Refactoring regarding casting warnings

lib/controller/checks.py

@@ -69,6 +69,7 @@ from lib.core.enums import NULLCONNECTION
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.enums import REDIRECTION
+from lib.core.enums import WEB_PLATFORM
 from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapDataException
 from lib.core.exception import SqlmapNoneDataException
@@ -1052,9 +1053,19 @@ def heuristicCheckSqlInjection(place, parameter):
     kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE
 
     if casting:
-        errMsg = "possible %s casting " % ("integer" if origValue.isdigit() else "type")
-        errMsg += "detected (e.g. \"$%s=intval($_REQUEST['%s'])\") " % (parameter, parameter)
-        errMsg += "at the back-end web application"
+        errMsg = "possible %s casting detected (e.g. '" % ("integer" if origValue.isdigit() else "type")
+
+        platform = conf.url.split('.')[-1].lower()
+        if platform == WEB_PLATFORM.ASP:
+            errMsg += "%s=CInt(request.querystring(\"%s\"))" % (parameter, parameter)
+        elif platform == WEB_PLATFORM.ASPX:
+            errMsg += "int.TryParse(Request.QueryString[\"%s\"], out %s)" % (parameter, parameter)
+        elif platform == WEB_PLATFORM.JSP:
+            errMsg += "%s=Integer.parseInt(request.getParameter(\"%s\"))" % (parameter, parameter)
+        else:
+            errMsg += "$%s=intval($_REQUEST[\"%s\"])" % (parameter, parameter)
+
+        errMsg += "') at the back-end web application"
         logger.error(errMsg)
 
         if kb.ignoreCasted is None:

lib/core/enums.py

@@ -310,7 +310,7 @@ class ADJUST_TIME_DELAY:
     NO = 0
     YES = 1
 
-class WEB_API:
+class WEB_PLATFORM:
     PHP = "php"
     ASP = "asp"
     ASPX = "aspx"

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.12.35"
+VERSION = "1.2.12.36"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -687,7 +687,7 @@ MAX_HELP_OPTION_LENGTH = 18
 MAX_CONNECT_RETRIES = 100
 
 # Strings for detecting formatting errors
-FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "is not of type numeric", "<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type", "invalid number", "character to number conversion error", "unable to interpret text value", "String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ", "InvalidDataException")
+FORMAT_EXCEPTION_STRINGS = ("Type mismatch", "Error converting", "Please enter a", "Conversion failed", "String or binary data would be truncated", "Failed to convert", "unable to interpret text value", "Input string was not in a correct format", "System.FormatException", "java.lang.NumberFormatException", "ValueError: invalid literal", "TypeMismatchException", "CF_SQL_INTEGER", " for CFSQLTYPE ", "cfqueryparam cfsqltype", "InvalidParamTypeException", "Invalid parameter type", "is not of type numeric", "<cfif Not IsNumeric(", "invalid input syntax for integer", "invalid input syntax for type", "invalid number", "character to number conversion error", "unable to interpret text value", "String was not recognized as a valid", "Convert.ToInt", "cannot be converted to a ", "InvalidDataException")
 
 # Regular expression used for extracting ASP.NET view state values
 VIEWSTATE_REGEX = r'(?i)(?P<name>__VIEWSTATE[^"]*)[^>]+value="(?P<result>[^"]+)'

lib/request/connect.py

@@ -78,7 +78,7 @@ from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.enums import POST_HINT
 from lib.core.enums import REDIRECTION
-from lib.core.enums import WEB_API
+from lib.core.enums import WEB_PLATFORM
 from lib.core.exception import SqlmapCompressionException
 from lib.core.exception import SqlmapConnectionException
 from lib.core.exception import SqlmapGenericException
@@ -889,7 +889,7 @@ class Connect(object):
                         postUrlEncode = False
 
             if conf.hpp:
-                if not any(conf.url.lower().endswith(_.lower()) for _ in (WEB_API.ASP, WEB_API.ASPX)):
+                if not any(conf.url.lower().endswith(_.lower()) for _ in (WEB_PLATFORM.ASP, WEB_PLATFORM.ASPX)):
                     warnMsg = "HTTP parameter pollution should work only against "
                     warnMsg += "ASP(.NET) targets"
                     singleTimeWarnMessage(warnMsg)

lib/takeover/web.py

@@ -43,7 +43,7 @@ from lib.core.enums import HTTP_HEADER
 from lib.core.enums import OS
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
-from lib.core.enums import WEB_API
+from lib.core.enums import WEB_PLATFORM
 from lib.core.exception import SqlmapNoneDataException
 from lib.core.settings import BACKDOOR_RUN_CMD_TIMEOUT
 from lib.core.settings import EVENTVALIDATION_REGEX
@@ -60,7 +60,7 @@ class Web:
     """
 
     def __init__(self):
-        self.webApi = None
+        self.webPlatform = None
         self.webBaseUrl = None
         self.webBackdoorUrl = None
         self.webBackdoorFilePath = None
@@ -109,14 +109,14 @@ class Web:
         except TypeError:
             pass
 
-        if self.webApi in getPublicTypeMembers(WEB_API, True):
+        if self.webPlatform in getPublicTypeMembers(WEB_PLATFORM, True):
             multipartParams = {
                 "upload": "1",
                 "file": stream,
                 "uploadDir": directory,
             }
 
-            if self.webApi == WEB_API.ASPX:
+            if self.webPlatform == WEB_PLATFORM.ASPX:
                 multipartParams['__EVENTVALIDATION'] = kb.data.__EVENTVALIDATION
                 multipartParams['__VIEWSTATE'] = kb.data.__VIEWSTATE
 
@@ -130,7 +130,7 @@ class Web:
             else:
                 return True
         else:
-            logger.error("sqlmap hasn't got a web backdoor nor a web file stager for %s" % self.webApi)
+            logger.error("sqlmap hasn't got a web backdoor nor a web file stager for %s" % self.webPlatform)
             return False
 
     def _webFileInject(self, fileContent, fileName, directory):
@@ -158,13 +158,13 @@ class Web:
         remote directory within the web server document root.
         """
 
-        if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webApi is not None:
+        if self.webBackdoorUrl is not None and self.webStagerUrl is not None and self.webPlatform is not None:
             return
 
         self.checkDbmsOs()
 
         default = None
-        choices = list(getPublicTypeMembers(WEB_API, True))
+        choices = list(getPublicTypeMembers(WEB_PLATFORM, True))
 
         for ext in choices:
             if conf.url.endswith(ext):
@@ -172,7 +172,7 @@ class Web:
                 break
 
         if not default:
-            default = WEB_API.ASP if Backend.isOs(OS.WINDOWS) else WEB_API.PHP
+            default = WEB_PLATFORM.ASP if Backend.isOs(OS.WINDOWS) else WEB_PLATFORM.PHP
 
         message = "which web application language does the web server "
         message += "support?\n"
@@ -196,7 +196,7 @@ class Web:
                 logger.warn("invalid value, it must be between 1 and %d" % len(choices))
 
             else:
-                self.webApi = choices[int(choice) - 1]
+                self.webPlatform = choices[int(choice) - 1]
                 break
 
         if not kb.absFilePaths:
@@ -266,16 +266,16 @@ class Web:
                     _.append("%s/%s" % (directory.rstrip('/'), path.strip('/')))
             directories = _
 
-        backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webApi)
-        backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.%s_" % self.webApi))
+        backdoorName = "tmpb%s.%s" % (randomStr(lowercase=True), self.webPlatform)
+        backdoorContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.%s_" % self.webPlatform))
 
-        stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi))
+        stagerContent = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform))
 
         for directory in directories:
             if not directory:
                 continue
 
-            stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
+            stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform)
             self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)
 
             uploaded = False
@@ -317,14 +317,14 @@ class Web:
                     infoMsg += "via UNION method"
                     logger.info(infoMsg)
 
-                    stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webApi)
+                    stagerName = "tmpu%s.%s" % (randomStr(lowercase=True), self.webPlatform)
                     self.webStagerFilePath = posixpath.join(ntToPosixSlashes(directory), stagerName)
 
                     handle, filename = tempfile.mkstemp()
                     os.close(handle)
 
                     with open(filename, "w+b") as f:
-                        _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webApi))
+                        _ = decloak(os.path.join(paths.SQLMAP_SHELL_PATH, "stagers", "stager.%s_" % self.webPlatform))
                         _ = _.replace(SHELL_WRITABLE_DIR_TAG, utf8encode(directory.replace('/', '\\\\') if Backend.isOs(OS.WINDOWS) else directory))
                         f.write(_)
 
@@ -353,7 +353,7 @@ class Web:
                 logger.warn(warnMsg)
                 continue
 
-            elif self.webApi == WEB_API.ASPX:
+            elif self.webPlatform == WEB_PLATFORM.ASPX:
                 kb.data.__EVENTVALIDATION = extractRegexResult(EVENTVALIDATION_REGEX, uplPage)
                 kb.data.__VIEWSTATE = extractRegexResult(VIEWSTATE_REGEX, uplPage)
 
@@ -361,7 +361,7 @@ class Web:
             infoMsg += "on '%s' - %s" % (directory, self.webStagerUrl)
             logger.info(infoMsg)
 
-            if self.webApi == WEB_API.ASP:
+            if self.webPlatform == WEB_PLATFORM.ASP:
                 match = re.search(r'input type=hidden name=scriptsdir value="([^"]+)"', uplPage)
 
                 if match:

txt/checksum.md5

@@ -23,7 +23,7 @@ b3e60ea4e18a65c48515d04aab28ff68  extra/sqlharvest/sqlharvest.py
 1e5532ede194ac9c083891c2f02bca93  extra/wafdetectify/__init__.py
 c1bccc94522d3425a372dcd57f78418e  extra/wafdetectify/wafdetectify.py
 3459c562a6abb9b4bdcc36925f751f3e  lib/controller/action.py
-0f0feede9750be810d2b8a7ab159b7b0  lib/controller/checks.py
+d4582467b0735525d8d8bdc0396ec87f  lib/controller/checks.py
 197bdf07f8ea15ecc7e0dafea4f9ae2f  lib/controller/controller.py
 988b548f6578adf9cec17afdeee8291c  lib/controller/handler.py
 1e5532ede194ac9c083891c2f02bca93  lib/controller/__init__.py
@@ -37,7 +37,7 @@ c347f085bd561adfa26d3a9512e5f3b9  lib/core/bigarray.py
 fbb55cc6100318ff922957b6577dc58f  lib/core/defaults.py
 ac7c070b2726d39fbac1916b1a5f92b2  lib/core/dicts.py
 760de985e09f5d11aacd3a8f2d8e9ff2  lib/core/dump.py
-0cf974cf4ff3b96e1a349a12e39f4693  lib/core/enums.py
+5b6999c4b78180961e9f33e172d4dd66  lib/core/enums.py
 cada93357a7321655927fc9625b3bfec  lib/core/exception.py
 1e5532ede194ac9c083891c2f02bca93  lib/core/__init__.py
 458a194764805cd8312c14ecd4be4d1e  lib/core/log.py
@@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-08295f121daafa4c20282201861422cb  lib/core/settings.py
+3afa2b42741332ce14a8c98befcfdff7  lib/core/settings.py
 a971ce157d04de96ba6e710d3d38a9a8  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 1581be48127a3a7a9fd703359b6e7567  lib/core/target.py
@@ -71,7 +71,7 @@ f6b5957bf2103c3999891e4f45180bce  lib/parse/payloads.py
 30eed3a92a04ed2c29770e1b10d39dc0  lib/request/basicauthhandler.py
 2b81435f5a7519298c15c724e3194a0d  lib/request/basic.py
 859b6ad583e0ffba154f17ee179b5b89  lib/request/comparison.py
-40c4cc791ec657b612ccecf5b3241651  lib/request/connect.py
+7ec820ec27161208a8411d81ec48161a  lib/request/connect.py
 dd4598675027fae99f2e2475b05986da  lib/request/direct.py
 2044fce3f4ffa268fcfaaf63241b1e64  lib/request/dns.py
 98535d0efca5551e712fcc4b34a3f772  lib/request/httpshandler.py
@@ -88,7 +88,7 @@ acc1db3667bf910b809eb279b60595eb  lib/takeover/icmpsh.py
 4bf186a747e1a0c4ed5127ef064c3920  lib/takeover/metasploit.py
 fb9e34d558293b5d6b9727f440712886  lib/takeover/registry.py
 6a49f359b922df0247eb236126596336  lib/takeover/udf.py
-a3d07df8a780c668a11f06be42014cdc  lib/takeover/web.py
+ce8524022df29602f3d6c3c41f938ad4  lib/takeover/web.py
 debc36a3ff80ba915aeeee69b21a8ddc  lib/takeover/xp_cmdshell.py
 db208ab47de010836c6bf044e2357861  lib/techniques/blind/inference.py
 1e5532ede194ac9c083891c2f02bca93  lib/techniques/blind/__init__.py