Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 36f3fd7

Browse files
stamparmstamparm
committed
Update for an Issue #2616 
1 parent 7d147f6 commit 36f3fd7

8 files changed

Lines changed: 75 additions & 75 deletions

File tree

lib/core/agent.py

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,6 @@
3636
from lib.core.exception import SqlmapNoneDataException
3737
from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
3838
from lib.core.settings import BOUNDED_INJECTION_MARKER
39-
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
4039
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
4140
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
4241
from lib.core.settings import GENERIC_SQL_COMMENT
@@ -101,7 +100,7 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
101100
if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue:
102101
paramString = origValue
103102
if place == PLACE.URI:
104-
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
103+
origValue = origValue.split(kb.customInjectionMark)[0]
105104
else:
106105
origValue = filter(None, (re.search(_, origValue.split(BOUNDED_INJECTION_MARKER)[0]) for _ in (r"\w+\Z", r"[^\"'><]+\Z", r"[^ ]+\Z")))[0].group(0)
107106
origValue = origValue[origValue.rfind('/') + 1:]
@@ -110,7 +109,7 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
110109
origValue = origValue[origValue.rfind(char) + 1:]
111110
elif place == PLACE.CUSTOM_POST:
112111
paramString = origValue
113-
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
112+
origValue = origValue.split(kb.customInjectionMark)[0]
114113
if kb.postHint in (POST_HINT.SOAP, POST_HINT.XML):
115114
origValue = origValue.split('>')[-1]
116115
elif kb.postHint in (POST_HINT.JSON, POST_HINT.JSON_LIKE):
@@ -120,7 +119,7 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
120119
origValue = _.split('=', 1)[1] if '=' in _ else ""
121120
elif place == PLACE.CUSTOM_HEADER:
122121
paramString = origValue
123-
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
122+
origValue = origValue.split(kb.customInjectionMark)[0]
124123
origValue = origValue[origValue.find(',') + 1:]
125124
match = re.search(r"([^;]+)=(?P<value>[^;]+);?\Z", origValue)
126125
if match:
@@ -159,14 +158,14 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
159158
newValue = self.cleanupPayload(newValue, origValue)
160159

161160
if place in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
162-
_ = "%s%s" % (origValue, CUSTOM_INJECTION_MARK_CHAR)
161+
_ = "%s%s" % (origValue, kb.customInjectionMark)
163162
if kb.postHint == POST_HINT.JSON and not isNumber(newValue) and not '"%s"' % _ in paramString:
164163
newValue = '"%s"' % newValue
165164
elif kb.postHint == POST_HINT.JSON_LIKE and not isNumber(newValue) and not "'%s'" % _ in paramString:
166165
newValue = "'%s'" % newValue
167-
newValue = newValue.replace(CUSTOM_INJECTION_MARK_CHAR, REPLACEMENT_MARKER)
166+
newValue = newValue.replace(kb.customInjectionMark, REPLACEMENT_MARKER)
168167
retVal = paramString.replace(_, self.addPayloadDelimiters(newValue))
169-
retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(REPLACEMENT_MARKER, CUSTOM_INJECTION_MARK_CHAR)
168+
retVal = retVal.replace(kb.customInjectionMark, "").replace(REPLACEMENT_MARKER, kb.customInjectionMark)
170169
elif BOUNDED_INJECTION_MARKER in paramDict[parameter]:
171170
_ = "%s%s" % (origValue, BOUNDED_INJECTION_MARKER)
172171
retVal = "%s=%s" % (re.sub(r" (\#\d\*|\(.+\))\Z", "", parameter), paramString.replace(_, self.addPayloadDelimiters(newValue)))

lib/core/common.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,8 @@
9797
from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
9898
from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES
9999
from lib.core.settings import BRUTE_DOC_ROOT_TARGET_MARK
100-
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
101100
from lib.core.settings import DBMS_DIRECTORY_DICT
101+
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
102102
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
103103
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
104104
from lib.core.settings import DEFAULT_MSSQL_SCHEMA
@@ -654,7 +654,7 @@ def walk(head, current=None):
654654
except Exception:
655655
pass
656656

657-
_ = re.sub(regex, "\g<1>%s\g<%d>" % (CUSTOM_INJECTION_MARK_CHAR, len(match.groups())), testableParameters[parameter])
657+
_ = re.sub(regex, "\g<1>%s\g<%d>" % (kb.customInjectionMark, len(match.groups())), testableParameters[parameter])
658658
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
659659
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % getUnicode(_)
660660

@@ -1394,7 +1394,7 @@ def parseTargetUrl():
13941394
else:
13951395
conf.url = "http://" + conf.url
13961396

1397-
if CUSTOM_INJECTION_MARK_CHAR in conf.url:
1397+
if kb.customInjectionMark in conf.url:
13981398
conf.url = conf.url.replace('?', URI_QUESTION_MARKER)
13991399

14001400
try:
@@ -1412,7 +1412,7 @@ def parseTargetUrl():
14121412
conf.hostname = hostnamePort[0].strip()
14131413

14141414
conf.ipv6 = conf.hostname != conf.hostname.strip("[]")
1415-
conf.hostname = conf.hostname.strip("[]").replace(CUSTOM_INJECTION_MARK_CHAR, "")
1415+
conf.hostname = conf.hostname.strip("[]").replace(kb.customInjectionMark, "")
14161416

14171417
try:
14181418
_ = conf.hostname.encode("idna")
@@ -1453,7 +1453,7 @@ def parseTargetUrl():
14531453
debugMsg = "setting the HTTP Referer header to the target URL"
14541454
logger.debug(debugMsg)
14551455
conf.httpHeaders = [_ for _ in conf.httpHeaders if _[0] != HTTP_HEADER.REFERER]
1456-
conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url.replace(CUSTOM_INJECTION_MARK_CHAR, "")))
1456+
conf.httpHeaders.append((HTTP_HEADER.REFERER, conf.url.replace(kb.customInjectionMark, "")))
14571457

14581458
if not conf.host and (intersect(HOST_ALIASES, conf.testParameter, True) or conf.level >= 5):
14591459
debugMsg = "setting the HTTP Host header to the target URL"

lib/core/option.py

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@
110110
from lib.core.settings import DEFAULT_TOR_HTTP_PORTS
111111
from lib.core.settings import DEFAULT_TOR_SOCKS_PORTS
112112
from lib.core.settings import DUMMY_URL
113-
from lib.core.settings import INJECT_HERE_MARK
113+
from lib.core.settings import INJECT_HERE_REGEX
114114
from lib.core.settings import IS_WIN
115115
from lib.core.settings import KB_CHARS_BOUNDARY_CHAR
116116
from lib.core.settings import KB_CHARS_LOW_FREQUENCY_ALPHABET
@@ -280,7 +280,7 @@ def _parseBurpLog(content):
280280
method = match.group(1)
281281
url = match.group(2)
282282

283-
if any(_ in line for _ in ('?', '=', CUSTOM_INJECTION_MARK_CHAR)):
283+
if any(_ in line for _ in ('?', '=', kb.customInjectionMark)):
284284
params = True
285285

286286
getPostReq = True
@@ -320,7 +320,7 @@ def _parseBurpLog(content):
320320
elif key not in (HTTP_HEADER.PROXY_CONNECTION, HTTP_HEADER.CONNECTION):
321321
headers.append((getUnicode(key), getUnicode(value)))
322322

323-
if CUSTOM_INJECTION_MARK_CHAR in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or ""):
323+
if kb.customInjectionMark in re.sub(PROBLEMATIC_CUSTOM_INJECTION_PATTERNS, "", value or ""):
324324
params = True
325325

326326
data = data.rstrip("\r\n") if data else data
@@ -593,7 +593,7 @@ def _setBulkMultipleTargets():
593593

594594
found = False
595595
for line in getFileItems(conf.bulkFile):
596-
if re.match(r"[^ ]+\?(.+)", line, re.I) or CUSTOM_INJECTION_MARK_CHAR in line:
596+
if re.match(r"[^ ]+\?(.+)", line, re.I) or kb.customInjectionMark in line:
597597
found = True
598598
kb.targets.add((line.strip(), conf.method, conf.data, conf.cookie, None))
599599

@@ -1685,11 +1685,13 @@ def _cleanupOptions():
16851685
if conf.optimize:
16861686
setOptimize()
16871687

1688-
if conf.data:
1689-
conf.data = re.sub("(?i)%s" % INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.data)
1688+
match = re.search(INJECT_HERE_REGEX, conf.data or "")
1689+
if match:
1690+
kb.customInjectionMark = match.group(0)
16901691

1691-
if conf.url:
1692-
conf.url = re.sub("(?i)%s" % INJECT_HERE_MARK.replace(" ", r"[^A-Za-z]*"), CUSTOM_INJECTION_MARK_CHAR, conf.url)
1692+
match = re.search(INJECT_HERE_REGEX, conf.url or "")
1693+
if match:
1694+
kb.customInjectionMark = match.group(0)
16931695

16941696
if conf.os:
16951697
conf.os = conf.os.capitalize()
@@ -1894,6 +1896,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
18941896
kb.connErrorCounter = 0
18951897
kb.cookieEncodeChoice = None
18961898
kb.counters = {}
1899+
kb.customInjectionMark = CUSTOM_INJECTION_MARK_CHAR
18971900
kb.data = AttribDict()
18981901
kb.dataOutputFlag = False
18991902

lib/core/settings.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.1.7.16"
22+
VERSION = "1.1.7.17"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -366,7 +366,7 @@
366366
CUSTOM_INJECTION_MARK_CHAR = '*'
367367

368368
# Other way to declare injection position
369-
INJECT_HERE_MARK = '%INJECT HERE%'
369+
INJECT_HERE_REGEX = '(?i)%INJECT[_ ]?HERE%'
370370

371371
# Minimum chunk length used for retrieving data over error based payloads
372372
MIN_ERROR_CHUNK_LENGTH = 8
@@ -478,7 +478,7 @@
478478
# Extensions skipped by crawler
479479
CRAWL_EXCLUDE_EXTENSIONS = ("3ds", "3g2", "3gp", "7z", "DS_Store", "a", "aac", "adp", "ai", "aif", "aiff", "apk", "ar", "asf", "au", "avi", "bak", "bin", "bk", "bmp", "btif", "bz2", "cab", "caf", "cgm", "cmx", "cpio", "cr2", "dat", "deb", "djvu", "dll", "dmg", "dmp", "dng", "doc", "docx", "dot", "dotx", "dra", "dsk", "dts", "dtshd", "dvb", "dwg", "dxf", "ear", "ecelp4800", "ecelp7470", "ecelp9600", "egg", "eol", "eot", "epub", "exe", "f4v", "fbs", "fh", "fla", "flac", "fli", "flv", "fpx", "fst", "fvt", "g3", "gif", "gz", "h261", "h263", "h264", "ico", "ief", "image", "img", "ipa", "iso", "jar", "jpeg", "jpg", "jpgv", "jpm", "jxr", "ktx", "lvp", "lz", "lzma", "lzo", "m3u", "m4a", "m4v", "mar", "mdi", "mid", "mj2", "mka", "mkv", "mmr", "mng", "mov", "movie", "mp3", "mp4", "mp4a", "mpeg", "mpg", "mpga", "mxu", "nef", "npx", "o", "oga", "ogg", "ogv", "otf", "pbm", "pcx", "pdf", "pea", "pgm", "pic", "png", "pnm", "ppm", "pps", "ppt", "pptx", "ps", "psd", "pya", "pyc", "pyo", "pyv", "qt", "rar", "ras", "raw", "rgb", "rip", "rlc", "rz", "s3m", "s7z", "scm", "scpt", "sgi", "shar", "sil", "smv", "so", "sub", "swf", "tar", "tbz2", "tga", "tgz", "tif", "tiff", "tlz", "ts", "ttf", "uvh", "uvi", "uvm", "uvp", "uvs", "uvu", "viv", "vob", "war", "wav", "wax", "wbmp", "wdp", "weba", "webm", "webp", "whl", "wm", "wma", "wmv", "wmx", "woff", "woff2", "wvx", "xbm", "xif", "xls", "xlsx", "xlt", "xm", "xpi", "xpm", "xwd", "xz", "z", "zip", "zipx")
480480

481-
# Patterns often seen in HTTP headers containing custom injection marking character
481+
# Patterns often seen in HTTP headers containing custom injection marking character '*'
482482
PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"
483483

484484
# Template used for common table existence check

0 commit comments

Comments
 (0)