mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Implemented a better way to deal with % characters in parameters' value. Minor code restyle.
This commit is contained in:
parent
d664f0387e
commit
a5b2366033
|
@ -149,7 +149,7 @@ def start():
|
||||||
|
|
||||||
if setCookieAsInjectable:
|
if setCookieAsInjectable:
|
||||||
conf.httpHeaders.append(("Cookie", cookieStr))
|
conf.httpHeaders.append(("Cookie", cookieStr))
|
||||||
conf.parameters["Cookie"] = cookieStr
|
conf.parameters["Cookie"] = cookieStr.replace("%", "%%")
|
||||||
__paramDict = paramToDict("Cookie", cookieStr)
|
__paramDict = paramToDict("Cookie", cookieStr)
|
||||||
|
|
||||||
if __paramDict:
|
if __paramDict:
|
||||||
|
|
|
@ -229,6 +229,9 @@ def dataToStdout(data):
|
||||||
|
|
||||||
|
|
||||||
def dataToSessionFile(data):
|
def dataToSessionFile(data):
|
||||||
|
if not conf.sessionFile:
|
||||||
|
return
|
||||||
|
|
||||||
conf.sessionFP.write(data)
|
conf.sessionFP.write(data)
|
||||||
conf.sessionFP.flush()
|
conf.sessionFP.flush()
|
||||||
|
|
||||||
|
@ -494,7 +497,7 @@ def parseTargetUrl():
|
||||||
conf.port = 80
|
conf.port = 80
|
||||||
|
|
||||||
if __urlSplit[3]:
|
if __urlSplit[3]:
|
||||||
conf.parameters["GET"] = __urlSplit[3]
|
conf.parameters["GET"] = __urlSplit[3].replace("%", "%%")
|
||||||
|
|
||||||
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
|
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
|
||||||
|
|
||||||
|
|
|
@ -40,9 +40,8 @@ def setString():
|
||||||
"""
|
"""
|
||||||
|
|
||||||
condition = (
|
condition = (
|
||||||
conf.sessionFile and ( not kb.resumedQueries
|
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
or ( kb.resumedQueries.has_key(conf.url) and
|
not kb.resumedQueries[conf.url].has_key("String") )
|
||||||
not kb.resumedQueries[conf.url].has_key("String") ) )
|
|
||||||
)
|
)
|
||||||
|
|
||||||
if condition:
|
if condition:
|
||||||
|
@ -59,8 +58,7 @@ def setInjection():
|
||||||
kb.injParameter = conf.agent
|
kb.injParameter = conf.agent
|
||||||
|
|
||||||
condition = (
|
condition = (
|
||||||
kb.injPlace and kb.injParameter and
|
kb.injPlace and kb.injParameter and ( not kb.resumedQueries
|
||||||
conf.sessionFile and ( not kb.resumedQueries
|
|
||||||
or ( kb.resumedQueries.has_key(conf.url) and
|
or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
( not kb.resumedQueries[conf.url].has_key("Injection point")
|
( not kb.resumedQueries[conf.url].has_key("Injection point")
|
||||||
or not kb.resumedQueries[conf.url].has_key("Injection parameter")
|
or not kb.resumedQueries[conf.url].has_key("Injection parameter")
|
||||||
|
@ -82,9 +80,8 @@ def setParenthesis(parenthesisCount):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
condition = (
|
condition = (
|
||||||
conf.sessionFile and ( not kb.resumedQueries
|
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
or ( kb.resumedQueries.has_key(conf.url) and
|
not kb.resumedQueries[conf.url].has_key("Parenthesis") )
|
||||||
not kb.resumedQueries[conf.url].has_key("Parenthesis") ) )
|
|
||||||
)
|
)
|
||||||
|
|
||||||
if condition:
|
if condition:
|
||||||
|
@ -101,9 +98,9 @@ def setDbms(dbms):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
condition = (
|
condition = (
|
||||||
conf.sessionFile and ( not kb.resumedQueries
|
not kb.resumedQueries
|
||||||
or ( kb.resumedQueries.has_key(conf.url) and
|
or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
not kb.resumedQueries[conf.url].has_key("DBMS") ) )
|
not kb.resumedQueries[conf.url].has_key("DBMS") )
|
||||||
)
|
)
|
||||||
|
|
||||||
if condition:
|
if condition:
|
||||||
|
@ -133,11 +130,10 @@ def setUnion(comment=None, count=None, position=None):
|
||||||
|
|
||||||
if comment and count:
|
if comment and count:
|
||||||
condition = (
|
condition = (
|
||||||
conf.sessionFile and ( not kb.resumedQueries
|
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
or ( kb.resumedQueries.has_key(conf.url) and
|
|
||||||
( not kb.resumedQueries[conf.url].has_key("Union comment")
|
( not kb.resumedQueries[conf.url].has_key("Union comment")
|
||||||
or not kb.resumedQueries[conf.url].has_key("Union count")
|
or not kb.resumedQueries[conf.url].has_key("Union count")
|
||||||
) ) )
|
) )
|
||||||
)
|
)
|
||||||
|
|
||||||
if condition:
|
if condition:
|
||||||
|
@ -149,10 +145,9 @@ def setUnion(comment=None, count=None, position=None):
|
||||||
|
|
||||||
elif position:
|
elif position:
|
||||||
condition = (
|
condition = (
|
||||||
conf.sessionFile and ( not kb.resumedQueries
|
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
|
||||||
or ( kb.resumedQueries.has_key(conf.url) and
|
|
||||||
( not kb.resumedQueries[conf.url].has_key("Union position")
|
( not kb.resumedQueries[conf.url].has_key("Union position")
|
||||||
) ) )
|
) )
|
||||||
)
|
)
|
||||||
|
|
||||||
if condition:
|
if condition:
|
||||||
|
|
|
@ -66,7 +66,7 @@ def __setRequestParams():
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
if conf.data:
|
if conf.data:
|
||||||
conf.parameters["POST"] = conf.data
|
conf.parameters["POST"] = conf.data.replace("%", "%%")
|
||||||
__paramDict = paramToDict("POST", conf.data)
|
__paramDict = paramToDict("POST", conf.data)
|
||||||
|
|
||||||
if __paramDict:
|
if __paramDict:
|
||||||
|
@ -75,7 +75,7 @@ def __setRequestParams():
|
||||||
|
|
||||||
# Perform checks on Cookie parameters
|
# Perform checks on Cookie parameters
|
||||||
if conf.cookie:
|
if conf.cookie:
|
||||||
conf.parameters["Cookie"] = conf.cookie
|
conf.parameters["Cookie"] = conf.cookie.replace("%", "%%")
|
||||||
__paramDict = paramToDict("Cookie", conf.cookie)
|
__paramDict = paramToDict("Cookie", conf.cookie)
|
||||||
|
|
||||||
if __paramDict:
|
if __paramDict:
|
||||||
|
@ -86,7 +86,7 @@ def __setRequestParams():
|
||||||
if conf.httpHeaders:
|
if conf.httpHeaders:
|
||||||
for httpHeader, headerValue in conf.httpHeaders:
|
for httpHeader, headerValue in conf.httpHeaders:
|
||||||
if httpHeader == "User-Agent":
|
if httpHeader == "User-Agent":
|
||||||
conf.parameters["User-Agent"] = headerValue
|
conf.parameters["User-Agent"] = headerValue.replace("%", "%%")
|
||||||
|
|
||||||
condition = not conf.testParameter
|
condition = not conf.testParameter
|
||||||
condition |= "User-Agent" in conf.testParameter
|
condition |= "User-Agent" in conf.testParameter
|
||||||
|
|
|
@ -87,14 +87,14 @@ class Connect:
|
||||||
get = conf.parameters["GET"]
|
get = conf.parameters["GET"]
|
||||||
|
|
||||||
if get:
|
if get:
|
||||||
get = urlencode(get)
|
get = urlencode(get).replace("%%", "%")
|
||||||
url = "%s?%s" % (url, get)
|
url = "%s?%s" % (url, get)
|
||||||
requestMsg += "?%s" % get
|
requestMsg += "?%s" % get
|
||||||
elif conf.method == "POST":
|
elif conf.method == "POST":
|
||||||
if conf.parameters.has_key("POST") and not post:
|
if conf.parameters.has_key("POST") and not post:
|
||||||
post = conf.parameters["POST"]
|
post = conf.parameters["POST"]
|
||||||
|
|
||||||
post = urlencode(post)
|
post = urlencode(post).replace("%%", "%")
|
||||||
|
|
||||||
requestMsg += " HTTP/1.1"
|
requestMsg += " HTTP/1.1"
|
||||||
|
|
||||||
|
@ -113,7 +113,7 @@ class Connect:
|
||||||
if not cookieStr:
|
if not cookieStr:
|
||||||
cookieStr = "Cookie: "
|
cookieStr = "Cookie: "
|
||||||
|
|
||||||
cookie = str(cookie)
|
cookie = str(cookie).replace("%%", "%")
|
||||||
index = cookie.index(" for ")
|
index = cookie.index(" for ")
|
||||||
|
|
||||||
cookieStr += "%s; " % cookie[8:index]
|
cookieStr += "%s; " % cookie[8:index]
|
||||||
|
|
|
@ -55,7 +55,6 @@ def __getFieldsProxy(expression):
|
||||||
def __goInference(payload, expression):
|
def __goInference(payload, expression):
|
||||||
start = time.time()
|
start = time.time()
|
||||||
|
|
||||||
if conf.sessionFile:
|
|
||||||
dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression))
|
dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression))
|
||||||
|
|
||||||
if ( conf.eta or conf.threads > 1 ) and kb.dbms:
|
if ( conf.eta or conf.threads > 1 ) and kb.dbms:
|
||||||
|
@ -326,7 +325,7 @@ def __goInband(expression):
|
||||||
|
|
||||||
output = re.findall(regExpr, output, re.S)
|
output = re.findall(regExpr, output, re.S)
|
||||||
|
|
||||||
if conf.sessionFile and ( partial or not condition ):
|
if partial or not condition:
|
||||||
logOutput = "".join(["__START__%s__STOP__" % replaceNewlineTabs(value) for value in output])
|
logOutput = "".join(["__START__%s__STOP__" % replaceNewlineTabs(value) for value in output])
|
||||||
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, logOutput))
|
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, logOutput))
|
||||||
|
|
||||||
|
|
|
@ -92,9 +92,7 @@ def bisection(payload, expression, length=None):
|
||||||
queriesCount[0] += 1
|
queriesCount[0] += 1
|
||||||
limit = ((maxValue + minValue) / 2)
|
limit = ((maxValue + minValue) / 2)
|
||||||
|
|
||||||
# TODO: find a cleaner way to do this
|
forgedPayload = payload % (expressionUnescaped, idx, limit)
|
||||||
forgedPayload = payload.replace("%", "%%", 1) % (expressionUnescaped, idx, limit)
|
|
||||||
forgedPayload = forgedPayload.replace("%%", "%")
|
|
||||||
|
|
||||||
result = Request.queryPage(forgedPayload)
|
result = Request.queryPage(forgedPayload)
|
||||||
|
|
||||||
|
@ -175,7 +173,6 @@ def bisection(payload, expression, length=None):
|
||||||
|
|
||||||
assert index[0] == length
|
assert index[0] == length
|
||||||
|
|
||||||
if conf.sessionFile:
|
|
||||||
dataToSessionFile(replaceNewlineTabs(value))
|
dataToSessionFile(replaceNewlineTabs(value))
|
||||||
|
|
||||||
if conf.verbose in ( 1, 2 ) and not showEta:
|
if conf.verbose in ( 1, 2 ) and not showEta:
|
||||||
|
@ -195,7 +192,6 @@ def bisection(payload, expression, length=None):
|
||||||
|
|
||||||
value += val
|
value += val
|
||||||
|
|
||||||
if conf.sessionFile:
|
|
||||||
dataToSessionFile(replaceNewlineTabs(val))
|
dataToSessionFile(replaceNewlineTabs(val))
|
||||||
|
|
||||||
if showEta:
|
if showEta:
|
||||||
|
@ -210,7 +206,6 @@ def bisection(payload, expression, length=None):
|
||||||
infoMsg = "retrieved: %s" % value
|
infoMsg = "retrieved: %s" % value
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if conf.sessionFile:
|
|
||||||
dataToSessionFile("]\n")
|
dataToSessionFile("]\n")
|
||||||
|
|
||||||
return queriesCount[0], value
|
return queriesCount[0], value
|
||||||
|
|
|
@ -146,7 +146,6 @@ def resume(expression, payload):
|
||||||
infoMsg += "%s" % resumedValue.split("\n")[0]
|
infoMsg += "%s" % resumedValue.split("\n")[0]
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if conf.sessionFile:
|
|
||||||
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
|
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
|
||||||
|
|
||||||
return resumedValue
|
return resumedValue
|
||||||
|
@ -155,7 +154,6 @@ def resume(expression, payload):
|
||||||
infoMsg += "%s..." % resumedValue.split("\n")[0]
|
infoMsg += "%s..." % resumedValue.split("\n")[0]
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if conf.sessionFile:
|
|
||||||
dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
|
dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
|
||||||
|
|
||||||
if select:
|
if select:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user