³ò ‰ŸFc@sGddkZddkZddkZddkZddd„ƒYZdS(iÿÿÿÿNtResumecBs,eZdZd„Zdd„Zd„ZRS(sx This class defines methods used to resume a blind SQL injection output value @author: Bernardo Damele cCs||_tidƒ|_dS(Nt sqlmapLog(targstloggingt getLoggertlogger(tselfR((s4/usr/local/www/apache22/data/stuff/sql/lib/resume.pyt__init__s cCsK|i|ƒ}|iddƒiddƒ}|djotid|tiƒpt|ƒdjodSn|iipdSnd|iijod }d } nGd |iijod }d } n$d |iijod}d} n|ii o.t i i dt idƒƒt i iƒn|djo|i|||dƒ} n ||} |i|| tƒ\} } | pdSnt|ƒt| ƒjo6d|ii} | d|7} |ii| ƒ|Sntt|ƒt| ƒjoZd|ii} | d|7} |ii| ƒ|iio:|iii d|ii||fƒ|iiiƒn|djo6|i|| |t|ƒdt| ƒfdƒ} n$| |t|ƒdt| ƒf} |i|| ƒ\} }t|ƒt| ƒt|ƒjo2d}|d7}|d7}|ii|ƒdSnd||fSndS(s This method is the effective resume of the pending part or entire output of a blind SQL injection query t __NEWLINE__s t__TAB__s tSELECTs\A(COUNT|LTRIM)\(itMySQLs LENGTH(%s)sMID((%s), %d, %d)t PostgreSQLsSUBSTR((%s), %d, %d)sMicrosoft SQL ServersLTRIM(STR(LEN(%s)))sSUBSTRING((%s), %d, %d)s+[%s] [INFO] retrieved the length of query: s%Xsread from file '%s': s%ssresumed from file '%s': s %s][%s][%ss%the total length of the query is not s'right, sqlmap is going to retrieve the s"query value from the beginning nows%s%sN(tunescapetreplacetretsearchtItlentNoneRt fingerprinttverbosetsyststdouttwritettimetstrftimetflushtbisectionAlgorithmtFalsetintt outputFileRtinfot writeFileturltwarn(RtorigExprtregExprt resumedValuetbaseUrltmethodtorigExprUnescapedtresumedValueReplacedt firstDbStrt secondDbStrtnewExprtcounttlengthtlogMsgt finalValuetwarnMsg((s4/usr/local/www/apache22/data/stuff/sql/lib/resume.pyt__effectiveResumeValues`9        & 6##  cCsø|ii|ii|}tid|tiƒ}tid|tiƒ}tid|tiƒ}|p|oS|o|iƒd}n|o|iƒd}n|i||||dƒSn2|o*|iƒd}|i||||ƒSndS(s„ This method is called by request.getValue() to resume part or entire output of a blind SQL injection query s5\ASELECT TOP\s+[\d]+\s+([\w\-\_'"\,\;\(\)\@\ ]+) FROMs'\ASELECT ([\w\-\_'"\,\;\(\)\@\ ]+) FROMs\A(.+)iR N( RtresumedQueriesR"RRRtgroupst_Resume__effectiveResumeValueR(Rt expressionR'R&t selectTopExprt selectExprtmiscExpr((s4/usr/local/www/apache22/data/stuff/sql/lib/resume.pyt resumeValueasN(t__name__t __module__t__doc__RRR6R;(((s4/usr/local/www/apache22/data/stuff/sql/lib/resume.pyR s  J((RRRRR(((s4/usr/local/www/apache22/data/stuff/sql/lib/resume.pyss