Revamp of #3536

2025-12-06 20:51:31 +00:00 · 2019-03-19 14:07:39 +01:00
parent 340e250fb1
commit 87237c82d3
9 changed files with 72 additions and 79 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -98,7 +98,7 @@ from lib.core.exception import SqlmapUserQuitException
 from lib.core.exception import SqlmapValueException
 from lib.core.log import LOGGER_HANDLER
 from lib.core.optiondict import optDict
-from lib.core.settings import BANNER, CHUNKED_KEYWORDS
+from lib.core.settings import BANNER
 from lib.core.settings import BOLD_PATTERNS
 from lib.core.settings import BOUNDED_INJECTION_MARKER
 from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
@@ -126,6 +126,7 @@ from lib.core.settings import GITHUB_REPORT_OAUTH_TOKEN
 from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
 from lib.core.settings import HASHDB_MILESTONE_VALUE
 from lib.core.settings import HOST_ALIASES
+from lib.core.settings import HTTP_CHUNKED_SPLIT_KEYWORDS
 from lib.core.settings import IGNORE_SAVE_OPTIONS
 from lib.core.settings import INFERENCE_UNKNOWN_CHAR
 from lib.core.settings import INVALID_UNICODE_CHAR_FORMAT
@@ -4896,49 +4897,35 @@ def firstNotNone(*args):

    return retVal

-def generateChunkDdata(data):
+def chunkSplitPostData(data):
    """
-    Convert post data to chunked format data. If the keyword is in a block, the keyword will be cut.
-
-    >>> generateChunkDdata('select 1,2,3,4 from admin')
-    4;AZdYz
-    sele
-    2;fJS4D
-    ct
-    5;qbCOT
-    1,2,
-    7;KItpi
-    3,4 fro
-    2;pFu1R
-    m 
-    5;uRoYZ
-    admin
-    0
-
-
+    Convert POST data to chunked transfer-encoded data (Note: splitting done by SQL keywords)
    """
-    dl = len(data)
-    ret = ""
-    keywords = CHUNKED_KEYWORDS
+
+    length = len(data)
+    retVal = ""
    index = 0
-    while index < dl:
-        chunk_size = random.randint(1, 9)
-        if index + chunk_size >= dl:
-            chunk_size = dl - index
-        salt = ''.join(random.sample(string.ascii_letters + string.digits, 5))
-        while 1:
-            tmp_chunk = data[index:index + chunk_size]
-            tmp_bool = True
-            for k in keywords:
-                if k in tmp_chunk:
-                    chunk_size -= 1
-                    tmp_bool = False
-                    break
-            if tmp_bool:
-                break
-        index += chunk_size
-        ret += "%s;%s\r\n" % (hex(chunk_size)[2:], salt)
-        ret += "%s\r\n" % tmp_chunk

-    ret += "0\r\n\r\n"
-    return ret
+    while index < length:
+        chunkSize = randomInt(1)
+
+        if index + chunkSize >= length:
+            chunkSize = length - index
+
+        salt = randomStr(5, alphabet=string.ascii_letters + string.digits)
+
+        while chunkSize:
+            candidate = data[index:index + chunkSize]
+
+            if re.search(r"\b%s\b" % '|'.join(HTTP_CHUNKED_SPLIT_KEYWORDS), candidate, re.I):
+                chunkSize -= 1
+            else:
+                break
+
+        index += chunkSize
+        retVal += "%x;%s\r\n" % (chunkSize, salt)
+        retVal += "%s\r\n" % candidate
+
+    retVal += "0\r\n\r\n"
+
+    return retVal