sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.

2025-12-06 04:31:30 +00:00 · 2010-01-02 02:02:12 +00:00
parent d55175a340
commit ce022a3b6e
62 changed files with 567 additions and 1026 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -22,8 +22,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """

-
-
 import re
 import time

@@ -44,7 +42,6 @@ from lib.techniques.blind.inference import bisection
 from lib.utils.resume import queryOutputLength
 from lib.utils.resume import resume

-
 def __goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None):
    start = time.time()

@@ -67,7 +64,6 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha

    return value

-
 def __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected=None, num=None, resumeValue=True, charsetType=None, firstChar=None, lastChar=None):
    outputs     = []
    origExpr    = None
@@ -87,7 +83,7 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
        else:
            expressionReplaced = expression.replace(expressionFields, field, 1)

-        if resumeValue == True:
+        if resumeValue:
            output = resume(expressionReplaced, payload)

        if not output or ( expected == "int" and not output.isdigit() ):
@@ -105,7 +101,6 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl

    return outputs

-
 def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, resumeValue=True, unpack=True, charsetType=None, firstChar=None, lastChar=None):
    """
    Retrieve the output of a SQL query characted by character taking
@@ -124,15 +119,15 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
    untilLimitChar = None
    untilOrderChar = None

-    if resumeValue == True:
+    if resumeValue:
        output = resume(expression, payload)
    else:
        output = None

-    if output and ( expected == None or ( expected == "int" and output.isdigit() ) ):
+    if output and ( expected is None or ( expected == "int" and output.isdigit() ) ):
        return output

-    if unpack == False:
+    if not unpack:
        return __goInference(payload, expression, charsetType, firstChar, lastChar)

    if kb.dbmsDetected:
@@ -205,7 +200,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
                if not stopLimit or stopLimit <= 1:
                    if kb.dbms == "Oracle" and expression.endswith("FROM DUAL"):
                        test = "n"
-                    elif batch == True:
+                    elif batch:
                        test = "y"
                    else:
                        message  = "can the SQL query provided return "
@@ -221,7 +216,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
                        untilOrderChar = countedExpression.index(" ORDER BY ")
                        countedExpression = countedExpression[:untilOrderChar]

-                    if resumeValue == True:
+                    if resumeValue:
                        count = resume(countedExpression, payload)

                    if not stopLimit:
@@ -231,7 +226,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
                        if count and count.isdigit() and int(count) > 0:
                            count = int(count)

-                            if batch == True:
+                            if batch:
                                stopLimit = count
                            else:
                                message  = "the SQL query provided can return "
@@ -314,7 +309,6 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r

    return returnValue

-
 def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=True):
    """
    Retrieve the output of a SQL query taking advantage of an inband SQL
@@ -330,7 +324,7 @@ def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=Tr
                  and expression in kb.resumedQueries[conf.url].keys()
                )

-    if condition and resumeValue == True:
+    if condition and resumeValue:
        output = resume(expression, None)

        if not output or ( expected == "int" and not output.isdigit() ):
@@ -344,7 +338,6 @@ def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=Tr

    return data

-
 def getValue(expression, blind=True, inband=True, fromUser=False, expected=None, batch=False, unpack=True, sort=True, resumeValue=True, charsetType=None, firstChar=None, lastChar=None):
    """
    Called each time sqlmap inject a SQL query on the SQL injection
@@ -382,7 +375,6 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None,

    return value

-
 def goStacked(expression, silent=False):
    expression = cleanQuery(expression)