sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug whe…

…n verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.
haylesr · Jan 2, 2010 · ce022a3 · ce022a3
1 parent d55175a
commit ce022a3
Show file tree

Hide file tree

Showing 62 changed files with 563 additions and 1,022 deletions.
diff --git a/extra/dbgtool/dbgtool.py b/extra/dbgtool/dbgtool.py
@@ -1,36 +1,33 @@
 #!/usr/bin/env python
 
 """
-dbgtool.py - Portable executable to ASCII debug script converter
-Copyright (C) 2009  Bernardo Damele A. G.
-web: http://bernardodamele.blogspot.com/
-email: [email protected]
-
-This library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Lesser General Public
-License as published by the Free Software Foundation; either
-version 2.1 of the License, or (at your option) any later version.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public
-License along with this library; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+dbgtool.py - Portable executable to ASCII debug script converter
+Copyright (C) 2009  Bernardo Damele A. G.
+web: http://bernardodamele.blogspot.com/
+email: [email protected]
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import os
 import sys
 import struct
 
 from optparse import OptionError
 from optparse import OptionParser
 
-
 def convert(inputFile):
     fileStat = os.stat(inputFile)
     fileSize = fileStat.st_size
@@ -73,8 +70,7 @@ def convert(inputFile):
     script += "w\r\nq\r\n"
 
     return script
-
-
+
 def main(inputFile, outputFile):
     if not os.path.isfile(inputFile):
         print 'ERROR: the provided input file \'%s\' is not a regular file' % inputFile
@@ -89,8 +85,7 @@ def main(inputFile, outputFile):
         sys.stdout.close()
     else:
         print script
-
-
+
 if __name__ == '__main__':
     usage = '%s -i <input file> [-o <output file>]' % sys.argv[0]
     parser  = OptionParser(usage=usage, version='0.1')

diff --git a/lib/contrib/magic.py b/lib/contrib/magic.py
@@ -10,8 +10,6 @@
 License: PSF (http://www.python.org/psf/license/)
 """
 
-
-
 import os.path
 import ctypes
 import ctypes.util
@@ -42,7 +40,6 @@ def __init__(self, mime=False, magic_file=None):
 
         magic_load(self.cookie, magic_file)
 
-
     def from_buffer(self, buf):
         """
         Identify the contents of `buf`
@@ -66,7 +63,6 @@ def __del__(self):
         except Exception, _:
             pass
 
-
 _magic_mime = None
 _magic = None
 
@@ -96,8 +92,6 @@ def from_buffer(buffer, mime=False):
     m = _get_magic_type(mime)
     return m.from_buffer(buffer)
 
-
-
 try:
     libmagic = ctypes.CDLL(ctypes.util.find_library('magic'))
 
@@ -132,17 +126,14 @@ def errorcheck(result, func, args):
     magic_file.argtypes = [magic_t, c_char_p]
     magic_file.errcheck = errorcheck
 
-
     _magic_buffer = libmagic.magic_buffer
     _magic_buffer.restype = c_char_p
     _magic_buffer.argtypes = [magic_t, c_void_p, c_size_t]
     _magic_buffer.errcheck = errorcheck
 
-
     def magic_buffer(cookie, buf):
         return _magic_buffer(cookie, buf, len(buf))
 
-
     magic_load = libmagic.magic_load
     magic_load.restype = c_int
     magic_load.argtypes = [magic_t, c_char_p]
@@ -162,7 +153,6 @@ def magic_buffer(cookie, buf):
 except:
     pass
 
-
 MAGIC_NONE = 0x000000 # No flags
 
 MAGIC_DEBUG = 0x000001 # Turn on debugging

diff --git a/lib/contrib/multipartpost.py b/lib/contrib/multipartpost.py
@@ -22,8 +22,6 @@
 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 import mimetools
 import mimetypes
 import os
@@ -39,7 +37,6 @@ class Callable:
     def __init__(self, anycallable):
         self.__call__ = anycallable
 
-
 # Controls how sequences are uncoded. If true, elements may be given
 # multiple values by assigning a sequence.
 doseq = 1
@@ -50,9 +47,11 @@ class MultipartPostHandler(urllib2.BaseHandler):
 
     def http_request(self, request):
         data = request.get_data()
+
         if data is not None and type(data) != str:
             v_files = []
             v_vars = []
+
             try:
                 for(key, value) in data.items():
                     if type(value) == file:
@@ -75,16 +74,18 @@ def http_request(self, request):
             request.add_data(data)
         return request
 
-
     def multipart_encode(vars, files, boundary = None, buffer = None):
         if boundary is None:
             boundary = mimetools.choose_boundary()
+
         if buffer is None:
             buffer = ''
+
         for(key, value) in vars:
             buffer += '--%s\r\n' % boundary
             buffer += 'Content-Disposition: form-data; name="%s"' % key
             buffer += '\r\n\r\n' + value + '\r\n'
+
         for(key, fd) in files:
             file_size = os.fstat(fd.fileno())[stat.ST_SIZE]
             filename = fd.name.split('/')[-1]
@@ -95,9 +96,11 @@ def multipart_encode(vars, files, boundary = None, buffer = None):
             # buffer += 'Content-Length: %s\r\n' % file_size
             fd.seek(0)
             buffer += '\r\n' + fd.read() + '\r\n'
+
         buffer += '--%s--\r\n\r\n' % boundary
+
         return boundary, buffer
+
     multipart_encode = Callable(multipart_encode)
 
     https_request = http_request
-
diff --git a/lib/controller/action.py b/lib/controller/action.py
@@ -22,8 +22,6 @@
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 
-
-
 from lib.controller.handler import setHandler
 from lib.core.common import getHtmlErrorFp
 from lib.core.data import conf
@@ -35,7 +33,6 @@
 from lib.techniques.inband.union.test import unionTest
 from lib.techniques.outband.stacked import stackedTest
 
-
 def action():
     """
     This function exploit the SQL injection on the affected