Implemented a better way to deal with % characters in parameters' value. Minor code restyle.

2024-11-22 09:36:35 +03:00 · 2008-10-16 15:31:02 +00:00 · 2008-10-16 15:31:02 +00:00 · a5b2366033
commit a5b2366033
parent d664f0387e
8 changed files with 30 additions and 40 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -149,7 +149,7 @@ def start():

            if setCookieAsInjectable:
                conf.httpHeaders.append(("Cookie", cookieStr))
-                conf.parameters["Cookie"] = cookieStr
+                conf.parameters["Cookie"] = cookieStr.replace("%", "%%")
                __paramDict = paramToDict("Cookie", cookieStr)

                if __paramDict:
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -229,6 +229,9 @@ def dataToStdout(data):


 def dataToSessionFile(data):
+    if not conf.sessionFile:
+        return
+
    conf.sessionFP.write(data)
    conf.sessionFP.flush()

@ -494,7 +497,7 @@ def parseTargetUrl():
        conf.port = 80

    if __urlSplit[3]:
-        conf.parameters["GET"] = __urlSplit[3]
+        conf.parameters["GET"] = __urlSplit[3].replace("%", "%%")

    conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)

--- a/lib/core/session.py
+++ b/lib/core/session.py
@ -40,9 +40,8 @@ def setString():
    """

    condition = (
-                  conf.sessionFile and ( not kb.resumedQueries
-                  or ( kb.resumedQueries.has_key(conf.url) and
-                  not kb.resumedQueries[conf.url].has_key("String") ) )
+                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
+                  not kb.resumedQueries[conf.url].has_key("String") )
                )

    if condition:
@ -59,8 +58,7 @@ def setInjection():
        kb.injParameter = conf.agent

    condition = (
-                  kb.injPlace and kb.injParameter and
-                  conf.sessionFile and ( not kb.resumedQueries
+                  kb.injPlace and kb.injParameter and ( not kb.resumedQueries
                  or ( kb.resumedQueries.has_key(conf.url) and
                  ( not kb.resumedQueries[conf.url].has_key("Injection point") 
                  or not kb.resumedQueries[conf.url].has_key("Injection parameter")
@ -82,9 +80,8 @@ def setParenthesis(parenthesisCount):
    """

    condition = (
-                  conf.sessionFile and ( not kb.resumedQueries
-                  or ( kb.resumedQueries.has_key(conf.url) and
-                  not kb.resumedQueries[conf.url].has_key("Parenthesis") ) )
+                  not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
+                  not kb.resumedQueries[conf.url].has_key("Parenthesis") )
                )

    if condition:
@ -101,9 +98,9 @@ def setDbms(dbms):
    """

    condition = (
-                  conf.sessionFile and ( not kb.resumedQueries
+                  not kb.resumedQueries
                  or ( kb.resumedQueries.has_key(conf.url) and
-                  not kb.resumedQueries[conf.url].has_key("DBMS") ) )
+                  not kb.resumedQueries[conf.url].has_key("DBMS") )
                )

    if condition:
@ -133,11 +130,10 @@ def setUnion(comment=None, count=None, position=None):

    if comment and count:
        condition = (
-                      conf.sessionFile and ( not kb.resumedQueries
-                      or ( kb.resumedQueries.has_key(conf.url) and
+                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
                      ( not kb.resumedQueries[conf.url].has_key("Union comment") 
                      or not kb.resumedQueries[conf.url].has_key("Union count")
-                      ) ) )
+                      ) )
                    )

        if condition:
@ -149,10 +145,9 @@ def setUnion(comment=None, count=None, position=None):

    elif position:
        condition = (
-                      conf.sessionFile and ( not kb.resumedQueries
-                      or ( kb.resumedQueries.has_key(conf.url) and
+                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
                      ( not kb.resumedQueries[conf.url].has_key("Union position")
-                      ) ) )
+                      ) )
                    )

        if condition:
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -66,7 +66,7 @@ def __setRequestParams():
        raise sqlmapSyntaxException, errMsg

    if conf.data:
-        conf.parameters["POST"] = conf.data
+        conf.parameters["POST"] = conf.data.replace("%", "%%")
        __paramDict = paramToDict("POST", conf.data)

        if __paramDict:
@ -75,7 +75,7 @@ def __setRequestParams():

    # Perform checks on Cookie parameters
    if conf.cookie:
-        conf.parameters["Cookie"] = conf.cookie
+        conf.parameters["Cookie"] = conf.cookie.replace("%", "%%")
        __paramDict = paramToDict("Cookie", conf.cookie)

        if __paramDict:
@ -86,7 +86,7 @@ def __setRequestParams():
    if conf.httpHeaders:
        for httpHeader, headerValue in conf.httpHeaders:
            if httpHeader == "User-Agent":
-                conf.parameters["User-Agent"] = headerValue
+                conf.parameters["User-Agent"] = headerValue.replace("%", "%%")

                condition  = not conf.testParameter
                condition |= "User-Agent" in conf.testParameter
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -87,14 +87,14 @@ class Connect:
                get = conf.parameters["GET"]

            if get:
-                get = urlencode(get)
+                get = urlencode(get).replace("%%", "%")
                url = "%s?%s" % (url, get)
                requestMsg += "?%s" % get
        elif conf.method == "POST":
            if conf.parameters.has_key("POST") and not post:
                post = conf.parameters["POST"]

-            post = urlencode(post)
+            post = urlencode(post).replace("%%", "%")

        requestMsg += " HTTP/1.1"

@ -113,7 +113,7 @@ class Connect:
                if not cookieStr:
                    cookieStr = "Cookie: "

-                cookie = str(cookie)
+                cookie = str(cookie).replace("%%", "%")
                index  = cookie.index(" for ")

                cookieStr += "%s; " % cookie[8:index]
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -55,7 +55,6 @@ def __getFieldsProxy(expression):
 def __goInference(payload, expression):
    start   = time.time()

-    if conf.sessionFile:
    dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression))

    if ( conf.eta or conf.threads > 1 ) and kb.dbms:
@ -326,7 +325,7 @@ def __goInband(expression):

            output = re.findall(regExpr, output, re.S)

-            if conf.sessionFile and ( partial or not condition ):
+            if partial or not condition:
                logOutput = "".join(["__START__%s__STOP__" % replaceNewlineTabs(value) for value in output])
                dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, logOutput))

--- a/lib/techniques/inference/blind.py
+++ b/lib/techniques/inference/blind.py
@ -92,9 +92,7 @@ def bisection(payload, expression, length=None):
            queriesCount[0] += 1
            limit = ((maxValue + minValue) / 2)

-            # TODO: find a cleaner way to do this
-            forgedPayload = payload.replace("%", "%%", 1) % (expressionUnescaped, idx, limit)
-            forgedPayload = forgedPayload.replace("%%", "%")
+            forgedPayload = payload % (expressionUnescaped, idx, limit)

            result = Request.queryPage(forgedPayload)

@ -175,7 +173,6 @@ def bisection(payload, expression, length=None):

        assert index[0] == length

-        if conf.sessionFile:
        dataToSessionFile(replaceNewlineTabs(value))

        if conf.verbose in ( 1, 2 ) and not showEta:
@ -195,7 +192,6 @@ def bisection(payload, expression, length=None):

            value += val

-            if conf.sessionFile:
            dataToSessionFile(replaceNewlineTabs(val))

            if showEta:
@ -210,7 +206,6 @@ def bisection(payload, expression, length=None):
        infoMsg = "retrieved: %s" % value
        logger.info(infoMsg)

-    if conf.sessionFile:
    dataToSessionFile("]\n")

    return queriesCount[0], value
--- a/lib/utils/resume.py
+++ b/lib/utils/resume.py
@ -146,7 +146,6 @@ def resume(expression, payload):
        infoMsg += "%s" % resumedValue.split("\n")[0]
        logger.info(infoMsg)

-        if conf.sessionFile:
        dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))

        return resumedValue
@ -155,7 +154,6 @@ def resume(expression, payload):
        infoMsg += "%s..." % resumedValue.split("\n")[0]
        logger.info(infoMsg)

-        if conf.sessionFile:
        dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))

        if select: