³ò
‰ŸFc           @   s<   d  d k  Z  d  d k l Z d Z d e f d „  ƒ  YZ d S(   iÿÿÿÿN(   t	   Algorithms   0.4-rc16t   Commonc           B   sS   e  Z d  Z d „  Z e e d „ Z d d d d „ Z d „  Z d „  Z d „  Z	 RS(   sp   
    This class defines common methods used in many other parts
    of sqlmap

    @author: Bernardo Damele
    c         C   s   t  i d ƒ |  _ d  S(   Nt	   sqlmapLog(   t   loggingt	   getLoggert   logger(   t   self(    (    s4   /usr/local/www/apache22/data/stuff/sql/lib/common.pyt   __init__   s    c         C   s‘   |  i  i d j o d | } nm |  i  i d j o# | o d | } q d | } n7 |  i  i d j o# | o d | } q d | } n | S(   s«   
        This method defines how the input string has to be escaped
        to perform the injection depending on the injection method
        identified as valid
        t   numerics   %st   stringsingles   '%st   stringdoubles   "%s(   t   argst   injectionMethod(   R   t   stringt   singleStringt   doubleStringt   stm(    (    s4   /usr/local/www/apache22/data/stuff/sql/lib/common.pyt   injectionStm   s    t    c         C   s   |  i  i p. |  i  i i d | | f d | | f ƒ SnQ |  i  i |  i  i } |  i  i i d |  i  i | f d |  i  i | | f ƒ Sd S(   su   
        This method replaces the affected url parameter with the SQL
        injection statement to request
        s   %s=%sN(   R   t   injParametert   urlt   replacet
   parameters(   R   t	   parametert   valuet   newValue(    (    s4   /usr/local/www/apache22/data/stuff/sql/lib/common.pyt
   urlReplace/   s    c         C   s”   d |  i  i j o |  i  i i d ƒ \ } } nY |  i  i o2 d } | d 7} | d 7} |  i i | ƒ d Sn d } | d 7} t | ‚ | | f S(	   sp   
        This method checks if the target has parameters then split the
        url from its parameters
        t   ?s"   the target url has not parameters s"   so it is not possible to test SQL s%   injection on it, skipping to next urls#   you did not provide the parameters s   in the target urlN(   NN(   R   R   t   splitt
   googleDorkR   t   warnt   Nonet	   Exception(   R   R   R   t   warnMsgt   errMsg(    (    s4   /usr/local/www/apache22/data/stuff/sql/lib/common.pyt   roughParameters>   s    


	c   	      C   sº  h  } x” | i  d ƒ D]ƒ } | i  d ƒ } t | ƒ d j o[ | d } |  i i } | | |  i i j O} | o# | d } | o | | | <q• q™ q q W|  i i o‘ | o‰ t |  i i ƒ d j o d } | d 7} n% |  i i d } d | } | d	 7} |  i i o | d
 7} |  i i | ƒ q¶t | ‚ n| t |  i i ƒ t | i ƒ  ƒ j oV xS |  i i D]A } | | i ƒ  j o( d | } | d	 7} |  i i | ƒ qmqmWn | S(   st   
        This method split the parameter names from their value and save
        the data into a dictionary
        t   &t   =i   i    i   s%   the testable parameters you provided s   are not into the target urls   the testable parameter '%s' s'   you provided is not into the target urls   , skipping to next url(	   R   t   lenR   t   urlParameterR   R   R   R    t   keys(	   R   R   t   testableParamst   elementt   elemR   t	   conditionR   R!   (    (    s4   /usr/local/www/apache22/data/stuff/sql/lib/common.pyt	   paramDictU   s>     




% 

c         C   sy   | } t  | ƒ d j o d | SnQ t  | ƒ d j o d | | d f Sn( x | D] } | d | 7} qU W| d  Sd S(   sG   
        This method format the remote DBMS fingerprint output
        i    s   %si   s   %s %ss    %s andiüÿÿÿN(   R&   (   R   t   dbmst   fingerprintt   fpR   (    (    s4   /usr/local/www/apache22/data/stuff/sql/lib/common.pyt   parseFpƒ   s     (
   t   __name__t
   __module__t   __doc__R   t   FalseR   R   R#   R-   R1   (    (    (    s4   /usr/local/www/apache22/data/stuff/sql/lib/common.pyR      s   			.(   R   t   lib.algorithmR    t   versionR   (    (    (    s4   /usr/local/www/apache22/data/stuff/sql/lib/common.pys   <module>   s   