Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4ce3abc

Browse files
bdamelebdamele
committed
Minor adjustments
1 parent 1a764e1 commit 4ce3abc

3 files changed

Lines changed: 24 additions & 21 deletions

File tree

lib/core/common.py

Lines changed: 18 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -840,7 +840,7 @@ def directoryPath(path):
840840
else:
841841
retVal = ntpath.dirname(path)
842842
return retVal
843-
843+
844844
def normalizePath(path):
845845
retVal = None
846846
if path.find('/') != -1:
@@ -850,18 +850,22 @@ def normalizePath(path):
850850
return retVal
851851

852852
def safeStringFormat(formatStr, params):
853-
index = 0
854-
count = 0
855-
856853
retVal = formatStr.replace('%d', '%s')
857-
858-
while index !=- 1:
859-
index = retVal.find('%s')
860-
if index != -1:
861-
if count < len(params):
862-
retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
863-
else:
864-
raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
865-
count += 1
866-
854+
855+
if isinstance(params, str):
856+
retVal = retVal.replace("%s", params)
857+
else:
858+
count = 0
859+
index = 0
860+
861+
while index != -1:
862+
index = retVal.find('%s')
863+
864+
if index != -1:
865+
if count < len(params):
866+
retVal = retVal[:index] + str(params[count]) + retVal[index+2:]
867+
else:
868+
raise sqlmapNoneDataException, "wrong number of parameters during string formatting"
869+
count += 1
870+
867871
return retVal

lib/techniques/inband/union/test.py

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,6 @@
2424

2525
from lib.core.agent import agent
2626
from lib.core.common import randomStr
27-
from lib.core.common import safeStringFormat
2827
from lib.core.data import conf
2928
from lib.core.data import kb
3029
from lib.core.data import logger
@@ -122,7 +121,7 @@ def __forgeUserFriendlyValue(payload):
122121
value = ""
123122

124123
if kb.injPlace == "GET":
125-
value = safeStringFormat("%s?%s", (conf.url, payload))
124+
value = "%s?%s" % (conf.url, payload)
126125
elif kb.injPlace == "POST":
127126
value = "URL:\t'%s'" % conf.url
128127
value += "\nPOST:\t'%s'\n" % payload
@@ -203,7 +202,7 @@ def unionTest():
203202
technique = "NULL bruteforcing"
204203

205204
infoMsg = "testing inband sql injection on parameter "
206-
infoMsg += safeStringFormat("'%s' with %s technique", (kb.injParameter, technique))
205+
infoMsg += "'%s' with %s technique" % (kb.injParameter, technique)
207206
logger.info(infoMsg)
208207

209208
value = ""

lib/utils/resume.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ def queryOutputLength(expression, payload):
7575
if output:
7676
return 0, output, regExpr
7777

78-
dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], lengthExpr)))
78+
dataToSessionFile("[%s][%s][%s][%s][" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], lengthExpr))
7979

8080
lengthExprUnescaped = unescaper.unescape(lengthExpr)
8181
count, length = bisection(payload, lengthExprUnescaped)
@@ -145,15 +145,15 @@ def resume(expression, payload):
145145
infoMsg += "%s" % resumedValue.split("\n")[0]
146146
logger.info(infoMsg)
147147

148-
dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][%s]\n", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue)))
148+
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
149149

150150
return resumedValue
151151
elif len(resumedValue) < int(length):
152152
infoMsg = "resumed from file '%s': " % conf.sessionFile
153153
infoMsg += "%s..." % resumedValue.split("\n")[0]
154154
logger.info(infoMsg)
155155

156-
dataToSessionFile(safeStringFormat("[%s][%s][%s][%s][%s", (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue)))
156+
dataToSessionFile("[%s][%s][%s][%s][%s" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, resumedValue))
157157

158158
if select:
159159
newExpr = expression.replace(regExpr, safeStringFormat(substringQuery, (regExpr, len(resumedValue) + 1, int(length))), 1)
@@ -176,6 +176,6 @@ def resume(expression, payload):
176176

177177
return None
178178

179-
return safeStringFormat("%s%s", (resumedValue, finalValue))
179+
return "%s%s" % (resumedValue, finalValue)
180180

181181
return None

0 commit comments

Comments
 (0)