sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

refactoring regarding injection place (more left)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-08 08:02:36 +00:00
parent 0482e02c37
commit 8e44aa605a
6 changed files with 47 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/core/agent.py
View File

@ -21,6 +21,7 @@ from lib.core.data import kb
from lib.core.data import queries
from lib.core.datatype import advancedDict
from lib.core.exception import sqlmapNoneDataException
from lib.core.place import PLACE
from lib.core.settings import DBMS
from lib.core.settings import PAYLOAD_DELIMITER
@ -69,7 +70,7 @@ class Agent:
falseValue = " AND %d=%d" % (randInt, randInt + 1)
# After identifing the injectable parameter
if kb.injPlace == "User-Agent":
if kb.injPlace == PLACE.UA:
retValue = kb.injParameter.replace(kb.injParameter,
self.addPayloadDelimiters("%s%s" % (negValue, kb.injParameter + falseValue + newValue)))
elif kb.injParameter:
@ -77,7 +78,7 @@ class Agent:
paramDict = conf.paramDict[kb.injPlace]
value = paramDict[kb.injParameter]
if "POSTxml" in conf.paramDict and kb.injPlace == "POST":
if "POSTxml" in conf.paramDict and kb.injPlace == PLACE.POST:
root = ET.XML(paramString)
iterator = root.getiterator(kb.injParameter)
@ -85,7 +86,7 @@ class Agent:
child.text = self.addPayloadDelimiters(negValue + value + falseValue + newValue)
retValue = ET.tostring(root)
elif kb.injPlace == "URI":
elif kb.injPlace == PLACE.URI:
retValue = paramString.replace("*",
self.addPayloadDelimiters("%s%s" % (negValue, falseValue + newValue)))
else:
@ -93,14 +94,14 @@ class Agent:
"%s=%s" % (kb.injParameter, self.addPayloadDelimiters(negValue + value + falseValue + newValue)))
# Before identifing the injectable parameter
elif parameter == "User-Agent":
elif parameter == PLACE.UA:
retValue = value.replace(value, self.addPayloadDelimiters(newValue))
elif place == "URI":
elif place == PLACE.URI:
retValue = value.replace("*", self.addPayloadDelimiters("%s" % newValue.replace(value, str())))
else:
paramString = conf.parameters[place]
if "POSTxml" in conf.paramDict and place == "POST":
if "POSTxml" in conf.paramDict and place == PLACE.POST:
root = ET.XML(paramString)
iterator = root.getiterator(parameter)

5
lib/core/common.py
View File

@ -49,6 +49,7 @@ from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import sqlmapMissingDependence
from lib.core.exception import sqlmapSyntaxException
from lib.core.optiondict import optDict
from lib.core.place import PLACE
from lib.core.settings import DBMS
from lib.core.settings import DESCRIPTION
from lib.core.settings import IS_WIN
@ -135,7 +136,7 @@ def paramToDict(place, parameters=None):
if place is not "POSTxml":
parameters = parameters.replace(", ", ",")
if place == "Cookie":
if place == PLACE.COOKIE:
splitParams = parameters.split(";")
else:
splitParams = parameters.split("&")
@ -797,7 +798,7 @@ def parseTargetUrl():
conf.port = 80
if __urlSplit[3]:
conf.parameters["GET"] = __urlSplit[3]
conf.parameters[PLACE.GET] = __urlSplit[3]
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)

15
lib/core/place.py Normal file
View File

@ -0,0 +1,15 @@
#!/usr/bin/env python
"""
$Id$
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
class PLACE:
GET = "GET"
POST = "POST"
URI = "URI"
COOKIE = "Cookie"
UA = "User-Agent"

3
lib/core/session.py
View File

@ -15,6 +15,7 @@ from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.place import PLACE
from lib.core.settings import MSSQL_ALIASES
from lib.core.settings import MYSQL_ALIASES
from lib.core.settings import PGSQL_ALIASES
@ -74,7 +75,7 @@ def setInjection():
session file.
"""
if kb.injPlace == "User-Agent":
if kb.injPlace == PLACE.UA:
kb.injParameter = conf.agent
condition = (

35
lib/request/connect.py
View File

@ -27,6 +27,7 @@ from lib.core.data import kb
from lib.core.data import logger
from lib.core.common import sanitizeAsciiString
from lib.core.exception import sqlmapConnectionException
from lib.core.place import PLACE
from lib.request.basic import decodePage
from lib.request.basic import forgeHeaders
from lib.request.basic import parseResponse
@ -106,16 +107,16 @@ class Connect:
return page
else:
if conf.parameters.has_key("GET") and not get:
get = conf.parameters["GET"]
if conf.parameters.has_key(PLACE.GET) and not get:
get = conf.parameters[PLACE.GET]
if get:
url = "%s?%s" % (url, get)
requestMsg += "?%s" % get
if conf.method == "POST":
if conf.parameters.has_key("POST") and not post:
post = conf.parameters["POST"]
if conf.parameters.has_key(PLACE.POST) and not post:
post = conf.parameters[PLACE.POST]
requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str
@ -303,8 +304,8 @@ class Connect:
page = None
pageLength = None
uri = None
raise404 = place != "URI" if raise404 is None else raise404
toUrlencode = { "GET": True, "POST": True, "Cookie": conf.cookieUrlencode, "User-Agent": True, "URI": False }
raise404 = place != PLACE.URI if raise404 is None else raise404
toUrlencode = { PLACE.GET: True, PLACE.POST: True, PLACE.COOKIE: conf.cookieUrlencode, PLACE.UA: True, PLACE.URI: False }
if not place:
place = kb.injPlace
@ -320,7 +321,7 @@ class Connect:
logger.log(9, payload)
if place == "Cookie" and conf.cookieUrlencode:
if place == PLACE.COOKIE and conf.cookieUrlencode:
value = agent.removePayloadDelimiters(value, False)
value = urlEncodeCookieValues(value)
elif place:
@ -329,20 +330,20 @@ class Connect:
if conf.checkPayload:
checkPayload(value)
if "GET" in conf.parameters:
get = conf.parameters["GET"] if place != "GET" or not value else value
if PLACE.GET in conf.parameters:
get = conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value
if "POST" in conf.parameters:
post = conf.parameters["POST"] if place != "POST" or not value else value
if PLACE.POST in conf.parameters:
post = conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value
if "Cookie" in conf.parameters:
cookie = conf.parameters["Cookie"] if place != "Cookie" or not value else value
if PLACE.COOKIE in conf.parameters:
cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value
if "User-Agent" in conf.parameters:
ua = conf.parameters["User-Agent"] if place != "User-Agent" or not value else value
if PLACE.UA in conf.parameters:
ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value
if "URI" in conf.parameters:
uri = conf.url if place != "URI" or not value else value
if PLACE.URI in conf.parameters:
uri = conf.url if place != PLACE.URI or not value else value
else:
uri = conf.url

3
plugins/dbms/mysql/filesystem.py
View File

@ -12,6 +12,7 @@ from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.exception import sqlmapNoneDataException
from lib.core.place import PLACE
from lib.request import inject
from lib.techniques.inband.union.test import unionTest
from lib.techniques.inband.union.use import unionUse
@ -78,7 +79,7 @@ class Filesystem(GenericFilesystem):
fcEncodedStr = fcEncodedList[0]
fcEncodedStrLen = len(fcEncodedStr)
if kb.injPlace == "GET" and fcEncodedStrLen > 8000:
if kb.injPlace == PLACE.GET and fcEncodedStrLen > 8000:
warnMsg = "the injection is on a GET parameter and the file "
warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen
warnMsg += "bytes, this might cause errors in the file "