Implemented a better way to deal with % characters in parameters' value. Minor code restyle.

lib/controller/controller.py

@@ -149,7 +149,7 @@ def start():
 
             if setCookieAsInjectable:
                 conf.httpHeaders.append(("Cookie", cookieStr))
-                conf.parameters["Cookie"] = cookieStr
+                conf.parameters["Cookie"] = cookieStr.replace("%", "%%")
                 __paramDict = paramToDict("Cookie", cookieStr)
 
                 if __paramDict:

lib/core/common.py

@@ -229,6 +229,9 @@ def dataToStdout(data):
 
 
 def dataToSessionFile(data):
+    if not conf.sessionFile:
+        return
+
     conf.sessionFP.write(data)
     conf.sessionFP.flush()
 
@@ -494,7 +497,7 @@ def parseTargetUrl():
         conf.port = 80
 
     if __urlSplit[3]:
-        conf.parameters["GET"] = __urlSplit[3]
+        conf.parameters["GET"] = __urlSplit[3].replace("%", "%%")
 
     conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)
 

lib/core/session.py

@@ -40,9 +40,8 @@ def setString():
     """
 
     condition = (
-                  conf.sessionFile and ( not kb.resumedQueries
+                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                  or ( kb.resumedQueries.has_key(conf.url) and
+                  not kb.resumedQueries[conf.url].has_key("String") )
-                  not kb.resumedQueries[conf.url].has_key("String") ) )
                 )
 
     if condition:
@@ -59,8 +58,7 @@ def setInjection():
         kb.injParameter = conf.agent
 
     condition = (
-                  kb.injPlace and kb.injParameter and
+                  kb.injPlace and kb.injParameter and ( not kb.resumedQueries
-                  conf.sessionFile and ( not kb.resumedQueries
                   or ( kb.resumedQueries.has_key(conf.url) and
                   ( not kb.resumedQueries[conf.url].has_key("Injection point") 
                   or not kb.resumedQueries[conf.url].has_key("Injection parameter")
@@ -82,9 +80,8 @@ def setParenthesis(parenthesisCount):
     """
 
     condition = (
-                  conf.sessionFile and ( not kb.resumedQueries
+                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                  or ( kb.resumedQueries.has_key(conf.url) and
+                  not kb.resumedQueries[conf.url].has_key("Parenthesis") )
-                  not kb.resumedQueries[conf.url].has_key("Parenthesis") ) )
                 )
 
     if condition:
@@ -101,9 +98,9 @@ def setDbms(dbms):
     """
 
     condition = (
-                  conf.sessionFile and ( not kb.resumedQueries
+                  not kb.resumedQueries
                   or ( kb.resumedQueries.has_key(conf.url) and
-                  not kb.resumedQueries[conf.url].has_key("DBMS") ) )
+                  not kb.resumedQueries[conf.url].has_key("DBMS") )
                 )
 
     if condition:
@@ -133,11 +130,10 @@ def setUnion(comment=None, count=None, position=None):
 
     if comment and count:
         condition = (
-                      conf.sessionFile and ( not kb.resumedQueries
+                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                      or ( kb.resumedQueries.has_key(conf.url) and
                       ( not kb.resumedQueries[conf.url].has_key("Union comment") 
                       or not kb.resumedQueries[conf.url].has_key("Union count")
-                      ) ) )
+                      ) )
                     )
 
         if condition:
@@ -149,10 +145,9 @@ def setUnion(comment=None, count=None, position=None):
 
     elif position:
         condition = (
-                      conf.sessionFile and ( not kb.resumedQueries
+                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                      or ( kb.resumedQueries.has_key(conf.url) and
                       ( not kb.resumedQueries[conf.url].has_key("Union position")
-                      ) ) )
+                      ) )
                     )
 
         if condition:

lib/core/target.py

@@ -66,7 +66,7 @@ def __setRequestParams():
         raise sqlmapSyntaxException, errMsg
 
     if conf.data:
-        conf.parameters["POST"] = conf.data
+        conf.parameters["POST"] = conf.data.replace("%", "%%")
         __paramDict = paramToDict("POST", conf.data)
 
         if __paramDict:
@@ -75,7 +75,7 @@ def __setRequestParams():
 
     # Perform checks on Cookie parameters
     if conf.cookie:
-        conf.parameters["Cookie"] = conf.cookie
+        conf.parameters["Cookie"] = conf.cookie.replace("%", "%%")
         __paramDict = paramToDict("Cookie", conf.cookie)
 
         if __paramDict:
@@ -86,7 +86,7 @@ def __setRequestParams():
     if conf.httpHeaders:
         for httpHeader, headerValue in conf.httpHeaders:
             if httpHeader == "User-Agent":
-                conf.parameters["User-Agent"] = headerValue
+                conf.parameters["User-Agent"] = headerValue.replace("%", "%%")
 
                 condition  = not conf.testParameter
                 condition |= "User-Agent" in conf.testParameter

lib/request/connect.py

@@ -87,14 +87,14 @@ class Connect:
                 get = conf.parameters["GET"]
 
             if get:
-                get = urlencode(get)
+                get = urlencode(get).replace("%%", "%")
                 url = "%s?%s" % (url, get)
                 requestMsg += "?%s" % get
         elif conf.method == "POST":
             if conf.parameters.has_key("POST") and not post:
                 post = conf.parameters["POST"]
 
-            post = urlencode(post)
+            post = urlencode(post).replace("%%", "%")
 
         requestMsg += " HTTP/1.1"
 
@@ -113,7 +113,7 @@ class Connect:
                 if not cookieStr:
                     cookieStr = "Cookie: "
 
-                cookie = str(cookie)
+                cookie = str(cookie).replace("%%", "%")
                 index  = cookie.index(" for ")
 
                 cookieStr += "%s; " % cookie[8:index]

lib/request/inject.py

@@ -55,8 +55,7 @@ def __getFieldsProxy(expression):
 def __goInference(payload, expression):
     start   = time.time()
 
-    if conf.sessionFile:
+    dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression))
-        dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression))
 
     if ( conf.eta or conf.threads > 1 ) and kb.dbms:
         _, length, _ = queryOutputLength(expression, payload)
@@ -326,7 +325,7 @@ def __goInband(expression):
 
             output = re.findall(regExpr, output, re.S)
 
-            if conf.sessionFile and ( partial or not condition ):
+            if partial or not condition:
                 logOutput = "".join(["__START__%s__STOP__" % replaceNewlineTabs(value) for value in output])
                 dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, logOutput))
 

lib/techniques/inference/blind.py

@@ -92,9 +92,7 @@ def bisection(payload, expression, length=None):
             queriesCount[0] += 1
             limit = ((maxValue + minValue) / 2)
 
-            # TODO: find a cleaner way to do this
+            forgedPayload = payload % (expressionUnescaped, idx, limit)
-            forgedPayload = payload.replace("%", "%%", 1) % (expressionUnescaped, idx, limit)
-            forgedPayload = forgedPayload.replace("%%", "%")
 
             result = Request.queryPage(forgedPayload)
 
@@ -175,8 +173,7 @@ def bisection(payload, expression, length=None):
 
         assert index[0] == length
 
-        if conf.sessionFile:
+        dataToSessionFile(replaceNewlineTabs(value))
-            dataToSessionFile(replaceNewlineTabs(value))
 
         if conf.verbose in ( 1, 2 ) and not showEta:
             dataToStdout("\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), value))
@@ -195,8 +192,7 @@ def bisection(payload, expression, length=None):
 
             value += val
 
-            if conf.sessionFile:
+            dataToSessionFile(replaceNewlineTabs(val))
-                dataToSessionFile(replaceNewlineTabs(val))
 
             if showEta:
                 etaProgressUpdate(time.time() - charStart, index)
@@ -210,7 +206,6 @@ def bisection(payload, expression, length=None):
         infoMsg = "retrieved: %s" % value
         logger.info(infoMsg)
 
-    if conf.sessionFile:
+    dataToSessionFile("]\n")
-        dataToSessionFile("]\n")
 
     return queriesCount[0], value

lib/utils/resume.py

@@ -146,8 +146,7 @@ def resume(expression, payload):
         infoMsg += "%s" % resumedValue.split("\n")[0]
         logger.info(infoMsg)
 
-        if conf.sessionFile:
+        dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
-            dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
 
         return resumedValue
     elif len(resumedValue) < int(length):
@@ -155,8 +154,7 @@ def resume(expression, payload):
         infoMsg += "%s..." % resumedValue.split("\n")[0]
         logger.info(infoMsg)
 
-        if conf.sessionFile:
+        dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
-            dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
 
         if select:
             newExpr = expressionUnescaped.replace(regExpr, substringQuery % (regExpr, len(resumedValue) + 1, int(length)), 1)