sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-23 19:34:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Centralization of unescape()

Browse Source
This commit is contained in:
Bernardo Damele 2011-01-20 21:55:13 +00:00
parent e734efcda7
commit 9770db597e
2 changed files with 12 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
lib/controller/checks.py
View File

@ -58,31 +58,6 @@ from lib.request.templates import getPageTemplate
from lib.techniques.inband.union.test import unionTest from lib.techniques.inband.union.test import unionTest
from lib.techniques.inband.union.use import configUnion from lib.techniques.inband.union.use import configUnion
def unescape(string, dbms):
if string is None:
return string
if dbms in unescaper and "WAITFOR DELAY " not in string:
return unescaper[dbms](string)
else:
return string
def unescapeDbms(payload, injection, dbms):
# If this is a DBMS-specific test (dbms), sqlmap identified the
# DBMS during previous a test (injection.dbms) or the user
# provided a DBMS (conf.dbms), unescape the strings between single
# quotes in the payload
if injection.dbms is not None:
payload = unescape(payload, dbms=injection.dbms)
elif dbms is not None:
payload = unescape(payload, dbms=dbms)
elif conf.dbms is not None:
payload = unescape(payload, dbms=conf.dbms)
elif backend.getIdentifiedDbms() is not None:
payload = unescape(payload, dbms=backend.getIdentifiedDbms())
return payload
def checkSqlInjection(place, parameter, value): def checkSqlInjection(place, parameter, value):
# Store here the details about boundaries and payload used to # Store here the details about boundaries and payload used to
# successfully inject # successfully inject
@ -211,7 +186,7 @@ def checkSqlInjection(place, parameter, value):
# Parse test's <request> # Parse test's <request>
comment = agent.getComment(test.request) comment = agent.getComment(test.request)
fstPayload = agent.cleanupPayload(test.request.payload, value) fstPayload = agent.cleanupPayload(test.request.payload, value)
fstPayload = unescapeDbms(fstPayload, injection, dbms) fstPayload = unescaper.unescape(fstPayload, dbms=dbms)
if conf.prefix is not None and conf.suffix is not None: if conf.prefix is not None and conf.suffix is not None:
# Create a custom boundary object for user's supplied prefix # Create a custom boundary object for user's supplied prefix
@ -324,7 +299,7 @@ def checkSqlInjection(place, parameter, value):
# In case of boolean-based blind SQL injection # In case of boolean-based blind SQL injection
if method == PAYLOAD.METHOD.COMPARISON: if method == PAYLOAD.METHOD.COMPARISON:
sndPayload = agent.cleanupPayload(test.response.comparison, value) sndPayload = agent.cleanupPayload(test.response.comparison, value)
sndPayload = unescapeDbms(sndPayload, injection, dbms) sndPayload = unescaper.unescape(sndPayload, dbms=dbms)
# Forge response payload by prepending with # Forge response payload by prepending with
# boundary's prefix and appending the boundary's # boundary's prefix and appending the boundary's
@ -465,37 +440,12 @@ def checkSqlInjection(place, parameter, value):
if hasattr(test, "details"): if hasattr(test, "details"):
for dKey, dValue in test.details.items(): for dKey, dValue in test.details.items():
# Little precaution, in theory this condition if dKey == "dbms":
# should always be false injection.dbms = backend.setDbms(dValue)
if dKey == "dbms" and injection.dbms is not None and dValue != injection.dbms:
msg = "previous test(s) identified that the "
msg += "back-end DBMS possibly is %s. " % injection.dbms
msg += "However the last successful test "
msg += "fingerprinted %s. " % dValue
msg += "Please, specify which DBMS is "
msg += "correct [%s (default)/%s] " % (injection.dbms, dValue)
while True:
inp = readInput(msg, default=injection.dbms)
if inp == injection.dbms:
break
elif inp == dValue:
backend.setDbms(inp)
injection.dbms = aliasToDbmsEnum(inp)
injection.dbms_version = None
break
else:
warnMsg = "invalid value"
logger.warn(warnMsg)
elif dKey == "dbms" and injection.dbms is None:
backend.setDbms(dValue)
injection.dbms = aliasToDbmsEnum(dValue)
elif dKey == "dbms_version" and injection.dbms_version is None: elif dKey == "dbms_version" and injection.dbms_version is None:
backend.setVersion(dValue) injection.dbms_version = backend.setVersion(dValue)
injection.dbms_version = dValue
elif dKey == "os" and injection.os is None: elif dKey == "os" and injection.os is None:
injection.os = dValue injection.os = backend.setOs(dValue)
if conf.beep or conf.realTest: if conf.beep or conf.realTest:
beep() beep()

8
lib/core/unescaper.py
View File

@ -14,10 +14,14 @@ class Unescaper(advancedDict):
def unescape(self, expression, quote=True, dbms=None): def unescape(self, expression, quote=True, dbms=None):
identifiedDbms = backend.getIdentifiedDbms() identifiedDbms = backend.getIdentifiedDbms()
if identifiedDbms is not None: if not expression:
return self[identifiedDbms](expression, quote=quote) return expression
elif "WAITFOR DELAY " in expression:
return expression
elif dbms is not None: elif dbms is not None:
return self[dbms](expression, quote=quote) return self[dbms](expression, quote=quote)
elif identifiedDbms is not None:
return self[identifiedDbms](expression, quote=quote)
else: else:
return expression return expression