diff --git a/lib/core/agent.py b/lib/core/agent.py index 32c601db2..31be663a3 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -28,6 +28,7 @@ from xml.etree import ElementTree as ET from lib.core.common import randomInt from lib.core.common import randomStr +from lib.core.common import replaceSpaces from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb @@ -119,7 +120,7 @@ class Agent: retValue = paramString.replace("%s=%s" % (parameter, value), "%s=%s" % (parameter, newValue)) - return retValue + return replaceSpaces(retValue) def fullPayload(self, query): if conf.direct: @@ -160,7 +161,7 @@ class Agent: query += string - return query + return replaceSpaces(query) def postfixQuery(self, string, comment=None): """ @@ -198,7 +199,7 @@ class Agent: else: raise sqlmapNoneDataException, "unsupported injection type" - return string + return replaceSpaces(string) def nullAndCastField(self, field): """ @@ -233,7 +234,7 @@ class Agent: # SQLite version 2 does not support neither CAST() nor IFNULL(), # introduced only in SQLite version 3 if kb.dbms == "SQLite": - return field + return replaceSpaces(field) if field.startswith("(CASE"): nulledCastedField = field @@ -241,7 +242,7 @@ class Agent: nulledCastedField = queries[kb.dbms].cast % field nulledCastedField = queries[kb.dbms].isnull % nulledCastedField - return nulledCastedField + return replaceSpaces(nulledCastedField) def nullCastConcatFields(self, fields): """ @@ -274,7 +275,7 @@ class Agent: """ if not kb.dbmsDetected: - return fields + return replaceSpaces(fields) fields = fields.replace(", ", ",") fieldsSplitted = fields.split(",") @@ -287,7 +288,7 @@ class Agent: delimiterStr = "%s'%s'%s" % (dbmsDelimiter, temp.delimiter, dbmsDelimiter) nulledCastedConcatFields = delimiterStr.join([field for field in nulledCastedFields]) - return nulledCastedConcatFields + return replaceSpaces(nulledCastedConcatFields) def getFields(self, query): """ @@ -346,7 +347,7 @@ class Agent: elif kb.dbms == "Microsoft SQL Server": concatenatedQuery = "%s+%s" % (query1, query2) - return concatenatedQuery + return replaceSpaces(concatenatedQuery) def concatQuery(self, query, unpack=True): """ @@ -431,7 +432,7 @@ class Agent: elif fieldsNoSelect: concatenatedQuery = "'%s'+%s+'%s'" % (temp.start, concatenatedQuery, temp.stop) - return concatenatedQuery + return replaceSpaces(concatenatedQuery) def forgeInbandQuery(self, query, exprPosition=None, nullChar="NULL"): """ @@ -509,7 +510,7 @@ class Agent: inbandQuery = self.postfixQuery(inbandQuery, kb.unionComment) - return inbandQuery + return replaceSpaces(inbandQuery) def limitQuery(self, num, query, field=None): """ @@ -601,7 +602,7 @@ class Agent: if orderBy: limitedQuery += orderBy - return limitedQuery + return replaceSpaces(limitedQuery) def forgeCaseStatement(self, expression): """ @@ -620,7 +621,7 @@ class Agent: @rtype: C{str} """ - return queries[kb.dbms].case % expression + return replaceSpaces(queries[kb.dbms].case % expression) # SQL agent agent = Agent() diff --git a/lib/core/common.py b/lib/core/common.py index 247a338c2..d976fdbfb 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1404,3 +1404,9 @@ def longestCommonPrefix(*sequences): def commonFinderOnly(initial, sequence): return longestCommonPrefix(*filter(lambda x: x.startswith(initial), sequence)) + +def replaceSpaces(query): + if query: + return query if conf.space is None else query.replace(' ', conf.space) + else: + return query \ No newline at end of file diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index b1f6ed1a6..e6be4a386 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -194,6 +194,9 @@ def cmdLineParser(): injection.add_option("--threshold", dest="thold", type="float", help="Page comparison threshold value (0.0-1.0)") + injection.add_option("--space", dest="space", + help="Use defined string instead of standard ' '") + injection.add_option("--use-between", dest="useBetween", action="store_true", help="Use operator BETWEEN instead of default '>'")