PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 22:21:30 +00:00
Code Issues Projects Releases Wiki Activity

Implemented a better way to deal with % characters in parameters' value. Minor code restyle.

Browse Source
This commit is contained in:
Bernardo Damele
2008-10-16 15:31:02 +00:00
parent d664f0387e
commit a5b2366033
8 changed files with 30 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/common.py
View File

@@ -229,6 +229,9 @@ def dataToStdout(data):
def dataToSessionFile(data):
if not conf.sessionFile:
return
conf.sessionFP.write(data)
conf.sessionFP.flush()
@@ -494,7 +497,7 @@ def parseTargetUrl():
conf.port = 80
if __urlSplit[3]:
conf.parameters["GET"] = __urlSplit[3]
conf.parameters["GET"] = __urlSplit[3].replace("%", "%%")
conf.url = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, conf.path)

27
lib/core/session.py
View File

@@ -40,9 +40,8 @@ def setString():
"""
condition = (
conf.sessionFile and ( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("String") ) )
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("String") )
)
if condition:
@@ -59,8 +58,7 @@ def setInjection():
kb.injParameter = conf.agent
condition = (
kb.injPlace and kb.injParameter and
conf.sessionFile and ( not kb.resumedQueries
kb.injPlace and kb.injParameter and ( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
( not kb.resumedQueries[conf.url].has_key("Injection point")
or not kb.resumedQueries[conf.url].has_key("Injection parameter")
@@ -82,9 +80,8 @@ def setParenthesis(parenthesisCount):
"""
condition = (
conf.sessionFile and ( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Parenthesis") ) )
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Parenthesis") )
)
if condition:
@@ -101,9 +98,9 @@ def setDbms(dbms):
"""
condition = (
conf.sessionFile and ( not kb.resumedQueries
not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("DBMS") ) )
not kb.resumedQueries[conf.url].has_key("DBMS") )
)
if condition:
@@ -133,11 +130,10 @@ def setUnion(comment=None, count=None, position=None):
if comment and count:
condition = (
conf.sessionFile and ( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
( not kb.resumedQueries[conf.url].has_key("Union comment")
or not kb.resumedQueries[conf.url].has_key("Union count")
) ) )
) )
)
if condition:
@@ -149,10 +145,9 @@ def setUnion(comment=None, count=None, position=None):
elif position:
condition = (
conf.sessionFile and ( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
( not kb.resumedQueries[conf.url].has_key("Union position")
) ) )
) )
)
if condition:

6
lib/core/target.py
View File

@@ -66,7 +66,7 @@ def __setRequestParams():
raise sqlmapSyntaxException, errMsg
if conf.data:
conf.parameters["POST"] = conf.data
conf.parameters["POST"] = conf.data.replace("%", "%%")
__paramDict = paramToDict("POST", conf.data)
if __paramDict:
@@ -75,7 +75,7 @@ def __setRequestParams():
# Perform checks on Cookie parameters
if conf.cookie:
conf.parameters["Cookie"] = conf.cookie
conf.parameters["Cookie"] = conf.cookie.replace("%", "%%")
__paramDict = paramToDict("Cookie", conf.cookie)
if __paramDict:
@@ -86,7 +86,7 @@ def __setRequestParams():
if conf.httpHeaders:
for httpHeader, headerValue in conf.httpHeaders:
if httpHeader == "User-Agent":
conf.parameters["User-Agent"] = headerValue
conf.parameters["User-Agent"] = headerValue.replace("%", "%%")
condition = not conf.testParameter
condition |= "User-Agent" in conf.testParameter