From eafab03d991565161e8dbb24183d24d2f2c7bc7e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Apr 2011 13:53:56 +0000 Subject: [PATCH] safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars) --- lib/core/convert.py | 29 +++++++++++++++++++++++++++++ lib/core/replication.py | 4 +++- lib/core/settings.py | 3 +++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/lib/core/convert.py b/lib/core/convert.py index a83a38b5b..d7c49cbf1 100644 --- a/lib/core/convert.py +++ b/lib/core/convert.py @@ -22,6 +22,7 @@ import urllib from lib.core.data import conf from lib.core.data import logger +from lib.core.settings import HEX_ENCODED_CHAR_REGEX from lib.core.settings import UNICODE_ENCODING from lib.core.settings import URLENCODE_CHAR_LIMIT from lib.core.settings import URLENCODE_FAILSAFE_CHARS @@ -145,11 +146,39 @@ def safecharencode(value): """ retVal = value + if isinstance(value, basestring): retVal = reduce(lambda x, y: x + (y if (y in string.printable or ord(y) > 255) else '\%02x' % ord(y)), value, unicode()) for char in "\t\n\r\x0b\x0c": retVal = retVal.replace(char, repr(char).strip('\'')) + elif isinstance(value, list): for i in xrange(len(value)): retVal[i] = safecharencode(value[i]) + + return retVal + +def safechardecode(value): + """ + Reverse function to safecharencode + """ + + retVal = value + if isinstance(value, basestring): + for char in "\t\n\r\x0b\x0c": + retVal = retVal.replace(repr(char).strip('\''), char) + + regex = re.compile(HEX_ENCODED_CHAR_REGEX) + + while True: + match = regex.search(retVal) + if match: + retVal = retVal.replace(match.group("result"), unhexlify(value.lstrip('\\'))) + else: + break + + elif isinstance(value, list): + for i in xrange(len(value)): + retVal[i] = safechardecode(value[i]) + return retVal diff --git a/lib/core/replication.py b/lib/core/replication.py index d15957b8b..68f59ca0e 100644 --- a/lib/core/replication.py +++ b/lib/core/replication.py @@ -7,6 +7,7 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ +from lib.core.convert import safechardecode from lib.core.exception import sqlmapMissingDependence from lib.core.exception import sqlmapValueException @@ -63,8 +64,9 @@ class Replication: """ This function is used for inserting row(s) into current table. """ + if len(values) == len(self.columns): - self.parent.cursor.execute('INSERT INTO %s VALUES (%s)' % (self.name, ','.join(['?']*len(values))), values) + self.parent.cursor.execute('INSERT INTO %s VALUES (%s)' % (self.name, ','.join(['?']*len(values))), safechardecode(values)) else: errMsg = "wrong number of columns used in replicating insert" raise sqlmapValueException, errMsg diff --git a/lib/core/settings.py b/lib/core/settings.py index cd158a71a..efe32625c 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -304,3 +304,6 @@ MAX_INT = sys.maxint # Parameters to be ignored in detection phase (upper case) IGNORE_PARAMETERS = ("__VIEWSTATE", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN") + +# Regex used for recognition of hex encoded characters +HEX_ENCODED_CHAR_REGEX = r"(?P\\[0-9A-Fa-f]{2})"