Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 43a3ac2

Browse files
stamparmstamparm
committed
some bug fixes
1 parent 1b3b916 commit 43a3ac2

5 files changed

Lines changed: 86 additions & 76 deletions

File tree

lib/parse/cmdline.py

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -526,7 +526,13 @@ def cmdLineParser():
526526
parser.add_option_group(windows)
527527
parser.add_option_group(miscellaneous)
528528

529-
(args, _) = parser.parse_args([utf8decode(arg) for arg in sys.argv])
529+
args = []
530+
for arg in sys.argv:
531+
try:
532+
args.append(utf8decode(arg))
533+
except:
534+
args.append(unicode(arg, sys.getfilesystemencoding()))
535+
(args, _) = parser.parse_args(args)
530536

531537
if not args.direct and not args.url and not args.list and not args.googleDork and not args.configFile\
532538
and not args.requestFile and not args.updateAll and not args.smokeTest and not args.liveTest:

lib/utils/resume.py

Lines changed: 76 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -103,104 +103,108 @@ def resume(expression, payload):
103103
This function can be called to resume part or entire output of a
104104
SQL injection query output.
105105
"""
106+
try:
107+
if "sqlmapfile" in expression or "sqlmapoutput" in expression:
108+
return None
106109

107-
if "sqlmapfile" in expression or "sqlmapoutput" in expression:
108-
return None
109-
110-
condition = (
111-
kb.resumedQueries and conf.url in kb.resumedQueries.keys()
112-
and expression in kb.resumedQueries[conf.url].keys()
113-
)
110+
condition = (
111+
kb.resumedQueries and conf.url in kb.resumedQueries.keys()
112+
and expression in kb.resumedQueries[conf.url].keys()
113+
)
114114

115-
if not condition:
116-
return None
115+
if not condition:
116+
return None
117117

118-
resumedValue = kb.resumedQueries[conf.url][expression]
118+
resumedValue = kb.resumedQueries[conf.url][expression]
119119

120-
if not resumedValue:
121-
return None
120+
if not resumedValue:
121+
return None
122122

123-
resumedValue = resumedValue.replace("__NEWLINE__", "\n").replace("__TAB__", "\t")
123+
resumedValue = resumedValue.replace("__NEWLINE__", "\n").replace("__TAB__", "\t")
124124

125-
if resumedValue[-1] == "]":
126-
resumedValue = resumedValue[:-1]
125+
if resumedValue[-1] == "]":
126+
resumedValue = resumedValue[:-1]
127127

128-
infoMsg = "read from file '%s': " % conf.sessionFile
129-
logValue = re.findall("__START__(.*?)__STOP__", resumedValue, re.S)
128+
infoMsg = "read from file '%s': " % conf.sessionFile
129+
logValue = re.findall("__START__(.*?)__STOP__", resumedValue, re.S)
130130

131-
if logValue:
132-
logValue = ", ".join([value.replace("__DEL__", ", ") for value in logValue])
133-
else:
134-
logValue = resumedValue
131+
if logValue:
132+
logValue = ", ".join([value.replace("__DEL__", ", ") for value in logValue])
133+
else:
134+
logValue = resumedValue
135135

136-
if "\n" in logValue:
137-
infoMsg += "%s..." % logValue.split("\n")[0]
138-
else:
139-
infoMsg += logValue
136+
if "\n" in logValue:
137+
infoMsg += "%s..." % logValue.split("\n")[0]
138+
else:
139+
infoMsg += logValue
140140

141-
logger.info(infoMsg)
141+
logger.info(infoMsg)
142142

143-
return resumedValue
143+
return resumedValue
144144

145-
# If we called this function without providing a payload it means that
146-
# we have called it from lib/request/inject __goInband() function
147-
# in UNION query (inband) SQL injection so we return to the calling
148-
# function so that the query output will be retrieved taking advantage
149-
# of the inband SQL injection vulnerability.
150-
if not payload:
151-
return None
145+
# If we called this function without providing a payload it means that
146+
# we have called it from lib/request/inject __goInband() function
147+
# in UNION query (inband) SQL injection so we return to the calling
148+
# function so that the query output will be retrieved taking advantage
149+
# of the inband SQL injection vulnerability.
150+
if not payload:
151+
return None
152152

153-
if not kb.dbms:
154-
return None
153+
if not kb.dbms:
154+
return None
155155

156-
substringQuery = queries[kb.dbms].substring
157-
select = re.search("\ASELECT ", expression, re.I)
156+
substringQuery = queries[kb.dbms].substring
157+
select = re.search("\ASELECT ", expression, re.I)
158158

159-
_, length, regExpr = queryOutputLength(expression, payload)
159+
_, length, regExpr = queryOutputLength(expression, payload)
160160

161-
if not length:
162-
return None
161+
if not length:
162+
return None
163163

164-
if len(resumedValue) == int(length):
165-
infoMsg = "read from file '%s': " % conf.sessionFile
166-
infoMsg += "%s" % resumedValue.split("\n")[0]
167-
logger.info(infoMsg)
164+
if len(resumedValue) == int(length):
165+
infoMsg = "read from file '%s': " % conf.sessionFile
166+
infoMsg += "%s" % resumedValue.split("\n")[0]
167+
logger.info(infoMsg)
168168

169-
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, replaceNewlineTabs(resumedValue)))
169+
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, replaceNewlineTabs(resumedValue)))
170170

171-
return resumedValue
172-
elif len(resumedValue) < int(length):
173-
infoMsg = "resumed from file '%s': " % conf.sessionFile
174-
infoMsg += "%s..." % resumedValue.split("\n")[0]
175-
logger.info(infoMsg)
171+
return resumedValue
172+
elif len(resumedValue) < int(length):
173+
infoMsg = "resumed from file '%s': " % conf.sessionFile
174+
infoMsg += "%s..." % resumedValue.split("\n")[0]
175+
logger.info(infoMsg)
176176

177-
dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, replaceNewlineTabs(resumedValue)))
177+
dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, replaceNewlineTabs(resumedValue)))
178178

179-
if select:
180-
newExpr = expression.replace(regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1)
181-
else:
182-
newExpr = safeStringFormat(substringQuery, (expression, len(resumedValue) + 1, int(length)))
179+
if select:
180+
newExpr = expression.replace(regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1)
181+
else:
182+
newExpr = safeStringFormat(substringQuery, (expression, len(resumedValue) + 1, int(length)))
183183

184-
missingCharsLength = int(length) - len(resumedValue)
184+
missingCharsLength = int(length) - len(resumedValue)
185185

186-
infoMsg = "retrieving pending %d query " % missingCharsLength
187-
infoMsg += "output characters"
188-
logger.info(infoMsg)
186+
infoMsg = "retrieving pending %d query " % missingCharsLength
187+
infoMsg += "output characters"
188+
logger.info(infoMsg)
189189

190-
start = time.time()
191-
count, finalValue = bisection(payload, newExpr, length=missingCharsLength)
190+
start = time.time()
191+
count, finalValue = bisection(payload, newExpr, length=missingCharsLength)
192192

193-
debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
194-
logger.debug(debugMsg)
193+
debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
194+
logger.debug(debugMsg)
195195

196-
if len(finalValue) != ( int(length) - len(resumedValue) ):
197-
warnMsg = "the total length of the query is not "
198-
warnMsg += "right, sqlmap is going to retrieve the "
199-
warnMsg += "query value from the beginning now"
200-
logger.warn(warnMsg)
196+
if len(finalValue) != ( int(length) - len(resumedValue) ):
197+
warnMsg = "the total length of the query is not "
198+
warnMsg += "right, sqlmap is going to retrieve the "
199+
warnMsg += "query value from the beginning now"
200+
logger.warn(warnMsg)
201201

202-
return None
202+
return None
203203

204-
return "%s%s" % (resumedValue, finalValue)
204+
return "%s%s" % (resumedValue, finalValue)
205205

206-
return None
206+
return None
207+
except:
208+
errMsg = "invalid resume value for expression: '%s'" % expression
209+
logger.error(errMsg)
210+
return None

tamper/charencode.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
value -> urlencode of nonencoded chars in value
99
"""
1010
def tamper(place, value):
11+
raise sqlmapUnsupportedFeatureException, "can't use tampering module 'charencode.py' with 'URI' type injections"
1112
retVal = value
1213
if value:
1314
if place != "URI":

tamper/randomcase.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
from lib.core.exception import sqlmapUnsupportedFeatureException
77

88
"""
9-
value -> random case of chars in value
9+
value -> chars from value with random case
1010
"""
1111
def tamper(place, value):
1212
retVal = value

tamper/space2comment.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,7 @@ def tamper(place, value):
1010
if value:
1111
if place != "URI":
1212
value = urldecode(value)
13-
while value.find(" ") > -1:
14-
value = value.replace(" ", "/**/")
13+
value = value.replace(" ", "/**/")
1514
if place != "URI":
1615
value = urlencode(value)
1716
return value

0 commit comments

Comments
 (0)