sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Patch for an Issue #360

Browse Source
This commit is contained in:
Miroslav Stampar 2013-01-19 18:06:36 +01:00
parent 11e27f07e0
commit bb6b89fe93
4 changed files with 25 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/core/common.py
View File

@ -1959,7 +1959,7 @@ def findMultipartPostBoundary(post):
return retVal return retVal
def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False): def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False, plusspace=True):
result = value result = value
if value: if value:
@ -1977,14 +1977,16 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
char = chr(ord(match.group(1).decode("hex"))) char = chr(ord(match.group(1).decode("hex")))
return char if char in charset else match.group(0) return char if char in charset else match.group(0)
result = re.sub("%([0-9a-fA-F]{2})", _, value) result = re.sub("%([0-9a-fA-F]{2})", _, value)
result = result.replace("+", " ") # plus sign has a special meaning in url encoded data (hence the usage of urllib.unquote_plus in convall case)
if plusspace:
result = result.replace("+", " ") # plus sign has a special meaning in url encoded data (hence the usage of urllib.unquote_plus in convall case)
if isinstance(result, str): if isinstance(result, str):
result = unicode(result, encoding or UNICODE_ENCODING, "replace") result = unicode(result, encoding or UNICODE_ENCODING, "replace")
return result return result
def urlencode(value, safe="%&=", convall=False, limit=False): def urlencode(value, safe="%&=", convall=False, limit=False, spaceplus=False):
if conf.direct: if conf.direct:
return value return value
@ -2016,6 +2018,9 @@ def urlencode(value, safe="%&=", convall=False, limit=False):
else: else:
break break
if spaceplus:
result = result.replace(urllib.quote(' '), '+')
return result return result
def runningAsAdmin(): def runningAsAdmin():
@ -2996,7 +3001,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
url = urldecode(request.get_full_url(), kb.pageEncoding) url = urldecode(request.get_full_url(), kb.pageEncoding)
method = request.get_method() method = request.get_method()
data = request.get_data() if request.has_data() else None data = request.get_data() if request.has_data() else None
data = urldecode(data, kb.pageEncoding) if data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data data = urldecode(data, kb.pageEncoding, plusspace=False)
if not data and method and method.upper() == HTTPMETHOD.POST: if not data and method and method.upper() == HTTPMETHOD.POST:
debugMsg = "invalid POST form with blank data detected" debugMsg = "invalid POST form with blank data detected"

12
lib/core/option.py
View File

@ -328,7 +328,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
if not(conf.scope and not re.search(conf.scope, url, re.I)): if not(conf.scope and not re.search(conf.scope, url, re.I)):
if not kb.targets or url not in addedTargetUrls: if not kb.targets or url not in addedTargetUrls:
kb.targets.add((url, method, urldecode(data) if data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data, cookie)) kb.targets.add((url, method, data, cookie))
addedTargetUrls.add(url) addedTargetUrls.add(url)
fp = openFile(reqFile, "rb") fp = openFile(reqFile, "rb")
@ -1361,15 +1361,6 @@ def _cleanupOptions():
if conf.data: if conf.data:
conf.data = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.data, re.I) conf.data = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.data, re.I)
if re.search(r'%[0-9a-f]{2}', conf.data, re.I):
class _(unicode):
pass
original = conf.data
conf.data = _(urldecode(conf.data))
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
else:
conf.data = urldecode(conf.data)
if conf.url: if conf.url:
conf.url = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.url, re.I) conf.url = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.url, re.I)
@ -1591,6 +1582,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.safeCharEncode = False kb.safeCharEncode = False
kb.singleLogFlags = set() kb.singleLogFlags = set()
kb.skipOthersDbms = None kb.skipOthersDbms = None
kb.postSpaceToPlus = False
kb.stickyDBMS = False kb.stickyDBMS = False
kb.stickyLevel = None kb.stickyLevel = None
kb.suppressResumeInfo = False kb.suppressResumeInfo = False

13
lib/core/target.py
View File

@ -47,6 +47,7 @@ from lib.core.settings import REFERER_ALIASES
from lib.core.settings import RESULTS_FILE_FORMAT from lib.core.settings import RESULTS_FILE_FORMAT
from lib.core.settings import SOAP_RECOGNITION_REGEX from lib.core.settings import SOAP_RECOGNITION_REGEX
from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import SUPPORTED_DBMS
from lib.core.settings import UNENCODED_ORIGINAL_VALUE
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from lib.core.settings import UNKNOWN_DBMS_VERSION from lib.core.settings import UNKNOWN_DBMS_VERSION
from lib.core.settings import URI_INJECTABLE_REGEX from lib.core.settings import URI_INJECTABLE_REGEX
@ -504,6 +505,18 @@ def initTargetEnv():
_restoreCmdLineOptions() _restoreCmdLineOptions()
_setDBMS() _setDBMS()
if conf.data:
kb.postSpaceToPlus = '+' in conf.data
if re.search(r'%[0-9a-f]{2}', conf.data, re.I):
class _(unicode):
pass
original = conf.data
conf.data = _(urldecode(conf.data))
setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
else:
conf.data = urldecode(conf.data)
def setupTargetEnv(): def setupTargetEnv():
_createTargetDirs() _createTargetDirs()
_setRequestParams() _setRequestParams()

2
lib/request/connect.py
View File

@ -745,7 +745,7 @@ class Connect(object):
if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE): if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
post = getattr(post, UNENCODED_ORIGINAL_VALUE) post = getattr(post, UNENCODED_ORIGINAL_VALUE)
elif not skipUrlEncode and kb.postHint not in POST_HINT_CONTENT_TYPES.keys(): elif not skipUrlEncode and kb.postHint not in POST_HINT_CONTENT_TYPES.keys():
post = urlencode(post) post = urlencode(post, spaceplus=kb.postSpaceToPlus)
if timeBasedCompare: if timeBasedCompare:
if len(kb.responseTimes) < MIN_TIME_RESPONSES: if len(kb.responseTimes) < MIN_TIME_RESPONSES: