sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #1303

Browse Source
This commit is contained in:
Miroslav Stampar 2015-07-17 10:14:35 +02:00
parent 49212ec920
commit 00f190fc92
3 changed files with 37 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/controller/controller.py
View File

@ -430,6 +430,9 @@ def start():
if skip: if skip:
continue continue
if kb.testOnlyCustom and place not in (PLACE.URI, PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
continue
if place not in conf.paramDict: if place not in conf.paramDict:
continue continue

1
lib/core/option.py
View File

@ -1864,6 +1864,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.technique = None kb.technique = None
kb.tempDir = None kb.tempDir = None
kb.testMode = False kb.testMode = False
kb.testOnlyCustom = False
kb.testQueryCount = 0 kb.testQueryCount = 0
kb.testType = None kb.testType = None
kb.threadContinue = True kb.threadContinue = True

80
lib/core/target.py
View File

@ -80,7 +80,6 @@ def _setRequestParams():
return return
testableParameters = False testableParameters = False
skipHeaders = False
# Perform checks on GET parameters # Perform checks on GET parameters
if conf.parameters.get(PLACE.GET): if conf.parameters.get(PLACE.GET):
@ -125,16 +124,7 @@ def _setRequestParams():
kb.processUserMarks = not test or test[0] not in ("n", "N") kb.processUserMarks = not test or test[0] not in ("n", "N")
if kb.processUserMarks: if kb.processUserMarks:
skipHeaders = True kb.testOnlyCustom = True
conf.parameters.clear()
conf.paramDict.clear()
if "=%s" % CUSTOM_INJECTION_MARK_CHAR in conf.data:
warnMsg = "it seems that you've provided empty parameter value(s) "
warnMsg += "for testing. Please, always use only valid parameter values "
warnMsg += "so sqlmap could be able to run properly"
logger.warn(warnMsg)
if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data): if not (kb.processUserMarks and CUSTOM_INJECTION_MARK_CHAR in conf.data):
if re.search(JSON_RECOGNITION_REGEX, conf.data): if re.search(JSON_RECOGNITION_REGEX, conf.data):
@ -249,10 +239,7 @@ def _setRequestParams():
kb.processUserMarks = not test or test[0] not in ("n", "N") kb.processUserMarks = not test or test[0] not in ("n", "N")
if kb.processUserMarks: if kb.processUserMarks:
skipHeaders = True kb.testOnlyCustom = True
conf.parameters.clear()
conf.paramDict.clear()
if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _: if "=%s" % CUSTOM_INJECTION_MARK_CHAR in _:
warnMsg = "it seems that you've provided empty parameter value(s) " warnMsg = "it seems that you've provided empty parameter value(s) "
@ -317,50 +304,49 @@ def _setRequestParams():
if conf.get(item): if conf.get(item):
conf[item] = conf[item].replace(CUSTOM_INJECTION_MARK_CHAR, "") conf[item] = conf[item].replace(CUSTOM_INJECTION_MARK_CHAR, "")
if not skipHeaders: # Perform checks on Cookie parameters
# Perform checks on Cookie parameters if conf.cookie:
if conf.cookie: conf.parameters[PLACE.COOKIE] = conf.cookie
conf.parameters[PLACE.COOKIE] = conf.cookie paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
paramDict = paramToDict(PLACE.COOKIE, conf.cookie)
if paramDict: if paramDict:
conf.paramDict[PLACE.COOKIE] = paramDict conf.paramDict[PLACE.COOKIE] = paramDict
testableParameters = True testableParameters = True
# Perform checks on header values # Perform checks on header values
if conf.httpHeaders: if conf.httpHeaders:
for httpHeader, headerValue in conf.httpHeaders: for httpHeader, headerValue in conf.httpHeaders:
# Url encoding of the header values should be avoided # Url encoding of the header values should be avoided
# Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value
httpHeader = httpHeader.title() httpHeader = httpHeader.title()
if httpHeader == HTTP_HEADER.USER_AGENT: if httpHeader == HTTP_HEADER.USER_AGENT:
conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue) conf.parameters[PLACE.USER_AGENT] = urldecode(headerValue)
condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES))) condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES)))
if condition: if condition:
conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue} conf.paramDict[PLACE.USER_AGENT] = {PLACE.USER_AGENT: headerValue}
testableParameters = True testableParameters = True
elif httpHeader == HTTP_HEADER.REFERER: elif httpHeader == HTTP_HEADER.REFERER:
conf.parameters[PLACE.REFERER] = urldecode(headerValue) conf.parameters[PLACE.REFERER] = urldecode(headerValue)
condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES))) condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES)))
if condition: if condition:
conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue} conf.paramDict[PLACE.REFERER] = {PLACE.REFERER: headerValue}
testableParameters = True testableParameters = True
elif httpHeader == HTTP_HEADER.HOST: elif httpHeader == HTTP_HEADER.HOST:
conf.parameters[PLACE.HOST] = urldecode(headerValue) conf.parameters[PLACE.HOST] = urldecode(headerValue)
condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES))) condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))
if condition: if condition:
conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue} conf.paramDict[PLACE.HOST] = {PLACE.HOST: headerValue}
testableParameters = True testableParameters = True
if not conf.parameters: if not conf.parameters:
errMsg = "you did not provide any GET, POST and Cookie " errMsg = "you did not provide any GET, POST and Cookie "