Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3f6b53f

Browse files
stamparmstamparm
committed
Fixes #3515 (and reimplements #1062)
1 parent 59d9796 commit 3f6b53f

4 files changed

Lines changed: 26 additions & 29 deletions

File tree

lib/core/common.py

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
import httplib
1717
import inspect
1818
import json
19+
import keyword
1920
import locale
2021
import logging
2122
import ntpath
@@ -115,6 +116,7 @@
115116
from lib.core.settings import DUMMY_USER_INJECTION
116117
from lib.core.settings import DYNAMICITY_BOUNDARY_LENGTH
117118
from lib.core.settings import ERROR_PARSING_REGEXES
119+
from lib.core.settings import EVALCODE_ENCODED_PREFIX
118120
from lib.core.settings import FILE_PATH_REGEXES
119121
from lib.core.settings import FORCE_COOKIE_EXPIRATION_TIME
120122
from lib.core.settings import FORM_SEARCH_REGEX
@@ -4816,21 +4818,27 @@ def safeVariableNaming(value):
48164818
"""
48174819
Returns escaped safe-representation of a given variable name that can be used in Python evaluated code
48184820
4819-
>>> safeVariableNaming("foo bar")
4820-
'foo__SAFE__20bar'
4821+
>>> safeVariableNaming("class.id")
4822+
'EVAL_636c6173732e6964'
48214823
"""
48224824

4823-
return re.sub(r"[^\w]", lambda match: "%s%02x" % (SAFE_VARIABLE_MARKER, ord(match.group(0))), value)
4825+
if value in keyword.kwlist or re.search(r"\A[^a-zA-Z]|[^\w]", value):
4826+
value = "%s%s" % (EVALCODE_ENCODED_PREFIX, value.encode(UNICODE_ENCODING).encode("hex"))
4827+
4828+
return value
48244829

48254830
def unsafeVariableNaming(value):
48264831
"""
48274832
Returns unescaped safe-representation of a given variable name
48284833
4829-
>>> unsafeVariableNaming("foo__SAFE__20bar")
4830-
'foo bar'
4834+
>>> unsafeVariableNaming("EVAL_636c6173732e6964")
4835+
u'class.id'
48314836
"""
48324837

4833-
return re.sub(r"%s([0-9a-f]{2})" % SAFE_VARIABLE_MARKER, lambda match: match.group(1).decode("hex"), value)
4838+
if value.startswith(EVALCODE_ENCODED_PREFIX):
4839+
value = value[len(EVALCODE_ENCODED_PREFIX):].decode("hex").decode(UNICODE_ENCODING)
4840+
4841+
return value
48344842

48354843
def firstNotNone(*args):
48364844
"""

lib/core/settings.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.3.3.4"
22+
VERSION = "1.3.3.5"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -761,8 +761,8 @@
761761
# Reference: http://www.postgresql.org/docs/9.0/static/catalog-pg-largeobject.html
762762
LOBLKSIZE = 2048
763763

764-
# Suffix used to mark variables having keyword names
765-
EVALCODE_KEYWORD_SUFFIX = "_KEYWORD"
764+
# Prefix used to mark special variables (e.g. keywords, having special chars, etc.)
765+
EVALCODE_ENCODED_PREFIX = "EVAL_"
766766

767767
# Reference: http://www.cookiecentral.com/faq/#3.5
768768
NETSCAPE_FORMAT_HEADER_COOKIES = "# Netscape HTTP Cookie File."

lib/request/connect.py

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@
88
import binascii
99
import compiler
1010
import httplib
11-
import keyword
1211
import logging
1312
import re
1413
import socket
@@ -92,7 +91,7 @@ class WebSocketException(Exception):
9291
from lib.core.settings import DEFAULT_COOKIE_DELIMITER
9392
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
9493
from lib.core.settings import DEFAULT_USER_AGENT
95-
from lib.core.settings import EVALCODE_KEYWORD_SUFFIX
94+
from lib.core.settings import EVALCODE_ENCODED_PREFIX
9695
from lib.core.settings import HTTP_ACCEPT_HEADER_VALUE
9796
from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
9897
from lib.core.settings import MAX_CONNECTION_CHUNK_SIZE
@@ -1070,7 +1069,6 @@ def _randomizeParameter(paramString, randomParameter):
10701069
delimiter = conf.paramDel or DEFAULT_GET_POST_DELIMITER
10711070
variables = {"uri": uri, "lastPage": threadData.lastPage, "_locals": locals()}
10721071
originals = {}
1073-
keywords = keyword.kwlist
10741072

10751073
if not get and PLACE.URI in conf.parameters:
10761074
query = urlparse.urlsplit(uri).query or ""
@@ -1085,8 +1083,6 @@ def _randomizeParameter(paramString, randomParameter):
10851083
if safeVariableNaming(name) != name:
10861084
conf.evalCode = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), conf.evalCode)
10871085
name = safeVariableNaming(name)
1088-
elif name in keywords:
1089-
name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
10901086
value = urldecode(value, convall=True, spaceplus=(item == post and kb.postSpaceToPlus))
10911087
variables[name] = value
10921088

@@ -1098,8 +1094,6 @@ def _randomizeParameter(paramString, randomParameter):
10981094
if safeVariableNaming(name) != name:
10991095
conf.evalCode = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), conf.evalCode)
11001096
name = safeVariableNaming(name)
1101-
elif name in keywords:
1102-
name = "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX)
11031097
value = urldecode(value, convall=True)
11041098
variables[name] = value
11051099

@@ -1109,20 +1103,20 @@ def _randomizeParameter(paramString, randomParameter):
11091103
except SyntaxError as ex:
11101104
if ex.text:
11111105
original = replacement = ex.text.strip()
1106+
11121107
if '=' in original:
11131108
name, value = original.split('=', 1)
11141109
name = name.strip()
11151110
if safeVariableNaming(name) != name:
11161111
replacement = re.sub(r"\b%s\b" % re.escape(name), safeVariableNaming(name), replacement)
1117-
elif name in keywords:
1118-
replacement = re.sub(r"\b%s\b" % re.escape(name), "%s%s" % (name, EVALCODE_KEYWORD_SUFFIX), replacement)
11191112
else:
11201113
for _ in re.findall(r"[A-Za-z_]+", original)[::-1]:
1121-
if _ in keywords:
1122-
replacement = replacement.replace(_, "%s%s" % (_, EVALCODE_KEYWORD_SUFFIX))
1114+
if safeVariableNaming(_) != _:
1115+
replacement = replacement.replace(_, safeVariableNaming(_))
11231116
break
1117+
11241118
if original == replacement:
1125-
conf.evalCode = conf.evalCode.replace(EVALCODE_KEYWORD_SUFFIX, "")
1119+
conf.evalCode = conf.evalCode.replace(EVALCODE_ENCODED_PREFIX, "")
11261120
break
11271121
else:
11281122
conf.evalCode = conf.evalCode.replace(getUnicode(ex.text.strip(), UNICODE_ENCODING), replacement)
@@ -1135,11 +1129,6 @@ def _randomizeParameter(paramString, randomParameter):
11351129
evaluateCode(conf.evalCode, variables)
11361130

11371131
for variable in list(variables.keys()):
1138-
if variable.endswith(EVALCODE_KEYWORD_SUFFIX):
1139-
value = variables[variable]
1140-
del variables[variable]
1141-
variables[variable.replace(EVALCODE_KEYWORD_SUFFIX, "")] = value
1142-
11431132
if unsafeVariableNaming(variable) != variable:
11441133
value = variables[variable]
11451134
del variables[variable]

txt/checksum.md5

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py
3030
fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py
3131
ed7874be0d2d3802f3d20184f2b280d5 lib/core/agent.py
3232
a932126e7d80e545c5d44af178d0bc0c lib/core/bigarray.py
33-
9deec4762d61e057b6e069b2538bdcf8 lib/core/common.py
33+
8996b4b377b859dc69de323416615f2f lib/core/common.py
3434
de8d27ae6241163ff9e97aa9e7c51a18 lib/core/convert.py
3535
abcb1121eb56d3401839d14e8ed06b6e lib/core/data.py
3636
00828c4455321b6987e3f882f4ef4f92 lib/core/datatype.py
@@ -50,7 +50,7 @@ d5ef43fe3cdd6c2602d7db45651f9ceb lib/core/readlineng.py
5050
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
5151
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
5252
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
53-
918a8651a9872a33ddb04f82ac3360c3 lib/core/settings.py
53+
1cd62a025c607338eb55d673375b4444 lib/core/settings.py
5454
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
5555
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
5656
43772ea73e9e3d446f782af591cb4eda lib/core/target.py
@@ -72,7 +72,7 @@ adcecd2d6a8667b22872a563eb83eac0 lib/parse/payloads.py
7272
e4ea70bcd461f5176867dcd89d372386 lib/request/basicauthhandler.py
7373
b23163d485e0dbc038cbf1ba80be11da lib/request/basic.py
7474
fc25d951217077fe655ed2a3a81552ae lib/request/comparison.py
75-
3925fef5710ac4e96b85c808df1c2f6a lib/request/connect.py
75+
d2e7673ed4838a321b825ea1854ea2c0 lib/request/connect.py
7676
43005bd6a78e9cf0f3ed2283a1cb122e lib/request/direct.py
7777
2b7509ba38a667c61cefff036ec4ca6f lib/request/dns.py
7878
ceac6b3bf1f726f8ff43c6814e9d7281 lib/request/httpshandler.py

0 commit comments

Comments
 (0)