sqlmapproject · tanaydin · Mar 28, 2025
diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
@@ -158,7 +158,7 @@ ab70028ea7e47484486b88354ed9ef648aac08ccba74a9507e5a401067f13997  extra/shutils/
 df768bcb9838dc6c46dab9b4a877056cb4742bd6cfaaf438c4a3712c5cc0d264  extra/shutils/recloak.sh
 1972990a67caf2d0231eacf60e211acf545d9d0beeb3c145a49ba33d5d491b3f  extra/shutils/strip.sh
 1d6e741e19e467650dce2ca84aa824d6df68ff74aedbe4afa8dbdb0193d94918  extra/vulnserver/__init__.py
-9fb22b629ffb69d9643230f7bea50b0ad25836058647a3b2e88a1e254aa3ce74  extra/vulnserver/vulnserver.py
+3cdb41840cd2eb18a58a3d7cd1b8244ec583eeadafe8b4f8c5a106026c0d9673  extra/vulnserver/vulnserver.py
 66d14fc303b061ccf983bf3ff84b5e1345c4fe643b662fbc5ec1a924d6415aee  lib/controller/action.py
 f0a3c3a555920b7e9321c234b54718e3d70f8ca33a8560a389c3b981e98c1585  lib/controller/checks.py
 d7b1d29dfa0e4818553259984602410b14c60803cae9c9bb7b249ed7ad71a3f6  lib/controller/controller.py

diff --git a/extra/vulnserver/vulnserver.py b/extra/vulnserver/vulnserver.py
@@ -11,6 +11,7 @@
 
 import base64
 import json
+import os
 import re
 import sqlite3
 import sys
@@ -19,7 +20,7 @@
 
 PY3 = sys.version_info >= (3, 0)
 UNICODE_ENCODING = "utf-8"
-DEBUG = False
+DEBUG = os.getenv('VULN_SERVER_DEBUG', '').lower() in ('true', '1', 'yes', 'on')
 
 if PY3:
     from http.client import INTERNAL_SERVER_ERROR
@@ -82,12 +83,17 @@ def _(*args, **kwargs):
 
         print = _
 
+def debug_print(msg):
+    if DEBUG:
+        print("[DEBUG] %s" % msg)
+
 class ThreadingServer(ThreadingMixIn, HTTPServer):
     def finish_request(self, *args, **kwargs):
         try:
             HTTPServer.finish_request(self, *args, **kwargs)
         except Exception:
             if DEBUG:
+                debug_print("Error in finish_request:")
                 traceback.print_exc()
 
 class ReqHandler(BaseHTTPRequestHandler):
@@ -144,19 +150,26 @@ def do_REQUEST(self):
                 try:
                     if self.params.get("echo", ""):
                         output += "%s<br>" % self.params["echo"]
+                        debug_print("Echo parameter: %s" % self.params["echo"])
 
                     if self.params.get("reflect", ""):
                         output += "%s<br>" % self.params.get("id")
+                        debug_print("Reflect parameter: %s" % self.params.get("id"))
 
                     with _lock:
                         if "query" in self.params:
+                            debug_print("Executing query: %s" % self.params["query"])
                             _cursor.execute(self.params["query"])
                         elif "id" in self.params:
                             if "base64" in self.params:
-                                _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % base64.b64decode("%s===" % self.params["id"], altchars=self.params.get("altchars")).decode())
+                                decoded_id = base64.b64decode("%s===" % self.params["id"], altchars=self.params.get("altchars")).decode()
+                                debug_print("Decoded base64 ID: %s" % decoded_id)
+                                _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % decoded_id)
                             else:
+                                debug_print("Executing query with ID: %s" % self.params["id"])
                                 _cursor.execute("SELECT * FROM users WHERE id=%s LIMIT 0, 1" % self.params["id"])
                         results = _cursor.fetchall()
+                        debug_print("Query results: %s" % results)
 
                     output += "<b>SQL results:</b><br>\n"
 
@@ -180,7 +193,9 @@ def do_REQUEST(self):
                     output += "</body></html>"
                 except Exception as ex:
                     code = INTERNAL_SERVER_ERROR
-                    output = "%s: %s" % (re.search(r"'([^']+)'", str(type(ex))).group(1), ex)
+                    error_msg = "%s: %s" % (re.search(r"'([^']+)'", str(type(ex))).group(1), ex)
+                    debug_print("Error occurred: %s" % error_msg)
+                    output = error_msg
 
                 self.send_response(code)
 
@@ -213,7 +228,9 @@ def do_POST(self):
             data = self.rfile.read(length)
             data = unquote_plus(data.decode(UNICODE_ENCODING, "ignore"))
             self.data = data
+            debug_print("Received POST data: %s" % data)
         elif self.headers.get("Transfer-encoding") == "chunked":
+            debug_print("Processing chunked transfer encoding")
             data, line = b"", b""
             count = 0
 
@@ -243,13 +260,16 @@ def run(address=LISTEN_ADDRESS, port=LISTEN_PORT):
     try:
         _alive = True
         _server = ThreadingServer((address, port), ReqHandler)
+        debug_print("Initializing server at 'http://%s:%d'" % (address, port))
         print("[i] running HTTP server at 'http://%s:%d'" % (address, port))
         _server.serve_forever()
     except KeyboardInterrupt:
+        debug_print("Received keyboard interrupt")
         _server.socket.close()
         raise
     finally:
         _alive = False
+        debug_print("Server stopped")
 
 if __name__ == "__main__":
     try: