mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Unescaping is renamed to escaping
This commit is contained in:
parent
c717de9c9d
commit
601eb1e49a
|
@ -55,7 +55,7 @@ _arguments -C -s \
|
|||
'(--invalid-bignum)'--invalid-bignum'[Use big numbers for invalidating values]' \
|
||||
'(--invalid-logical)'--invalid-logical'[Use logical operations for invalidating values]' \
|
||||
'(--no-cast)'--no-cast'[Turn off payload casting mechanism]' \
|
||||
'(--no-unescape)'--no-unescape'[Turn off string unescaping mechanism]' \
|
||||
'(--no-escape)'--no-unescape'[Turn off string escaping mechanism]' \
|
||||
'(--prefix)'--prefix=-'[Injection payload prefix string]:PREFIX' \
|
||||
'(--suffix)'--suffix=-'[Injection payload suffix string]:SUFFIX' \
|
||||
'(--skip)'--skip=-'[Skip testing for given parameter(s)]:SKIP' \
|
||||
|
|
|
@ -157,7 +157,7 @@ class Agent(object):
|
|||
return self.payloadDirect(expression)
|
||||
|
||||
expression = self.cleanupPayload(expression)
|
||||
expression = unescaper.unescape(expression)
|
||||
expression = unescaper.escape(expression)
|
||||
query = None
|
||||
|
||||
if where is None and kb.technique and kb.technique in kb.injection.data:
|
||||
|
@ -917,7 +917,7 @@ class Agent(object):
|
|||
else:
|
||||
lengthExpr = lengthQuery % expression
|
||||
|
||||
return unescaper.unescape(lengthExpr)
|
||||
return unescaper.escape(lengthExpr)
|
||||
|
||||
def forgeCaseStatement(self, expression):
|
||||
"""
|
||||
|
|
|
@ -54,7 +54,7 @@ from lib.core.convert import unicodeencode
|
|||
from lib.core.convert import utf8encode
|
||||
from lib.core.decorators import cachedmethod
|
||||
from lib.core.dicts import DBMS_DICT
|
||||
from lib.core.dicts import DEPRECATED_HINTS
|
||||
from lib.core.dicts import DEPRECATED_OPTIONS
|
||||
from lib.core.dicts import SQL_STATEMENTS
|
||||
from lib.core.enums import ADJUST_TIME_DELAY
|
||||
from lib.core.enums import CHARSET_TYPE
|
||||
|
@ -84,7 +84,6 @@ from lib.core.settings import DBMS_DIRECTORY_DICT
|
|||
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
|
||||
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
||||
from lib.core.settings import DEFAULT_MSSQL_SCHEMA
|
||||
from lib.core.settings import DEPRECATED_OPTIONS
|
||||
from lib.core.settings import DESCRIPTION
|
||||
from lib.core.settings import DUMMY_SQL_INJECTION_CHARS
|
||||
from lib.core.settings import DUMMY_USER_INJECTION
|
||||
|
@ -3055,8 +3054,8 @@ def checkDeprecatedOptions(args):
|
|||
for _ in args:
|
||||
if _ in DEPRECATED_OPTIONS:
|
||||
errMsg = "switch/option '%s' is deprecated" % _
|
||||
if _ in DEPRECATED_HINTS:
|
||||
errMsg += " (hint: %s)" % DEPRECATED_HINTS[_]
|
||||
if DEPRECATED_OPTIONS[_]:
|
||||
errMsg += " (hint: %s)" % DEPRECATED_OPTIONS[_]
|
||||
raise SqlmapSyntaxException(errMsg)
|
||||
|
||||
def evaluateCode(code, variables=None):
|
||||
|
|
|
@ -202,9 +202,10 @@ POST_HINT_CONTENT_TYPES = {
|
|||
POST_HINT.XML: "application/xml",
|
||||
}
|
||||
|
||||
DEPRECATED_HINTS = {
|
||||
DEPRECATED_OPTIONS = {
|
||||
"--replicate": "use '--dump-format=SQLITE' instead",
|
||||
}
|
||||
"--no-unescape": "use '--no-escape' instead",
|
||||
}
|
||||
|
||||
DUMP_DATA_PREPROCESS = {
|
||||
DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"}, # Reference: https://www.tibcommunity.com/docs/DOC-3643
|
||||
|
|
|
@ -65,7 +65,7 @@ optDict = {
|
|||
"invalidBignum": "boolean",
|
||||
"invalidLogical": "boolean",
|
||||
"noCast": "boolean",
|
||||
"noUnescape": "boolean",
|
||||
"noEscape": "boolean",
|
||||
"prefix": "string",
|
||||
"suffix": "string",
|
||||
"skip": "string",
|
||||
|
|
|
@ -278,7 +278,7 @@ MYSQL_ERROR_CHUNK_LENGTH = 50
|
|||
# Maximum length used for retrieving data over MSSQL error based payload due to trimming problems with longer result strings
|
||||
MSSQL_ERROR_CHUNK_LENGTH = 100
|
||||
|
||||
# Do not unescape the injected statement if it contains any of the following SQL words
|
||||
# Do not escape the injected statement if it contains any of the following SQL keywords
|
||||
EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", "'%s'" % CHAR_INFERENCE_MARK)
|
||||
|
||||
# Mark used for replacement of reflected values
|
||||
|
@ -308,9 +308,6 @@ HASH_MOD_ITEM_DISPLAY = 11
|
|||
# Maximum integer value
|
||||
MAX_INT = sys.maxint
|
||||
|
||||
# List of deprecated options
|
||||
DEPRECATED_OPTIONS = ("--replicate",)
|
||||
|
||||
# Parameters to be ignored in detection phase (upper case)
|
||||
IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
|
||||
|
||||
|
|
|
@ -11,8 +11,8 @@ from lib.core.datatype import AttribDict
|
|||
from lib.core.settings import EXCLUDE_UNESCAPE
|
||||
|
||||
class Unescaper(AttribDict):
|
||||
def unescape(self, expression, quote=True, dbms=None):
|
||||
if conf.noUnescape:
|
||||
def escape(self, expression, quote=True, dbms=None):
|
||||
if conf.noEscape:
|
||||
return expression
|
||||
|
||||
if expression is None:
|
||||
|
|
|
@ -209,9 +209,9 @@ def cmdLineParser():
|
|||
action="store_true",
|
||||
help="Turn off payload casting mechanism")
|
||||
|
||||
injection.add_option("--no-unescape", dest="noUnescape",
|
||||
injection.add_option("--no-escape", dest="noEscape",
|
||||
action="store_true",
|
||||
help="Turn off string unescaping mechanism")
|
||||
help="Turn off string escaping mechanism")
|
||||
|
||||
injection.add_option("--prefix", dest="prefix",
|
||||
help="Injection payload prefix string")
|
||||
|
|
|
@ -84,7 +84,7 @@ class UDF:
|
|||
if udfName is None:
|
||||
udfName = "sys_exec"
|
||||
|
||||
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
|
||||
cmd = unescaper.escape(self.udfForgeCmd(cmd))
|
||||
|
||||
return inject.goStacked("SELECT %s(%s)" % (udfName, cmd), silent)
|
||||
|
||||
|
@ -103,7 +103,7 @@ class UDF:
|
|||
|
||||
output = new_output
|
||||
else:
|
||||
cmd = unescaper.unescape(self.udfForgeCmd(cmd))
|
||||
cmd = unescaper.escape(self.udfForgeCmd(cmd))
|
||||
|
||||
inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
|
||||
output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
|
||||
|
|
|
@ -107,9 +107,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
_, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression)
|
||||
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
|
||||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||
expressionUnescaped = unescaper.unescape(expressionReplaced)
|
||||
expressionUnescaped = unescaper.escape(expressionReplaced)
|
||||
else:
|
||||
expressionUnescaped = unescaper.unescape(expression)
|
||||
expressionUnescaped = unescaper.escape(expression)
|
||||
|
||||
if length and isinstance(length, basestring) and length.isdigit():
|
||||
length = int(length)
|
||||
|
@ -234,7 +234,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
else:
|
||||
# e.g.: ... > '%c' -> ... > ORD(..)
|
||||
markingValue = "'%s'" % CHAR_INFERENCE_MARK
|
||||
unescapedCharValue = unescaper.unescape("'%s'" % decodeIntToUnicode(posValue))
|
||||
unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
|
||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
|
||||
|
||||
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
|
||||
|
@ -461,7 +461,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
# it via equal against the query output
|
||||
if commonValue is not None:
|
||||
# One-shot query containing equals commonValue
|
||||
testValue = unescaper.unescape("'%s'" % commonValue) if "'" not in commonValue else unescaper.unescape("%s" % commonValue, quote=False)
|
||||
testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False)
|
||||
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
|
||||
query = agent.suffixQuery(query)
|
||||
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
|
||||
|
@ -483,7 +483,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
if commonPattern is not None:
|
||||
# Substring-query containing equals commonPattern
|
||||
subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
|
||||
testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
|
||||
testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False)
|
||||
query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
|
||||
query = agent.suffixQuery(query)
|
||||
result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
|
||||
|
|
|
@ -66,7 +66,7 @@ def dnsUse(payload, expression):
|
|||
expressionReplaced = expression.replace(fieldToCastStr, nulledCastedField, 1)
|
||||
|
||||
expressionRequest = getSQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dnsName)
|
||||
expressionUnescaped = unescaper.unescape(expressionRequest)
|
||||
expressionUnescaped = unescaper.escape(expressionRequest)
|
||||
|
||||
if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
|
||||
query = agent.prefixQuery("; %s" % expressionUnescaped)
|
||||
|
|
|
@ -88,7 +88,7 @@ def _oneShotErrorUse(expression, field=None):
|
|||
query = agent.prefixQuery(vector)
|
||||
query = agent.suffixQuery(query)
|
||||
injExpression = expression.replace(field, nulledCastedField, 1) if field else expression
|
||||
injExpression = unescaper.unescape(injExpression)
|
||||
injExpression = unescaper.escape(injExpression)
|
||||
injExpression = query.replace("[QUERY]", injExpression)
|
||||
payload = agent.payload(newValue=injExpression)
|
||||
|
||||
|
|
|
@ -172,7 +172,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
|||
randQuery = randomStr(UNION_MIN_RESPONSE_CHARS)
|
||||
phrase = "%s%s%s".lower() % (kb.chars.start, randQuery, kb.chars.stop)
|
||||
randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
|
||||
randQueryUnescaped = unescaper.unescape(randQueryProcessed)
|
||||
randQueryUnescaped = unescaper.escape(randQueryProcessed)
|
||||
|
||||
# Forge the union SQL injection request
|
||||
query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where)
|
||||
|
@ -194,7 +194,7 @@ def _unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLO
|
|||
randQuery2 = randomStr(UNION_MIN_RESPONSE_CHARS)
|
||||
phrase2 = "%s%s%s".lower() % (kb.chars.start, randQuery2, kb.chars.stop)
|
||||
randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
|
||||
randQueryUnescaped2 = unescaper.unescape(randQueryProcessed2)
|
||||
randQueryUnescaped2 = unescaper.escape(randQueryProcessed2)
|
||||
|
||||
# Confirm that it is a full union SQL injection
|
||||
query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, multipleUnions=randQueryUnescaped2)
|
||||
|
|
|
@ -58,7 +58,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
|
|||
|
||||
if retVal is None:
|
||||
# Prepare expression with delimiters
|
||||
injExpression = unescaper.unescape(agent.concatQuery(expression, unpack))
|
||||
injExpression = unescaper.escape(agent.concatQuery(expression, unpack))
|
||||
|
||||
where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None
|
||||
|
||||
|
|
|
@ -102,9 +102,9 @@ def pivotDumpTable(table, colList, count=None, blind=True):
|
|||
for column in colList:
|
||||
def _(pivotValue):
|
||||
if column == colList[0]:
|
||||
query = dumpNode.query.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.unescape(pivotValue, False))
|
||||
query = dumpNode.query.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, column), unescaper.escape(pivotValue, False))
|
||||
else:
|
||||
query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.unescape(pivotValue, False))
|
||||
query = dumpNode.query2.replace("'%s'", "%s") % (agent.preprocessField(table, column), table, agent.preprocessField(table, colList[0]), unescaper.escape(pivotValue, False))
|
||||
|
||||
return unArrayizeValue(inject.getValue(query, blind=blind, time=blind, union=not blind, error=not blind))
|
||||
|
||||
|
|
|
@ -30,4 +30,4 @@ class AccessMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.ACCESS] = Syntax.unescape
|
||||
unescaper[DBMS.ACCESS] = Syntax.escape
|
||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
|||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
def escape(expression, quote=True):
|
||||
if quote:
|
||||
while True:
|
||||
index = expression.find("'")
|
||||
|
@ -45,26 +45,3 @@ class Syntax(GenericSyntax):
|
|||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
while True:
|
||||
index = expression.find("CHR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find(")")
|
||||
|
||||
if index == -1:
|
||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.lstrip("CHR(").rstrip(")")
|
||||
oldUpper = oldUpper.split("&")
|
||||
|
||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
||||
expression = expression.replace(old, escaped).replace("'&'", "")
|
||||
|
||||
return expression
|
||||
|
|
|
@ -31,4 +31,4 @@ class DB2Map(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Takeov
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.DB2] = Syntax.unescape
|
||||
unescaper[DBMS.DB2] = Syntax.escape
|
||||
|
|
|
@ -14,7 +14,7 @@ class Syntax(GenericSyntax):
|
|||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
def escape(expression, quote=True):
|
||||
if expression == u"'''":
|
||||
return "CHR(%d)" % (ord("'"))
|
||||
|
||||
|
@ -44,29 +44,3 @@ class Syntax(GenericSyntax):
|
|||
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
|
||||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
logMsg = "escaping %s" % expression
|
||||
logger.info(logMsg)
|
||||
while True:
|
||||
index = expression.find("CHR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find(")")
|
||||
|
||||
if index == -1:
|
||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.lstrip("CHR(").rstrip(")")
|
||||
oldUpper = oldUpper.split("||")
|
||||
|
||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
||||
expression = expression.replace(old, escaped)
|
||||
|
||||
return expression
|
||||
|
|
|
@ -30,4 +30,4 @@ class FirebirdMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, T
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.FIREBIRD] = Syntax.unescape
|
||||
unescaper[DBMS.FIREBIRD] = Syntax.escape
|
||||
|
|
|
@ -14,7 +14,7 @@ class Syntax(GenericSyntax):
|
|||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
def escape(expression, quote=True):
|
||||
if isDBMSVersionAtLeast('2.1'):
|
||||
if quote:
|
||||
while True:
|
||||
|
@ -47,26 +47,3 @@ class Syntax(GenericSyntax):
|
|||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
while True:
|
||||
index = expression.find("ASCII_CHAR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find(")")
|
||||
|
||||
if index == -1:
|
||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.lstrip("ASCII_CHAR(").rstrip(")")
|
||||
oldUpper = oldUpper.split("||")
|
||||
|
||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
||||
expression = expression.replace(old, escaped).replace("'||'", "")
|
||||
|
||||
return expression
|
||||
|
|
|
@ -30,4 +30,4 @@ class MaxDBMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.MAXDB] = Syntax.unescape
|
||||
unescaper[DBMS.MAXDB] = Syntax.escape
|
||||
|
|
|
@ -11,10 +11,6 @@ class Syntax(GenericSyntax):
|
|||
def __init__(self):
|
||||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
return expression
|
||||
|
|
|
@ -31,4 +31,4 @@ class MSSQLServerMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.MSSQL] = Syntax.unescape
|
||||
unescaper[DBMS.MSSQL] = Syntax.escape
|
||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
|||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
def escape(expression, quote=True):
|
||||
if quote:
|
||||
while True:
|
||||
index = expression.find("'")
|
||||
|
@ -36,27 +36,3 @@ class Syntax(GenericSyntax):
|
|||
expression = "+".join("CHAR(%d)" % ord(c) for c in expression)
|
||||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
while True:
|
||||
index = expression.find("CHAR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find(")")
|
||||
|
||||
if index == -1:
|
||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.replace("CHAR(", "").replace(")", "")
|
||||
|
||||
escaped = "'%s'" % chr(int(oldUpper))
|
||||
expression = expression.replace(old, escaped)
|
||||
|
||||
expression = expression.replace("'+'", "")
|
||||
return expression
|
||||
|
|
|
@ -36,4 +36,4 @@ class MySQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Take
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.MYSQL] = Syntax.unescape
|
||||
unescaper[DBMS.MYSQL] = Syntax.escape
|
||||
|
|
|
@ -17,7 +17,7 @@ class Syntax(GenericSyntax):
|
|||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
def escape(expression, quote=True):
|
||||
if quote:
|
||||
unescaped = expression
|
||||
for item in re.findall(r"'[^']+'", expression, re.S):
|
||||
|
@ -29,31 +29,3 @@ class Syntax(GenericSyntax):
|
|||
unescaped = "0x%s" % binascii.hexlify(expression)
|
||||
|
||||
return unescaped
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
while True:
|
||||
index = expression.find("CHAR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find(")")
|
||||
|
||||
if index == -1:
|
||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.lstrip("CHAR(").rstrip(")")
|
||||
oldUpper = oldUpper.split(",")
|
||||
|
||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
||||
expression = expression.replace(old, escaped)
|
||||
|
||||
original = expression
|
||||
for item in re.findall(r"0x[0-9a-fA-F]+", original, re.S):
|
||||
expression = expression.replace(item, "'%s'" % binascii.unhexlify(item[2:]))
|
||||
|
||||
return expression
|
||||
|
|
|
@ -30,4 +30,4 @@ class OracleMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.ORACLE] = Syntax.unescape
|
||||
unescaper[DBMS.ORACLE] = Syntax.escape
|
||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
|||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
def escape(expression, quote=True):
|
||||
if quote:
|
||||
while True:
|
||||
index = expression.find("'")
|
||||
|
@ -35,27 +35,3 @@ class Syntax(GenericSyntax):
|
|||
expression = "||".join("CHR(%d)" % ord(c) for c in expression)
|
||||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
while True:
|
||||
index = expression.find("CHR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find("))")
|
||||
|
||||
if index == -1:
|
||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.replace("CHR(", "").replace(")", "")
|
||||
oldUpper = oldUpper.split("||")
|
||||
|
||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
||||
expression = expression.replace(old, escaped)
|
||||
|
||||
return expression
|
||||
|
|
|
@ -37,4 +37,4 @@ class PostgreSQLMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous,
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.PGSQL] = Syntax.unescape
|
||||
unescaper[DBMS.PGSQL] = Syntax.escape
|
||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
|||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
def escape(expression, quote=True):
|
||||
"""
|
||||
Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing)
|
||||
e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text")
|
||||
|
@ -40,27 +40,3 @@ class Syntax(GenericSyntax):
|
|||
expression = "(%s)" % "||".join("CHR(%d)" % ord(c) for c in expression)
|
||||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
while True:
|
||||
index = expression.find("CHR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find("))")
|
||||
|
||||
if index == -1:
|
||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.replace("CHR(", "").replace(")", "")
|
||||
oldUpper = oldUpper.split("||")
|
||||
|
||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
||||
expression = expression.replace(old, escaped)
|
||||
|
||||
return expression
|
||||
|
|
|
@ -30,4 +30,4 @@ class SQLiteMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.SQLITE] = Syntax.unescape
|
||||
unescaper[DBMS.SQLITE] = Syntax.escape
|
||||
|
|
|
@ -17,7 +17,7 @@ class Syntax(GenericSyntax):
|
|||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
def escape(expression, quote=True):
|
||||
unescaped = expression
|
||||
|
||||
if isDBMSVersionAtLeast('3'):
|
||||
|
@ -28,30 +28,3 @@ class Syntax(GenericSyntax):
|
|||
unescaped = "X'%s'" % binascii.hexlify(expression)
|
||||
|
||||
return unescaped
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
# Example on SQLite 3, not supported on SQLite 2:
|
||||
# select X'48'||X'656c6c6f20576f726c6400'; -- Hello World
|
||||
while True:
|
||||
index = expression.find("X'")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex + 2:].find("'")
|
||||
|
||||
if index == -1:
|
||||
raise SqlmapSyntaxException("Unenclosed ' in '%s'" % expression)
|
||||
|
||||
lastIndex = firstIndex + index + 3
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.replace("X'", "").replace("'", "")
|
||||
|
||||
for i in xrange(len(oldUpper) / 2):
|
||||
char = oldUpper[i * 2:i * 2 + 2]
|
||||
escaped = "'%s'" % chr(int(char, 16))
|
||||
expression = expression.replace(old, escaped)
|
||||
|
||||
return expression
|
||||
|
|
|
@ -30,4 +30,4 @@ class SybaseMap(Syntax, Fingerprint, Enumeration, Filesystem, Miscellaneous, Tak
|
|||
Miscellaneous.__init__(self)
|
||||
Takeover.__init__(self)
|
||||
|
||||
unescaper[DBMS.SYBASE] = Syntax.unescape
|
||||
unescaper[DBMS.SYBASE] = Syntax.escape
|
||||
|
|
|
@ -13,7 +13,7 @@ class Syntax(GenericSyntax):
|
|||
GenericSyntax.__init__(self)
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
def escape(expression, quote=True):
|
||||
if quote:
|
||||
while True:
|
||||
index = expression.find("'")
|
||||
|
@ -35,27 +35,3 @@ class Syntax(GenericSyntax):
|
|||
expression = "+".join("CHAR(%d)" % ord(c) for c in expression)
|
||||
|
||||
return expression
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
while True:
|
||||
index = expression.find("CHAR(")
|
||||
if index == -1:
|
||||
break
|
||||
|
||||
firstIndex = index
|
||||
index = expression[firstIndex:].find("))")
|
||||
|
||||
if index == -1:
|
||||
raise SqlmapSyntaxException("Unenclosed ) in '%s'" % expression)
|
||||
|
||||
lastIndex = firstIndex + index + 1
|
||||
old = expression[firstIndex:lastIndex]
|
||||
oldUpper = old.upper()
|
||||
oldUpper = oldUpper.replace("CHAR(", "").replace(")", "")
|
||||
oldUpper = oldUpper.split("+")
|
||||
|
||||
escaped = "'%s'" % "".join(chr(int(char)) for char in oldUpper)
|
||||
expression = expression.replace(old, escaped)
|
||||
|
||||
return expression
|
||||
|
|
|
@ -15,14 +15,8 @@ class Syntax:
|
|||
def __init__(self):
|
||||
pass
|
||||
|
||||
@staticmethod
|
||||
def unescape(expression, quote=True):
|
||||
errMsg = "'unescape' method must be defined "
|
||||
errMsg += "into the specific DBMS plugin"
|
||||
raise SqlmapUndefinedMethod(errMsg)
|
||||
|
||||
@staticmethod
|
||||
def escape(expression):
|
||||
errMsg = "'escape' method must be defined "
|
||||
errMsg += "into the specific DBMS plugin"
|
||||
errMsg += "inside the specific DBMS plugin"
|
||||
raise SqlmapUndefinedMethod(errMsg)
|
||||
|
|
|
@ -207,9 +207,9 @@ invalidLogical = False
|
|||
# Valid: True or False
|
||||
noCast = False
|
||||
|
||||
# Turn off string unescaping mechanism
|
||||
# Turn off string escaping mechanism
|
||||
# Valid: True or False
|
||||
noUnescape = False
|
||||
noEscape = False
|
||||
|
||||
# Injection payload prefix string.
|
||||
prefix =
|
||||
|
|
Loading…
Reference in New Issue
Block a user