Merge branch 'master' of github.com:sqlmapproject/sqlmap

2024-11-22 17:46:37 +03:00 · 2013-01-19 18:04:38 +00:00 · 2013-01-19 18:04:38 +00:00 · f89b25fdb6
commit f89b25fdb6
parent adf97e630f 9ce2395405
4 changed files with 24 additions and 16 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1984,7 +1984,7 @@ def findMultipartPostBoundary(post):

    return retVal

-def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False):
+def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CHAR, convall=False, plusspace=True):
    result = value

    if value:
@ -2002,14 +2002,16 @@ def urldecode(value, encoding=None, unsafe="%%&=;+%s" % CUSTOM_INJECTION_MARK_CH
                    char = chr(ord(match.group(1).decode("hex")))
                    return char if char in charset else match.group(0)
                result = re.sub("%([0-9a-fA-F]{2})", _, value)
-                result = result.replace("+", " ")  # plus sign has a special meaning in url encoded data (hence the usage of urllib.unquote_plus in convall case)
+
+                if plusspace:
+                    result = result.replace("+", " ")  # plus sign has a special meaning in url encoded data (hence the usage of urllib.unquote_plus in convall case)

    if isinstance(result, str):
        result = unicode(result, encoding or UNICODE_ENCODING, "replace")

    return result

-def urlencode(value, safe="%&=", convall=False, limit=False):
+def urlencode(value, safe="%&=", convall=False, limit=False, spaceplus=False):
    if conf.direct:
        return value

@ -2041,6 +2043,9 @@ def urlencode(value, safe="%&=", convall=False, limit=False):
            else:
                break

+        if spaceplus:
+            result = result.replace(urllib.quote(' '), '+')
+
    return result

 def runningAsAdmin():
@ -3021,7 +3026,7 @@ def findPageForms(content, url, raise_=False, addToTargets=False):
                url = urldecode(request.get_full_url(), kb.pageEncoding)
                method = request.get_method()
                data = request.get_data() if request.has_data() else None
-                data = urldecode(data, kb.pageEncoding) if data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data
+                data = urldecode(data, kb.pageEncoding, plusspace=False)

                if not data and method and method.upper() == HTTPMETHOD.POST:
                    debugMsg = "invalid POST form with blank data detected"
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -304,7 +304,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):
                    # Avoid to add a static content length header to
                    # conf.httpHeaders and consider the following lines as
                    # POSTed data
-                    if key == HTTPHEADER.CONTENT_LENGTH:
+                    if key.upper() == HTTPHEADER.CONTENT_LENGTH.upper():
                        params = True

                    # Avoid proxy and connection type related headers
@ -328,7 +328,7 @@ def _feedTargetsDict(reqFile, addedTargetUrls):

                if not(conf.scope and not re.search(conf.scope, url, re.I)):
                    if not kb.targets or url not in addedTargetUrls:
-                        kb.targets.add((url, method, urldecode(data) if data and urlencode(DEFAULT_GET_POST_DELIMITER, None) not in data else data, cookie))
+                        kb.targets.add((url, method, data, cookie))
                        addedTargetUrls.add(url)

    fp = openFile(reqFile, "rb")
@ -1361,15 +1361,6 @@ def _cleanupOptions():
    if conf.data:
        conf.data = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.data, re.I)

-        if re.search(r'%[0-9a-f]{2}', conf.data, re.I):
-            class _(unicode):
-                pass
-            original = conf.data
-            conf.data = _(urldecode(conf.data))
-            setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
-        else:
-            conf.data = urldecode(conf.data)
-
    if conf.url:
        conf.url = re.sub(INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.url, re.I)

@ -1591,6 +1582,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.safeCharEncode = False
    kb.singleLogFlags = set()
    kb.skipOthersDbms = None
+    kb.postSpaceToPlus = False
    kb.stickyDBMS = False
    kb.stickyLevel = None
    kb.suppressResumeInfo = False
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -47,6 +47,7 @@ from lib.core.settings import REFERER_ALIASES
 from lib.core.settings import RESULTS_FILE_FORMAT
 from lib.core.settings import SOAP_RECOGNITION_REGEX
 from lib.core.settings import SUPPORTED_DBMS
+from lib.core.settings import UNENCODED_ORIGINAL_VALUE
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.settings import UNKNOWN_DBMS_VERSION
 from lib.core.settings import URI_INJECTABLE_REGEX
@ -504,6 +505,16 @@ def initTargetEnv():
        _restoreCmdLineOptions()
        _setDBMS()

+    if conf.data:
+        class _(unicode):
+            pass
+
+        original = conf.data
+        conf.data = _(urldecode(conf.data))
+        setattr(conf.data, UNENCODED_ORIGINAL_VALUE, original)
+
+        kb.postSpaceToPlus = '+' in original
+
 def setupTargetEnv():
    _createTargetDirs()
    _setRequestParams()
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -745,7 +745,7 @@ class Connect(object):
            if place not in (PLACE.POST, PLACE.CUSTOM_POST) and hasattr(post, UNENCODED_ORIGINAL_VALUE):
                post = getattr(post, UNENCODED_ORIGINAL_VALUE)
            elif not skipUrlEncode and kb.postHint not in POST_HINT_CONTENT_TYPES.keys():
-                post = urlencode(post)
+                post = urlencode(post, spaceplus=kb.postSpaceToPlus)

        if timeBasedCompare:
            if len(kb.responseTimes) < MIN_TIME_RESPONSES: