³ò ‰ŸFc @sfddkZddkZddkZddkZddkZddklZdefd„ƒYZdS(iÿÿÿÿN(tResumetRequestcBs;eZdZd„Zd„Zd„Zd„Zd„ZRS(s` This class defines methods used to perform HTTP requests @author: Bernardo Damele cCs#tidƒ|_tidƒdS(Nt sqlmapLogi(tloggingt getLoggertloggertsockettsetdefaulttimeout(tself((s5/usr/local/www/apache22/data/stuff/sql/lib/request.pyt__init__scCsGhdd<dd<dd<dd<d d <d d <d d<dd<dd<dd<dd<dd<dd<dd<dd<dd <d!d"<d#d$<d%d&<d'd(<d)d*<d+d,<d-d.<d/d0<d1d2<d3d4<d5d6<d7d8<d9d:<d;d<<}x,|iƒD]\}}|i||ƒ}q!W|S(=s This method encodes and returns the url parameters special characters in their corresponding HTML hexadecimal value s%20t s%21t!s%22t"s%23t#s%24t$s%27t's%28t(s%29t)s%2At*s%2Bt+s%2Ct,s%2Dt-s%2Et.s%2Ft/s%3At:s%3Bt;s%3Cts%3Ft?s%40t@s%5Bt[s%5Cs\s%5Dt]s%5Et^s%5Ft_s%60t`s%7Bt{s%7Ct|s%7Dt}s%7Et~(titemstreplace(RtparamstcharListtchartencChar((s5/usr/local/www/apache22/data/stuff/sql/lib/request.pyt encodeParamss$$$$$$$ cCs>d|}|ii|ƒ|iddƒ\}}|i|ƒ}d||f}yt|iidjoti|ƒ}n?|iidjo+|idƒ\}}ti||ƒ}n|iƒ}Wnrti j o}|iƒ}nPd}|ii o"|d7}|ii |ƒd Sq:|d 7}t |‚nX|S( sq This method connects to the target url or proxy and returns the target url page content srequesting url: %sRis%s?%stGETtPOSTs#unable to connect to the target urls, skipping to next urls or proxyN(RtdebugtsplitR-targst httpMethodturllib2turlopentreadt HTTPErrort googleDorktwarntNonet Exception(RturltdebugMsgR)tconntpagetetwarnMsg((s5/usr/local/www/apache22/data/stuff/sql/lib/request.pytgetPage1s.     cCsV|i|ƒ}|iipti|ƒiƒSn |ii|jotSntSdS(sé This method calls self.getPage() function to get the target url page content and returns its page MD5 hash or a boolean value in case of string match check ('--string' command line parameter) N(RBR2tstringtmd5tnewt hexdigesttTruetFalse(RR<R?((s5/usr/local/www/apache22/data/stuff/sql/lib/request.pyt queryPageWs  c Cs}d|}|ii|ƒtiƒ}|i|ƒ}|iƒ}|id|ƒ}|iio‡|ii|iii ƒjod||ii|iii ƒjo=|i ||ƒ}|o |i ddƒi ddƒSqßqãqçn|ii o7|ii i d|ii|fƒ|ii iƒn|i||ƒ\}}ttiƒ|ƒ} d|| f}|ii|ƒ|S( s# This method retrieves the output of a SQL statement character by character taking advantage of a blind SQL injection vulnerability on the afftected url parameter. The algorithm used is a bisection algorithm defined into algorithm.Algorithm() s query: %stnewValuet __NEWLINE__s t__TAB__s s%s][%s][s"performed %d queries in %d seconds(Rtinfottimetunescapet createStmt urlReplaceR2tresumedQueriesR<tkeyst resumeValueR(t writeFiletwritetflushtbisectionAlgorithmtint( Rt expressiontlogMsgtstarttexpressionUnescapedtevilStmtbaseUrltvaluetcounttduration((s5/usr/local/www/apache22/data/stuff/sql/lib/request.pytgetValueis(    #, #(t__name__t __module__t__doc__R R-RBRIRc(((s5/usr/local/www/apache22/data/stuff/sql/lib/request.pyR s    & (RRDRR4RNt lib.resumeRR(((s5/usr/local/www/apache22/data/stuff/sql/lib/request.pyss