Skip to content

Commit

Permalink
Fixes #952
Browse files Browse the repository at this point in the history
  • Loading branch information
stasinopoulos committed Oct 10, 2024
1 parent a319b99 commit 9fc625e
Show file tree
Hide file tree
Showing 7 changed files with 43 additions and 35 deletions.
2 changes: 1 addition & 1 deletion src/core/tamper/base64encode.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
settings.TAMPER_SCRIPTS[__tamper__] = True

def tamper(payload):
if settings.WHITESPACES[0] == "+":
if len(settings.WHITESPACES) != 0 and settings.WHITESPACES[0] == _urllib.parse.quote_plus(settings.SINGLE_WHITESPACE):
err_msg = "Tamper script '" + __tamper__ + "' is unlikely to work combined with the tamper script 'space2plus'."
if settings.VERBOSITY_LEVEL == 0:
settings.print_data_to_stdout(settings.SINGLE_WHITESPACE)
Expand Down
2 changes: 1 addition & 1 deletion src/core/tamper/hexencode.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
settings.TAMPER_SCRIPTS[__tamper__] = True

def tamper(payload):
if settings.WHITESPACES[0] == "+":
if len(settings.WHITESPACES) != 0 and settings.WHITESPACES[0] == _urllib.parse.quote_plus(settings.SINGLE_WHITESPACE):
err_msg = "Tamper script '" + __tamper__ + "' is unlikely to work combined with the tamper script 'space2plus'."
if settings.VERBOSITY_LEVEL == 0:
settings.print_data_to_stdout(settings.SINGLE_WHITESPACE)
Expand Down
10 changes: 6 additions & 4 deletions src/core/tamper/space2htab.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
"""

from src.utils import settings
from src.thirdparty.six.moves import urllib as _urllib

"""
About: Replaces space character ('%20') with horizontal tab ('%09')
Expand All @@ -28,10 +29,11 @@

def tamper(payload):
settings.TAMPER_SCRIPTS[__tamper__] = True
if settings.WHITESPACES[0] == "%20":
settings.WHITESPACES[0] = space2htab
elif space2htab not in settings.WHITESPACES:
settings.WHITESPACES.append(space2htab)
if len(settings.WHITESPACES) != 0:
if settings.WHITESPACES[0] == _urllib.parse.quote(settings.SINGLE_WHITESPACE):
settings.WHITESPACES[0] = space2htab
elif space2htab not in settings.WHITESPACES:
settings.WHITESPACES.append(space2htab)
return payload

# eof
23 changes: 12 additions & 11 deletions src/core/tamper/space2ifs.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
"""

from src.utils import settings
from src.thirdparty.six.moves import urllib as _urllib

"""
About: Replaces space character ('%20') with the internal field separator ('$IFS').
Expand All @@ -29,18 +30,18 @@
settings.TAMPER_SCRIPTS[__tamper__] = True

def tamper(payload):
if space2ifs in settings.WHITESPACES[0] and \
settings.EVAL_BASED_STATE != False:
settings.WHITESPACES[0] = space2ifs
if settings.TARGET_OS != settings.OS.WINDOWS:
settings.TAMPER_SCRIPTS[__tamper__] = True
if settings.WHITESPACES[0] == "%20":
if len(settings.WHITESPACES) != 0:
if space2ifs in settings.WHITESPACES[0] and settings.EVAL_BASED_STATE != False:
settings.WHITESPACES[0] = space2ifs
elif space2ifs not in settings.WHITESPACES:
settings.WHITESPACES.append(space2ifs)
else:
if space2ifs in settings.WHITESPACES:
settings.WHITESPACES.remove(space2ifs)
if settings.TARGET_OS != settings.OS.WINDOWS:
settings.TAMPER_SCRIPTS[__tamper__] = True
if settings.WHITESPACES[0] == _urllib.parse.quote(settings.SINGLE_WHITESPACE):
settings.WHITESPACES[0] = space2ifs
elif space2ifs not in settings.WHITESPACES:
settings.WHITESPACES.append(space2ifs)
else:
if space2ifs in settings.WHITESPACES:
settings.WHITESPACES.remove(space2ifs)
return payload

# eof
12 changes: 7 additions & 5 deletions src/core/tamper/space2plus.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,24 +14,26 @@
"""

from src.utils import settings
from src.thirdparty.six.moves import urllib as _urllib

"""
About: Replaces space character ('%20') with plus ('+').
Notes: This tamper script works against all targets.
"""

__tamper__ = "space2plus"
space2plus = "+"
space2plus = _urllib.parse.quote_plus(settings.SINGLE_WHITESPACE)

if not settings.TAMPER_SCRIPTS[__tamper__]:
settings.TAMPER_SCRIPTS[__tamper__] = True

def tamper(payload):
settings.TAMPER_SCRIPTS[__tamper__] = True
if settings.WHITESPACES[0] == "%20":
settings.WHITESPACES[0] = space2plus
elif space2plus not in settings.WHITESPACES:
settings.WHITESPACES.append(space2plus)
if len(settings.WHITESPACES) != 0:
if settings.WHITESPACES[0] == _urllib.parse.quote(settings.SINGLE_WHITESPACE):
settings.WHITESPACES[0] = space2plus
elif space2plus not in settings.WHITESPACES:
settings.WHITESPACES.append(space2plus)
return payload

# eof
20 changes: 11 additions & 9 deletions src/core/tamper/space2vtab.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
"""

from src.utils import settings
from src.thirdparty.six.moves import urllib as _urllib

"""
About: Replaces space character ('%20') with vertical tab ('%0b').
Expand All @@ -27,15 +28,16 @@
settings.TAMPER_SCRIPTS[__tamper__] = True

def tamper(payload):
if settings.TARGET_OS == settings.OS.WINDOWS:
settings.TAMPER_SCRIPTS[__tamper__] = True
if settings.WHITESPACES[0] == "%20":
settings.WHITESPACES[0] = space2vtab
elif space2vtab not in settings.WHITESPACES:
settings.WHITESPACES.append(space2vtab)
else:
if space2vtab in settings.WHITESPACES:
settings.WHITESPACES.remove(space2vtab)
if len(settings.WHITESPACES) != 0:
if settings.TARGET_OS == settings.OS.WINDOWS:
settings.TAMPER_SCRIPTS[__tamper__] = True
if settings.WHITESPACES[0] == _urllib.parse.quote(settings.SINGLE_WHITESPACE):
settings.WHITESPACES[0] = space2vtab
elif space2vtab not in settings.WHITESPACES:
settings.WHITESPACES.append(space2vtab)
else:
if space2vtab in settings.WHITESPACES:
settings.WHITESPACES.remove(space2vtab)
return payload

# eof
9 changes: 5 additions & 4 deletions src/utils/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,7 @@ def sys_argv_errors():
DESCRIPTION = "The command injection exploiter"
AUTHOR = "Anastasios Stasinopoulos"
VERSION_NUM = "4.0"
REVISION = "98"
REVISION = "99"
STABLE_RELEASE = False
VERSION = "v"
if STABLE_RELEASE:
Expand Down Expand Up @@ -549,11 +549,12 @@ class OS(object):
# Raw payload (without tampering)
RAW_PAYLOAD = ""

# The default (url-ecoded) white-space.
WHITESPACES = ["%20"]

# Single whitespace
SINGLE_WHITESPACE = " "

# The default (url-ecoded) white-space.
WHITESPACES = [_urllib.parse.quote(SINGLE_WHITESPACE)]

# Reference: http://www.w3.org/Protocols/HTTP/Object_Headers.html#uri
URI_HTTP_HEADER = "URI"

Expand Down

0 comments on commit 9fc625e

Please sign in to comment.