'), 'multipart/form-data')
-                request.add_unredirected_header('Content-Type', contenttype)
+                contenttype = "multipart/form-data; boundary=%s" % boundary
+                #if (request.has_header("Content-Type") and request.get_header("Content-Type").find("multipart/form-data") != 0):
+                #    print "Replacing %s with %s" % (request.get_header("content-type"), "multipart/form-data")
+                request.add_unredirected_header("Content-Type", contenttype)

            request.add_data(data)
        return request
@ -78,32 +78,32 @@ class MultipartPostHandler(urllib2.BaseHandler):
            boundary = mimetools.choose_boundary()

        if buf is None:
-            buf = ''
+            buf = ""

        for (key, value) in vars:
            if key is not None and value is not None:
-                buf += '--%s\r\n' % boundary
-                buf += 'Content-Disposition: form-data; name="%s"' % key
-                buf += '\r\n\r\n' + value + '\r\n'
+                buf += "--%s\r\n" % boundary
+                buf += "Content-Disposition: form-data; name=\"%s\"" % key
+                buf += "\r\n\r\n" + value + "\r\n"

        for (key, fd) in files:
            file_size = os.fstat(fd.fileno())[stat.ST_SIZE] if isinstance(fd, file) else fd.len
-            filename = fd.name.split('/')[-1] if '/' in fd.name else fd.name.split('\\')[-1]
+            filename = fd.name.split("/")[-1] if "/" in fd.name else fd.name.split("\\")[-1]
            try:
-                contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
+                contenttype = mimetypes.guess_type(filename)[0] or "application/octet-stream"
            except:
                # Reference: http://bugs.python.org/issue9291
-                contenttype = 'application/octet-stream'
-            buf += '--%s\r\n' % boundary
-            buf += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename)
-            buf += 'Content-Type: %s\r\n' % contenttype
-            # buf += 'Content-Length: %s\r\n' % file_size
+                contenttype = "application/octet-stream"
+            buf += "--%s\r\n" % boundary
+            buf += "Content-Disposition: form-data; name=\"%s\"; filename=\"%s\"\r\n" % (key, filename)
+            buf += "Content-Type: %s\r\n" % contenttype
+            # buf += "Content-Length: %s\r\n" % file_size
            fd.seek(0)

            buf = str(buf) if not isinstance(buf, unicode) else buf.encode("utf8")
-            buf += '\r\n%s\r\n' % fd.read()
+            buf += "\r\n%s\r\n" % fd.read()

-        buf += '--%s--\r\n\r\n' % boundary
+        buf += "--%s--\r\n\r\n" % boundary

        return boundary, buf

--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -39,13 +39,13 @@ e4aec2b11c1ad6039d0c3dbbfbc5eb1a  lib/core/exception.py
 cc9c82cfffd8ee9b25ba3af6284f057e  lib/core/__init__.py
 91c514013daa796e2cdd940389354eac  lib/core/log.py
 b9779615206791e6ebbaa84947842b49  lib/core/optiondict.py
-85b144015724e1961e6c9ea1a42b329a  lib/core/option.py
+57109386dcff87507201f14a5821fd41  lib/core/option.py
 1e8948dddbd12def5c2af52530738059  lib/core/profiling.py
 e60456db5380840a586654344003d4e6  lib/core/readlineng.py
 5ef56abb8671c2ca6ceecb208258e360  lib/core/replication.py
 99a2b496b9d5b546b335653ca801153f  lib/core/revision.py
 7c15dd2777af4dac2c89cab6df17462e  lib/core/session.py
-c523de8745fb88545bbbbd7cee1d0b2f  lib/core/settings.py
+dd9d9aa60d7b2ba844189b90285c45cd  lib/core/settings.py
 7af83e4f18cab6dff5e67840eb65be80  lib/core/shell.py
 23657cd7d924e3c6d225719865855827  lib/core/subprocessng.py
 0bc2fae1dec18cdd11954b22358293f2  lib/core/target.py
@ -68,7 +68,7 @@ b40a4c5d91770d347df36d3065b63798  lib/parse/sitemap.py
 9299f21804033f099681525bb9bf51c0  lib/request/basicauthhandler.py
 a3e83cfe7e6825fb1b70951ad290d2ae  lib/request/basic.py
 97fb6323bfb5f941b27cbdb00f9078e1  lib/request/comparison.py
-72a0e7bb1010bb39c6538dbc77eae180  lib/request/connect.py
+8bc040159a145a1dfdf8a3fe76a0adbc  lib/request/connect.py
 49b4c583af68689de5f9acb162de2939  lib/request/direct.py
 1a46f7bb26b23ec0c0d9d9c95828241b  lib/request/dns.py
 70ceefe39980611494d4f99afb96f652  lib/request/httpshandler.py
@ -329,7 +329,7 @@ e0c6a936506bffeed53ce106ec15942d  thirdparty/keepalive/keepalive.py
 d41d8cd98f00b204e9800998ecf8427e  thirdparty/magic/__init__.py
 49f0d123e044dd32a452e2fe51f1a9c3  thirdparty/magic/magic.py
 d41d8cd98f00b204e9800998ecf8427e  thirdparty/multipart/__init__.py
-fd52df5770ee286a7c186fdd2ccc4e0c  thirdparty/multipart/multipartpost.py
+03c8abc17b228e59bcfda1f11a9137e0  thirdparty/multipart/multipartpost.py
 3e502b04f3849afbb7f0e13b5fd2b5c1  thirdparty/odict/__init__.py
 127fe54fdb9b13fdac93c8fc9c9cad5e  thirdparty/odict/odict.py
 08801ea0ba9ae22885275ef65d3ee9dc  thirdparty/oset/_abc.py