From 8e03f4db0f8f313a1c967d7f3f33e7cddcb906ae Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 9 Jan 2015 15:33:53 +0100 Subject: [PATCH] Patch for an Issue #1062 --- lib/core/settings.py | 3 +++ lib/request/connect.py | 38 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index c0a6ae523..3d1460c3b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -611,6 +611,9 @@ MIN_ENCODED_LEN_CHECK = 5 # Timeout in seconds in which Metasploit remote session has to be initialized METASPLOIT_SESSION_TIMEOUT = 300 +# Suffix used to mark variables having keyword names +EVALCODE_KEYWORD_SUFFIX = "_KEYWORD" + # Reference: http://www.cookiecentral.com/faq/#3.5 NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File." diff --git a/lib/request/connect.py b/lib/request/connect.py index fa17c28a9..9c9b097f3 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -5,8 +5,10 @@ Copyright (c) 2006-2015 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """ +import compiler import httplib import json +import keyword import logging import re import socket @@ -72,6 +74,7 @@ from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import DEFAULT_CONTENT_TYPE from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER +from lib.core.settings import EVALCODE_KEYWORD_SUFFIX from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE @@ -831,23 +834,54 @@ class Connect(object): delimiter = conf.paramDel or DEFAULT_GET_POST_DELIMITER variables = {"uri": uri} originals = {} + keywords = keyword.kwlist for item in filter(None, (get, post if not kb.postHint else None)): for part in item.split(delimiter): if '=' in part: name, value = part.split('=', 1) + name = name.strip() + if name in keywords: + name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX) value = urldecode(value, convall=True, plusspace=(item==post and kb.postSpaceToPlus)) - evaluateCode("%s=%s" % (name.strip(), repr(value)), variables) + evaluateCode("%s=%s" % (name, repr(value)), variables) if cookie: for part in cookie.split(conf.cookieDel or DEFAULT_COOKIE_DELIMITER): if '=' in part: name, value = part.split('=', 1) + name = name.strip() + if name in keywords: + name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX) value = urldecode(value, convall=True) - evaluateCode("%s=%s" % (name.strip(), repr(value)), variables) + evaluateCode("%s=%s" % (name, repr(value)), variables) + + while True: + try: + compiler.parse(conf.evalCode.replace(';', '\n')) + except SyntaxError, ex: + original = replacement = ex.text.strip() + for _ in re.findall(r"[A-Za-z_]+", original)[::-1]: + if _ in keywords: + replacement = replacement.replace(_, "%s%s" % (_, EVALCODE_KEYWORD_SUFFIX)) + break + if original == replacement: + conf.evalCode = conf.evalCode.replace(EVALCODE_KEYWORD_SUFFIX, "") + break + else: + conf.evalCode = conf.evalCode.replace(ex.text.strip(), replacement) + else: + break originals.update(variables) evaluateCode(conf.evalCode, variables) + + for variable in variables.keys(): + if variable.endswith(EVALCODE_KEYWORD_SUFFIX): + value = variables[variable] + del variables[variable] + variables[variable.replace(EVALCODE_KEYWORD_SUFFIX, "")] = value + uri = variables["uri"] for name, value in variables.items():