Skip to content

Commit ce022a3

Browse files
bdamelebdamele
committed
sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
1 parent d55175a commit ce022a3

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

62 files changed

+563
-1022
lines changed

extra/dbgtool/dbgtool.py

Lines changed: 20 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,33 @@
11
#!/usr/bin/env python
22

33
"""
4-
dbgtool.py - Portable executable to ASCII debug script converter
5-
Copyright (C) 2009 Bernardo Damele A. G.
6-
web: http://bernardodamele.blogspot.com/
7-
email: bernardo.damele@gmail.com
8-
9-
This library is free software; you can redistribute it and/or
10-
modify it under the terms of the GNU Lesser General Public
11-
License as published by the Free Software Foundation; either
12-
version 2.1 of the License, or (at your option) any later version.
13-
14-
This library is distributed in the hope that it will be useful,
15-
but WITHOUT ANY WARRANTY; without even the implied warranty of
16-
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17-
Lesser General Public License for more details.
18-
19-
You should have received a copy of the GNU Lesser General Public
20-
License along with this library; if not, write to the Free Software
21-
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
4+
dbgtool.py - Portable executable to ASCII debug script converter
5+
Copyright (C) 2009 Bernardo Damele A. G.
6+
web: http://bernardodamele.blogspot.com/
7+
email: bernardo.damele@gmail.com
8+
9+
This library is free software; you can redistribute it and/or
10+
modify it under the terms of the GNU Lesser General Public
11+
License as published by the Free Software Foundation; either
12+
version 2.1 of the License, or (at your option) any later version.
13+
14+
This library is distributed in the hope that it will be useful,
15+
but WITHOUT ANY WARRANTY; without even the implied warranty of
16+
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17+
Lesser General Public License for more details.
18+
19+
You should have received a copy of the GNU Lesser General Public
20+
License along with this library; if not, write to the Free Software
21+
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2222
"""
2323

24-
25-
2624
import os
2725
import sys
2826
import struct
2927

3028
from optparse import OptionError
3129
from optparse import OptionParser
3230

33-
3431
def convert(inputFile):
3532
fileStat = os.stat(inputFile)
3633
fileSize = fileStat.st_size
@@ -73,8 +70,7 @@ def convert(inputFile):
7370
script += "w\r\nq\r\n"
7471

7572
return script
76-
77-
73+
7874
def main(inputFile, outputFile):
7975
if not os.path.isfile(inputFile):
8076
print 'ERROR: the provided input file \'%s\' is not a regular file' % inputFile
@@ -89,8 +85,7 @@ def main(inputFile, outputFile):
8985
sys.stdout.close()
9086
else:
9187
print script
92-
93-
88+
9489
if __name__ == '__main__':
9590
usage = '%s -i <input file> [-o <output file>]' % sys.argv[0]
9691
parser = OptionParser(usage=usage, version='0.1')

lib/contrib/magic.py

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,6 @@
1010
License: PSF (http://www.python.org/psf/license/)
1111
"""
1212

13-
14-
1513
import os.path
1614
import ctypes
1715
import ctypes.util
@@ -42,7 +40,6 @@ def __init__(self, mime=False, magic_file=None):
4240

4341
magic_load(self.cookie, magic_file)
4442

45-
4643
def from_buffer(self, buf):
4744
"""
4845
Identify the contents of `buf`
@@ -66,7 +63,6 @@ def __del__(self):
6663
except Exception, _:
6764
pass
6865

69-
7066
_magic_mime = None
7167
_magic = None
7268

@@ -96,8 +92,6 @@ def from_buffer(buffer, mime=False):
9692
m = _get_magic_type(mime)
9793
return m.from_buffer(buffer)
9894

99-
100-
10195
try:
10296
libmagic = ctypes.CDLL(ctypes.util.find_library('magic'))
10397

@@ -132,17 +126,14 @@ def errorcheck(result, func, args):
132126
magic_file.argtypes = [magic_t, c_char_p]
133127
magic_file.errcheck = errorcheck
134128

135-
136129
_magic_buffer = libmagic.magic_buffer
137130
_magic_buffer.restype = c_char_p
138131
_magic_buffer.argtypes = [magic_t, c_void_p, c_size_t]
139132
_magic_buffer.errcheck = errorcheck
140133

141-
142134
def magic_buffer(cookie, buf):
143135
return _magic_buffer(cookie, buf, len(buf))
144136

145-
146137
magic_load = libmagic.magic_load
147138
magic_load.restype = c_int
148139
magic_load.argtypes = [magic_t, c_char_p]
@@ -162,7 +153,6 @@ def magic_buffer(cookie, buf):
162153
except:
163154
pass
164155

165-
166156
MAGIC_NONE = 0x000000 # No flags
167157

168158
MAGIC_DEBUG = 0x000001 # Turn on debugging

lib/contrib/multipartpost.py

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,6 @@
2222
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
2323
"""
2424

25-
26-
2725
import mimetools
2826
import mimetypes
2927
import os
@@ -39,7 +37,6 @@ class Callable:
3937
def __init__(self, anycallable):
4038
self.__call__ = anycallable
4139

42-
4340
# Controls how sequences are uncoded. If true, elements may be given
4441
# multiple values by assigning a sequence.
4542
doseq = 1
@@ -50,9 +47,11 @@ class MultipartPostHandler(urllib2.BaseHandler):
5047

5148
def http_request(self, request):
5249
data = request.get_data()
50+
5351
if data is not None and type(data) != str:
5452
v_files = []
5553
v_vars = []
54+
5655
try:
5756
for(key, value) in data.items():
5857
if type(value) == file:
@@ -75,16 +74,18 @@ def http_request(self, request):
7574
request.add_data(data)
7675
return request
7776

78-
7977
def multipart_encode(vars, files, boundary = None, buffer = None):
8078
if boundary is None:
8179
boundary = mimetools.choose_boundary()
80+
8281
if buffer is None:
8382
buffer = ''
83+
8484
for(key, value) in vars:
8585
buffer += '--%s\r\n' % boundary
8686
buffer += 'Content-Disposition: form-data; name="%s"' % key
8787
buffer += '\r\n\r\n' + value + '\r\n'
88+
8889
for(key, fd) in files:
8990
file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
9091
filename = fd.name.split('/')[-1]
@@ -95,9 +96,11 @@ def multipart_encode(vars, files, boundary = None, buffer = None):
9596
# buffer += 'Content-Length: %s\r\n' % file_size
9697
fd.seek(0)
9798
buffer += '\r\n' + fd.read() + '\r\n'
99+
98100
buffer += '--%s--\r\n\r\n' % boundary
101+
99102
return boundary, buffer
103+
100104
multipart_encode = Callable(multipart_encode)
101105

102106
https_request = http_request
103-

lib/controller/action.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,6 @@
2222
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
2323
"""
2424

25-
26-
2725
from lib.controller.handler import setHandler
2826
from lib.core.common import getHtmlErrorFp
2927
from lib.core.data import conf
@@ -35,7 +33,6 @@
3533
from lib.techniques.inband.union.test import unionTest
3634
from lib.techniques.outband.stacked import stackedTest
3735

38-
3936
def action():
4037
"""
4138
This function exploit the SQL injection on the affected

0 commit comments

Comments
 (0)