mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Unescaping is renamed to escaping
This commit is contained in:
parent
c717de9c9d
commit
601eb1e49a
|
@ -55,7 +55,7 @@ _arguments -C -s \
|
||||||
'(--invalid-bignum)'--invalid-bignum'[Use big numbers for invalidating values]' \
|
'(--invalid-bignum)'--invalid-bignum'[Use big numbers for invalidating values]' \
|
||||||
'(--invalid-logical)'--invalid-logical'[Use logical operations for invalidating values]' \
|
'(--invalid-logical)'--invalid-logical'[Use logical operations for invalidating values]' \
|
||||||
'(--no-cast)'--no-cast'[Turn off payload casting mechanism]' \
|
'(--no-cast)'--no-cast'[Turn off payload casting mechanism]' \
|
||||||
'(--no-unescape)'--no-unescape'[Turn off string unescaping mechanism]' \
|
'(--no-escape)'--no-unescape'[Turn off string escaping mechanism]' \
|
||||||
'(--prefix)'--prefix=-'[Injection payload prefix string]:PREFIX' \
|
'(--prefix)'--prefix=-'[Injection payload prefix string]:PREFIX' \
|
||||||
'(--suffix)'--suffix=-'[Injection payload suffix string]:SUFFIX' \
|
'(--suffix)'--suffix=-'[Injection payload suffix string]:SUFFIX' \
|
||||||
'(--skip)'--skip=-'[Skip testing for given parameter(s)]:SKIP' \
|
'(--skip)'--skip=-'[Skip testing for given parameter(s)]:SKIP' \
|
||||||
|
|
|
@ -157,7 +157,7 @@ class Agent(object):
|
||||||
return self.payloadDirect(expression)
|
return self.payloadDirect(expression)
|
||||||
|
|
||||||
expression = self.cleanupPayload(expression)
|
expression = self.cleanupPayload(expression)
|
||||||
expression = unescaper.unescape(expression)
|
expression = unescaper.escape(expression)
|
||||||
query = None
|
query = None
|
||||||
|
|
||||||
if where is None and kb.technique and kb.technique in kb.injection.data:
|
if where is None and kb.technique and kb.technique in kb.injection.data:
|
||||||
|
@ -917,7 +917,7 @@ class Agent(object):
|
||||||
else:
|
else:
|
||||||
lengthExpr = lengthQuery % expression
|
lengthExpr = lengthQuery % expression
|
||||||
|
|
||||||
return unescaper.unescape(lengthExpr)
|
return unescaper.escape(lengthExpr)
|
||||||
|
|
||||||
def forgeCaseStatement(self, expression):
|
def forgeCaseStatement(self, expression):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -54,7 +54,7 @@ from lib.core.convert import unicodeencode
|
||||||
from lib.core.convert import utf8encode
|
from lib.core.convert import utf8encode
|
||||||
from lib.core.decorators import cachedmethod
|
from lib.core.decorators import cachedmethod
|
||||||
from lib.core.dicts import DBMS_DICT
|
from lib.core.dicts import DBMS_DICT
|
||||||
from lib.core.dicts import DEPRECATED_HINTS
|
from lib.core.dicts import DEPRECATED_OPTIONS
|
||||||
from lib.core.dicts import SQL_STATEMENTS
|
from lib.core.dicts import SQL_STATEMENTS
|
||||||
from lib.core.enums import ADJUST_TIME_DELAY
|
from lib.core.enums import ADJUST_TIME_DELAY
|
||||||
from lib.core.enums import CHARSET_TYPE
|
from lib.core.enums import CHARSET_TYPE
|
||||||
|
@ -84,7 +84,6 @@ from lib.core.settings import DBMS_DIRECTORY_DICT
|
||||||
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
||||||
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
||||||
from lib.core.settings import DEFAULT_MSSQL_SCHEMA
|
from lib.core.settings import DEFAULT_MSSQL_SCHEMA
|
||||||
from lib.core.settings import DEPRECATED_OPTIONS
|
|
||||||
from lib.core.settings import DESCRIPTION
|
from lib.core.settings import DESCRIPTION
|
||||||
from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
|
from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
|
||||||
from lib.core.settings import DUMMY_USER_INJECTION
|
from lib.core.settings import DUMMY_USER_INJECTION
|
||||||
|
@ -3055,8 +3054,8 @@ def checkDeprecatedOptions(args):
|
||||||
for _ in args:
|
for _ in args:
|
||||||
if _ in DEPRECATED_OPTIONS:
|
if _ in DEPRECATED_OPTIONS:
|
||||||
errMsg = "switch/option '%s' is deprecated" % _
|
errMsg = "switch/option '%s' is deprecated" % _
|
||||||
if _ in DEPRECATED_HINTS:
|
if DEPRECATED_OPTIONS[_]:
|
||||||
errMsg += " (hint: %s)" % DEPRECATED_HINTS[_]
|
errMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_]
|
||||||
raise SqlmapSyntaxException(errMsg)
|
raise SqlmapSyntaxException(errMsg)
|
||||||
|
|
||||||
def evaluateCode(code, variables=None):
|
def evaluateCode(code, variables=None):
|
||||||
|
|
|
@ -202,8 +202,9 @@ POST_HINT_CONTENT_TYPES = {
|
||||||
POST_HINT.XML: "application/xml",
|
POST_HINT.XML: "application/xml",
|
||||||
}
|
}
|
||||||
|
|
||||||
DEPRECATED_HINTS = {
|
DEPRECATED_OPTIONS = {
|
||||||
"--replicate": "use '--dump-format=SQLITE' instead",
|
"--replicate": "use '--dump-format=SQLITE' instead",
|
||||||
|
"--no-unescape": "use '--no-escape' instead",
|
||||||
}
|
}
|
||||||
|
|
||||||
DUMP_DATA_PREPROCESS = {
|
DUMP_DATA_PREPROCESS = {
|
||||||
|
|
|
@ -65,7 +65,7 @@ optDict = {
|
||||||
"invalidBignum": "boolean",
|
"invalidBignum": "boolean",
|
||||||
"invalidLogical": "boolean",
|
"invalidLogical": "boolean",
|
||||||
"noCast": "boolean",
|
"noCast": "boolean",
|
||||||
"noUnescape": "boolean",
|
"noEscape": "boolean",
|
||||||
"prefix": "string",
|
"prefix": "string",
|
||||||
"suffix": "string",
|
"suffix": "string",
|
||||||
"skip": "string",
|
"skip": "string",
|
||||||
|
|
|
@ -278,7 +278,7 @@ MYSQL_ERROR_CHUNK_LENGTH = 50
|
||||||
# Maximum length used for retrieving data over MSSQL error based payload due to trimming problems with longer result strings
|
# Maximum length used for retrieving data over MSSQL error based payload due to trimming problems with longer result strings
|
||||||
MSSQL_ERROR_CHUNK_LENGTH = 100
|
MSSQL_ERROR_CHUNK_LENGTH = 100
|
||||||
|
|
||||||
# Do not unescape the injected statement if it contains any of the following SQL words
|
# Do not escape the injected statement if it contains any of the following SQL keywords
|
||||||
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK)
|
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK)
|
||||||
|
|
||||||
# Mark used for replacement of reflected values
|
# Mark used for replacement of reflected values
|
||||||
|
@ -308,9 +308,6 @@ HASH_MOD_ITEM_DISPLAY = 11
|
||||||
# Maximum integer value
|
# Maximum integer value
|
||||||
MAX_INT = sys.maxint
|
MAX_INT = sys.maxint
|
||||||
|
|
||||||
# List of deprecated options
|
|
||||||
DEPRECATED_OPTIONS = ("--replicate",)
|
|
||||||
|
|
||||||
# Parameters to be ignored in detection phase (upper case)
|
# Parameters to be ignored in detection phase (upper case)
|
||||||
IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
|
IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
|
||||||
|
|
||||||
|
|
|
@ -11,8 +11,8 @@ from lib.core.datatype import AttribDict
|
||||||
from lib.core.settings import EXCLUDE_UNESCAPE
|
from lib.core.settings import EXCLUDE_UNESCAPE
|
||||||
|
|
||||||
class Unescaper(AttribDict):
|
class Unescaper(AttribDict):
|
||||||
def unescape(self, expression, quote=True, dbms=None):
|
def escape(self, expression, quote=True, dbms=None):
|
||||||
if conf.noUnescape:
|
if conf.noEscape:
|
||||||
return expression
|
return expression
|
||||||
|
|
||||||
if expression is None:
|
if expression is None:
|
||||||
|
|
|
@ -209,9 +209,9 @@ def cmdLineParser():
|
||||||
action="store_true",
|
action="store_true",
|
||||||
help="Turn off payload casting mechanism")
|
help="Turn off payload casting mechanism")
|
||||||
|
|
||||||
injection.add_option("--no-unescape", dest="noUnescape",
|
injection.add_option("--no-escape", dest="noEscape",
|
||||||
action="store_true",
|
action="store_true",
|
||||||
help="Turn off string unescaping mechanism")
|
help="Turn off string escaping mechanism")
|
||||||
|
|
||||||
injection.add_option("--prefix", dest="prefix",
|
injection.add_option("--prefix", dest="prefix",
|
||||||
help="Injection payload prefix string")
|
help="Injection payload prefix string")
|
||||||
|
|
|
@ -84,7 +84,7 @@ class UDF:
|
||||||
if udfName is None:
|
if udfName is None:
|
||||||
udfName = "sys_exec"
|
udfName = "sys_exec"
|
||||||
|
|
||||||
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
|
cmd = unescaper.escape(self.udfForgeCmd(cmd))
|
||||||
|
|
||||||
return inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)
|
return inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)
|
||||||
|
|
||||||
|
@ -103,7 +103,7 @@ class UDF:
|
||||||
|
|
||||||
output = new_output
|
output = new_output
|
||||||
else:
|
else:
|
||||||
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
|
cmd = unescaper.escape(self.udfForgeCmd(cmd))
|
||||||
|
|
||||||
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
|
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
|
||||||
output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
|
output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
|
||||||
|
|
|
@ -107,9 +107,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
_, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
|
_, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
|
||||||
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
|
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
|
||||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||||
expressionUnescaped = unescaper.unescape(expressionReplaced)
|
expressionUnescaped = unescaper.escape(expressionReplaced)
|
||||||
else:
|
else:
|
||||||
expressionUnescaped = unescaper.unescape(expression)
|
expressionUnescaped = unescaper.escape(expression)
|
||||||
|
|
||||||
if length and isinstance(length, basestring) and length.isdigit():
|
if length and isinstance(length, basestring) and length.isdigit():
|
||||||
length = int(length)
|
length = int(length)
|
||||||
|
@ -234,7 +234,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
else:
|
else:
|
||||||
# e.g.: ... > '%c' -> ... > ORD(..)
|
# e.g.: ... > '%c' -> ... > ORD(..)
|
||||||
markingValue = "'%s'" % CHAR_INFERENCE_MARK
|
markingValue = "'%s'" % CHAR_INFERENCE_MARK
|
||||||
unescapedCharValue = unescaper.unescape("'%s'" % decodeIntToUnicode(posValue))
|
unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
|
||||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
|
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
|
||||||
|
|
||||||
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
|
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
|
||||||
|
@ -461,7 +461,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
# it via equal against the query output
|
# it via equal against the query output
|
||||||
if commonValue is not None:
|
if commonValue is not None:
|
||||||
# One-shot query containing equals commonValue
|
# One-shot query containing equals commonValue
|
||||||
testValue = unescaper.unescape("'%s'" % commonValue) if "'" not in commonValue else unescaper.unescape("%s" % commonValue, quote=False)
|
testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False)
|
||||||
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
|
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
|
||||||
query = agent.suffixQuery(query)
|
query = agent.suffixQuery(query)
|
||||||
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
|
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
|
||||||
|
@ -483,7 +483,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
if commonPattern is not None:
|
if commonPattern is not None:
|
||||||
# Substring-query containing equals commonPattern
|
# Substring-query containing equals commonPattern
|
||||||
subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
|
subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
|
||||||
testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
|
testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False)
|
||||||
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
|
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
|
||||||
query = agent.suffixQuery(query)
|
query = agent.suffixQuery(query)
|
||||||
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
|
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
|
||||||
|
|
|
@ -66,7 +66,7 @@ def dnsUse(payload, expression):
|
||||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||||
|
|
||||||
expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsName)
|
expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsName)
|
||||||
expressionUnescaped = unescaper.unescape(expressionRequest)
|
expressionUnescaped = unescaper.escape(expressionRequest)
|
||||||
|
|
||||||
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
|
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
|
||||||
query = agent.prefixQuery("; %s" % expressionUnescaped)
|
query = agent.prefixQuery("; %s" % expressionUnescaped)
|
||||||
|
|
|
@ -88,7 +88,7 @@ def _oneShotErrorUse(expression, field=None):
|
||||||
query = agent.prefixQuery(vector)
|
query = agent.prefixQuery(vector)
|
||||||
query = agent.suffixQuery(query)
|
query = agent.suffixQuery(query)
|
||||||
injExpression = expression.replace(field, nulledCastedField, 1) if field else expression
|
injExpression = expression.replace(field, nulledCastedField, 1) if field else expression
|
||||||
injExpression = unescaper.unescape(injExpression)
|
injExpression = unescaper.escape(injExpression)
|
||||||
injExpression = query.replace("[QUERY]", injExpression)
|
injExpression = query.replace("[QUERY]", injExpression)
|
||||||
payload = agent.payload(newValue=injExpression)
|
payload = agent.payload(newValue=injExpression)
|
||||||
|
|
||||||
|
|
|
@ -172,7 +172,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
||||||
randQuery = randomStr(UNION_MIN_RESPONSE_CHARS)
|
randQuery = randomStr(UNION_MIN_RESPONSE_CHARS)
|
||||||
phrase = "%s%s%s".lower() % (kb.chars.start, randQuery, kb.chars.stop)
|
phrase = "%s%s%s".lower() % (kb.chars.start, randQuery, kb.chars.stop)
|
||||||
randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
|
randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
|
||||||
randQueryUnescaped = unescaper.unescape(randQueryProcessed)
|
randQueryUnescaped = unescaper.escape(randQueryProcessed)
|
||||||
|
|
||||||
# Forge the union SQL injection request
|
# Forge the union SQL injection request
|
||||||
query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where)
|
query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where)
|
||||||
|
@ -194,7 +194,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
||||||
randQuery2 = randomStr(UNION_MIN_RESPONSE_CHARS)
|
randQuery2 = randomStr(UNION_MIN_RESPONSE_CHARS)
|
||||||
phrase2 = "%s%s%s".lower() % (kb.chars.start, randQuery2, kb.chars.stop)
|
phrase2 = "%s%s%s".lower() % (kb.chars.start, randQuery2, kb.chars.stop)
|
||||||
randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
|
randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
|
||||||
randQueryUnescaped2 = unescaper.unescape(randQueryProcessed2)
|
randQueryUnescaped2 = unescaper.escape(randQueryProcessed2)
|
||||||
|
|
||||||
# Confirm that it is a full union SQL injection
|
# Confirm that it is a full union SQL injection
|
||||||
query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, multipleUnions=randQueryUnescaped2)
|
query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, multipleUnions=randQueryUnescaped2)
|
||||||
|
|
|
@ -58,7 +58,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
|
||||||
|
|
||||||
if retVal is None:
|
if retVal is None:
|
||||||
# Prepare expression with delimiters
|
# Prepare expression with delimiters
|
||||||
injExpression = unescaper.unescape(agent.concatQuery(expression, unpack))
|
injExpression = unescaper.escape(agent.concatQuery(expression, unpack))
|
||||||
|
|
||||||
where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None
|
where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None
|
||||||
|
|
||||||
|
|
|
@ -102,9 +102,9 @@ def pivotDumpTable(table, colList, count=None, blind=True):
|
||||||
for column in colList:
|
for column in colList:
|
||||||
def _(pivotValue):
|
def _(pivotValue):
|
||||||
if column == colList[0]:
|
if column == colList[0]:
|
||||||
query = dumpNode.query.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.unescape(pivotValue, False))
|
query = dumpNode.query.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.escape(pivotValue, False))
|
||||||
else:
|
else:
|
||||||
query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.unescape(pivotValue, False))
|
query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False))
|
||||||
|
|
||||||
return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind))
|
return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind))
|
||||||
|
|
||||||
|
|
|
@ -30,4 +30,4 @@ class AccessMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.ACCESS] = Syntax.unescape
|
unescaper[DBMS.ACCESS] = Syntax.escape
|
||||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unescape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
if quote:
|
if quote:
|
||||||
while True:
|
while True:
|
||||||
index = expression.find("'")
|
index = expression.find("'")
|
||||||
|
@ -45,26 +45,3 @@ class Syntax(GenericSyntax):
|
||||||
|
|
||||||
return expression
|
return expression
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def escape(expression):
|
|
||||||
while True:
|
|
||||||
index = expression.find("CHR(")
|
|
||||||
if index == -1:
|
|
||||||
break
|
|
||||||
|
|
||||||
firstIndex = index
|
|
||||||
index = expression[firstIndex:].find(")")
|
|
||||||
|
|
||||||
if index == -1:
|
|
||||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
|
||||||
old = expression[firstIndex:lastIndex]
|
|
||||||
oldUpper = old.upper()
|
|
||||||
oldUpper = oldUpper.lstrip("CHR(").rstrip(")")
|
|
||||||
oldUpper = oldUpper.split("&")
|
|
||||||
|
|
||||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
|
||||||
expression = expression.replace(old, escaped).replace("'&'", "")
|
|
||||||
|
|
||||||
return expression
|
|
||||||
|
|
|
@ -31,4 +31,4 @@ class DB2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeov
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.DB2] = Syntax.unescape
|
unescaper[DBMS.DB2] = Syntax.escape
|
||||||
|
|
|
@ -14,7 +14,7 @@ class Syntax(GenericSyntax):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unescape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
if expression == u"'''":
|
if expression == u"'''":
|
||||||
return "CHR(%d)" % (ord("'"))
|
return "CHR(%d)" % (ord("'"))
|
||||||
|
|
||||||
|
@ -44,29 +44,3 @@ class Syntax(GenericSyntax):
|
||||||
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
|
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
|
||||||
|
|
||||||
return expression
|
return expression
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def escape(expression):
|
|
||||||
logMsg = "escaping %s" % expression
|
|
||||||
logger.info(logMsg)
|
|
||||||
while True:
|
|
||||||
index = expression.find("CHR(")
|
|
||||||
if index == -1:
|
|
||||||
break
|
|
||||||
|
|
||||||
firstIndex = index
|
|
||||||
index = expression[firstIndex:].find(")")
|
|
||||||
|
|
||||||
if index == -1:
|
|
||||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
|
||||||
old = expression[firstIndex:lastIndex]
|
|
||||||
oldUpper = old.upper()
|
|
||||||
oldUpper = oldUpper.lstrip("CHR(").rstrip(")")
|
|
||||||
oldUpper = oldUpper.split("||")
|
|
||||||
|
|
||||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
|
||||||
expression = expression.replace(old, escaped)
|
|
||||||
|
|
||||||
return expression
|
|
||||||
|
|
|
@ -30,4 +30,4 @@ class FirebirdMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, T
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.FIREBIRD] = Syntax.unescape
|
unescaper[DBMS.FIREBIRD] = Syntax.escape
|
||||||
|
|
|
@ -14,7 +14,7 @@ class Syntax(GenericSyntax):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unescape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
if isDBMSVersionAtLeast('2.1'):
|
if isDBMSVersionAtLeast('2.1'):
|
||||||
if quote:
|
if quote:
|
||||||
while True:
|
while True:
|
||||||
|
@ -47,26 +47,3 @@ class Syntax(GenericSyntax):
|
||||||
|
|
||||||
return expression
|
return expression
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def escape(expression):
|
|
||||||
while True:
|
|
||||||
index = expression.find("ASCII_CHAR(")
|
|
||||||
if index == -1:
|
|
||||||
break
|
|
||||||
|
|
||||||
firstIndex = index
|
|
||||||
index = expression[firstIndex:].find(")")
|
|
||||||
|
|
||||||
if index == -1:
|
|
||||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
|
||||||
old = expression[firstIndex:lastIndex]
|
|
||||||
oldUpper = old.upper()
|
|
||||||
oldUpper = oldUpper.lstrip("ASCII_CHAR(").rstrip(")")
|
|
||||||
oldUpper = oldUpper.split("||")
|
|
||||||
|
|
||||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
|
||||||
expression = expression.replace(old, escaped).replace("'||'", "")
|
|
||||||
|
|
||||||
return expression
|
|
||||||
|
|
|
@ -30,4 +30,4 @@ class MaxDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.MAXDB] = Syntax.unescape
|
unescaper[DBMS.MAXDB] = Syntax.escape
|
||||||
|
|
|
@ -11,10 +11,6 @@ class Syntax(GenericSyntax):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def unescape(expression, quote=True):
|
|
||||||
return expression
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def escape(expression):
|
def escape(expression):
|
||||||
return expression
|
return expression
|
||||||
|
|
|
@ -31,4 +31,4 @@ class MSSQLServerMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.MSSQL] = Syntax.unescape
|
unescaper[DBMS.MSSQL] = Syntax.escape
|
||||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unescape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
if quote:
|
if quote:
|
||||||
while True:
|
while True:
|
||||||
index = expression.find("'")
|
index = expression.find("'")
|
||||||
|
@ -36,27 +36,3 @@ class Syntax(GenericSyntax):
|
||||||
expression = "+".join("CHAR(%d)" % ord(c) for c in expression)
|
expression = "+".join("CHAR(%d)" % ord(c) for c in expression)
|
||||||
|
|
||||||
return expression
|
return expression
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def escape(expression):
|
|
||||||
while True:
|
|
||||||
index = expression.find("CHAR(")
|
|
||||||
if index == -1:
|
|
||||||
break
|
|
||||||
|
|
||||||
firstIndex = index
|
|
||||||
index = expression[firstIndex:].find(")")
|
|
||||||
|
|
||||||
if index == -1:
|
|
||||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
|
||||||
old = expression[firstIndex:lastIndex]
|
|
||||||
oldUpper = old.upper()
|
|
||||||
oldUpper = oldUpper.replace("CHAR(", "").replace(")", "")
|
|
||||||
|
|
||||||
escaped = "'%s'" % chr(int(oldUpper))
|
|
||||||
expression = expression.replace(old, escaped)
|
|
||||||
|
|
||||||
expression = expression.replace("'+'", "")
|
|
||||||
return expression
|
|
||||||
|
|
|
@ -36,4 +36,4 @@ class MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.MYSQL] = Syntax.unescape
|
unescaper[DBMS.MYSQL] = Syntax.escape
|
||||||
|
|
|
@ -17,7 +17,7 @@ class Syntax(GenericSyntax):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unescape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
if quote:
|
if quote:
|
||||||
unescaped = expression
|
unescaped = expression
|
||||||
for item in re.findall(r"'[^']+'", expression, re.S):
|
for item in re.findall(r"'[^']+'", expression, re.S):
|
||||||
|
@ -29,31 +29,3 @@ class Syntax(GenericSyntax):
|
||||||
unescaped = "0x%s" % binascii.hexlify(expression)
|
unescaped = "0x%s" % binascii.hexlify(expression)
|
||||||
|
|
||||||
return unescaped
|
return unescaped
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def escape(expression):
|
|
||||||
while True:
|
|
||||||
index = expression.find("CHAR(")
|
|
||||||
if index == -1:
|
|
||||||
break
|
|
||||||
|
|
||||||
firstIndex = index
|
|
||||||
index = expression[firstIndex:].find(")")
|
|
||||||
|
|
||||||
if index == -1:
|
|
||||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
|
||||||
old = expression[firstIndex:lastIndex]
|
|
||||||
oldUpper = old.upper()
|
|
||||||
oldUpper = oldUpper.lstrip("CHAR(").rstrip(")")
|
|
||||||
oldUpper = oldUpper.split(",")
|
|
||||||
|
|
||||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
|
||||||
expression = expression.replace(old, escaped)
|
|
||||||
|
|
||||||
original = expression
|
|
||||||
for item in re.findall(r"0x[0-9a-fA-F]+", original, re.S):
|
|
||||||
expression = expression.replace(item, "'%s'" % binascii.unhexlify(item[2:]))
|
|
||||||
|
|
||||||
return expression
|
|
||||||
|
|
|
@ -30,4 +30,4 @@ class OracleMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.ORACLE] = Syntax.unescape
|
unescaper[DBMS.ORACLE] = Syntax.escape
|
||||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unescape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
if quote:
|
if quote:
|
||||||
while True:
|
while True:
|
||||||
index = expression.find("'")
|
index = expression.find("'")
|
||||||
|
@ -35,27 +35,3 @@ class Syntax(GenericSyntax):
|
||||||
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
|
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
|
||||||
|
|
||||||
return expression
|
return expression
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def escape(expression):
|
|
||||||
while True:
|
|
||||||
index = expression.find("CHR(")
|
|
||||||
if index == -1:
|
|
||||||
break
|
|
||||||
|
|
||||||
firstIndex = index
|
|
||||||
index = expression[firstIndex:].find("))")
|
|
||||||
|
|
||||||
if index == -1:
|
|
||||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
|
||||||
old = expression[firstIndex:lastIndex]
|
|
||||||
oldUpper = old.upper()
|
|
||||||
oldUpper = oldUpper.replace("CHR(", "").replace(")", "")
|
|
||||||
oldUpper = oldUpper.split("||")
|
|
||||||
|
|
||||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
|
||||||
expression = expression.replace(old, escaped)
|
|
||||||
|
|
||||||
return expression
|
|
||||||
|
|
|
@ -37,4 +37,4 @@ class PostgreSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous,
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.PGSQL] = Syntax.unescape
|
unescaper[DBMS.PGSQL] = Syntax.escape
|
||||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unescape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
"""
|
"""
|
||||||
Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing)
|
Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing)
|
||||||
e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text")
|
e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text")
|
||||||
|
@ -40,27 +40,3 @@ class Syntax(GenericSyntax):
|
||||||
expression = "(%s)" % "||".join("CHR(%d)" % ord(c) for c in expression)
|
expression = "(%s)" % "||".join("CHR(%d)" % ord(c) for c in expression)
|
||||||
|
|
||||||
return expression
|
return expression
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def escape(expression):
|
|
||||||
while True:
|
|
||||||
index = expression.find("CHR(")
|
|
||||||
if index == -1:
|
|
||||||
break
|
|
||||||
|
|
||||||
firstIndex = index
|
|
||||||
index = expression[firstIndex:].find("))")
|
|
||||||
|
|
||||||
if index == -1:
|
|
||||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
|
||||||
old = expression[firstIndex:lastIndex]
|
|
||||||
oldUpper = old.upper()
|
|
||||||
oldUpper = oldUpper.replace("CHR(", "").replace(")", "")
|
|
||||||
oldUpper = oldUpper.split("||")
|
|
||||||
|
|
||||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
|
||||||
expression = expression.replace(old, escaped)
|
|
||||||
|
|
||||||
return expression
|
|
||||||
|
|
|
@ -30,4 +30,4 @@ class SQLiteMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.SQLITE] = Syntax.unescape
|
unescaper[DBMS.SQLITE] = Syntax.escape
|
||||||
|
|
|
@ -17,7 +17,7 @@ class Syntax(GenericSyntax):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unescape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
unescaped = expression
|
unescaped = expression
|
||||||
|
|
||||||
if isDBMSVersionAtLeast('3'):
|
if isDBMSVersionAtLeast('3'):
|
||||||
|
@ -28,30 +28,3 @@ class Syntax(GenericSyntax):
|
||||||
unescaped = "X'%s'" % binascii.hexlify(expression)
|
unescaped = "X'%s'" % binascii.hexlify(expression)
|
||||||
|
|
||||||
return unescaped
|
return unescaped
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def escape(expression):
|
|
||||||
# Example on SQLite 3, not supported on SQLite 2:
|
|
||||||
# select X'48'||X'656c6c6f20576f726c6400'; -- Hello World
|
|
||||||
while True:
|
|
||||||
index = expression.find("X'")
|
|
||||||
if index == -1:
|
|
||||||
break
|
|
||||||
|
|
||||||
firstIndex = index
|
|
||||||
index = expression[firstIndex + 2:].find("'")
|
|
||||||
|
|
||||||
if index == -1:
|
|
||||||
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
|
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 3
|
|
||||||
old = expression[firstIndex:lastIndex]
|
|
||||||
oldUpper = old.upper()
|
|
||||||
oldUpper = oldUpper.replace("X'", "").replace("'", "")
|
|
||||||
|
|
||||||
for i in xrange(len(oldUpper) / 2):
|
|
||||||
char = oldUpper[i * 2:i * 2 + 2]
|
|
||||||
escaped = "'%s'" % chr(int(char, 16))
|
|
||||||
expression = expression.replace(old, escaped)
|
|
||||||
|
|
||||||
return expression
|
|
||||||
|
|
|
@ -30,4 +30,4 @@ class SybaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak
|
||||||
Miscellaneous.__init__(self)
|
Miscellaneous.__init__(self)
|
||||||
Takeover.__init__(self)
|
Takeover.__init__(self)
|
||||||
|
|
||||||
unescaper[DBMS.SYBASE] = Syntax.unescape
|
unescaper[DBMS.SYBASE] = Syntax.escape
|
||||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
||||||
GenericSyntax.__init__(self)
|
GenericSyntax.__init__(self)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def unescape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
if quote:
|
if quote:
|
||||||
while True:
|
while True:
|
||||||
index = expression.find("'")
|
index = expression.find("'")
|
||||||
|
@ -35,27 +35,3 @@ class Syntax(GenericSyntax):
|
||||||
expression = "+".join("CHAR(%d)" % ord(c) for c in expression)
|
expression = "+".join("CHAR(%d)" % ord(c) for c in expression)
|
||||||
|
|
||||||
return expression
|
return expression
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def escape(expression):
|
|
||||||
while True:
|
|
||||||
index = expression.find("CHAR(")
|
|
||||||
if index == -1:
|
|
||||||
break
|
|
||||||
|
|
||||||
firstIndex = index
|
|
||||||
index = expression[firstIndex:].find("))")
|
|
||||||
|
|
||||||
if index == -1:
|
|
||||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
|
||||||
|
|
||||||
lastIndex = firstIndex + index + 1
|
|
||||||
old = expression[firstIndex:lastIndex]
|
|
||||||
oldUpper = old.upper()
|
|
||||||
oldUpper = oldUpper.replace("CHAR(", "").replace(")", "")
|
|
||||||
oldUpper = oldUpper.split("+")
|
|
||||||
|
|
||||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
|
||||||
expression = expression.replace(old, escaped)
|
|
||||||
|
|
||||||
return expression
|
|
||||||
|
|
|
@ -15,14 +15,8 @@ class Syntax:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def unescape(expression, quote=True):
|
|
||||||
errMsg = "'unescape' method must be defined "
|
|
||||||
errMsg += "into the specific DBMS plugin"
|
|
||||||
raise SqlmapUndefinedMethod(errMsg)
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def escape(expression):
|
def escape(expression):
|
||||||
errMsg = "'escape' method must be defined "
|
errMsg = "'escape' method must be defined "
|
||||||
errMsg += "into the specific DBMS plugin"
|
errMsg += "inside the specific DBMS plugin"
|
||||||
raise SqlmapUndefinedMethod(errMsg)
|
raise SqlmapUndefinedMethod(errMsg)
|
||||||
|
|
|
@ -207,9 +207,9 @@ invalidLogical = False
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
noCast = False
|
noCast = False
|
||||||
|
|
||||||
# Turn off string unescaping mechanism
|
# Turn off string escaping mechanism
|
||||||
# Valid: True or False
|
# Valid: True or False
|
||||||
noUnescape = False
|
noEscape = False
|
||||||
|
|
||||||
# Injection payload prefix string.
|
# Injection payload prefix string.
|
||||||
prefix =
|
prefix =
|
||||||
|
|
Loading…
Reference in New Issue
Block a user