safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)

2024-11-25 11:03:47 +03:00 · 2011-04-14 13:53:56 +00:00 · 2011-04-14 13:53:56 +00:00 · eafab03d99
commit eafab03d99
parent 30bfefd638
3 changed files with 35 additions and 1 deletions
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@ -22,6 +22,7 @@ import urllib

 from lib.core.data import conf
 from lib.core.data import logger
+from lib.core.settings import HEX_ENCODED_CHAR_REGEX
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import URLENCODE_CHAR_LIMIT
 from lib.core.settings import URLENCODE_FAILSAFE_CHARS
@ -145,11 +146,39 @@ def safecharencode(value):
    """

    retVal = value
+
    if isinstance(value, basestring):
        retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\%02x' % ord(y)), value, unicode())
        for char in "\t\n\r\x0b\x0c":
            retVal = retVal.replace(char, repr(char).strip('\''))
+
    elif isinstance(value, list):
        for i in xrange(len(value)):
            retVal[i] = safecharencode(value[i])
+
+    return retVal
+
+def safechardecode(value):
+    """
+    Reverse function to safecharencode
+    """
+
+    retVal = value
+    if isinstance(value, basestring):
+        for char in "\t\n\r\x0b\x0c":
+            retVal = retVal.replace(repr(char).strip('\''), char)
+
+        regex = re.compile(HEX_ENCODED_CHAR_REGEX)
+
+        while True:
+            match = regex.search(retVal)
+            if match:
+                retVal = retVal.replace(match.group("result"), unhexlify(value.lstrip('\\')))
+            else:
+                break
+
+    elif isinstance(value, list):
+        for i in xrange(len(value)):
+            retVal[i] = safechardecode(value[i])
+
    return retVal
--- a/lib/core/replication.py
+++ b/lib/core/replication.py
@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
 See the file 'doc/COPYING' for copying permission
 """

+from lib.core.convert import safechardecode
 from lib.core.exception import sqlmapMissingDependence
 from lib.core.exception import sqlmapValueException

@ -63,8 +64,9 @@ class Replication:
            """
            This function is used for inserting row(s) into current table.
            """
+
            if len(values) == len(self.columns):
-                self.parent.cursor.execute('INSERT INTO %s VALUES (%s)' % (self.name, ','.join(['?']*len(values))), values)
+                self.parent.cursor.execute('INSERT INTO %s VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values))
            else:
                errMsg = "wrong number of columns used in replicating insert"
                raise sqlmapValueException, errMsg
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -304,3 +304,6 @@ MAX_INT = sys.maxint

 # Parameters to be ignored in detection phase (upper case)
 IGNORE_PARAMETERS = ("__VIEWSTATE", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
+
+# Regex used for recognition of hex encoded characters
+HEX_ENCODED_CHAR_REGEX = r"(?P<result>\\[0-9A-Fa-f]{2})"