diff --git a/lib/core/settings.py b/lib/core/settings.py index d7862e86b..3a0e74484 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.11.16" +VERSION = "1.4.11.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/chunkedhandler.py b/lib/request/chunkedhandler.py index 243b4a643..90525d2e1 100644 --- a/lib/request/chunkedhandler.py +++ b/lib/request/chunkedhandler.py @@ -6,6 +6,7 @@ See the file 'LICENSE' for copying permission """ from lib.core.data import conf +from lib.core.enums import HTTP_HEADER from thirdparty.six.moves import urllib as _urllib class ChunkedHandler(_urllib.request.HTTPHandler): @@ -20,20 +21,17 @@ class ChunkedHandler(_urllib.request.HTTPHandler): if request.data is not None: # POST data = request.data - if not request.has_header("Content-type"): - request.add_unredirected_header( - "Content-type", - "application/x-www-form-urlencoded") - if not request.has_header("Content-length") and not conf.chunked: - request.add_unredirected_header( - "Content-length", "%d" % len(data)) + if not request.has_header(HTTP_HEADER.CONTENT_TYPE): + request.add_unredirected_header(HTTP_HEADER.CONTENT_TYPE, "application/x-www-form-urlencoded") + if not request.has_header(HTTP_HEADER.CONTENT_LENGTH) and not conf.chunked: + request.add_unredirected_header(HTTP_HEADER.CONTENT_LENGTH, "%d" % len(data)) sel_host = host if request.has_proxy(): sel_host = _urllib.parse.urlsplit(request.get_selector()).netloc - if not request.has_header("Host"): - request.add_unredirected_header("Host", sel_host) + if not request.has_header(HTTP_HEADER.HOST): + request.add_unredirected_header(HTTP_HEADER.HOST, sel_host) for name, value in self.parent.addheaders: name = name.capitalize() if not request.has_header(name): diff --git a/lib/request/connect.py b/lib/request/connect.py index bcbed1724..a82618955 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -222,7 +222,7 @@ class Connect(object): try: part = conn.read(MAX_CONNECTION_READ_SIZE) except AssertionError: - part = "" + part = b"" if len(part) == MAX_CONNECTION_READ_SIZE: warnMsg = "large response detected. This could take a while" diff --git a/lib/request/direct.py b/lib/request/direct.py index ea64470f3..83fd9b805 100644 --- a/lib/request/direct.py +++ b/lib/request/direct.py @@ -45,8 +45,9 @@ def direct(query, content=True): break if select: - if not query.upper().startswith("SELECT "): + if re.search(r"(?i)\ASELECT ", query) is None: query = "SELECT %s" % query + if conf.binaryFields: for field in conf.binaryFields: field = field.strip() @@ -58,7 +59,7 @@ def direct(query, content=True): output = hashDBRetrieve(query, True, True) start = time.time() - if not select and "EXEC " not in query.upper(): + if not select and re.search(r"(?i)\bEXEC ", query) is None: timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None) elif not (output and ("%soutput" % conf.tablePrefix) not in query and ("%sfile" % conf.tablePrefix) not in query): output, state = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None) diff --git a/lib/request/dns.py b/lib/request/dns.py index c7be4aba9..301d3d002 100644 --- a/lib/request/dns.py +++ b/lib/request/dns.py @@ -76,17 +76,20 @@ class DNSServer(object): self._check_localhost() self._requests = [] self._lock = threading.Lock() + try: self._socket = socket._orig_socket(socket.AF_INET, socket.SOCK_DGRAM) except AttributeError: self._socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + self._socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self._socket.bind(("", 53)) self._running = False self._initialized = False def _check_localhost(self): - response = "" + response = b"" + try: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.connect(("", 53)) @@ -96,7 +99,7 @@ class DNSServer(object): pass finally: if response and b"google" in response: - raise socket.error("another DNS service already running on *:53") + raise socket.error("another DNS service already running on '0.0.0.0:53'") def pop(self, prefix=None, suffix=None): """ diff --git a/lib/request/redirecthandler.py b/lib/request/redirecthandler.py index 049108189..f3d0bc960 100644 --- a/lib/request/redirecthandler.py +++ b/lib/request/redirecthandler.py @@ -13,6 +13,7 @@ from lib.core.common import getHostHeader from lib.core.common import getSafeExString from lib.core.common import logHTTPTraffic from lib.core.common import readInput +from lib.core.convert import getBytes from lib.core.convert import getUnicode from lib.core.data import conf from lib.core.data import kb @@ -64,8 +65,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler): self.redirect_request = self._redirect_request def _redirect_request(self, req, fp, code, msg, headers, newurl): - newurl = newurl.replace(' ', '%20') - return _urllib.request.Request(newurl, data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host()) + return _urllib.request.Request(newurl.replace(' ', '%20'), data=req.data, headers=req.headers, origin_req_host=req.get_origin_req_host()) def http_error_302(self, req, fp, code, msg, headers): start = time.time() @@ -75,7 +75,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler): try: content = fp.read(MAX_CONNECTION_TOTAL_SIZE) except: # e.g. IncompleteRead - content = "" + content = b"" finally: if content: try: # try to write it back to the read buffer so we could reuse it in further steps @@ -163,7 +163,7 @@ class SmartRedirectHandler(_urllib.request.HTTPRedirectHandler): retVal = getSafeExString(ex) # Note: pyflakes mistakenly marks 'ex' as undefined (NOTE: tested in both Python2 and Python3) except: retVal = "" - return retVal + return getBytes(retVal) result.read = types.MethodType(_, result)