From c9f0c75030d7b4c6a9884632694da8e867a73539 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 15 Oct 2010 12:52:33 +0000 Subject: [PATCH] removed --space (usage of tampering modules is now a prefered way to do it) --- lib/core/agent.py | 25 ++++++++++++------------- lib/core/common.py | 6 ------ lib/core/optiondict.py | 1 - lib/parse/cmdline.py | 3 --- sqlmap.conf | 3 --- 5 files changed, 12 insertions(+), 26 deletions(-) diff --git a/lib/core/agent.py b/lib/core/agent.py index 4835355ba..8a3a3e7a8 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -14,7 +14,6 @@ from xml.etree import ElementTree as ET from lib.core.common import getInjectionCase from lib.core.common import randomInt from lib.core.common import randomStr -from lib.core.common import replaceSpaces from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb @@ -106,7 +105,7 @@ class Agent: retValue = paramString.replace("%s=%s" % (parameter, value), "%s=%s" % (parameter, newValue)) - return replaceSpaces(retValue) + return retValue def fullPayload(self, query): if conf.direct: @@ -147,7 +146,7 @@ class Agent: query += string - return replaceSpaces(query) + return query def postfixQuery(self, string, comment=None): """ @@ -180,7 +179,7 @@ class Agent: else: string += case.usage.postfix.format % eval(case.usage.postfix.params) - return replaceSpaces(string) + return string def nullAndCastField(self, field): """ @@ -215,7 +214,7 @@ class Agent: # SQLite version 2 does not support neither CAST() nor IFNULL(), # introduced only in SQLite version 3 if kb.dbms == "SQLite": - return replaceSpaces(field) + return field if field.startswith("(CASE"): nulledCastedField = field @@ -223,7 +222,7 @@ class Agent: nulledCastedField = queries[kb.dbms].cast % field nulledCastedField = queries[kb.dbms].isnull % nulledCastedField - return replaceSpaces(nulledCastedField) + return nulledCastedField def nullCastConcatFields(self, fields): """ @@ -256,7 +255,7 @@ class Agent: """ if not kb.dbmsDetected: - return replaceSpaces(fields) + return fields fields = fields.replace(", ", ",") fieldsSplitted = fields.split(",") @@ -269,7 +268,7 @@ class Agent: delimiterStr = "%s'%s'%s" % (dbmsDelimiter, temp.delimiter, dbmsDelimiter) nulledCastedConcatFields = delimiterStr.join([field for field in nulledCastedFields]) - return replaceSpaces(nulledCastedConcatFields) + return nulledCastedConcatFields def getFields(self, query): """ @@ -328,7 +327,7 @@ class Agent: elif kb.dbms == "Microsoft SQL Server": concatenatedQuery = "%s+%s" % (query1, query2) - return replaceSpaces(concatenatedQuery) + return concatenatedQuery def concatQuery(self, query, unpack=True): """ @@ -413,7 +412,7 @@ class Agent: elif fieldsNoSelect: concatenatedQuery = "'%s'+%s+'%s'" % (temp.start, concatenatedQuery, temp.stop) - return replaceSpaces(concatenatedQuery) + return concatenatedQuery def forgeInbandQuery(self, query, exprPosition=None, nullChar="NULL"): """ @@ -491,7 +490,7 @@ class Agent: inbandQuery = self.postfixQuery(inbandQuery, kb.unionComment) - return replaceSpaces(inbandQuery) + return inbandQuery def limitQuery(self, num, query, field=None): """ @@ -583,7 +582,7 @@ class Agent: if orderBy: limitedQuery += orderBy - return replaceSpaces(limitedQuery) + return limitedQuery def forgeCaseStatement(self, expression): """ @@ -602,7 +601,7 @@ class Agent: @rtype: C{str} """ - return replaceSpaces(queries[kb.dbms].case % expression) + return queries[kb.dbms].case % expression # SQL agent agent = Agent() diff --git a/lib/core/common.py b/lib/core/common.py index db389eda0..d9b0b2690 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1467,12 +1467,6 @@ def longestCommonPrefix(*sequences): def commonFinderOnly(initial, sequence): return longestCommonPrefix(*filter(lambda x: x.startswith(initial), sequence)) -def replaceSpaces(query): - if query: - return query if conf.space is None else query.replace(' ', conf.space) - else: - return query - def pushValue(value): kb.valueStack.append(value) diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 95346114a..f9ff72356 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -59,7 +59,6 @@ optDict = { "eRegexp": "string", "thold": "float", "useBetween": "boolean", - "space": "string", }, "Techniques": { diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index 5d25c9ea3..b0cdab7cd 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -182,9 +182,6 @@ def cmdLineParser(): action="store_true", default=False, help="Compare pages based only on their textual content") - injection.add_option("--space", dest="space", - help="Use defined string for space instead of standard ' '") - injection.add_option("--use-between", dest="useBetween", action="store_true", default=False, help="Use operator BETWEEN instead of default '>'") diff --git a/sqlmap.conf b/sqlmap.conf index de38b6b2b..eb90fd83a 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -200,9 +200,6 @@ thold = # Valid: True or False useBetween = False -# Use defined string for space instead of standard ' ' -space = - # These options can be used to test for specific SQL injection technique # or to use one of them to exploit the affected parameter(s) rather than # using the default blind SQL injection technique.