PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-15 20:29:04 +00:00
Code Issues Projects Releases Wiki Activity

Some more drei updates

Browse Source
This commit is contained in:
Miroslav Stampar
2019-05-02 23:51:54 +02:00
parent 291b491c3e
commit 1f05e85408
21 changed files with 142 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/bigarray.py
View File

@@ -90,7 +90,7 @@ class BigArray(list):
self.chunks[-1] = pickle.loads(bz2.decompress(f.read()))
except IOError as ex:
errMsg = "exception occurred while retrieving data "
errMsg += "from a temporary file ('%s')" % ex.message
errMsg += "from a temporary file ('%s')" % ex
raise SqlmapSystemException(errMsg)
return self.chunks[-1].pop()
@@ -112,7 +112,7 @@ class BigArray(list):
return filename
except (OSError, IOError) as ex:
errMsg = "exception occurred while storing data "
errMsg += "to a temporary file ('%s'). Please " % ex.message
errMsg += "to a temporary file ('%s'). Please " % ex
errMsg += "make sure that there is enough disk space left. If problem persists, "
errMsg += "try to set environment variable 'TEMP' to a location "
errMsg += "writeable by the current user"
@@ -129,7 +129,7 @@ class BigArray(list):
self.cache = Cache(index, pickle.loads(bz2.decompress(f.read())), False)
except Exception as ex:
errMsg = "exception occurred while retrieving data "
errMsg += "from a temporary file ('%s')" % ex.message
errMsg += "from a temporary file ('%s')" % ex
raise SqlmapSystemException(errMsg)
def __getstate__(self):

76
lib/core/common.py
View File

@@ -5,6 +5,7 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import base64
import binascii
import codecs
import collections
@@ -47,6 +48,8 @@ from extra.beep.beep import beep
from extra.cloak.cloak import decloak
from extra.safe2bin.safe2bin import safecharencode
from lib.core.bigarray import BigArray
from lib.core.compat import cmp
from lib.core.compat import round
from lib.core.compat import xrange
from lib.core.convert import base64pickle
from lib.core.convert import base64unpickle
@@ -179,7 +182,9 @@ from thirdparty.odict import OrderedDict
from thirdparty.six.moves import configparser as _configparser
from thirdparty.six.moves import http_client as _http_client
from thirdparty.six.moves import input as _input
from thirdparty.six.moves import reload_module as _reload_module
from thirdparty.six.moves import urllib as _urllib
from thirdparty.six.moves import zip as _zip
from thirdparty.termcolor.termcolor import colored
class UnicodeRawConfigParser(_configparser.RawConfigParser):
@@ -610,7 +615,7 @@ def paramToDict(place, parameters=None):
if parameter in (conf.base64Parameter or []):
try:
oldValue = value
value = value.decode("base64")
value = decodeBase64(value, binary=False)
parameters = re.sub(r"\b%s\b" % re.escape(oldValue), value, parameters)
except:
errMsg = "parameter '%s' does not contain " % parameter
@@ -2278,7 +2283,7 @@ def getFileItems(filename, commentPrefix='#', unicoded=True, lowercase=False, un
try:
with openFile(filename, 'r', errors="ignore") if unicoded else open(filename, 'r') as f:
for line in (f.readlines() if unicoded else f.xreadlines()): # xreadlines doesn't return unicode strings when codec.open() is used
for line in f:
if commentPrefix:
if line.find(commentPrefix) != -1:
line = line[:line.find(commentPrefix)]
@@ -2452,15 +2457,39 @@ def getUnicode(value, encoding=None, noneToNull=False):
except UnicodeDecodeError:
return six.text_type(str(value), errors="ignore") # encoding ignored for non-basestring instances
def decodeHex(value):
def decodeHex(value, binary=True):
"""
Returns byte representation of provided hexadecimal value
Returns a decoded representation of provided hexadecimal value
>>> decodeHex("313233") == b"123"
True
>>> decodeHex("313233", binary=False) == u"123"
True
"""
return bytes.fromhex(getUnicode(value)) if hasattr(bytes, "fromhex") else value.decode("hex")
retVal = codecs.decode(value, "hex")
if not binary:
retVal = getUnicode(retVal)
return retVal
def decodeBase64(value, binary=True):
"""
Returns a decoded representation of provided Base64 value
>>> decodeBase64("MTIz") == b"123"
True
>>> decodeBase64("MTIz", binary=False) == u"123"
True
"""
retVal = base64.b64decode(value)
if not binary:
retVal = getUnicode(retVal)
return retVal
def getBytes(value, encoding=UNICODE_ENCODING, errors="strict"):
"""
@@ -2475,7 +2504,7 @@ def getBytes(value, encoding=UNICODE_ENCODING, errors="strict"):
if isinstance(value, six.text_type):
if INVALID_UNICODE_PRIVATE_AREA:
for char in xrange(0xF0000, 0xF00FF + 1):
value = value.replace(unichr(char), "%s%02x" % (SAFE_HEX_MARKER, char - 0xF0000))
value = value.replace(six.unichr(char), "%s%02x" % (SAFE_HEX_MARKER, char - 0xF0000))
retVal = value.encode(encoding, errors)
retVal = re.sub(r"%s([0-9a-f]{2})" % SAFE_HEX_MARKER, lambda _: decodeHex(_.group(1)), retVal)
@@ -2525,7 +2554,13 @@ def longestCommonPrefix(*sequences):
return sequences[0]
def commonFinderOnly(initial, sequence):
return longestCommonPrefix(*filter(lambda _: _.startswith(initial), sequence))
"""
Returns parts of sequence which start with the given initial string
>>> commonFinderOnly("abcd", ["abcdefg", "foobar", "abcde"])
['abcdefg', 'abcde']
"""
return longestCommonPrefix([_ for _ in sequence if _.startswith(initial)])
def pushValue(value):
"""
@@ -2811,13 +2846,13 @@ def runningAsAdmin():
if PLATFORM in ("posix", "mac"):
_ = os.geteuid()
isAdmin = isinstance(_, (int, float, long)) and _ == 0
isAdmin = isinstance(_, (float, six.integer_types)) and _ == 0
elif IS_WIN:
import ctypes
_ = ctypes.windll.shell32.IsUserAnAdmin()
isAdmin = isinstance(_, (int, float, long)) and _ == 1
isAdmin = isinstance(_, (float, six.integer_types)) and _ == 1
else:
errMsg = "sqlmap is not able to check if you are running it "
errMsg += "as an administrator account on this platform. "
@@ -3318,6 +3353,8 @@ def unArrayizeValue(value):
>>> unArrayizeValue(['1'])
'1'
>>> unArrayizeValue(['1', '2'])
'1'
"""
if isListLike(value):
@@ -3326,8 +3363,8 @@ def unArrayizeValue(value):
elif len(value) == 1 and not isListLike(value[0]):
value = value[0]
else:
_ = filter(lambda _: _ is not None, (_ for _ in flattenValue(value)))
value = _[0] if len(_) > 0 else None
value = [_ for _ in flattenValue(value) if _ is not None]
value = value[0] if len(value) > 0 else None
return value
@@ -3459,7 +3496,7 @@ def decodeIntToUnicode(value):
elif Backend.isDbms(DBMS.MSSQL):
retVal = getUnicode(raw, "UTF-16-BE")
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.ORACLE):
retVal = unichr(value)
retVal = six.unichr(value)
else:
retVal = getUnicode(raw, conf.encoding)
else:
@@ -3600,7 +3637,7 @@ def createGithubIssue(errMsg, excMsg):
choice = None
if choice:
ex = None
_excMsg = None
errMsg = errMsg[errMsg.find("\n"):]
req = _urllib.request.Request(url="https://api.github.com/search/issues?q=%s" % _urllib.parse.quote("repo:sqlmapproject/sqlmap Unhandled exception (#%s)" % key))
@@ -3621,12 +3658,13 @@ def createGithubIssue(errMsg, excMsg):
pass
data = {"title": "Unhandled exception (#%s)" % key, "body": "```%s\n```\n```\n%s```" % (errMsg, excMsg)}
req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=json.dumps(data), headers={"Authorization": "token %s" % GITHUB_REPORT_OAUTH_TOKEN.decode("base64")})
req = _urllib.request.Request(url="https://api.github.com/repos/sqlmapproject/sqlmap/issues", data=json.dumps(data), headers={"Authorization": "token %s" % decodeBase64(GITHUB_REPORT_OAUTH_TOKEN, binary=False)})
try:
content = _urllib.request.urlopen(req).read()
except Exception as ex:
content = None
_excMsg = getSafeExString(ex)
issueUrl = re.search(r"https://github.com/sqlmapproject/sqlmap/issues/\d+", content or "")
if issueUrl:
@@ -3640,8 +3678,8 @@ def createGithubIssue(errMsg, excMsg):
pass
else:
warnMsg = "something went wrong while creating a Github issue"
if ex:
warnMsg += " ('%s')" % getSafeExString(ex)
if _excMsg:
warnMsg += " ('%s')" % _excMsg
if "Unauthorized" in warnMsg:
warnMsg += ". Please update to the latest revision"
logger.warn(warnMsg)
@@ -4403,7 +4441,7 @@ def checkSystemEncoding():
warnMsg = "temporary switching to charset 'cp1256'"
logger.warn(warnMsg)
reload(sys)
_reload_module(sys)
sys.setdefaultencoding("cp1256")
def evaluateCode(code, variables=None):
@@ -4741,7 +4779,7 @@ def splitFields(fields, delimiter=','):
commas.extend(zeroDepthSearch(fields, ','))
commas = sorted(commas)
return [fields[x + 1:y] for (x, y) in zip(commas, commas[1:])]
return [fields[x + 1:y] for (x, y) in _zip(commas, commas[1:])]
def pollProcess(process, suppress_errors=False):
"""
@@ -4807,7 +4845,7 @@ def parseRequestFile(reqFile, checkParams=True):
for match in re.finditer(BURP_XML_HISTORY_REGEX, content, re.I | re.S):
port, request = match.groups()
try:
request = request.decode("base64")
request = decodeBase64(request, binary=False)
except binascii.Error:
continue
_ = re.search(r"%s:.+" % re.escape(HTTP_HEADER.HOST), request)

34
lib/core/compat.py
View File

@@ -6,6 +6,7 @@ See the file 'LICENSE' for copying permission
"""
import binascii
import math
import os
import random
import uuid
@@ -163,13 +164,44 @@ class WichmannHill(random.Random):
self.__whseed(x, y, z)
def patchHeaders(headers):
if not hasattr(headers, "headers"):
if headers is not None and not hasattr(headers, "headers"):
headers.headers = ["%s: %s\r\n" % (header, headers[header]) for header in headers]
def cmp(a, b):
"""
>>> cmp("a", "b")
-1
>>> cmp(2, 1)
1
"""
if a < b:
return -1
elif a > b:
return 1
else:
return 0
# Reference: https://github.com/urllib3/urllib3/blob/master/src/urllib3/filepost.py
def choose_boundary():
return uuid.uuid4().hex
# Reference: http://python3porting.com/differences.html
def round(x, d=0):
"""
>>> round(2.0)
2.0
>>> round(2.5)
3.0
"""
p = 10 ** d
if x > 0:
return float(math.floor((x * p) + 0.5))/p
else:
return float(math.ceil((x * p) - 0.5))/p
if sys.version_info >= (3, 0):
xrange = range
else:

2
lib/core/convert.py
View File

@@ -171,7 +171,7 @@ def htmlunescape(value):
retVal = retVal.replace(code, value)
try:
retVal = re.sub(r"&#x([^ ;]+);", lambda match: unichr(int(match.group(1), 16)), retVal)
retVal = re.sub(r"&#x([^ ;]+);", lambda match: six.unichr(int(match.group(1), 16)), retVal)
except ValueError:
pass
return retVal

10
lib/core/option.py
View File

@@ -59,6 +59,7 @@ from lib.core.common import setOptimize
from lib.core.common import setPaths
from lib.core.common import singleTimeWarnMessage
from lib.core.common import urldecode
from lib.core.compat import round
from lib.core.compat import xrange
from lib.core.data import conf
from lib.core.data import kb
@@ -2096,11 +2097,14 @@ def _useWizardInterface():
choice = readInput(message, default='1')
if choice == '2':
map(lambda _: conf.__setitem__(_, True), WIZARD.INTERMEDIATE)
options = WIZARD.INTERMEDIATE
elif choice == '3':
map(lambda _: conf.__setitem__(_, True), WIZARD.ALL)
options = WIZARD.ALL
else:
map(lambda _: conf.__setitem__(_, True), WIZARD.BASIC)
options = WIZARD.BASIC
for _ in options:
conf.__setitem__(_, True)
logger.debug("muting sqlmap.. it will do the magic for you")
conf.verbose = 0

5
lib/core/settings.py
View File

@@ -15,9 +15,10 @@ import sys
from lib.core.enums import DBMS
from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS
from thirdparty import six
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.5.5"
VERSION = "1.3.5.6"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -839,7 +840,7 @@ for key, value in os.environ.items():
def _reversible(ex):
if isinstance(ex, UnicodeDecodeError):
if INVALID_UNICODE_PRIVATE_AREA:
return (u"".join(unichr(int('000f00%2x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end)
return (u"".join(six.unichr(int('000f00%2x' % (_ if isinstance(_, int) else ord(_)), 16)) for _ in ex.object[ex.start:ex.end]), ex.end)
else:
return (u"".join(INVALID_UNICODE_CHAR_FORMAT % (_ if isinstance(_, int) else ord(_)) for _ in ex.object[ex.start:ex.end]), ex.end)

1
lib/core/testing.py
View File

@@ -26,6 +26,7 @@ from lib.core.common import getUnicode
from lib.core.common import randomStr
from lib.core.common import readXmlFile
from lib.core.common import shellExec
from lib.core.compat import round
from lib.core.data import conf
from lib.core.data import logger
from lib.core.data import paths

4
lib/core/threads.py
View File

@@ -155,7 +155,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
try:
thread.start()
except Exception as ex:
errMsg = "error occurred while starting new thread ('%s')" % ex.message
errMsg = "error occurred while starting new thread ('%s')" % ex
logger.critical(errMsg)
break
@@ -191,7 +191,7 @@ def runThreads(numThreads, threadFunction, cleanupFunction=None, forwardExceptio
except (SqlmapConnectionException, SqlmapValueException) as ex:
print()
kb.threadException = True
logger.error("thread %s: %s" % (threading.currentThread().getName(), ex.message))
logger.error("thread %s: '%s'" % (threading.currentThread().getName(), ex))
if conf.get("verbose") > 1:
traceback.print_exc()

4
lib/core/update.py
View File

@@ -12,7 +12,6 @@ import shutil
import subprocess
import sys
import time
import urllib
import zipfile
from lib.core.common import dataToStdout
@@ -29,6 +28,7 @@ from lib.core.settings import IS_WIN
from lib.core.settings import VERSION
from lib.core.settings import ZIPBALL_PAGE
from lib.core.settings import UNICODE_ENCODING
from thirdparty.six.moves import urllib as _urllib
def update():
if not conf.updateAll:
@@ -71,7 +71,7 @@ def update():
logger.error(errMsg)
else:
try:
archive = urllib.urlretrieve(ZIPBALL_PAGE)[0]
archive = _urllib.request.urlretrieve(ZIPBALL_PAGE)[0]
with zipfile.ZipFile(archive) as f:
for info in f.infolist():