PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

refactoring regarding injection place (more left)

Browse Source
This commit is contained in:
Miroslav Stampar
2010-11-08 08:02:36 +00:00
parent 0482e02c37
commit 8e44aa605a
6 changed files with 47 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/core/agent.py
View File

@@ -21,6 +21,7 @@ from lib.core.data import kb
from lib.core.data import queries
from lib.core.datatype import advancedDict
from lib.core.exception import sqlmapNoneDataException
from lib.core.place import PLACE
from lib.core.settings import DBMS
from lib.core.settings import PAYLOAD_DELIMITER
@@ -69,7 +70,7 @@ class Agent:
falseValue = " AND %d=%d" % (randInt, randInt + 1)
# After identifing the injectable parameter
if kb.injPlace == "User-Agent":
if kb.injPlace == PLACE.UA:
retValue = kb.injParameter.replace(kb.injParameter,
self.addPayloadDelimiters("%s%s" % (negValue, kb.injParameter + falseValue + newValue)))
elif kb.injParameter:
@@ -77,7 +78,7 @@ class Agent:
paramDict = conf.paramDict[kb.injPlace]
value = paramDict[kb.injParameter]
if "POSTxml" in conf.paramDict and kb.injPlace == "POST":
if "POSTxml" in conf.paramDict and kb.injPlace == PLACE.POST:
root = ET.XML(paramString)
iterator = root.getiterator(kb.injParameter)
@@ -85,7 +86,7 @@ class Agent:
child.text = self.addPayloadDelimiters(negValue + value + falseValue + newValue)
retValue = ET.tostring(root)
elif kb.injPlace == "URI":
elif kb.injPlace == PLACE.URI:
retValue = paramString.replace("*",
self.addPayloadDelimiters("%s%s" % (negValue, falseValue + newValue)))
else:
@@ -93,14 +94,14 @@ class Agent:
"%s=%s" % (kb.injParameter, self.addPayloadDelimiters(negValue + value + falseValue + newValue)))
# Before identifing the injectable parameter
elif parameter == "User-Agent":
elif parameter == PLACE.UA:
retValue = value.replace(value, self.addPayloadDelimiters(newValue))
elif place == "URI":
elif place == PLACE.URI:
retValue = value.replace("*", self.addPayloadDelimiters("%s" % newValue.replace(value, str())))
else:
paramString = conf.parameters[place]
if "POSTxml" in conf.paramDict and place == "POST":
if "POSTxml" in conf.paramDict and place == PLACE.POST:
root = ET.XML(paramString)
iterator = root.getiterator(parameter)

5
lib/core/common.py
View File

@@ -49,6 +49,7 @@ from lib.core.exception import sqlmapNoneDataException
from lib.core.exception import sqlmapMissingDependence
from lib.core.exception import sqlmapSyntaxException
from lib.core.optiondict import optDict
from lib.core.place import PLACE
from lib.core.settings import DBMS
from lib.core.settings import DESCRIPTION
from lib.core.settings import IS_WIN
@@ -135,7 +136,7 @@ def paramToDict(place, parameters=None):
if place is not "POSTxml":
parameters = parameters.replace(", ", ",")
if place == "Cookie":
if place == PLACE.COOKIE:
splitParams = parameters.split(";")
else:
splitParams = parameters.split("&")
@@ -797,7 +798,7 @@ def parseTargetUrl():
conf.port = 80
if __urlSplit[3]:
conf.parameters["GET"] = __urlSplit[3]
conf.parameters[PLACE.GET] = __urlSplit[3]
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)

15
lib/core/place.py Normal file
View File

@@ -0,0 +1,15 @@
#!/usr/bin/env python
"""
$Id$
Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""
class PLACE:
GET = "GET"
POST = "POST"
URI = "URI"
COOKIE = "Cookie"
UA = "User-Agent"

3
lib/core/session.py
View File

@@ -15,6 +15,7 @@ from lib.core.common import readInput
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.core.place import PLACE
from lib.core.settings import MSSQL_ALIASES
from lib.core.settings import MYSQL_ALIASES
from lib.core.settings import PGSQL_ALIASES
@@ -74,7 +75,7 @@ def setInjection():
session file.
"""
if kb.injPlace == "User-Agent":
if kb.injPlace == PLACE.UA:
kb.injParameter = conf.agent
condition = (