From 65b2b0ad879742c6d4f56059794dc0da86bcb7f7 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 21 Nov 2011 16:41:02 +0000 Subject: [PATCH] adding switch --eval --- lib/core/common.py | 9 ++++++++- lib/core/option.py | 3 ++- lib/core/optiondict.py | 3 ++- lib/parse/cmdline.py | 3 +++ lib/request/connect.py | 26 ++++++++++++++++++++++++++ lib/request/inject.py | 2 ++ sqlmap.conf | 4 ++++ 7 files changed, 47 insertions(+), 3 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 180e27442..5e4086d78 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -3135,4 +3135,11 @@ def getHostHeader(url): if any(map(lambda x: retVal.endswith(':%d' % x), [80, 443])): retVal = retVal.split(':')[0] - return retVal \ No newline at end of file + return retVal + +def executeCode(code, variables=None): + try: + exec(code, variables) + except Exception, ex: + errMsg = "an error occured while evaluating provided code ('%s'). " % ex + raise sqlmapGenericException, errMsg diff --git a/lib/core/option.py b/lib/core/option.py index 6a0ff5b39..f9707113d 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1402,7 +1402,6 @@ def __setKnowledgeBaseAttributes(flushAll=True): kb.dynamicMarkings = [] kb.dynamicParameters = False kb.endDetection = False - kb.httpErrorCodes = {} kb.explicitSettings = set() kb.errorIsNone = True kb.forcedDbms = None @@ -1411,6 +1410,8 @@ def __setKnowledgeBaseAttributes(flushAll=True): kb.heuristicTest = None kb.hintValue = None kb.htmlFp = [] + kb.httpErrorCodes = {} + kb.inferenceMode = False kb.ignoreTimeout = False kb.injection = InjectionDict() kb.injections = [] diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index dee75b5df..b25d36d51 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -44,7 +44,8 @@ optDict = { "retries": "integer", "scope": "string", "safUrl": "string", - "saFreq": "integer" + "saFreq": "integer", + "evalCode": "string" }, "Optimization": { diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 58526d70e..6b108a428 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -140,6 +140,9 @@ def cmdLineParser(): request.add_option("--safe-freq", dest="saFreq", type="int", help="Test requests between two visits to a given safe url") + request.add_option("--eval", dest="evalCode", + help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(str(id)).hexdigest()\")") + # Optimization options optimization = OptionGroup(parser, "Optimization", "These " "options can be used to optimize the " diff --git a/lib/request/connect.py b/lib/request/connect.py index 8be1c4f26..00a07b51c 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -22,6 +22,7 @@ from lib.core.common import average from lib.core.common import calculateDeltaSeconds from lib.core.common import clearConsoleLine from lib.core.common import cpuThrottle +from lib.core.common import executeCode from lib.core.common import extractRegexResult from lib.core.common import getCurrentThreadData from lib.core.common import getFilteredPageContent @@ -603,6 +604,31 @@ class Connect: elif item == PLACE.COOKIE and cookie: cookie = _randomizeParameter(cookie, randomParameter) + if conf.evalCode: + variables = {} + originals = {} + + if get: + executeCode(get.replace("&", ";"), variables) + if post: + executeCode(post.replace("&", ";"), variables) + + originals.update(variables) + executeCode(conf.evalCode, variables) + + for name, value in variables.items(): + if name != "__builtins__" and originals.get(name, "") != value: + if isinstance(value, (basestring, int)): + value = unicode(value) + if '%s=' % name in (get or ""): + get = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, get) + elif '%s=' % name in (post or ""): + post = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, post) + elif post: + post += "&%s=%s" % (name, value) + else: + get += "&%s=%s" % (name, value) + get = urlencode(get, limit=True) if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE): post = getattr(post, UNENCODED_ORIGINAL_VALUE) diff --git a/lib/request/inject.py b/lib/request/inject.py index e40e1279c..5254f5e85 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -63,7 +63,9 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression)) + kb.inferenceMode = True count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump) + kb.inferenceMode = False if not kb.bruteMode: debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start)) diff --git a/sqlmap.conf b/sqlmap.conf index 8ac6e9d7c..f34607eeb 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -130,6 +130,10 @@ safUrl = # Default: 0 saFreq = 0 +# Evaluate provided Python code before the request +# Example: import hashlib;id2=hashlib.md5(str(id)).hexdigest() +evalCode = + # These options can be used to optimize the performance of sqlmap. [Optimization]