diff --git a/extra/shutils/_sqlmap.py b/extra/shutils/_sqlmap.py index f7fb88d3b..44c33bfb1 100644 --- a/extra/shutils/_sqlmap.py +++ b/extra/shutils/_sqlmap.py @@ -55,7 +55,7 @@ _arguments -C -s \ '(--invalid-bignum)'--invalid-bignum'[Use big numbers for invalidating values]' \ '(--invalid-logical)'--invalid-logical'[Use logical operations for invalidating values]' \ '(--no-cast)'--no-cast'[Turn off payload casting mechanism]' \ - '(--no-unescape)'--no-unescape'[Turn off string unescaping mechanism]' \ + '(--no-escape)'--no-unescape'[Turn off string escaping mechanism]' \ '(--prefix)'--prefix=-'[Injection payload prefix string]:PREFIX' \ '(--suffix)'--suffix=-'[Injection payload suffix string]:SUFFIX' \ '(--skip)'--skip=-'[Skip testing for given parameter(s)]:SKIP' \ diff --git a/lib/core/agent.py b/lib/core/agent.py index 87527405f..d81d4be83 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -157,7 +157,7 @@ class Agent(object): return self.payloadDirect(expression) expression = self.cleanupPayload(expression) - expression = unescaper.unescape(expression) + expression = unescaper.escape(expression) query = None if where is None and kb.technique and kb.technique in kb.injection.data: @@ -917,7 +917,7 @@ class Agent(object): else: lengthExpr = lengthQuery % expression - return unescaper.unescape(lengthExpr) + return unescaper.escape(lengthExpr) def forgeCaseStatement(self, expression): """ diff --git a/lib/core/common.py b/lib/core/common.py index 6c680a197..890cd1f91 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -54,7 +54,7 @@ from lib.core.convert import unicodeencode from lib.core.convert import utf8encode from lib.core.decorators import cachedmethod from lib.core.dicts import DBMS_DICT -from lib.core.dicts import DEPRECATED_HINTS +from lib.core.dicts import DEPRECATED_OPTIONS from lib.core.dicts import SQL_STATEMENTS from lib.core.enums import ADJUST_TIME_DELAY from lib.core.enums import CHARSET_TYPE @@ -84,7 +84,6 @@ from lib.core.settings import DBMS_DIRECTORY_DICT from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DEFAULT_MSSQL_SCHEMA -from lib.core.settings import DEPRECATED_OPTIONS from lib.core.settings import DESCRIPTION from lib.core.settings import DUMMY_SQL_INJECTION_CHARS from lib.core.settings import DUMMY_USER_INJECTION @@ -3055,8 +3054,8 @@ def checkDeprecatedOptions(args): for _ in args: if _ in DEPRECATED_OPTIONS: errMsg = "switch/option '%s' is deprecated" % _ - if _ in DEPRECATED_HINTS: - errMsg += " (hint: %s)" % DEPRECATED_HINTS[_] + if DEPRECATED_OPTIONS[_]: + errMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_] raise SqlmapSyntaxException(errMsg) def evaluateCode(code, variables=None): diff --git a/lib/core/dicts.py b/lib/core/dicts.py index ce976ec76..9ce1fe2d1 100644 --- a/lib/core/dicts.py +++ b/lib/core/dicts.py @@ -202,9 +202,10 @@ POST_HINT_CONTENT_TYPES = { POST_HINT.XML: "application/xml", } -DEPRECATED_HINTS = { +DEPRECATED_OPTIONS = { "--replicate": "use '--dump-format=SQLITE' instead", - } + "--no-unescape": "use '--no-escape' instead", + } DUMP_DATA_PREPROCESS = { DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"}, # Reference: https://www.tibcommunity.com/docs/DOC-3643 diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 56b01b21d..d20291769 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -65,7 +65,7 @@ optDict = { "invalidBignum": "boolean", "invalidLogical": "boolean", "noCast": "boolean", - "noUnescape": "boolean", + "noEscape": "boolean", "prefix": "string", "suffix": "string", "skip": "string", diff --git a/lib/core/settings.py b/lib/core/settings.py index 4a78b992d..873880730 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -278,7 +278,7 @@ MYSQL_ERROR_CHUNK_LENGTH = 50 # Maximum length used for retrieving data over MSSQL error based payload due to trimming problems with longer result strings MSSQL_ERROR_CHUNK_LENGTH = 100 -# Do not unescape the injected statement if it contains any of the following SQL words +# Do not escape the injected statement if it contains any of the following SQL keywords EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK) # Mark used for replacement of reflected values @@ -308,9 +308,6 @@ HASH_MOD_ITEM_DISPLAY = 11 # Maximum integer value MAX_INT = sys.maxint -# List of deprecated options -DEPRECATED_OPTIONS = ("--replicate",) - # Parameters to be ignored in detection phase (upper case) IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN") diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py index 38e1d4797..a76455292 100644 --- a/lib/core/unescaper.py +++ b/lib/core/unescaper.py @@ -11,8 +11,8 @@ from lib.core.datatype import AttribDict from lib.core.settings import EXCLUDE_UNESCAPE class Unescaper(AttribDict): - def unescape(self, expression, quote=True, dbms=None): - if conf.noUnescape: + def escape(self, expression, quote=True, dbms=None): + if conf.noEscape: return expression if expression is None: diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 00790e55e..2cabc112b 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -209,9 +209,9 @@ def cmdLineParser(): action="store_true", help="Turn off payload casting mechanism") - injection.add_option("--no-unescape", dest="noUnescape", + injection.add_option("--no-escape", dest="noEscape", action="store_true", - help="Turn off string unescaping mechanism") + help="Turn off string escaping mechanism") injection.add_option("--prefix", dest="prefix", help="Injection payload prefix string") diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index 4f5c04b99..cb91154c2 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -84,7 +84,7 @@ class UDF: if udfName is None: udfName = "sys_exec" - cmd = unescaper.unescape(self.udfForgeCmd(cmd)) + cmd = unescaper.escape(self.udfForgeCmd(cmd)) return inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent) @@ -103,7 +103,7 @@ class UDF: output = new_output else: - cmd = unescaper.unescape(self.udfForgeCmd(cmd)) + cmd = unescaper.escape(self.udfForgeCmd(cmd)) inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd)) output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False)) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index fb6844841..8e627701d 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -107,9 +107,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression) nulledCastedField = agent.nullAndCastField(fieldToCastStr) expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1) - expressionUnescaped = unescaper.unescape(expressionReplaced) + expressionUnescaped = unescaper.escape(expressionReplaced) else: - expressionUnescaped = unescaper.unescape(expression) + expressionUnescaped = unescaper.escape(expression) if length and isinstance(length, basestring) and length.isdigit(): length = int(length) @@ -234,7 +234,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None else: # e.g.: ... > '%c' -> ... > ORD(..) markingValue = "'%s'" % CHAR_INFERENCE_MARK - unescapedCharValue = unescaper.unescape("'%s'" % decodeIntToUnicode(posValue)) + unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue)) forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) @@ -461,7 +461,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None # it via equal against the query output if commonValue is not None: # One-shot query containing equals commonValue - testValue = unescaper.unescape("'%s'" % commonValue) if "'" not in commonValue else unescaper.unescape("%s" % commonValue, quote=False) + testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False) query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue))) query = agent.suffixQuery(query) result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False) @@ -483,7 +483,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if commonPattern is not None: # Substring-query containing equals commonPattern subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern)) - testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False) + testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False) query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue))) query = agent.suffixQuery(query) result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False) diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index 5368c72cb..88998d774 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -66,7 +66,7 @@ def dnsUse(payload, expression): expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1) expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsName) - expressionUnescaped = unescaper.unescape(expressionRequest) + expressionUnescaped = unescaper.escape(expressionRequest) if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL): query = agent.prefixQuery("; %s" % expressionUnescaped) diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 6a1ec32c4..d2edbb1ec 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -88,7 +88,7 @@ def _oneShotErrorUse(expression, field=None): query = agent.prefixQuery(vector) query = agent.suffixQuery(query) injExpression = expression.replace(field, nulledCastedField, 1) if field else expression - injExpression = unescaper.unescape(injExpression) + injExpression = unescaper.escape(injExpression) injExpression = query.replace("[QUERY]", injExpression) payload = agent.payload(newValue=injExpression) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index d9486932c..76d0a1cae 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -172,7 +172,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO randQuery = randomStr(UNION_MIN_RESPONSE_CHARS) phrase = "%s%s%s".lower() % (kb.chars.start, randQuery, kb.chars.stop) randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery) - randQueryUnescaped = unescaper.unescape(randQueryProcessed) + randQueryUnescaped = unescaper.escape(randQueryProcessed) # Forge the union SQL injection request query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where) @@ -194,7 +194,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO randQuery2 = randomStr(UNION_MIN_RESPONSE_CHARS) phrase2 = "%s%s%s".lower() % (kb.chars.start, randQuery2, kb.chars.stop) randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2) - randQueryUnescaped2 = unescaper.unescape(randQueryProcessed2) + randQueryUnescaped2 = unescaper.escape(randQueryProcessed2) # Confirm that it is a full union SQL injection query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, multipleUnions=randQueryUnescaped2) diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index cc6b8866c..efe62cb0a 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -58,7 +58,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False): if retVal is None: # Prepare expression with delimiters - injExpression = unescaper.unescape(agent.concatQuery(expression, unpack)) + injExpression = unescaper.escape(agent.concatQuery(expression, unpack)) where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index 75cf9bbc8..fd055430b 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -102,9 +102,9 @@ def pivotDumpTable(table, colList, count=None, blind=True): for column in colList: def _(pivotValue): if column == colList[0]: - query = dumpNode.query.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.unescape(pivotValue, False)) + query = dumpNode.query.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.escape(pivotValue, False)) else: - query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.unescape(pivotValue, False)) + query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False)) return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind)) diff --git a/plugins/dbms/access/__init__.py b/plugins/dbms/access/__init__.py index 1414d84fc..4df52f812 100644 --- a/plugins/dbms/access/__init__.py +++ b/plugins/dbms/access/__init__.py @@ -30,4 +30,4 @@ class AccessMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.ACCESS] = Syntax.unescape + unescaper[DBMS.ACCESS] = Syntax.escape diff --git a/plugins/dbms/access/syntax.py b/plugins/dbms/access/syntax.py index 0ea819ad1..677c1012b 100644 --- a/plugins/dbms/access/syntax.py +++ b/plugins/dbms/access/syntax.py @@ -13,7 +13,7 @@ class Syntax(GenericSyntax): GenericSyntax.__init__(self) @staticmethod - def unescape(expression, quote=True): + def escape(expression, quote=True): if quote: while True: index = expression.find("'") @@ -45,26 +45,3 @@ class Syntax(GenericSyntax): return expression - @staticmethod - def escape(expression): - while True: - index = expression.find("CHR(") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex:].find(")") - - if index == -1: - raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) - - lastIndex = firstIndex + index + 1 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.lstrip("CHR(").rstrip(")") - oldUpper = oldUpper.split("&") - - escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper) - expression = expression.replace(old, escaped).replace("'&'", "") - - return expression diff --git a/plugins/dbms/db2/__init__.py b/plugins/dbms/db2/__init__.py index 9c7015e9d..61494a9cd 100644 --- a/plugins/dbms/db2/__init__.py +++ b/plugins/dbms/db2/__init__.py @@ -31,4 +31,4 @@ class DB2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeov Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.DB2] = Syntax.unescape + unescaper[DBMS.DB2] = Syntax.escape diff --git a/plugins/dbms/db2/syntax.py b/plugins/dbms/db2/syntax.py index 9bc422d2e..20fc3262c 100644 --- a/plugins/dbms/db2/syntax.py +++ b/plugins/dbms/db2/syntax.py @@ -14,7 +14,7 @@ class Syntax(GenericSyntax): GenericSyntax.__init__(self) @staticmethod - def unescape(expression, quote=True): + def escape(expression, quote=True): if expression == u"'''": return "CHR(%d)" % (ord("'")) @@ -44,29 +44,3 @@ class Syntax(GenericSyntax): expression = "||".join("CHR(%d)" % ord(c) for c in expression) return expression - - @staticmethod - def escape(expression): - logMsg = "escaping %s" % expression - logger.info(logMsg) - while True: - index = expression.find("CHR(") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex:].find(")") - - if index == -1: - raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) - - lastIndex = firstIndex + index + 1 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.lstrip("CHR(").rstrip(")") - oldUpper = oldUpper.split("||") - - escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper) - expression = expression.replace(old, escaped) - - return expression diff --git a/plugins/dbms/firebird/__init__.py b/plugins/dbms/firebird/__init__.py index 1f79214d7..82920d103 100644 --- a/plugins/dbms/firebird/__init__.py +++ b/plugins/dbms/firebird/__init__.py @@ -30,4 +30,4 @@ class FirebirdMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, T Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.FIREBIRD] = Syntax.unescape + unescaper[DBMS.FIREBIRD] = Syntax.escape diff --git a/plugins/dbms/firebird/syntax.py b/plugins/dbms/firebird/syntax.py index fc440f248..f0d91c78f 100644 --- a/plugins/dbms/firebird/syntax.py +++ b/plugins/dbms/firebird/syntax.py @@ -14,7 +14,7 @@ class Syntax(GenericSyntax): GenericSyntax.__init__(self) @staticmethod - def unescape(expression, quote=True): + def escape(expression, quote=True): if isDBMSVersionAtLeast('2.1'): if quote: while True: @@ -47,26 +47,3 @@ class Syntax(GenericSyntax): return expression - @staticmethod - def escape(expression): - while True: - index = expression.find("ASCII_CHAR(") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex:].find(")") - - if index == -1: - raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) - - lastIndex = firstIndex + index + 1 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.lstrip("ASCII_CHAR(").rstrip(")") - oldUpper = oldUpper.split("||") - - escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper) - expression = expression.replace(old, escaped).replace("'||'", "") - - return expression diff --git a/plugins/dbms/maxdb/__init__.py b/plugins/dbms/maxdb/__init__.py index 7485c1a30..57cd31334 100644 --- a/plugins/dbms/maxdb/__init__.py +++ b/plugins/dbms/maxdb/__init__.py @@ -30,4 +30,4 @@ class MaxDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.MAXDB] = Syntax.unescape + unescaper[DBMS.MAXDB] = Syntax.escape diff --git a/plugins/dbms/maxdb/syntax.py b/plugins/dbms/maxdb/syntax.py index e6ecc46f1..4a3249053 100644 --- a/plugins/dbms/maxdb/syntax.py +++ b/plugins/dbms/maxdb/syntax.py @@ -11,10 +11,6 @@ class Syntax(GenericSyntax): def __init__(self): GenericSyntax.__init__(self) - @staticmethod - def unescape(expression, quote=True): - return expression - @staticmethod def escape(expression): return expression diff --git a/plugins/dbms/mssqlserver/__init__.py b/plugins/dbms/mssqlserver/__init__.py index 74d5d0c00..7dee4fe98 100644 --- a/plugins/dbms/mssqlserver/__init__.py +++ b/plugins/dbms/mssqlserver/__init__.py @@ -31,4 +31,4 @@ class MSSQLServerMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.MSSQL] = Syntax.unescape + unescaper[DBMS.MSSQL] = Syntax.escape diff --git a/plugins/dbms/mssqlserver/syntax.py b/plugins/dbms/mssqlserver/syntax.py index 941358ba5..e4dca77c0 100644 --- a/plugins/dbms/mssqlserver/syntax.py +++ b/plugins/dbms/mssqlserver/syntax.py @@ -13,7 +13,7 @@ class Syntax(GenericSyntax): GenericSyntax.__init__(self) @staticmethod - def unescape(expression, quote=True): + def escape(expression, quote=True): if quote: while True: index = expression.find("'") @@ -36,27 +36,3 @@ class Syntax(GenericSyntax): expression = "+".join("CHAR(%d)" % ord(c) for c in expression) return expression - - @staticmethod - def escape(expression): - while True: - index = expression.find("CHAR(") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex:].find(")") - - if index == -1: - raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) - - lastIndex = firstIndex + index + 1 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.replace("CHAR(", "").replace(")", "") - - escaped = "'%s'" % chr(int(oldUpper)) - expression = expression.replace(old, escaped) - - expression = expression.replace("'+'", "") - return expression diff --git a/plugins/dbms/mysql/__init__.py b/plugins/dbms/mysql/__init__.py index e8e2651ec..4f03e754e 100644 --- a/plugins/dbms/mysql/__init__.py +++ b/plugins/dbms/mysql/__init__.py @@ -36,4 +36,4 @@ class MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.MYSQL] = Syntax.unescape + unescaper[DBMS.MYSQL] = Syntax.escape diff --git a/plugins/dbms/mysql/syntax.py b/plugins/dbms/mysql/syntax.py index 8e6e93bc0..3e672220e 100644 --- a/plugins/dbms/mysql/syntax.py +++ b/plugins/dbms/mysql/syntax.py @@ -17,7 +17,7 @@ class Syntax(GenericSyntax): GenericSyntax.__init__(self) @staticmethod - def unescape(expression, quote=True): + def escape(expression, quote=True): if quote: unescaped = expression for item in re.findall(r"'[^']+'", expression, re.S): @@ -29,31 +29,3 @@ class Syntax(GenericSyntax): unescaped = "0x%s" % binascii.hexlify(expression) return unescaped - - @staticmethod - def escape(expression): - while True: - index = expression.find("CHAR(") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex:].find(")") - - if index == -1: - raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) - - lastIndex = firstIndex + index + 1 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.lstrip("CHAR(").rstrip(")") - oldUpper = oldUpper.split(",") - - escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper) - expression = expression.replace(old, escaped) - - original = expression - for item in re.findall(r"0x[0-9a-fA-F]+", original, re.S): - expression = expression.replace(item, "'%s'" % binascii.unhexlify(item[2:])) - - return expression diff --git a/plugins/dbms/oracle/__init__.py b/plugins/dbms/oracle/__init__.py index 46f716ae8..1a09a1be9 100644 --- a/plugins/dbms/oracle/__init__.py +++ b/plugins/dbms/oracle/__init__.py @@ -30,4 +30,4 @@ class OracleMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.ORACLE] = Syntax.unescape + unescaper[DBMS.ORACLE] = Syntax.escape diff --git a/plugins/dbms/oracle/syntax.py b/plugins/dbms/oracle/syntax.py index 7a808fc3f..076d74b30 100644 --- a/plugins/dbms/oracle/syntax.py +++ b/plugins/dbms/oracle/syntax.py @@ -13,7 +13,7 @@ class Syntax(GenericSyntax): GenericSyntax.__init__(self) @staticmethod - def unescape(expression, quote=True): + def escape(expression, quote=True): if quote: while True: index = expression.find("'") @@ -35,27 +35,3 @@ class Syntax(GenericSyntax): expression = "||".join("CHR(%d)" % ord(c) for c in expression) return expression - - @staticmethod - def escape(expression): - while True: - index = expression.find("CHR(") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex:].find("))") - - if index == -1: - raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) - - lastIndex = firstIndex + index + 1 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.replace("CHR(", "").replace(")", "") - oldUpper = oldUpper.split("||") - - escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper) - expression = expression.replace(old, escaped) - - return expression diff --git a/plugins/dbms/postgresql/__init__.py b/plugins/dbms/postgresql/__init__.py index 6405e5df3..0688fc29b 100644 --- a/plugins/dbms/postgresql/__init__.py +++ b/plugins/dbms/postgresql/__init__.py @@ -37,4 +37,4 @@ class PostgreSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.PGSQL] = Syntax.unescape + unescaper[DBMS.PGSQL] = Syntax.escape diff --git a/plugins/dbms/postgresql/syntax.py b/plugins/dbms/postgresql/syntax.py index 3b080f8a3..5be99a155 100644 --- a/plugins/dbms/postgresql/syntax.py +++ b/plugins/dbms/postgresql/syntax.py @@ -13,7 +13,7 @@ class Syntax(GenericSyntax): GenericSyntax.__init__(self) @staticmethod - def unescape(expression, quote=True): + def escape(expression, quote=True): """ Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing) e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text") @@ -40,27 +40,3 @@ class Syntax(GenericSyntax): expression = "(%s)" % "||".join("CHR(%d)" % ord(c) for c in expression) return expression - - @staticmethod - def escape(expression): - while True: - index = expression.find("CHR(") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex:].find("))") - - if index == -1: - raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) - - lastIndex = firstIndex + index + 1 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.replace("CHR(", "").replace(")", "") - oldUpper = oldUpper.split("||") - - escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper) - expression = expression.replace(old, escaped) - - return expression diff --git a/plugins/dbms/sqlite/__init__.py b/plugins/dbms/sqlite/__init__.py index 071cc179b..c71ff9876 100644 --- a/plugins/dbms/sqlite/__init__.py +++ b/plugins/dbms/sqlite/__init__.py @@ -30,4 +30,4 @@ class SQLiteMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.SQLITE] = Syntax.unescape + unescaper[DBMS.SQLITE] = Syntax.escape diff --git a/plugins/dbms/sqlite/syntax.py b/plugins/dbms/sqlite/syntax.py index a7963a18a..c1832eeb6 100644 --- a/plugins/dbms/sqlite/syntax.py +++ b/plugins/dbms/sqlite/syntax.py @@ -17,7 +17,7 @@ class Syntax(GenericSyntax): GenericSyntax.__init__(self) @staticmethod - def unescape(expression, quote=True): + def escape(expression, quote=True): unescaped = expression if isDBMSVersionAtLeast('3'): @@ -28,30 +28,3 @@ class Syntax(GenericSyntax): unescaped = "X'%s'" % binascii.hexlify(expression) return unescaped - - @staticmethod - def escape(expression): - # Example on SQLite 3, not supported on SQLite 2: - # select X'48'||X'656c6c6f20576f726c6400'; -- Hello World - while True: - index = expression.find("X'") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex + 2:].find("'") - - if index == -1: - raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression) - - lastIndex = firstIndex + index + 3 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.replace("X'", "").replace("'", "") - - for i in xrange(len(oldUpper) / 2): - char = oldUpper[i * 2:i * 2 + 2] - escaped = "'%s'" % chr(int(char, 16)) - expression = expression.replace(old, escaped) - - return expression diff --git a/plugins/dbms/sybase/__init__.py b/plugins/dbms/sybase/__init__.py index a9b4b51e9..7c6eb775f 100644 --- a/plugins/dbms/sybase/__init__.py +++ b/plugins/dbms/sybase/__init__.py @@ -30,4 +30,4 @@ class SybaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak Miscellaneous.__init__(self) Takeover.__init__(self) - unescaper[DBMS.SYBASE] = Syntax.unescape + unescaper[DBMS.SYBASE] = Syntax.escape diff --git a/plugins/dbms/sybase/syntax.py b/plugins/dbms/sybase/syntax.py index 6b38929be..61188d533 100644 --- a/plugins/dbms/sybase/syntax.py +++ b/plugins/dbms/sybase/syntax.py @@ -13,7 +13,7 @@ class Syntax(GenericSyntax): GenericSyntax.__init__(self) @staticmethod - def unescape(expression, quote=True): + def escape(expression, quote=True): if quote: while True: index = expression.find("'") @@ -35,27 +35,3 @@ class Syntax(GenericSyntax): expression = "+".join("CHAR(%d)" % ord(c) for c in expression) return expression - - @staticmethod - def escape(expression): - while True: - index = expression.find("CHAR(") - if index == -1: - break - - firstIndex = index - index = expression[firstIndex:].find("))") - - if index == -1: - raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression) - - lastIndex = firstIndex + index + 1 - old = expression[firstIndex:lastIndex] - oldUpper = old.upper() - oldUpper = oldUpper.replace("CHAR(", "").replace(")", "") - oldUpper = oldUpper.split("+") - - escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper) - expression = expression.replace(old, escaped) - - return expression diff --git a/plugins/generic/syntax.py b/plugins/generic/syntax.py index 22b0c66cc..e775291aa 100644 --- a/plugins/generic/syntax.py +++ b/plugins/generic/syntax.py @@ -15,14 +15,8 @@ class Syntax: def __init__(self): pass - @staticmethod - def unescape(expression, quote=True): - errMsg = "'unescape' method must be defined " - errMsg += "into the specific DBMS plugin" - raise SqlmapUndefinedMethod(errMsg) - @staticmethod def escape(expression): errMsg = "'escape' method must be defined " - errMsg += "into the specific DBMS plugin" + errMsg += "inside the specific DBMS plugin" raise SqlmapUndefinedMethod(errMsg) diff --git a/sqlmap.conf b/sqlmap.conf index 55857cf83..a4529089f 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -207,9 +207,9 @@ invalidLogical = False # Valid: True or False noCast = False -# Turn off string unescaping mechanism +# Turn off string escaping mechanism # Valid: True or False -noUnescape = False +noEscape = False # Injection payload prefix string. prefix =