mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 05:01:32 +03:00 
			
		
		
		
	refactoring regarding injection place (more left)
This commit is contained in:
		
							parent
							
								
									0482e02c37
								
							
						
					
					
						commit
						8e44aa605a
					
				|  | @ -21,6 +21,7 @@ from lib.core.data import kb | |||
| from lib.core.data import queries | ||||
| from lib.core.datatype import advancedDict | ||||
| from lib.core.exception import sqlmapNoneDataException | ||||
| from lib.core.place import PLACE | ||||
| from lib.core.settings import DBMS | ||||
| from lib.core.settings import PAYLOAD_DELIMITER | ||||
| 
 | ||||
|  | @ -69,7 +70,7 @@ class Agent: | |||
|             falseValue = " AND %d=%d" % (randInt, randInt + 1) | ||||
| 
 | ||||
|         # After identifing the injectable parameter | ||||
|         if kb.injPlace == "User-Agent": | ||||
|         if kb.injPlace == PLACE.UA: | ||||
|             retValue = kb.injParameter.replace(kb.injParameter, | ||||
|                                                self.addPayloadDelimiters("%s%s" % (negValue, kb.injParameter + falseValue + newValue))) | ||||
|         elif kb.injParameter: | ||||
|  | @ -77,7 +78,7 @@ class Agent: | |||
|             paramDict = conf.paramDict[kb.injPlace] | ||||
|             value = paramDict[kb.injParameter] | ||||
| 
 | ||||
|             if "POSTxml" in conf.paramDict and kb.injPlace == "POST": | ||||
|             if "POSTxml" in conf.paramDict and kb.injPlace == PLACE.POST: | ||||
|                 root = ET.XML(paramString) | ||||
|                 iterator = root.getiterator(kb.injParameter) | ||||
| 
 | ||||
|  | @ -85,7 +86,7 @@ class Agent: | |||
|                     child.text = self.addPayloadDelimiters(negValue + value + falseValue + newValue) | ||||
| 
 | ||||
|                 retValue = ET.tostring(root) | ||||
|             elif kb.injPlace == "URI": | ||||
|             elif kb.injPlace == PLACE.URI: | ||||
|                 retValue = paramString.replace("*", | ||||
|                                                self.addPayloadDelimiters("%s%s" % (negValue, falseValue + newValue))) | ||||
|             else: | ||||
|  | @ -93,14 +94,14 @@ class Agent: | |||
|                                                "%s=%s" % (kb.injParameter, self.addPayloadDelimiters(negValue + value + falseValue + newValue))) | ||||
| 
 | ||||
|         # Before identifing the injectable parameter | ||||
|         elif parameter == "User-Agent": | ||||
|         elif parameter == PLACE.UA: | ||||
|             retValue = value.replace(value, self.addPayloadDelimiters(newValue)) | ||||
|         elif place == "URI": | ||||
|         elif place == PLACE.URI: | ||||
|             retValue = value.replace("*", self.addPayloadDelimiters("%s" % newValue.replace(value, str()))) | ||||
|         else: | ||||
|             paramString = conf.parameters[place] | ||||
| 
 | ||||
|             if "POSTxml" in conf.paramDict and place == "POST": | ||||
|             if "POSTxml" in conf.paramDict and place == PLACE.POST: | ||||
|                 root = ET.XML(paramString) | ||||
|                 iterator = root.getiterator(parameter) | ||||
| 
 | ||||
|  |  | |||
|  | @ -49,6 +49,7 @@ from lib.core.exception import sqlmapNoneDataException | |||
| from lib.core.exception import sqlmapMissingDependence | ||||
| from lib.core.exception import sqlmapSyntaxException | ||||
| from lib.core.optiondict import optDict | ||||
| from lib.core.place import PLACE | ||||
| from lib.core.settings import DBMS | ||||
| from lib.core.settings import DESCRIPTION | ||||
| from lib.core.settings import IS_WIN | ||||
|  | @ -135,7 +136,7 @@ def paramToDict(place, parameters=None): | |||
|     if place is not "POSTxml": | ||||
|         parameters = parameters.replace(", ", ",") | ||||
| 
 | ||||
|         if place == "Cookie": | ||||
|         if place == PLACE.COOKIE: | ||||
|             splitParams = parameters.split(";") | ||||
|         else: | ||||
|             splitParams = parameters.split("&") | ||||
|  | @ -797,7 +798,7 @@ def parseTargetUrl(): | |||
|         conf.port = 80 | ||||
| 
 | ||||
|     if __urlSplit[3]: | ||||
|         conf.parameters["GET"] = __urlSplit[3] | ||||
|         conf.parameters[PLACE.GET] = __urlSplit[3] | ||||
| 
 | ||||
|     conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path) | ||||
| 
 | ||||
|  |  | |||
							
								
								
									
										15
									
								
								lib/core/place.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										15
									
								
								lib/core/place.py
									
									
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,15 @@ | |||
| #!/usr/bin/env python | ||||
| 
 | ||||
| """ | ||||
| $Id$ | ||||
| 
 | ||||
| Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) | ||||
| See the file 'doc/COPYING' for copying permission | ||||
| """ | ||||
| 
 | ||||
| class PLACE: | ||||
|     GET  = "GET" | ||||
|     POST   = "POST" | ||||
|     URI     = "URI" | ||||
|     COOKIE  = "Cookie" | ||||
|     UA    = "User-Agent" | ||||
|  | @ -15,6 +15,7 @@ from lib.core.common import readInput | |||
| from lib.core.data import conf | ||||
| from lib.core.data import kb | ||||
| from lib.core.data import logger | ||||
| from lib.core.place import PLACE | ||||
| from lib.core.settings import MSSQL_ALIASES | ||||
| from lib.core.settings import MYSQL_ALIASES | ||||
| from lib.core.settings import PGSQL_ALIASES | ||||
|  | @ -74,7 +75,7 @@ def setInjection(): | |||
|     session file. | ||||
|     """ | ||||
| 
 | ||||
|     if kb.injPlace == "User-Agent": | ||||
|     if kb.injPlace == PLACE.UA: | ||||
|         kb.injParameter = conf.agent | ||||
| 
 | ||||
|     condition = ( | ||||
|  |  | |||
|  | @ -27,6 +27,7 @@ from lib.core.data import kb | |||
| from lib.core.data import logger | ||||
| from lib.core.common import sanitizeAsciiString | ||||
| from lib.core.exception import sqlmapConnectionException | ||||
| from lib.core.place import PLACE | ||||
| from lib.request.basic import decodePage | ||||
| from lib.request.basic import forgeHeaders | ||||
| from lib.request.basic import parseResponse | ||||
|  | @ -106,16 +107,16 @@ class Connect: | |||
|                 return page | ||||
| 
 | ||||
|             else: | ||||
|                 if conf.parameters.has_key("GET") and not get: | ||||
|                     get = conf.parameters["GET"] | ||||
|                 if conf.parameters.has_key(PLACE.GET) and not get: | ||||
|                     get = conf.parameters[PLACE.GET] | ||||
| 
 | ||||
|                 if get: | ||||
|                     url = "%s?%s" % (url, get) | ||||
|                     requestMsg += "?%s" % get | ||||
| 
 | ||||
|                 if conf.method == "POST": | ||||
|                     if conf.parameters.has_key("POST") and not post: | ||||
|                         post = conf.parameters["POST"] | ||||
|                     if conf.parameters.has_key(PLACE.POST) and not post: | ||||
|                         post = conf.parameters[PLACE.POST] | ||||
| 
 | ||||
|             requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str | ||||
| 
 | ||||
|  | @ -303,8 +304,8 @@ class Connect: | |||
|         page        = None | ||||
|         pageLength  = None | ||||
|         uri         = None | ||||
|         raise404    = place != "URI" if raise404 is None else raise404 | ||||
|         toUrlencode = { "GET": True, "POST": True, "Cookie": conf.cookieUrlencode, "User-Agent": True, "URI": False } | ||||
|         raise404    = place != PLACE.URI if raise404 is None else raise404 | ||||
|         toUrlencode = { PLACE.GET: True, PLACE.POST: True, PLACE.COOKIE: conf.cookieUrlencode, PLACE.UA: True, PLACE.URI: False } | ||||
| 
 | ||||
|         if not place: | ||||
|             place = kb.injPlace | ||||
|  | @ -320,7 +321,7 @@ class Connect: | |||
| 
 | ||||
|             logger.log(9, payload) | ||||
| 
 | ||||
|         if place == "Cookie" and conf.cookieUrlencode: | ||||
|         if place == PLACE.COOKIE and conf.cookieUrlencode: | ||||
|             value = agent.removePayloadDelimiters(value, False) | ||||
|             value = urlEncodeCookieValues(value) | ||||
|         elif place: | ||||
|  | @ -329,20 +330,20 @@ class Connect: | |||
|         if conf.checkPayload: | ||||
|             checkPayload(value) | ||||
| 
 | ||||
|         if "GET" in conf.parameters: | ||||
|             get = conf.parameters["GET"] if place != "GET" or not value else value | ||||
|         if PLACE.GET in conf.parameters: | ||||
|             get = conf.parameters[PLACE.GET] if place != PLACE.GET or not value else value | ||||
| 
 | ||||
|         if "POST" in conf.parameters: | ||||
|             post = conf.parameters["POST"] if place != "POST" or not value else value | ||||
|         if PLACE.POST in conf.parameters: | ||||
|             post = conf.parameters[PLACE.POST] if place != PLACE.POST or not value else value | ||||
| 
 | ||||
|         if "Cookie" in conf.parameters: | ||||
|             cookie = conf.parameters["Cookie"] if place != "Cookie" or not value else value | ||||
|         if PLACE.COOKIE in conf.parameters: | ||||
|             cookie = conf.parameters[PLACE.COOKIE] if place != PLACE.COOKIE or not value else value | ||||
| 
 | ||||
|         if "User-Agent" in conf.parameters: | ||||
|             ua = conf.parameters["User-Agent"] if place != "User-Agent" or not value else value | ||||
|         if PLACE.UA in conf.parameters: | ||||
|             ua = conf.parameters[PLACE.UA] if place != PLACE.UA or not value else value | ||||
| 
 | ||||
|         if "URI" in conf.parameters: | ||||
|             uri = conf.url if place != "URI" or not value else value | ||||
|         if PLACE.URI in conf.parameters: | ||||
|             uri = conf.url if place != PLACE.URI or not value else value | ||||
|         else: | ||||
|             uri = conf.url | ||||
| 
 | ||||
|  |  | |||
|  | @ -12,6 +12,7 @@ from lib.core.data import conf | |||
| from lib.core.data import kb | ||||
| from lib.core.data import logger | ||||
| from lib.core.exception import sqlmapNoneDataException | ||||
| from lib.core.place import PLACE | ||||
| from lib.request import inject | ||||
| from lib.techniques.inband.union.test import unionTest | ||||
| from lib.techniques.inband.union.use import unionUse | ||||
|  | @ -78,7 +79,7 @@ class Filesystem(GenericFilesystem): | |||
|         fcEncodedStr    = fcEncodedList[0] | ||||
|         fcEncodedStrLen = len(fcEncodedStr) | ||||
| 
 | ||||
|         if kb.injPlace == "GET" and fcEncodedStrLen > 8000: | ||||
|         if kb.injPlace == PLACE.GET and fcEncodedStrLen > 8000: | ||||
|             warnMsg  = "the injection is on a GET parameter and the file " | ||||
|             warnMsg += "to be written hexadecimal value is %d " % fcEncodedStrLen | ||||
|             warnMsg += "bytes, this might cause errors in the file " | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user